Closed nefarius closed 2 years ago
Managed to provoke another one 😇
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806466daaae, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6233
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8083
Key : Analysis.Init.CPU.mSec
Value: 718
Key : Analysis.Init.Elapsed.mSec
Value: 18707
Key : Analysis.Memory.CommitPeak.Mb
Value: 119
Key : Bugcheck.Code.DumpHeader
Value: 0x1e
Key : Bugcheck.Code.KiBugCheckData
Value: 0x1e
Key : Bugcheck.Code.Register
Value: 0x1e
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: MEMORY.DMP
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff806466daaae
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffffffffffff
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: ffffffffffffffff
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
fffff806`47f19158 fffff806`422f607e : 00000000`0000001e ffffffff`c0000005 fffff806`466daaae 00000000`00000000 : nt!KeBugCheckEx
fffff806`47f19160 fffff806`42200def : fffff806`422f605c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvlpVtlCallExceptionHandler+0x22
fffff806`47f191a0 fffff806`420dd7b7 : fffff806`47f19710 00000000`00000000 fffff806`47f0bfb0 fffff806`421fef75 : nt!RtlpExecuteHandlerForException+0xf
fffff806`47f191d0 fffff806`420dc3b6 : fffff806`47f0a428 fffff806`47f19e20 fffff806`47f0a428 00000000`00000004 : nt!RtlDispatchException+0x297
fffff806`47f198f0 fffff806`421f8dc2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
fffff806`47f19fb0 fffff806`421f8d90 : fffff806`42209fa5 fffff806`42b25440 00000000`00000000 ffff810f`5de4d9f0 : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff806`47f0a2e8 fffff806`42209fa5 : fffff806`42b25440 00000000`00000000 ffff810f`5de4d9f0 fffff806`466dc985 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff806`47f0a2f0 fffff806`42205ce0 : ffff810f`5e7342f0 fffff806`466e3436 fffff806`47f0a502 ffff810f`63a10020 : nt!KiExceptionDispatch+0x125
fffff806`47f0a4d0 fffff806`466daaae : 00000000`00000000 00000000`00000000 ffff810f`5e6a7e30 fffff806`4eac89c8 : nt!KiGeneralProtectionFault+0x320
fffff806`47f0a660 fffff806`4672610d : ffff810f`5e0299c0 fffff806`466e78ac 00000000`00000000 ffff810f`5e0299c0 : Wdf01000!FxIFR+0x1e [minkernel\wdf\framework\kmdf\src\core\tracing.cpp @ 389]
fffff806`47f0a6d0 fffff806`466f840b : ffff810f`631a7020 ffff810f`63313a00 00000000`0000100a 00000000`00000000 : Wdf01000!WPP_IFR_SF_qDqD+0xf1 [minkernel\wdf\framework\shared\object\km\objfre\amd64\HandleAPI.tmh @ 857]
fffff806`47f0a750 fffff806`466e8536 : 00000000`00000000 fffff806`47f0ac38 ffff810f`5e6a83b0 ffff810f`5e6a7970 : Wdf01000!FxObjectHandleGetPtr+0x1c57b [minkernel\wdf\framework\shared\inc\private\common\fxhandle.h @ 345]
fffff806`47f0a7c0 fffff806`4ab82386 : 00000000`00000000 ffff810f`5e0299c0 00000000`00000001 00000000`0000002f : Wdf01000!imp_WdfMemoryGetBuffer+0x26 [minkernel\wdf\framework\shared\core\fxmemorybufferapi.cpp @ 200]
fffff806`47f0a7f0 fffff806`4ab92f20 : 00007ef0`9ce58fd8 00000000`00000000 fffff806`47f0ab38 fffff806`47f0ad38 : BthPS3!WdfMemoryGetBuffer+0x46 [C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h @ 267]
fffff806`47f0a830 fffff806`4ab9d9a3 : 00007ef0`9ce58fd8 ffff810f`61556040 fffff806`47f0a951 fffff806`42046e0f : BthPS3!DMF_ModuleToObject+0x50 [D:\Development\GitHub\DMF\Dmf\Framework\DmfIncludeInternal.h @ 1405]
fffff806`47f0a870 fffff806`4ab901c7 : 00007ef0`9ce58fd8 fffff806`4abba028 00000000`00000006 00000004`00000000 : BthPS3!DMF_HandleValidate_ModuleMethod+0x13 [D:\Development\GitHub\DMF\Dmf\Framework\DmfValidate.c @ 533]
fffff806`47f0a8b0 fffff806`4ab8c9dc : 00007ef0`9ce58fd8 fffff806`47f0a9d0 00000000`000000f8 00000000`00000000 : BthPS3!DMF_QueuedWorkItem_Enqueue+0x107 [D:\Development\GitHub\DMF\Dmf\Modules.Library\Dmf_QueuedWorkItem.c @ 463]
fffff806`47f0a950 fffff806`4a9b2ae9 : ffff810f`609d6050 00000000`00000003 fffff806`47f0ab50 fffff806`4aa1b394 : BthPS3!L2CAP_PS3_ConnectionIndicationCallback+0x36c [D:\Development\GitHub\BthPS3\BthPS3\L2CAP.Disconnect.c @ 183]
fffff806`47f0ab00 fffff806`4a9bb80b : 00000000`00000001 ffff810f`626ef8a0 00000000`00000001 ffff810f`626ef8a0 : BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect+0xc9
fffff806`47f0ace0 fffff806`4a948cf1 : ffff810f`626ef8b8 ffff810f`63313ad0 00000000`c000009d 00000000`00000016 : BTHport!L2CapCon_HciConnectCallback+0x46b
fffff806`47f0adb0 fffff806`4a9499aa : ffff810f`626ef8b8 fffff806`47f0af00 fffff806`47f0b220 fffff806`4a93cade : BTHport!HCI_CxnCallClientCallback+0xe1
fffff806`47f0ae40 fffff806`4a953e0a : ffff810f`63313f70 fffff806`47f0af90 ffff810f`63313a20 fffff806`47f0b220 : BTHport!HCI_CxnDrainMoveList+0x7a
fffff806`47f0ae90 fffff806`4a953fef : ffff810f`5b65be05 00000000`00000004 ffff810f`602ab220 ffff810f`63313a20 : BTHport!HCI_HandleDisconnectionComplete+0xb8a
fffff806`47f0b090 fffff806`4a9406e5 : ffff810f`62baa170 fffff806`47f0b231 fffff806`47f0b231 ffff810f`602ab220 : BTHport!Fn_EVENT_DisconnectionComplete+0xaf
fffff806`47f0b150 fffff806`4a974535 : ffff810f`5ba8e000 ffff810f`58402005 00000000`00000202 00000000`00000000 : BTHport!HCI_DoCmdCompletion+0x469
fffff806`47f0b290 fffff806`4a9a706b : ffff810f`5b65f2f0 fffff806`47f0b3f9 00000000`00000000 fffff806`47f0b3dc : BTHport!HCI_ProcessAsynchronousEvent+0x99
fffff806`47f0b2e0 fffff806`4a9a745c : ffff810f`5b65f2f0 fffff806`47f0b3f9 00000000`00000000 ffff810f`5ba8e000 : BTHport!HCI_ProcessEventAtDPC+0x1fb
fffff806`47f0b350 fffff806`4aa061f7 : 00000000`00000000 fffff806`4a8fc882 00000000`00000000 00000000`00000000 : BTHport!HCI_ProcessMpBip+0x3a0
fffff806`47f0b460 fffff806`4a8f461b : ffff810f`5b65f2f0 00000000`00000000 00000000`00000000 fffff806`47f0b5d0 : BTHport!imp_BthLegacyRecvMpBip+0x47
fffff806`47f0b4c0 fffff806`4a8fde99 : fffff806`47f0b640 ffff810f`5e0c7060 ffff810f`5e0c7060 ffff810f`5e2d7990 : BTHUSB!BthUsb_EventTransferComplete+0x1bb
fffff806`47f0b580 fffff806`4a8fe185 : 00000000`00000003 fffff806`47f0b640 00000000`00000000 ffff810f`00000006 : BTHUSB!UsbWrapWorkRoutine+0x1c9
fffff806`47f0b600 fffff806`420438ee : ffff810f`5e2d7990 fffff806`47f0b719 ffff810f`5e4a8060 00000000`00000000 : BTHUSB!UsbWrapInterruptReadComplete+0x205
fffff806`47f0b690 fffff806`420437b7 : 00000000`00000001 00000000`00000000 ffff810f`5e0299c0 00000000`00000002 : nt!IopfCompleteRequest+0x11e
fffff806`47f0b780 fffff806`466d811a : 00000000`00000000 ffff810f`5de4d9f0 ffff810f`5e2d7990 fffff806`47f0b860 : nt!IofCompleteRequest+0x17
fffff806`47f0b7b0 fffff806`466d5bbf : ffff810f`6048a102 ffff810f`5e2c9a80 ffff810f`5e2d7990 00000000`00000000 : Wdf01000!FxRequest::CompleteInternal+0x23a [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869]
fffff806`47f0b840 fffff806`4ea0cb4d : 00000000`ffffff02 ffff810f`6048a020 ffff810f`5e029da0 ffff810f`5e029da0 : Wdf01000!imp_WdfRequestComplete+0x8f [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 436]
fffff806`47f0b8a0 fffff806`4ea0ca11 : ffff810f`6048a1c0 00000000`00000006 ffff810f`6048a250 fffff806`47f0bab8 : USBXHCI!Bulk_Transfer_CompleteCancelable+0xc9
fffff806`47f0b900 fffff806`4ea0c800 : 00000000`00000004 fffff806`47f0ba70 00000000`00000000 ffff810f`5e0289f0 : USBXHCI!Bulk_ProcessTransferEventWithED1+0x1fd
fffff806`47f0b9b0 fffff806`4ea07101 : 00000000`00000004 fffff806`47f0ba88 00000000`00000008 fffff806`47f0ba90 : USBXHCI!Bulk_EP_TransferEventHandler+0x10
fffff806`47f0b9e0 fffff806`4ea06c35 : 00000000`00000780 00007ef0`a22fdf00 ffff810f`5ddfdc70 ffff810f`5dc54450 : USBXHCI!Endpoint_TransferEventHandler+0xb1
fffff806`47f0ba40 fffff806`4ea0690c : ffff810f`58d02628 ffff810f`58ce8240 00007ef0`a22f98a8 ffff810f`58d02000 : USBXHCI!Interrupter_DeferredWorkProcessor+0x315
fffff806`47f0bb40 fffff806`466d38f6 : 00000000`00000f44 00000000`00400a02 00000000`00000000 0000010d`94160df2 : USBXHCI!Interrupter_WdfEvtInterruptDpc+0xc
fffff806`47f0bb70 fffff806`420a181e : fffff806`3f822240 ffff810f`58ce7000 fffff806`47f0be70 fffff806`00000002 : Wdf01000!FxInterrupt::_InterruptDpcThunk+0xa6 [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 410]
fffff806`47f0bbb0 fffff806`420a0b04 : fffff806`3f81f180 00000000`00000000 00000000`00000008 00000000`00003374 : nt!KiExecuteAllDpcs+0x30e
fffff806`47f0bd20 fffff806`421fef75 : 00000000`00000000 fffff806`3f81f180 ffffb780`0a08f500 00000000`00000000 : nt!KiRetireDpcList+0x1f4
fffff806`47f0bfb0 fffff806`421fed60 : 00000075`b1f7f368 fffff806`4211962a 00000000`00000000 00007ffd`aaa42000 : nt!KxRetireDpcList+0x5
ffffec02`8ba5f9c0 fffff806`421fe615 : 00000000`00000000 fffff806`421f9aa1 00000234`d1a8ff40 00000000`00000000 : nt!KiDispatchInterruptContinue
ffffec02`8ba5f9f0 fffff806`421f9aa1 : 00000234`d1a8ff40 00000000`00000000 ffffec02`8ba5fa80 ffff810f`00000000 : nt!KiDpcInterruptBypass+0x25
ffffec02`8ba5fa00 00007ffd`b1edc632 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatch+0xb1
00000075`b1f7e6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`b1edc632
FAULTING_SOURCE_LINE: C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h
FAULTING_SOURCE_FILE: C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h
FAULTING_SOURCE_LINE_NUMBER: 267
FAULTING_SOURCE_CODE:
263: size_t* BufferSize
264: )
265: {
266: return ((PFN_WDFMEMORYGETBUFFER) WdfFunctions[WdfMemoryGetBufferTableIndex])(WdfDriverGlobals, Memory, BufferSize);
> 267: }
268:
269: //
270: // WDF Function: WdfMemoryAssignBuffer
271: //
272: typedef
SYMBOL_NAME: BthPS3!WdfMemoryGetBuffer+46
MODULE_NAME: BthPS3
IMAGE_NAME: BthPS3.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 46
FAILURE_BUCKET_ID: AV_R_BthPS3!WdfMemoryGetBuffer
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {a5638d79-fbb2-e3ca-7e3f-d8fa88819a45}
Followup: MachineOwner
---------
0: kd> kc
# Call Site
00 nt!KeBugCheckEx
01 nt!HvlpVtlCallExceptionHandler
02 nt!RtlpExecuteHandlerForException
03 nt!RtlDispatchException
04 nt!KiDispatchException
05 nt!KxExceptionDispatchOnExceptionStack
06 nt!KiExceptionDispatchOnExceptionStackContinue
07 nt!KiExceptionDispatch
08 nt!KiGeneralProtectionFault
09 Wdf01000!FxIFR
0a Wdf01000!WPP_IFR_SF_qDqD
0b Wdf01000!FxObjectHandleGetPtrQI
0c Wdf01000!FxObjectHandleGetPtr
0d Wdf01000!imp_WdfMemoryGetBuffer
0e BthPS3!WdfMemoryGetBuffer
0f BthPS3!DMF_ModuleToObject
10 BthPS3!DMF_HandleValidate_ModuleMethod
11 BthPS3!DMF_QueuedWorkItem_Enqueue
12 BthPS3!L2CAP_PS3_ConnectionIndicationCallback
13 BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect
14 BTHport!L2CapCon_HciConnectCallback
15 BTHport!HCI_CxnCallClientCallback
16 BTHport!HCI_CxnDrainMoveList
17 BTHport!HCI_HandleDisconnectionComplete
18 BTHport!Fn_EVENT_DisconnectionComplete
19 BTHport!HCI_DoCmdCompletion
1a BTHport!HCI_ProcessAsynchronousEvent
1b BTHport!HCI_ProcessEventAtDPC
1c BTHport!HCI_ProcessMpBip
1d BTHport!imp_BthLegacyRecvMpBip
1e BTHUSB!BthUsb_EventTransferComplete
1f BTHUSB!UsbWrapWorkRoutine
20 BTHUSB!UsbWrapInterruptReadComplete
21 nt!IopfCompleteRequest
22 nt!IofCompleteRequest
23 Wdf01000!FxIrp::CompleteRequest
24 Wdf01000!FxRequest::CompleteInternal
25 Wdf01000!FxRequest::Complete
26 Wdf01000!imp_WdfRequestComplete
27 USBXHCI!Bulk_Transfer_CompleteCancelable
28 USBXHCI!Bulk_ProcessTransferEventWithED1
29 USBXHCI!Bulk_EP_TransferEventHandler
2a USBXHCI!Endpoint_TransferEventHandler
2b USBXHCI!Interrupter_DeferredWorkProcessor
2c USBXHCI!Interrupter_WdfEvtInterruptDpc
2d Wdf01000!FxInterrupt::DpcHandler
2e Wdf01000!FxInterrupt::_InterruptDpcThunk
2f nt!KiExecuteAllDpcs
30 nt!KiRetireDpcList
31 nt!KxRetireDpcList
32 nt!KiDispatchInterruptContinue
33 nt!KiDpcInterruptBypass
34 nt!KiInterruptDispatch
35 0x0
@Kanuan discovered a crash caused by context memory being freed while a disconnect request is still in progress. Either use KEVENT or increase reference count to avoid unloading the PDO device object while the disconnect logic is pending.
WinDbg