S3 QUERY IRP Completion problem

his problem is NOT FOR THE FAINT OF HEART:

I've got a multi-port serial (MPS) device which is having trouble with power
management. The original driver's power management code did not have any
calls to PoRequestPowerIrp() which caused some problems. I looked at
Toaster and Oney's WDM examples and changed the code to conform.

A nut-shell architecture of the driver is as follows:

1) a FDO is created for each MPS PCI adapter.

2) the driver acts as a bus driver for a virtual bus on which we hang all
the serial port devices. The driver creates a PDO for each port and
consequently, FDOs are created corresponding to each PDO.

When the Power Manager issues a S3 Query, this is what I see with my traces:

(Indenting indicates function scoping, "exit" from a function will

DispatchFdoS3SetQuery, RocketPort15 (COM18), Irp = FFB99A30
SendDeviceIrp, RocketPort15 (COM18), sIrp = FFB99A30
DispatchFdoD3SetQuery, RocketPort15 (COM18), Irp = FF9C3B28
HookAndPassDownIrp, RocketPort15 (COM18), Irp = FF9C3B28
DispatchPowerPdo, RocketPortPdo0 (), Irp = FF9C3B28
CompletionFdoD3SetQuery, RocketPort15 (COM18), Irp =
FinalizeDevicePowerIrp, RocketPort15 (COM18), Irp =
PowManCallbackFdoS3SetQuery, RocketPort15
(COM18), sIrp = FFB99A30
HookAndPassDownIrp, RocketPort15 (COM18),
Irp = FFB99A30
DispatchPowerPdo, RocketPortPdo0 (), Irp
= FFB99A30
RocketPort15 (COM18), Irp = FFB99A30
CompletionFdoS3SetQuery exit, status
= STATUS_SUCCESS (00000000)

Here we have an FDO S3 Query IRP FFB99A30 for COM18. The FDO S3 dispatch
sends a device IRP to the device stack (via PoRequestDeviceIrp).

The FDO D3 Query IRP FF9C3B28 is created by the Power Manager and is issued
to the driver. The FDO D3 dispatch "hooks" the IRP and passes it down (i.e.
IoCopyCurStkLoc, IoSetCompletionR, PoCallDriver) to the "bus" driver.

Next, the PDO D3 IRP FF9C3B28 arrives at the "bus" PDO Dispatch routine.
The PDO dispatch sees that it is a DEVICE QUERY and calls PoSetPowerState.
The PDO dispatch then calls PoStartNextPowerIrp and completes the IRP.

Then the FDO D3 Completion routine gets called which completes the Device
Power IRP FF9C3B28.

Next, the Power Manager calls PowManCallbackFdoS3SetQuery to indicate that
the device IRP FF9C3B28 has completed AND it is time to handle the
corresponding S3 Irp FFB99A30.

The PoMan callback "hooks" and passes the S3 Irp down the stack.

The "bus" PDO S3 Irp FFB99A30 arrives and the driver completes it.

Finally the FDO S3 Completion routine is called. PoStartNextPowerIrp is
called and then the S3 QUERY IRP FFB99A30 is completed.

When the FDO S3 Completion routine returns, I get the following exception:

Access violation - code c0000005 (!!! second chance !!!)
Loading symbols for 80a02000 ntoskrnl.exe -> ntoskrnl.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntoskrnl.exe -
80a32d04 0fb68765010000 movzx eax,byte ptr [edi+0x165]

kd> r
eax=00000000 ebx=00000000 ecx=80aaae06 edx=00000041 esi=ffb99a70

I think I got it figured out. I am calling IoCompleteRequest twice for each
S3 and D3 IRP. I was calling IoCompleteRequest once for in "bus" PDO
handler and once in the FDO Completion Routine. I took IoCompleteRequest
out of the FDO's completion routine and I got all the way through the S3 &
D3 Queries.

Now I'm having a similar problem with S3 & D3 Set IRPs. It's probably the
same problem.