Skip to main content

 none
NDIS - how to diagnose this BSOD ? RRS feed

  • Question

  • Hello,
    I have firewall and bandwidth manager and core of this product is LWF NDIS driver. I have problem when it is tested on Win 2016 server with Hyper-V. This server has running virtual machines and there exist virtual switch used for connecting VMs to LAN. My LWF driver is by default bound to physical network card and also to virtual switch. Problem appears when I have configured firewall in instance bound to physical network adapter and when there exists tens of TCP connections to Win 2016 Hyper-V server's IP from LAN. When I try to uninstall my driver in network adapter in control panel by selecting it's service name and clicking to Uninstall button then server crashes. After reboot LWF driver stays installed and functional.
    !analyze -v show this stack (I removed number parameters for simple look) :
    STACK_TEXT: 
    nt!KeBugCheckEx
    nt!KiBugCheckDispatch+0x69
    nt!KiPageFault+0x426
    e1r65x64+0x184b7
    NDIS!ndisCallReceiveCompleteHandler+0x33
    NDIS!NdisReturnNetBufferLists+0x457
    vmswitch!VmsPtNicPvtPacketRouted+0x36f
    vmswitch!VmsNblHelperCompleteNbls+0x124
    vmswitch!VmsExtIoPacketRouted+0x253
    vmswitch!VmsExtPtSendNetBufferListsComplete+0xe2
    NDIS!ndisMSendCompleteNetBufferListsInternal+0x13b
    NDIS!NdisMSendNetBufferListsComplete+0x222
    vmswitch!VmsExtIoPacketRouted+0x283
    vmswitch!VmsExtMpReturnNetBufferLists+0x4a
    NDIS!ndisCallReceiveCompleteHandler+0x33
    NDIS!NdisReturnNetBufferLists+0x457
    vmswitch!VmsExtIoPacketRouted+0x2b3
    vmswitch!VmsMpNicReturnNetBufferLists+0x6d
    NDIS!ndisCallReceiveCompleteHandler+0x33
    NDIS!NdisReturnNetBufferLists+0x457
    tcpip!FlpReturnNetBufferListChain+0xa3
    NETIO!NetioDereferenceNetBufferListChain+0xf4
    tcpip!TcpTlProviderReleaseIndicationList+0x84
    afd!AfdTLReleaseIndications+0x32
    afd!AfdReturnBuffer+0xff
    afd!AfdUpdateConnectionForTimerWheel+0x23e
    afd!AfdTimerWheelHandler+0x1b7
    nt!KiRetireDpcList+0x731
    nt!KiIdleLoop+0x5a

    This stack does not contain my driver but crash comes immediately after I try to uninstall it.
    How to diagnose it ? Is it bug in my driver or bug in network card driver ? What do you recommend ? Even if it is bug in network card driver have I chance to change something in my driver to avoid this crash ?


    Wednesday, September 4, 2019 6:20 PM

Answers

  • I am not an NDIS LWF expert, but from filters in general, the most likely cause is your driver and it not completely cleaning up after itself.  Since this is happening in ndisCallReceiveCompleteHandler I suspect your filter passed a receive down the stack, and did not wait for it to complete before exiting.   This is exactly the type of behavior that would cause this sort of page fault.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Peter Skvarka Thursday, September 5, 2019 5:26 PM
    Wednesday, September 4, 2019 6:38 PM

All replies

  • I am not an NDIS LWF expert, but from filters in general, the most likely cause is your driver and it not completely cleaning up after itself.  Since this is happening in ndisCallReceiveCompleteHandler I suspect your filter passed a receive down the stack, and did not wait for it to complete before exiting.   This is exactly the type of behavior that would cause this sort of page fault.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by Peter Skvarka Thursday, September 5, 2019 5:26 PM
    Wednesday, September 4, 2019 6:38 PM
  • Yes, I found my bug, thanks !
    Thursday, September 5, 2019 5:26 PM