none
Getting BSOD on WdfObjectDelete() of WdfDeviceMiniportCreate() object RRS feed

  • Question

  • Hi

    This is my first post here and i am new to Windows device driver programming/kernel debugging.

    I am creating and unloading a WDF device in NDIS miniport driver to be able to query an interface created by lower WDF based bus driver's PDO as below

    DriverEntry() {

    ....

            WDF_DRIVER_CONFIG_INIT(&config, WDF_NO_EVENT_CALLBACK);

            config.DriverInitFlags |= WdfDriverInitNoDispatchOverride;

            status = WdfDriverCreate((PDRIVER_OBJECT)DriverObject, (PCUNICODE_STRING)RegistryPath, WDF_NO_OBJECT_ATTRIBUTES, &config, &hWdfDriver);

    ....

            Status = NdisMRegisterMiniportDriver(
                    DriverObject,
                    RegistryPath,
                    &GlobalData,
                    &MPChar,
                    &NdisDriverHandle);

    ....

    }


    MPInitializeEx() {

    ....

          NdisMGetDeviceProperty(
                    MiniportAdapterHandle,
                    &Adapter->Pdo,
                    &Adapter->Fdo,
                    &Adapter->NextDeviceObject,
                    &ResourcesRaw,                
                    &ResourcesTranslated);

            WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&fdoAttributes, WDF_DEVICE_INFO);

            status = WdfDeviceMiniportCreate(WdfGetDriver(), &fdoAttributes, &Adapter->Fdo, &Adapter->NextDeviceObject, &Adapter->Pdo, &Adapter->hWdfDevice);

            status = WdfFdoQueryForInterface((WDFDEVICE)(Adapter->hWdfDevice),
                &GUID_TOASTER_INTERFACE_STANDARD,        
                (PINTERFACE)&ToasterInterface,
                sizeof(TOASTER_INTERFACE_STANDARD),
                1,
                NULL);    // InterfaceSpecific Data

    ....

    }


    MPHaltEx() {

    ....

        NICFreeAdapter(Adapter);

    ....

    }

    NICFreeAdapter() {

    ....
        if (Adapter->hWdfDevice) {
            WdfObjectDelete(Adapter->hWdfDevice);    //WdfObjectDelete method deletes a framework object and its child objects.
            Adapter->hWdfDevice = NULL;
        }

        //
        // Finally free the memory for adapter context.
        //
        NdisFreeMemory(Adapter->UnalignedAdapterBuffer, Adapter->UnalignedAdapterBufferSize, 0);

    ....

    }


    DriverUnload(() {

    ....

        WdfDriverMiniportUnload(WdfGetDriver());

        //
        // Clean up all globals that were allocated in DriverEntry
        //

        ASSERT(IsListEmpty(&GlobalData.AdapterList));

        if (GlobalData.Flags & fGLOBAL_MINIPORT_REGISTERED)
        {
            //
            // Since DriverEntry has successfully called NdisMRegisterMiniportDriver,
            // NdisMDeregisterMiniportDriver must be called to release NDIS's per-driver
            // resources.
            //
            DbgPrint("Calling NdisMDeregisterMiniportDriver...\n");
            NdisMDeregisterMiniportDriver(NdisDriverHandle);
        }

    ....

    }


    Things related to framework driver and device creation & interface query are working well but on driver uninstallation/disabling from device manager i get BSOD/system crash with Reference_By_Pointer error.

    I have followed the NDIS virtual miniport and Toaster Bus samples. Also verified the framework object creation and unloading in usbnwifi sample but still am getting the system crash on driver unload. Any help would be appreciated.
    Friday, January 2, 2015 9:14 AM

All replies

  • provide the output of !analyze -v and make sure your driver and os symbols are correct (otherwise the output is useless)

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, January 2, 2015 7:48 PM
  • here is the valid part of my kernel dump


    ADDITIONAL_DEBUG_TEXT:  
    You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
    
    FAULTING_MODULE: fffff80003c18000 nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  54a6cf80
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    BUGCHECK_STR:  0x18
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80003c33e14 to fffff80003c8dbc0
    
    STACK_TEXT:  
    fffff880`03b7f0c8 fffff800`03c33e14 : 00000000`00000018 00000000`00000000 
    fffffa80`22669398 00000000`00000002 : nt!KeBugCheckEx
    fffff880`03b7f0d0 fffff880`00e69c6f : fffffa80`1a250000 fffffa80`21c0bc00 
    fffffa80`1a250020 fffffa80`21c0bc20 : nt!KeSetActualBasePriorityThread+0xfdc
    fffff880`03b7f130 fffff880`00e0cb63 : fffffa80`21c0bc00 fffffa80`1a250020 
    00000000`00000006 fffffa80`21c0bc00 : Wdf01000+0x69c6f
    fffff880`03b7f1a0 fffff880`00e123f6 : fffffa80`21c0bc00 00000000`00000000 
    0000057f`de3f4300 fffffa80`19913e01 : Wdf01000+0xcb63
    fffff880`03b7f220 fffff880`00e125ec : fffffa80`21c0bc00 00000000`00000000 
    00000000`00000000 00000000`00000000 : Wdf01000+0x123f6
    fffff880`03b7f280 fffff880`00e1479f : fffffa80`21c0bc00 00000000`00000000 
    0000057f`de3f43f8 fffffa80`1ffe9810 : Wdf01000+0x125ec
    fffff880`03b7f2e0 fffff880`07bb7436 : fffffa80`21c0bc00 00000000`00000006 
    00000000`00000000 00000000`00000000 : Wdf01000+0x1479f
    fffff880`03b7f340 fffff880`07bb68b1 : 0000057f`de3f43f8 fffffa80`22669380 
    00000000`6977444e 00000000`00000500 : netvmini620!WdfObjectDelete+0x36 
    [c:\program files (x86)\windows kits\8.1\include\wdf\kmdf\1.11\wdfobject.h @ 
    725]
    fffff880`03b7f380 fffff880`07bcbcdb : fffffa80`22669380 00000000`0000002d 
    00000000`00000065 00000000`00000003 : netvmini620!NICFreeAdapter+0x431 
    [d:\workfolders\noel\ndis virtual miniport driver\c++\adapter.c @ 1906]
    fffff880`03b7f3e0 fffff880`01cfad57 : fffffa80`22669380 00000000`00000000 
    fffffa80`2130f1a0 00000000`00160500 : netvmini620!MPHaltEx+0x1bb 
    [d:\workfolders\noel\ndis virtual miniport driver\c++\adapter.c @ 1041]
    fffff880`03b7f430 fffff880`01cfb308 : fffffa80`2130f101 fffffa80`0000007e 
    fffffa80`2012b3f0 fffffa80`1a3417c0 : ndis!NdisMRegisterMiniport+0x7b7
    fffff880`03b7f4d0 fffff880`01cfed6c : fffffa80`2130f1a0 00000000`00000000 
    fffff880`00000000 fffff880`01ca8100 : ndis!NdisMRegisterMiniport+0xd68
    fffff880`03b7f500 fffff880`01c97bc2 : fffffa80`2130f1a0 fffffa80`2130f1a0 
    fffffa80`2012b3f0 fffffa80`206aee10 : ndis!NdisDeregisterProtocol+0x173c
    fffff880`03b7f6a0 fffff880`01d01b69 : 00000000`00000000 fffffa80`2012b3f0 
    00000000`00000000 fffffa80`2130f1a0 : ndis!NdisFDeregisterFilterDriver+0x1402
    fffff880`03b7f6e0 fffff800`03efa121 : fffff8a0`117fee00 fffffa80`2130f050 
    fffff880`03b7f838 fffffa80`206aee10 : ndis!NdisIMInitializeDeviceInstance+0x619
    fffff880`03b7f780 fffff800`0407a3a1 : fffffa80`206aee10 00000000`00000000 
    fffffa80`20b1fd90 00000000`00000801 : nt!FsRtlNotifyVolumeEventEx+0x821
    fffff880`03b7f7f0 fffff800`03d90063 : fffff8a0`119fe730 fffff8a0`119fe730 
    00000000`00000015 00000000`00000000 : nt!ExCreateCallback+0x13e1
    fffff880`03b7f8b0 fffff800`04079ef4 : fffffa80`20b1fd90 00000000`00000000 
    00000000`00000002 fffffa80`206aee10 : nt!DbgSetDebugFilterState+0x1ba3
    fffff880`03b7f900 fffff800`0407a000 : 00000000`00000000 fffff8a0`11af2401 
    fffff8a0`11a9d5d0 ffffa57c`754662e0 : nt!ExCreateCallback+0xf34
    fffff880`03b7f930 fffff800`0410aee4 : 00000000`00000002 00000000`00000000 
    fffffa80`20b1fd90 fffff8a0`00000000 : nt!ExCreateCallback+0x1040
    fffff880`03b7f9a0 fffff800`0410b53c : fffff880`00000000 fffffa80`19aa9a00 
    fffffa80`1978a600 fffffa80`00000000 : nt!KeStartDynamicProcessor+0x13e4
    fffff880`03b7fae0 fffff800`03ff473e : 00000000`00000000 fffffa80`19aa9ad0 
    fffff8a0`11af24d0 00000000`00000000 : nt!KeStartDynamicProcessor+0x1a3c
    fffff880`03b7fb10 fffff800`03c97261 : fffff800`03ef8f88 fffff8a0`11af24d0 
    fffff800`03e332d8 fffff800`03e332d8 : nt!PsDereferenceKernelStack+0x3f36e
    fffff880`03b7fb70 fffff800`03f2a2ea : 00000000`00000000 fffffa80`1978a660 
    00000000`00000080 fffffa80`1973b350 : nt!KeReleaseInStackQueuedSpinLock+0x2f1
    fffff880`03b7fc00 fffff800`03c7e8e6 : fffff880`03989180 fffffa80`1978a660 
    fffff880`039940c0 00000000`00000000 : nt!PsCreateSystemThread+0x1e6
    fffff880`03b7fc40 00000000`00000000 : fffff880`03b80000 fffff880`03b7a000 
    fffff880`03b7f0e0 00000000`00000000 : nt!KeInitializeSemaphore+0x25a
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    netvmini620!WdfObjectDelete+36 [c:\program files (x86)\windows 
    kits\8.1\include\wdf\kmdf\1.11\wdfobject.h @ 725]
    fffff880`07bb7436 4883c438        add     rsp,38h
    
    FAULTING_SOURCE_LINE:  c:\program files (x86)\windows 
    kits\8.1\include\wdf\kmdf\1.11\wdfobject.h
    
    FAULTING_SOURCE_FILE:  c:\program files (x86)\windows 
    kits\8.1\include\wdf\kmdf\1.11\wdfobject.h
    
    FAULTING_SOURCE_LINE_NUMBER:  725
    
    FAULTING_SOURCE_CODE:  
       721:     WDFOBJECT Object
       722:     )
       723: {
       724:     ((PFN_WDFOBJECTDELETE) 
    WdfFunctions[WdfObjectDeleteTableIndex])(WdfDriverGlobals, Object);
    >  725: }
       726: 
       727: //
       728: // WDF Function: WdfObjectQuery
       729: //
       730: typedef
    
    
    SYMBOL_STACK_INDEX:  7
    
    SYMBOL_NAME:  netvmini620!WdfObjectDelete+36
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: netvmini620
    
    IMAGE_NAME:  netvmini620.sys
    
    BUCKET_ID:  WRONG_SYMBOLS
    
    FAILURE_BUCKET_ID:  WRONG_SYMBOLS
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:wrong_symbols
    
    FAILURE_ID_HASH:  {70b057e8-2462-896f-28e7-ac72d4d365f8}
    
    Followup: MachineOwner

    Friday, January 2, 2015 8:47 PM
  • fix your os symbols

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.


    Saturday, January 3, 2015 12:55 AM
  • can you tell how to get additional symbols?
    Monday, January 5, 2015 7:29 AM