diff --git a/server/device.c b/server/device.c
index c798694875b..0bb2757de7f 100644
--- a/server/device.c
+++ b/server/device.c
@@ -503,7 +503,6 @@ static int device_file_close_handle( struct object *obj, struct process *process
 
         memset( &params, 0, sizeof(params) );
         params.close.major = IRP_MJ_CLOSE;
-        params.close.file  = file->user_ptr;
 
         if ((irp = create_irp( file, &params, NULL )))
         {
@@ -529,26 +528,27 @@ static void device_file_destroy( struct object *obj )
     release_object( file->device );
 }
 
-static void set_file_user_ptr( struct device_file *file, client_ptr_t ptr )
+static void fill_irp_params( struct irp_call *irp, irp_params_t *params )
 {
-    struct irp_call *irp;
+    *params = irp->params;
 
-    if (file->user_ptr == ptr) return;  /* nothing to do */
-
-    file->user_ptr = ptr;
-
-    /* update already queued irps */
-
-    LIST_FOR_EACH_ENTRY( irp, &file->requests, struct irp_call, dev_entry )
+    switch (params->major)
     {
-        switch (irp->params.major)
-        {
-        case IRP_MJ_CLOSE:          irp->params.close.file = ptr; break;
-        case IRP_MJ_READ:           irp->params.read.file  = ptr; break;
-        case IRP_MJ_WRITE:          irp->params.write.file = ptr; break;
-        case IRP_MJ_FLUSH_BUFFERS:  irp->params.flush.file = ptr; break;
-        case IRP_MJ_DEVICE_CONTROL: irp->params.ioctl.file = ptr; break;
-        }
+    case IRP_MJ_CLOSE:
+        params->close.file = irp->file->user_ptr;
+        break;
+    case IRP_MJ_READ:
+        params->read.file  = irp->file->user_ptr;
+        break;
+    case IRP_MJ_WRITE:
+        params->write.file = irp->file->user_ptr;
+        break;
+    case IRP_MJ_FLUSH_BUFFERS:
+        params->flush.file = irp->file->user_ptr;
+        break;
+    case IRP_MJ_DEVICE_CONTROL:
+        params->ioctl.file = irp->file->user_ptr;
+        break;
     }
 }
 
@@ -580,7 +580,6 @@ static int device_file_read( struct fd *fd, struct async *async, file_pos_t pos
     params.read.major = IRP_MJ_READ;
     params.read.key   = 0;
     params.read.pos   = pos;
-    params.read.file  = file->user_ptr;
     return queue_irp( file, &params, async );
 }
 
@@ -593,7 +592,6 @@ static int device_file_write( struct fd *fd, struct async *async, file_pos_t pos
     params.write.major = IRP_MJ_WRITE;
     params.write.key   = 0;
     params.write.pos   = pos;
-    params.write.file  = file->user_ptr;
     return queue_irp( file, &params, async );
 }
 
@@ -604,7 +602,6 @@ static int device_file_flush( struct fd *fd, struct async *async )
 
     memset( &params, 0, sizeof(params) );
     params.flush.major = IRP_MJ_FLUSH_BUFFERS;
-    params.flush.file  = file->user_ptr;
     return queue_irp( file, &params, async );
 }
 
@@ -616,7 +613,6 @@ static int device_file_ioctl( struct fd *fd, ioctl_code_t code, struct async *as
     memset( &params, 0, sizeof(params) );
     params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
     params.ioctl.code  = code;
-    params.ioctl.file = file->user_ptr;
     return queue_irp( file, &params, async );
 }
 
@@ -752,7 +748,6 @@ void free_kernel_objects( struct object *obj )
         /* abuse IRP_MJ_CLEANUP to request client to free no longer valid kernel object */
         memset( &params, 0, sizeof(params) );
         params.cleanup.major = IRP_MJ_CLEANUP;
-        params.cleanup.obj   = kernel_object->user_ptr;
 
         if ((irp = create_irp( NULL, &params, NULL )))
         {
@@ -869,13 +864,13 @@ DECL_HANDLER(get_next_device_request)
             reply->client_thread = get_kernel_object_ptr( manager, &irp->thread->obj );
             reply->client_tid    = get_thread_id( irp->thread );
         }
-        reply->params = irp->params;
         iosb = irp->iosb;
         reply->in_size = iosb->in_size;
         reply->out_size = iosb->out_size;
         if (iosb->in_size > get_reply_max_size()) set_error( STATUS_BUFFER_OVERFLOW );
         else if (!irp->file || (reply->next = alloc_handle( current->process, irp, 0, 0 )))
         {
+            fill_irp_params( irp, &reply->params );
             set_reply_data_ptr( iosb->in_data, iosb->in_size );
             iosb->in_data = NULL;
             iosb->in_size = 0;
@@ -897,7 +892,7 @@ DECL_HANDLER(set_irp_result)
 
     if ((irp = (struct irp_call *)get_handle_obj( current->process, req->handle, 0, &irp_call_ops )))
     {
-        if (irp->file) set_file_user_ptr( irp->file, req->file_ptr );
+        if (irp->file) irp->file->user_ptr = req->file_ptr;
         set_irp_result( irp, req->status, get_req_data(), get_req_data_size(), req->size );
         close_handle( current->process, req->handle );  /* avoid an extra round-trip for close */
         release_object( irp );