Hi,
My Virtual Bus driver under XP constantly adds and removes USB devices.
Specifically Isochronous USB device removal leads to this very random
crash. Its been a while that we havnt been able to make progress on. Any
insights would be very helpful. !analyze -v indicates it’s a double free
or something.
I’m not able to understand how I’m causing it since I’m in the
WdfIoQueuePurge function. It should be handling the undelivered
requests.
Doron can you please chime in…
f6895c0c 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b (FPO:
[Non-Fpo]) f6895c5c f8013551 82e569f8 00000000 82eefab8
nt!ExFreePoolWithTag+0x2a3 (FPO: [Non-Fpo])
f6895c74 f8012478 82eefab8 f6895c90 f8012b46 Wdf01000!FxPoolFree+0xc5
(FPO: [Non-Fpo]) f6895c80 f8012b46 82eefab8 82eefab8 f6895cb0
Wdf01000!FxObject::operator delete+0x13 (FPO: [Non-Fpo]) f6895c90
f7fd4f8e 00000001 f801381b 82ec4d5c Wdf01000!FxSpinLock::`scalar
deleting destructor’+0x19 (FPO: [Non-Fpo])
f6895c98 f801381b 82ec4d5c 00000000 00000000
Wdf01000!FxObject::SelfDestruct+0xb (FPO: [0,0,0]) f6895cb0 f7fd4fd6
82ec4cd0 82eefab8 f6895cec Wdf01000!FxObject::ProcessDestroy+0xa6 (FPO:
[Non-Fpo]) f6895cc0 f8001f3d 75657551 0000103d f802abe8
Wdf01000!FxObject::Release+0x42 (FPO: [Non-Fpo]) f6895cec f80036c4
f6895d10 00000000 82ec4cd0
Wdf01000!FxIoQueue::ProcessCancelledRequests+0x127 (FPO: [Non-Fpo])
f6895d08 f8001ac8 82eefa00 00000000 82eefab8
Wdf01000!FxIoQueue::DispatchEvents+0xd6 (FPO: [Non-Fpo])
f6895d28 f800407c 82eefa00 832b1228 832b1228
Wdf01000!FxIoQueue::CancelForDriver+0xf9 (FPO: [Non-Fpo])
f6895d48 f7fff429 00000001 00000001 00000000
Wdf01000!FxIoQueue::QueuePurge+0x272 (FPO: [Non-Fpo]) f6895d60 f869b2ed
00000000 82ec4cd0 00000000 Wdf01000!imp_WdfIoQueuePurge+0x67 (FPO:
[Non-Fpo]) f6895dec f869b65e 7cd4efe8 00000003 f86a43ec
panobus!Bus_PdoCleanup+0x16d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\bus.c
@ 3519]
f6895e44 f869df3f 7cd4efe8 00000003 832aec60
panobus!Bus_UnPlugDevice+0x58 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\bus.c
@ 3761] f6896b80 f8000072 7cd51398 7d084cc0 00000000
panobus!Bus_EvtIoDeviceControl+0x179f (FPO: [Non-Fpo]) (CONV: stdcall)
[d:\bus.c @ 2159]
f6896ba4 f80013d0 7cd51398 7d084cc0 00000000
Wdf01000!FxIoQueueIoInternalDeviceControl::Invoke+0x30 (FPO: [Non-Fpo])
f6896bd4 f80039ac 7d084cc0 82f7b338 832aec60
Wdf01000!FxIoQueue::DispatchRequestToDriver+0x31d (FPO: [Non-Fpo])
f6896bf0 f8004a36 832aec00 00000000 833e3420
Wdf01000!FxIoQueue::DispatchEvents+0x3be (FPO: [Non-Fpo]) f6896c10
f8006824 82f7b338 82f7f3f8 83383030
Wdf01000!FxIoQueue::QueueRequest+0x1ec (FPO: [Non-Fpo])
f6896c34 f7ff5a3f 82de3b70 f6896c64 804ef19f
Wdf01000!FxPkgIo::Dispatch+0x27d (FPO: [Non-Fpo]) f6896c40 804ef19f
832ae030 82de3b70 806e6410 Wdf01000!FxDevice::Dispatch+0x7f (FPO:
[Non-Fpo]) f6896c50 8057f982 82de3c04 82f7f3f8 82de3b70
nt!IopfCallDriver+0x31 (FPO: [0,0,0])
f6896c64 805807f7 832ae030 82de3b70 82f7f3f8
nt!IopSynchronousServiceTail+0x70 (FPO: [Non-Fpo]) f6896d00 80579274
00000510 00000590 00000000 nt!IopXxxControlFile+0x5c5 (FPO: [Non-Fpo])
f6896d34 8054164c 00000510 00000590 00000000
nt!NtDeviceIoControlFile+0x2a (FPO: [Non-Fpo])
f6896d34 7c90e514 00000510 00000590 00000000 nt!KiFastCallEntry+0xfc
(FPO: [0,0] TrapFrame @ f6896d64)
14cbf994 7c90d28a 7c8016c2 00000510 00000590 ntdll!KiFastSystemCallRet
(FPO: [0,0,0])
14cbf998 7c8016c2 00000510 00000590 00000000
ntdll!ZwDeviceIoControlFile+0xc (FPO: [10,0,0])
14cbf9f8 004f23c0 00000510 002a4004 0b936128
kernel32!DeviceIoControl+0x78 (FPO: [Non-Fpo])
thanks
Pankaj