I may be stating the obvious, but have you tried to repro the problem
(i.e. run some kind of stress test) with the driver verifier enabled,
and/or using a checked build? Either of these may help expose the
underlying problem.
–Sandy
-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Wednesday, April 17, 2002 8:35 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: wrong driver processing IRP (repost with more in
fo)
The question with ANY hang is “for what is the thread waiting” and then
“why
is that never being signaled”. IopSynchronousServiceTail refers to an
IRP
that should be synchronous (based on the caller’s request) but the
driver
has posted and returned STATUS_PENDING.
Complicating this is the fact you do not have symbols for pathworks.
This
complicates the stack walk-through and you could be losing stack call
frames.
Another possibility is that the IRP has already been completed and
recycled
and the values that you see in the IRP from the trace are bogus because
they
don’t belong to this call sequence. That would suggest a DIFFERENT kind
of
failure (is there a pending APC anywhere on the system?) that might lead
to
this type of condition.
I have a standing offer to analyze dumps of this sort, so long as I have
permission to use them as teaching aids in my kernel debugging/crash
dump
analysis class.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: Sean Bullington [mailto:xxxxx@stg.com]
Sent: Wednesday, April 17, 2002 11:17 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: wrong driver processing IRP (repost with more
info)
Have you tried posting this to the NTDEV list to see if anyone there can
help (though you might want to trim it down some for the NTDEV list,
it’s a much more active list)?
:\
xxxxx@yahoo.com wrote:
This is a repost with more information.
I have a hang in NT kernel. It is VERY rare and takes about 1 month of
effort to reproduce. However before the system is deployed to 3000
servers
it needs to be fixed.It appears to me that Pathworks (which implements a network protocol
called DECnet) is attempting to process an IRP for a serial port
(Serial 6
- COM7), this results in a hang (or sometimes a blue screen in NDIS).
I don’t know how the IRP could get from the serial driver through IO
manager to the network stack. Neither are related filter drivers, and
RAS
is not installed.My suspision is Pathworks (because it has a bad history). The serial
driver
(written by 3rd party) is largely based on the DDK example (only 8 x
16550
on PCI). I have no access to source or symbols for Pathworks.The process context that the IRP should have been processed in is:
Image: ups.exeI have followed some advice I received as a result of my last posting,
and
some more ideas of my own.The thread in the UPS process context that was beginning to process the
IRP was blocked:
ChildEBP RetAddr Args to Child
efc92dd4 80117713 00000103 84e472c8 84e472c8
nt!KiSwapThread+0xc5
efc92df8 801705c8 ff892404 00000000 c92e5401
nt!KeWaitForSingleObject+0x1b5
efc92e30 8016e6b9 84aac580 84e472c8 ff8923a8
nt!IopSynchronousServiceTail+0xd2
efc92ed8 8013efc4 00000190 00000000 00000000
nt!NtReadFile+0x6c5
efc92ed8 77f67f07 00000190 00000000 00000000
nt!KiSystemService+0xc4
00f7fb6c 00000000 00000000 00000000 00000000 +0x77f67f07While this thread was blocked the DECnet Pathworks read appears to have
processed the IRP that was destined for the SSNT serial port driver.It is almost like the IO manager has a threading bug, where by the
thread
processing an IRP for the serial port was blocked, and while that
happened
another thread (for Pathworks) was able to take the wrong IRP off the
queue.Having said that it may not be so implausable as I am told that the
code to
access Pathworks poles in user mode at a rate of 20,000 poles per
second.
(I know - not good design, but that’s a different story).I tried to search through the data section of the SSNT device for any
global variables that could contain the DevObj for DECIOCB, it was not
found. However, then I discovered that much of the SSNT driver had been
paged out. This appears unusual to me, for low level device driver code
sections to be paged out!efcb7fc0 e8 f9 7a ff ff 59 3b c3 59 74 6c 8b c8 e8 d8 7b
…z…Y;.Ytl…{
efcb7fd0 ff ff eb 65 68 19 00 07 60 e8 d2 ee ff ff 53 6a
…eh….....Sj efcb7fe0 34 e8 d8 7a ff ff 59 3b c3 59 74 4b 8b c8 e8 9d 4..z..Y;.YtK.... efcb7ff0 7b ff ff eb 44 68 18 00 07 60 e8 b1 ee ff ff 53 {...Dh...…S
efcb8000 ??? ??? ??? ??? ??? ??? ???
??? ??? ??? ??? ??? ??? ??? ???
??? ???
efcb8010 ??? ??? ??? ??? ??? ??? ???
??? ??? ??? ??? ??? ??? ??? ???
??? ???
efcb8020 ??? ??? ??? ??? ??? ??? ???
??? ??? ??? ??? ??? ??? ??? ???
??? ???Here is the !drivers entry for SSNT:
efcaf000 e1c0 ( 57 k) 2dc0 ( 12 k) SsNt.sys Thu Jun 03
11:12:14
1999Below is an abbreviated and commented kd log:
84e472c8 == IRP in question
84aac580 == DevObj for SSNT (serial port driver)
83ce2370 == DevObj for DECIOCB (DECnet Pathworks)
ff8923a8 == file object for Serial Port 6
879f34a8 == file/socket object for DECnet Pathworkskd> k
nt!RtlpBreakWithStatusInstruction
nt!KeUpdateSystemTime+0x13e
EL90xBC4+0x504d <– 3Com NIC driver
NDIS!ndisMStartSendPackets+0x4ac
NDIS!ndisMProcessDeferred+0x1aa
NDIS!ndisMSendToSendPackets+0x16f
Decndis+0x2cf7
Decndis+0xc54
// then lots more frames in Pathworks (Dec***)
Deciocb+0xec4 // this is the dispatch routine arg1 = 83ce2370, arg2 =
84e472c8 (see below)
nt!IofCallDriver+0x37
nt!IopSynchronousServiceTail+0x6a
nt!IopXxxControlFile+0x6f3
nt!NtDeviceIoControlFile+0x28
nt!KiSystemService+0xc4
next is DeviceIoControl user mode etc.kd> !devobj 83ce2370 // expand the device object – this is as expected
Device object is for:
DECIOCB \Driver\Deciocb DriverObject 83ce2030
Current Irp 00000000 RefCount 3 Type 00008000 DevExt 83ce2428
Device queue is not busy.kd> !irp 84e472c8 // expand IRP that deciocb is processing
Irp is active with 1 stacks 1 is current
No Mdl System buffer = 80578aa8 Thread 85dca300: Irp stack trace.
cmd flg cl Device File Completion-Context>3 0 1 84aac580 ff8923a8 801dd6c4-ff8b5c68 pending
>
\Driver\SsNt SCSIPORT!ScsiPortInternalCompletion
Args: 00000001 00000000 00000000 00000007// The device reported in the IRP is not as expected: SsNt is the
serial
port driver. Strangely the device in the first argument to the
Pathworks
driver is okay, but the IRP in the second argument is for the serial
port
and appearently corrently formed.kd> !devobj 84aac580
Device object is for:
Serial6 \Driver\SsNt DriverObject 848e5dd0
Current Irp 00000000 RefCount 1 Type 0000001b DevExt 84deb788
Device queue is not busy.kd> !drivers
Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
System Driver and Image Summary
Base Code Size Data Size Image Name Creation
Time
80100000 c2440 ( 778 k) 22380 (137 k) ntoskrnl.exe Wed Jun 13
20:09:18
2001
80001000 d580 ( 54 k) 2ce0 ( 12 k) hal.dll Fri Feb 12
16:18:03
1999
80011000 5ae0 ( 23 k) dc0 ( 4 k) atapi.sys Tue May 11
20:07:16
1999
801dc000 72a0 ( 29 k) 14a0 ( 6 k) SCSIPORT.SYS Wed Jun 27
17:42:34
2001
80018000 2f00 ( 12 k) 900 ( 3 k) Disk.sys Fri Feb 12
16:44:14
1999
8001c000 27a0 ( 10 k) a60 ( 3 k) CLASS2.SYS Thu Jun 03
18:42:45
1999
801e5000 b80 ( 3 k) 9a0 ( 3 k) intlfxsr.sys Tue Mar 09
23:20:44
1999
801e7000 56840 ( 347 k) 5de0 ( 24 k) Ntfs.sys Thu Aug 26
12:50:36
1999
f42f8000 3b40 ( 15 k) b00 ( 3 k) Floppy.SYS Tue Jun 12
19:40:05
2001
f4308000 49a0 ( 19 k) 960 ( 3 k) Cdrom.SYS Fri Feb 12
16:44:05
1999
f45c9000 2c0 ( 1 k) 4a0 ( 2 k) Null.SYS Wed Jul 17
00:31:21
1996
f448c000 1780 ( 6 k) a60 ( 3 k) KSecDD.SYS Thu Jul 08
15:52:54
1999
f45ca000 760 ( 2 k) 560 ( 2 k) Beep.SYS Fri Feb 12
16:34:16
1999
f4358000 54c0 ( 22 k) 1ba0 ( 7 k) i8042prt.sys Fri Feb 12
16:38:08
1999
f4494000 1760 ( 6 k) a60 ( 3 k) mouclass.sys Tue Jun 29
15:54:41
1999
f449c000 1700 ( 6 k) a60 ( 3 k) kbdclass.sys Tue Jun 29
15:53:46
1999
f4370000 4aa0 ( 19 k) 13a0 ( 5 k) VIDEOPRT.SYS Fri Feb 12
16:28:05
1999
f3fb9000 e420 ( 58 k) 86e0 ( 34 k) i81xnt4.sys Thu May 18
14:05:12
2000
f44ac000 2ae0 ( 11 k) ac0 ( 3 k) vga.sys Fri Feb 12
16:32:22
1999
f43b8000 4820 ( 19 k) ea0 ( 4 k) Msfs.SYS Mon Oct 30
18:16:24
2000
f4030000 8020 ( 33 k) 1260 ( 5 k) Npfs.SYS Mon Aug 16
22:09:28
1999
efed2000 3fa60 ( 255 k) 6620 ( 26 k) NDIS.SYS Wed Aug 04
15:08:15
1999
a0000000 121a20 (1159 k) 1dc60 (120 k) win32k.sys Wed Sep 22
01:20:51
1999
f44c0000 2900 ( 11 k) fe0 ( 4 k) Ch7xxNT4.DLL Thu May 18
14:05:08
2000
f45cb000 5e0 ( 2 k) 580 ( 2 k) SiInt4.DLL Thu May 18
14:05:09
2000
efe72000 15de0 ( 88 k) 1560 ( 6 k) i81xdnt4.dll Thu May 18
14:05:11
2000
f4484000 1620 ( 6 k) c00 ( 3 k) TDI.SYS Wed Jul 17
00:39:08
1996
efdcf000 269c0 ( 155 k) 3da0 ( 16 k) tcpip.sys Wed Jun 27
18:05:17
2001
efe42000 2460 ( 10 k) 8a0 ( 3 k) ws2ifsl.sys Tue Aug 11
21:01:27
1998
efdb0000 1ba20 ( 111 k) 2940 ( 11 k) netbt.sys Mon Feb 12
21:51:51
2001
f4160000 c800 ( 50 k) 1200 ( 5 k) EL90xBC4.sys Tue Mar 09
16:32:01
1999
efd9f000 e3c0 ( 57 k) 1cc0 ( 8 k) afd.sys Thu Mar 29
21:10:30
2001
f43b0000 22a0 ( 9 k) 2420 ( 10 k) Deccore.sys Mon Sep 21
10:46:45
1998
f44f8000 1ba0 ( 7 k) ea0 ( 4 k) Deciocb.sys Mon Sep 21
10:46:59
1998
f4000000 5080 ( 21 k) 4780 ( 18 k) Decndis.sys Mon Sep 21
11:18:34
1998
f447c000 1ba0 ( 7 k) ea0 ( 4 k) Decshow.sys Mon Sep 21
10:47:08
1998
f4480000 2e20 ( 12 k) 720 ( 2 k) TCAITDI.sys Tue Jan 12
15:37:43
1999
efd61000 10c40 ( 68 k) 47c0 ( 18 k) Decdnp.sys Thu Oct 07
12:30:06
1999
f4298000 6320 ( 25 k) b40 ( 3 k) netbios.sys Wed Jun 16
20:19:18
1999
efe2a000 19a0 ( 7 k) a20 ( 3 k) Parport.SYS Thu Jun 21
03:01:13
2001
efec2000 2d00 ( 12 k) 9e0 ( 3 k) Parallel.SYS Thu Jun 21
03:01:27
2001
f4590000 d80 ( 4 k) 780 ( 2 k) ParVdm.SYS Wed Jul 17
00:31:25
1996
f4070000 9380 ( 37 k) 1ac0 ( 7 k) Serial.SYS Thu Jul 08
15:58:33
1999
efcaf000 e1c0 ( 57 k) 2dc0 ( 12 k) SsNt.sys Thu Jun 03
11:12:14
1999
efb2e000 3ade0 ( 236 k) 5cc0 ( 24 k) rdr.sys Wed Jun 13
17:37:25
2001
efaf5000 326e0 ( 202 k) 5c00 ( 23 k) srv.sys Wed Dec 13
21:19:02
2000
efab9000 10100 ( 65 k) 3660 ( 14 k) mup.sys Mon Feb 26
19:34:17
2001
efc7f000 2320 ( 9 k) 860 ( 3 k) spud.sys Sun Nov 16
18:23:04
1997
efc1f000 1b00 ( 7 k) 660 ( 2 k) tcaicchg.sys Sat Aug 15
09:06:14
1998
ef7ee000 1fe20 ( 128 k) 2980 ( 11 k) Fastfat.SYS Thu Aug 26
13:14:32
1999
ef931000 d720 ( 54 k) 1520 ( 6 k) Cdfs.SYS Mon Jun 28
19:13:53
1999No unloaded module list present
Loading User Symbols
00400000 4000 ( 16 k) 3000 ( 12 k) dsloadserver.exe Mon Oct 15
06:36:58 2001
77f60000 0 ( 0 k) 0 ( 0 k) ntdll.dll unavailable
77f00000 0 ( 0 k) 0 ( 0 k) KERNEL32.dll unavailable
77b20000 0 ( 0 k) 0 ( 0 k) ole32.dll unavailable
77e10000 0 ( 0 k) 0 ( 0 k) RPCRT4.dll unavailable
77dc0000 0 ( 0 k) 0 ( 0 k) ADVAPI32.dll unavailable
77e70000 0 ( 0 k) 0 ( 0 k) USER32.dll unavailable
77ed0000 0 ( 0 k) 0 ( 0 k) GDI32.dll unavailable
65340000 0 ( 0 k) 0 ( 0 k) OLEAUT32.dll unavailable
78000000 0 ( 0 k) 0 ( 0 k) MSVCRT.dll unavailable
67fb0000 0 ( 0 k) 0 ( 0 k) TCSSService.dll unavailable
67f70000 0 ( 0 k) 0 ( 0 k) TCSSToolkit.dll unavailable
5f800000 0 ( 0 k) 0 ( 0 k) MFC42u.DLL unavailable
776d0000 0 ( 0 k) 0 ( 0 k) WSOCK32.dll unavailable
776b0000 0 ( 0 k) 0 ( 0 k) WS2_32.dll unavailable
776a0000 0 ( 0 k) 0 ( 0 k) WS2HELP.dll unavailable
780c0000 0 ( 0 k) 0 ( 0 k) MSVCP60.dll unavailable
200d0000 0 ( 0 k) 0 ( 0 k) DSLoader.dll unavailable
67f60000 0 ( 0 k) 0 ( 0 k) TCSSToolkitStartup.dll
unavailable
5f3e0000 0 ( 0 k) 0 ( 0 k) ATL.DLL unavailable
67fd0000 0 ( 0 k) 0 ( 0 k) TCSSConfig.dll unavailable
77bf0000 0 ( 0 k) 0 ( 0 k) rpcltc1.dll unavailable
77660000 0 ( 0 k) 0 ( 0 k) msafd.dll unavailable
77690000 0 ( 0 k) 0 ( 0 k) wshtcpip.dll unavailable
10000000 0 ( 0 k) 0 ( 0 k) TCSSServiceps.dll unavailable
74ff0000 0 ( 0 k) 0 ( 0 k) rnr20.dll unavailable
012a0000 0 ( 0 k) 0 ( 0 k) TCSSTeamSvcps.dll unavailable
200f0000 0 ( 0 k) 0 ( 0 k) Kernel.dll unavailable
014b0000 0 ( 0 k) 0 ( 0 k) PWSOCK32.dll unavailable
014d0000 0 ( 0 k) 0 ( 0 k) NMAPI32.dll unavailable
014f0000 0 ( 0 k) 0 ( 0 k) PWIOCB32.dll unavailable
77a90000 0 ( 0 k) 0 ( 0 k) VERSION.dll unavailable
77c40000 0 ( 0 k) 0 ( 0 k) SHELL32.dll unavailable
716f0000 0 ( 0 k) 0 ( 0 k) COMCTL32.dll unavailable
779c0000 0 ( 0 k) 0 ( 0 k) LZ32.dll unavailable
20280000 0 ( 0 k) 0 ( 0 k) DSPDISupport.dll unavailable
01e20000 0 ( 0 k) 0 ( 0 k) PWEL32.DLL unavailable
20240000 0 ( 0 k) 0 ( 0 k) DSPDILoader.dll unavailable
20000000 0 ( 0 k) 0 ( 0 k) Data Manager.dll unavailable
20190000 0 ( 0 k) 0 ( 0 k) SV.dll unavailable
20130000 0 ( 0 k) 0 ( 0 k) Record Manager.dll unavailablekd> !process 0 7
.
. trimmed for posting
.
PROCESS 871d5020 Cid: 00bf Peb: 7ffdf000 ParentCid: 002d
DirBase: 068a4000 ObjectTable: 8725b0e8 TableSize: 158.
Image: DSLoadServer.ex
VadRoot 85dfe168 Clone 0 Private 1211. Modified 3246. Locked 0.
871D51DC MutantState Signalled OwningThread 0
Token e1949bf0
ElapsedTime 17:41:20.0562
UserTime 0:42:31.0343
KernelTime 17:06:51.0390
QuotaPoolUsage[PagedPool] 23174
QuotaPoolUsage[NonPagedPool] 21420
Working Set Sizes (now,min,max) (2181, 50, 345) (8724KB, 200KB,
1380KB)
PeakWorkingSetSize 2816
VirtualSize 49 Mb
PeakVirtualSize 50 Mb
PageFaultCount 13661
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 1249THREAD 871d5dc0 Cid bf.be Teb: 7ffde000 Win32Thread:
e19470e8
WAIT: (Executive) UserMode Non-Alertable
86929ba4 NotificationEvent
IRP List:
860cb208: (0006,00b8) Flags: 00000970 Mdl: 00000000
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 3285
Context Switch Count 38 LargeStack
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
Start Address 0x77f0529c
Win32 Start Address 0x00403d13
Stack Init efbbf000 Current efbbedbc Base efbbf000 Limit
efbbb000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.THREAD 86929020 Cid bf.c5 Teb: 7ffdd000 Win32Thread:
e194e248
WAIT: (UserRequest) UserMode Non-Alertable
86a46d80 Semaphore Limit 0x2710
86a46d40 NotificationEvent
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22399329
Context Switch Count 23596 LargeStack
UserTime 0:00:01.0156
KernelTime 0:00:02.0015
Start Address 0x77f05290
Win32 Start Address 0x7800be8d
Stack Init efb9f000 Current efb9eb18 Base efb9f000 Limit
efb9c000
Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.ChildEBP RetAddr Args to Child
efb9eb30 8011748b 8725b0e8 00000002 86a46d28
nt!KiSwapThread+0xc5
efb9eb68 80136857 00000002 efb9ed9c 00000001
nt!KeWaitForMultipleObjects+0x29b
efb9eee8 8013efc4 00000002 00f9fec0 00000001
nt!NtWaitForMultipleObjects+0x281
efb9eee8 77f682cb 00000002 00f9fec0 00000001
nt!KiSystemService+0xc4
00f9fef0 67f72421 00000002 00f9ff20 00000000 +0x77f682cb
77f1cf45 7d8330ec 56530808 64397657 000018a1 +0x67f72421
83ec8b55 35222c22 32222c22 32323130 38343833 +0x7d8330ec
36222c20 00000000 00000000 00000000 00000000 +0x35222c22THREAD 870f1020 Cid bf.c7 Teb: 7ffdc000 Win32Thread:
e194f788
RUNNING
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22402528
Context Switch Count -1874803810
LargeStack
UserTime 0:40:20.0328
KernelTime 17:00:01.0156
Start Address 0x77f05290
Win32 Start Address 0x77dd8c10
Stack Init efb8f000 Current efb8eafc Base efb8f000 Limit
efb8b000
Call 0
Priority 15 BasePriority 8 PriorityDecrement 7 DecrementCount
16ChildEBP RetAddr Args to Child
efb8ea94 801428ba 00000001 02384b02 000000d1
nt!RtlpBreakWithStatusInstruction
efb8ea94 f416504d 00000001 02384b02 000000d1
nt!KeUpdateSystemTime+0x13e
efb8eb28 efefc386 83d74008 839131e8 00000005 +0xf416504d
efb8eb80 efeeb96b 83bf3be6 83bf3bb8 00000001 +0xefefc386
efb8eba8 efeff91c f4005580 ffa7161c ffa71630 +0xefeeb96b
efb8ebc0 f4002cf7 84817d08 ffa5e628 f400574c +0xefeff91c
efb8ebe0 f4000c54 f4005580 ffa71644 00000010 +0xf4002cf7
efb8ec1c f4001790 f4005580 efb8ec64 f400574c +0xf4000c54
efb8ec34 f40017ac f4005580 00000005 efb8ec64 +0xf4001790
efb8ec4c efd70533 00000005 efb8ec64 00000000 +0xf40017ac
efb8ec94 efd6623c ffa55f5c 84abf03a ffa52188 +0xefd70533
efb8ecac efd6c257 ffa55f5c ffa5217c 00000000 +0xefd6623c
efb8ecc8 efd6977e ffa520b8 efb8ecec efd693c9 +0xefd6c257
efb8ecd4 efd693c9 ffa520b8 ffa508e0 efd72028 +0xefd6977e
efb8ecec efd6febc ffa520c0 00000000 00000000 +0xefd693c9
efb8ed08 efd69411 efd72028 efd69369 00000000 +0xefd6febc
efb8ed3c efd670cf 00000005 ffa55054 00000000 +0xefd69411
efb8ed5c efd6743d ffaa12c8 efb8ed8c f44f8c61 +0xefd670cf
efb8ed68 f44f8c61 ffaa12c8 00000000 840b0d28 +0xefd6743d
efb8ed8c f44f8ea5 83ce2370 0000de01 84e472c8 +0xf44f8c61
efb8edb4 f44f8ec4 83ce2370 84e472c8 84e472c8 +0xf44f8ea5
efb8edcc 80111d17 83ce2370 84e472c8 870f122c +0xf44f8ec4
efb8ede0 80170560 0109fc5c 0109fc72 8016ae01
nt!IofCallDriver+0x37
efb8ee04 80170d39 83ce2370 84e472c8 879f34a8
nt!IopSynchronousServiceTail+0x6a
efb8eea0 8016ae92 000001a4 00000180 00000000
nt!IopXxxControlFile+0x6f3
efb8eed4 8013efc4 000001a4 00000180 00000000
nt!NtDeviceIoControlFile+0x28
efb8eed4 77f6797f 000001a4 00000180 00000000
nt!KiSystemService+0xc4
0109fb8c 014f1775 000001a4 80003804 0109fc5c +0x77f6797f
0109fbf4 014f18cc 80003804 0109fc5c 0015391e +0x14f1775
0109fc1c 014b3ae0 0000de01 0109fc5c 00000000 +0x14f18cc
0109fc3c 014b4621 00000000 0109fc5c 00010001 +0x14b3ae0
0109fcd0 014b467d 00000007 2010a052 00000280 +0x14b4621
0109fcf8 200fea3a 00000007 2010a052 00000280 +0x14b467d
0109fd18 200fd6d4 00000007 2010a052 00000280 +0x200fea3a
0109fd34 200fd44e 2010a030 00000005 2010bf50 +0x200fd6d4
0109fd50 200f1dd7 0109fd78 0109fd6c 00000000 +0x200fd44e
0109fd70 200fa85b 2010f5a4 00000000 00000000 +0x200f1dd7
0109ff24 67fb32b8 00bd35e4 00bd3a0c 00000000 +0x200fa85b
0109ff68 67fb5119 ffffffff 00147e20 00147e20 +0x67fb32b8
0109ffa8 77dd8c1e 00000001 00147e28 0012fe1c +0x67fb5119THREAD 870f1540 Cid bf.c9 Teb: 7ffda000 Win32Thread:
e1952ca8
WAIT: (UserRequest) UserMode Alertable
870f17c0 SynchronizationEvent
870f1628 NotificationTimer
IRP List:
861346a8: (0006,0100) Flags: 00000070 Mdl: 00000000
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 3287
Context Switch Count 1 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x77661e66
Stack Init efb7f000 Current efb7ee64 Base efb7f000 Limit
efb7b000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.THREAD 879f3a40 Cid bf.e7 Teb: 7ffd7000 Win32Thread:
00000000
WAIT: (UserRequest) UserMode Non-Alertable
87794340 NotificationEvent
87179f00 NotificationEvent
86ea9240 NotificationEvent
86c29ee0 NotificationEvent
877dbf80 NotificationEvent
87794a20 NotificationEvent
877949a0 NotificationEvent
877949e0 NotificationEvent
86c29c00 NotificationEvent
856a2e20 NotificationEvent
87179bc0 NotificationEvent
87794f60 NotificationEvent
877db9a0 NotificationEvent
871163a0 NotificationEvent
856a23a0 NotificationEvent
85c87aa0 NotificationEvent
85b3aca0 NotificationEvent
86ff76e0 NotificationEvent
87794fa0 NotificationEvent
86c29de0 NotificationEvent
87179020 NotificationEvent
86ce21e0 NotificationEvent
87b12160 NotificationEvent
87364bc0 NotificationEvent
8731d140 NotificationEvent
86ce20e0 NotificationEvent
86bb91e0 NotificationEvent
879f36a0 NotificationEvent
87763aa0 NotificationEvent
873d4800 NotificationEvent
873d47c0 NotificationEvent
873d4780 NotificationEvent
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22402221
Context Switch Count -1931845019
UserTime 0:02:06.0609
KernelTime 0:06:32.0843
Start Address 0x77f05290
Win32 Start Address 0x014f1960
Stack Init efc5f000 Current efc5eb18 Base efc5f000 Limit
efc5c000
Call 0
Priority 10 BasePriority 10 PriorityDecrement 0 DecrementCount
0
Kernel stack not resident.ChildEBP RetAddr Args to Child
efc5eb30 8011748b 8725b0e8 00000020 873d4768
nt!KiSwapThread+0xc5
efc5eb68 80136857 00000020 efc5ed9c 00000001
nt!KeWaitForMultipleObjects+0x29b
efc5eee8 8013efc4 00000020 001530c8 00000001
nt!NtWaitForMultipleObjects+0x281
efc5eee8 77f682cb 00000020 001530c8 00000001
nt!KiSystemService+0xc4
01e1ff68 77f1cf41 00000020 00153274 00000000 +0x77f682cb
01e1ff84 014f1991 00000020 00153274 00000000 +0x77f1cf41
01e1ffb8 77f04ef0 00153250 0109f7ac 0109f780 +0x14f1991
01e1ffec 00000000 014f1960 00153250 00000000 +0x77f04ef0THREAD 86ce2680 Cid bf.e8 Teb: 7ffd6000 Win32Thread:
00000000
WAIT: (UserRequest) UserMode Alertable
86ce2540 SynchronizationEvent
86ce2500 SynchronizationEvent
ff8de580 SynchronizationEvent
ff8de500 SynchronizationEvent
ff8de3a0 SynchronizationEvent
ff8de360 SynchronizationEvent
ff8dbea0 SynchronizationEvent
ff8d5120 SynchronizationEvent
IRP List:
84ffbf68: (0006,0094) Flags: 00000970 Mdl: 00000000
86590128: (0006,0094) Flags: 00000a30 Mdl: 00000000
85a70428: (0006,0094) Flags: 00000a30 Mdl: 00000000
80d45148: (0006,0094) Flags: 00000a30 Mdl: 00000000
ff8ac468: (0006,0094) Flags: 00000a30 Mdl: 00000000
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22400120
Context Switch Count 348172
UserTime 0:00:03.0218
KernelTime 0:00:15.0375
Start Address 0x77f05290
Win32 Start Address 0x7800be8d
Stack Init ef9c5000 Current ef9c4b18 Base ef9c5000 Limit
ef9c2000
Call 0
Priority 10 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.ChildEBP RetAddr Args to Child
ef9c4b30 8011748b 8725b0e8 00000008 ff8d5108
nt!KiSwapThread+0xc5
ef9c4b68 80136857 00000008 ef9c4d9c 00000001
nt!KeWaitForMultipleObjects+0x29b
ef9c4ee8 8013efc4 00000008 0234ff38 00000001
nt!NtWaitForMultipleObjects+0x281
ef9c4ee8 77f682cb 00000008 0234ff38 00000001
nt!KiSystemService+0xc4
0234ff68 200f91cf 00000008 20113508 00000000 +0x77f682cb
0234ffb8 77f04ef0 00bd41b0 00000000 0109fbe0 +0x200f91cf
0234ffec 00000000 7800be8d 00bd41b0 00000000 +0x77f04ef0THREAD 80582780 Cid bf.17f Teb: 7ffd9000 Win32Thread:
00000000
WAIT: (WrLpcReceive) UserMode Non-Alertable
86d3d2c8 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22368403
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x77e17bb7
Stack Init efc63000 Current efc62e30 Base efc63000 Limit
efc60000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.ChildEBP RetAddr Args to Child
efc62e48 80117713 00000000 e194d4e0 80582780
nt!KiSwapThread+0xc5
efc62e6c 80179656 86d3d2c8 00000010 c62e8801
nt!KeWaitForSingleObject+0x1b5
efc62eec 8013efc4 000000c0 0119ff6c 00000000
nt!NtReplyWaitReceivePort+0x366
efc62eec 77f67fa7 000000c0 0119ff6c 00000000
nt!KiSystemService+0xc4
0119ff90 77e17efd 77e17b1b 00150450 0119ffec +0x77f67fa7
00003a98 00000000 00000000 00000000 00000000 +0x77e17efdTHREAD 82f99020 Cid bf.13c Teb: 7ffd8000 Win32Thread:
00000000
WAIT: (WrLpcReceive) UserMode Non-Alertable
86d3d2c8 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 871d5020
WaitTime (seconds) 22391507
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x77e17bb7
Stack Init efe2a000 Current efe29e30 Base efe2a000 Limit
efe27000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.ChildEBP RetAddr Args to Child
efe29e48 80117713 00000000 e194d4e0 82f99020
nt!KiSwapThread+0xc5
efe29e6c 80179656 86d3d2c8 00000010 e29e8801
nt!KeWaitForSingleObject+0x1b5
efe29eec 8013efc4 000000c0 013aff6c 00000000
nt!NtReplyWaitReceivePort+0x366
efe29eec 77f67fa7 000000c0 013aff6c 00000000
nt!KiSystemService+0xc4
013aff90 77e17efd 77e17b1b 00150450 013affec +0x77f67fa7
00003a98 00000000 00000000 00000000 00000000 +0x77e17efdPROCESS 85ca5680 Cid: 009f Peb: 7ffdf000 ParentCid: 002d
DirBase: 060d0000 ObjectTable: 85f3c9a8 TableSize: 110.
Image: ups.exe
VadRoot 83dd2488 Clone 0 Private 294. Modified 196. Locked 0.
85CA583C MutantState Signalled OwningThread 0
Token e1932bf0
ElapsedTime 17:41:22.0609
UserTime 0:00:00.0171
KernelTime 0:00:00.0203
QuotaPoolUsage[PagedPool] 15284
QuotaPoolUsage[NonPagedPool] 183920
Working Set Sizes (now,min,max) (758, 50, 345) (3032KB, 200KB,
1380KB)
PeakWorkingSetSize 760
VirtualSize 26 Mb
PeakVirtualSize 26 Mb
PageFaultCount 802
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 345THREAD 85ca5420 Cid 9f.ae Teb: 7ffde000 Win32Thread:
e19319a8
WAIT: (Executive) UserMode Non-Alertable
85dc6fe4 NotificationEvent
IRP List:
86393388: (0006,00b8) Flags: 00000970 Mdl: 00000000
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 3168
Context Switch Count 43 LargeStack
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
Start Address 0x77f0529c
Win32 Start Address 0x0045ead0
Stack Init efcd1000 Current efcd0dbc Base efcd1000 Limit
efccd000
Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount
14
Kernel stack not resident.THREAD 85e497c0 Cid 9f.5a Teb: 7ffdd000 Win32Thread:
00000000
READY
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 22402599
Context Switch Count 116859
UserTime 0:00:00.0031
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x77dd8c33
Stack Init efc2f000 Current efc2ee64 Base efc2f000 Limit
efc2c000
Call 0
Priority 15 BasePriority 8 PriorityDecrement 7 DecrementCount
16ChildEBP RetAddr Args to Child
efc2ee7c 80117713 00000000 efc2eec8 80190201
nt!KiSwapThread+0xc5
efc2eea0 801902ff 840b0500 00000006 80190201
nt!KeWaitForSingleObject+0x1b5
efc2eef0 8013efc4 0000005c 00000000 efc2eec8
nt!NtWaitForSingleObject+0xa9
efc2eef0 77f682db 0000005c 00000000 efc2eec8
nt!KiSystemService+0xc4
00d7ff34 00000000 00000000 00000000 00000000 +0x77f682dbTHREAD 85dca300 Cid 9f.a6 Teb: 7ffdc000 Win32Thread:
00000000
WAIT: (Executive) UserMode Non-Alertable
ff892404 NotificationEvent
IRP List:
84e472c8: (0006,0094) Flags: 00000970 Mdl: 00000000
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 22402817
Context Switch Count 2073056
UserTime 0:00:00.0093
KernelTime 0:00:00.0187
Start Address 0x77f05290
Win32 Start Address 0x0045d5e0
Stack Init efc93000 Current efc92dbc Base efc93000 Limit
efc90000
Call 0
Priority 15 BasePriority 8 PriorityDecrement 5 DecrementCount
16ChildEBP RetAddr Args to Child
efc92dd4 80117713 00000103 84e472c8 84e472c8
nt!KiSwapThread+0xc5
efc92df8 801705c8 ff892404 00000000 c92e5401
nt!KeWaitForSingleObject+0x1b5
efc92e30 8016e6b9 84aac580 84e472c8 ff8923a8
nt!IopSynchronousServiceTail+0xd2
efc92ed8 8013efc4 00000190 00000000 00000000
nt!NtReadFile+0x6c5
efc92ed8 77f67f07 00000190 00000000 00000000
nt!KiSystemService+0xc4
00f7fb6c 00000000 00000000 00000000 00000000 +0x77f67f07THREAD 8640f200 Cid 9f.4a Teb: 7ffdb000 Win32Thread:
00000000
READY
IRP List:
ff86c928: (0006,0100) Flags: 00000070 Mdl: 00000000
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 22402722
Context Switch Count 700025
UserTime 0:00:00.0015
KernelTime 0:00:00.0015
Start Address 0x77f05290
Win32 Start Address 0x0045d5e0
Stack Init efae9000 Current efae8e64 Base efae9000 Limit
efae6000
Call 0
Priority 15 BasePriority 8 PriorityDecrement 5 DecrementCount
16ChildEBP RetAddr Args to Child
efae8e7c 80117713 00000000 efae8ec8 80190201
nt!KiSwapThread+0xc5
efae8ea0 801902ff 8650ae40 00000006 80190201
nt!KeWaitForSingleObject+0x1b5
efae8ef0 8013efc4 00000114 00000001 efae8ec8
nt!NtWaitForSingleObject+0xa9
efae8ef0 77f682db 00000114 00000001 efae8ec8
nt!KiSystemService+0xc4
010deae4 00000000 00000000 00000000 00000000 +0x77f682dbTHREAD 865f7be0 Cid 9f.4f Teb: 7ffda000 Win32Thread:
00000000
WAIT: (UserRequest) UserMode Alertable
8650ac80 NotificationEvent
865f7cc8 NotificationTimer
IRP List:
83f31c08: (0006,0100) Flags: 00000070 Mdl: 00000000
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 3237
Context Switch Count 5
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x0045d5e0
Stack Init efae5000 Current efae4e64 Base efae5000 Limit
efae2000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.THREAD 865f7860 Cid 9f.50 Teb: 7ffd9000 Win32Thread:
00000000
WAIT: (UserRequest) UserMode Alertable
8664dd60 NotificationEvent
865f7948 NotificationTimer
IRP List:
8570cee8: (0006,0100) Flags: 00000070 Mdl: 00000000
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 3237
Context Switch Count 6
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x0045d5e0
Stack Init efae1000 Current efae0e64 Base efae1000 Limit
efade000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.THREAD 865f7340 Cid 9f.af Teb: 7ffd8000 Win32Thread:
00000000
WAIT: (WrLpcReceive) UserMode Non-Alertable
865f75a8 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 3205
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x77e17bb7
Stack Init efadd000 Current efadce30 Base efadd000 Limit
efada000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.THREAD 877d71c0 Cid 9f.db Teb: 7ffd7000 Win32Thread:
00000000
WAIT: (UserRequest) UserMode Non-Alertable
87794b70 NotificationEvent
Not impersonating
Owning Process 85ca5680
WaitTime (seconds) 3417
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x77f05290
Win32 Start Address 0x0045d5e0
Stack Init efc7f000 Current efc7ee64 Base efc7f000 Limit
efc7c000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.kd> !irpfind
Searching NonPaged pool (80571000 : 86b16000) for Tag: Irp
80cc49a8 Thread 839132e0 current stack belongs to \FileSystem\Npfs
80cc4b48 Thread 80579b40 current stack belongs to \FileSystem\Npfs
80d35dc8 Thread 00000000 current stack belongs to 80cf2290: is not a
device
object80d382a8 Thread c7763380 Irp is complete (CurrentLocation 65 >
StackCount
80d407a8 Thread 00000000 Irp is complete (CurrentLocation 3 >
StackCount 2)
80d43a88 Thread 00000000 current stack belongs to \Driver\Cdrom
80d45148 Thread 86ce2680 current stack belongs to \Driver\SsNt
837bb808 Thread 85a52920 current stack belongs to \Driver\Afd
83cb8668 Thread 86929d20 current stack belongs to \Driver\Mouclass
83dd3848 Thread 84d33d40 current stack belongs to \Driver\Afd
83e13ee8 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
83f316c8 Thread 84677620 current stack belongs to \FileSystem\Npfs
83f31908 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
83f31c08 Thread 865f7be0 current stack belongs to \Driver\Afd
84089de8 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
841adc48 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
841cf008 Thread 84a3b820 current stack belongs to \FileSystem\Npfs
841cfee8 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
84247268 Thread 841ad340 current stack belongs to \FileSystem\Ntfs
843d80c8 Thread 851b6980 current stack belongs to \FileSystem\Npfs
84591008 Thread 00000000 Irp is complete (CurrentLocation 3 >
StackCount 2)
846487e8 Thread 874333a0 current stack belongs to \Driver\Afd
84e472c8 Thread 85dca300 current stack belongs to \Driver\SsNt
852b6408 Thread 85f3cdc0 current stack belongs to \FileSystem\Npfs
852c3d88 Thread 85087420 current stack belongs to \FileSystem\Npfs
852eb828 Thread ff7f3ae0 current stack belongs to \Driver\Afd
859bf6e8 Thread 86c29740 current stack belongs to \Driver\Afd
85dc6368 Thread 8731d660 current stack belongs to \FileSystem\Npfs
85dcaaa8 Thread 86bb95e0 current stack belongs to \FileSystem\Npfs
860cb208 Thread 871d5dc0 current stack belongs to \FileSystem\Npfs
86393388 Thread 85ca5420 current stack belongs to \FileSystem\Npfs
31 active irpsAny clues, advice, hints etc?
You are currently subscribed to windbg as: xxxxx@stg.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to %%email.unsub%%