Digital I/O

When registering the N-samples callback with DAQmxRegisterEveryNSamplesEvent on a PCIe-6535B card after committing the task the PC will bluescreen. With a PCI-6534 everything works. Even if one is not supposed to do this, a bluescreen is a potential security risk and can often be exploited to gain control over the machine in order to install root kits for example. A usermode application should not be able to crash the PC, by design.

I hope this bug-report/description will save someone else days of tracking down this problem.

Here's nidaqmx python code to reproduce the problem:

==============================================================================

import nidaqmx
from nidaqmx.constants import AcquisitionType
import numpy as np

def callback(task_handle, every_n_samples_event_type, number_of_samples, callback_data):
print('Every N Samples callback invoked.')
return 0

with nidaqmx.Task() as task:
data = np.zeros(1 << 16, dtype=np.uint32)
ch = task.do_channels.add_do_chan('Dev1/port0:3', line_grouping=nidaqmx.constants.LineGrouping.CHAN_FOR_ALL_LINES)
task.timing.cfg_samp_clk_timing(10000, samps_per_chan=len(data), sample_mode=AcquisitionType.FINITE)
task.control(nidaqmx.constants.TaskMode.TASK_COMMIT) # this leads to a crash
task.register_every_n_samples_transferred_from_buffer_event(int(len(data) / 4), callback)
#task.control(nidaqmx.constants.TaskMode.TASK_COMMIT) # this instead does not lead to a crash
task.write(data, auto_start=False)
task.start()
task.wait_until_done()
print('task.out_stream.total_samp_per_chan_generated', task.out_stream.total_samp_per_chan_generated)

import nidaqmx
from nidaqmx.constants import AcquisitionType
import numpy as np

def callback(task_handle, every_n_samples_event_type, number_of_samples, callback_data):
print('Every N Samples callback invoked.')
return 0

with nidaqmx.Task() as task:
data = np.zeros(1 << 16, dtype=np.uint32)
ch = task.do_channels.add_do_chan('Dev1/port0:3', line_grouping=nidaqmx.constants.LineGrouping.CHAN_FOR_ALL_LINES)
task.timing.cfg_samp_clk_timing(10000, samps_per_chan=len(data), sample_mode=AcquisitionType.FINITE)
task.control(nidaqmx.constants.TaskMode.TASK_COMMIT) # this leads to a crash
task.register_every_n_samples_transferred_from_buffer_event(int(len(data) / 4), callback)
#task.control(nidaqmx.constants.TaskMode.TASK_COMMIT) # this instead does not lead to a crash
task.write(data, auto_start=False)
task.start()
task.wait_until_done()
print('task.out_stream.total_samp_per_chan_generated', task.out_stream.total_samp_per_chan_generated)

==============================================================================

System Info:

Microsoft Windows 10 Enterprise 2016 LTSB

Model NI PCIe-6535B

NI-DAQmx Device Driver 21.3.0f165

NI-DAQmx ADE Support 21.3.0

NI-DAQmx MAX Configuration 21.3.0

The bluescreen happens in ninshsdk.dll

KMODE_EXCEPTION_NOT_HANDLED (1e)

EXCEPTION_CODE: (NTSTATUS) 0xc0000094 - {EXCEPTION} Integer division by zero.

FAULTING_IP:
ninshsdk!nNINSHSD100::iMemoryMappedBufferSupervisor::___CPPKRLCast+e233
fffff80d`3a0146f3 48f7b3f0000000 div rax,qword ptr [rbx+0F0h]

EXCEPTION_PARAMETER2: 0000000000000b6a

BUGCHECK_STR: 0x1E_c0000094

LAST_CONTROL_TRANSFER: from fffff80280846172 to fffff802807d2940

STACK_TEXT:
fffff802`82fd2488 fffff802`80846172 : 00000000`0000001e ffffffff`c0000094 fffff80d`3a0146f3 00000000`00000000 : nt!KeBugCheckEx
fffff802`82fd2490 fffff802`807dad2d : fffff802`809ca000 fffff802`80676000 0004d670`0081b000 ffffcc07`aa8f2000 : nt!KeRegisterNmiCallback+0xce
fffff802`82fd24d0 fffff802`8077b4a1 : fffff802`82fd4000 00000000`00000000 fffff802`82fcd000 fffff80d`35383820 : nt!_chkstk+0x5d
fffff802`82fd2500 fffff802`8077a2c4 : fffff802`82fd33e8 fffff802`82fd3130 fffff802`82fd33e8 fffff802`82fd32b0 : nt!KeQuerySystemTimePrecise+0x3041
fffff802`82fd2c00 fffff802`807e2a02 : 00000000`00000002 fffff802`80978928 00000000`00000002 00000000`00000014 : nt!KeQuerySystemTimePrecise+0x1e64
fffff802`82fd32b0 fffff802`807dc9c6 : fffff802`82fd34a0 00000000`00000000 00000001`ffffffff fffffff6`00000002 : nt!setjmpex+0x6ea2
fffff802`82fd3490 fffff80d`3a0146f3 : 00000000`00000000 fffff802`806f2429 ffffcc07`a5fd51c0 00000000`00000000 : nt!setjmpex+0xe66
fffff802`82fd3620 fffff80d`3a0256b9 : 00000000`00000000 ffffcc07`ab651b98 00000000`00000000 fffff802`80602779 : ninshsdk!nNINSHSD100::iMemoryMappedBufferSupervisor::___CPPKRLCast+0xe233
fffff802`82fd3680 fffff80d`3a024ab7 : 00000000`9200c002 ffffcc07`a5835590 00000000`00000002 fffff802`806025f0 : ninshsdk!nNINSHSD100::iChip::operator new+0x105e9
fffff802`82fd36b0 fffff80d`3a0231e6 : ffffcc07`a5de0be0 fffff802`82fd3910 ffffa101`3c065050 00000000`00000000 : ninshsdk!nNINSHSD100::iChip::operator new+0xf9e7
fffff802`82fd37b0 fffff80d`34f42df3 : 00000000`00000000 fffff802`809b5180 0000055f`a41ca284 fffff802`8071f18b : ninshsdk!nNINSHSD100::iChip::operator new+0xe116
fffff802`82fd37e0 fffff802`806ea385 : 00000001`4dd75ee2 fffff802`809b5180 ffffcc07`aae8f320 ffffcc07`aae8f320 : nipalk!tBusFlavorSync::tBusFlavorSync+0x2c63
fffff802`82fd3810 fffff802`806e9910 : 00000000`0000003e ffffcc07`accd0e40 00000000`00140001 00000000`00000000 : nt!KeSetEvent+0x3335
fffff802`82fd3960 fffff802`807d5f9a : 00000000`00000000 fffff802`809b5180 fffff802`80a30940 ffffcc07`a642c080 : nt!KeSetEvent+0x28c0
fffff802`82fd3be0 00000000`00000000 : fffff802`82fd4000 fffff802`82fcd000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x263a

Greetings from Austria