Log in
Register
What's new
Search
Search
Search titles only
By:
Menu
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums
Tutorials
About
Rules
What's New
Driver Reference Table
Donate
Search titles only
By:
Latest activity
Register
Microsoft Support & Malware Removal
BSOD Crashes, Kernel Debugging
Problem in calling cancel routine that is marked wdfrequest using WdfRequestMarkCancelableEx
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="davidpreetham" data-source="post: 324667" data-attributes="member: 33531"><p>Hi, </p><p>Current driver(usb emulated driver), creating child device which will be loading usbserial driver, on top application will be communicating.</p><p>current driver recieved bulkin request from usbser.sys, current driver holding the wdfrequest and marked using WdfRequestMarkCancelableEx.</p><p>current driver holds the request in indefinetly(while loop runs with 2mS timeout) until it recieves data from device due to some issues device not sending data.</p><p>OS triggered power irp to usbser.sys, which inturn it tried to stop its already posted requests.</p><p>wdf framwork cancelled using its cancelrepeater. </p><p>current driver cancel routine is not called and still its present in current driver. </p><p>which lead to BSOD power irp holding usbser for too long, ideally bulk in request is pending in current driver which ever usbser pospted previously. </p><p></p><p><strong>usbser call stack to cancel its previously posted requests:</strong></p><p>[0x5] Wdf01000!_FX_DRIVER_GLOBALS::WaitForSignal + 0x5f </p><p>[0x6] Wdf01000!FxUsbPipeContinuousReader::CancelRepeaters + 0x76 </p><p>[0x7] Wdf01000!FxUsbPipe::WaitForSentIoToComplete + 0xf0 </p><p>[0x8] Wdf01000!FxIoTarget::Stop + 0x61 </p><p>[0x9] Wdf01000!imp_WdfIoTargetStop + 0x62 </p><p>[0xa] usbser!UsbSerStopUSBRead + 0xdb </p><p>[0xb] usbser!UsbSerEvtDeviceD0Exit + 0x82 </p><p>[0xc] Wdf01000!FxPnpDeviceD0Exit::InvokeClient + 0x2f </p><p></p><p><strong>current driver that hold wdf request which usbser tried to cancel:</strong></p><p>[0x3] nt!KeWaitForSingleObject + 0x233 </p><p>[0x4] current!current_timeout + 0x7b </p><p>[0x5] current!current_read + 0x11d </p><p>[0x6] current!current_read + 0x3ad </p><p>[0x7] current!current_read_cb + 0x52 </p><p>[0x8] current!currentBulkInRequestHandler + 0x60 </p><p>[0x9] current!currentEvtBulkInRequest + 0x3a0 </p><p>[0xa] Wdf01000!VfEvtIoInternalDeviceControl + 0x154 </p><p></p><p>How can i verify the cancel wdf framwork initiated called current driver cancel routine? or why it is not called?</p><p>raw format of irp shows cancel routine is NULL, cancel bit is set to 1.</p><p>WdfRequestMarkCancelableEx will set irp cancel routine or wdf request structure variable ? </p><p>from windbg cmds it is confirmed cancelrepeater tried to cancel IRP and wdf request associated irp with current driver is same. </p><p>there is no driver logs for us to extract to see what exactly happening. </p><p></p><p>0: kd> dx -id 0,0,ffffa982eae9e180 -r1 ((Wdf01000!_IRP *)0xffffa982ff4e1560)</p><p>((Wdf01000!_IRP *)0xffffa982ff4e1560) : 0xffffa982ff4e1560 [Type: _IRP *]</p><p> [<Raw View>] [Type: _IRP]</p><p> IoStack : Size = 14, Current IRP_MJ_INTERNAL_DEVICE_CONTROL / 0x0 for Device for "\Driver\UDE"</p><p>0: kd> dx -id 0,0,ffffa982eae9e180 -r1 -nv (*((Wdf01000!_IRP *)0xffffa982ff4e1560))</p><p>(*((Wdf01000!_IRP *)0xffffa982ff4e1560)) [Type: _IRP]</p><p> [+0x000] Type : 6 [Type: short]</p><p> [+0x002] Size : 0x508 [Type: unsigned short]</p><p> [+0x008] MdlAddress : 0x0 [Type: _MDL *]</p><p> [+0x010] Flags : 0x0 [Type: unsigned long]</p><p> [+0x018] AssociatedIrp [Type: _IRP::<unnamed-type-AssociatedIrp>]</p><p> [+0x020] ThreadListEntry [Type: _LIST_ENTRY]</p><p> [+0x030] IoStatus [Type: _IO_STATUS_BLOCK]</p><p> [+0x040] RequestorMode : 0 [Type: char]</p><p> [+0x041] PendingReturned : 0x0 [Type: unsigned char]</p><p> [+0x042] StackCount : 14 [Type: char]</p><p><strong> [+0x043] CurrentLocation : 10 '\n' [Type: char]</strong></p><p><strong> [+0x044] Cancel : 0x1 [Type: unsigned char]</strong></p><p> [+0x045] CancelIrql : 0x0 [Type: unsigned char]</p><p> [+0x046] ApcEnvironment : 0 [Type: char]</p><p> [+0x047] AllocationFlags : 0x44 [Type: unsigned char]</p><p> [+0x048] UserIosb : 0x0 [Type: _IO_STATUS_BLOCK *]</p><p> [+0x050] UserEvent : 0x0 [Type: _KEVENT *]</p><p> [+0x058] Overlay [Type: _IRP::<unnamed-type-Overlay>]</p><p> <strong>[+0x068] CancelRoutine : 0x0 : 0x0 [Type: void (__cdecl*)(_DEVICE_OBJECT *,_IRP *)]</strong></p><p> [+0x070] UserBuffer : 0x0 [Type: void *]</p><p> [+0x078] Tail [Type: _IRP::<unnamed-type-Tail>]</p></blockquote><p></p>
[QUOTE="davidpreetham, post: 324667, member: 33531"] Hi, Current driver(usb emulated driver), creating child device which will be loading usbserial driver, on top application will be communicating. current driver recieved bulkin request from usbser.sys, current driver holding the wdfrequest and marked using WdfRequestMarkCancelableEx. current driver holds the request in indefinetly(while loop runs with 2mS timeout) until it recieves data from device due to some issues device not sending data. OS triggered power irp to usbser.sys, which inturn it tried to stop its already posted requests. wdf framwork cancelled using its cancelrepeater. current driver cancel routine is not called and still its present in current driver. which lead to BSOD power irp holding usbser for too long, ideally bulk in request is pending in current driver which ever usbser pospted previously. [B]usbser call stack to cancel its previously posted requests:[/B] [0x5] Wdf01000!_FX_DRIVER_GLOBALS::WaitForSignal + 0x5f [0x6] Wdf01000!FxUsbPipeContinuousReader::CancelRepeaters + 0x76 [0x7] Wdf01000!FxUsbPipe::WaitForSentIoToComplete + 0xf0 [0x8] Wdf01000!FxIoTarget::Stop + 0x61 [0x9] Wdf01000!imp_WdfIoTargetStop + 0x62 [0xa] usbser!UsbSerStopUSBRead + 0xdb [0xb] usbser!UsbSerEvtDeviceD0Exit + 0x82 [0xc] Wdf01000!FxPnpDeviceD0Exit::InvokeClient + 0x2f [B]current driver that hold wdf request which usbser tried to cancel:[/B] [0x3] nt!KeWaitForSingleObject + 0x233 [0x4] current!current_timeout + 0x7b [0x5] current!current_read + 0x11d [0x6] current!current_read + 0x3ad [0x7] current!current_read_cb + 0x52 [0x8] current!currentBulkInRequestHandler + 0x60 [0x9] current!currentEvtBulkInRequest + 0x3a0 [0xa] Wdf01000!VfEvtIoInternalDeviceControl + 0x154 How can i verify the cancel wdf framwork initiated called current driver cancel routine? or why it is not called? raw format of irp shows cancel routine is NULL, cancel bit is set to 1. WdfRequestMarkCancelableEx will set irp cancel routine or wdf request structure variable ? from windbg cmds it is confirmed cancelrepeater tried to cancel IRP and wdf request associated irp with current driver is same. there is no driver logs for us to extract to see what exactly happening. 0: kd> dx -id 0,0,ffffa982eae9e180 -r1 ((Wdf01000!_IRP *)0xffffa982ff4e1560) ((Wdf01000!_IRP *)0xffffa982ff4e1560) : 0xffffa982ff4e1560 [Type: _IRP *] [<Raw View>] [Type: _IRP] IoStack : Size = 14, Current IRP_MJ_INTERNAL_DEVICE_CONTROL / 0x0 for Device for "\Driver\UDE" 0: kd> dx -id 0,0,ffffa982eae9e180 -r1 -nv (*((Wdf01000!_IRP *)0xffffa982ff4e1560)) (*((Wdf01000!_IRP *)0xffffa982ff4e1560)) [Type: _IRP] [+0x000] Type : 6 [Type: short] [+0x002] Size : 0x508 [Type: unsigned short] [+0x008] MdlAddress : 0x0 [Type: _MDL *] [+0x010] Flags : 0x0 [Type: unsigned long] [+0x018] AssociatedIrp [Type: _IRP::<unnamed-type-AssociatedIrp>] [+0x020] ThreadListEntry [Type: _LIST_ENTRY] [+0x030] IoStatus [Type: _IO_STATUS_BLOCK] [+0x040] RequestorMode : 0 [Type: char] [+0x041] PendingReturned : 0x0 [Type: unsigned char] [+0x042] StackCount : 14 [Type: char] [B] [+0x043] CurrentLocation : 10 '\n' [Type: char] [+0x044] Cancel : 0x1 [Type: unsigned char][/B] [+0x045] CancelIrql : 0x0 [Type: unsigned char] [+0x046] ApcEnvironment : 0 [Type: char] [+0x047] AllocationFlags : 0x44 [Type: unsigned char] [+0x048] UserIosb : 0x0 [Type: _IO_STATUS_BLOCK *] [+0x050] UserEvent : 0x0 [Type: _KEVENT *] [+0x058] Overlay [Type: _IRP::<unnamed-type-Overlay>] [B][+0x068] CancelRoutine : 0x0 : 0x0 [Type: void (__cdecl*)(_DEVICE_OBJECT *,_IRP *)][/B] [+0x070] UserBuffer : 0x0 [Type: void *] [+0x078] Tail [Type: _IRP::<unnamed-type-Tail>] [/QUOTE]
Insert quotes...
Verification
Post reply
Microsoft Support & Malware Removal
BSOD Crashes, Kernel Debugging
Problem in calling cancel routine that is marked wdfrequest using WdfRequestMarkCancelableEx
Menu
Log in
Register
Top
