none
Qualcomm Modem, Blue screen on Windows 10 enterprise version RRS feed

  • Question

  • Dear MS:

    use the Qualcomm 3G modem, install Qualcomm HS USB WWAN Adapter 9003 driver on windows 10 Enteripise version. When system go to sleep, the system crush dump.

    WinDbg analysis:

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ccae9745, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 813a579b, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000002, (reserved)

    Debugging Details:
    ------------------


    Could not read faulting driver name

    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  14393.0.x86fre.rs1_release.160715-1616

    SYSTEM_MANUFACTURER:  Default string

    SYSTEM_PRODUCT_NAME:  Default string

    SYSTEM_SKU:  CEC3C91D

    SYSTEM_VERSION:  Default string

    BIOS_VENDOR:  American Megatrends Inc.

    BIOS_VERSION:  5.11

    BIOS_DATE:  09/07/2016

    BASEBOARD_MANUFACTURER:  Techvision

    BASEBOARD_PRODUCT:  Cherry Trail CR

    BASEBOARD_VERSION:  Default string

    DUMP_TYPE:  2

    BUGCHECK_P1: ffffffffccae9745

    BUGCHECK_P2: 0

    BUGCHECK_P3: ffffffff813a579b

    BUGCHECK_P4: 2

    READ_ADDRESS: GetUlongPtrFromAddress: unable to read from 00000000
    GetPointerFromAddress: unable to read from 00000000
    GetPointerFromAddress: unable to read from 00000000
    GetUlongFromAddress: unable to read from 8128f9e8
     ccae9745 

    FAULTING_IP: 
    nt!VfMajorRegisterHandlers+28
    813a579b 8b448138        mov     eax,dword ptr [ecx+eax*4+38h]

    MM_INTERNAL_CODE:  2

    CPU_COUNT: 4

    CPU_MHZ: 5a0

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 4c

    CPU_STEPPING: 3

    CPU_MICROCODE: 7,0,1,0 (F,M,S,R)  SIG: 363'00000000 (cache) 8140EBB6'8140D980 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  AV

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    ANALYSIS_SESSION_HOST:  HUNTER-PC

    ANALYSIS_SESSION_TIME:  09-20-2016 19:51:40.0023

    ANALYSIS_VERSION: 10.0.10586.567 x86fre

    LOCK_ADDRESS:  812891e0 -- (!locks 812891e0)

    Resource @ nt!PiEngineLock (0x812891e0)    Available

    WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


    WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

    1 total locks

    PNP_TRIAGE: 
    Lock address  : 0x812891e0
    Thread Count  : 0
    Thread address: 0x00000000
    Thread wait   : 0x0

    LAST_CONTROL_TRANSFER:  from 8126194a to 8132ddf8

    STACK_TEXT:  
    b45bca50 8126194a 00000000 8126194a b45bcbd4 nt!RtlAllocateHeap+0x72d
    b45bcb38 8133f8cc 00000000 ccae9745 00000000 nt!PpDevNodeRemoveFromTree+0x2a
    b45bcbd4 813a579b badb0d00 01bc2d28 8142fc40 nt!CmpDoCreateChild+0x199
    b45bcca4 b3eb51a4 894fb000 894fb4a0 88af3ce0 nt!VfMajorRegisterHandlers+0x28
    b45bcd24 b3eb2ae9 89bb9508 00000000 88af3ce0 qcusbwwan!USBDSP_Dispatch+0xe8a [f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c @ 1925]
    b45bcd78 812c9192 014fb000 bea9f0f6 00000000 qcusbwwan!DispatchThread+0x3a9 [f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c @ 639]
    b45bcdb0 81340db5 b3eb2740 894fb000 00000000 nt!CmNotifyRunDown+0xb9
    b45bcde0 b45ba000 00000000 00000000 00000000 nt!PiControlMakeUserModeCallersCopy+0xd9
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    b45bcdfc 00000000 00000000 00000000 00000000 0xb45ba000


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  55dcc1c615581f457aedadc0a2781af384d92f3e

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  a860dd3a165c7d696eb7e3594c6e0c73f5fb5349

    THREAD_SHA1_HASH_MOD:  14eb2a419c87a64b919b6c495f55872d92a1eb6d

    FOLLOWUP_IP: 
    qcusbwwan!USBDSP_Dispatch+e8a [f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c @ 1925]
    b3eb51a4 eb7b            jmp     qcusbwwan!USBDSP_Enqueue+0x23 (b3eb5221)

    FAULT_INSTR_CODE:  23c7beb

    FAULTING_SOURCE_LINE:  f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c

    FAULTING_SOURCE_FILE:  f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c

    FAULTING_SOURCE_LINE_NUMBER:  1925

    FAULTING_SOURCE_CODE:  
      1921:       }  // INTERNAL_DEVICE_CONTROL
      1922: 
      1923:       case IRP_MJ_POWER:
      1924:       {
    > 1925:          QCPWR_PowrerManagement(pDevExt, Irp, irpStack);
      1926: 
      1927:          goto USBDSP_Dispatch_Done;
      1928:       
      1929:          break;
      1930:       }  // IRP_MJ_POWER


    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  qcusbwwan!USBDSP_Dispatch+e8a

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: qcusbwwan

    IMAGE_NAME:  qcusbwwan.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  57e0fb50

    BUCKET_ID_FUNC_OFFSET:  e8a

    FAILURE_BUCKET_ID:  AV_R_INVALID_qcusbwwan!USBDSP_Dispatch

    BUCKET_ID:  AV_R_INVALID_qcusbwwan!USBDSP_Dispatch

    PRIMARY_PROBLEM_CLASS:  AV_R_INVALID_qcusbwwan!USBDSP_Dispatch

    TARGET_TIME:  2016-09-20T11:41:04.000Z

    OSBUILD:  14393

    OSSERVICEPACK:  0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x86

    OSNAME:  Windows 10

    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2016-07-16 09:31:37

    BUILDDATESTAMP_STR:  160715-1616

    BUILDLAB_STR:  rs1_release

    BUILDOSVER_STR:  10.0.14393.0.x86fre.rs1_release.160715-1616

    ANALYSIS_SESSION_ELAPSED_TIME: 308

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:av_r_invalid_qcusbwwan!usbdsp_dispatch

    FAILURE_ID_HASH:  {d0a4a5f6-ed42-3e12-6094-ad5be482b1eb}

    Followup:     MachineOwner
    ---------

    what means? please give me some tips!!!

    Best Regards

    Tuesday, September 20, 2016 12:15 PM

Answers

  • This means: a bug found in a driver named "qcusbwwan", and you even seem to have its source. 

    The error is in file f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c, near line 1925.

    Fix the error, or contact the person who wrote this code.

    Regards,

    --pa

    Tuesday, September 20, 2016 1:19 PM

All replies

  • This means: a bug found in a driver named "qcusbwwan", and you even seem to have its source. 

    The error is in file f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c, near line 1925.

    Fix the error, or contact the person who wrote this code.

    Regards,

    --pa

    Tuesday, September 20, 2016 1:19 PM
  • I don't understand this analysis.

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ccae9745, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 813a579b, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000002, (reserved)

    So an instruction at 0x813a579b was trying to read from 0xccae9745.

    FAULTING_IP: 
    nt!VfMajorRegisterHandlers+28
    813a579b 8b448138        mov     eax,dword ptr [ecx+eax*4+38h]

    Because 0xccae9745 is odd, but neither eax*4 nor 0x38 is odd, ecx must be odd. I assume Windows is not deliberately reading from an unaligned address, i.e. the value in ecx is wrong.

    STACK_TEXT:  
    b45bca50 8126194a 00000000 8126194a b45bcbd4 nt!RtlAllocateHeap+0x72d
    b45bcb38 8133f8cc 00000000 ccae9745 00000000 nt!PpDevNodeRemoveFromTree+0x2a
    b45bcbd4 813a579b badb0d00 01bc2d28 8142fc40 nt!CmpDoCreateChild+0x199
    b45bcca4 b3eb51a4 894fb000 894fb4a0 88af3ce0 nt!VfMajorRegisterHandlers+0x28
    b45bcd24 b3eb2ae9 89bb9508 00000000 88af3ce0 qcusbwwan!USBDSP_Dispatch+0xe8a [f:\win7_program_files\p4_workspace\hunter.lv_hunter-pc\platform_driver\qcom\uc20\windows\usb\mcu_r06\transport\usb\usbdsp.c @ 1925]

    Here is the strange part. If the exception happened in VfMajorRegisterHandlers, then why do CmpDoCreateChild, PpDevNodeRemoveFromTree, and RtlAllocateHeap also appear in the stack trace?

    Tuesday, September 20, 2016 6:23 PM
  • Dear Pavel A:

    the same driver is OK on windows 10 professional version. I have the driver source, the line 1925 is bellow:

                   break;

                case IOCTL_SERIAL_INTERNAL_BASIC_SETTINGS:
                   Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
                   break;

                case IOCTL_SERIAL_INTERNAL_RESTORE_SETTINGS:
                   Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
                   break;

                default:
                   Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
                   break;
             } // switch(IoControlCode)

             break;
          }  // INTERNAL_DEVICE_CONTROL

          case IRP_MJ_POWER:
          {
             QCPWR_PowrerManagement(pDevExt, Irp, irpStack); //line 1925

             goto USBDSP_Dispatch_Done;
          
             break;
          }  // IRP_MJ_POWER

          case IRP_MJ_PNP:
          {
             switch (irpStack->MinorFunction) 
             {
                case IRP_MN_QUERY_CAPABILITIES:  // PASSIVE_LEVEL
                {
                   PDEVICE_CAPABILITIES pdc = irpStack->Parameters.DeviceCapabilities.Capabilities;

                   QcAcquireDspPass(&pDevExt->DSPSyncEvent);

    ...

    i do not known , why the statement lead to crash. 

    the OS:

    TVI2303X_SRD_Z8300_AP6234_OV2680_OV5648_English_x86_CES_20160826_V1.35.0

    which running on Pos machine.

    Wednesday, September 21, 2016 1:09 AM
  • Dear ranta:

    the driver is OK on windows 10 professional version. the dump occurs on TVI2303X_SRD_Z8300_AP6234_OV2680_OV5648_English_x86_CES_20160826_V1.35.0; I known a little about it. which is windows 10 core and running on Pos machine.

    Maybe the system is unstable.

    Best Regards

    Wednesday, September 21, 2016 1:11 AM
  • it is your driver that is making the system unstable, not the system itself. Remember that each OS has slightly different timings so it can easily work on one OS and not the other. You NEED to verify your NT symbols are correct and fix if not. the nt symbol names in the stack don't look right nor do they make any sort of sense.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, September 21, 2016 6:05 AM
  • FAULTING_IP: 
    nt!VfMajorRegisterHandlers+28

    Ah, and the driver runs under verifier.  It is unlikely that you've found a bug in the verifier itself ;) but it may affect the analysis (the analyzer might have private knowledge about the verifier).  The verifier also can expose bugs that run undetected on other systems without it.

    @OP: call Qualcomm, or whoever provided this driver to you.

    -- pa


    • Edited by Pavel A Wednesday, September 21, 2016 4:32 PM
    Wednesday, September 21, 2016 4:31 PM