Opened 10 years ago
Closed 8 years ago
#12582 closed defect (obsolete)
BSOD: PnP (vboxusb.sys)
| Reported by: | Petr Kurtin | Owned by: | |
|---|---|---|---|
| Component: | USB | Version: | VirtualBox 4.3.6 |
| Keywords: | BSOD | Cc: | |
| Guest type: | Windows | Host type: | Windows |
Description
Hello,
I got the following BSOD:
BugCheck C9, {22e, fffff80023af3a70, ffffcf80021b4b40, 0}
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 000000000000022e, The caller has completed a successful IRP_MJ_PNP instead of passing it down.
Arg2: fffff80023af3a70, The address in the driver's code where the error was detected.
Arg3: ffffcf80021b4b40, IRP address.
Arg4: 0000000000000000
The problem is caused by incorrect handling of IRP_MN_CANCEL_REMOVE_DEVICE state. vboxUsbPnPMnCancelRemoveDevice function (src/VBox/HostDrivers/VBoxUSB/win/dev/VBoxUsbPnP.cpp) is called with IRP_MN_CANCEL_REMOVE_DEVICE, but enmState is already in ENMVBOXUSB_PNPSTATE_STARTED state. MSDN says, you should pass the request down: A driver might receive a spurious cancel-remove request when the device is started and active. This can occur, for example, if the driver (or a driver higher in the device stack) failed an IRP_MN_QUERY_REMOVE_DEVICE request. When a device is started and active, a driver simply succeeds a spurious cancel-remove request for the device.
current code:
static NTSTATUS vboxUsbPnPMnCancelRemoveDevice(PVBOXUSBDEV_EXT pDevExt, PIRP pIrp)
{
ENMVBOXUSB_PNPSTATE enmState = vboxUsbPnPStateGet(pDevExt);
NTSTATUS Status = STATUS_SUCCESS;
if (enmState == ENMVBOXUSB_PNPSTATE_REMOVE_PENDING)
{
IoCopyCurrentIrpStackLocationToNext(pIrp);
Status = VBoxDrvToolIoPostSync(pDevExt->pLowerDO, pIrp);
if (NT_SUCCESS(Status))
{
vboxUsbPnPStateRestore(pDevExt);
}
}
else
{
Assert(0);
Assert(enmState == ENMVBOXUSB_PNPSTATE_STARTED);
}
VBoxDrvToolIoComplete(pIrp, Status, 0);
vboxUsbDdiStateRelease(pDevExt);
return Status;
}
fixed code:
static NTSTATUS vboxUsbPnPMnCancelRemoveDevice(PVBOXUSBDEV_EXT pDevExt, PIRP pIrp)
{
ENMVBOXUSB_PNPSTATE enmState = vboxUsbPnPStateGet(pDevExt);
NTSTATUS Status = STATUS_SUCCESS;
Assert(enmState == ENMVBOXUSB_PNPSTATE_REMOVE_PENDING);
IoCopyCurrentIrpStackLocationToNext(pIrp);
Status = VBoxDrvToolIoPostSync(pDevExt->pLowerDO, pIrp);
if (NT_SUCCESS(Status))
{
if (enmState == ENMVBOXUSB_PNPSTATE_REMOVE_PENDING)
{
vboxUsbPnPStateRestore(pDevExt);
}
}
VBoxDrvToolIoComplete(pIrp, Status, 0);
vboxUsbDdiStateRelease(pDevExt);
return Status;
}
The same problem is also with vboxUsbPnPMnCancelStopDevice function.
callstack: nt!KeBugCheckEx nt!VerifierBugCheckIfAppropriate nt!ViErrorFinishReport nt!VfPnpVerifyIrpStackUpward nt!VfMajorVerifyIrpStackUpward nt!IovpCompleteRequest2 nt!IovpLocalCompletionRoutine nt!IopfCompleteRequest nt!IovCompleteRequest VBoxUSB!vboxUsbPnPMnCancelRemoveDevice VBoxUSB!vboxUsbDispatchPnP VerifierExt!xdv_IRP_MJ_PNP_wrapper nt!IovCallDriver nt!ViFilterDispatchPnp nt!IovCallDriver VerifierExt!IofCallDriver_internal_wrapper MSDMFilt!FilterPassIrpSynchronously MSDMFilt!FilterCancelRemove MSDMFilt!FilterDispatchPnp VerifierExt!xdv_IRP_MJ_PNP_wrapper nt!IovCallDriver nt!ViFilterDispatchPnp nt!IovCallDriver nt!IopSynchronousCall nt!IopRemoveDevice nt! ?? ::NNGAKEGL::`string' nt!PnpDeleteLockedDeviceNode nt!PnpDeleteLockedDeviceNodes nt!PnpProcessQueryRemoveAndEject nt!PnpProcessTargetDeviceEvent nt!PnpDeviceEventWorker nt!ExpWorkerThread nt!PspSystemThreadStartup nt!KiStartSystemThread}}} Regards, Petr
Please reopen if still relevant with a recent VirtualBox release.