none
Please tell me the possibility that Irp will be zero. RRS feed

  • Question

  • For the last few months I have struggled with various BSODs of a system. The system is a custom PCI board. The cause of BSOD is always the same, it is a symptom that Irp (Request) becomes zero suddenly while the driver is running. I do not use Cancel routines.

    And in today's dump research, I found that Irp had a zero problem in the KMDF's Irp handler before entering my driver. "pIrp" is zero at line 3238 of fxioqueue.cpp as below.

    https://github.com/Microsoft/Windows-Driver-Frameworks/blob/master/src/framework/shared/irphandlers/io/fxioqueue.cpp#L3238

    3236:    hRequest = pRequest->GetHandle();
    3237:
    3238:    UCHAR majorFunction = pIrp->GetMajorFunction();
    Please let me know if you have any tips for solving this problem.

    Wednesday, March 13, 2019 1:01 PM

All replies

  • Please post the output of !analyze -v. Sending a null irp is not allowed, so the caller sending the irp may be important. Also, you can’t quite trust source line debugging in an optimized release binary. The linker/optimizer is allowed to rearrange code and registers and the PDB doesn’t always reflect these optimizations. You might have to track the irp value by stepping through the function and keeping track of the registers yourself

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, March 13, 2019 2:04 PM
  • Thanks Doron, This is the malformed mini dump from our customer.

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80e62029827, Address of the instruction which caused the bugcheck
    Arg3: ffffdf082ccbeac0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
    
    STACKHASH_ANALYSIS: 1
    
    TIMELINE_ANALYSIS: 1
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434
    
    SYSTEM_MANUFACTURER:  Dell Inc.
    
    SYSTEM_PRODUCT_NAME:  Precision Tower 5810
    
    SYSTEM_SKU:  0617
    
    BIOS_VENDOR:  Dell Inc.
    
    BIOS_VERSION:  A29
    
    BIOS_DATE:  12/13/2018
    
    BASEBOARD_MANUFACTURER:  Dell Inc.
    
    BASEBOARD_PRODUCT:  0HHV7N
    
    BASEBOARD_VERSION:  A00
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: c0000005
    
    BUGCHECK_P2: fffff80e62029827
    
    BUGCHECK_P3: ffffdf082ccbeac0
    
    BUGCHECK_P4: 0
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    FAULTING_IP: 
    Wdf01000!FxIoQueue::DispatchRequestToDriver+b7 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3238]
    fffff80e`62029827 488b88b8000000  mov     rcx,qword ptr [rax+0B8h]
    
    CONTEXT:  ffffdf082ccbeac0 -- (.cxr 0xffffdf082ccbeac0)
    rax=0000000000000000 rbx=ffff8c0dd988b9b0 rcx=0000000000000001
    rdx=0000000000000170 rsi=ffff8c0dd31e8830 rdi=ffff8c0dcafb78b0
    rip=fffff80e62029827 rsp=ffffdf082ccbf4b0 rbp=ffffdf082ccbf5c9
     r8=ffff8c0dd96edbe0  r9=fffff80e620ba5b8 r10=ffff8c0dca32c1f0
    r11=ffff8c0dd988b9a0 r12=0000000000000000 r13=0000000000000002
    r14=0000000000000000 r15=000073f226774648
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
    Wdf01000!FxIrp::GetMajorFunction+0x7 [inlined in Wdf01000!FxIoQueue::DispatchRequestToDriver+0xb7]:
    fffff80e`62029827 488b88b8000000  mov     rcx,qword ptr [rax+0B8h] ds:002b:00000000`000000b8=????????????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: c15
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 4f
    
    CPU_STEPPING: 1
    
    CPU_MICROCODE: 6,4f,1,0 (F,M,S,R)  SIG: B00002E'00000000 (cache) B00002E'00000000 (init)
    
    BLACKBOXBSD: 1 (!blackboxbsd)
    
    
    BLACKBOXPNP: 1 (!blackboxpnp)
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  0x3B
    
    PROCESS_NAME:  MeiPc.exe
    
    CURRENT_IRQL:  0
    
    ANALYSIS_SESSION_HOST:  RIE
    
    ANALYSIS_SESSION_TIME:  03-14-2019 05:05:07.0462
    
    ANALYSIS_VERSION: 10.0.17763.1 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80e62029297 to fffff80e62029827
    
    STACK_TEXT:  
    ffffdf08`2ccbf4b0 fffff80e`62029297 : ffff8c0d`d31e8a50 ffff8c0d`cafb78b0 ffffdf08`2ccbf5f1 fffff805`3b82f557 : Wdf01000!FxIoQueue::DispatchRequestToDriver+0xb7 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3238] 
    ffffdf08`2ccbf550 fffff80e`620274e2 : ffff8c0d`cafb78b0 ffff8c0d`d31c5600 00000000`00000000 fffff805`3b6c217b : Wdf01000!FxIoQueue::DispatchEvents+0x617 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3125] 
    ffffdf08`2ccbf630 fffff80e`62026f8d : ffff8c0d`d31c5650 ffff8c0d`e151b200 ffff8c0d`d988b9b0 ffff8c0d`d8fe9101 : Wdf01000!FxPkgIo::DispatchStep1+0x542 [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 324] 
    ffffdf08`2ccbf6f0 fffff80e`62021b73 : ffff8c0d`e151b290 ffff8c0d`e151b290 00000000`00000000 fffff805`3b7c1186 : Wdf01000!FxPkgIo::Dispatch+0x5d [minkernel\wdf\framework\shared\irphandlers\io\fxpkgio.cpp @ 119] 
    ffffdf08`2ccbf750 fffff805`3b6bf0d9 : ffff8c0d`d9a46bb0 00000000`00000001 00000000`00000000 00000000`00000002 : Wdf01000!FxDevice::DispatchWithLock+0x113 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430] 
    ffffdf08`2ccbf7b0 fffff805`3bc7a721 : ffffdf08`2ccbfb40 ffff8c0d`e151b290 00000000`00000001 ffff8c0d`d9a46bb0 : nt!IofCallDriver+0x59
    ffffdf08`2ccbf7f0 fffff805`3bca569a : ffff8c0d`00000005 ffff8c0d`e151b290 ffffdf08`20206f49 ffffdf08`2ccbfb40 : nt!IopSynchronousServiceTail+0x1b1
    ffffdf08`2ccbf8a0 fffff805`3bc322d6 : 00000000`00000082 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x68a
    ffffdf08`2ccbf9e0 fffff805`3b7cb785 : 00000000`00000000 ffff8c0d`d9a18c10 00000000`00000000 ffffcf09`6e0f3c00 : nt!NtDeviceIoControlFile+0x56
    ffffdf08`2ccbfa50 00000000`77331cbc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
    00000000`0328f2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77331cbc
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  38dd3db8bb6ecea79de05d00b128a8e723a856fe
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  101fd6a41e3b40b5515e38b2af1332663e4b1956
    
    THREAD_SHA1_HASH_MOD:  c26501866111b401d175981821f10243484a6e46
    
    FOLLOWUP_IP: 
    Wdf01000!FxIoQueue::DispatchRequestToDriver+b7 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 3238]
    fffff80e`62029827 488b88b8000000  mov     rcx,qword ptr [rax+0B8h]
    
    FAULT_INSTR_CODE:  b8888b48
    
    FAULTING_SOURCE_LINE:  minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp
    
    FAULTING_SOURCE_FILE:  minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp
    
    FAULTING_SOURCE_LINE_NUMBER:  3238
    
    FAULTING_SOURCE_CODE:  
    No source found for 'minkernel\wdf\framework\shared\inc\private\km\fxirpkm.hpp'
    
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  Wdf01000!FxIoQueue::DispatchRequestToDriver+b7
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: Wdf01000
    
    IMAGE_NAME:  Wdf01000.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    IMAGE_VERSION:  1.27.17763.132
    
    STACK_COMMAND:  .cxr 0xffffdf082ccbeac0 ; kb
    
    BUCKET_ID_FUNC_OFFSET:  b7
    
    FAILURE_BUCKET_ID:  0x3B_Wdf01000!FxIoQueue::DispatchRequestToDriver
    
    BUCKET_ID:  0x3B_Wdf01000!FxIoQueue::DispatchRequestToDriver
    
    PRIMARY_PROBLEM_CLASS:  0x3B_Wdf01000!FxIoQueue::DispatchRequestToDriver
    
    TARGET_TIME:  2019-03-07T10:33:52.000Z
    
    OSBUILD:  17763
    
    OSSERVICEPACK:  348
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  unknown_date
    
    BUILDDATESTAMP_STR:  180914-1434
    
    BUILDLAB_STR:  rs5_release
    
    BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434
    
    ANALYSIS_SESSION_ELAPSED_TIME:  2c7f
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x3b_wdf01000!fxioqueue::dispatchrequesttodriver
    
    FAILURE_ID_HASH:  {72a4981e-067e-b7cf-b2df-37feea2b6644}
    
    Followup:     MachineOwner
    ---------
    

    Wednesday, March 13, 2019 8:13 PM
  • what type of driver is this? pnp or not pnp ("legacy" style)?

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, March 13, 2019 9:39 PM
  • This is the legacy PCI board. As I assigned the PCI resources of Memory, Port, and Interrupt with WdfCmResourceListGetDescriptor(), I think it should be a PnP style.

    Note that the problem might come from another PCI boards, that were supplied power only from PCI. Those boards are connected to the legacy PCI board with external bus. I provided the pure legacy style "Dummy driver" for those another boards. It has no Memory, no Port, and no Interrupt.

    Thursday, March 14, 2019 2:45 AM
  • Is this a pure KMDF driver, or are you doing some mixed WDM/KMDF stuff?  Do you have an IRP "in process context" callback?  Do you have some weird filter drivers?

    Tim Roberts | Driver MVP Emeritus | Providenza &amp; Boekelheide, Inc.

    Thursday, March 14, 2019 6:37 AM
  • Thanks for asking, Tim.

    > Is this a pure KMDF driver, or are you doing some mixed WDM/KMDF stuff?

    pure KMDF driver for Windows 10 RS1 and later.

    > Do you have an IRP "in process context" callback?

    No.

    > Do you have some weird filter drivers?

    No.

    Thursday, March 14, 2019 12:51 PM