x64 XP BSOD on USB device reset or D3 entry

---

• From: dhmot <dhmot@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 18 Aug 2009 09:01:01 -0700

---

All,

I'm porting an i386 XP KMDF USB device driver to x64 XP SP2. The USB device
is a non-trivial device that must be managed by the USB device driver. If D3
is entered, a message must be sent to the device in order for it to be
properly synchronized with the PC. During entry into D3 (either through
removal or via the device manager "Disable" option), my "EvtDeviceD0Exit"
callback is invoked. Once I confirm the next state is D3, I build and send a
reset request to the device with the following APIs:

UsbBuildInterruptOrBulkTransferRequest()
WdfUsbTargetPipeFormatRequestForUrb()
WdfRequestSetCompletionRoutine()
WdfRequestSend()

The completion routine only deletes objects that were allocated to send the
message. The BSOD occurs during the invocation of the completion routine,
and occurs whether or not the device is still physically present. The
following is the WinDBG output when the completion routine is invoked; a
second WinDBG output follows showing what happens when the completion routine
is not installed. My driver is called "CtbUsb":

-------------------------------------------------------------------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadfe20e73eb, The address that the exception occurred at
Arg3: fffffadfe4c6fa60, Exception Record Address
Arg4: fffffadfe4c6f470, Context Record Address

Debugging Details:
------------------

*** No owner thread found for resource fffff800011dca60
*** No owner thread found for resource fffff800011dca60

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
wdf01000!FxObject::CallCleanup+37
fffffadf`e20e73eb 48874310 xchg rax,qword ptr [rbx+10h]

EXCEPTION_RECORD: fffffadfe4c6fa60 -- (.exr 0xfffffadfe4c6fa60)
ExceptionAddress: fffffadfe20e73eb
(wdf01000!FxObject::CallCleanup+0x0000000000000037)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000070800000018
Attempt to write to address 0000070800000018

CONTEXT: fffffadfe4c6f470 -- (.cxr 0xfffffadfe4c6f470)
rax=0000000000000000 rbx=0000070800000008 rcx=fffffadfe7110340
rdx=fffffadfe2150ea8 rsi=fffffadfe7110360 rdi=0000052018eefcb8
rip=fffffadfe20e73eb rsp=fffffadfe4c6fc80 rbp=fffffadfe7110360
r8=fffffadfe7110300 r9=fffffadfe4c70001 r10=0000000000000000
r11=fffffadfe705d43c r12=0000000000000001 r13=0000000000000001
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
wdf01000!FxObject::CallCleanup+0x37:
fffffadf`e20e73eb 48874310 xchg rax,qword ptr [rbx+10h]
ds:002b:00000708`00000018=????????????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: 0000070800000018

WRITE_ADDRESS: 0000070800000018

FOLLOWUP_IP:
CtbUsb!WdfObjectDelete+1b [c:\winddk\6001.18001\inc\wdf\kmdf\1.7\wdfobject.h
@ 578]
fffffadf`e254b41b 4883c428 add rsp,28h

BUGCHECK_STR: 0x7E

LOCK_ADDRESS: fffff800011dcb60 -- (!locks fffff800011dcb60)

Resource @ nt!IopDeviceTreeLock (0xfffff800011dcb60) Shared 1 owning
threads
Threads: fffffadfe7cf6bf0-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff800011dcb60
Thread Count : 1
Thread address: 0xfffffadfe7cf6bf0
Thread wait : 0x5a777

LAST_CONTROL_TRANSFER: from fffff800013722b1 to fffff8000102e890

STACK_TEXT:
fffffadf`e4c6fc80 fffffadf`e20ebe9f : fffffadf`e7110340 00000000`00000000
00000000`c0000120 00000000`00000000 : wdf01000!FxObject::CallCleanup+0x37
fffffadf`e4c6fcb0 fffffadf`e20eb876 : 00000000`00000000 fffffadf`e7110340
fffffadf`e786fa00 00000000`00000000 :
wdf01000!FxObject::DisposeChildrenWorker+0x3af
fffffadf`e4c6fe10 fffffadf`e20ea740 : fffffadf`e7110340 fffffadf`e7110300
00000000`00000001 00000000`00000000 :
wdf01000!FxObject::DeleteWorkerAndUnlock+0x1ee
fffffadf`e4c6fed0 fffffadf`e20b70be : fffffadf`e7a4e670 00000000`00000000
00000000`00000001 00000000`00000008 : wdf01000!FxObject::DeleteObject+0x6b8
fffffadf`e4c70060 fffffadf`e254b41b : 00000000`00000000 fffffadf`e786fa30
fffffadf`e7110340 00000000`00000001 : wdf01000!imp_WdfObjectDelete+0x12a
fffffadf`e4c700c0 fffffadf`e2551144 : 00000520`18eefcb8 00000000`ffff0004
00000000`ffffffff 00000000`00000000 : CtbUsb!WdfObjectDelete+0x1b
[c:\winddk\6001.18001\inc\wdf\kmdf\1.7\wdfobject.h @ 578]
fffffadf`e4c700f0 fffffadf`e209f382 : 00000520`18839978 00000520`187905c8
fffffadf`e77f2c28 fffffadf`e713a700 : CtbUsb!CtbResetComplete+0x54
[c:\cygwin\home\qa1402\x64drvr\platform\linux\drivers\wimax\usb\win32\reset.c
@ 214]
fffffadf`e4c70130 fffffadf`e20f0957 : 00000000`00000000 00000520`18839978
00000000`00000000 fffffadf`e4c70010 :
wdf01000!FxIoTarget::CompleteCanceledRequest+0x246
fffffadf`e4c70230 fffffadf`e209c846 : fffffadf`00000001 00000000`00000005
fffffadf`e77c6680 00000000`00000000 : wdf01000!FxRequestBase::Cancel+0x30f
fffffadf`e4c70330 fffffadf`e209ce48 : fffffadf`e786fa30 00000520`18ebc701
fffffadf`e786fa50 fffffadf`e786fa50 :
wdf01000!FxIoTarget::_CancelSentRequests+0x2e
fffffadf`e4c70370 fffffadf`e209c178 : fffffadf`e786fa01 00000000`00000000
fffffadf`e786fa30 00000000`ffff0012 : wdf01000!FxIoTarget::Remove+0x5c
fffffadf`e4c703c0 fffffadf`e20ebe92 : 00000000`00000000 00000000`ffffffff
00000000`00000000 00000000`ffffffff : wdf01000!FxIoTarget::Dispose+0x34
fffffadf`e4c703f0 fffffadf`e20eb28e : 00000000`00000000 fffffadf`e786fa30
fffffadf`e786fa00 00000000`00000000 :
wdf01000!FxObject::DisposeChildrenWorker+0x3a2
fffffadf`e4c70550 fffffadf`e20eb673 : fffffadf`e4c706c0 fffffadf`e786fa30
00000000`00000000 fffffadf`e20debee :
wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x1ca
fffffadf`e4c70650 fffffadf`e20eac82 : fffffadf`e7137470 fffffadf`e7137400
fffffadf`e7137400 fffffadf`e2109d78 :
wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x203
fffffadf`e4c70720 fffffadf`e20ebe7b : fffffadf`e7137400 fffffadf`e7137400
00000000`00000000 00000000`00000000 :
wdf01000!FxObject::PerformEarlyDispose+0x1ea
fffffadf`e4c707d0 fffffadf`e20eb28e : 00000005`97ca93bd fffffadf`e78402c0
fffffadf`e7840300 00000000`00000000 :
wdf01000!FxObject::DisposeChildrenWorker+0x38b
fffffadf`e4c70930 fffffadf`e20eb673 : 00000000`00000000 fffffadf`e78402c0
00000000`00000000 fffffadf`e20debee :
wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x1ca
fffffadf`e4c70a30 fffffadf`e20eac82 : fffffadf`e4c70af8 00000000`00000000
00000000`00000000 fffffadf`e77b73b0 :
wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x203
fffffadf`e4c70b00 fffffadf`e20ebe7b : fffffadf`e723d150 fffffadf`e7115680
fffffadf`e4c71200 fffffadf`e4c71000 :
wdf01000!FxObject::PerformEarlyDispose+0x1ea
fffffadf`e4c70bb0 fffffadf`e20eb28e : fffffa80`025e0848 fffffadf`e77e9840
fffffadf`e77e9800 00000000`00000000 :
wdf01000!FxObject::DisposeChildrenWorker+0x38b
fffffadf`e4c70d10 fffffadf`e20eb673 : 00000000`00000000 fffffadf`e77e9840
00000000`00000000 fffffadf`e7cf6bf0 :
wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x1ca
fffffadf`e4c70e10 fffffadf`e20eac82 : fffffa80`00000000 fffffa80`00002d00
fffffadf`e4c7115f fffffadf`e4c7115f :
wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x203
fffffadf`e4c70ee0 fffffadf`e20ebe7b : 00000028`00000aa0 fffffadf`e4c710b0
fffffa80`022d9000 fffffa80`003653e0 :
wdf01000!FxObject::PerformEarlyDispose+0x1ea
fffffadf`e4c70f90 fffffadf`e20eb28e : fffffadf`e4c71170 fffffadf`e713a390
00000000`00000100 fffffadf`e723d101 :
wdf01000!FxObject::DisposeChildrenWorker+0x38b
fffffadf`e4c710f0 fffffadf`e20eb673 : 00000000`00000000 fffffadf`e713a390
fffffadf`e723d101 fffffadf`e20e7a91 :
wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x1ca
fffffadf`e4c711f0 fffffadf`e20eaa7b : fffffadf`00000000 fffffadf`e713a300
fffffadf`e723d150 00000000`00000008 :
wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x203
fffffadf`e4c712c0 fffffadf`e211fc6d : fffffadf`0000000b fffffadf`e7115660
00000000`00000124 fffffadf`e723d150 : wdf01000!FxObject::EarlyDispose+0x217
fffffadf`e4c71390 fffffadf`e211dcbd : 00000520`18dc2ea8 fffffadf`e723d150
fffffadf`e7115660 00000000`00000136 :
wdf01000!FxPkgPnp::PnpEventRemovedCommonCode+0x285
fffffadf`e4c71400 fffffadf`e211edd4 : fffffadf`e7115660 00000000`00000000
00000000`00000000 fffffa80`0032000e :
wdf01000!FxPkgFdo::PnpEventFdoRemovedOverload+0x9
fffffadf`e4c71430 fffffadf`e211e722 : fffffa80`00000124 fffffa80`00000136
fffffadf`e6f6eb20 00000520`18ec5c68 :
wdf01000!FxPkgPnp::PnpEnterNewState+0x2ac
fffffadf`e4c714e0 fffffadf`e211e494 : 00000000`00000000 00000000`00000001
00000000`00020000 fffff800`01287f00 :
wdf01000!FxPkgPnp::PnpProcessEventInner+0x12a
fffffadf`e4c715b0 fffffadf`e2112e70 : 00000000`00000000 00000000`00000008
00000000`00000004 00000000`00000001 : wdf01000!FxPkgPnp::PnpProcessEvent+0x408
fffffadf`e4c71670 fffffadf`e2110f6d : fffffadf`e7cf6bf0 fffffadf`e4c71770
00000000`00000000 fffffadf`e712a720 : wdf01000!FxPkgPnp::_PnpRemoveDevice+0x94
fffffadf`e4c716f0 fffffadf`e20ee865 : fffffadf`40000000 00000000`00000002
fffffadf`e712a5c0 fffffadf`e6f6eb20 : wdf01000!FxPkgPnp::Dispatch+0x6f5
fffffadf`e4c717e0 fffffadf`e20ee76b : fffffadf`e712a5c0 fffffadf`e4c719f0
fffffadf`e6f6eb20 00000000`00000000 : wdf01000!FxDevice::Dispatch+0xa9
fffffadf`e4c71810 fffff800`0133de04 : fffffadf`e712a5c0 fffffadf`e4c719f0
fffffadf`e6f6eb20 00000000`00000000 : wdf01000!FxDevice::DispatchWithLock+0x93
fffffadf`e4c71850 fffff800`010d241e : fffffadf`e6f6ea00 fffffa80`00330140
fffffadf`e72808b0 fffffadf`e72808b0 : nt!IopSynchronousCall+0x144
fffffadf`e4c718c0 fffff800`0133f723 : fffffadf`e70bb680 fffff800`011dc9c0
00000000`00000000 00000000`80000000 : nt!IopRemoveLockedDeviceNode+0xafd
fffffadf`e4c71a80 fffff800`0133f4ca : fffffadf`e70bb680 fffff800`011dc9c0
00000000`00000001 fffffadf`e77ea630 : nt!IopDelayedRemoveWorker+0x228
fffffadf`e4c71ac0 fffff800`010cf943 : 00000000`00000000 00000000`00000004
00000000`fffffff7 fffffadf`e77ea630 : nt!IopChainDereferenceComplete+0x19f
fffffadf`e4c71af0 fffff800`01345d72 : fffffadf`e7a1c090 00000000`00000003
fffffa80`025fdb10 fffffa80`01cb7401 :
nt!IopNotifyPnpWhenChainDereferenced+0x177
fffffadf`e4c71b60 fffff800`01343855 : 00000000`00000000 fffffadf`e7c3f870
00000000`00000001 fffffa80`0033ae00 : nt!PiProcessQueryRemoveAndEject+0x1a80
fffffadf`e4c71c90 fffff800`010375ca : fffffadf`e718a850 fffff800`01343600
fffffadf`e7cf6bf0 fffff800`011cda18 : nt!PiWalkDeviceList+0x255
fffffadf`e4c71d00 fffff800`0124a972 : fffffadf`e7cf6bf0 00000000`00000080
fffffadf`e7cf6bf0 fffffadf`e4873680 : nt!ExpWorkerThread+0x13b
fffffadf`e4c71d70 fffff800`01020226 : fffffadf`e486b180 fffffadf`e7cf6bf0
fffffadf`e4873680 fffff800`011b4dc0 : nt!PspSystemThreadStartup+0x3e
fffffadf`e4c71dd0 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


FAULTING_SOURCE_CODE:
No source found for 'c:\winddk\6001.18001\inc\wdf\kmdf\1.7\wdfobject.h'


SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: CtbUsb!WdfObjectDelete+1b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: CtbUsb

IMAGE_NAME: CtbUsb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a8aba65

STACK_COMMAND: .cxr 0xfffffadfe4c6f470 ; kb

FAILURE_BUCKET_ID: X64_0x7E_CtbUsb!WdfObjectDelete+1b

BUCKET_ID: X64_0x7E_CtbUsb!WdfObjectDelete+1b

Followup: MachineOwner
-------------------------------------------------------------------

I tried not installing a completion routine and allowing KMDF to clean up
the resources on driver unload, and I get a similar result except now it's a
KMDF stub that's the cause:

------------------------------------------------------------------
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffffadfe20283eb, The address that the exception occurred at
Arg3: fffffadfe4c62cf0, Exception Record Address
Arg4: fffffadfe4c62700, Context Record Address

Debugging Details:
------------------

*** No owner thread found for resource fffff800011dca60
*** No owner thread found for resource fffff800011dca60

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
wdf01000!FxObject::CallCleanup+37
fffffadf`e20283eb 48874310 xchg rax,qword ptr [rbx+10h]

EXCEPTION_RECORD: fffffadfe4c62cf0 -- (.exr 0xfffffadfe4c62cf0)
ExceptionAddress: fffffadfe20283eb
(wdf01000!FxObject::CallCleanup+0x0000000000000037)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000070800000018
Attempt to write to address 0000070800000018

CONTEXT: fffffadfe4c62700 -- (.cxr 0xfffffadfe4c62700)
rax=0000000000000000 rbx=0000070800000008 rcx=fffffadfe6ecca70
rdx=fffffadfe2091ea8 rsi=fffffadfe6ecca90 rdi=0000052019133588
rip=fffffadfe20283eb rsp=fffffadfe4c62f10 rbp=fffffadfe6ecca90
r8=0000000000000000 r9=0000000000000000 r10=fffffadfe7481000
r11=fffffadfe4c63180 r12=0000000000000001 r13=0000000000000000
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
wdf01000!FxObject::CallCleanup+0x37:
fffffadf`e20283eb 48874310 xchg rax,qword ptr [rbx+10h]
ds:002b:00000708`00000018=????????????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: 0000070800000018

WRITE_ADDRESS: 0000070800000018

FOLLOWUP_IP:
CtbUsb!FxStubDriverUnload+1e
[d:\longhorn\drivers\wdf\kmdf\src\dynamic\stub\stub.cpp @ 154]
fffffadf`e2c3e8f6 4883c428 add rsp,28h

BUGCHECK_STR: 0x7E

LOCK_ADDRESS: fffff800011dcb60 -- (!locks fffff800011dcb60)

Resource @ nt!IopDeviceTreeLock (0xfffff800011dcb60) Shared 1 owning
threads
Threads: fffffadfe7cf77a0-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff800011dcb60
Thread Count : 1
Thread address: 0xfffffadfe7cf77a0
Thread wait : 0x788f

LAST_CONTROL_TRANSFER: from fffff800013722b1 to fffff8000102e890

STACK_TEXT:
fffffadf`e4c62f10 fffffadf`e202ce9f : fffffadf`e6ecca70 fffffadf`e4c63550
fffffa80`00359040 fffffa80`027338f8 : wdf01000!FxObject::CallCleanup+0x37
fffffadf`e4c62f40 fffffadf`e202c28e : fffffadf`e7ddebf0 fffffadf`e6ecca70
fffffadf`e6ecca00 00000000`00000000 :
wdf01000!FxObject::DisposeChildrenWorker+0x3af
fffffadf`e4c630a0 fffffadf`e202c673 : 00000020`000002e8 fffffadf`e6ecca70
00000000`00000000 fffffa80`000b51e0 :
wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x1ca
fffffadf`e4c631a0 fffffadf`e202bc82 : fffffa80`000a9010 fffff800`0128b100
00000000`00000000 fffff800`012628ab :
wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x203
fffffadf`e4c63270 fffffadf`e202ce7b : 00000000`00000000 00000000`00000000
fffffadf`e4c635f0 fffffadf`e4c63300 :
wdf01000!FxObject::PerformEarlyDispose+0x1ea
fffffadf`e4c63320 fffffadf`e202c876 : 00000000`00000000 fffffadf`e79b11e0
00000000`0000ff00 fffffadf`e77aada0 :
wdf01000!FxObject::DisposeChildrenWorker+0x38b
fffffadf`e4c63480 fffffadf`e202b740 : fffffadf`e79b11e0 00000000`00000000
fffffadf`e4c63701 00000000`00000000 :
wdf01000!FxObject::DeleteWorkerAndUnlock+0x1ee
fffffadf`e4c63540 fffffadf`e2039e60 : fffffadf`e7cfb040 fffffa80`00002da0
00000000`00000ba0 fffff800`0128000b : wdf01000!FxObject::DeleteObject+0x6b8
fffffadf`e4c636d0 fffffadf`e2c3e8f6 : fffffadf`e77aada0 00000520`1864ee18
fffffadf`e77aada0 fffffa80`02932930 : wdf01000!FxDriver::Unload+0x12c
fffffadf`e4c63740 fffff800`0131e773 : ffffffff`80000ba0 00000000`0000fffc
00000000`00000001 00000000`00000000 : CtbUsb!FxStubDriverUnload+0x1e
[d:\longhorn\drivers\wdf\kmdf\src\dynamic\stub\stub.cpp @ 154]
fffffadf`e4c63770 fffff800`010d2619 : fffffa80`000c15a0 00000000`00000078
fffffa80`000c1616 00000000`00000002 : nt!IopUnloadDriver+0x302
fffffadf`e4c638c0 fffff800`0133f723 : fffffadf`e7a10430 fffff800`011dc9c0
00000000`00000000 00000000`80000000 : nt!IopRemoveLockedDeviceNode+0xcf9
fffffadf`e4c63a80 fffff800`0133f4ca : fffffadf`e7a10430 fffff800`011dc9c0
00000000`00000001 fffffadf`e79174f0 : nt!IopDelayedRemoveWorker+0x228
fffffadf`e4c63ac0 fffff800`010cf943 : 00000000`00000000 00000000`00000004
00000000`fffffff7 fffffadf`e79174f0 : nt!IopChainDereferenceComplete+0x19f
fffffadf`e4c63af0 fffff800`01345d72 : fffffadf`e7a29330 00000000`00000003
fffffa80`01aab0a0 fffffa80`01769501 :
nt!IopNotifyPnpWhenChainDereferenced+0x177
fffffadf`e4c63b60 fffff800`01343855 : 00000000`00000000 fffffadf`e7c19870
00000000`00000001 fffffa80`005daf30 : nt!PiProcessQueryRemoveAndEject+0x1a80
fffffadf`e4c63c90 fffff800`010375ca : fffffadf`e7907ce0 fffff800`01343600
fffffadf`e7cf77a0 fffff800`011cda18 : nt!PiWalkDeviceList+0x255
fffffadf`e4c63d00 fffff800`0124a972 : fffffadf`e7cf77a0 00000000`00000080
fffffadf`e7cf77a0 fffffadf`e4873680 : nt!ExpWorkerThread+0x13b
fffffadf`e4c63d70 fffff800`01020226 : fffffadf`e486b180 fffffadf`e7cf77a0
fffffadf`e4873680 fffff800`011b4dc0 : nt!PspSystemThreadStartup+0x3e
fffffadf`e4c63dd0 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


FAULTING_SOURCE_CODE:
No source found for 'd:\longhorn\drivers\wdf\kmdf\src\dynamic\stub\stub.cpp'


SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: CtbUsb!FxStubDriverUnload+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: CtbUsb

IMAGE_NAME: CtbUsb.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a8abe3b

STACK_COMMAND: .cxr 0xfffffadfe4c62700 ; kb

FAILURE_BUCKET_ID: X64_0x7E_CtbUsb!FxStubDriverUnload+1e

BUCKET_ID: X64_0x7E_CtbUsb!FxStubDriverUnload+1e

Followup: MachineOwner
-------------------------------------------------------------------

This BSOD also occurs if I send the reset message to the USB device without
D3 entry. The reset message causes the USB device to disappear from the USB
bus and re-enumerate as a different USB device.

This code works fine and passes the DTM tests on i386 Windows XP with SP3.

Any hints on what direction I should go to fix this?

Thanks
.

---

• Follow-Ups:
  • Re: x64 XP BSOD on USB device reset or D3 entry
    • From: Doron Holan [MSFT]

• Prev by Date: Re: Handling memory inside kernel
• Next by Date: Re: Handling memory inside kernel
• Previous by thread: about IRP_PAGING_IO
• Next by thread: Re: x64 XP BSOD on USB device reset or D3 entry
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: x64 XP BSOD on USB device reset or D3 entry ... I'm porting an i386 XP KMDF USB device driver to x64 XP SP2. ... The completion routine only deletes objects that were allocated to send the ... The exception code that was not handled ... (microsoft.public.development.device.drivers) AVStream : USB device reinstallation issue ... avshws sample codes and just modified its INF file for my USB device as ... But I got fatal exception when I tried to reinstall it by using "Update ... Driver" of "Device Manager". ... (microsoft.public.development.device.drivers) Re: Does anyone know what this bugcheck is ? WdfDeviceInitSetRequestAt ... fix your symbols (.symfix in the debugger) and then send the stack. ... once you do that,!wdflogdump <your driver name> will tell you why there was a break. ... of an exception, but the bugcheck code is 0. ... total locks, 1 locks currently held ... (microsoft.public.development.device.drivers) Re: USB not detected - help ... If I connect the device after the OS is loaded, "Unidentified USB device" ... I copied the dll after installing the CAB file from the CE device. ... debugzones in your usb host driver, you should see some information about ... Check for other registry keys besides the one I mentioned. ... (microsoft.public.windowsce.platbuilder) Re: USB not detected - help ... USB device popup *didnot* come. ... Without installing the Cab file, ... debugzones in your usb host driver, you should see some information about ... Check for other registry keys besides the one I mentioned. ... (microsoft.public.windowsce.platbuilder)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2009-08