Driver Crash

NTDEV
1

Hi folks!

Instructions:
* Plug in USB device
* Suspend computer
* Unplug USB device
* Wake computer
==> Crash (see trace below)

It is exactly the same issue as discussed at http://www.osronline.com/showThread.CFM?link=130510.

No solution or workaround is mention on that thread, though.

Is usbhub.sys the problem and nothing can be done to prevent the crash or can it be prevented by some precaution in the driver?

If so, how?

Regards,
AO

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f9b18371, The address that the exception occurred at
Arg3: f9df79ac, Exception Record Address
Arg4: f9df76a8, Context Record Address

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p "0x%08lx" refererade till minnet p "0x%08lx". Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be "%s".

FAULTING_IP:
usbhub!USBH_SetPowerD0+d3
f9b18371 8908 mov dword ptr [eax],ecx

EXCEPTION_RECORD: f9df79ac -- (.exr 0xfffffffff9df79ac)
ExceptionAddress: f9b18371 (usbhub!USBH_SetPowerD0+0x000000d3)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000107
Attempt to write to address 00000107

CONTEXT: f9df76a8 -- (.cxr 0xfffffffff9df76a8)
eax=00000107 ebx=818cc3f0 ecx=818a535c edx=818a535c esi=818a50e8 edi=818bf398
eip=f9b18371 esp=f9df7a74 ebp=f9df7a8c iopl=0 nv up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
usbhub!USBH_SetPowerD0+0xd3:
f9b18371 8908 mov dword ptr [eax],ecx ds:0023:00000107=????????
Resetting default scope

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p "0x%08lx" refererade till minnet p "0x%08lx". Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be "%s".

EXCEPTION_PARAMETER1: 00000001

EXCEPTION_PARAMETER2: 00000107

WRITE_ADDRESS: 00000107

FOLLOWUP_IP:
usbhub!USBH_SetPowerD0+d3
f9b18371 8908 mov dword ptr [eax],ecx

BUGCHECK_STR: 0x7E

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from f9b184b2 to f9b18371

STACK_TEXT:
f9df7a8c f9b184b2 816ff008 00000100 818bf398 usbhub!USBH_SetPowerD0+0xd3
f9df7aa8 f9b18727 818bf398 816ff008 816ff008 usbhub!USBH_PdoSetPower+0x80
f9df7ac8 f9b1097b 816ff0c0 816ff008 00000002 usbhub!USBH_PdoPower+0x201
f9df7ae8 f9b0e1d8 818bf398 816ff008 f9df7b1c usbhub!USBH_PdoDispatch+0x83
f9df7af8 804edfe3 818bf2e0 816ff008 816ff0c0 usbhub!USBH_HubDispatch+0x48
f9df7b08 80522401 816ff0c0 816ff008 00000000 nt!IopfCallDriver+0x31 f9df7b1c 8052291b 816ff0c0 816ff008 816ff0dc nt!PopPresentIrp+0x57 f9df7b3c f769fc61 818bf2e0 818bf4c8 8172e1d0 nt!PoCallDriver+0x195 f9df7b5c f769fd28 f9df7b9c f76b27a0 816ff0e4 Wdf01000!FxPkgFdo::RaiseDevicePower+0x50
f9df7b70 f769fd5d 816ff0e4 f9df7ba0 f7692bcf Wdf01000!FxPkgFdo::DispatchDeviceSetPower+0xb6
f9df7b7c f7692bcf 8172e1d0 f9df7b9c 816ff008 Wdf01000!FxPkgFdo::_DispatchSetPower+0x23
f9df7ba0 f767c665 816ff008 f9df7bc8 f767c888 Wdf01000!FxPkgPnp::Dispatch+0x2a6 f9df7bac f767c888 8173ed78 816ff008 80558ee8 Wdf01000!FxDevice::Dispatch+0x7f
f9df7bc8 804edfe3 8173ed78 816ff008 816ff0e4 Wdf01000!FxDevice::DispatchWithLock+0x7b
f9df7bd8 80522401 816ff0e4 816ff008 00000000 nt!IopfCallDriver+0x31 f9df7bec 8052291b 816ff0e4 816ff008 816ff108 nt!PopPresentIrp+0x57 f9df7c0c 80522a8b 8173ed78 8173ee48 00000000 nt!PoCallDriver+0x195
f9df7c28 f769e86a 8173ed78 00000002 00000001 nt!PoRequestPowerIrp+0x129
f9df7c64 f769ecb7 00000001 00000001 f9df7cec Wdf01000!FxPkgPnp::PowerPolicySendDevicePowerRequest+0x4d
f9df7c74 f769d49a 8172e1d0 f76b39e0 8172e1d0 Wdf01000!FxPkgPnp::PowerPolWokeFromS0+0x11
f9df7cec f769dff3 0000052d 8172e348 8172e1d0 Wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x169
f9df7d14 f769e7bf f9df7d44 806d06e0 8172e33c Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x21e
f9df7d28 f769f4ee 8172e1d0 f9df7d44 817fc870 Wdf01000!FxPkgPnp::_PowerPolicyProcessEventInner+0x26
f9df7d58 f769f5af f9df7d74 8056ae53 8173ed78 Wdf01000!FxEventQueue::EventQueueWorker+0x4a
f9df7d60 8056ae53 8173ed78 8172e33c 8055a3fc Wdf01000!FxThreadedEventQueue::_WorkItemCallback+0xd
f9df7d74 80533fe6 817fc870 00000000 819ca640 nt!IopProcessWorkItem+0x13 f9df7dac 805c4cce 817fc870 00000000 00000000 nt!ExpWorkerThread+0x100 f9df7ddc 805411c2 80533ee6 00000001 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: usbhub!USBH_SetPowerD0+d3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107d68

STACK_COMMAND: .cxr 0xfffffffff9df76a8 ; kb

FAILURE_BUCKET_ID: 0x7E_usbhub!USBH_SetPowerD0+d3

BUCKET_ID: 0x7E_usbhub!USBH_SetPowerD0+d3

Followup: MachineOwner

2

What os?

d

Sent from my phone with no t9, all spilling mistakes are not intentional.

-----Original Message-----
From: xxxxx@todos.se
Sent: Tuesday, August 25, 2009 8:01 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Driver Crash

Hi folks!

Instructions:
* Plug in USB device
* Suspend computer
* Unplug USB device
* Wake computer
==> Crash (see trace below)

It is exactly the same issue as discussed at http://www.osronline.com/showThread.CFM?link=130510.

No solution or workaround is mention on that thread, though.

Is usbhub.sys the problem and nothing can be done to prevent the crash or can it be prevented by some precaution in the driver?

If so, how?

Regards,
AO

kd> !analyze -v
Bugcheck Analysis



SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f9b18371, The address that the exception occurred at
Arg3: f9df79ac, Exception Record Address
Arg4: f9df76a8, Context Record Address

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p “0x%08lx” refererade till minnet p “0x%08lx”. Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be “%s”.

FAULTING_IP:
usbhub!USBH_SetPowerD0+d3
f9b18371 8908 mov dword ptr [eax],ecx

EXCEPTION_RECORD: f9df79ac – (.exr 0xfffffffff9df79ac)
ExceptionAddress: f9b18371 (usbhub!USBH_SetPowerD0+0x000000d3)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000107
Attempt to write to address 00000107

CONTEXT: f9df76a8 – (.cxr 0xfffffffff9df76a8)
eax=00000107 ebx=818cc3f0 ecx=818a535c edx=818a535c esi=818a50e8 edi=818bf398
eip=f9b18371 esp=f9df7a74 ebp=f9df7a8c iopl=0 nv up ei pl nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010213
usbhub!USBH_SetPowerD0+0xd3:
f9b18371 8908 mov dword ptr [eax],ecx ds:0023:00000107=???
Resetting default scope

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p “0x%08lx” refererade till minnet p “0x%08lx”. Det gick inte att utf ra en minnes tg rd. F ljande fel returnerades: The memory could not be “%s”.

EXCEPTION_PARAMETER1: 00000001

EXCEPTION_PARAMETER2: 00000107

WRITE_ADDRESS: 00000107

FOLLOWUP_IP:
usbhub!USBH_SetPowerD0+d3
f9b18371 8908 mov dword ptr [eax],ecx

BUGCHECK_STR: 0x7E

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from f9b184b2 to f9b18371

STACK_TEXT:
f9df7a8c f9b184b2 816ff008 00000100 818bf398 usbhub!USBH_SetPowerD0+0xd3
f9df7aa8 f9b18727 818bf398 816ff008 816ff008 usbhub!USBH_PdoSetPower+0x80
f9df7ac8 f9b1097b 816ff0c0 816ff008 00000002 usbhub!USBH_PdoPower+0x201
f9df7ae8 f9b0e1d8 818bf398 816ff008 f9df7b1c usbhub!USBH_PdoDispatch+0x83
f9df7af8 804edfe3 818bf2e0 816ff008 816ff0c0 usbhub!USBH_HubDispatch+0x48
f9df7b08 80522401 816ff0c0 816ff008 00000000 nt!IopfCallDriver+0x31 f9df7b1c 8052291b 816ff0c0 816ff008 816ff0dc nt!PopPresentIrp+0x57 f9df7b3c f769fc61 818bf2e0 818bf4c8 8172e1d0 nt!PoCallDriver+0x195 f9df7b5c f769fd28 f9df7b9c f76b27a0 816ff0e4 Wdf01000!FxPkgFdo::RaiseDevicePower+0x50
f9df7b70 f769fd5d 816ff0e4 f9df7ba0 f7692bcf Wdf01000!FxPkgFdo::DispatchDeviceSetPower+0xb6
f9df7b7c f7692bcf 8172e1d0 f9df7b9c 816ff008 Wdf01000!FxPkgFdo::_DispatchSetPower+0x23
f9df7ba0 f767c665 816ff008 f9df7bc8 f767c888 Wdf01000!FxPkgPnp::Dispatch+0x2a6 f9df7bac f767c888 8173ed78 816ff008 80558ee8 Wdf01000!FxDevice::Dispatch+0x7f
f9df7bc8 804edfe3 8173ed78 816ff008 816ff0e4 Wdf01000!FxDevice::DispatchWithLock+0x7b
f9df7bd8 80522401 816ff0e4 816ff008 00000000 nt!IopfCallDriver+0x31 f9df7bec 8052291b 816ff0e4 816ff008 816ff108 nt!PopPresentIrp+0x57 f9df7c0c 80522a8b 8173ed78 8173ee48 00000000 nt!PoCallDriver+0x195
f9df7c28 f769e86a 8173ed78 00000002 00000001 nt!PoRequestPowerIrp+0x129
f9df7c64 f769ecb7 00000001 00000001 f9df7cec Wdf01000!FxPkgPnp::PowerPolicySendDevicePowerRequest+0x4d
f9df7c74 f769d49a 8172e1d0 f76b39e0 8172e1d0 Wdf01000!FxPkgPnp::PowerPolWokeFromS0+0x11
f9df7cec f769dff3 0000052d 8172e348 8172e1d0 Wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x169
f9df7d14 f769e7bf f9df7d44 806d06e0 8172e33c Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x21e
f9df7d28 f769f4ee 8172e1d0 f9df7d44 817fc870 Wdf01000!FxPkgPnp::_PowerPolicyProcessEventInner+0x26
f9df7d58 f769f5af f9df7d74 8056ae53 8173ed78 Wdf01000!FxEventQueue::EventQueueWorker+0x4a
f9df7d60 8056ae53 8173ed78 8172e33c 8055a3fc Wdf01000!FxThreadedEventQueue::_WorkItemCallback+0xd
f9df7d74 80533fe6 817fc870 00000000 819ca640 nt!IopProcessWorkItem+0x13 f9df7dac 805c4cce 817fc870 00000000 00000000 nt!ExpWorkerThread+0x100 f9df7ddc 805411c2 80533ee6 00000001 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: usbhub!USBH_SetPowerD0+d3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107d68

STACK_COMMAND: .cxr 0xfffffffff9df76a8 ; kb

FAILURE_BUCKET_ID: 0x7E_usbhub!USBH_SetPowerD0+d3

BUCKET_ID: 0x7E_usbhub!USBH_SetPowerD0+d3

Followup: MachineOwner


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

Windows XP Service Pack 2. The driver does not crash if running SP3, though.
The driver is to support all Windows versions from Windows 2000 and above.
Is there something I can do to prevent the crash on Win XP SP2?

4

Nope. There is nothing client drivers can do. you can ask Microsoft PSS for a hotfix/QFE (I think one is already done, I don’t have the number offhand though), but I don’t know the process involved with that.

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@todos.se
Sent: Tuesday, August 25, 2009 11:02 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver Crash

Windows XP Service Pack 2. The driver does not crash if running SP3, though.
The driver is to support all Windows versions from Windows 2000 and above.
Is there something I can do to prevent the crash on Win XP SP2?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

5

I have tried to reproduce the crash with other devices/drivers without success. How come other drivers do not crash and my driver does? Someone mentioned (see http://www.osronline.com/showThread.CFM?link=130510) that the crash only occurs if the device is self-powered and not when bus-powered. My device is bus-powered so that statement seems to be false. Any ideas?

6

Where do I find official information on which Windows versions the described issue applies to?