[vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
mikhail sennikovsky
mikhail.sennikovsky at oracle.com
Wed Mar 14 12:37:11 PDT 2012
Unfortunately it is impossible to say from the stack only what exactly
the BcmBusCtr is waiting for.
Could you upload this dump to our ftp server so that I could have a look
into it?
I will post you our ftp server details privately.
Thanks,
Mikhail
On 14.03.2012 22:01, Ribhi Kamal wrote:
> Thanks for the help! Below is the stack trace. I'm still working on
> setting up windbg on another machine.
>
> Note: BcmBusCtr is the USB hub that is causing the trouble. It is
> possible that the device is not behaving correctly so I starting to
> lean towards making the hubWalker skip the device all together. But I
> would rather find a real solution since this problem will happen with
> other devices as well.
>
> [888152d8 VirtualBox.exe]
>
> [853f7448 VBoxSVC.exe]
> *** ERROR: Module load completed but symbols could not be loaded for
> BcmBusCtr.sys
> ea4.000eb8 8807d030 0003c0b Blocked nt!KiSwapContext+0x26
> nt!KiSwapThread+0x266
> nt!KiCommitThreadWait+0x1df
> nt!KeWaitForSingleObject+0x393
> BcmBusCtr+0x6127
> nt!IofCallDriver+0x63
> nt!IopParseDevice+0xed7
> nt!ObpLookupObjectName+0x4fa
> nt!ObOpenObjectByName+0x165
> nt!IopCreateFile+0x673
> nt!NtOpenFile+0x2a
> nt!KiFastCallEntry+0x12a
> nt!ZwOpenFile+0x11
> nt!IoGetDeviceObjectPointer+0x59
>
> VBoxUSBMon!vboxUsbMonHubDevWalk+0x831
>
> VBoxUSBMon!VBoxUsbFltFilterCheck+0x4c2
>
> VBoxUSBMon!VBoxUsbMonRunFilters+0x16f
>
> VBoxUSBMon!vboxUsbMonIoctlDispatch+0x1374
>
> VBoxUSBMon!VBoxUsbMonDeviceControl+0xe38
> nt!IofCallDriver+0x63
> nt!IopSynchronousServiceTail+0x1f8
> nt!IopXxxControlFile+0x6aa
> nt!NtDeviceIoControlFile+0x2a
> nt!KiFastCallEntry+0x12a
> ntdll!KiFastSystemCallRet
>
>
> On Wed, Mar 14, 2012 at 6:52 AM, mikhail sennikovsky
> <mikhail.sennikovsky at oracle.com
> <mailto:mikhail.sennikovsky at oracle.com>> wrote:
>
> One thing you might try is to make your host system BSOD and
> generate a full or kernel memory dump once you are sure
> IoGetDeviceObjectPointer is deadlocked for you.
> You will be able then to open the crash dump and find and analyze
> the deadlocked thread.
>
> See http://support.microsoft.com/kb/244139 on how to make the
> system generate a dump for you.
>
> Note that you'd need a full dump or kernel memory dump, not a
> minidump. My Computer -> properties -> advanced system settings ->
> "Startup and recovery" settings.
>
> Once you have a dump and opened it with WinDbg, :
> in WinDbg cmd console: !stacks 2 VBoxUsbMon! -> will give you a
> list of threads VBoxUsbMon is involved in
> select the deadlocked thread with .thread <thread_address>
> you can then do k, .frame, or whatever you need on that thread. It
> would be great if you could post a stack trace for that thread here.
>
> Mikhail
>
>
> On 14.03.2012 1:43, Huihong Luo wrote:
>> sorry, just realized that you are debugging host drivers. Yes,
>> you will have to use 2 physical pcs.
>>
>> --- On *Tue, 3/13/12, Huihong Luo /<huisinro at yahoo.com>
>> <mailto:huisinro at yahoo.com>/* wrote:
>>
>>
>> From: Huihong Luo <huisinro at yahoo.com>
>> <mailto:huisinro at yahoo.com>
>> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs vboxusbmon
>> To: "Ribhi Kamal" <rbhkamal at gmail.com>
>> <mailto:rbhkamal at gmail.com>
>> Cc: "vbox-dev" <vbox-dev at virtualbox.org>
>> <mailto:vbox-dev at virtualbox.org>
>> Date: Tuesday, March 13, 2012, 2:41 PM
>>
>> do you mean you need 2 pcs to debug?
>> no, you can use same pc. Just run vm on the same pc, and
>> configure COM1 as pipe. Then start windbg this way:
>>
>> C:\WinDDK\7600.16385.0\Debuggers\windbg.exe -b -k
>> com:pipe,port=\\.\pipe\com_1,resets=0
>>
>> --- On *Tue, 3/13/12, Ribhi Kamal /<rbhkamal at gmail.com>
>> <mailto:rbhkamal at gmail.com>/* wrote:
>>
>>
>> From: Ribhi Kamal <rbhkamal at gmail.com>
>> <mailto:rbhkamal at gmail.com>
>> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer hangs
>> vboxusbmon
>> To: "Huihong Luo" <huisinro at yahoo.com>
>> <mailto:huisinro at yahoo.com>
>> Cc: "vbox-dev" <vbox-dev at virtualbox.org>
>> <mailto:vbox-dev at virtualbox.org>
>> Date: Tuesday, March 13, 2012, 2:38 PM
>>
>> Thanks, that helped me get started. Unfortunately I can't
>> set break points when debugging locally so it is going to
>> take me a while answer your questions. The only dev
>> machine that I use is 100 miles away from me, so it will
>> be very hard to attach a console/USB cable for debugging.
>> I need to go hunt for a laptop somewhere, put windows on
>> it then run a windbg in server mode. That way I can
>> connect via tcp and set breakpoints.
>>
>> Thanks again
>>
>> On Tue, Mar 13, 2012 at 3:30 PM, Huihong Luo
>> <huisinro at yahoo.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
>> wrote:
>>
>> inside windbg, click Disassembly window, it will
>> display assembly code, then you can set a breakpoint
>> by click the left side of the code line.
>>
>>
>> --- On *Tue, 3/13/12, Ribhi Kamal
>> /<rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>/*
>> wrote:
>>
>>
>> From: Ribhi Kamal <rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
>> Subject: Re: [vbox-dev] IoGetDeviceObjectPointer
>> hangs vboxusbmon
>> To: "Huihong Luo" <huisinro at yahoo.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
>> Cc: "vbox-dev" <vbox-dev at virtualbox.org
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>>
>> Date: Tuesday, March 13, 2012, 12:29 PM
>>
>>
>> The \Device\USBPDO-11 physical device is a sprint
>> hub driver BcmBusCtr.SYS. But I've seen it happen
>> with other devices as well (Apple trackpad)
>>
>> Will update you once I get windbg working.
>>
>> Thanks
>>
>> On Tue, Mar 13, 2012 at 3:08 PM, Ribhi Kamal
>> <rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
>> wrote:
>>
>> The hubwalker loops through PDO devices 0-15
>> and it hangs at number 11. So the device name
>> (hub name) should be "\Device\USBPDO-11". Is
>> that what you wanted?
>>
>> I'm still trying to figure out how to step
>> through assembly code in windbg. I just
>> started windows in debug mode and connected
>> windbg.
>>
>> In the mean time, I found the link below
>> which suggests queuing a work item to call
>> IoGetDeviceObjectPointer
>> using ioallocateworkitem routine, should I
>> give that a try?
>> http://www.osronline.com/article.cfm?id=24
>>
>> Here is a little snippet:
>>
>> *Figure 5 – The _wrong_ way to write a PnP
>> Notification Callback*
>>
>> **
>>
>> And, while you’d be partially right, you /do/ get a
>> pointer to a device object using its name by calling
>> *IoGetDeviceObject Pointer*, you’d also get bitten by
>> one of the conditions of PnP Notification
>> routines. As it very clearly states in the
>> documentation:
>>
>> /A callback routine must not open the device
>> directly. If the provider of the interface causes
>> blocking PnP events, the notification callback
>> routine can cause a deadlock if it tries to open the
>> device in the callback thread./
>>
>> //
>>
>> When you call *IoGetDeviceObjectPointer, *you’re
>> actually issuing an open (IRP_MJ_CREATE) for the
>> specified device. That’s why you get back a File
>> Object pointer, in addition to the Device Object
>> pointer that you wanted. So, the proper thing to do
>> is queue a work item that does the call to
>> *IoGetDeviceObjectPointer*, as shown in /Figure 6/.
>>
>>
>>
>> On Tue, Mar 13, 2012 at 2:10 PM, Huihong Luo
>> <huisinro at yahoo.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com>>
>> wrote:
>>
>> This api simply returns a device object from a
>> name, and usually does not block. What is the
>> device name? you can examine ObjectName unicode
>> string.
>> IoGetDeviceObjectPointer() does the following thing:
>> ZwOpenFile(ObjectName) to get a handle
>> ObReferenceObjectByHandle(handle) to get the
>> FileObject
>> IoGetRelatedDeviceObject(FileObject) to get the
>> device object
>> you can further step into the assembly code to
>> nail down which function call causes the lock.
>> you can also list all locks using these commands
>> in windbg:
>> !locks
>> !deadlock
>>
>> --- On *Tue, 3/13/12, Ribhi Kamal
>> /<rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>/*
>> wrote:
>>
>>
>> From: Ribhi Kamal <rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
>> Subject: Re: [vbox-dev]
>> IoGetDeviceObjectPointer hangs vboxusbmon
>> To: "vbox-dev" <vbox-dev at virtualbox.org
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>>
>> Date: Tuesday, March 13, 2012, 10:49 AM
>>
>>
>> Sorry, actually the IRQL == PASSIVE_LEVEL is
>> okay. So just ignore that bit.
>>
>> On Tue, Mar 13, 2012 at 1:27 PM, Ribhi Kamal
>> <rbhkamal at gmail.com
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=rbhkamal@gmail.com>>
>> wrote:
>>
>> I've been troubleshooting an issue that
>> prevents vbox from capturing USB devices
>> when other specific USB devices are
>> plugged in (i.e. Sprint USB crap). I
>> finally managed to track down the problem
>> to IoGetDeviceObjectPointer in
>> VboxUsbMonHubDevWalk. IoGetDeviceObjectPointer
>> was getting called, however, it never
>> returned.
>>
>> I'm not an expert in windows driver
>> development so I'd like to run things by
>> you before I start fixing it.
>>
>> Firstly, I'm not really sure why it hangs
>> (deadlocks?) there for some devices and
>> not others. However, I believe that it
>> may be due to the fact that some driver
>> interfaces cause blocking PnP events. Due
>> to that, vboxusbmon runs into a deadlock
>> when executing IoGetDeviceObjectPointer
>> because it is being used directly from a
>> callback function,
>> VBoxUsbMonDeviceControl, and
>> IRQL==PASSIVE_LEVEL.
>>
>> What led me to that conclusion is that
>> right after IoGetDeviceObjectPointer is
>> executed, I start seeing lots of PnP events.
>> USBMon::vboxUsbMonHubDevWalk:
>> IoGetDeviceObjectPointer - Starting
>>
>> USBMon::VBoxUsbMonPnPHook:
>> VBoxUsbMonPnPHook In
>>
>> USBMon::VBoxUsbMonPnPHook:
>> ==>PnP:
>> Mn(IRP_MN_QUERY_DEVICE_RELATIONS),
>> PDO(0x8833d028), IRP(0x882a71a8),
>> Status(0xc00000bb)
>>
>> See attached for complete debug view.
>>
>> Are my assumptions correct? If so how
>> would you go about fixing the problem.
>>
>> Thanks!
>>
>> --
>> -- Ribhi
>>
>>
>>
>>
>> --
>> -- Ribhi
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
>> <http://us.mc1603.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org>
>> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>>
>>
>>
>>
>> --
>> -- Ribhi
>>
>>
>>
>> --
>> -- Ribhi
>>
>>
>>
>>
>> --
>> -- Ribhi
>>
>>
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org <mailto:vbox-dev at virtualbox.org>
>> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>>
>
>
>
> --
> -- Ribhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.virtualbox.org/pipermail/vbox-dev/attachments/20120314/bdf0b0e5/attachment-0001.html
More information about the vbox-dev
mailing list