Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


System hang: Calling FltDoCompletionProcessingWhenSafe in post read callback of the minifilter.

Sujay_UpasaniSujay_Upasani Member Posts: 14

Observed hang on the system, below is some information from the dump.

In post read callback(fp_core!PK_vfscallPostRead) of minifilter, FltDoCompletionProcessingWhenSafe function is used, and no IO opearion is performed in this callback.

0: kd> !irql

Debugger saved IRQL for processor 0x0 -- 0 (LOW_LEVEL)

0: kd> !fltkd.cbd 0xffffe000`6b332958
IRP_CTRL: ffffe0006b332880 READ (3) [80000001] Irp Dirty
Flags : [00000004] DontCopyParms
Irp : ffffe0006d5419d0
DeviceObject : ffffe00062ddba00 "\Device\HarddiskVolume2"
FileObject : ffffe00062e0ef20
CompletionNodeStack : ffffe0006b3329f8 Size=12 Next=1
SyncEvent : (ffffe0006b332898)
InitiatingInstance : 0000000000000000
Icc : ffffd00021f475d0
PendingCallbackNode : ffffe00062fe1260
PendingCallbackContext : 0000000000000000
PendingStatus : 0x00000000
CallbackData : (ffffe0006b332958)
Flags : [80000001] Irp Dirty
Thread : ffffe00068614080
Iopb : ffffe0006b3329b0
RequestorMode : [00] KernelMode
IoStatus.Status : 0x00000000
IoStatus.Information : 0000000000000000
TagData : 0000000000000000
FilterContext[0] : ffffe0006b7a1988
FilterContext[1] : ffffe000645ca118
FilterContext[2] : ffffe001294b73e0
FilterContext[3] : 0000000000000000
Cmd IrpFl OpFl CmpFl Instance FileObjt Completion-Context Node Adr


[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332f78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332ef8
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332e78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332df8
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332d78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332cf8
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332c78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332bf8
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332b78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332af8
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[0,0] 00000000 00 0000 0000000000000000 0000000000000000 0000000000000000-0000000000000000 ffffe0006b332a78
Args: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[3,0] 00060900 00 0000 ffffe00062fe1010 ffffe00062e0ef20 fffff8001bfb0e2c-0000000000000000 ffffe0006b3329f8
("fp_core","fp_core") fp_core!PK_vfscallPostRead
Args: 0000000000000010 0000000000000000 0000000000000018 ffffd00021f47a88 0000000000000000 0000000000000000
Working IOPB:

[3,0] 00060900 00 ffffe00062fe1010 ffffe00062e0ef20 ffffe0006b3329b0

        ("fp_core","fp_core")  

Args: 0000000000000010 0000000000000000 0000000000000018 ffffd00021f47a88 ffffe0006cbc8220 0000000000000000

0: kd> !fileobj ffffe00062e0ef20
\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5569.2100.105\Data\IRON\Iron.db
Device Object: 0xffffe00062e53060 \Driver\volmgr
Vpb: 0xffffe00062d520c0
Access: Read SharedRead SharedWrite
Flags: 0x1c0042
Synchronous IO
Cache Supported
Handle Created
Fast IO Read
Random Access

File Object is currently busy and has 0 waiters.

FsContext: 0xffffc00021ba6140 FsContext2: 0xffffc00021b64860

Private Cache Map: 0xffffe00062e01a00
CurrentByteOffset: 5400
Cache Data:
Section Object Pointers: ffffe00062fa7d08
Shared Cache Map: ffffe000641a2ad0 File Offset: 5400 in VACB number 0
Vacb: ffffe00061eedf78

Your data is at: ffffb00062985400

0: kd> !thread ffffe00068614080
THREAD ffffe00068614080 Cid 08ec.0f88 Teb: 000000007ee9b000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable
ffffe00062e0efb8 NotificationEvent
IRP List:
ffffe0006d5419d0: (0006,0310) Flags: 00060900 Mdl: 00000000
ffffe0006441b260: (0006,0118) Flags: 00060000 Mdl: ffffe0006d55ec20
Not impersonating
DeviceMap ffffc0001fe0dba0
Owning Process ffffe000677b5080 Image: ccSvcHst.exe
Attached Process N/A Image: N/A
Wait Start TickCount 22123122 Ticks: 716197 (0:03:06:30.578)
Context Switch Count 371011 IdealProcessor: 0
UserTime 00:03:37.531
KernelTime 00:00:24.578
Win32 Start Address 0x000000006dc719c5
Stack Init ffffd00021f48c90 Current ffffd00021f472e0
Base ffffd00021f49000 Limit ffffd00021f43000 Call 0000000000000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd00021f47320 fffff8010e673d6e : fffff8010e8fc180 ffffe00068614080 00000000fffffffe 00000000fffffffe : nt!KiSwapContext+0x76
ffffd00021f47460 fffff8010e6737e9 : ffffe0006b332880 0000000000000178 ffffe0006d541c98 ffffd00000000000 : nt!KiSwapThread+0x14e
ffffd00021f47500 fffff8010e67bd83 : ffffd00021f47a01 0000000000000000 ffffe00062ddba00 0000000000000000 : nt!KiCommitThreadWait+0x129
ffffd00021f47580 fffff8010ea9f3f1 : ffffe00062e0efb8 ffffd00000000000 ffffe00062e0ef00 fffff80000000000 : nt!KeWaitForSingleObject+0x373
ffffd00021f47610 fffff8010ea01794 : ffffe00062e0ef04 ffffe00062e0ef20 ffffe000681584f0 ffffe00062e0ef20 : nt!IopSynchronousServiceTail+0x3cd
ffffd00021f476e0 fffff8010e76b3e3 : ffffd00000000000 0000000000000000 0000000000000000 0000000000000000 : nt!NtReadFile+0x664
ffffd00021f477d0 fffff8010e75f4a0 : fffff8001be2d248 0000000000000000 0000000000000018 000000000074e000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd00021f47840) ffffd00021f479d8 fffff8001be2d248 : 0000000000000000 0000000000000018 000000000074e000 000000000074e000 : nt!KiServiceLinkage ffffd00021f479e0 fffff8001bd11349 : 0000000000000018 ffffc00021b63018 0000000000000000 ffffc00021b63018 : symefasi64+0x1b2248 ffffd00021f47d70 fffff8001cf91676 : ffffc00021bb9468 fffff8001cf8f7b5 ffffd00000000020 0000000000000000 : symefasi64+0x1ae80d ffffd00021f48110 fffff8001cf12fef : ffffe00062e16040 ffffd00021f48330 ffffd00021f48330 ffffd00021f483c8 : Ironx64+0x281d2 ffffd00021f481e0 fffff8001ce91f41 : ffffd00021f48430 fffff8001ce85408 ffffd00021f48330 0000000000000000 : SRTSP64+0xbdfef ffffd00021f48810 fffff8010eaa02b8 : ffffe00067fdb740 ffffe0006441b260 ffffe00067fdb740 ffffe00067fdb740 : nt!IopSynchronousServiceTail+0x32b ffffd00021f488e0 fffff8010ea72656 : ffffd00021f48a38 00000000000007bc 0000000000000001 000000000a0ae9b8 : nt!IopXxxControlFile+0xdb8 ffffd00021f48a20 fffff8010e76b3e3 : ffffe00068614080 ffffd000001f0003 000000000a06e4b8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56

ffffd00021f48a90 0000000077e22352 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`21f48b00)

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,352

    FltDoCompletionProcessingWhenSafe posts the work to a worker thread if the IRQL is too high. Check the System process and see why the worker thread is blocked:

    !process 0 1f System
    

    -scott
    OSR

  • Sujay_UpasaniSujay_Upasani Member Posts: 14

    Hello Scott,

    We are pending pre-read/write requests using FltCbdq. From some of the blocked thread, IRP looks in pending state and the last stack location is shown of our driver(fp_core). This happens for the specific file of Symantec(iron.db). Below is the information of threads of system.exe.

    4.000008 ffffe00061e49040 fea3800c Blocked nt!MmZeroPageThread+0x35b
    4.00000c ffffe00061e504c0 ffffffea Blocked nt!PopIrpWorkerControl+0x38
    4.000010 ffffe00061edd880 ff6e1cd4 Blocked nt!PopIrpWorker+0x169
    4.000014 ffffe00061e45780 ff6eb308 Blocked nt!PopIrpWorker+0x169
    4.000018 ffffe00061fd3800 ffffffea Blocked nt!PopFxEmergencyWorker+0x3e
    4.00001c ffffe00061ecc780 fea393bf Blocked nt!ExpWorkerThreadBalanceManager+0xc2
    4.000024 ffffe00061ffd040 fea38199 Blocked nt!ExpWorkerFactoryManagerThread+0x44
    4.000028 ffffe00061fdd040 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.00002c ffffe00061fdd880 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000030 ffffe00061fde040 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000034 ffffe00061fde880 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000038 ffffe00061fdf040 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.00003c ffffe00061fdf880 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000040 ffffe00062000040 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000044 ffffe00062000880 ffffffea Blocked nt!KiExecuteDpc+0x74
    4.000048 ffffe00062021040 feae2788 Blocked Stack paged out
    4.00004c ffffe00062020040 ffffffe9 Blocked nt!MiModifiedPageWriter+0x82
    4.000050 ffffe00062020880 fea37fe9 Blocked nt!KeBalanceSetManager+0xaa
    4.000058 ffffe0006201e040 fea37fe9 Blocked nt!KeSwapProcessOrStack+0x3d
    4.000054 ffffe0006201f540 fee44a6d Blocked nt!MiMappedPageWriter+0xb8
    4.000070 ffffe0006201a040 fea3800d Blocked nt!CcQueueLazyWriteScanThread+0x88
    4.000074 ffffe00062017040 ffffffd5 Blocked nt!FsRtlWorkerThread+0x4d
    4.000078 ffffe00062017880 ffffffd5 Blocked nt!FsRtlWorkerThread+0x4d
    4.000088 ffffe0006207b480 ff0e0386 Blocked nt!EtwpLogger+0xb2
    4.00008c ffffe0006207a880 fea438c9 Blocked nt!EtwpLogger+0xb2
    4.000090 ffffe000621b2880 ffffc402 Blocked nt!EtwpLogger+0xb2
    4.000094 ffffe000621b1880 fea43789 Blocked nt!EtwpLogger+0xb2
    4.000098 ffffe000621b0880 fedb047b Blocked nt!NtWriteFile+0x694
    4.0000a0 ffffe000621a2880 feca6146 Blocked nt!EtwpLogger+0xb2
    4.0000a4 ffffe0006219f040 fffffa56 Blocked nt!EtwpLogger+0xb2
    4.0000ac ffffe00061ede880 ffffffba Blocked nt!IopPassiveInterruptRealtimeWorker+0x2b
    4.0000b0 ffffe00061eea040 ffffffba Blocked nt!IopPassiveInterruptRealtimeWorker+0x2b
    4.0000b4 ffffe00061eea880 ffffffba Blocked nt!IopPassiveInterruptRealtimeWorker+0x2b
    4.0000b8 ffffe00061ee9040 ffffffba Blocked nt!IopPassiveInterruptRealtimeWorker+0x2b
    4.0000bc ffffe00061ee6040 fffffa51 Blocked ACPI!ACPIWorkerThread+0x7a
    4.0000c8 ffffe00062762040 ffffff7e Blocked pci!RootPmeEventDispatcher+0x8a
    4.0000cc ffffe00062776040 ffffff7e Blocked ACPI!PciRootBusBiosMethodDispatcherOnResume+0x51
    4.0000d0 ffffe000627ff040 fee547bb Blocked vmci!DllInitialize+0x6c84
    4.0000d4 ffffe000627fe040 ff149829 Blocked vsock!DllInitialize+0x1dd7
    4.0000d8 ffffe00062915040 fffffefc Blocked symefasi64+0x1b1823
    4.0000dc ffffe000627b86c0 fee4c5af Blocked NDIS!ndisThreadPoolTimerHandler+0x1f
    4.0000e0 ffffe000627bd040 feca79c9 Blocked NDIS!ndisWorkerThread+0x3b
    4.0000e4 ffffe000629fb880 fffffefb Blocked NDIS!ndisReceiveWorkerThread+0xa8
    4.00010c ffffe00062ead880 fffffab6 Blocked symefasi64+0x121ffb
    4.000120 ffffe00062fa9040 fea381f2 Blocked fp_core!PK_timedWait+0x66
    4.000138 ffffe00062fa5880 fea38007 Blocked fp_core!PK_workItemStartRoutine+0x3f
    4.00013c ffffe00062fcb040 fea380d7 Blocked fp_proc!PK_pextPrivilegeTimer+0x3d
    4.00014c ffffe000641a6040 fea3830d Blocked SRTSP64+0x61830
    4.000154 ffffe00062e0c040 fee46d02 Blocked nt!ExfAcquirePushLockExclusiveEx+0x525
    4.000158 ffffe000641be880 fffffaeb Blocked watchdog!SMgrGdiCalloutThread+0x46
    4.000164 ffffe000643120c0 fef16c7f Blocked eeCtrl64+0x116e7
    4.000168 ffffe0006429e880 fea3846f Blocked BHDrvx64+0x5e9de
    4.000170 ffffe000644ec880 fea47d3d Blocked Stack paged out
    4.000180 ffffe00062dc5740 fffffa78 Blocked dxgkrnl!DpiPowerArbiterThread+0x67
    4.000184 ffffe00064b65880 fffffa51 Blocked raspptp!MainPassiveLevelThread+0x4a
    4.00019c ffffe000646ee880 ffff7671 Blocked SRTSP64+0x61830
    4.0001c8 ffffe000646fd080 fedfc333 Blocked nt!CmpDoFileWrite+0x2cb
    4.0001cc ffffe000646fe080 fee48664 Blocked nt!NtWriteFile+0x694
    4.000200 ffffe00066cc1080 feae7aea Blocked dxgkrnl!BLTQUEUE::BltQueueWorker+0x1b9
    4.000204 ffffe000646fb080 ff6e2b40 Blocked BasicRender!WARPKMADAPTER::RunGPU+0x279
    4.000208 ffffe00066f63080 ff6e1cd4 Blocked dxgmms1!VidSchiWaitForSchedulerEvents+0x18b
    4.00020c ffffe00066f5c080 feae7aea Blocked dxgkrnl!BLTQUEUE::BltQueueWorker+0x1b9
    4.000248 ffffe00061fb2880 fee5d81e Blocked nt!IoRemoveIoCompletion+0x9a
    4.0006d4 ffffe00066dd5040 ffffafea Blocked mpsdrv!MpsWorkerThread+0x52
    4.0006ec ffffe000674ca880 fece1adf Blocked nt!NtWriteFile+0x694
    4.000738 ffffe000675a87c0 ffff6968 Blocked HTTP!UlpThreadPoolWorker+0x127
    4.00073c ffffe000675a7040 fee4e583 Blocked HTTP!UlpThreadPoolWorker+0x127
    4.000740 ffffe00067b03880 feca5628 Blocked HTTP!UlpTerminateThreadPoolWorkersLocked+0xfc
    4.000778 ffffe000675e0040 fea38012 Blocked vmmemctl+0x22ea
    4.00068c ffffe00067cc7080 ffffa688 Blocked nt!EtwpLogger+0xb2
    4.0007a0 ffffe000680a8040 fec95df4 Blocked srv2!SrvProcBackPocketThread+0x47
    4.000a08 ffffe00068153040 feca63dc Blocked srv2!SrvProcBackPocketThread+0x47
    4.0007c0 ffffe00068175040 ffff9628 Blocked srv2!SrvProcBackPocketThread+0x47
    4.0007c4 ffffe00068175880 ffff9628 Blocked srv2!SrvProcIRPThread+0x78
    4.0007c8 ffffe00068171040 ffff9628 Blocked srv2!SrvProcIRPThread+0x78
    4.000cb0 ffffe00068198040 ffff9365 Blocked srv!WorkerThread+0x193
    4.000cb4 ffffe000620f3040 ffff9365 Blocked srv!WorkerThread+0x193
    4.0010bc ffffe0006867a080 ffff896a Blocked nt!EtwpLogger+0xb2
    4.0019c4 ffffe00069a57080 feca6351 Blocked nt!EtwpLogger+0xb2
    4.0019cc ffffe00069a56080 ffff5348 Blocked nt!EtwpLogger+0xb2
    4.001994 ffffe00068f6c080 ff6e70df Blocked rdpdr!TSQueueWorker+0x4a
    4.000908 ffffe00066d9f080 ff6e70df Blocked rdpdr!TSQueueWorker+0x4a
    4.001250 ffffe00069c11080 ff6e70df Blocked rdpdr!TSQueueWorker+0x4a
    4.00195c ffffe0006a097080 ff6e70df Blocked rdpdr!TSQueueWorker+0x4a
    4.000638 ffffe00069661040 ff6e70df Blocked rdpdr!TSQueueWorker+0x4a
    4.0018e0 ffffe00067264880 ff6eb253 Blocked dxgkrnl!BLTQUEUE::BltQueueWorker+0x1b9
    4.00246c ffffe0006c320080 ff39ee22 Blocked IDSvia64+0x4f964
    4.001b3c ffffe00068ac2080 ff39ee1c Blocked IDSvia64+0x4f964
    4.002eac ffffe0006aa6d5c0 feca2f06 Blocked nt!AlpcpSignalAndWait+0x443
    4.0023a4 ffffe0006cb0d040 feca23c7 Blocked nt!AlpcpSignalAndWait+0x443
    4.001640 ffffe0006cbbd880 fee47736 Blocked nt!CmpDoFileWrite+0x2cb
    4.000820 ffffe0006d39f040 fea38270 Blocked nt!ExpWorkerThread+0x3ad
    4.002ba8 ffffe0006a90c880 fec9b357 Blocked nt!CmpWaitOnHiveWriteQueue+0xa6
    4.0021c4 ffffe0006d04a040 fea38270 Blocked nt!ExpWorkerThread+0x3ad
    4.000f58 ffffe000680d5400 fea380f8 Blocked HTTP!UlpThreadPoolWorker+0x127
    4.002acc ffffe0006d0a1880 fec9f690 Blocked nt!ExfAcquirePushLockExclusiveEx+0x525
    4.00147c ffffe0006d26f040 fea380f8 Blocked HTTP!UlpThreadPoolWorker+0x127
    4.0022a8 ffffe0006b55e880 fea380f8 Blocked HTTP!UlpThreadPoolWorker+0x127
    4.00252c ffffe000643ca880 feca5d47 Blocked nt!AlpcpSignalAndWait+0x443
    4.002b30 ffffe00064413880 feca6247 Blocked nt!AlpcpSignalAndWait+0x443
    4.001ea0 ffffe0006a959880 feca4e46 Blocked nt!AlpcpSignalAndWait+0x443
    4.002548 ffffe0006a955880 feca4e46 Blocked nt!AlpcpSignalAndWait+0x443
    4.002998 ffffe0006d38c880 fea38270 Blocked nt!ExpWorkerThread+0x3ad
    4.002788 ffffe0006d2377c0 fea38dc6 Blocked +0xffffe0012a002129
    4.002b4c ffffe0006d2ba880 fea37fe9 Blocked nt!ExpWorkerThread+0x3ad
    4.001c70 ffffe0006b50b880 fec9f693 Blocked nt!AlpcpSignalAndWait+0x443
    4.0001b0 ffffe0006ac1d880 fec9f693 Blocked nt!AlpcpSignalAndWait+0x443
    4.002530 ffffe0006c585880 fec9e8da Blocked nt!AlpcpSignalAndWait+0x443
    4.002390 ffffe00069e13880 fec9e6da Blocked nt!AlpcpSignalAndWait+0x443
    4.002534 ffffe00064820880 fec9f474 Blocked nt!AlpcpSignalAndWait+0x443
    4.0029f4 ffffe0006c8a8880 fec9f474 Blocked nt!AlpcpSignalAndWait+0x443
    4.0029dc ffffe0006a153040 fec9f467 Blocked nt!AlpcpSignalAndWait+0x443
    4.002d7c ffffe0006b6ae040 fec9f467 Blocked nt!AlpcpSignalAndWait+0x443
    4.002054 ffffe000645a8880 fec9f05a Blocked nt!AlpcpSignalAndWait+0x443
    4.0028e0 ffffe0006ab82240 fec9f05a Blocked nt!AlpcpSignalAndWait+0x443
    4.00127c ffffe00064969880 fec93b54 Blocked nt!NtReadFile+0x664
    4.0023a8 ffffe0006b201880 fea381b5 Blocked nt!ExpWorkerThread+0x3ad
    4.002664 ffffe00064560880 fea3c15a Blocked nt!ExpWorkerThread+0x3ad

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,352

    There are two threads waiting on push locks so might want to see what those are doing. However, !stacks itself isn't really helpful. You need to look at the call stacks and find the thread that is supposed to be processing your read.

    -scott
    OSR

  • Sujay_UpasaniSujay_Upasani Member Posts: 14

    Hello Scott,

    We got another dump, it looks the same as the previous one.

    Stack for the threads waiting on push lock:

    0: kd> !thread ffffe00062e0c040
    THREAD ffffe00062e0c040 Cid 0004.0154 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrPushLock) KernelMode Non-Alertable
    ffffd001251cd6f0 SynchronizationEvent
    Impersonation token: ffffc0003c4f2040 (Level Impersonation)
    Owning Process ffffe00061ed3040 Image: System
    Attached Process N/A Image: N/A
    Wait Start TickCount 18584318 Ticks: 4255001 (0:18:28:04.390)
    Context Switch Count 231946 IdealProcessor: 5
    UserTime 00:00:00.000
    KernelTime 00:00:35.984
    *** ERROR: Module load completed but symbols could not be loaded for SRTSP64.SYS
    Win32 Start Address SRTSP64 (0xfffff8001ceb6760)
    Stack Init ffffd001251cdc90 Current ffffd001251cd410
    Base ffffd001251ce000 Limit ffffd001251c8000 Call 0000000000000000
    Priority 1 BasePriority 1 PriorityDecrement 0 IoPriority 2 PagePriority 5
    Child-SP RetAddr : Args to Child : Call Site
    ffffd001251cd450 fffff8010e673d6e : fffff8010e8fc180 ffffe00062e0c040 ffffd001fffffffe fffff800fffffffe : nt!KiSwapContext+0x76
    ffffd001251cd590 fffff8010e6737e9 : ffffd001251cd610 fffff80100000240 0000000000000000 0000000000000000 : nt!KiSwapThread+0x14e
    ffffd001251cd630 fffff8010e6700e5 : 0000000000002440 ffffe00062e0c180 ffffe000685df5c0 ffffd001251cd800 : nt!KiCommitThreadWait+0x129
    ffffd001251cd6b0 fffff8010e67b75e : ffffe000685df3d8 0000000000000000 ffffe000685df3d8 fffff80000000000 : nt!ExfAcquirePushLockExclusiveEx+0x525
    ffffd001251cd780 fffff8001cee36ab : ffffe00062e017d0 ffffe00062e017d0 ffffe00062e017d0 fffff80100000000 : nt!ExAcquirePushLockExclusiveEx+0x12e
    ffffd001251cd7c0 fffff8001cee0197 : 0002ad2c967a4401 0000000000000000 0000000000000000 ffffe000685df370 : SRTSP64+0x8e6ab
    ffffd001251cd880 fffff8001cefdf61 : ffffc000321fef70 ffffe00062e01810 ffffd001251cd980 fffff8001ce7e2d8 : SRTSP64+0x8b197
    ffffd001251cd920 fffff8001cee8eb7 : ffffe000685df370 0000000000000000 0000000000000002 ffffc0003ac8ae40 : SRTSP64+0xa8f61
    ffffd001251cd980 fffff8001cececb2 : ffffc0003ac8ae40 0000000000000000 0000000000000000 ffffc00000000000 : SRTSP64+0x93eb7
    ffffd001251cd9e0 fffff8001cecef96 : 0000000062ca0002 ffffc00039e95880 ffffc000331cc810 fffff8001ce76948 : SRTSP64+0x79cb2
    ffffd001251cda20 fffff8001cf1ba2d : ffffc00033fb38a0 ffffc000331cc810 ffffc0003ac8ae40 ffffc0002ec7da60 : SRTSP64+0x79f96
    ffffd001251cda60 fffff8001ceb7d59 : ffffc000331cc810 0000000000200000 ffffc0003ac8ae40 0000000000000000 : SRTSP64+0xc6a2d
    ffffd001251cdae0 fffff8001ceb6cec : 00000000c000004b ffffd001251cdba0 ffffc000331cc800 ffffe00062e17bd0 : SRTSP64+0x62d59
    ffffd001251cdb20 fffff8001ceb6789 : ffffc00020087001 ffffe00062e17bd0 ffffe00061ed3040 ffffd00124536280 : SRTSP64+0x61cec
    ffffd001251cdbd0 fffff8010e6deab2 : ffffe000641a3570 000000041bb2993c fffff80100010000 fffff8010e75e6b3 : SRTSP64+0x61789
    ffffd001251cdc00 fffff8010e762f66 : ffffd00124524180 ffffe00062e0c040 ffffd00124536280 0000000000000000 : nt!PspSystemThreadStartup+0x18a
    ffffd001251cdc60 0000000000000000 : ffffd001251ce000 ffffd001251c8000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

    0: kd> !thread ffffe0006d0a1880
    THREAD ffffe0006d0a1880 Cid 0004.2acc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrPushLock) KernelMode Non-Alertable
    ffffd00020a208b0 SynchronizationEvent
    Not impersonating
    DeviceMap ffffc0001fe0dba0
    Owning Process ffffe00061ed3040 Image: System
    Attached Process N/A Image: N/A
    Wait Start TickCount 20318576 Ticks: 2520743 (0:10:56:26.609)
    Context Switch Count 492 IdealProcessor: 4
    UserTime 00:00:00.000
    KernelTime 00:00:00.000
    Win32 Start Address nt!ExpWorkerThread (0xfffff8010e687f20)
    Stack Init ffffd00020a20c90 Current ffffd00020a205d0
    Base ffffd00020a21000 Limit ffffd00020a1b000 Call 0000000000000000
    Priority 12 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5

    Child-SP RetAddr : Args to Child : Call Site
    ffffd00020a20610 fffff8010e673d6e : fffff8010e8fc180 ffffe0006d0a1880 00005000fffffffe 00000000fffffffe : nt!KiSwapContext+0x76
    ffffd00020a20750 fffff8010e6737e9 : 0000000000000000 fffff8010e8b9480 0000000000000000 0000000000000000 : nt!KiSwapThread+0x14e
    ffffd00020a207f0 fffff8010e6700e5 : 0000000000000000 ffffe0006d0a19c0 0000000000000000 fffff8010e9f6283 : nt!KiCommitThreadWait+0x129
    ffffd00020a20870 fffff8010e67b75e : ffffe000675a8408 0000000000000000 ffffe000675a8408 0000000000000000 : nt!ExfAcquirePushLockExclusiveEx+0x525
    ffffd00020a20940 fffff8001df244b4 : 0000000000000000 ffffe000675a83c0 0000000000000000 0000000000000000 : nt!ExAcquirePushLockExclusiveEx+0x12e
    ffffd00020a20980 fffff8001df2484a : 0000000000000000 ffffe000675a83c0 fffff8001df24820 ffffe0006d0a19c0 : HTTP!UlpInitializeThreadPoolWorkers+0x44
    ffffd00020a20aa0 fffff8010e689410 : ffffe000674548e0 ffffe0006d0a1880 ffffe0006c585880 0000000000000000 : HTTP!UlpThreadPoolStarter+0x2a
    ffffd00020a20ae0 fffff8010e6885bf : fffff8010e6c3060 fffff8010e689390 ffffe0006d0a1880 0000000000000000 : nt!IopProcessWorkItem+0x80
    ffffd00020a20b50 fffff8010e6deab2 : 0000000000000000 fffff8010e8fc180 0000000000000080 ffffe00061ed3040 : nt!ExpWorkerThread+0x69f
    ffffd00020a20c00 fffff8010e762f66 : fffff8010e8fc180 ffffe0006d0a1880 ffffe00061ecc780 ffffe00061ecc700 : nt!PspSystemThreadStartup+0x18a
    ffffd00020a20c60 0000000000000000 : ffffd00020a21000 ffffd00020a1b000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

    Thank You!

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,352

    SRTSP64 is waiting on a push lock. Presumably this is an internal push lock that is currently held by another thread running in SRTSP64. You need to find that thread and see what it is waiting on. Unfortunately push locks do not track the current owner so you need to find other SRTSP64 threads and look for something unusual. !stacks 2 SRTSP64 might help.

    I doubt the HTTP one is involved...

    -scott
    OSR

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE