Dear All,
I am try to enable and disable one particular USB interface on USB composite device from device manager. The interface has function driver(driver1) and lower filter driver(driver2). Issue is device manager getting hanged indefinitely, using notmyfault crashed system to get dump, corresponding to drivers two threads are in blocked state. Thread-1 from driver1, synchronously sending vendor request to device which goes through lower filter driver, lower filter driver2 receives on EvtIoWrite this request is again framed and sent to lower level, lower level is waiting on “KeWaitForSingleObject” indefinitely , even though timeout value is set.
I am trying to see arguments passed to KeWaitForSingleObject function, since timeout value is 5th argument, I want to make sure timeout is set. I am assuming 5th argument is pushed to stack.
when checked value it is showing “zero”, this issue I am checking on windows 10 x64, quite difficult to get assured value. kindly please let me know how to debug this issue.
- why request is not completed even though timeout value is set?
- how to view 5th argument in case of x64( value stored on stack is assured?).
ffffdd07
73496000 fffff802
6f1c908d : ffff88019f744180 00000004
fffffffe ffff8801ffffffff 00000000
00000001 : nt!KiSwapContext+0x76
ffffdd0773496140 fffff802
6f1c7f14 : ffffc704bb549040 00000000
00000000 ffffde8000000000 ffffde80
00000000 : nt!KiSwapThread+0xbfd
ffffdd07734961e0 fffff802
6f1c76b5 : 0000000000000000 fffff802
00000000 ffffdd0773498000 00000000
00000000 : nt!KiCommitThreadWait+0x144
ffffdd0773496280 fffff802
6fa2f9f4 : ffffdd0773496430 00000000
00000000 0000000000000000 00000000
00000000 : nt!KeWaitForSingleObject+0x255
ffffdd0773496360 fffff802
6fa2ee6e : ffffdd0773496430 00000000
00000102 ffffdd0773496470 00000000
0000001d : nt!ViKeWaitForSingleObjectCommon+0x984: kd> dqs ffffdd07`73496360
ffffdd07
73496360 ffffdd07
73496430
ffffdd07
73496368 00000000
00000000
ffffdd07
73496370 00000000
0000000
ffffdd07
73496378 00000000
00000000
ffffdd07
73496380 00000000
00000000----> is it 5th argument timeout value for “KeWaitForSingleObject” ?
ffffdd07
73496388 ffffdd07
73496400
ffffdd07
73496390 00000000
0000001d
Thread -1 sent synchronous request which is not getting completed, Thread-2( PNP remove) waiting on Thread-1 handle to get terminate. That’s why device manager is not hanged.
Thread-1 WdfRequestSend driver1
WDF_WRITE_REQUEST_TIMEOUT 1
WDF_REQUEST_SEND_OPTIONS_INIT(&options,WDF_REQUEST_SEND_OPTION_TIMEOUT | WDF_REQUEST_SEND_OPTION_SYNCHRONOUS);
WDF_REQUEST_SEND_OPTIONS_SET_TIMEOUT(&options,WDF_ABS_TIMEOUT_IN_SEC(WDF_WRITE_REQUEST_TIMEOUT)
WdfRequestSend(wdfRequest, deviceContext->UsbDeviceIoTargets, &options);
Thread-1 WdfUsbTargetDeviceSendControlTransferSynchronously driver2
SEND_ENCAP_REQ_TIMEOUT 1
WDF_REQUEST_SEND_OPTIONS_INIT(&requestSendOptions, WDF_REQUEST_SEND_OPTION_TIMEOUT);
WDF_REQUEST_SEND_OPTIONS_SET_TIMEOUT(&requestSendOptions, WDF_REL_TIMEOUT_IN_SEC(SEND_ENCAP_REQ_TIMEOUT));
WdfUsbTargetDeviceSendControlTransferSynchronously( pDeviceContext->UsbContext.UsbDevice,WDF_NO_HANDLE, &requestSendOptions,&usbControlSetupPacket,&memoryDescriptor,&numberOfBytesTransferred);
thread-1 and thread-2 stacks are attached.