Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSOD on disconnect/driver unload (L2CAP_PS3_ConnectionIndicationCallback) #48

Closed
nefarius opened this issue Aug 5, 2022 · 1 comment
Closed

BSOD on disconnect/driver unload (L2CAP_PS3_ConnectionIndicationCallback) #48

nefarius opened this issue Aug 5, 2022 · 1 comment
Assignees
@nefarius
Labels
bug Something isn't working
Milestone
Fixed in v2.5.x

Comments

@nefarius
Copy link
Owner

nefarius commented Aug 5, 2022

@Kanuan discovered a crash caused by context memory being freed while a disconnect request is still in progress. Either use KEVENT or increase reference count to avoid unloading the PDO device object while the disconnect logic is pending.

WinDbg

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80043467a27, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 5811

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 5878

    Key  : Analysis.Init.CPU.mSec
    Value: 749

    Key  : Analysis.Init.Elapsed.mSec
    Value: 5062

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 110

    Key  : Bugcheck.Code.DumpHeader
    Value: 0xd1

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0xd1

    Key  : Bugcheck.Code.Register
    Value: 0xa

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  d1

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80043467a27

READ_ADDRESS:  0000000000000000 

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  svchost.exe

DPC_STACK_BASE:  FFFFF8003A675FB0

TRAP_FRAME:  fffff8003a674890 -- (.trap 0xfffff8003a674890)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffdf8713be0f20
rdx=0000000000000007 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80043467a27 rsp=fffff8003a674a20 rbp=fffff8003a674a79
 r8=fffff8004347f198  r9=0000000000000000 r10=fffff80034d22bc0
r11=fffff8003a674cb0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
BthPS3!L2CAP_PS3_ConnectionIndicationCallback+0x117:
fffff800`43467a27 488b10          mov     rdx,qword ptr [rax] ds:00000000`00000000=????????????????
Resetting default scope

LOCK_ADDRESS:  fffff80035644ae0 -- (!locks fffff80035644ae0)

Resource @ nt!PiEngineLock (0xfffff80035644ae0)    Available
    Contention Count = 22
1 total locks

PNP_TRIAGE_DATA: 
	Lock address  : 0xfffff80035644ae0
	Thread Count  : 0
	Thread address: 0x0000000000000000
	Thread wait   : 0x0

STACK_TEXT:  
fffff800`3a674748 fffff800`34e09269     : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`3a674750 fffff800`34e05569     : 00000000`000000ff fffff800`34d42af8 ffffdf87`096610f0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`3a674890 fffff800`43467a27     : ffff45a1`079ec7a8 00000000`12582eff 00000001`ffffffff 00000000`00000000 : nt!KiPageFault+0x469
fffff800`3a674a20 fffff800`43033479     : 00000000`00000000 ffffdf87`1a1ae010 ffffdf87`1a1ae001 fffff800`4309b3a4 : BthPS3!L2CAP_PS3_ConnectionIndicationCallback+0x117 [C:\projects\bthps3\BthPS3\L2CAP.Disconnect.c @ 168] 
fffff800`3a674ae0 fffff800`4303c19b     : 00000000`00000001 ffffdf87`1a1ae010 00000000`00000001 ffffdf87`1a1ae010 : BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect+0xc9
fffff800`3a674cc0 fffff800`42fc8d71     : ffffdf87`1a1ae028 ffffdf87`17df3ad0 00000000`c000009d 00000000`00000016 : BTHport!L2CapCon_HciConnectCallback+0x46b
fffff800`3a674d90 fffff800`42fc9a2a     : ffffdf87`1a1ae028 fffff800`3a674f00 fffff800`3a675200 fffff800`42fbcb5e : BTHport!HCI_CxnCallClientCallback+0xe1
fffff800`3a674e20 fffff800`42fd3e8a     : ffffdf87`17df3f70 fffff800`3a674f70 ffffdf87`17df3a20 fffff800`3a675200 : BTHport!HCI_CxnDrainMoveList+0x7a
fffff800`3a674e70 fffff800`42fd406f     : ffffdf87`1b998205 00000000`00000004 ffffdf87`165bd720 ffffdf87`17df3a20 : BTHport!HCI_HandleDisconnectionComplete+0xb8a
fffff800`3a675070 fffff800`42fc0765     : ffffdf87`1d0da6f0 fffff800`3a675211 fffff800`3a675211 ffffdf87`165bd720 : BTHport!Fn_EVENT_DisconnectionComplete+0xaf
fffff800`3a675130 fffff800`42ff45b5     : ffffdf87`1350a000 ffffdf87`09002005 00000000`00000202 00000000`00000000 : BTHport!HCI_DoCmdCompletion+0x469
fffff800`3a675270 fffff800`430279fb     : ffffdf87`1b99bc30 fffff800`3a6753d9 00000000`00000000 00000000`00000002 : BTHport!HCI_ProcessAsynchronousEvent+0x99
fffff800`3a6752c0 fffff800`43027dec     : ffffdf87`1b99bc30 fffff800`3a6753d9 00000000`00000000 ffffdf87`1350a000 : BTHport!HCI_ProcessEventAtDPC+0x1fb
fffff800`3a675330 fffff800`43086ba7     : 00000000`00000000 fffff800`42f7c882 00000000`00000000 00000000`00000000 : BTHport!HCI_ProcessMpBip+0x3a0
fffff800`3a675440 fffff800`42f7461b     : ffffdf87`1b99bc30 00000000`00000000 00000000`00000000 fffff800`3a6755b0 : BTHport!imp_BthLegacyRecvMpBip+0x47
fffff800`3a6754a0 fffff800`42f7de99     : fffff800`3a675620 ffffdf87`134f2ab0 ffffdf87`134f2ab0 ffffdf87`12b95560 : BTHUSB!BthUsb_EventTransferComplete+0x1bb
fffff800`3a675560 fffff800`42f7e185     : 00000000`00000003 fffff800`3a675620 00000000`00000000 ffffdf87`00000006 : BTHUSB!UsbWrapWorkRoutine+0x1c9
fffff800`3a6755e0 fffff800`34c84ffe     : ffffdf87`12b95560 fffff800`3a6756f9 ffffdf87`09002340 00000000`00000000 : BTHUSB!UsbWrapInterruptReadComplete+0x205
fffff800`3a675670 fffff800`34c84ec7     : ffffdf87`00000000 fffff800`319d8100 ffffdf87`10ea6050 01000000`00100000 : nt!IopfCompleteRequest+0x11e
fffff800`3a675760 fffff800`44ae2c17     : ffffdf87`1ee28b40 ffffdf87`122515ec ffffdf87`10ea70e8 ffffffff`ffffffff : nt!IofCompleteRequest+0x17
fffff800`3a675790 fffff800`44ae22ae     : ffffdf87`10ea61a0 ffffdf87`122515ec ffffdf87`10ea61a0 00000000`00000000 : USBPORT!USBPORT_Core_iCompleteDoneTransfer+0x867
fffff800`3a675a60 fffff800`44adf98d     : ffffdf87`12251724 ffffdf87`10ea7180 ffffdf87`10ea61a0 ffffdf87`096ad040 : USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x22e
fffff800`3a675ac0 fffff800`44ae781c     : ffffdf87`10ea70e8 ffffdf87`10ea6050 ffffdf87`098fea02 ffffdf87`096ad040 : USBPORT!USBPORT_Core_UsbIocDpc_Worker+0x24d
fffff800`3a675b30 fffff800`34c9a38e     : fffff800`3a675cb0 ffffdf87`0980f000 fffff800`3a675ea0 fffff800`319d8180 : USBPORT!USBPORT_Xdpc_Worker_IocDpc+0x18c
fffff800`3a675bb0 fffff800`34c99674     : fffff800`319d8180 00000000`00000000 00000000`00000008 00000000`000047da : nt!KiExecuteAllDpcs+0x30e
fffff800`3a675d20 fffff800`34dfe325     : 00000000`00000000 fffff800`319d8180 ffffbc01`9b966a00 ffffdf87`165b8380 : nt!KiRetireDpcList+0x1f4
fffff800`3a675fb0 fffff800`34dfe110     : 0001d3c5`1de8ffff fffff800`34d25f5a 00000000`ffffffff 00000000`00000000 : nt!KxRetireDpcList+0x5
ffffcc08`113db5b0 fffff800`34dfd9c5     : ffffdf87`165b8380 fffff800`34df8631 00000000`00000000 ffffdf87`00000005 : nt!KiDispatchInterruptContinue
ffffcc08`113db5e0 fffff800`34df8631     : 00000000`00000000 ffffdf87`00000005 00000000`00000000 ffffdf87`00000000 : nt!KiDpcInterruptBypass+0x25
ffffcc08`113db5f0 fffff800`34fd13f7     : fffff800`34fd2297 ffffdf87`00000001 ffffcc08`113db9c0 ffffdf87`165b9368 : nt!KiChainedDispatch+0xb1
ffffcc08`113db788 fffff800`34fd2297     : ffffdf87`00000001 ffffcc08`113db9c0 ffffdf87`165b9368 00000000`000000c0 : nt!PiDqIrpQueryGetResult+0x3
ffffcc08`113db790 fffff800`350eeddd     : ffffdf87`165b8380 ffffdf87`0971fd80 fffff800`34a06590 00000000`00000000 : nt!PiDqDispatch+0x1c7
ffffcc08`113db7d0 fffff800`34c8f825     : ffffdf87`165b8380 00000000`00000002 00000000`00000000 00000000`00000000 : nt!PiDaDispatch+0x4d
ffffcc08`113db800 fffff800`35075b58     : ffffdf87`165b8380 00000000`00000000 ffffdf87`165b8380 00000000`00000000 : nt!IofCallDriver+0x55
ffffcc08`113db840 fffff800`35075957     : 00000000`00000000 ffffcc08`113dbb80 00000000`00000005 ffffcc08`113dbb80 : nt!IopSynchronousServiceTail+0x1a8
ffffcc08`113db8e0 fffff800`35074cd6     : 00000000`00000000 00000000`00000000 00000000`00000000 000001ff`692639c8 : nt!IopXxxControlFile+0xc67
ffffcc08`113dba20 fffff800`34e08cb5     : ffffdf87`17403080 00000000`00000000 00000000`00000000 000001ff`67602458 : nt!NtDeviceIoControlFile+0x56
ffffcc08`113dba90 00007ffe`2bf8ce54     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000008d`5aa7f788 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`2bf8ce54


FAULTING_SOURCE_LINE:  C:\projects\bthps3\BthPS3\L2CAP.Disconnect.c

FAULTING_SOURCE_FILE:  C:\projects\bthps3\BthPS3\L2CAP.Disconnect.c

FAULTING_SOURCE_LINE_NUMBER:  168

FAULTING_SOURCE_CODE:  
No source found for 'C:\projects\bthps3\BthPS3\L2CAP.Disconnect.c'


SYMBOL_NAME:  BthPS3!L2CAP_PS3_ConnectionIndicationCallback+117

MODULE_NAME: BthPS3

IMAGE_NAME:  BthPS3.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  117

FAILURE_BUCKET_ID:  AV_BthPS3!L2CAP_PS3_ConnectionIndicationCallback

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {402dc05b-0c19-2f3a-d858-59fa43906eb6}

Followup:     MachineOwner
---------

0: kd> kc
 # Call Site
00 nt!KeBugCheckEx
01 nt!KiBugCheckDispatch
02 nt!KiPageFault
03 BthPS3!WdfObjectGetTypedContextWorker
04 BthPS3!GetServerDeviceContext
05 BthPS3!L2CAP_PS3_ConnectionIndicationCallback
06 BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect
07 BTHport!L2CapCon_HciConnectCallback
08 BTHport!HCI_CxnCallClientCallback
09 BTHport!HCI_CxnDrainMoveList
0a BTHport!HCI_HandleDisconnectionComplete
0b BTHport!Fn_EVENT_DisconnectionComplete
0c BTHport!HCI_DoCmdCompletion
0d BTHport!HCI_ProcessAsynchronousEvent
0e BTHport!HCI_ProcessEventAtDPC
0f BTHport!HCI_ProcessMpBip
10 BTHport!imp_BthLegacyRecvMpBip
11 BTHUSB!BthUsb_EventTransferComplete
12 BTHUSB!UsbWrapWorkRoutine
13 BTHUSB!UsbWrapInterruptReadComplete
14 nt!IopfCompleteRequest
15 nt!IofCompleteRequest
16 USBPORT!USBPORT_Core_iCompleteDoneTransfer
17 USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer
18 USBPORT!USBPORT_Core_UsbIocDpc_Worker
19 USBPORT!USBPORT_Xdpc_Worker_IocDpc
1a nt!KiExecuteAllDpcs
1b nt!KiRetireDpcList
1c nt!KxRetireDpcList
1d nt!KiDispatchInterruptContinue
1e nt!KiDpcInterruptBypass
1f nt!KiChainedDispatch
20 nt!PiDqIrpQueryGetResult
21 nt!PiDqDispatch
22 nt!PiDaDispatch
23 nt!IofCallDriver
24 nt!IopSynchronousServiceTail
25 nt!IopXxxControlFile
26 nt!NtDeviceIoControlFile
27 nt!KiSystemServiceCopyEnd
28 0x0
@nefarius nefarius added the bug Something isn't working label Aug 5, 2022
@nefarius nefarius self-assigned this Aug 5, 2022
@nefarius nefarius added this to the Fixed in v2.5.x milestone Aug 5, 2022
@nefarius
Copy link
Owner Author

Managed to provoke another one 😇

WinDbg

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806466daaae, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 6233

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 8083

    Key  : Analysis.Init.CPU.mSec
    Value: 718

    Key  : Analysis.Init.Elapsed.mSec
    Value: 18707

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 119

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x1e

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x1e

    Key  : Bugcheck.Code.Register
    Value: 0x1e

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1


FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  1e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff806466daaae

BUGCHECK_P3: 0

BUGCHECK_P4: ffffffffffffffff

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  svchost.exe

STACK_TEXT:  
fffff806`47f19158 fffff806`422f607e     : 00000000`0000001e ffffffff`c0000005 fffff806`466daaae 00000000`00000000 : nt!KeBugCheckEx
fffff806`47f19160 fffff806`42200def     : fffff806`422f605c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvlpVtlCallExceptionHandler+0x22
fffff806`47f191a0 fffff806`420dd7b7     : fffff806`47f19710 00000000`00000000 fffff806`47f0bfb0 fffff806`421fef75 : nt!RtlpExecuteHandlerForException+0xf
fffff806`47f191d0 fffff806`420dc3b6     : fffff806`47f0a428 fffff806`47f19e20 fffff806`47f0a428 00000000`00000004 : nt!RtlDispatchException+0x297
fffff806`47f198f0 fffff806`421f8dc2     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
fffff806`47f19fb0 fffff806`421f8d90     : fffff806`42209fa5 fffff806`42b25440 00000000`00000000 ffff810f`5de4d9f0 : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff806`47f0a2e8 fffff806`42209fa5     : fffff806`42b25440 00000000`00000000 ffff810f`5de4d9f0 fffff806`466dc985 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff806`47f0a2f0 fffff806`42205ce0     : ffff810f`5e7342f0 fffff806`466e3436 fffff806`47f0a502 ffff810f`63a10020 : nt!KiExceptionDispatch+0x125
fffff806`47f0a4d0 fffff806`466daaae     : 00000000`00000000 00000000`00000000 ffff810f`5e6a7e30 fffff806`4eac89c8 : nt!KiGeneralProtectionFault+0x320
fffff806`47f0a660 fffff806`4672610d     : ffff810f`5e0299c0 fffff806`466e78ac 00000000`00000000 ffff810f`5e0299c0 : Wdf01000!FxIFR+0x1e [minkernel\wdf\framework\kmdf\src\core\tracing.cpp @ 389] 
fffff806`47f0a6d0 fffff806`466f840b     : ffff810f`631a7020 ffff810f`63313a00 00000000`0000100a 00000000`00000000 : Wdf01000!WPP_IFR_SF_qDqD+0xf1 [minkernel\wdf\framework\shared\object\km\objfre\amd64\HandleAPI.tmh @ 857] 
fffff806`47f0a750 fffff806`466e8536     : 00000000`00000000 fffff806`47f0ac38 ffff810f`5e6a83b0 ffff810f`5e6a7970 : Wdf01000!FxObjectHandleGetPtr+0x1c57b [minkernel\wdf\framework\shared\inc\private\common\fxhandle.h @ 345] 
fffff806`47f0a7c0 fffff806`4ab82386     : 00000000`00000000 ffff810f`5e0299c0 00000000`00000001 00000000`0000002f : Wdf01000!imp_WdfMemoryGetBuffer+0x26 [minkernel\wdf\framework\shared\core\fxmemorybufferapi.cpp @ 200] 
fffff806`47f0a7f0 fffff806`4ab92f20     : 00007ef0`9ce58fd8 00000000`00000000 fffff806`47f0ab38 fffff806`47f0ad38 : BthPS3!WdfMemoryGetBuffer+0x46 [C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h @ 267] 
fffff806`47f0a830 fffff806`4ab9d9a3     : 00007ef0`9ce58fd8 ffff810f`61556040 fffff806`47f0a951 fffff806`42046e0f : BthPS3!DMF_ModuleToObject+0x50 [D:\Development\GitHub\DMF\Dmf\Framework\DmfIncludeInternal.h @ 1405] 
fffff806`47f0a870 fffff806`4ab901c7     : 00007ef0`9ce58fd8 fffff806`4abba028 00000000`00000006 00000004`00000000 : BthPS3!DMF_HandleValidate_ModuleMethod+0x13 [D:\Development\GitHub\DMF\Dmf\Framework\DmfValidate.c @ 533] 
fffff806`47f0a8b0 fffff806`4ab8c9dc     : 00007ef0`9ce58fd8 fffff806`47f0a9d0 00000000`000000f8 00000000`00000000 : BthPS3!DMF_QueuedWorkItem_Enqueue+0x107 [D:\Development\GitHub\DMF\Dmf\Modules.Library\Dmf_QueuedWorkItem.c @ 463] 
fffff806`47f0a950 fffff806`4a9b2ae9     : ffff810f`609d6050 00000000`00000003 fffff806`47f0ab50 fffff806`4aa1b394 : BthPS3!L2CAP_PS3_ConnectionIndicationCallback+0x36c [D:\Development\GitHub\BthPS3\BthPS3\L2CAP.Disconnect.c @ 183] 
fffff806`47f0ab00 fffff806`4a9bb80b     : 00000000`00000001 ffff810f`626ef8a0 00000000`00000001 ffff810f`626ef8a0 : BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect+0xc9
fffff806`47f0ace0 fffff806`4a948cf1     : ffff810f`626ef8b8 ffff810f`63313ad0 00000000`c000009d 00000000`00000016 : BTHport!L2CapCon_HciConnectCallback+0x46b
fffff806`47f0adb0 fffff806`4a9499aa     : ffff810f`626ef8b8 fffff806`47f0af00 fffff806`47f0b220 fffff806`4a93cade : BTHport!HCI_CxnCallClientCallback+0xe1
fffff806`47f0ae40 fffff806`4a953e0a     : ffff810f`63313f70 fffff806`47f0af90 ffff810f`63313a20 fffff806`47f0b220 : BTHport!HCI_CxnDrainMoveList+0x7a
fffff806`47f0ae90 fffff806`4a953fef     : ffff810f`5b65be05 00000000`00000004 ffff810f`602ab220 ffff810f`63313a20 : BTHport!HCI_HandleDisconnectionComplete+0xb8a
fffff806`47f0b090 fffff806`4a9406e5     : ffff810f`62baa170 fffff806`47f0b231 fffff806`47f0b231 ffff810f`602ab220 : BTHport!Fn_EVENT_DisconnectionComplete+0xaf
fffff806`47f0b150 fffff806`4a974535     : ffff810f`5ba8e000 ffff810f`58402005 00000000`00000202 00000000`00000000 : BTHport!HCI_DoCmdCompletion+0x469
fffff806`47f0b290 fffff806`4a9a706b     : ffff810f`5b65f2f0 fffff806`47f0b3f9 00000000`00000000 fffff806`47f0b3dc : BTHport!HCI_ProcessAsynchronousEvent+0x99
fffff806`47f0b2e0 fffff806`4a9a745c     : ffff810f`5b65f2f0 fffff806`47f0b3f9 00000000`00000000 ffff810f`5ba8e000 : BTHport!HCI_ProcessEventAtDPC+0x1fb
fffff806`47f0b350 fffff806`4aa061f7     : 00000000`00000000 fffff806`4a8fc882 00000000`00000000 00000000`00000000 : BTHport!HCI_ProcessMpBip+0x3a0
fffff806`47f0b460 fffff806`4a8f461b     : ffff810f`5b65f2f0 00000000`00000000 00000000`00000000 fffff806`47f0b5d0 : BTHport!imp_BthLegacyRecvMpBip+0x47
fffff806`47f0b4c0 fffff806`4a8fde99     : fffff806`47f0b640 ffff810f`5e0c7060 ffff810f`5e0c7060 ffff810f`5e2d7990 : BTHUSB!BthUsb_EventTransferComplete+0x1bb
fffff806`47f0b580 fffff806`4a8fe185     : 00000000`00000003 fffff806`47f0b640 00000000`00000000 ffff810f`00000006 : BTHUSB!UsbWrapWorkRoutine+0x1c9
fffff806`47f0b600 fffff806`420438ee     : ffff810f`5e2d7990 fffff806`47f0b719 ffff810f`5e4a8060 00000000`00000000 : BTHUSB!UsbWrapInterruptReadComplete+0x205
fffff806`47f0b690 fffff806`420437b7     : 00000000`00000001 00000000`00000000 ffff810f`5e0299c0 00000000`00000002 : nt!IopfCompleteRequest+0x11e
fffff806`47f0b780 fffff806`466d811a     : 00000000`00000000 ffff810f`5de4d9f0 ffff810f`5e2d7990 fffff806`47f0b860 : nt!IofCompleteRequest+0x17
fffff806`47f0b7b0 fffff806`466d5bbf     : ffff810f`6048a102 ffff810f`5e2c9a80 ffff810f`5e2d7990 00000000`00000000 : Wdf01000!FxRequest::CompleteInternal+0x23a [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869] 
fffff806`47f0b840 fffff806`4ea0cb4d     : 00000000`ffffff02 ffff810f`6048a020 ffff810f`5e029da0 ffff810f`5e029da0 : Wdf01000!imp_WdfRequestComplete+0x8f [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 436] 
fffff806`47f0b8a0 fffff806`4ea0ca11     : ffff810f`6048a1c0 00000000`00000006 ffff810f`6048a250 fffff806`47f0bab8 : USBXHCI!Bulk_Transfer_CompleteCancelable+0xc9
fffff806`47f0b900 fffff806`4ea0c800     : 00000000`00000004 fffff806`47f0ba70 00000000`00000000 ffff810f`5e0289f0 : USBXHCI!Bulk_ProcessTransferEventWithED1+0x1fd
fffff806`47f0b9b0 fffff806`4ea07101     : 00000000`00000004 fffff806`47f0ba88 00000000`00000008 fffff806`47f0ba90 : USBXHCI!Bulk_EP_TransferEventHandler+0x10
fffff806`47f0b9e0 fffff806`4ea06c35     : 00000000`00000780 00007ef0`a22fdf00 ffff810f`5ddfdc70 ffff810f`5dc54450 : USBXHCI!Endpoint_TransferEventHandler+0xb1
fffff806`47f0ba40 fffff806`4ea0690c     : ffff810f`58d02628 ffff810f`58ce8240 00007ef0`a22f98a8 ffff810f`58d02000 : USBXHCI!Interrupter_DeferredWorkProcessor+0x315
fffff806`47f0bb40 fffff806`466d38f6     : 00000000`00000f44 00000000`00400a02 00000000`00000000 0000010d`94160df2 : USBXHCI!Interrupter_WdfEvtInterruptDpc+0xc
fffff806`47f0bb70 fffff806`420a181e     : fffff806`3f822240 ffff810f`58ce7000 fffff806`47f0be70 fffff806`00000002 : Wdf01000!FxInterrupt::_InterruptDpcThunk+0xa6 [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 410] 
fffff806`47f0bbb0 fffff806`420a0b04     : fffff806`3f81f180 00000000`00000000 00000000`00000008 00000000`00003374 : nt!KiExecuteAllDpcs+0x30e
fffff806`47f0bd20 fffff806`421fef75     : 00000000`00000000 fffff806`3f81f180 ffffb780`0a08f500 00000000`00000000 : nt!KiRetireDpcList+0x1f4
fffff806`47f0bfb0 fffff806`421fed60     : 00000075`b1f7f368 fffff806`4211962a 00000000`00000000 00007ffd`aaa42000 : nt!KxRetireDpcList+0x5
ffffec02`8ba5f9c0 fffff806`421fe615     : 00000000`00000000 fffff806`421f9aa1 00000234`d1a8ff40 00000000`00000000 : nt!KiDispatchInterruptContinue
ffffec02`8ba5f9f0 fffff806`421f9aa1     : 00000234`d1a8ff40 00000000`00000000 ffffec02`8ba5fa80 ffff810f`00000000 : nt!KiDpcInterruptBypass+0x25
ffffec02`8ba5fa00 00007ffd`b1edc632     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatch+0xb1
00000075`b1f7e6e8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`b1edc632


FAULTING_SOURCE_LINE:  C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h

FAULTING_SOURCE_FILE:  C:\Program Files (x86)\Windows Kits\10\Include\wdf\kmdf\1.15\wdfmemory.h

FAULTING_SOURCE_LINE_NUMBER:  267

FAULTING_SOURCE_CODE:  
   263:     size_t* BufferSize
   264:     )
   265: {
   266:     return ((PFN_WDFMEMORYGETBUFFER) WdfFunctions[WdfMemoryGetBufferTableIndex])(WdfDriverGlobals, Memory, BufferSize);
>  267: }
   268: 
   269: //
   270: // WDF Function: WdfMemoryAssignBuffer
   271: //
   272: typedef


SYMBOL_NAME:  BthPS3!WdfMemoryGetBuffer+46

MODULE_NAME: BthPS3

IMAGE_NAME:  BthPS3.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  46

FAILURE_BUCKET_ID:  AV_R_BthPS3!WdfMemoryGetBuffer

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {a5638d79-fbb2-e3ca-7e3f-d8fa88819a45}

Followup:     MachineOwner
---------

0: kd> kc
 # Call Site
00 nt!KeBugCheckEx
01 nt!HvlpVtlCallExceptionHandler
02 nt!RtlpExecuteHandlerForException
03 nt!RtlDispatchException
04 nt!KiDispatchException
05 nt!KxExceptionDispatchOnExceptionStack
06 nt!KiExceptionDispatchOnExceptionStackContinue
07 nt!KiExceptionDispatch
08 nt!KiGeneralProtectionFault
09 Wdf01000!FxIFR
0a Wdf01000!WPP_IFR_SF_qDqD
0b Wdf01000!FxObjectHandleGetPtrQI
0c Wdf01000!FxObjectHandleGetPtr
0d Wdf01000!imp_WdfMemoryGetBuffer
0e BthPS3!WdfMemoryGetBuffer
0f BthPS3!DMF_ModuleToObject
10 BthPS3!DMF_HandleValidate_ModuleMethod
11 BthPS3!DMF_QueuedWorkItem_Enqueue
12 BthPS3!L2CAP_PS3_ConnectionIndicationCallback
13 BTHport!L2CapCon_CallClientCallbackForRemoteDisconnect
14 BTHport!L2CapCon_HciConnectCallback
15 BTHport!HCI_CxnCallClientCallback
16 BTHport!HCI_CxnDrainMoveList
17 BTHport!HCI_HandleDisconnectionComplete
18 BTHport!Fn_EVENT_DisconnectionComplete
19 BTHport!HCI_DoCmdCompletion
1a BTHport!HCI_ProcessAsynchronousEvent
1b BTHport!HCI_ProcessEventAtDPC
1c BTHport!HCI_ProcessMpBip
1d BTHport!imp_BthLegacyRecvMpBip
1e BTHUSB!BthUsb_EventTransferComplete
1f BTHUSB!UsbWrapWorkRoutine
20 BTHUSB!UsbWrapInterruptReadComplete
21 nt!IopfCompleteRequest
22 nt!IofCompleteRequest
23 Wdf01000!FxIrp::CompleteRequest
24 Wdf01000!FxRequest::CompleteInternal
25 Wdf01000!FxRequest::Complete
26 Wdf01000!imp_WdfRequestComplete
27 USBXHCI!Bulk_Transfer_CompleteCancelable
28 USBXHCI!Bulk_ProcessTransferEventWithED1
29 USBXHCI!Bulk_EP_TransferEventHandler
2a USBXHCI!Endpoint_TransferEventHandler
2b USBXHCI!Interrupter_DeferredWorkProcessor
2c USBXHCI!Interrupter_WdfEvtInterruptDpc
2d Wdf01000!FxInterrupt::DpcHandler
2e Wdf01000!FxInterrupt::_InterruptDpcThunk
2f nt!KiExecuteAllDpcs
30 nt!KiRetireDpcList
31 nt!KxRetireDpcList
32 nt!KiDispatchInterruptContinue
33 nt!KiDpcInterruptBypass
34 nt!KiInterruptDispatch
35 0x0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nefarius nefarius

Labels
bug Something isn't working
Projects
None yet
Milestone
Fixed in v2.5.x
Development

No branches or pull requests
1 participant
@nefarius