[vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
mikhail sennikovsky
mikhail.sennikovsky at oracle.com
Wed Mar 14 10:52:28 GMT 2012
One thing you might try is to make your host system BSOD and generate a
full or kernel memory dump once you are sure IoGetDeviceObjectPointer is
deadlocked for you.
You will be able then to open the crash dump and find and analyze the
deadlocked thread.
See http://support.microsoft.com/kb/244139 on how to make the system
generate a dump for you.
Note that you'd need a full dump or kernel memory dump, not a minidump.
My Computer -> properties -> advanced system settings -> "Startup and
recovery" settings.
Once you have a dump and opened it with WinDbg, :
in WinDbg cmd console: !stacks 2 VBoxUsbMon! -> will give you a list of
threads VBoxUsbMon is involved in
select the deadlocked thread with .thread <thread_address>
you can then do k, .frame, or whatever you need on that thread. It would
be great if you could post a stack trace for that thread here.
Mikhail
On 14.03.2012 1:43, Huihong Luo wrote:
> sorry, just realized that you are debugging host drivers. Yes, you
> will have to use 2 physical pcs.
>
> --- On *Tue, 3/13/12, Huihong Luo /<huisinro at yahoo.com>/* wrote:
>
>
> From: Huihong Luo <huisinro at yahoo.com>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "Ribhi Kamal" <rbhkamal at gmail.com>
> Cc: "vbox-dev" <vbox-dev at virtualbox.org>
> Date: Tuesday, March 13, 2012, 2:41 PM
>
> do you mean you need 2 pcs to debug?
> no, you can use same pc. Just run vm on the same pc, and configure
> COM1 as pipe. Then start windbg this way:
>
> C:\WinDDK\7600.16385.0\Debuggers\windbg.exe -b -k
> com:pipe,port=\\.\pipe\com_1,resets=0
>
> --- On *Tue, 3/13/12, Ribhi Kamal /<rbhkamal at gmail.com>/* wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "Huihong Luo" <huisinro at yahoo.com>
> Cc: "vbox-dev" <vbox-dev at virtualbox.org>
> Date: Tuesday, March 13, 2012, 2:38 PM
>
> Thanks, that helped me get started. Unfortunately I can't set
> break points when debugging locally so it is going to take me
> a while answer your questions. The only dev machine that I use
> is 100 miles away from me, so it will be very hard to attach a
> console/USB cable for debugging. I need to go hunt for a
> laptop somewhere, put windows on it then run a windbg in
> server mode. That way I can connect via tcp and set breakpoints.
>
> Thanks again
>
> On Tue, Mar 13, 2012 at 3:30 PM, Huihong Luo
> <huisinro at yahoo.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
> wrote:
>
> inside windbg, click Disassembly window, it will display
> assembly code, then you can set a breakpoint by click the
> left side of the code line.
>
>
> --- On *Tue, 3/13/12, Ribhi Kamal /<rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>/*
> wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs
> vboxusbmon
> To: "Huihong Luo" <huisinro at yahoo.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
> Cc: "vbox-dev" <vbox-dev at virtualbox.org
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>>
> Date: Tuesday, March 13, 2012, 12:29 PM
>
>
> The \Device\USBPDO-11 physical device is a sprint hub
> driver BcmBusCtr.SYS. But I've seen it happen with
> other devices as well (Apple trackpad)
>
> Will update you once I get windbg working.
>
> Thanks
>
> On Tue, Mar 13, 2012 at 3:08 PM, Ribhi Kamal
> <rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
> wrote:
>
> The hubwalker loops through PDO devices 0-15 and
> it hangs at number 11. So the device name (hub
> name) should be "\Device\USBPDO-11". Is that what
> you wanted?
>
> I'm still trying to figure out how to step through
> assembly code in windbg. I just started windows in
> debug mode and connected windbg.
>
> In the mean time, I found the link below which
> suggests queuing a work item to call
> IoGetDeviceObjectPointer using ioallocateworkitem
> routine, should I give that a try?
> http://www.osronline.com/article.cfm?id=24
>
> Here is a little snippet:
>
> *Figure 5 -- The _wrong_ way to write a PnP
> Notification Callback*
>
> **
>
> And, while you'd be partially right, you /do/ get a
> pointer to a device object using its name by calling
> *IoGetDeviceObject Pointer*, you'd also get bitten by one
> of the conditions of PnP Notification routines. As it
> very clearly states in the documentation:
>
> /A callback routine must not open the device directly. If
> the provider of the interface causes blocking PnP events,
> the notification callback routine can cause a deadlock if
> it tries to open the device in the callback thread./
>
> //
>
> When you call *IoGetDeviceObjectPointer, *you're actually
> issuing an open (IRP_MJ_CREATE) for the specified
> device. That's why you get back a File Object pointer, in
> addition to the Device Object pointer that you
> wanted. So, the proper thing to do is queue a work item
> that does the call to *IoGetDeviceObjectPointer*, as shown
> in /Figure 6/.
>
>
>
> On Tue, Mar 13, 2012 at 2:10 PM, Huihong Luo
> <huisinro at yahoo.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
> wrote:
>
> This api simply returns a device object from a name,
> and usually does not block. What is the
> device name? you can examine ObjectName unicode string.
> IoGetDeviceObjectPointer() does the following thing:
> ZwOpenFile(ObjectName) to get a handle
> ObReferenceObjectByHandle(handle) to get the FileObject
> IoGetRelatedDeviceObject(FileObject) to get the device
> object
> you can further step into the assembly code to nail
> down which function call causes the lock.
> you can also list all locks using these commands in
> windbg:
> !locks
> !deadlock
>
> --- On *Tue, 3/13/12, Ribhi Kamal /<rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>/*
> wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer
> hangs vboxusbmon
> To: "vbox-dev" <vbox-dev at virtualbox.org
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>>
> Date: Tuesday, March 13, 2012, 10:49 AM
>
>
> Sorry, actually the IRQL == PASSIVE_LEVEL is okay.
> So just ignore that bit.
>
> On Tue, Mar 13, 2012 at 1:27 PM, Ribhi Kamal
> <rbhkamal at gmail.com
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
> wrote:
>
> I've been troubleshooting an issue that
> prevents vbox from capturing USB devices when
> other specific USB devices are plugged in
> (i.e. Sprint USB crap). I finally managed to
> track down the problem to
> IoGetDeviceObjectPointer in
> VboxUsbMonHubDevWalk. IoGetDeviceObjectPointer
> was getting called, however, it never returned.
>
> I'm not an expert in windows driver
> development so I'd like to run things by you
> before I start fixing it.
>
> Firstly, I'm not really sure why it hangs
> (deadlocks?) there for some devices and not
> others. However, I believe that it may be due
> to the fact that some driver interfaces cause
> blocking PnP events. Due to that, vboxusbmon
> runs into a deadlock when
> executing IoGetDeviceObjectPointer because it
> is being used directly from a callback
> function, VBoxUsbMonDeviceControl, and
> IRQL==PASSIVE_LEVEL.
>
> What led me to that conclusion is that right
> after IoGetDeviceObjectPointer is executed, I
> start seeing lots of PnP events.
> USBMon::vboxUsbMonHubDevWalk:
> IoGetDeviceObjectPointer - Starting
>
> USBMon::VBoxUsbMonPnPHook:
> VBoxUsbMonPnPHook In
>
> USBMon::VBoxUsbMonPnPHook:
> ==>PnP: Mn(IRP_MN_QUERY_DEVICE_RELATIONS),
> PDO(0x8833d028), IRP(0x882a71a8),
> Status(0xc00000bb)
>
> See attached for complete debug view.
>
> Are my assumptions correct? If so how would
> you go about fixing the problem.
>
> Thanks!
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
>
>
>
> --
> -- Ribhi
>
>
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20120314/1946e2aa/attachment.html>
More information about the vbox-dev
mailing list