windows - BSOD with Bug Check 0x139 in RemoveEntryList -


we have developed wdm serial port driver based on (winddk 6) native serial com port driver.

but our customer has application triggering bsod when using our driver.

this application calls irp_mj_read continuously when button on program turned on, , bsod happened when program being closed without turning off button.

we have debugged windbg , found root cause removeentrylist , bug check code tells have called removeentrylist twice. see bug check 0x139.

after analyzing, can't see differences codes between our driver , winddk, native com1 not trigger bsod when runing application.

the related codes followings:

when program being closed, system call serialkillallreadsorwrites kill pending irps in readqueue.

void serialkillallreadsorwrites(     in pdevice_object deviceobject,     in plist_entry queuetoclean,     in pirp *currentopirp     ) {      kirql cancelirql;     pdriver_cancel cancelroutine;      ioacquirecancelspinlock(&cancelirql);      //     // clean list front.     //     while (!islistempty(queuetoclean)) {          pirp currentlastirp = containing_record(                                   queuetoclean->blink,                                   irp,                                   tail.overlay.listentry                                   );          removeentrylist(queuetoclean->blink);          cancelroutine = currentlastirp->cancelroutine;         currentlastirp->cancelirql = cancelirql;         currentlastirp->cancelroutine = null;         currentlastirp->cancel = true;          cancelroutine(             deviceobject,             currentlastirp             );               // <- call serialcancelqueued()          ioacquirecancelspinlock(&cancelirql);      }      .     .     . } void serialcancelqueued(     pdevice_object deviceobject,     pirp irp     ) {      pserial_device_extension extension = deviceobject->deviceextension;     pio_stack_location irpsp = iogetcurrentirpstacklocation(irp);      serial_locked_paged_code();      irp->iostatus.status = status_cancelled;     irp->iostatus.information = 0;     removeentrylist(&irp->tail.overlay.listentry); // <- bsod happened here!     .     .     . }

we found first call of removeentrylist in serialkillallreadsorwrites , second call in serialcancelqueued going remove same entry.

and have tested if mark first removeentrylist, passed, no longer bsod.

but why native com doesn't trigger bsod calling removeentrylist twice remove same entry?

could me understand why? thanks.

i found removeentrylist in wdk8.1 different in wdk6. if build driver wdk6, windows not trigger bsod when call removeentrylist twice. however, if driver built wdk8.1, windows trigger bsod when call removeentrylist twice. so, maybe original codes in serialkillallreadsorwrites should modified avoid calling removeentrylist twice if want build driver wdk8.1.

// wdk6: forceinline boolean removeentrylist(     _in_ plist_entry entry     )  {      plist_entry blink;     plist_entry flink;      flink = entry->flink;     blink = entry->blink;     blink->flink = flink;     flink->blink = blink;     return (boolean)(flink == blink); }  // wdk 8.1 forceinline boolean removeentrylist(     _in_ plist_entry entry     )  {      plist_entry preventry;     plist_entry nextentry;      nextentry = entry->flink;     preventry = entry->blink;     if ((nextentry->blink != entry) || (preventry->flink != entry)) {         fatallistentryerror((pvoid)preventry,                             (pvoid)entry,                             (pvoid)nextentry);     }      preventry->flink = nextentry;     nextentry->blink = preventry;     return (boolean)(preventry == nextentry); }

Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more