OnReleaseHardware: Close EC driver handle

[JohnAZoidberg]

Previously the following HLK tests would fail and also uninstalling the device from device manager would trigger a debugger break.

Already succesfully tested
DF - PNP DIF Remove Device Test (Reliability)
DF - PNP Rebalance Fail Restart Device Test (Reliability)

Still retesting
DF - Reinstall with IO Before and After (Reliability)
DF - Sleep and PNP (disable and enable) with IO Before and After (Reliability)

[JohnAZoidberg]

I figured it out by connecting the kernel debugger (WinDbg) over USB-A and it stopped with this output:

=======================================
VERIFIER STOP 0000000000000901: pid 0x2044: A HANDLE was leaked. 

	0000000000000474 : Value of the leaked handle. Run !htrace <handle> to get additional information about the handle if handle tracing is enabled.
	000001F63877A4D0 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
	000001F640E3AFD2 : Address of the owner dll name. Run du <address> to read the dll name.
	00007FFDA85A0000 : Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

[JohnAZoidberg]

And there was also a crash dump with the following stack trace:

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffda8002b82 (KERNELBASE!wil::details::DebugBreak+0x0000000000000002)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 0000000000000000

PROCESS_NAME:  WUDFHost.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE_STR:  80000003

EXCEPTION_PARAMETER1:  0000000000000000

STACK_TEXT:  
000000d0`97dfe148 00007ffd`a49a7e07     : 00000000`00000008 0000024c`c2a47fd0 000000d0`97dfe190 0000024c`c2a47fd0 : KERNELBASE!wil::details::DebugBreak+0x2
000000d0`97dfe150 00007ffd`a4981bd3     : 0000024c`006c6c64 00000000`00000000 00000000`00000000 0000024c`c4460e98 : WUDFx02000!FxVerifierDbgBreakPoint+0x4b
000000d0`97dfe190 00007ffd`a4981737     : 0000024c`c4460e80 00000000`00000000 0000024c`c4460ea8 00000000`00000005 : WUDFx02000!FxTimer::Stop+0x297
000000d0`97dfe1e0 00007ffd`a49816f3     : 0000024c`c4460e80 0000024c`c4460e80 00000000`00000000 0000024c`c4460ec0 : WUDFx02000!FxTimer::FlushAndRundown+0x33
000000d0`97dfe230 00007ffd`a495f523     : 0000024c`c4460e00 00000000`00000000 00000000`00000000 00007ffd`aaa857ca : WUDFx02000!FxTimer::Dispose+0x33
000000d0`97dfe260 00007ffd`a495f326     : 0000024c`c4460e80 00000000`00000200 00007ffd`a62bc300 00000000`00000004 : WUDFx02000!FxObject::DisposeChildrenWorker+0xa3
000000d0`97dfe2e0 00007ffd`a495f1e2     : 0000024c`c4460e80 00000000`00000000 0000024c`c4460ea0 00000000`00000000 : WUDFx02000!FxObject::PerformDisposingDisposeChildrenLocked+0x66
000000d0`97dfe360 00007ffd`a495f613     : 0000024c`c443ee40 00000000`00000001 0000024c`c4460ef8 0000024c`c443ee68 : WUDFx02000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x52
000000d0`97dfe3c0 00007ffd`a495ede0     : 00000000`00000200 00007ffd`a49f2460 00000000`00000000 00007ffd`a49ed030 : WUDFx02000!FxObject::DisposeChildrenWorker+0x193
000000d0`97dfe440 00007ffd`a496986a     : 00000000`00000000 00000000`00000000 00007ffd`a49ed030 00007ffd`a49587e6 : WUDFx02000!FxObject::DeleteObject+0x130
000000d0`97dfe4c0 00007ffd`a4923748     : 0000024c`c443ee40 00007ffd`a492b028 00000000`00000000 00000000`00000001 : WUDFx02000!imp_WdfObjectDelete+0x11a
000000d0`97dfe570 00007ffd`a49a36b3     : 0000024c`c4340f28 00000000`00000000 00000000`00000000 00000000`00000000 : frameworksensors!OnReleaseHardware+0x138
000000d0`97dfe5b0 00007ffd`a497ec61     : 0000024c`c4340f28 0000024c`c430ece0 0000024c`c4340870 00000000`0000010e : WUDFx02000!FxPnpDeviceReleaseHardware::InvokeClient+0x23
000000d0`97dfe600 00007ffd`a49a2827     : 0000024c`c4340870 00007ffd`a49ed310 00000000`00000008 000000d0`97dfe6d8 : WUDFx02000!FxPrePostCallback::InvokeStateless+0x61
000000d0`97dfe630 00007ffd`a49dbf1e     : 0000024c`c4340870 000000d0`97dfe710 00007ffd`a49ed310 00000000`00000000 : WUDFx02000!FxPkgPnp::PnpReleaseHardware+0x5b
000000d0`97dfe670 00007ffd`a499814a     : 00000000`00000117 000000d0`97dfe710 00000000`000001c0 00007ffd`a6277252 : WUDFx02000!FxPkgPnp::PnpEventRemovingDisableInterfaces+0xe
000000d0`97dfe6a0 00007ffd`a497e16d     : 0000024c`c4340870 0000024c`c43409f8 0000024c`c4340870 0000024c`c4340a00 : WUDFx02000!FxPkgPnp::PnpEnterNewState+0x12e
000000d0`97dfe740 00007ffd`a4997c54     : 0000024c`c4340800 0000024c`c4340870 000000d0`97dfe830 0000024c`c4340a30 : WUDFx02000!FxPkgPnp::PnpProcessEventInner+0xfd
000000d0`97dfe7c0 00007ffd`a49d80ec     : 00000000`00000000 0000024c`c4340d98 0000024c`c4340870 000000d0`97dfe8f0 : WUDFx02000!FxPkgPnp::PnpProcessEvent+0x198
000000d0`97dfe860 00007ffd`a497eeb8     : 00007ffd`a49ef060 000000d0`97dfe910 00007ffd`a4950000 00007ffd`a49f3328 : WUDFx02000!FxPkgPnp::_PnpRemoveDevice+0x7c
000000d0`97dfe8b0 00007ffd`a4979816     : 00000000`0000001b 0000024c`c237df70 00007ffd`a4950000 00007ffd`a49f3328 : WUDFx02000!FxPkgPnp::Dispatch+0xc8
000000d0`97dfe930 00007ffd`a4994670     : 00000000`00000000 0000024c`c237df70 00000000`00000000 0000024c`c1db4e10 : WUDFx02000!FxDevice::Dispatch+0xe6
000000d0`97dfe9d0 00007ffd`a49924cf     : 0000024c`c237df70 0000024c`c237df70 0000024c`c1db4e10 00007ffd`aabb86b8 : WUDFx02000!FxDevice::DispatchWithLock+0x74
000000d0`97dfea00 00007ff6`9dc1b701     : 0000024c`c237df70 0000024c`c237df70 000000d0`00000008 00007ffd`aab8b3e0 : WUDFx02000!FxMessageDispatch::DispatchPnP+0xcf
000000d0`97dfea70 00007ff6`9dc183e8     : 0000024c`c237ddd0 0000024c`c237ddd0 0000024c`c237ddd0 0000024c`c237ddd0 : WUDFHost!CWudfDeviceStack::OnDispatchPnp+0x165
000000d0`97dfec30 00007ff6`9dc18a13     : 00007ff6`9dc5b260 000000d0`97dff1f0 0000024c`c237ddd0 0000024c`c237ddd0 : WUDFHost!CWudfDeviceStack::Forward+0x8d8
000000d0`97dfecc0 00007ff6`9dc12111     : 000000d0`97dff1f0 000000d0`97dff1f0 00000000`00000002 000000d0`97dff1f0 : WUDFHost!CLpcNotification::UnloadSafeDispatchIrp+0x43
000000d0`97dfecf0 00007ff6`9dc2c14e     : 0000024c`bb540000 00000000`00000000 00000000`00000000 000000d0`97dff1f0 : WUDFHost!CLpcNotification::WudfPnpHandler+0x171
000000d0`97dfede0 00007ff6`9dc32ab3     : 0000024c`c0859e40 000000d0`97dfef60 000000d0`97dff1c8 00000000`00000000 : WUDFHost!CLpcNotification::ProcessPnpPowerIrp+0x76
000000d0`97dfee60 00007ffd`a67b54df     : 000000d0`97dff100 0000024c`c1d7cf00 000000d0`97dff1c8 00007ff6`9dc32770 : WUDFHost!CLpcNotification::Message+0x343
000000d0`97dfefa0 00007ffd`a67b50bf     : 00000000`00000000 00000000`00000001 00000000`00000000 00007ffd`a6276c91 : WUDFPlatform!WdfLpcPort::ProcessMessage+0x1df
000000d0`97dff060 00007ffd`a67bb742     : 000000d0`97dff260 000000d0`97dff260 0000024c`c1d7cf00 00007ffd`a6278f5a : WUDFPlatform!WdfLpcCommPort::ProcessMessage+0x6f
000000d0`97dff0b0 00007ffd`a67baf95     : 0000024c`c0a32f30 00000000`00000001 0000024c`c08ebf80 00000000`00000000 : WUDFPlatform!WdfLpcConnPort::ProcessMessage+0x282
000000d0`97dff180 00007ff6`9dc21bff     : 0000024c`c091df70 0000024c`c091df70 000000d0`97dff489 00000000`00000000 : WUDFPlatform!WdfLpc::RetrieveMessage+0x195
000000d0`97dff300 00007ffd`a62804d5     : 0000024c`be9a7eb0 000000d0`97dff489 000000d0`97dff688 00000000`00000000 : WUDFHost!ThreadPoolWorkerThunk+0x4f
000000d0`97dff330 00007ffd`aaa194db     : 0000024c`c0a3ee20 00000000`7ffe0386 0000024c`c464af90 000000d0`97dff688 : vfbasics!AVrfpTpWaitCallback+0x65
000000d0`97dff3c0 00007ffd`aaa31fe0     : 00000000`00000000 00000000`00000002 0000024c`c464cff0 00000000`00000000 : ntdll!TppExecuteWaitCallback+0x46b
000000d0`97dff4f0 00007ffd`a934dbe7     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x5a0
000000d0`97dff850 00007ffd`aaa65a6c     : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : kernel32!BaseThreadInitThunk+0x17
000000d0`97dff880 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c


FAULTING_SOURCE_LINE:  minkernel\wdf\framework\shared\inc\private\common\fxverifier.h

FAULTING_SOURCE_FILE:  minkernel\wdf\framework\shared\inc\private\common\fxverifier.h

FAULTING_SOURCE_LINE_NUMBER:  94

FAULTING_SOURCE_SRV_COMMAND:  https://dev.azure.com/microsoft/OS/_apis/git/repositories/os.2020/blobs/e705cdd87a9587a43e0bc77c6e137ecdca83a234?api-version=7.0&download=true&filename=fxverifier.h

[JohnAZoidberg]

So the conclusion is that WdfObjectDelete(pDevice->m_SensorInstance); triggered the DriverVerifier because the object that points to the handle was deleted, causing a leak of the handle.