{"id":97536,"date":"2017-12-07T07:00:00","date_gmt":"2017-12-07T22:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=97536"},"modified":"2019-03-13T01:20:54","modified_gmt":"2019-03-13T08:20:54","slug":"20171207-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20171207-00\/?p=97536","title":{"rendered":"Knowing just enough about debugging IRPs to chase the problem out of the I\/O stack"},"content":{"rendered":"

One of my colleagues was running a tool that wound up stuck on Flush­File­Buffers<\/code>. Since this was a hang in the I\/O stack, a kernel dump is more useful. <\/p>\n

I used the !irp<\/code> debugger command to look at the I\/O request that got stuck: <\/p>\n

\n0: kd> !irp 0xffffab0c`fced9340 1\n\nIrp is active with 2 stacks 2 is current (= 0xffffab0cfced9458)\n No Mdl: No System Buffer: Thread ffffab0d15731080:  Irp stack trace.\n     cmd  flg cl Device   File     Completion-Context\n [N\/A(0), N\/A(0)]\n            0  0 00000000 00000000 00000000-00000000\n\n                        Args: 00000000 00000000 00000000 00000000\n>[IRP_MJ<\/a>_FLUSH_BUFFERS(9), N\/A(0)]\n            0  1 ffffab0cdf855060 ffffab0ce2c6eef0 00000000-00000000    pending\n               \\FileSystem\\Npfs\n                        Args: 00000000 00000000 00000000 00000000\n<\/pre>\n
I don’t know what any of this means, but somebody else did. <\/p>\n
The file system is Npfs<\/code>, which is the “named pipe” file system. This means that the code is trying to flush a named pipe, and the process on the other end of the pipe is not responding. <\/p>\n
With the help of debugger documentation<\/a> I dumped the file object: <\/p>\n
\n0: kd> !fileobj ffffab0ce2c6eef0\n\n\\contoso44268\n\nDevice Object: 0xffffab0cdf855060   \\FileSystem\\Npfs\nVpb is NULL\n\nFlags:  0x40082\n        Synchronous IO\n        Named Pipe\n        Handle Created\n\nFile Object is currently busy and has 1 waiters.\n\nFsContext: 0xffffe30b60eefe70   FsContext2: 0xffffe30b23b593d3\nPrivate Cache Map: 0x00000001\nCurrentByteOffset: 0\n<\/pre>\n
I don’t know what any of this means either, but the name of the named pipe is apparently contoso44268<\/code>. <\/p>\n
We provided this information to the owner of the tool, and they recognized it as a named pipe they use to communicate between the tool and a helper process, and the helper process in turn satisfies the pipe request by contacting a Web service. <\/p>\n
The owner of the tool requested some diagnostic logs to figure out why the named pipe got stuck. But that’s not the point of the story today. The point here is just being able to chase the stuck I\/O out of kernel mode back into an application so the forward progress can be made. <\/p>\n
Bonus reading<\/b>: More on debugging the I\/O system: <\/p>\n