I have been trying to encode a string using Nanopb library on NodeMCU and publish it using AzureMQTT.
On testing individually, both Nanopb and Azure work just fine. However, Integration of both in one sketch gives me errors.
void loop(){
uint8_t sMsg[512];
gestures data;
char *msg = "aaaaaaaaaaaaaaaaaaaaaaaaa";
strcpy(data.values,msg);
Serial.println("done with strcpy");
pb_ostream_t buffer = pb_ostream_from_buffer(sMsg, sizeof(sMsg));
if (!(pb_encode(&buffer, gestures_fields, &data))) {
Serial.println(F("Encoding failed"));
Serial.println(PB_GET_ERROR(&buffer));
return;
}
else
{
Serial.println("enterd else");
Serial.println((char*)sMsg);
client.run();
if (client.connected()) {
Serial.println("connected");
String payload = "{\"DeviceId\":\"" + String(DEVICE_ID) + "\", \"data\":" + (char*)sMsg + "}";
Serial.println(payload);
client.sendEvent(payload);
Serial.println("Published message!");
}
}
Serial.println("Done with loop");
}
The Serial output is as below:
entered if
done with strcpy
enterd else
aaaaaaaaaaaaaaaaaaaaaaaaa?z[#t/⸮?⸮⸮⸮?⸮⸮⸮?⸮⸮⸮?⸮+⸮?⸮⸮⸮?$⸮?
Done with loop
If observed, the client.connected() is returning false, hence, the message is not being published.
Also, sometimes, at client.run() there's a stack error:
Fatal exception 28(LoadProhibitedCause):
epc1=0x401016dc, epc2=0x00000000, epc3=0x00000000, excvaddr=0x02786a4c,
depc=0x00000000
Exception (28):
epc1=0x401016dc epc2=0x00000000 epc3=0x00000000 excvaddr=0x02786a4c
depc=0x00000000
ctx: sys
sp: 3ffffcf0 end: 3fffffb0 offset: 01a0
>>>stack>>>
3ffffe90: 3fff0010 3fff242c 00000000 40216af4
3ffffea0: 00000000 005e5dbc 40216b4b 3fff242c
3ffffeb0: 3fff2414 ffffffbc 00000000 ffffffff
3ffffec0: 02786a30 00000000 4020c087 00000026
3ffffed0: ffffffff 00000000 3ffeaf61 00000130
3ffffee0: 4020c0da 3fff2d2c 3ffef1cc 3ffef4cc
3ffffef0: 00000000 00000000 4010195b 3fff2d2c
3fffff00: 000000c0 00000000 00000064 3fff2d94
3fffff10: 4020b4e0 3fff2d2c 3fff2d6c 401070bc
3fffff20: 00000009 4021007c 3ffef848 40234b25
3fffff30: 3fff1f34 3fff1f30 005e5dcb 4010610e
3fffff40: 402164be 3ffee878 3ffee878 40234d6d
3fffff50: 401060f4 00000000 00000000 0000001c
3fffff60: 4021fdb4 3ffeffe8 0000001b 4021fdc1
3fffff70: 3ffef858 3fff0010 027982a2 60000600
3fffff80: 4021fe06 3fffdab0 00000000 3fffdcb0
3fffff90: 3fff0020 3fffdab0 00000000 40208993
3fffffa0: 40000f49 40000f49 3fffdab0 40000f49
<<<stack<<<
Decoding the stacktrace gives:
Exception 28: LoadProhibited: A load referenced a page mapped with an
attribute that does not permit loads
Decoding 22 results
0x401016dc: ppEnqueueRxq at ?? line ?
0x401016dc: ppEnqueueRxq at ?? line ?
0x40216af4: ieee80211_parse_wmeparams at ?? line ?
0x40216b4b: ieee80211_parse_wmeparams at ?? line ?
0x4020c087: pp_attach at ?? line ?
0x4020c0da: pp_attach at ?? line ?
0x4010195b: ppCalFrameTimes at ?? line ?
0x4020b4e0: ppCheckTxIdle at ?? line ?
0x401070bc: pvPortMalloc at
C:\Users\Violet\Documents\ArduinoData\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266/heap.c line 13
0x4021007c: ieee80211_getmgtframe at ?? line ?
0x40234b25: udp_input at
/Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/udp.c line 106
(discriminator 1)
0x4010610e: igmp_timer at
/Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/timers.c line
222
0x402164be: sta_input at ?? line ?
0x40234d6d: udp_bind at
/Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/udp.c line 787
0x401060f4: igmp_timer at
/Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/timers.c line 217
0x4021fdb4: system_get_os_print at ?? line ?
0x4021fdc1: system_pp_recycle_rx_pkt at ?? line ?
0x4021fe06: system_restart_hook at ?? line ?
0x40208993: std::_Function_base::_Base_manager ::_M_manager(std::_Any_data&,
std::_Any_data const&, std::_Manager_operation) at
c:\users\violet\documents\arduinodata\packages\esp8266\tools\xtensa-lx106-
elf-gcc\1.20.0-26-gb404fb9-2\xtensa-lx106-elf\include\c++\4.8.2/functional
line 1934
It seems you may be overflowing your stack, i.e. running out of space allocated for local variables. When either of the libraries run alone, there is enough space, but when combined it runs out.
A simple way to fix this would be to change this large variable to static allocation:
uint8_t sMsg[512]; // Allocated on stack area
static uint8_t sMsg[512]; // Allocated separately
What static does is that it reserves a section for the variable for the whole duration of the program, instead of trying to fit it in the small dynamic area of the stack.
It is also possible to increase the stack size. On Arduino ESP8266 SDK, this seems to be done by modifying CONT_STACKSIZE in cores/esp8266/cont.h.
Related
I has a sketch that startings a web server to show files in LittleFS. But when it is starting, it's crashing with Exception code 28.
My full code:
#include <FS.h>
#include <ESP8266WiFi.h>
#include <ESP8266mDNS.h>
#include <ESP8266WebServer.h>
#include <LittleFS.h>
FS* fileSystem = &LittleFS;
File uploadFile;
ESP8266WebServer server(80);
void handleRoot() {
String lstemp = "<html>\
<head>\
<title>ESP8266 FS Browser</title>\
</head>\
<body>\
<nav>\
Disk Info\
</nav>\n";
if ((server.hasArg("path") ? server.arg("path") : "/").endsWith("/")) {
Dir dir = fileSystem->openDir(server.hasArg("path") ? server.arg("path") : "/");
Serial.println("listing dir");
while (dir.next()) {
Serial.println(dir.fileName());
if (dir.isFile()) {
lstemp += "<a href='/?path=" + (server.hasArg("path") ? server.arg("path") : "/") + dir.fileName() + "'>" + dir.fileName() + "</a><br>\n";
} else {
lstemp += "<a href='/?path=" + (server.hasArg("path") ? server.arg("path") : "/") + dir.fileName() + "/'>" + dir.fileName() + "/</a><br>\n";
}
}
} else {
lstemp = "<html><head><title>ESP8266 FS Browser</title></head><body>You are viewing file now. Click <a href='/download?action=download?path=" + server.arg("path") + "'>here</a> to download\n<iframe src='/download?action=view?path=" + server.arg("path") + "'></iframe>";
}
lstemp += "</body></html>";
server.send(200, "text/html", lstemp);
}
void handleFsInfo() {
String fsinfotemp = "FS: LittleFS\nTotal size: ";
FSInfo fs_info;
LittleFS.info(fs_info);
fsinfotemp += fs_info.totalBytes / 1000;
fsinfotemp += " KB\nUsed: ";
fsinfotemp += fs_info.usedBytes / 1000;
fsinfotemp += "\nFree: ";
fsinfotemp += (fs_info.totalBytes - fs_info.usedBytes) / 1000;
server.send(200, "text/plain", fsinfotemp);
}
void handleUploadFile() {}
void handleDownloadFile() {
if (server.arg("action") == "download") {
server.chunkedResponseModeStart(200, "application/octet-stream");
}
if (server.arg("action") == "view") {
server.chunkedResponseModeStart(200, "text/plain");
}
File downloadable = fileSystem->open(server.arg("path"), (char*)'r');
while (downloadable.available()) {
server.sendContent((char*)downloadable.read());
Serial.write(downloadable.read());
}
server.chunkedResponseFinalize();
downloadable.close();
}
void handleMkdir() {}
void handleRemove() {}
void handleRename() {}
void setup() {
Serial.begin(115200);
WiFi.mode(WIFI_STA);
WiFi.begin("MySSID", "MyPASSWORD");
if (WiFi.waitForConnectResult() != WL_CONNECTED) {
Serial.println("WiFi Connect Failed! Rebooting...");
delay(1000);
ESP.restart();
}
if (!fileSystem->begin()) {
Serial.println("File system begin failed! Formatting LittleFS...");
fileSystem->format();
Serial.println("Done. Reboot ESP8266");
while (1) {;}
}
server.on("/", handleRoot);
server.on("/fsinfo", handleFsInfo);
server.on("/upload", handleUploadFile);
server.on("/download", handleDownloadFile);
server.on("/mkdir", handleMkdir);
server.on("/rm", handleRemove);
server.on("/rename", handleRename);
if (MDNS.begin("esp8266-filehost")) {
MDNS.addService("http", "tcp", 80);
}
server.begin();
}
void loop() {
server.handleClient();
MDNS.update();
}
Full exception code:
--------------- CUT HERE FOR EXCEPTION DECODER ---------------
Exception (28):
epc1=0x40214c00 epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000072 depc=0x00000000
>>>stack>>>
ctx: cont
sp: 3ffffca0 end: 3fffffc0 offset: 0190
3ffffe30: 3ffee9c0 ffffffff 00000006 402123c6
3ffffe40: 000052b4 00000430 3fff0924 40208bba
3ffffe50: 3ffffea0 3ffeff78 00000000 40211400
3ffffe60: 0000000a 3ffee9e4 4021439c 00000000
3ffffe70: 3ffffecc 00000000 3ffee9c0 402059d4
3ffffe80: 00000000 3ffeeb64 3ffffea0 4020f901
3ffffe90: 00000000 3ffeeb64 3ffee9c0 40207732
3ffffea0: 00000000 69006e6f 00000000 ffffffff
3ffffeb0: 40211df2 00000001 00000000 00000000
3ffffec0: 0023002f 00000000 00000000 68746170
3ffffed0: 3ffeea00 04000000 00000000 40211400
3ffffee0: 00000000 00000000 4bc6a7f0 3ffeed28
3ffffef0: 3fffdad0 00000001 3fff0204 4021435e
3fffff00: 00000000 00000000 3fff0b3c 401000e9
3fffff10: 00000000 616f6c6e 00000000 402058fd
3fffff20: 3fff04b4 3ffeea08 3ffee9c0 40207876
3fffff30: 00000000 3ffeeb08 00000001 4020accf
3fffff40: 000052ac 00000000 00000000 00000001
3fffff50: 00000001 3ffee9e4 3fff04e8 3ffeed28
3fffff60: 3fffdad0 3ffee9e4 3ffee9c0 402080a2
3fffff70: 00000000 3ffeeb08 3ffeed14 4020adc4
3fffff80: 00000000 00000000 00000001 401003ec
3fffff90: 3fffdad0 00000000 3ffeed14 40208168
3fffffa0: 3fffdad0 00000000 3ffeed14 40211de0
3fffffb0: feefeffe feefeffe 3ffe85dc 40100ea5
<<<stack<<<
--------------- CUT HERE FOR EXCEPTION DECODER ---------------
This crash happens when I added file download function, but I hasn't found an error. Global variables remaining 36% of RAM, but all temp String variables are freed after finishing function automatically. So chunk server sending is collecting a much of junk?
I think that this can happen when converting char to char*. The read function returns a char and at the end of c-strings it should always be null and when converting it is not. Perhaps there is an error in this
I add a mtd partition (512kb) to save panic log by mtdoops on an arm based embedded devices(kernel v4.4).
I trigger the panic using "echo c > /proc/sysrq-trigger".
After the device reboot observe the kernel panic logs in the Oops partition by "strings", but the panic log seems to be truncated(limit in 2kb?).
How to change the limit of mtdoops?
# strings /dev/mtd22
]<4>[ 99.089308] r3 : 00000001 r2 : 00000000 r1 : ef717364 r0 : 00000063
<4>[ 99.095905] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
<4>[ 99.102416] Control: 10c5787d Table: 6652c06a DAC: 00000055
<0>[ 99.109618] Process ash (pid: 234, stack limit = 0xee672210)
<0>[ 99.115350] Stack: (0xee673ec8 to 0xee674000)
<0>[ 99.121077] 3ec0: 00000002 ee80b200 00000001 00000000 c0301d24 c058a8dc
<0>[ 99.125336] 3ee0: c058a8a0 c0421b98 00000002 c0421b28 ee673f88 b675fbf0 c0301d24 c03df2ec
<0>[ 99.133495] 3f00: 00000000 000006c0 00000000 00000000 00000000 ee673f18 be461b48 0000000b
<0>[ 99.141656] 3f20: eeab0218 0000000a eeab0240 00080000 ee673f60 ee7531f8 00000001 e4b70780
<0>[ 99.149816] 3f40: ef046998 c0355734 00000002 00000002 e4b70780 ee673f88 b675fbf0 c03df9c0
<0>[ 99.157975] 3f60: e4b70780 b675fbf0 00000002 e4b70780 e4b70780 b675fbf0 00000002 c0301d24
<0>[ 99.166134] 3f80: ee672000 c03e009c 00000000 00000000 00000002 00000000 00000000 00000000
<0>[ 99.174294] 3fa0: 00000004 c0301b80 00000000 00000000 00000001 b675fbf0 00000002 00000000
<0>[ 99.182455] 3fc0: 00000000 00000000 00000000 00000004 00000002 be4619cc 00000020 7f087b44
<0>[ 99.190615] 3fe0: be461958 be461944 b67b66ac b67b5b78 60000010 00000001 00000000 00000000
<4>[ 99.198784] [<c058a480>] (sysrq_handle_crash) from [<c058a7dc>] (__handle_sysrq+0x88/0x124)
<4>[ 99.206940] [<c058a7dc>] (__handle_sysrq) from [<c058a8dc>] (write_sysrq_trigger+0x3c/0x4c)
<4>[ 99.215102] [<c058a8dc>] (write_sysrq_trigger) from [<c0421b98>] (proc_reg_write+0x70/0x84)
<4>[ 99.223435] [<c0421b98>] (proc_reg_write) from [<c03df2ec>] (__vfs_write+0x1c/0xd0)
<4>[ 99.231763] [<c03df2ec>] (__vfs_write) from [<c03df9c0>] (vfs_write+0xa8/0x130)
<4>[ 99.239401] [<c03df9c0>] (vfs_write) from [<c03e009c>] (SyS_write+0x40/0x80)
<4>[ 99.246695] [<c03e009c>] (SyS_write) from [<c0301b80>] (ret_fast_syscall+0x0/0x34)
<0>[ 99.253986] Code: e3a03001 e5823000 f57ff04e e3a02000 (e5c23000)
<4>[ 99.268628]
UBI#
UBI#
UBI#
#
#
# strings /dev/mtd22 | wc -c
2057
#
#
I'm using pubsubclient library.
I used this function to connect to mosquitto broker which using mosquitto-auth-plug with JWT authentication.
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
String red_token = "eyJhbGciOiJIUzUxMiJ9.*****";
String deviceTopic = "outTopic";
//My token length is 205 characters
//client.connect(strDeviceId.c_str(), red_token.c_str(),"pass", deviceTopic.c_str(), 0, false, CMD_OFF_LINE)
bool result = client.connect("newClientIdMCU",token,"pass", deviceTopic.c_str(), 0, 0, "offline");
delay(2000);
if (result) {
Serial.println("connected");
// Once connected, publish an announcement...
client.publish(deviceTopic.c_str(), "hello world");
} else {
Serial.print("failed, rc=");
Serial.print(client.state());
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
delay(5000);
}
}
}
This exception occurs when client.connect called:
Attempting MQTT connection...
Exception (9):
epc1=0x40202c6d epc2=0x00000000 epc3=0x00000000 excvaddr=0x445a5a51 depc=0x00000000
ctx: cont
sp: 3ffef490 end: 3ffef720 offset: 01a0
>>>stack>>>
3ffef630: 3ffe848e 0000075b 3ffee5b8 402023e1
3ffef640: 3ffe01dc 0afed47d 3ffe8788 0afed47d
3ffef650: 3ffe85ae 3ffef6c0 3ffef6c0 3ffeffec
3ffef660: 3ffe848e 3ffee4fc 3ffee500 40202db0
3ffef670: 514d0400 3f045454 3ffef6c0 402036cd
3ffef680: 3ffe854e 3ffe853f 00000000 4020371e
3ffef690: 3ffe8536 3ffee5d0 3ffee6c0 3ffe848e
3ffef6a0: 00000000 3ffee4fc 3ffee6c0 40201e02
3ffef6b0: 00000000 3ffe8553 00000000 00000000
3ffef6c0: 3ffeffec 0000000f 00000008 3fff056c
3ffef6d0: 000000af 000000a7 3ffee4fc 40203114
3ffef6e0: 3fffdad0 00000000 3ffee4fc 3ffee6ec
3ffef6f0: 3fffdad0 3ffee4fc 3ffee6e4 40201eaa
3ffef700: 3fffdad0 00000000 3ffee6e4 40203834
3ffef710: feefeffe feefeffe 3ffee700 40100718
<<<stack<<<
ets Jan 8 2013,rst cause:2, boot mode:(1,7)
ets Jan 8 2013,rst cause:4, boot mode:(1,7)
wdt reset
On broker log "New connection...." but Sending CONNACK to clientId (0, 0) can't send.
What could be problem?
I change pubsubclient.h file lib from:
// MQTT_MAX_PACKET_SIZE : Maximum packet size
#ifndef MQTT_MAX_PACKET_SIZE
#define MQTT_MAX_PACKET_SIZE 128
to
// MQTT_MAX_PACKET_SIZE : Maximum packet size
#ifndef MQTT_MAX_PACKET_SIZE
#define MQTT_MAX_PACKET_SIZE 256
it works.
I'm working on a bluetooth project at the moment and after getting the value of the kCBAdvDataManufacturerData:
var data = advertisementData.value(forKey: "kCBAdvDataManufacturerData")
The values are hex values:
<00133377 08d704de ff03c200 00000000 00000000 00000000 00000000 00337701 416e746f 6e206465 20426f64 65000000 00000000 00000000>
what I know so far is that the value of kCBAdvDataManufacturerDatakey is an AnyObject
From the above value I need this:
00133377 08d704de ff03c200 00000000 00000000 00000000 00000000 00337701 416e746f 6e206465 20426f64 65000000 00000000 00000000
How can I get this value without converting it to a String? In other word is there a way to use something like Range on a AnyObject value without converting it to a String?
I have created a NDIS5 intermediate filter driver named fxwrap.sys,however when i uninstall it. windows causes BSOD.It also seems ndis!ndisOidRequestComplete reads null address from dump file.I want to know whether this problem is caused by fxwrap or other things.
env:windows 7 ultimate 7601
Here is fxwrap!PtRequestComplete function source code:
VOID PtRequestComplete(NDIS_HANDLE ProtocolBindingContext,
PNDIS_REQUEST NdisRequest,
NDIS_STATUS Status)
{
PADAPT pAdapt = (PADAPT)ProtocolBindingContext;
NDIS_OID Oid = pAdapt->Request.DATA.SET_INFORMATION.Oid ;
NdisAcquireSpinLock(&pAdapt->AdaptDataLock);
{
pAdapt->OutstandingRequests = FALSE;
}
NdisReleaseSpinLock(&pAdapt->AdaptDataLock);
switch(NdisRequest->RequestType)
{
case NdisRequestQueryInformation:
{
if(Oid == OID_TCP_TASK_OFFLOAD)
{
Status = NDIS_STATUS_FAILURE;
}
ASSERT(Oid != OID_PNP_QUERY_POWER);
if(Oid == OID_PNP_CAPABILITIES && Status == NDIS_STATUS_SUCCESS)
{
MPQueryPNPCapbilities(pAdapt, &Status);
}
*pAdapt->BytesReadOrWritten = NdisRequest->DATA.QUERY_INFORMATION.BytesWritten;
*pAdapt->BytesNeeded = NdisRequest->DATA.QUERY_INFORMATION.BytesNeeded;
NdisMQueryInformationComplete(pAdapt->MiniportHandle, Status);
} break;
case NdisRequestSetInformation:
{
ASSERT( Oid != OID_PNP_SET_POWER);
*pAdapt->BytesReadOrWritten = NdisRequest->DATA.SET_INFORMATION.BytesRead;
*pAdapt->BytesNeeded = NdisRequest->DATA.SET_INFORMATION.BytesNeeded;
NdisMSetInformationComplete(pAdapt->MiniportHandle, Status);
}break;
default:
ASSERT(0);
break;
}
}
following is dump info:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a
pageable (or completely invalid) address at an interrupt request level
(IRQL) that is too high. This is usually caused by drivers using
improper addresses. If kernel debugger is available get stack
backtrace. Arguments: Arg1: 00000000, memory referenced Arg2:
00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write
operation Arg4: 8a81bd11, address which referenced memory
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from 84788848
Unable to read MiSystemVaType memory at 84767e20 00000000
CURRENT_IRQL: 2
FAULTING_IP: ndis!ndisOidRequestComplete+8a 8a81bd11 803b05
cmp byte ptr [ebx],5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 8dd07aa0 -- (.trap 0xffffffff8dd07aa0) ErrCode = 00000000
eax=00000200 ebx=00000000 ecx=00000001 edx=00000000 esi=8dd07b4c
edi=a277f5a4 eip=8a81bd11 esp=8dd07b14 ebp=8dd07b34 iopl=0 nv
up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00010246
ndis!ndisOidRequestComplete+0x8a:
8a81bd11 803b05 cmp byte ptr [ebx],5 ds:0023:00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 8a81bd11 to 846605fb
STACK_TEXT:
8dd07aa0 8a81bd11 badb0d00 00000000 8dd07ac0 nt!KiTrap0E+0x2cf
8dd07b34 8a81c8b9 8dd07b4c 8c840008 870c1618
ndis!ndisOidRequestComplete+0x8a
8dd07b68 952b411b 8963b0f0 a277f5a4 00000000
ndis!NdisFOidRequestComplete+0x6a
8dd07b88 8a81c19d 870c1618 8c840008 00000000
pacer!PcFilterRequestComplete+0x5b
8dd07bbc 8a843572 02d07bd4 00000000 89ac60e0
ndis!ndisOidRequestComplete+0x516
8dd07bf4 8a843805 00ac60e0 8c840008 00000000
ndis!ndisMOidRequestCompleteInternal+0xd0
8dd07c18 8a87a765 02ac60e0 00000000 8c840008
ndis!ndisCompleteLegacyRequest+0xdb
8dd07c38 95a831c5 89ac60e0 00000000 89ad20e0
ndis!NdisMSetInformationComplete+0x81
8dd07c54 8a87506f 8a1d48e8 8a1d4908 00000000
fxwrap!PtRequestComplete+0x61
8dd07c70 8a81c05b 876f54c0 8966f0f0 00000000
ndis!ndisCompleteOidRequestToRequest+0x4a
8dd07ca4 8a8704b2 00d07cbc 89ad20e0 8a85a000
ndis!ndisOidRequestComplete+0x3d4
8dd07ce8 8a823221 00ad20e0 8966f190 86a58638
ndis!ndisMDoOidRequest+0x528
8dd07d00 8469ca6b 8966f188 00000000 86a58638
ndis!ndisDoOidRequests+0x4d
8dd07d50 84827fda 00000000 92ed9892 00000000 nt!ExpWorkerThread+0x10d
8dd07d90 846d01f9 8469c95e 00000000 00000000
nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP: pacer!PcFilterRequestComplete+5b 952b411b 56
push esi
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: pacer!PcFilterRequestComplete+5b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pacer
IMAGE_NAME: pacer.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc916
FAILURE_BUCKET_ID: 0xD1_pacer!PcFilterRequestComplete+5b
BUCKET_ID: 0xD1_pacer!PcFilterRequestComplete+5b
Followup: MachineOwner
thanks for any input.
You write that it happens during uninstall. Is it uninstall or driver disable as well? I'll assume it's driver disable, don't see any reason why this should happen on uninstall exclusively. The failure happens in your set OID completion routine. More information is needed in order to analyze, specifically the view of pAdapt and MiniportHandle structs. However, most probable cause is lack of synchronization - for example, in this case it might happen if your driver has already deallocated the pAdapt context and the completion was invoked after that (again, this is just an assumption, need more data to give more certain answer).