locked
in FxPkgPnp module, nt!IoCancelIrp() called twice for USB Root Hub (USBHUB.SYS) Power Management RRS feed

  • Question

  • When the HP docking station and HP MobileWorkstation laptop gets separated (while its powered on), the following crash occurs:

    From what I can gather, the USBHUB.SYS and power management somehow allowed the nt!IopFreeIrp() calls to occur TWICE or without adequate state pre-checking before calling the IoCancelIrp() routine.

     

    *******************************************************************************
    *                                       *
    *            Bugcheck Analysis                  *
    *                                       *
    *******************************************************************************
    
    MULTIPLE_IRP_COMPLETE_REQUESTS (44)
    A driver has requested that an IRP be completed (IoCompleteRequest()), but
    the packet has already been completed. This is a tough bug to find because
    the easiest case, a driver actually attempted to complete its own packet
    twice, is generally not what happened. Rather, two separate drivers each
    believe that they own the packet, and each attempts to complete it. The
    first actually works, and the second fails. Tracking down which drivers
    in the system actually did this is difficult, generally because the trails
    of the first driver have been covered by the second. However, the driver
    stack for the current request can be found by examining the DeviceObject
    fields in each of the stack locations.
    Arguments:
    Arg1: 873e6008, Address of the IRP
    Arg2: 00001bc0
    Arg3: 00000000
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    IRP_ADDRESS: 873e6008
    
    CUSTOMER_CRASH_COUNT: 1
    
    DEFAULT_BUCKET_ID: DRIVER_FAULT
    
    BUGCHECK_STR: 0x44
    
    PROCESS_NAME: System
    
    LAST_CONTROL_TRANSFER: from 804ef4d4 to 804f9f43
    
    STACK_TEXT: 
    b854bbf4 804ef4d4 00000044 873e6008 00001bc0 nt!KeBugCheckEx+0x1b
    b854bc1c a9be13fd 873e6008 b854bc44 a9be1948 nt!IopFreeIrp+0x22
    b854bc28 a9be1948 896ead50 873e6008 b4d55288 usbhub!USBH_HubCancelIdleIrp+0x2d
    b854bc44 804f1605 89782de8 89711cb0 8970c7c0 usbhub!USBH_PortIdleNotificationCancelRoutine+0x4c
    b854bc5c b4d4b953 89711cb0 b4d4836c b4d49017 nt!IoCancelIrp+0x65
    b854bc64 b4d4836c b4d49017 b854bcf8 b4d47832 wdf01000!FxPkgPnp::PowerPolicyCancelUsbSS+0x15
    b854bc68 b4d49017 b854bcf8 b4d47832 8970c7c0 wdf01000!FxPkgPnp::PowerPolicyCancelUsbSSIfCapable+0x1b
    b854bc70 b4d47832 8970c7c0 8970c93c 8970c7c0 wdf01000!FxPkgPnp::PowerPolCancelUsbSS+0xd
    b854bcf8 b4d48716 00000564 8970c948 8970c7c0 wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x11c
    b854bd1c b4d49411 b854bd4c 806e7830 8970c93c wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x185
    b854bd30 b4d49d1c 8970c7c0 b854bd4c 89ddcfc0 wdf01000!FxPkgPnp::_PowerPolicyProcessEventInner+0x26
    b854bd60 b4d49dd1 b854bd7c 80576af9 89d19b40 wdf01000!FxEventQueue::EventQueueWorker+0x6f
    b854bd68 80576af9 89d19b40 8970c93c 8056485c wdf01000!FxThreadedEventQueue::_WorkItemCallback+0xd
    b854bd7c 805387cb 89ddcfc0 00000000 8aa86640 nt!IopProcessWorkItem+0x13
    b854bdac 805cffa8 89ddcfc0 00000000 00000000 nt!ExpWorkerThread+0xef
    b854bddc 8054615e 805386dc 00000001 00000000 nt!PspSystemThreadStartup+0x34
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    
    
    STACK_COMMAND: kb
    
    FOLLOWUP_IP: 
    usbhub!USBH_HubCancelIdleIrp+2d
    a9be13fd 5d       pop   ebp
    
    SYMBOL_STACK_INDEX: 2
    
    SYMBOL_NAME: usbhub!USBH_HubCancelIdleIrp+2d
    
    FOLLOWUP_NAME: MachineOwner
    
    MODULE_NAME: usbhub
    
    IMAGE_NAME: usbhub.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP: 480254d0
    
    FAILURE_BUCKET_ID: 0x44_usbhub!USBH_HubCancelIdleIrp+2d
    
    BUCKET_ID: 0x44_usbhub!USBH_HubCancelIdleIrp+2d
    
    Followup: MachineOwner
    ---------
    
    eax=b835013c ebx=00001bc0 ecx=00000000 edx=00000001 esi=873e6008 edi=896ead50
    eip=804f9f43 esp=b854bbdc ebp=b854bbf4 iopl=0     nv up ei ng nz na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000       efl=00000286
    nt!KeBugCheckEx+0x1b:
    804f9f43 5d       pop   ebp
    ChildEBP RetAddr Args to Child       
    b854bbf4 804ef4d4 00000044 873e6008 00001bc0 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
    b854bc1c a9be13fd 873e6008 b854bc44 a9be1948 nt!IopFreeIrp+0x22 (FPO: [Non-Fpo])
    b854bc28 a9be1948 896ead50 873e6008 b4d55288 usbhub!USBH_HubCancelIdleIrp+0x2d (FPO: [Non-Fpo])
    b854bc44 804f1605 89782de8 89711cb0 8970c7c0 usbhub!USBH_PortIdleNotificationCancelRoutine+0x4c (FPO: [Non-Fpo])
    b854bc5c b4d4b953 89711cb0 b4d4836c b4d49017 nt!IoCancelIrp+0x65 (FPO: [Non-Fpo])
    b854bc64 b4d4836c b4d49017 b854bcf8 b4d47832 wdf01000!FxPkgPnp::PowerPolicyCancelUsbSS+0x15 (FPO: [0,0,0])
    b854bc68 b4d49017 b854bcf8 b4d47832 8970c7c0 wdf01000!FxPkgPnp::PowerPolicyCancelUsbSSIfCapable+0x1b (FPO: [0,0,0])
    b854bc70 b4d47832 8970c7c0 8970c93c 8970c7c0 wdf01000!FxPkgPnp::PowerPolCancelUsbSS+0xd (FPO: [Non-Fpo])
    b854bcf8 b4d48716 00000564 8970c948 8970c7c0 wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x11c (FPO: [Non-Fpo])
    b854bd1c b4d49411 b854bd4c 806e7830 8970c93c wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x185 (FPO: [Non-Fpo])
    b854bd30 b4d49d1c 8970c7c0 b854bd4c 89ddcfc0 wdf01000!FxPkgPnp::_PowerPolicyProcessEventInner+0x26 (FPO: [Non-Fpo])
    b854bd60 b4d49dd1 b854bd7c 80576af9 89d19b40 wdf01000!FxEventQueue::EventQueueWorker+0x6f (FPO: [Non-Fpo])
    b854bd68 80576af9 89d19b40 8970c93c 8056485c wdf01000!FxThreadedEventQueue::_WorkItemCallback+0xd (FPO: [Non-Fpo])
    b854bd7c 805387cb 89ddcfc0 00000000 8aa86640 nt!IopProcessWorkItem+0x13 (FPO: [Non-Fpo])
    b854bdac 805cffa8 89ddcfc0 00000000 00000000 nt!ExpWorkerThread+0xef (FPO: [Non-Fpo])
    b854bddc 8054615e 805386dc 00000001 00000000 nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    Wednesday, May 11, 2011 11:58 PM