Call to Wait on Mutex Obj crashing

Hi,
Iam writing a pnp driver and am using a Mutext Object for synchronization. This mutex object is a part of device extension.

Iam doing the following:

AddDevice: KeInitilaizeMutex Level(&ExecMutex,1);

StartDevice : KeWaitForSingleObject (&ExecMutex,
Executive,
KernelMode,
TRUE,
&Time); /* Time = 10ms */

This is the first time, i try to acquire the Mutex after initializing it and the call KeWaitForSingleObject is crashing.

Can someone tell me what the reason might be?

Thanks,
Giri.

You haven’t provided enough information. You’ve provided a code sample that is obviously not
the code you actually are trying to debug. Perhaps the error is in the actual code? What
exactly is the bugcheck? How have you declared the ExecMutex object and the time value?
Actually why are you using a timer value at all here? Finally, why are you waiting alertable?

At a minimum I think your call to KeWaitForSingleObject ought to be:

KeWaitForSingleObject((&ExecMutex, Executive, KernelMode, FALSE, NULL);

You do not care about being alerted and there is no point in timing out. But that is most
likely not your bug, which is instead likely to be an incorrect timer storage declaration or
an incorrect storage specification for the execmutex, or for some reason you are at
DISPATCH_LEVEL when you called KeWaitForSingleObject.

===========================
Mark Roddy
Consultant, Microsoft DDK MVP
Hollis Technology Solutions
xxxxx@hollistech.com
www.hollistech.com
603-321-1032

-----Original Message-----
From: “Seshagiri Babu K V”
To: “NT Developers Interest List”
Date: Tue, 7 Jan 2003 15:08:57 +0530
Subject: [ntdev] Call to Wait on Mutex Obj crashing

> Hi,
> Iam writing a pnp driver and am using a Mutext Object for
> synchronization. This mutex object is a part of device extension.
>
> Iam doing the following:
>
> AddDevice: KeInitilaizeMutex Level(&ExecMutex,1);
>
> StartDevice : KeWaitForSingleObject (&ExecMutex,
>
> Executive,
>
> KernelMode,
>
> TRUE,
>
> &Time); /* Time = 10ms */
>
> This is the first time, i try to acquire the Mutex after initializing
> it and the call KeWaitForSingleObject is crashing.
>
> Can someone tell me what the reason might be?
>
> Thanks,
> Giri.
>
> —
> You are currently subscribed to ntdev as: xxxxx@hollistech.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Hi Mark,
The bugcheck code is IRQL_NOT_LESS_OR_EQUAL. And in the parameters, the
Irql is 2. I have verified the Irql before the call to
KeWaitForSingleObject. Its at PASSIVE_LEVEL, the same thread in which the
start device handler runs.

The code is very scattered and will be very bulk on the list messages.

Briefly, the declaration of mutex has been done as
struct DEVICE_EXTENSION
{
::
::
KMUTEX ExecMutex;
::
::
};

And in the StartDevice handler i declare a virable of LARGE_INTEGER for
timeout and make the KeWaitForSingleObject call. At this instance the Mutex
is already signalled in the sense that this is the first try for acquiring
the mutex after it has been initialized for level 1.

As you told, alertable need not be TRUE. I have changed this and still the
code is crashing. This is the case even after i remove the timer.

And finally…when i debugged into the Assembly code using SOFTICE, the call
actually is KeWaitForMutexObject and then KeRaiseIrqlToDpcLevel and then
this crash. I don’t quite understand why this KeRaiseIrqlToDpcLevel call
came here.

Pls suggest some way out…

Thanks,
Giri.

----- Original Message -----
From: “Mark Roddy”
To: “NT Developers Interest List”
Sent: Tuesday, January 07, 2003 7:46 PM
Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing

> You haven’t provided enough information. You’ve provided a code sample
that is obviously not
> the code you actually are trying to debug. Perhaps the error is in the
actual code? What
> exactly is the bugcheck? How have you declared the ExecMutex object and
the time value?
> Actually why are you using a timer value at all here? Finally, why are you
waiting alertable?
>
> At a minimum I think your call to KeWaitForSingleObject ought to be:
>
> KeWaitForSingleObject((&ExecMutex, Executive, KernelMode, FALSE, NULL);
>
> You do not care about being alerted and there is no point in timing out.
But that is most
> likely not your bug, which is instead likely to be an incorrect timer
storage declaration or
> an incorrect storage specification for the execmutex, or for some reason
you are at
> DISPATCH_LEVEL when you called KeWaitForSingleObject.
>
> ===========================
> Mark Roddy
> Consultant, Microsoft DDK MVP
> Hollis Technology Solutions
> xxxxx@hollistech.com
> www.hollistech.com
> 603-321-1032
>
>
> -----Original Message-----
> From: “Seshagiri Babu K V”
> To: “NT Developers Interest List”
> Date: Tue, 7 Jan 2003 15:08:57 +0530
> Subject: [ntdev] Call to Wait on Mutex Obj crashing
>
> > Hi,
> > Iam writing a pnp driver and am using a Mutext Object for
> > synchronization. This mutex object is a part of device extension.
> >
> > Iam doing the following:
> >
> > AddDevice: KeInitilaizeMutex Level(&ExecMutex,1);
> >
> > StartDevice : KeWaitForSingleObject (&ExecMutex,
> >
> > Executive,
> >
> > KernelMode,
> >
> > TRUE,
> >
> > &Time); /* Time = 10ms */
> >
> > This is the first time, i try to acquire the Mutex after initializing
> > it and the call KeWaitForSingleObject is crashing.
> >
> > Can someone tell me what the reason might be?
> >
> > Thanks,
> > Giri.
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@hollistech.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@sasken.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

The event object is invalid; KeWaitForSingleObject accesses the structure
while holding the dispatcher database lock (a spin lock) and is thus at
elevated IRQL. Or a parameter you are passing to KeWaitForSingleObject is
invalid (and pageable would equate to invalid).

Do you have a stack backtrace? My guess is that this bugcheck is being
called from KiTrap0E (page fault handler) because there is an invalid data
structure; you can walk back (from the point of the fault) to figure out
which data structure is being used at the time of the fault. I have no idea
how one would do that with Softice. With WinDBG it is straight-forward.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Seshagiri Babu K V [mailto:xxxxx@sasken.com]
Sent: Wednesday, January 08, 2003 4:55 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing

Hi Mark,
The bugcheck code is IRQL_NOT_LESS_OR_EQUAL. And in the parameters, the
Irql is 2. I have verified the Irql before the call to
KeWaitForSingleObject. Its at PASSIVE_LEVEL, the same thread in which the
start device handler runs.

The code is very scattered and will be very bulk on the list messages.

Briefly, the declaration of mutex has been done as
struct DEVICE_EXTENSION
{
::
::
KMUTEX ExecMutex;
::
::
};

And in the StartDevice handler i declare a virable of LARGE_INTEGER for
timeout and make the KeWaitForSingleObject call. At this instance the Mutex
is already signalled in the sense that this is the first try for acquiring
the mutex after it has been initialized for level 1.

As you told, alertable need not be TRUE. I have changed this and still the
code is crashing. This is the case even after i remove the timer.

And finally…when i debugged into the Assembly code using SOFTICE, the call
actually is KeWaitForMutexObject and then KeRaiseIrqlToDpcLevel and then
this crash. I don’t quite understand why this KeRaiseIrqlToDpcLevel call
came here.

Pls suggest some way out…

Thanks,
Giri.

----- Original Message -----
From: “Mark Roddy”
To: “NT Developers Interest List”
Sent: Tuesday, January 07, 2003 7:46 PM
Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing

> You haven’t provided enough information. You’ve provided a code sample
that is obviously not
> the code you actually are trying to debug. Perhaps the error is in the
actual code? What
> exactly is the bugcheck? How have you declared the ExecMutex object and
the time value?
> Actually why are you using a timer value at all here? Finally, why are you
waiting alertable?
>
> At a minimum I think your call to KeWaitForSingleObject ought to be:
>
> KeWaitForSingleObject((&ExecMutex, Executive, KernelMode, FALSE, NULL);
>
> You do not care about being alerted and there is no point in timing out.
But that is most
> likely not your bug, which is instead likely to be an incorrect timer
storage declaration or
> an incorrect storage specification for the execmutex, or for some reason
you are at
> DISPATCH_LEVEL when you called KeWaitForSingleObject.
>
> ===========================
> Mark Roddy
> Consultant, Microsoft DDK MVP
> Hollis Technology Solutions
> xxxxx@hollistech.com
> www.hollistech.com
> 603-321-1032
>
>
> -----Original Message-----
> From: “Seshagiri Babu K V”
> To: “NT Developers Interest List”
> Date: Tue, 7 Jan 2003 15:08:57 +0530
> Subject: [ntdev] Call to Wait on Mutex Obj crashing
>
> > Hi,
> > Iam writing a pnp driver and am using a Mutext Object for
> > synchronization. This mutex object is a part of device extension.
> >
> > Iam doing the following:
> >
> > AddDevice: KeInitilaizeMutex Level(&ExecMutex,1);
> >
> > StartDevice : KeWaitForSingleObject (&ExecMutex,
> >
> > Executive,
> >
> > KernelMode,
> >
> > TRUE,
> >
> > &Time); /* Time = 10ms */
> >
> > This is the first time, i try to acquire the Mutex after initializing
> > it and the call KeWaitForSingleObject is crashing.
> >
> > Can someone tell me what the reason might be?
> >
> > Thanks,
> > Giri.
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@hollistech.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@sasken.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks for the response Tony and Mark. The Mutex object is getting corrupted
between initialization and first try for wait on it. There is a PVOID * mem
variable and instead of doing RtlZeroMemory on *mem, i did it on mem and
hence the API erased past the Mutex Objects’ contents, which is in the same
struct as mem. Good lesson for me…three full days wasted… :))))

Regards,
Giri.

----- Original Message -----
From: “Tony Mason”
To: “NT Developers Interest List”
Sent: Wednesday, January 08, 2003 5:34 PM
Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing

> The event object is invalid; KeWaitForSingleObject accesses the structure
> while holding the dispatcher database lock (a spin lock) and is thus at
> elevated IRQL. Or a parameter you are passing to KeWaitForSingleObject is
> invalid (and pageable would equate to invalid).
>
> Do you have a stack backtrace? My guess is that this bugcheck is being
> called from KiTrap0E (page fault handler) because there is an invalid data
> structure; you can walk back (from the point of the fault) to figure out
> which data structure is being used at the time of the fault. I have no
idea
> how one would do that with Softice. With WinDBG it is straight-forward.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
>
>
> -----Original Message-----
> From: Seshagiri Babu K V [mailto:xxxxx@sasken.com]
> Sent: Wednesday, January 08, 2003 4:55 AM
> To: NT Developers Interest List
> Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing
>
> Hi Mark,
> The bugcheck code is IRQL_NOT_LESS_OR_EQUAL. And in the parameters,
the
> Irql is 2. I have verified the Irql before the call to
> KeWaitForSingleObject. Its at PASSIVE_LEVEL, the same thread in which the
> start device handler runs.
>
> The code is very scattered and will be very bulk on the list messages.
>
> Briefly, the declaration of mutex has been done as
> struct DEVICE_EXTENSION
> {
> ::
> ::
> KMUTEX ExecMutex;
> ::
> ::
> };
>
> And in the StartDevice handler i declare a virable of LARGE_INTEGER for
> timeout and make the KeWaitForSingleObject call. At this instance the
Mutex
> is already signalled in the sense that this is the first try for acquiring
> the mutex after it has been initialized for level 1.
>
> As you told, alertable need not be TRUE. I have changed this and still the
> code is crashing. This is the case even after i remove the timer.
>
> And finally…when i debugged into the Assembly code using SOFTICE, the
call
> actually is KeWaitForMutexObject and then KeRaiseIrqlToDpcLevel and then
> this crash. I don’t quite understand why this KeRaiseIrqlToDpcLevel call
> came here.
>
> Pls suggest some way out…
>
> Thanks,
> Giri.
>
> ----- Original Message -----
> From: “Mark Roddy”
> To: “NT Developers Interest List”
> Sent: Tuesday, January 07, 2003 7:46 PM
> Subject: [ntdev] Re: Call to Wait on Mutex Obj crashing
>
>
> > You haven’t provided enough information. You’ve provided a code sample
> that is obviously not
> > the code you actually are trying to debug. Perhaps the error is in the
> actual code? What
> > exactly is the bugcheck? How have you declared the ExecMutex object and
> the time value?
> > Actually why are you using a timer value at all here? Finally, why are
you
> waiting alertable?
> >
> > At a minimum I think your call to KeWaitForSingleObject ought to be:
> >
> > KeWaitForSingleObject((&ExecMutex, Executive, KernelMode, FALSE, NULL);
> >
> > You do not care about being alerted and there is no point in timing out.
> But that is most
> > likely not your bug, which is instead likely to be an incorrect timer
> storage declaration or
> > an incorrect storage specification for the execmutex, or for some reason
> you are at
> > DISPATCH_LEVEL when you called KeWaitForSingleObject.
> >
> > ===========================
> > Mark Roddy
> > Consultant, Microsoft DDK MVP
> > Hollis Technology Solutions
> > xxxxx@hollistech.com
> > www.hollistech.com
> > 603-321-1032
> >
> >
> > -----Original Message-----
> > From: “Seshagiri Babu K V”
> > To: “NT Developers Interest List”
> > Date: Tue, 7 Jan 2003 15:08:57 +0530
> > Subject: [ntdev] Call to Wait on Mutex Obj crashing
> >
> > > Hi,
> > > Iam writing a pnp driver and am using a Mutext Object for
> > > synchronization. This mutex object is a part of device extension.
> > >
> > > Iam doing the following:
> > >
> > > AddDevice: KeInitilaizeMutex Level(&ExecMutex,1);
> > >
> > > StartDevice : KeWaitForSingleObject (&ExecMutex,
> > >
> > > Executive,
> > >
> > > KernelMode,
> > >
> > > TRUE,
> > >
> > > &Time); /* Time = 10ms */
> > >
> > > This is the first time, i try to acquire the Mutex after initializing
> > > it and the call KeWaitForSingleObject is crashing.
> > >
> > > Can someone tell me what the reason might be?
> > >
> > > Thanks,
> > > Giri.
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@hollistech.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@sasken.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@osr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> You are currently subscribed to ntdev as: xxxxx@sasken.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

“Seshagiri Babu K V” writes:

> Thanks for the response Tony and Mark. The Mutex object is getting corrupted
> between initialization and first try for wait on it. There is a PVOID * mem
> variable and instead of doing RtlZeroMemory on *mem, i did it on mem and
> hence the API erased past the Mutex Objects’ contents, which is in the same

Ahh yes – it really takes some getting used to that PXXX typedef
convention for pointer types. It’s real easy to overlook that in

VOID foobar(FOO foo, PBAR *bar, BAZ baz);

bar is a double pointer. In my oppinon

VOID foobar(FOO foo, BAR **bar, BAZ baz);

is more clear. Of course you will still forget the extra dereference from
time to time.

> struct as mem. Good lesson for me…three full days wasted… :))))

If the lesson was good, the days are not wasted!

Best regards,

Niels
–
Niels Skou Olsen, M.Sc.
Intelligent Engine, R&D
MAN B&W Diesel A/S