PRB: OSR 2.1/2.5 - IoDeleteDevice() Might Cause Blue Screen

ID: Q186758

The information in this article applies to:

Microsoft Win32 Device Driver Kit (DDK) for Windows NT, version 4.0

SYMPTOMS

Under OSR 2.1 and OSR 2.5, when you call the WDM service IoDeleteDevice() for a device object with one or more open file handles a blue-screen BugCheck error of 36 occurs.

CAUSE

Under OSR 2.1 and OSR 2.5, when you unplug a USB device its WDM device driver receives a IRP_MN_REMOVE_DEVICE IRP. In response to this IRP, a WDM driver typically calls IoDeleteDevice() for its device object. If there are open file handles for the device object, IoDeleteDevice() produces a BugCheck blue-screen with an error code of DEVICE_REFERENCE_COUNT_NOT_ZERO (36h).

RESOLUTION

To work around this behavior, a WDM driver must defer deletion of the device object until all open file handles for the device object have been closed.

STATUS

This behavior is by design. This behavior does not occur in Windows 98.

MORE INFORMATION

To defer deletion of the device object, the WDM driver should do the following:

When handling an IRP_MN_REMOVE_DEVICE IRP, the WDM driver should only call IoDeleteDevice if the ReferenceCount field in the device object is zero. If the reference count is non-zero, the WDM driver should flag the device object as being "removed", by setting a driver defined flag in the object's device extension.

When processing IRP_MJ_CLOSE IRPs, the WDM driver should check if the device object has been marked as "removed". If it has been removed and the reference count for the device object is equal to 1, then the driver should schedule a work item to delete the device object using ExQueueWorkItem(). The driver should then complete the IRP as it would normally.

In the callback for the work item, the WDM driver should first delay execution for a small period of time (50 milliseconds) using KeDelayExecutionThread(), and then check if the reference count for the device object has gone to 0. If it has, the driver should call IoDeleteDevice(). If the reference count is still non-zero after the delay, the driver should queue the work item again using ExQueueWorkItem(). The work item should continue to be re-queued until the reference count goes to 0.

Additional query words: kbDSupport kbdsh KeBugCheckEx kbNoKeyword USB WDM


Keywords          : 
Version           : WINNT:4.0
Platform          : winnt 
Issue type        : kbprb

Last Reviewed: March 4, 1999