Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Strange deadlock on PagingIoResource between 3 threads - need help
Aleh_Kazakevich
Member Posts: 91
Hi, guys.
I have very strange deadlock and I am completely misunderstanding what's going on.
Three threads try to acquire resource, but none of them succeeds:
Resource @ 0xffffe00153341ab0 Shared 1 owning threads
Contention Count = 7
NumberOfSharedWaiters = 1
NumberOfExclusiveWaiters = 2
Threads: ffffe00152e9c080-01<*>
Threads Waiting On Exclusive Access:
ffffe001525386c0 ffffe00151ce54c0
According to this picture, the thread ffffe00152e9c080 is resource owner an it also one of shared waiters.
But how is that even possible? The thread has acquired the resource and then waits for it again?
Here is complete output of '!locks' command:
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks......
Resource @ 0xffffe0014f56ea00 Shared 1 owning threads
Contention Count = 137
NumberOfSharedWaiters = 102
NumberOfExclusiveWaiters = 1
Threads: ffffe00151ce54c0-01<*> ffffe0015335a080-01 ffffe00151b7f2c0-01 ffffe00151380080-01
ffffe00152907040-01 ffffe00152c68080-01 ffffe001532d0080-01 ffffe0015247d280-01
ffffe00152686080-01 ffffe00150f07080-01 ffffe0015120f780-01 ffffe0014dc34700-01
ffffe001519be1c0-01 ffffe00150d62040-01 ffffe0014f02f080-01 ffffe00151ab8840-01
ffffe00153650840-01 ffffe00150ee1040-01 ffffe001526aa080-01 ffffe0014f05f840-01
ffffe00151b0b840-01 ffffe00151233840-01 ffffe00152e55080-01 ffffe00151abc080-01
ffffe001519f85c0-01 ffffe00151d1a080-01 ffffe00151dde840-01 ffffe00152efd080-01
ffffe0014dd21040-01 ffffe00151ef1840-01 ffffe0015347b080-01 ffffe00151a62080-01
ffffe00151b1e080-01 ffffe00151bce080-01 ffffe001516da080-01 ffffe00152583840-01
ffffe001524a4080-01 ffffe00151a6e080-01 ffffe00151e37080-01 ffffe00151d1e080-01
ffffe0015266b080-01 ffffe001523b9080-01 ffffe00152489840-01 ffffe001532ce840-01
ffffe00153374080-01 ffffe00153392840-01 ffffe00152e7c080-01 ffffe00151723080-01
ffffe001518d1840-01 ffffe0014dc5d840-01 ffffe00152691840-01 ffffe001533c8840-01
ffffe001528d9840-01 ffffe00152fba080-01 ffffe00153372080-01 ffffe001529ec840-01
ffffe001520cc500-01 ffffe00150df6040-01 ffffe001517ee840-01 ffffe00151c03840-01
ffffe00150f61080-01 ffffe001525ae080-01 ffffe001524ec080-01 ffffe00152e3a840-01
ffffe00150ece080-01 ffffe0014dc87040-01 ffffe00150f01040-01 ffffe0014ef71080-01
ffffe0014f1f1040-01 ffffe00151b826c0-01 ffffe00152594080-01 ffffe001526b1080-01
ffffe001528da840-01 ffffe001527fc080-01 ffffe00151cee080-01 ffffe001511ad480-01
ffffe00151763080-01 ffffe0014f200080-01 ffffe001523b5080-01 ffffe00153581080-01
ffffe00151be5080-01 ffffe00152f02080-01 ffffe00151339080-01 ffffe00152a49080-01
ffffe0014ef62080-01 ffffe001526a7080-01 ffffe00152836080-01 ffffe0015171e080-01
ffffe00152e9e080-01 ffffe00152aa0040-01 ffffe00152980080-01 ffffe00150ebd040-01
ffffe0015188f080-01 ffffe001532cf080-01 ffffe0014f034080-01 ffffe001525a0080-01
ffffe001511ea080-01 ffffe0014efcd840-01 ffffe001516e9080-01 ffffe00150f50080-01
ffffe001516ea080-01 ffffe00153537080-01 ffffe00152c87080-01<*>
Threads Waiting On Exclusive Access:
ffffe00152c77080
KD: Scanning for held locks............
Resource @ 0xffffe00153341ab0 Shared 1 owning threads
Contention Count = 7
NumberOfSharedWaiters = 1
NumberOfExclusiveWaiters = 2
Threads: ffffe00152e9c080-01<*>
Threads Waiting On Exclusive Access:
ffffe001525386c0 ffffe00151ce54c0
KD: Scanning for held locks........
24712 total locks, 2 locks currently held
As you can see, the thread ffffe00152e9c080 is not involved in any other locks (but somehow magically it blocks the whole system).
CMKD extension (https://codemachine.com/downloads/cmkd.html) confirms that all three threads wait on the same resource 0xffffe00153341ab0,
see 1st parameter of ExAcquireResourceXxxLite and ExpWaitForResource:
.thread ffffe00152e9c080;!stack -p;.thread ffffe001525386c0;!stack -p;.thread ffffe00151ce54c0;!stack -p
03 ffffd0010d96ba40 fffff8019bcdc562 nt!ExpWaitForResource+674
Parameter[0] = ffffe00153341ab0
Parameter[1] = ffffd0010d96bb40
Parameter[2] = (unknown)
Parameter[3] = (unknown)
04 ffffd0010d96bb00 fffff8003e592cea nt!ExAcquireResourceSharedLite+412
Parameter[0] = ffffe00153341ab0
Parameter[1] = 0000000000000001
Parameter[2] = (unknown)
Parameter[3] = (unknown)
...
03 ffffd0010d130bb0 fffff8019bcdbf9f nt!ExpWaitForResource+674
Parameter[0] = ffffe00153341ab0
Parameter[1] = ffffe00152d07c30
Parameter[2] = (unknown)
Parameter[3] = (unknown)
04 ffffd0010d130c70 fffff8003e4bb317 nt!ExAcquireResourceExclusiveLite+1cf
Parameter[0] = ffffe00153341ab0
Parameter[1] = ffffc001e023c150
Parameter[2] = 0000000000000001
Parameter[3] = (unknown)
...
03 ffffd0010d1599b0 fffff8019bcdbf9f nt!ExpWaitForResource+674
Parameter[0] = ffffe00153341ab0
Parameter[1] = ffffe00152d07c30
Parameter[2] = (unknown)
Parameter[3] = (unknown)
04 ffffd0010d159a70 fffff8003e5947bd nt!ExAcquireResourceExclusiveLite+1cf
Parameter[0] = ffffe00153341ab0
Parameter[1] = 0000000000000001
Parameter[2] = (unknown)
Parameter[3] = (unknown)
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 30 January 2023 | Live, Online |
| Developing Minifilters | 20 March 2023 | Live, Online |
| Internals & Software Drivers | 17 April 2023 | Live, Online |
| Writing WDF Drivers | 22 May 2023 | Live, Online |
Comments
More information about threads and their I/O:
THREAD ffffe00152e9c080
==== STACK ==== THREAD ffffe00152e9c080 Cid 1e84.1f98 Teb: 00007ff659d64000 Win32Thread: ffffe0015294c860 WAIT: (WrResource) KernelMode Non-Alertable ffffd0010d96bb40 SynchronizationEvent IRP List: ffffe00153289290: (0006,0430) Flags: 00000884 Mdl: 00000000 Not impersonating DeviceMap ffffc001dea135a0 Owning Process ffffe0015258b800 Image: SearchProtocolHost.exe Attached Process N/A Image: N/A Wait Start TickCount 125539 Ticks: 185 (0:00:00:02.890) Context Switch Count 11094 IdealProcessor: 0 UserTime 00:00:00.531 KernelTime 00:00:01.265 Win32 Start Address 0x00007ff65a838030 Stack Init ffffd0010d96cb90 Current ffffd0010d96b770 Base ffffd0010d96d000 Limit ffffd0010d966000 Call 0000000000000000 Priority 14 BasePriority 8 PriorityDecrement 96 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site ffffd001`0d96b7b0 fffff801`9bcb4324 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`52e9c180 : nt!KiSwapContext+0x76 ffffd001`0d96b8f0 fffff801`9bcb3a49 : 00000000`00000000 fffff801`9bff0780 00000000`000124e3 ffffd001`063e6180 : nt!KiSwapThread+0x684 ffffd001`0d96b9b0 fffff801`9bcb02c4 : ffffe001`000000e3 ffffd001`063e6180 ffffe001`00000002 ffffe001`52e9c080 : nt!KiCommitThreadWait+0x399 ffffd001`0d96ba40 fffff801`9bcdc562 : ffffe001`53341ab0 ffffd001`0d96bb40 ffffc001`00000100 00000000`00000100 : nt!ExpWaitForResource+0x674 ffffd001`0d96bb00 fffff800`3e592cea : ffffc001`def5c602 ffffc001`e023c150 ffffd001`0d96bd10 fffff801`9c0bd3c5 : nt!ExAcquireResourceSharedLite+0x412 ffffd001`0d96bb90 fffff800`3e58d71a : ffffd001`0d96bd10 ffffe001`00000018 00000000`00000018 fffff801`00000002 : NTFS!NtfsCommonQueryInformation+0x1da ffffd001`0d96bc70 fffff800`3e58d627 : ffffd001`0d96bd10 ffffe001`53432010 ffffe001`53432010 fffff800`3d158193 : NTFS!NtfsFsdDispatchSwitch+0xda ffffd001`0d96bcf0 fffff800`3d1551c4 : 00000000`00000079 ffffe001`4f6ea728 ffffe001`4f9782e8 ffffe001`53289290 : NTFS!NtfsFsdDispatchWait+0x47 ffffd001`0d96bf60 fffff800`3d152a13 : ffffe001`4f9782e8 ffffd001`0d96c029 00000000`00000001 ffffe001`4f6ea728 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4 ffffd001`0d96bfe0 fffff800`3d183162 : ffffe001`4f978210 00000000`00000018 ffffe001`4f9782e8 ffffe001`53289290 : FLTMGR!FltPerformSynchronousIo+0x303 ffffd001`0d96c090 fffff800`3ebe42fe : ffffd001`0d96c1b8 ffffe001`5329f3e0 ffffe001`52c26790 ffffc001`e192b300 : FLTMGR!FltQueryInformationFile+0x52 ffffd001`0d96c0d0 fffff800`3ebe548b : ffffe001`4efd00e8 ffffd001`0d96c150 ffffe001`5329f260 ffffe001`5329f260 : MyDriver!queryFileSize+0x4e ffffd001`0d96c130 fffff800`3d153652 : ffffe001`4efd0000 ffffe001`4efd00e8 ffffe001`4efd0188 ffffe001`4f6ea720 : MyDriver!postCreate+0x11b ffffd001`0d96c170 fffff800`3d153086 : ffffe001`4efd0000 ffffe001`53289600 00000000`00000000 00000000`00000000 : FLTMGR!FltpPerformPostCallbacks+0x2b2 ffffd001`0d96c240 fffff800`3d15525a : ffffe001`4efd0028 ffffe001`4efd0010 ffffe001`53289290 ffffe001`53289630 : FLTMGR!FltpPassThroughCompletionWorker+0x76 ffffd001`0d96c280 fffff800`3d18384a : ffffe001`4f5db330 00000000`00000801 00000000`00000000 ffffe001`4dba3000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x33a ffffd001`0d96c300 fffff801`9c0b1fc5 : 00000000`00000000 00000000`00000085 ffffe001`4ebe1f20 ffffe001`00000000 : FLTMGR!FltpCreate+0x34a ffffd001`0d96c3b0 fffff801`9c0b72b0 : fffff801`9bc81000 fffff801`9bc81000 fffff801`9c1c7320 fffff801`9c0b05c0 : nt!IopParseDevice+0x1a05 ffffd001`0d96c5c0 fffff801`9c0b53bb : ffffe001`4e861000 ffffd001`0d96c7a0 ffffd001`00000040 ffffe001`4dc31f20 : nt!ObpLookupObjectName+0x9f0 ffffd001`0d96c730 fffff801`9c12749f : ffffc8fe`00000001 ffffe001`4dc31f20 00007fff`63a95d01 ffffe001`4e87bb10 : nt!ObOpenObjectByName+0x42b ffffd001`0d96c850 fffff801`9c126c59 : ffffe001`52e9c080 00007fff`00020080 00000052`516397a8 00000052`51639738 : nt!IopCreateFile+0x82f ffffd001`0d96c900 fffff801`9be122d3 : fffff6fb`5fffd8e8 fffff6bf`ffb1d4a8 ffffc8fe`fcdd5f85 ffffd001`00000001 : nt!NtCreateFile+0x79 ffffd001`0d96c990 00007fff`6d1c38ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd001`0d96ca00) 00000052`51639718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6d1c38ca ==== IRP ==== Irp is active with 11 stacks 11 is current (= 0xffffe00153289630) No Mdl: No System Buffer: Thread ffffe00152e9c080: Irp stack trace. cmd flg cl Device File Completion-Context ... [IRP_MJ_CREATE(0), N/A(0)] 0 0 ffffe0014f56e030 00000000 fffff8003d159bb0-ffffe0014efd0010 \FileSystem\NTFS FLTMGR!FltpSynchronizedOperationCompletion Args: 00000000 00000000 00000000 00000000 -> [IRP_MJ_CREATE(0), N/A(0)] 0 0 ffffe0014f5db330 ffffe0014ebe1f20 00000000-00000000 \FileSystem\FltMgr Args: ffffd0010d96c548 01200000 00070080 00000000 ==== FILE OBJECT ==== \Program Files (x86)\Google\Chrome\Application\107.0.5304.122\Installer\setup.exe Device Object: 0xffffe0014f57d8c0 \Driver\volmgr Vpb: 0xffffe0014f57ce20 Flags: 0x40 Cache Supported FsContext: 0xffffc001e023c150 FsContext2: 0xffffc001e18c3840 CurrentByteOffset: 0 Cache Data: Section Object Pointers: ffffe00153341a78 Shared Cache Map: ffffe0014ef22b70 File Offset: 0 in VACB number 0 Data at offset 0 not mappedTHREAD ffffe001525386c0
==== STACK ==== THREAD ffffe001525386c0 Cid 0e38.0ffc Teb: 00000000ff11b000 Win32Thread: ffffe00152749670 WAIT: (WrResource) KernelMode Non-Alertable ffffe00152d07c30 SynchronizationEvent IRP List: ffffe0014f76c0a0: (0006,0430) Flags: 00020a00 Mdl: 00000000 Not impersonating DeviceMap ffffc001dea135a0 Owning Process ffffe0015180b080 Image: setup.exe Attached Process N/A Image: N/A Wait Start TickCount 125491 Ticks: 233 (0:00:00:03.640) Context Switch Count 31699 IdealProcessor: 2 UserTime 00:00:08.296 KernelTime 00:00:05.687 Win32 Start Address 0x00000000004bf640 Stack Init ffffd0010d131b90 Current ffffd0010d1308e0 Base ffffd0010d132000 Limit ffffd0010d12b000 Call 0000000000000000 Priority 14 BasePriority 4 PriorityDecrement 144 IoPriority 0 PagePriority 1 Child-SP RetAddr : Args to Child : Call Site ffffd001`0d130920 fffff801`9bcb4324 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`525387c0 : nt!KiSwapContext+0x76 ffffd001`0d130a60 fffff801`9bcb3a49 : 00000000`00000000 fffff801`9bff0780 00000000`000124c7 ffffd001`0d130c70 : nt!KiSwapThread+0x684 ffffd001`0d130b20 fffff801`9bcb02c4 : ffffe001`000000c7 ffffd001`06480180 ffffe001`00000002 ffffe001`525386c0 : nt!KiCommitThreadWait+0x399 ffffd001`0d130bb0 fffff801`9bcdbf9f : ffffe001`53341ab0 ffffe001`52d07c30 ffffe001`00000100 ffffffff`00000102 : nt!ExpWaitForResource+0x674 ffffd001`0d130c70 fffff800`3e4bb317 : ffffc001`edcf9d02 ffffc001`e023c150 ffffd001`0d130e30 fffff800`3e5207a0 : nt!ExAcquireResourceExclusiveLite+0x1cf ffffd001`0d130d00 fffff801`9c1225b9 : 00000000`00000000 ffffd001`0d130e30 fffff800`3e5207a0 ffffe001`4f394960 : NTFS!NtfsAcquireFileForCcFlush+0xc7 ffffd001`0d130d30 fffff801`9bd497df : ffffd001`0d131060 ffffd001`0d131280 ffffe001`4ef1e1f8 00000000`00000001 : nt!FsRtlAcquireFileForCcFlushEx+0x15d ffffd001`0d130fe0 fffff801`9bc94d8e : 00000000`00000000 00000000`00200000 00000000`00080000 00000000`00000000 : nt!MmFlushSection+0x19b ffffd001`0d1310a0 fffff801`9bcc697c : ffffe001`53341a78 ffffd001`0d131348 ffffd001`00080000 00000000`00000000 : nt!CcFlushCachePriv+0x64e ffffd001`0d1311b0 fffff801`9bd891ba : ffffe001`4ef22b70 00000000`06ced020 ffffd001`0d131348 00000000`00000000 : nt!CcMapAndCopyInToCache+0xebc ffffd001`0d1312e0 fffff800`3e4b6398 : ffffd001`0d131650 ffffe001`4eaaa018 00000000`00000048 ffffc001`e023c100 : nt!CcCopyWriteEx+0x1ca ffffd001`0d131380 fffff800`3e4b5477 : ffffe001`4eaaa018 00000000`00000000 00000000`00000000 ffffe001`4eaaa018 : NTFS!NtfsCommonWrite+0xc88 ffffd001`0d131620 fffff800`3d1551c4 : ffffe001`52581880 ffffe001`4f76c0a0 ffffe001`4f76c0a0 ffffe001`4f76c440 : NTFS!NtfsFsdWrite+0x1d7 ffffd001`0d1316e0 fffff800`3d153a16 : 00000000`00000000 ffffe001`4f9a44a0 ffffe001`53569001 ffffe001`4f9a4400 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4 ffffd001`0d131760 fffff801`9c0949ab : 00000000`00000000 ffffd001`0d131841 ffffe001`4f9a4450 ffffd001`00000079 : FLTMGR!FltpDispatch+0xb6 ffffd001`0d1317c0 fffff801`9c093b82 : 00000000`00000001 00000000`00000004 ffffe001`4f9a4450 00000000`00000000 : nt!IopSynchronousServiceTail+0x16b ffffd001`0d131890 fffff801`9be122d3 : 00000000`00000000 00000000`000003d0 00000000`00000000 00000000`0521a99c : nt!NtWriteFile+0x692 ffffd001`0d131990 00000000`70ba1e52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd001`0d131a00) 00000000`04eaebd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x70ba1e52 ==== IRP ==== Irp is active with 11 stacks 10 is current (= 0xffffe0014f76c3f8) No Mdl: No System Buffer: Thread ffffe001525386c0: Irp stack trace. cmd flg cl Device File Completion-Context ... -> [IRP_MJ_WRITE(4), N/A(0)] 0 e0 ffffe0014f56e030 ffffe0014f9a4450 fffff8003d152e50-ffffe00152581880 Success Error Cancel \FileSystem\NTFS FLTMGR!FltpPassThroughCompletion Args: 00080000 00000000 00200000 00000000 [IRP_MJ_WRITE(4), N/A(0)] 0 1 ffffe0014f5db330 ffffe0014f9a4450 00000000-00000000 pending \FileSystem\FltMgr Args: 00080000 00000000 00200000 00000000 ==== FILE OBJECT ==== \Program Files (x86)\Google\Chrome\Application\107.0.5304.122\Installer\setup.exe Device Object: 0xffffe0014f57d8c0 \Driver\volmgr Vpb: 0xffffe0014f57ce20 Access: Read Write Delete Flags: 0x41062 Synchronous IO Sequential Only Cache Supported Modified Handle Created File Object is currently busy and has 0 waiters. FsContext: 0xffffc001e023c150 FsContext2: 0xffffc001e023c398 Private Cache Map: 0xffffe0014ef22ce8 CurrentByteOffset: 200000 Cache Data: Section Object Pointers: ffffe00153341a78 Shared Cache Map: ffffe0014ef22b70 File Offset: 200000 in VACB number 8 Vacb: ffffe0014dcff390 Your data is at: ffffb0017fb40000THREAD ffffe00151ce54c0
==== STACK ==== THREAD ffffe00151ce54c0 Cid 0e14.0f28 Teb: 00000000ffe95000 Win32Thread: 0000000000000000 WAIT: (WrResource) KernelMode Non-Alertable ffffe00152d07c30 SynchronizationEvent IRP List: ffffe0014f0e0010: (0006,0430) Flags: 00000404 Mdl: 00000000 Impersonation token: ffffc001e18f6260 (Level Impersonation) Owning Process ffffe00151a17800 Image: sihost.exe Attached Process N/A Image: N/A Wait Start TickCount 125491 Ticks: 233 (0:00:00:03.640) Context Switch Count 35235 IdealProcessor: 3 UserTime 00:00:00.781 KernelTime 00:00:10.796 Win32 Start Address 0x0000000001353af8 Stack Init ffffd0010d159fd0 Current ffffd0010d1596e0 Base ffffd0010d15a000 Limit ffffd0010d153000 Call 0000000000000000 Priority 14 BasePriority 8 PriorityDecrement 96 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site ffffd001`0d159720 fffff801`9bcb4324 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`51ce55c0 : nt!KiSwapContext+0x76 ffffd001`0d159860 fffff801`9bcb3a49 : 00000000`00000000 fffff801`9bff0780 00000000`000124c7 00000009`9e8eb422 : nt!KiSwapThread+0x684 ffffd001`0d159920 fffff801`9bcb02c4 : ffffe001`000000c7 ffffd001`063e6180 ffffe001`00000002 ffffe001`51ce54c0 : nt!KiCommitThreadWait+0x399 ffffd001`0d1599b0 fffff801`9bcdbf9f : ffffe001`53341ab0 ffffe001`52d07c30 ffffc001`00000100 00000000`00000102 : nt!ExpWaitForResource+0x674 ffffd001`0d159a70 fffff800`3e5947bd : 00000000`c0000002 ffffc001`e023c010 ffffe001`51ce54c0 ffffd001`0df59460 : nt!ExAcquireResourceExclusiveLite+0x1cf ffffd001`0d159b00 fffff800`3e594519 : ffffe001`4e8728e8 ffffe001`4f0e0010 ffffd001`0df593f8 ffffe001`51ce54c0 : NTFS!NtfsCommonCleanup+0x27d ffffd001`0d159f50 fffff801`9be06007 : ffffd001`0df593f8 ffffe001`5270d080 ffffe001`5270d080 00000000`0c3ff8ec : NTFS!NtfsCommonCleanupCallout+0x19 ffffd001`0d159f80 fffff801`9be05fcd : ffffe001`4f39b680 ffffd001`0df53000 00000000`00000012 fffff801`9bd16d54 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ ffffd001`0d159e40) ffffd001`0df59240 fffff801`9bd16d54 : ffffe001`00000012 ffffe001`4f39b680 00000000`00000000 fffff800`00000007 : nt!KiSwitchKernelStackContinue ffffd001`0df59260 fffff801`9bd16996 : 00000000`00006000 ffffd001`0df59300 00000000`00000000 00000000`00000009 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x264 ffffd001`0df59300 fffff801`9bd1685f : 00000000`00000001 ffffd001`0df593f8 00000000`00000000 ffffd001`0df59438 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6 ffffd001`0df59360 fffff800`3e58c4fb : ffffe001`4f0e0010 ffffd001`0df59460 00000000`00000000 ffffd001`0df59438 : nt!KeExpandKernelStackAndCalloutInternal+0x2f ffffd001`0df593b0 fffff800`3d1551c4 : ffffe001`4ed54880 ffffd001`0df59790 ffffe001`4f0e0010 ffffd001`0df59760 : NTFS!NtfsFsdCleanup+0x19b ffffd001`0df596e0 fffff800`3d153a16 : ffffffff`fffe7960 ffffe001`51a17800 00000000`00000001 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4 ffffd001`0df59760 fffff801`9c0b491f : ffffe001`51e78090 00000000`00000000 00000000`00000000 fffff801`9c0bb89e : FLTMGR!FltpDispatch+0xb6 ffffd001`0df597c0 fffff801`9c0b940c : ffffe001`4dc31f20 00000000`00000000 ffffd001`0df59950 ffffd001`00000000 : nt!IopCloseFile+0x14f ffffd001`0df59850 fffff801`9c0c054d : 00000000`00000001 ffffe001`00000008 00000000`00000004 00000000`00000020 : nt!ObCloseHandleTableEntry+0x5fc ffffd001`0df599a0 fffff801`9be122d3 : ffffe001`51ce54c0 00000000`00000000 ffffe001`51ce54c0 ffffd001`0df59a80 : nt!NtClose+0xcd ffffd001`0df59a00 00000000`70ba1e52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd001`0df59a00) 00000000`01e7f3c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x70ba1e52 ==== IRP ==== Irp is active with 11 stacks 10 is current (= 0xffffe0014f0e0368) No Mdl: No System Buffer: Thread ffffe00151ce54c0: Irp stack trace. cmd flg cl Device File Completion-Context ... -> [IRP_MJ_CLEANUP(12), N/A(0)] 0 e0 ffffe0014f56e030 ffffe00151e78090 fffff8003d152e50-ffffe0014ed54880 Success Error Cancel \FileSystem\NTFS FLTMGR!FltpPassThroughCompletion Args: 00000000 00000000 00000000 00000000 [IRP_MJ_CLEANUP(12), N/A(0)] 0 1 ffffe0014f5db330 ffffe00151e78090 00000000-00000000 pending \FileSystem\FltMgr Args: 00000000 00000000 00000000 00000000 ==== FILE OBJECT ==== \Program Files (x86)\Google\Chrome\Application\107.0.5304.122\Installer\setup.exe Device Object: 0xffffe0014f57d8c0 \Driver\volmgr Vpb: 0xffffe0014f57ce20 Flags: 0x40042 Synchronous IO Cache Supported Handle Created File Object is currently busy and has 0 waiters. FsContext: 0xffffc001e023c150 FsContext2: 0xffffc001ea16bd80 CurrentByteOffset: 0 Cache Data: Section Object Pointers: ffffe00153341a78 Shared Cache Map: ffffe0014ef22b70 File Offset: 0 in VACB number 0 Data at offset 0 not mappedI also found that "Resource @ 0xffffe00153341ab0" is a 'PagingIoResource' member of FSRTL_ADVANCED_FCB_HEADER of these FILE_OBJECTs
(all 'FsContext' point to the same FCB; see above):
Resource @ 0xffffe00153341ab0 Shared 1 owning threads ... dt nt!_FSRTL_ADVANCED_FCB_HEADER 0xffffc001e023c150 ... +0x010 PagingIoResource : 0xffffe001`53341ab0 _ERESOURCE ...A few words about my driver (MyDriver.sys): it just a file monitor. This driver intercepts some file operations and then, in separate
thread, pulls summary information to user-mode application. Nothing unusual. Two special cases are post-create and post-cleanup callbacks:
sometimes, driver calls FltQueryInformationFile in these callbacks to obtain file size (see MyDriver!queryFileSize in the stack of
the first thread). IoGetTopLevelIrp check is present.
The "Driver Verifier" did not help (no violations was found).
Thanks in advance for any help.
Definitely looks weird. Is it possible to look at a copy of the dump file?
-scott
OSR