locked
BSOD - Windows 10 of wdf01000.sys file RRS feed

  • Question

  • HI,

      I have couple of systems at work and are window 10 ,1607.

    Few of them are causing BSOD, when I ran debug found following Wdf01000.sys error,

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++

    1: kd> lmvm Wdf01000
    start             end                 module name
    fffff80b`f8140000 fffff80b`f8214000   Wdf01000 # (private pdb symbols)  c:\winddk\Wdf01000.pdb\D1EFC8BDA46D46D69AEB78C84357AF4B1\Wdf01000.pdb
        Loaded symbol image file: Wdf01000.sys
        Mapped memory image file: C:\WinDDK\Wdf01000.sys\57899838d4000\Wdf01000.sys
        Image path: \SystemRoot\system32\drivers\Wdf01000.sys
        Image name: Wdf01000.sys
        Timestamp:        Fri Jul 15 21:13:12 2016 (57899838)
        CheckSum:         000D2BC9
        ImageSize:        000D4000
        File version:     1.19.14393.0
        Product version:  1.19.14393.0
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.7 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     wdf01000.sys
        OriginalFilename: wdf01000.sys
        ProductVersion:   1.19.14393.0
        FileVersion:      1.19.14393.0 (rs1_release.160715-1616)
        FileDescription:  Kernel Mode Driver Framework Runtime
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    1: kd> .cxr 0xffffb9006569ff10
    rax=0000000000000000 rbx=ffffb900656a0a28 rcx=0000000000000000
    rdx=000030f818023198 rsi=000030f818023198 rdi=ffffb900656a0a20
    rip=fffff80bf814330f rsp=ffffb900656a0920 rbp=0000000000000001
     r8=0000000000000001  r9=ffffb900656a0a28 r10=ffffcf07e7fdce60
    r11=ffffcf07eb3a49b0 r12=fffff80bfbd74000 r13=fffff80bfbd73090
    r14=ffffcf07e6003870 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
    Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0x8f:
    fffff80b`f814330f 488b88b8000000  mov     rcx,qword ptr [rax+0B8h] ds:002b:00000000`000000b8=????????????????

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Any suggestions how to resolve wdf01000.sys issue?


    orion

    Thursday, November 10, 2016 2:39 AM

Answers

  • Well WinDbg Probably caused by : DellRctl.sys Dell Radio Control service so look for updated driver for that any other drivers from Dell.

    Also drivers listed that predate Windows 10;

    prepdrv.sys 18/09/2009 08:15:16 Microsoft System Center 2012 Configuration Manager Software Metering Process Event Driver
    DellRbtn.sys 03/08/2012 21:32:54 OSR Open Systems Resources Airplane Mode Switch Driver
    ccSetx64.sys 24/09/2013 03:58:04 Symantec/ Norton Common Client Settings Driver
    SYMEVENT64x86.SYS 16/01/2015 02:53:56 Norton Internet Security

    WinDbg output

    Microsoft (R) Windows Debugger Version 10.0.14951.1001 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\WinDbg\110816-10859-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       http://msdl.microsoft.com/download/symbols
    Symbol search path is: http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 10 Kernel Version 14393 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 14393.0.amd64fre.rs1_release.160715-1616
    Machine Name:
    Kernel base = 0xfffff802`3f292000 PsLoadedModuleList = 0xfffff802`3f597060
    Debug session time: Tue Nov  8 13:01:18.712 2016 (UTC + 0:00)
    System Uptime: 6 days 18:24:42.197
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ................................................................
    .......................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *** WARNING: Unable to verify timestamp for DellRctl.sys
    *** ERROR: Module load completed but symbols could not be loaded for DellRctl.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000007E, {ffffffffc0000005, fffff80bf814330f, ffffb900656a06e8, ffffb9006569ff10}
    
    Probably caused by : DellRctl.sys ( DellRctl+721f )
    
    Followup:     MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80bf814330f, The address that the exception occurred at
    Arg3: ffffb900656a06e8, Exception Record Address
    Arg4: ffffb9006569ff10, Context Record Address
    
    Debugging Details:
    ------------------
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  10.0.14393.0 (rs1_release.160715-1616)
    
    SYSTEM_MANUFACTURER:  Dell Inc.
    
    SYSTEM_PRODUCT_NAME:  Latitude E7270
    
    SYSTEM_SKU:  06DB
    
    BIOS_VENDOR:  Dell Inc.
    
    BIOS_VERSION:  1.5.3
    
    BIOS_DATE:  04/18/2016
    
    BASEBOARD_MANUFACTURER:  Dell Inc.
    
    BASEBOARD_PRODUCT:  0K4CNR
    
    BASEBOARD_VERSION:  A00
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: ffffffffc0000005
    
    BUGCHECK_P2: fffff80bf814330f
    
    BUGCHECK_P3: ffffb900656a06e8
    
    BUGCHECK_P4: ffffb9006569ff10
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    FAULTING_IP: 
    Wdf01000!imp_WdfRequestRetrieveOutputBuffer+8f [d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 1156]
    fffff80b`f814330f 488b88b8000000  mov     rcx,qword ptr [rax+0B8h]
    
    EXCEPTION_RECORD:  ffffb900656a06e8 -- (.exr 0xffffb900656a06e8)
    ExceptionAddress: fffff80bf814330f (Wdf01000!FxIrp::GetMajorFunction+0x0000000000000007)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: 00000000000000b8
    Attempt to read from address 00000000000000b8
    
    CONTEXT:  ffffb9006569ff10 -- (.cxr 0xffffb9006569ff10)
    rax=0000000000000000 rbx=ffffb900656a0a28 rcx=0000000000000000
    rdx=000030f818023198 rsi=000030f818023198 rdi=ffffb900656a0a20
    rip=fffff80bf814330f rsp=ffffb900656a0920 rbp=0000000000000001
     r8=0000000000000001  r9=ffffb900656a0a28 r10=ffffcf07e7fdce60
    r11=ffffcf07eb3a49b0 r12=fffff80bfbd74000 r13=fffff80bfbd73090
    r14=ffffcf07e6003870 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
    Wdf01000!FxIrp::GetMajorFunction+0x7 [inlined in Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0x8f]:
    fffff80b`f814330f 488b88b8000000  mov     rcx,qword ptr [rax+0B8h] ds:002b:00000000`000000b8=????????????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: af8
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 4e
    
    CPU_STEPPING: 3
    
    CPU_MICROCODE: 6,4e,3,0 (F,M,S,R)  SIG: 88'00000000 (cache) 88'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000000
    
    EXCEPTION_PARAMETER2:  00000000000000b8
    
    FOLLOWUP_IP: 
    DellRctl+721f
    fffff80b`fbd7721f 85c0            test    eax,eax
    
    BUGCHECK_STR:  AV
    
    READ_ADDRESS: fffff8023f639338: Unable to get MiVisibleState
    Unable to get NonPagedPoolStart
    Unable to get NonPagedPoolEnd
    Unable to get PagedPoolStart
    Unable to get PagedPoolEnd
     00000000000000b8 
    
    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
    
    ANALYSIS_SESSION_HOST:  
    
    ANALYSIS_SESSION_TIME:  11-10-2016 20:18:49.0538
    
    ANALYSIS_VERSION: 10.0.14951.1001 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80bfbd7721f to fffff80bf814330f
    
    STACK_TEXT:  
    ffffb900`656a0920 fffff80b`fbd7721f : ffffcf07`e61fe400 ffffcf07`e7fdce60 fffff80b`f8176df0 ffffcf07`ec469710 : Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0x8f d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 1156]
    ffffb900`656a09b0 ffffcf07`e61fe400 : ffffcf07`e7fdce60 fffff80b`f8176df0 ffffcf07`ec469710 ffffb900`656a0a20 : DellRctl+0x721f
    ffffb900`656a09b8 ffffcf07`e7fdce60 : fffff80b`f8176df0 ffffcf07`ec469710 ffffb900`656a0a20 fffff80b`f814ccbf : 0xffffcf07`e61fe400
    ffffb900`656a09c0 fffff80b`f8176def : ffffcf07`ec469710 ffffb900`656a0a20 fffff80b`f814ccbf 00000000`00000000 : 0xffffcf07`e7fdce60
    ffffb900`656a09c8 ffffcf07`ec469710 : ffffb900`656a0a20 fffff80b`f814ccbf 00000000`00000000 00000000`00000100 : Wdf01000!imp_WdfDeviceInitSetFileObjectConfig+0x12f
    ffffb900`656a09d0 ffffb900`656a0a20 : fffff80b`f814ccbf 00000000`00000000 00000000`00000100 00000000`00000000 : 0xffffcf07`ec469710
    ffffb900`656a09d8 fffff80b`f814ccbf : 00000000`00000000 00000000`00000100 00000000`00000000 ffffcf07`e6002a80 : 0xffffb900`656a0a20
    ffffb900`656a09e0 fffff80b`f815aaf4 : ffffcf07`ec469610 fffff80b`00000000 00000000`00000000 00000000`00000000 : Wdf01000!FxNonPagedObject::Lock+0x1f d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxnonpagedobject.hpp @ 137]
    ffffb900`656a0a10 fffff80b`f8176e19 : 00000000`00000000 ffffcf07`ec469610 00000000`00000000 00000000`00000000 : Wdf01000!FxWorkItem::WorkItemHandler+0x7c d:\rs1\minkernel\wdf\framework\shared\core\fxworkitem.cpp @ 374]
    ffffb900`656a0a50 fffff802`3f32adf0 : ffffcf07`e57f04b0 ffffcf07`e4bca060 ffffcf07`e4bca060 00000000`00000000 : Wdf01000!FxWorkItem::WorkItemThunk+0x29 d:\rs1\minkernel\wdf\framework\shared\core\fxworkitem.cpp @ 439]
    ffffb900`656a0a90 fffff802`3f2e9d79 : fffff802`3f64f100 ffffcf07`ee12e180 fffff802`3f32ad00 ffffcf07`00000000 : nt!IopProcessWorkItem+0xf0
    ffffb900`656a0b00 fffff802`3f32e4bd : 00000000`00f80074 00000000`00000080 ffffcf07`db07c040 ffffcf07`ee12e180 : nt!ExpWorkerThread+0xe9
    ffffb900`656a0b90 fffff802`3f3e1456 : ffffb900`5dd6d180 ffffcf07`ee12e180 fffff802`3f32e47c ffffb900`656a0bf8 : nt!PspSystemThreadStartup+0x41
    ffffb900`656a0be0 00000000`00000000 : ffffb900`656a1000 ffffb900`6569a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  106c0ee129fc1cf1d4980e2e125b56165eb55e3d
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  dad902cb73fa092c815460744b6b6c47e228cb68
    
    THREAD_SHA1_HASH_MOD:  41d98ddfdf1c0c1af58bcc249813cb5f31ecf798
    
    FAULT_INSTR_CODE:  c74c085
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  DellRctl+721f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: DellRctl
    
    IMAGE_NAME:  DellRctl.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  574d4821
    
    STACK_COMMAND:  .cxr 0xffffb9006569ff10 ; kb
    
    BUCKET_ID_FUNC_OFFSET:  721f
    
    FAILURE_BUCKET_ID:  AV_DellRctl!unknown_function
    
    BUCKET_ID:  AV_DellRctl!unknown_function
    
    PRIMARY_PROBLEM_CLASS:  AV_DellRctl!unknown_function
    
    TARGET_TIME:  2016-11-08T13:01:18.000Z
    
    OSBUILD:  14393
    
    OSSERVICEPACK:  0
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2016-07-16 03:16:17
    
    BUILDDATESTAMP_STR:  160715-1616
    
    BUILDLAB_STR:  rs1_release
    
    BUILDOSVER_STR:  10.0.14393.0
    
    ANALYSIS_SESSION_ELAPSED_TIME:  985
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:av_dellrctl!unknown_function
    
    FAILURE_ID_HASH:  {6bc6312b-d755-7b21-48cc-28be7de60273}
    
    Followup:     MachineOwner
    ---------
    
    1: kd> lmvm DellRctl
    Browse full module list
    start             end                 module name
    fffff80b`fbd70000 fffff80b`fbd7a000   DellRctl T (no symbols)           
        Loaded symbol image file: DellRctl.sys
        Image path: \SystemRoot\system32\DRIVERS\DellRctl.sys
        Image name: DellRctl.sys
        Browse all global symbols  functions  data
        Timestamp:        Tue May 31 09:15:29 2016 (574D4821)
        CheckSum:         0000B7B8
        ImageSize:        0000A000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    

    • Marked as answer by Ultra9.99 Thursday, November 10, 2016 11:45 PM
    Thursday, November 10, 2016 8:35 PM

All replies

  • here is link for Dmp file https://1drv.ms/u/s!AvrwFkn-ASCWki1g788q55wOsBje


    orion

    Thursday, November 10, 2016 4:39 PM
  • Well WinDbg Probably caused by : DellRctl.sys Dell Radio Control service so look for updated driver for that any other drivers from Dell.

    Also drivers listed that predate Windows 10;

    prepdrv.sys 18/09/2009 08:15:16 Microsoft System Center 2012 Configuration Manager Software Metering Process Event Driver
    DellRbtn.sys 03/08/2012 21:32:54 OSR Open Systems Resources Airplane Mode Switch Driver
    ccSetx64.sys 24/09/2013 03:58:04 Symantec/ Norton Common Client Settings Driver
    SYMEVENT64x86.SYS 16/01/2015 02:53:56 Norton Internet Security

    WinDbg output

    Microsoft (R) Windows Debugger Version 10.0.14951.1001 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\WinDbg\110816-10859-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       http://msdl.microsoft.com/download/symbols
    Symbol search path is: http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 10 Kernel Version 14393 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 14393.0.amd64fre.rs1_release.160715-1616
    Machine Name:
    Kernel base = 0xfffff802`3f292000 PsLoadedModuleList = 0xfffff802`3f597060
    Debug session time: Tue Nov  8 13:01:18.712 2016 (UTC + 0:00)
    System Uptime: 6 days 18:24:42.197
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ................................................................
    .......................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *** WARNING: Unable to verify timestamp for DellRctl.sys
    *** ERROR: Module load completed but symbols could not be loaded for DellRctl.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000007E, {ffffffffc0000005, fffff80bf814330f, ffffb900656a06e8, ffffb9006569ff10}
    
    Probably caused by : DellRctl.sys ( DellRctl+721f )
    
    Followup:     MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80bf814330f, The address that the exception occurred at
    Arg3: ffffb900656a06e8, Exception Record Address
    Arg4: ffffb9006569ff10, Context Record Address
    
    Debugging Details:
    ------------------
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  10.0.14393.0 (rs1_release.160715-1616)
    
    SYSTEM_MANUFACTURER:  Dell Inc.
    
    SYSTEM_PRODUCT_NAME:  Latitude E7270
    
    SYSTEM_SKU:  06DB
    
    BIOS_VENDOR:  Dell Inc.
    
    BIOS_VERSION:  1.5.3
    
    BIOS_DATE:  04/18/2016
    
    BASEBOARD_MANUFACTURER:  Dell Inc.
    
    BASEBOARD_PRODUCT:  0K4CNR
    
    BASEBOARD_VERSION:  A00
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: ffffffffc0000005
    
    BUGCHECK_P2: fffff80bf814330f
    
    BUGCHECK_P3: ffffb900656a06e8
    
    BUGCHECK_P4: ffffb9006569ff10
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    FAULTING_IP: 
    Wdf01000!imp_WdfRequestRetrieveOutputBuffer+8f [d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 1156]
    fffff80b`f814330f 488b88b8000000  mov     rcx,qword ptr [rax+0B8h]
    
    EXCEPTION_RECORD:  ffffb900656a06e8 -- (.exr 0xffffb900656a06e8)
    ExceptionAddress: fffff80bf814330f (Wdf01000!FxIrp::GetMajorFunction+0x0000000000000007)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: 00000000000000b8
    Attempt to read from address 00000000000000b8
    
    CONTEXT:  ffffb9006569ff10 -- (.cxr 0xffffb9006569ff10)
    rax=0000000000000000 rbx=ffffb900656a0a28 rcx=0000000000000000
    rdx=000030f818023198 rsi=000030f818023198 rdi=ffffb900656a0a20
    rip=fffff80bf814330f rsp=ffffb900656a0920 rbp=0000000000000001
     r8=0000000000000001  r9=ffffb900656a0a28 r10=ffffcf07e7fdce60
    r11=ffffcf07eb3a49b0 r12=fffff80bfbd74000 r13=fffff80bfbd73090
    r14=ffffcf07e6003870 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
    Wdf01000!FxIrp::GetMajorFunction+0x7 [inlined in Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0x8f]:
    fffff80b`f814330f 488b88b8000000  mov     rcx,qword ptr [rax+0B8h] ds:002b:00000000`000000b8=????????????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: af8
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 4e
    
    CPU_STEPPING: 3
    
    CPU_MICROCODE: 6,4e,3,0 (F,M,S,R)  SIG: 88'00000000 (cache) 88'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  0
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000000
    
    EXCEPTION_PARAMETER2:  00000000000000b8
    
    FOLLOWUP_IP: 
    DellRctl+721f
    fffff80b`fbd7721f 85c0            test    eax,eax
    
    BUGCHECK_STR:  AV
    
    READ_ADDRESS: fffff8023f639338: Unable to get MiVisibleState
    Unable to get NonPagedPoolStart
    Unable to get NonPagedPoolEnd
    Unable to get PagedPoolStart
    Unable to get PagedPoolEnd
     00000000000000b8 
    
    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
    
    ANALYSIS_SESSION_HOST:  
    
    ANALYSIS_SESSION_TIME:  11-10-2016 20:18:49.0538
    
    ANALYSIS_VERSION: 10.0.14951.1001 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff80bfbd7721f to fffff80bf814330f
    
    STACK_TEXT:  
    ffffb900`656a0920 fffff80b`fbd7721f : ffffcf07`e61fe400 ffffcf07`e7fdce60 fffff80b`f8176df0 ffffcf07`ec469710 : Wdf01000!imp_WdfRequestRetrieveOutputBuffer+0x8f d:\rs1\minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 1156]
    ffffb900`656a09b0 ffffcf07`e61fe400 : ffffcf07`e7fdce60 fffff80b`f8176df0 ffffcf07`ec469710 ffffb900`656a0a20 : DellRctl+0x721f
    ffffb900`656a09b8 ffffcf07`e7fdce60 : fffff80b`f8176df0 ffffcf07`ec469710 ffffb900`656a0a20 fffff80b`f814ccbf : 0xffffcf07`e61fe400
    ffffb900`656a09c0 fffff80b`f8176def : ffffcf07`ec469710 ffffb900`656a0a20 fffff80b`f814ccbf 00000000`00000000 : 0xffffcf07`e7fdce60
    ffffb900`656a09c8 ffffcf07`ec469710 : ffffb900`656a0a20 fffff80b`f814ccbf 00000000`00000000 00000000`00000100 : Wdf01000!imp_WdfDeviceInitSetFileObjectConfig+0x12f
    ffffb900`656a09d0 ffffb900`656a0a20 : fffff80b`f814ccbf 00000000`00000000 00000000`00000100 00000000`00000000 : 0xffffcf07`ec469710
    ffffb900`656a09d8 fffff80b`f814ccbf : 00000000`00000000 00000000`00000100 00000000`00000000 ffffcf07`e6002a80 : 0xffffb900`656a0a20
    ffffb900`656a09e0 fffff80b`f815aaf4 : ffffcf07`ec469610 fffff80b`00000000 00000000`00000000 00000000`00000000 : Wdf01000!FxNonPagedObject::Lock+0x1f d:\rs1\minkernel\wdf\framework\shared\inc\private\common\fxnonpagedobject.hpp @ 137]
    ffffb900`656a0a10 fffff80b`f8176e19 : 00000000`00000000 ffffcf07`ec469610 00000000`00000000 00000000`00000000 : Wdf01000!FxWorkItem::WorkItemHandler+0x7c d:\rs1\minkernel\wdf\framework\shared\core\fxworkitem.cpp @ 374]
    ffffb900`656a0a50 fffff802`3f32adf0 : ffffcf07`e57f04b0 ffffcf07`e4bca060 ffffcf07`e4bca060 00000000`00000000 : Wdf01000!FxWorkItem::WorkItemThunk+0x29 d:\rs1\minkernel\wdf\framework\shared\core\fxworkitem.cpp @ 439]
    ffffb900`656a0a90 fffff802`3f2e9d79 : fffff802`3f64f100 ffffcf07`ee12e180 fffff802`3f32ad00 ffffcf07`00000000 : nt!IopProcessWorkItem+0xf0
    ffffb900`656a0b00 fffff802`3f32e4bd : 00000000`00f80074 00000000`00000080 ffffcf07`db07c040 ffffcf07`ee12e180 : nt!ExpWorkerThread+0xe9
    ffffb900`656a0b90 fffff802`3f3e1456 : ffffb900`5dd6d180 ffffcf07`ee12e180 fffff802`3f32e47c ffffb900`656a0bf8 : nt!PspSystemThreadStartup+0x41
    ffffb900`656a0be0 00000000`00000000 : ffffb900`656a1000 ffffb900`6569a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  106c0ee129fc1cf1d4980e2e125b56165eb55e3d
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  dad902cb73fa092c815460744b6b6c47e228cb68
    
    THREAD_SHA1_HASH_MOD:  41d98ddfdf1c0c1af58bcc249813cb5f31ecf798
    
    FAULT_INSTR_CODE:  c74c085
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  DellRctl+721f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: DellRctl
    
    IMAGE_NAME:  DellRctl.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  574d4821
    
    STACK_COMMAND:  .cxr 0xffffb9006569ff10 ; kb
    
    BUCKET_ID_FUNC_OFFSET:  721f
    
    FAILURE_BUCKET_ID:  AV_DellRctl!unknown_function
    
    BUCKET_ID:  AV_DellRctl!unknown_function
    
    PRIMARY_PROBLEM_CLASS:  AV_DellRctl!unknown_function
    
    TARGET_TIME:  2016-11-08T13:01:18.000Z
    
    OSBUILD:  14393
    
    OSSERVICEPACK:  0
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2016-07-16 03:16:17
    
    BUILDDATESTAMP_STR:  160715-1616
    
    BUILDLAB_STR:  rs1_release
    
    BUILDOSVER_STR:  10.0.14393.0
    
    ANALYSIS_SESSION_ELAPSED_TIME:  985
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:av_dellrctl!unknown_function
    
    FAILURE_ID_HASH:  {6bc6312b-d755-7b21-48cc-28be7de60273}
    
    Followup:     MachineOwner
    ---------
    
    1: kd> lmvm DellRctl
    Browse full module list
    start             end                 module name
    fffff80b`fbd70000 fffff80b`fbd7a000   DellRctl T (no symbols)           
        Loaded symbol image file: DellRctl.sys
        Image path: \SystemRoot\system32\DRIVERS\DellRctl.sys
        Image name: DellRctl.sys
        Browse all global symbols  functions  data
        Timestamp:        Tue May 31 09:15:29 2016 (574D4821)
        CheckSum:         0000B7B8
        ImageSize:        0000A000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    

    • Marked as answer by Ultra9.99 Thursday, November 10, 2016 11:45 PM
    Thursday, November 10, 2016 8:35 PM
  • HI Mr Happy,

      Thanks for reply, i will take a look and update the driver.

    Just to curious or learn, when i ran Windbg, i got wdf01000.sys debug, but yours debug is different, how are you running WinDBG (I am still learning this tool). My symbol is 

    srv*C:\WinDDK*http://msdl.microsoft.com/download/symbols;.symfix+ C:\WinDDK
    .reload

    thx


    orion

    Thursday, November 10, 2016 9:11 PM
  • Well I am running Microsoft (R) Windows Debugger Version 10.0.14951.1001 so the Insider version latest preview, not sure if that would be the difference.

    So your symbols, huh dunno about that one :) Mine? Loaded from the shortcut;

    "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -y http://msdl.microsoft.com/download/symbols

    So same symbol path it appears. I used BlueScreenView by Nirsoft to list the drivers in date order to find the older ones. BlueScreenView often shows different causes to WinDbg, but the same for your dmp for me, with BlueScreenView showing Wdf01000.sys on the stack.

    Thursday, November 10, 2016 10:26 PM