Re: WdfObjectDereference and Cancellation
- From: 泛若不繫舟 <ZivHuang@xxxxxxxxx>
- Date: Thu, 17 Apr 2008 18:14:57 -0700 (PDT)
Thanks Doron,
I checked the reference count, it seems match in my code. I will check
it again.
Why this driver got bugcheck at FreeRequestMemory instead of
imp_WdfObjectDereferenceActual if I dereferenced too many time? ^_^a
Thank you. ^_^
Ziv
On 4月18日, 上午3?05分, "Doron Holan [MSFT]" <dor...@xxxxxxxxxxxxxxxxxxxx>
wrote:
i think you are dereferencing too many times. your dereference should not
go down the path that is shown in the bugcheck b/c that means the last
reference is going away.
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights..
"泛若不?舟" <ZivHu...@xxxxxxxxx> wrote in message
news:20f80a2c-1e61-456c-81a9-2e6d7417df0d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all,
I got a strange problem when handling cancel/compete.
My driver is a bus driver and some vendor's driver is child.
First, I install a cancel routine for the request.
WdfObjectReference(Request);
WdfRequestMarkCancelable(Request, __XferHWProcessingRequestCancel);
VOID
__XferHWProcessingRequestCancel(
IN WDFREQUEST Request
)
{
//try to stop hardware ... etc.
//Cancel request here
WdfRequestComplete(Request, STATUS_CANCELLED);
}
In my cleanup routine, I check the request's status and make sure this
request had been canceled. Then I WdfObjectDereference this request
and get bugcheck.
Before bugcheck, I found the vendor's driver always send the same
request handle to my driver. My driver handle the URB inside the
request.
Is it my fault or something wrong? ^_^a
Thanks in advance for any comment or sugguestion. ^_^
Ziv
***************************************************************************-****
*
*
* Bugcheck
Analysis *
*
*
***************************************************************************-****
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806d7029, The address that the exception occurred at
Arg3: 82bab608, Exception Record Address
Arg4: 82bab304, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
FAULTING_IP:
Wdf01000!FxDevice::FreeRequestMemory+3c
806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0
EXCEPTION_RECORD: 82bab608 -- (.exr 0xffffffff82bab608)
ExceptionAddress: 806d7029 (Wdf01000!FxDevice::FreeRequestMemory
+0x0000003c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000009a
Attempt to read from address 0000009a
CONTEXT: 82bab304 -- (.cxr 0xffffffff82bab304)
eax=00000000 ebx=869cb464 ecx=86a72540 edx=00000000 esi=8070c394
edi=86a72540
eip=806d7029 esp=82bab6d0 ebp=82bab6d8 iopl=0 nv up ei pl zr
na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
Wdf01000!FxDevice::FreeRequestMemory+0x3c:
806d7029 80b89a00000000 cmp byte ptr [eax+9Ah],0 ds:
0023:0000009a=??
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
READ_ADDRESS: 0000009a
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 806cf461 to 806d7029
STACK_TEXT:
82bab6d8 806cf461 86b94c38 86b94c38 86b94c38 Wdf01000!
FxDevice::FreeRequestMemory+0x3c
82bab6e8 806d48ea 00000000 00000000 00000000 Wdf01000!
FxRequestFromLookaside::SelfDestruct+0x16
82bab700 806cef06 79634ba8 869cb490 82bab728 Wdf01000!
FxObject::ProcessDestroy+0x9f
82bab710 806d03d6 00000000 00000065 00000000 Wdf01000!FxObject::Release
+0x10c
82bab728 806bc275 00000000 00000065 97a783b0 Wdf01000!
FxRequest::Release+0x26
82bab744 97a6ada2 86698df8 86b94c38 00000000 Wdf01000!
imp_WdfObjectDereferenceActual+0x3c
82bab760 97a6ced4 7946b3c0 00000000 00000065 rtkwhci!
WdfObjectDereferenceActual+0x22 [c:\winddk\6001.17051\inc\wdf\kmdf
\1.7\wdfobject.h @ 522]
82bab7b0 806cea2c 79634ba8 869cb450 869cb464 rtkwhci!
__WusbEpCleanupCallbak+0x224 [d:\project\wdf\whci\build\wusb_ep.c @
103]
82bab7c0 806d5174 8070c2bc 869cb450 00000004 Wdf01000!
FxObject::CallCleanup+0x38
82bab7d8 806d4c67 00000005 bab84c00 00000000 Wdf01000!
FxObject::DisposeChildrenWorker+0x144
82bab7f8 806d4e18 bab84c00 00000000 869cb450 Wdf01000!
FxObject::PerformDisposingDisposeChildrenLocked+0xa6
82bab80c 806d5020 bab84c00 00000000 86b922cc Wdf01000!
FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2
82bab834 806d5158 8070c2bc 86b922b8 00000004 Wdf01000!
FxObject::PerformEarlyDispose+0xdf
82bab84c 806d4c67 00000005 bab8c000 00000000 Wdf01000!
FxObject::DisposeChildrenWorker+0x128
82bab86c 806d4e18 bab8c000 00000000 86b922b8 Wdf01000!
FxObject::PerformDisposingDisposeChildrenLocked+0xa6
82bab880 806d5020 bab8c000 00000000 86b87ae4 Wdf01000!
FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2
82bab8a8 806d5158 8070c2bc 86b87ad0 00000004 Wdf01000!
FxObject::PerformEarlyDispose+0xdf
82bab8c0 806d4c67 00000005 bab93400 00000000 Wdf01000!
FxObject::DisposeChildrenWorker+0x128
82bab8e0 806d4e18 bab93400 00000000 86b87ad0 Wdf01000!
FxObject::PerformDisposingDisposeChildrenLocked+0xa6
82bab8f4 806d5020 bab93400 00000000 86b5021c Wdf01000!
FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2
82bab91c 806d5158 8070c2bc 86b50208 00000004 Wdf01000!
FxObject::PerformEarlyDispose+0xdf
82bab934 806d4c67 00000005 86b50200 00000001 Wdf01000!
FxObject::DisposeChildrenWorker+0x128
82bab954 806d4e18 86b50200 00000001 86b50208 Wdf01000!
FxObject::PerformDisposingDisposeChildrenLocked+0xa6
82bab968 806d4f33 86b50200 00000001 00000000 Wdf01000!
FxObject::PerformEarlyDisposeWorkerAndUnlock+0xe2
82bab98c 806f48f9 00000008 86b46880 806f3387 Wdf01000!
FxObject::EarlyDispose+0x111
82bab998 806f3387 806f4551 82bab9cc 806f4fec Wdf01000!
FxPkgPnp::PnpEventRemovedCommonCode+0xd7
82bab99c 806f4551 82bab9cc 806f4fec 86b46880 Wdf01000!
FxPkgFdo::PnpEventFdoRemovedOverload+0x5
82bab9a4 806f4fec 86b46880 8070e380 86b46880 Wdf01000!
FxPkgPnp::PnpEventFdoRemoved+0xd
82bab9cc 806f5d40 00000117 86b46920 86b46880 Wdf01000!
FxPkgPnp::PnpEnterNewState+0x15c
82bab9f4 806f606d 82baba0c 00000000 86b46880 Wdf01000!
FxPkgPnp::PnpProcessEventInner+0x1f5
82baba1c 806ee774 00000200 86b46880 8070d8a0 Wdf01000!
FxPkgPnp::PnpProcessEvent+0x1cf
82baba44 806edb83 86b46880 82baba64 96060f20 Wdf01000!
FxPkgPnp::_PnpRemoveDevice+0x69
82baba68 806d7665 96060f20 82baba90 806d786a Wdf01000!
FxPkgPnp::Dispatch+0x2a6
82baba74 806d786a 86b4cd60 96060f20 96060f20 Wdf01000!
FxDevice::Dispatch+0x7f
82baba90 81ace681 86b4cd60 96060f20 86b89820 Wdf01000!
FxDevice::DispatchWithLock+0x5d
82babab4 81827e86 89f335a5 86b89950 86b4cd60 nt!IovCallDriver+0x252
82babac8 89f335a5 86b89950 82babaf0 89f33a0e nt!IofCallDriver+0x1b
WARNING: Stack unwind information not available. Following frames may
be wrong.
82babad4 89f33a0e 86b89898 96060f20 96060f20 pnpfiltr+0x5a5
82babaf0 89f355ff 86b89898 96060f20 96060f20 pnpfiltr+0xa0e
82babb08 81ace681 86b89898 96060f20 96060ffc pnpfiltr+0x25ff
82babb2c 81827e86 819af4a9 82babbcc 86b89898 nt!IovCallDriver+0x252
82babb40 819af4a9 86b45948 86b44b58 86b45948 nt!IofCallDriver+0x1b
82babb74 819af70f 86b45948 82babba8 00000000 nt!IopSynchronousCall
+0xce
82babbd0 81806561 86b45948 00000002 9d8d9bf8 nt!IopRemoveDevice+0xd5
82babbfc 819a5ced 00000000 9d8d9bf8 00000000 nt!
PnpRemoveLockedDeviceNode+0x172
82babc14 819a5f67 00000000 00000000 00000000 nt!
PnpDeleteLockedDeviceNode+0x2b
82babc44 819aa8d8 85471700 9d8d9bf8 00000002 nt!
PnpDeleteLockedDeviceNodes+0x4c
82babd04 819aac2b 82babd34 00000000 94f76588 nt!
PnpProcessQueryRemoveAndEject+0x8ac
82babd1c 819a9793 00000000 818fde3c 846ff580 nt!
PnpProcessTargetDeviceEvent+0x38
82babd44 81878e18 86b13aa8 00000000 846ff580 nt!PnpDeviceEventWorker
+0x201
82babd7c 81a254a8 86b13aa8 82ba0680 00000000 nt!ExpWorkerThread+0xfd
82babdc0 8189145e 81878d1b 00000001 00000000 nt!PspSystemThreadStartup
+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
rtkwhci!WdfObjectDereferenceActual+22 [c:\winddk\6001.17051\inc\wdf
\kmdf\1.7\wdfobject.h @ 522]
97a6ada2 5d pop ebp
FAULTING_SOURCE_CODE:
518: PCHAR File
519: )
520: {
521: ((PFN_WDFOBJECTDEREFERENCEACTUAL)
WdfFunctions[WdfObjectDereferenceActualTableIndex])(WdfDriverGlobals,
Handle, Tag, Line, File);
522: }523:
524: //
525: // WDF Function: WdfObjectCreate
526: //
527: typedef
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: rtkwhci!WdfObjectDereferenceActual+22- ?藏被引用文字 -
- ?示被引用文字 -
.
- References:
- WdfObjectDereference and Cancellation
- From: 泛若不繫舟
- Re: WdfObjectDereference and Cancellation
- From: Doron Holan [MSFT]
- WdfObjectDereference and Cancellation
- Prev by Date: Re: Failed to open USB device using CreateFile: ERROR_FILE_NOT_FOUND
- Next by Date: Re: How to detect the mouse horizontal scroll?
- Previous by thread: Re: WdfObjectDereference and Cancellation
- Next by thread: USB Audio device inf file
- Index(es):
Relevant Pages
|
