[vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
Ribhi Kamal
rbhkamal at gmail.com
Wed Mar 14 18:01:23 GMT 2012
Thanks for the help! Below is the stack trace. I'm still working on setting
up windbg on another machine.
Note: BcmBusCtr is the USB hub that is causing the trouble. It is possible
that the device is not behaving correctly so I starting to lean towards
making the hubWalker skip the device all together. But I would rather find
a real solution since this problem will happen with other devices as well.
[888152d8 VirtualBox.exe]
[853f7448 VBoxSVC.exe]
*** ERROR: Module load completed but symbols could not be loaded for
BcmBusCtr.sys
ea4.000eb8 8807d030 0003c0b Blocked nt!KiSwapContext+0x26
nt!KiSwapThread+0x266
nt!KiCommitThreadWait+0x1df
nt!KeWaitForSingleObject+0x393
BcmBusCtr+0x6127
nt!IofCallDriver+0x63
nt!IopParseDevice+0xed7
nt!ObpLookupObjectName+0x4fa
nt!ObOpenObjectByName+0x165
nt!IopCreateFile+0x673
nt!NtOpenFile+0x2a
nt!KiFastCallEntry+0x12a
nt!ZwOpenFile+0x11
nt!IoGetDeviceObjectPointer+0x59
VBoxUSBMon!vboxUsbMonHubDevWalk+0x831
VBoxUSBMon!VBoxUsbFltFilterCheck+0x4c2
VBoxUSBMon!VBoxUsbMonRunFilters+0x16f
VBoxUSBMon!vboxUsbMonIoctlDispatch+0x1374
VBoxUSBMon!VBoxUsbMonDeviceControl+0xe38
nt!IofCallDriver+0x63
nt!IopSynchronousServiceTail+0x1f8
nt!IopXxxControlFile+0x6aa
nt!NtDeviceIoControlFile+0x2a
nt!KiFastCallEntry+0x12a
ntdll!KiFastSystemCallRet
On Wed, Mar 14, 2012 at 6:52 AM, mikhail sennikovsky <
mikhail.sennikovsky at oracle.com> wrote:
> One thing you might try is to make your host system BSOD and generate a
> full or kernel memory dump once you are sure IoGetDeviceObjectPointer is
> deadlocked for you.
> You will be able then to open the crash dump and find and analyze the
> deadlocked thread.
>
> See http://support.microsoft.com/kb/244139 on how to make the system
> generate a dump for you.
>
> Note that you'd need a full dump or kernel memory dump, not a minidump. My
> Computer -> properties -> advanced system settings -> "Startup and
> recovery" settings.
>
> Once you have a dump and opened it with WinDbg, :
> in WinDbg cmd console: !stacks 2 VBoxUsbMon! -> will give you a list of
> threads VBoxUsbMon is involved in
> select the deadlocked thread with .thread <thread_address>
> you can then do k, .frame, or whatever you need on that thread. It would
> be great if you could post a stack trace for that thread here.
>
> Mikhail
>
>
> On 14.03.2012 1:43, Huihong Luo wrote:
>
> sorry, just realized that you are debugging host drivers. Yes, you will
> have to use 2 physical pcs.
>
> --- On *Tue, 3/13/12, Huihong Luo <huisinro at yahoo.com><huisinro at yahoo.com>
> * wrote:
>
>
> From: Huihong Luo <huisinro at yahoo.com> <huisinro at yahoo.com>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "Ribhi Kamal" <rbhkamal at gmail.com> <rbhkamal at gmail.com>
> Cc: "vbox-dev" <vbox-dev at virtualbox.org> <vbox-dev at virtualbox.org>
> Date: Tuesday, March 13, 2012, 2:41 PM
>
> do you mean you need 2 pcs to debug?
>
> no, you can use same pc. Just run vm on the same pc, and configure COM1 as
> pipe. Then start windbg this way:
>
> C:\WinDDK\7600.16385.0\Debuggers\windbg.exe -b -k
> com:pipe,port=\\.\pipe\com_1,resets=0
>
> --- On *Tue, 3/13/12, Ribhi Kamal <rbhkamal at gmail.com><rbhkamal at gmail.com>
> * wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com> <rbhkamal at gmail.com>
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "Huihong Luo" <huisinro at yahoo.com> <huisinro at yahoo.com>
> Cc: "vbox-dev" <vbox-dev at virtualbox.org> <vbox-dev at virtualbox.org>
> Date: Tuesday, March 13, 2012, 2:38 PM
>
> Thanks, that helped me get started. Unfortunately I can't set break
> points when debugging locally so it is going to take me a while answer your
> questions. The only dev machine that I use is 100 miles away from me, so it
> will be very hard to attach a console/USB cable for debugging. I need to go
> hunt for a laptop somewhere, put windows on it then run a windbg in server
> mode. That way I can connect via tcp and set breakpoints.
>
> Thanks again
>
> On Tue, Mar 13, 2012 at 3:30 PM, Huihong Luo <huisinro at yahoo.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>
> > wrote:
>
> inside windbg, click Disassembly window, it will display assembly code,
> then you can set a breakpoint by click the left side of the code line.
>
>
> --- On *Tue, 3/13/12, Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> >* wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> >
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "Huihong Luo" <huisinro at yahoo.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>
> >
> Cc: "vbox-dev" <vbox-dev at virtualbox.org<http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>
> >
> Date: Tuesday, March 13, 2012, 12:29 PM
>
>
> The \Device\USBPDO-11 physical device is a sprint hub
> driver BcmBusCtr.SYS. But I've seen it happen with other devices as well
> (Apple trackpad)
>
> Will update you once I get windbg working.
>
> Thanks
>
> On Tue, Mar 13, 2012 at 3:08 PM, Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> > wrote:
>
> The hubwalker loops through PDO devices 0-15 and it hangs at number 11. So
> the device name (hub name) should be "\Device\USBPDO-11". Is that what you
> wanted?
>
> I'm still trying to figure out how to step through assembly code in
> windbg. I just started windows in debug mode and connected windbg.
>
> In the mean time, I found the link below which suggests queuing a work
> item to call IoGetDeviceObjectPointer using ioallocateworkitem routine,
> should I give that a try?
> http://www.osronline.com/article.cfm?id=24
>
> Here is a little snippet:
>
> *Figure 5 – The wrong way to write a PnP Notification Callback*
>
> * *
>
> And, while you’d be partially right, you *do* get a pointer to a device
> object using its name by calling *IoGetDeviceObject Pointer*, you’d also
> get bitten by one of the conditions of PnP Notification routines. As it
> very clearly states in the documentation:
>
>
>
> *A callback routine must not open the device directly. If the provider of
> the interface causes blocking PnP events, the notification callback routine
> can cause a deadlock if it tries to open the device in the callback thread.
> *
>
> * *
>
> When you call *IoGetDeviceObjectPointer, *you’re actually issuing an open
> (IRP_MJ_CREATE) for the specified device. That’s why you get back a File
> Object pointer, in addition to the Device Object pointer that you
> wanted. So, the proper thing to do is queue a work item that does the call
> to *IoGetDeviceObjectPointer*, as shown in *Figure 6*.
>
>
> On Tue, Mar 13, 2012 at 2:10 PM, Huihong Luo <huisinro at yahoo.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>
> > wrote:
>
> This api simply returns a device object from a name, and usually does
> not block. What is the
> device name? you can examine ObjectName unicode string.
>
> IoGetDeviceObjectPointer() does the following thing:
>
> ZwOpenFile(ObjectName) to get a handle
> ObReferenceObjectByHandle(handle) to get the FileObject
> IoGetRelatedDeviceObject(FileObject) to get the device object
>
> you can further step into the assembly code to nail down which function
> call causes the lock.
>
> you can also list all locks using these commands in windbg:
>
> !locks
> !deadlock
>
> --- On *Tue, 3/13/12, Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> >* wrote:
>
>
> From: Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> >
> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
> To: "vbox-dev" <vbox-dev at virtualbox.org<http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>
> >
> Date: Tuesday, March 13, 2012, 10:49 AM
>
>
> Sorry, actually the IRQL == PASSIVE_LEVEL is okay. So just ignore that bit.
>
> On Tue, Mar 13, 2012 at 1:27 PM, Ribhi Kamal <rbhkamal at gmail.com<http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>
> > wrote:
>
> I've been troubleshooting an issue that prevents vbox from capturing USB
> devices when other specific USB devices are plugged in (i.e. Sprint USB
> crap). I finally managed to track down the problem to
> IoGetDeviceObjectPointer in VboxUsbMonHubDevWalk. IoGetDeviceObjectPointer
> was getting called, however, it never returned.
>
> I'm not an expert in windows driver development so I'd like to run
> things by you before I start fixing it.
>
> Firstly, I'm not really sure why it hangs (deadlocks?) there for some
> devices and not others. However, I believe that it may be due to the fact
> that some driver interfaces cause blocking PnP events. Due to that,
> vboxusbmon runs into a deadlock when executing IoGetDeviceObjectPointer
> because it is being used directly from a callback function,
> VBoxUsbMonDeviceControl, and IRQL==PASSIVE_LEVEL.
>
> What led me to that conclusion is that right after
> IoGetDeviceObjectPointer is executed, I start seeing lots of PnP events.
> USBMon::vboxUsbMonHubDevWalk:
> IoGetDeviceObjectPointer - Starting
>
> USBMon::VBoxUsbMonPnPHook:
> VBoxUsbMonPnPHook In
>
> USBMon::VBoxUsbMonPnPHook:
> ==>PnP: Mn(IRP_MN_QUERY_DEVICE_RELATIONS), PDO(0x8833d028),
> IRP(0x882a71a8), Status(0xc00000bb)
>
> See attached for complete debug view.
>
> Are my assumptions correct? If so how would you go about fixing the
> problem.
>
> Thanks!
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org<http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
>
>
>
> --
> -- Ribhi
>
>
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
>
> _______________________________________________
> vbox-dev mailing listvbox-dev at virtualbox.orghttps://www.virtualbox.org/mailman/listinfo/vbox-dev
>
>
--
-- Ribhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20120314/81a2dfe4/attachment.html>
More information about the vbox-dev
mailing list