BSOD in Wdf01000!FxIoQueue when computer goes to sleep (I think)

Vir Gnarus · 15 Aug 2013

Well, I understand that, but I didn't realize you had that much RAM for a non-server system. This is a production system I take it?

sergeyn · 15 Aug 2013

no, but I do run some number-crunching applications, those take some ram.

Vir Gnarus · 15 Aug 2013

That's quite a bit! Anyways, I'll try looking through this at earliest convenience.

sergeyn · 15 Aug 2013

Thank you so much! I tried to do it myself yesterday, but I'm not a driver development expert and couldn't dig past what !analyze -v showed (i.e. - tsusbhup and umsys).

Do you consider looking into it directly at my machine (via some screen/control sharing)? I have wingdb installed, but not your fancy windgb extensions.

Vir Gnarus · 15 Aug 2013

I would prefer not, and the only way that would benefit would be to do a live kernel debug session, which won't happen unless my PC's connected to yours physically.

Honestly, there's only two extensions I've added to this Windbg, and that's Niemiro's rawstack extension he whipped up real quick at Sysnative (I think it's private), and CMKD, which has a couple of extensions.

sergeyn · 16 Aug 2013

Hello again,

I keep experimenting with this bluescreen. Basically what I've figured out so far is that whenever you RDP into the pc, then "I bluescreen on reboot/sleep" mode turns on and stays on even after you log out.

This is the last crash with some of my manual poking with windb (it contains FxIoQueue stuff). Can you comment on the following callstack ? I did some manual decodings (on the right), but I'm a noob in windb and kernel-space objects. All I know so far is !devobj, !drvobj, but none of the addresses in the callstack seem to be recognized. I wonder if there are other command I should try ?

Code:

fffff880`009ec3a8  fffff800`03677da0 nt!KiPageFault+0x260
fffff880`009ec3b0  00000000`00000002
fffff880`009ec3b8  fffff800`03682f4d nt!KeAcquireInStackQueuedSpinLock+0x8d
fffff880`009ec3c0  fffffa80`23e39a00
fffff880`009ec3c8  00000000`00000000
fffff880`009ec3d0  fffffa80`23818ac0
fffff880`009ec3d8  00001f80`0100c498
fffff880`009ec3e0  00000000`00000000
fffff880`009ec3e8  fffffa80`1be7cc30
fffff880`009ec3f0  fffffa80`1fe9dd88
fffff880`009ec3f8  00000000`00000000
fffff880`009ec400  00000000`00000000
fffff880`009ec408  00000000`00000000
fffff880`009ec410  fffff880`009b3180 --> 00000004`00001f80  fffffa80`188789d0 fffffa80`18886660 fffff880`009be0c0 00000004`00000000 fffff880`009ecc70 00000000`00000000 00000000`00000000 00000000`80050033 ffffffff`ffffffe8 00000000`00187000 00000000`000406f8 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 00000000`ffff4ff0 00000000`00000400 007f0000`00000000 fffff880`009be640 0fff0000`00000000 fffff880`009be6c0
fffff880`009ec418  fffff880`009ec498
fffff880`009ec420  fffffa80`1c015490 <-- Wdf01000!FxCallbackMutexLock::`vftable'
fffff880`009ec428  fffff880`15346868 tsusbhub!BdEvtIoStop
fffff880`009ec430  00000000`00000000
fffff880`009ec438  00000000`00000000
fffff880`009ec440  00000000`00000000
fffff880`009ec448  00000000`00000000
fffff880`009ec450  00000000`00000000
fffff880`009ec458  00000000`00000000
fffff880`009ec460  00000000`00000000
fffff880`009ec468  00000000`00000000
fffff880`009ec470  00000000`00000000
fffff880`009ec478  00000000`00000000
fffff880`009ec480  ffffffff`ffffffe8
fffff880`009ec488  fffff800`0377df2d nt!PopQueueQuerySetIrp+0x15d
fffff880`009ec490  fffffa80`191efe10
fffff880`009ec498  fffffa80`00000103
fffff880`009ec4a0  fffffa80`23e39ad0
fffff880`009ec4a8  00000000`00000000
fffff880`009ec4b0  00000000`00000000
fffff880`009ec4b8  fffff800`03829b80 nt!PopIrpLock
fffff880`009ec4c0  fffffa80`23818a00
fffff880`009ec4c8  fffffa80`191efe10
fffff880`009ec4d0  00000000`00000000
fffff880`009ec4d8  fffff800`0379969b nt!PoRequestPowerIrp+0x1ab
fffff880`009ec4e0  fffffa80`23e39ad0
fffff880`009ec4e8  00000000`00000002
fffff880`009ec4f0  00000000`00000000
fffff880`009ec4f8  fffff880`00ed3938 Wdf01000!FxPkgPnp::_PowerPolDevicePowerDownComplete
fffff880`009ec500  fffffa80`00000001
fffff880`009ec508  fffff880`009ec5b8
fffff880`009ec510  00000000`00000000
fffff880`009ec518  fffff880`00ed0899 Wdf01000!FxIoQueue::ProcessPowerEvents+0x169
fffff880`009ec520  00000000`00000010
fffff880`009ec528  00000000`00010203
fffff880`009ec530  fffff880`009ec540
fffff880`009ec538  00000000`00000000
fffff880`009ec540  00000000`00000004
fffff880`009ec548  fffff880`00ed376d Wdf01000!FxPkgPnp::PowerPolicySendDevicePowerRequest+0x79
fffff880`009ec550  fffffa80`191ed780
fffff880`009ec558  00000000`00000000
fffff880`009ec560  fffff880`00000004
fffff880`009ec568  fffffa80`1be7cb60
fffff880`009ec570  fffffa80`1be75010
fffff880`009ec578  fffff880`009ec608
fffff880`009ec580  00000001`1be7cb60
fffff880`009ec588  fffff880`00ed0b72 Wdf01000!FxIoQueue::ProcessPowerEvents+0x442
fffff880`009ec590  00000000`00000000
fffff880`009ec598  fffffa80`1c015490 <--Wdf01000!FxCallbackMutexLock::`vftable'
fffff880`009ec5a0  fffff880`15346868 tsusbhub!BdEvtIoStop
fffff880`009ec5a8  fffffa80`191ed780 <--Wdf01000!FxPkgFdo::`vftable'
fffff880`009ec5b0  fffff880`00f51290 Wdf01000!FxPkgPnp::m_WdfPowerPolicyStates+0x4e0
fffff880`009ec5b8  00000000`00000000
fffff880`009ec5c0  fffffa80`1be75010
fffff880`009ec5c8  00000000`00000000
fffff880`009ec5d0  fffff880`00f4ed40 Wdf01000!FxWmiIrpHandler::m_WmiDispatchTable+0x13a0
fffff880`009ec5d8  00000000`00000001
fffff880`009ec5e0  00000000`00000001
fffff880`009ec5e8  fffffa80`1be7cb60 <--Wdf01000!FxIoQueue::`vftable'
fffff880`009ec5f0  fffff880`009ec640 +10 us the stack (00000000`00000000)
fffff880`009ec5f8  fffff880`00ebb1dd Wdf01000!FxIoQueue::DispatchEvents+0x41d
fffff880`009ec600  fffffa80`1be7cb60
fffff880`009ec608  fffff880`009ec688 (up the stack arg of StopProcessingForPower) fffff880`00ed2000 Wdf01000!_FX_DRIVER_GLOBALS::WaitForSignal+0x48
fffff880`009ec610  fffffa80`000000e6
fffff880`009ec618  00000000`00000000
fffff880`009ec620  fffff880`009ec6d0 +21 up the stack (arg of StopProcessingEvent? ) fffffa80`1be7cb60 <--Wdf01000!FxIoQueue::`vftable'
fffff880`009ec628  00000000`00000001
fffff880`009ec630  00000000`00000001
fffff880`009ec638  fffffa80`1be7cb60 <--Wdf01000!FxIoQueue::`vftable'
fffff880`009ec640  00000000`00000000
fffff880`009ec648  fffffa80`1be7cea0
fffff880`009ec650  00000000`00000000
fffff880`009ec658  00000000`00000001
fffff880`009ec660  00000000`00000000
fffff880`009ec668  fffffa80`1be7ce00
fffff880`009ec670  fffff880`009ec6b0
fffff880`009ec678  fffff880`00ecc5c1 Wdf01000!FxIoQueue::StopProcessingForPower+0x181

Small update, one of the addresses near PopQueueQuerySetIrp was recognized with the following command:

Code:

4: kd> !irp fffffa80`23e39ad0
Irp is active with 3 stacks 2 is current (= 0xfffffa8023e39be8)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

            Args: 00000000 00000000 00000000 00000000
>[ 16, 2]   0 e1 fffffa80191efe10 00000000 00000000-00000000    pending
           \Driver\CompositeBus
            Args: 00014400 00000001 00000004 00000002
 [  0, 0]   0  0 00000000 00000000 00000000-fffffa8023818ac0    

            Args: 00000000 00000000 00000000 00000000
4: kd> dps fffffa80`23e39ad0

Then !devobj on that address

Code:

4: kd> !devobj  fffffa80191efe10
Device object (fffffa80191efe10) is for:
  \Driver\CompositeBus DriverObject fffffa80191ec060
Current Irp 00000000 RefCount 0 Type 0000002a Flags 00002004
DevExt fffffa80191ec560 DevObjExt fffffa80191eff88 
ExtensionFlags (0x00000800)  DOE_DEFAULT_SD_PRESENT
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) fffffa8018874bb0 \Driver\PnpManager
Device queue is not busy.

4: kd> !drvobj fffffa80191ec060
Driver object (fffffa80191ec060) is for:
 \Driver\CompositeBus
Driver Extension List: (id , addr)
(fffff88000f20bf4 fffffa80191dc3f0)  
Device Object list:
fffffa80191efe10

I'm not sure how to decode device extensions?

Vir Gnarus · 16 Aug 2013

I've never got dev extensions to work either on newer system dumps. Instead I just check the devnode with !devnode, preferably dumping the tree so I can understand the relationship between the device objects on the devstack. Make sure to use !devstack as well! Oh, and add 7 to the end of !drvobj after the drive object address and it'll pump out extra details like the routine list. This will help you determine what function was called when passed that power IRP you're looking at for the CompositeBus.

For the list of major/minor function codes for IRPs, you can check the !irp help page on Windbg and it'll give you a list. Compare that with the [16,2] on the IRP and you can see it's a power IRP doing a SET_POWER. Sounds relevant to what we're dealing with. Also, type the !irp command again for that IRP, but add 1 to the end to get header details on the IRP. It may provide us a status code that can tell us a bit what's wrong.

Overall thanks for perusing this a bit. TBH, I probably won't be able to work on this until next week as this week (especially this weekend) has and is going to be crazy! I don't think I will have sufficient time to sit down and scrutinize your crashdump until then. Sorry for the wait, but it looks like you're doing well by yourself!

sergeyn · 17 Feb 2014

Hi,

Wondering if you have ever had a chance to go deeper into the issue, which is still present on my pc. Btw, full memory dumps stopped being generated. I wonder if it is because I've moved my page file to another partition?

Thanks.