Deadlock detected - Driver verifier question

Hi !
I am testing my driver with driver verifier (All options turned ON except
low resource simulation)
I encountered the following crash -

****************************************************************************
** **
** Deadlock detected! Type !deadlock in the debugger for more information **
** **
****************************************************************************

*** Fatal System Error: 0x000000c4
(0x00001001,0x8A7D6B28,0x89FDFF28,0x00000000)
Break instruction exception - code 80000003 (first chance)

On further analysis with the !analyze -v and !deadlock commands, I observe
the following -

0: kd> !deadlock 1
issue: 00001001 00000000 8A7D4B28 FFFFFFFF

Deadlock detected (2 resources in 2 threads):

Thread 0: 00000000 took locks in the following order:

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: Mydriver!MydriverTimer+0xCA
nt!KiTimerExpiration+0x255
8B110F70
Mydriver!ClientEventReceive+0x96
DBGHELP: tcpip - public symbols
c:\symbols\tcpip.pdb\471846DDF72D4D6195488E9DD171FAC52\tcpip.pdb
tcpip!IndicateData+0x214
tcpip!TCPRcv+0xADB
tcpip!DeliverToUser+0x17B
tcpip!IPRcvPacket+0x66C

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!AddPktToAbortList+0x18
Mydriver!MydriverTimer+0x11B
nt!KiTimerExpiration+0x255

Thread 1: 80579D00 took locks in the following order:

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!SendAborts+0x1F
nt!KiTimerExpiration+0x255
8B110F70

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: << Current stack >>

I have a fn which has the following logic -

Fn()
{
KeAcquireSpinLock A
:
Do something
:
KeAcquireSpinLock B
:
Do something
:
KeReleaseSpinLock B
KeReleaseSpinLock A

:
Do something
:

KeAcquireSpinLock B
:
Do something
:
KeAcquireSpinLock A
:
Do something
:
KeReleaseSpinLock A
KeReleaseSpinLock B

}

Very clearly, this code will result in a deadlock if two threads execute
Fn() at different times. However, in my case, only one thread executes this
code. Does Driver Verifier crash only after it has entered a deadlock state,
or will it crash when it sees a possibility of a deadlock ?

The !deadlock command showed Thread 0 as 00000000 … what does that mean ?
In my driver, only one thread could be running the Fn() code at a given
time.

Your critical comments are awaited …

Thanks,
-g

Verifier will complain because of the possibility. This is the correct
thing to do, you have left a ticking bomb in your code since the next person
who comes along may decide to improve things with two threads, and you will
have a deadlock. Reorganize your code to follow a proper locking heirarchy.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

“Girish Kulkarni (kulkis)” wrote in message
news:xxxxx@ntdev…
Hi !
I am testing my driver with driver verifier (All options turned ON except
low resource simulation)
I encountered the following crash -



Deadlock detected! Type !deadlock in the debugger for more information



*** Fatal System Error: 0x000000c4
(0x00001001,0x8A7D6B28,0x89FDFF28,0x00000000)
Break instruction exception - code 80000003 (first chance)

On further analysis with the !analyze -v and !deadlock commands, I observe
the following -
0: kd> !deadlock 1
issue: 00001001 00000000 8A7D4B28 FFFFFFFF

Deadlock detected (2 resources in 2 threads):

Thread 0: 00000000 took locks in the following order:

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: Mydriver!MydriverTimer+0xCA
nt!KiTimerExpiration+0x255
8B110F70
Mydriver!ClientEventReceive+0x96
DBGHELP: tcpip - public symbols
c:\symbols\tcpip.pdb\471846DDF72D4D6195488E9DD171FAC52\tcpip.pdb
tcpip!IndicateData+0x214
tcpip!TCPRcv+0xADB
tcpip!DeliverToUser+0x17B
tcpip!IPRcvPacket+0x66C

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!AddPktToAbortList+0x18
Mydriver!MydriverTimer+0x11B
nt!KiTimerExpiration+0x255

Thread 1: 80579D00 took locks in the following order:

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!SendAborts+0x1F
nt!KiTimerExpiration+0x255
8B110F70

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: << Current stack >>

I have a fn which has the following logic -

Fn()
{
KeAcquireSpinLock A
:
Do something
:
KeAcquireSpinLock B
:
Do something
:
KeReleaseSpinLock B
KeReleaseSpinLock A

:
Do something
:

KeAcquireSpinLock B
:
Do something
:
KeAcquireSpinLock A
:
Do something
:
KeReleaseSpinLock A
KeReleaseSpinLock B

}

Very clearly, this code will result in a deadlock if two threads execute
Fn() at different times. However, in my case, only one thread executes this
code. Does Driver Verifier crash only after it has entered a deadlock state,
or will it crash when it sees a possibility of a deadlock ?

The !deadlock command showed Thread 0 as 00000000 … what does that mean ?
In my driver, only one thread could be running the Fn() code at a given
time.
Your critical comments are awaited …
Thanks,
-g

Hi Kulkis,

I can’t explain all about your deadlock issues with driver verifier…

But I have had a situation where DV identified a potential deadlock because
of “locking and unlocking in different order”.

In my case, it was of the form:

SomeFunc()
{
AcquireLock(A);

SomeOhterFunc();

ReleaseLock(A):
}

SomeOtherFunc()
{
AcquireLock(B);

if (something)
return;

ReleaseLock(B):
}

So it saw that I had released Lock A before I released Lock B, and did a
bugcheck due to it.

Since this code had been in the driver for a very long time and not caused
an actual deadlock (that we know of, at least ;-).

So the conclusion is that DV will warn for a potential bugcheck.

However, I don’t think it will warn unless you really have a situation
where A is locked, B is locked, A is unlocked, and B is still locked (which
of course could mean that some other code may want to lock A then B and
causes a deadlock).

Is there a really good reason you have two different locks inside each
other in a different order in different places? If so, are you 100% sure
that there is NO POSSIBILITY that this code will run in multiple threads
and actually cause a deadlock at some point?

Mats

xxxxx@lists.osr.com wrote on 10/27/2004 02:58:21 PM:

Hi !
I am testing my driver with driver verifier (All options turned ON
except low resource simulation)
I encountered the following crash -

****************************************************************************

**
**
** Deadlock detected! Type !deadlock in the debugger for more information
**
**
**

****************************************************************************

*** Fatal System Error: 0x000000c4
(0x00001001,0x8A7D6B28,0x89FDFF28,0x00000000)
Break instruction exception - code 80000003 (first chance)

On further analysis with the !analyze -v and !deadlock commands, I
observe the following -
0: kd> !deadlock 1
issue: 00001001 00000000 8A7D4B28 FFFFFFFF

Deadlock detected (2 resources in 2 threads):

Thread 0: 00000000 took locks in the following order:

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: Mydriver!MydriverTimer+0xCA
nt!KiTimerExpiration+0x255
8B110F70
Mydriver!ClientEventReceive+0x96
DBGHELP: tcpip - public symbols
c:\symbols\tcpip.pdb\471846DDF72D4D6195488E9DD171FAC52\tcpip.pdb
tcpip!IndicateData+0x214
tcpip!TCPRcv+0xADB
tcpip!DeliverToUser+0x17B
tcpip!IPRcvPacket+0x66C

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!AddPktToAbortList+0x18
Mydriver!MydriverTimer+0x11B
nt!KiTimerExpiration+0x255

Thread 1: 80579D00 took locks in the following order:

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!SendAborts+0x1F
nt!KiTimerExpiration+0x255
8B110F70

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: << Current stack >>

I have a fn which has the following logic -

Fn()
{
KeAcquireSpinLock A
:
Do something
:
KeAcquireSpinLock B
:
Do something
:
KeReleaseSpinLock B
KeReleaseSpinLock A

:
Do something
:

KeAcquireSpinLock B
:
Do something
:
KeAcquireSpinLock A
:
Do something
:
KeReleaseSpinLock A
KeReleaseSpinLock B

}

Very clearly, this code will result in a deadlock if two threads
execute Fn() at different times. However, in my case, only one
thread executes this code. Does Driver Verifier crash only after it
has entered a deadlock state, or will it crash when it sees a
possibility of a deadlock ?

The !deadlock command showed Thread 0 as 00000000 … what does that
mean ? In my driver, only one thread could be running the Fn() code
at a given time.
Your critical comments are awaited …
Thanks,
-g


Questions? First check the Kernel Driver FAQ at http://www.
osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
ForwardSourceID:NT00006302

IN A DRIVER HOW COULD YOU ENSURE THAT A PIECE OF CODE WOULD BE EXECUTED BY
ONE AND ONLY ONE THREAD !!!.

-PRO
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Girish Kulkarni
(kulkis)
Sent: Wednesday, October 27, 2004 6:58 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Deadlock detected - Driver verifier question

Hi !
I am testing my driver with driver verifier (All options turned ON except
low resource simulation)
I encountered the following crash -

****************************************************************************
**
**
** Deadlock detected! Type !deadlock in the debugger for more information
**
**
**

****************************************************************************

*** Fatal System Error: 0x000000c4
(0x00001001,0x8A7D6B28,0x89FDFF28,0x00000000)
Break instruction exception - code 80000003 (first chance)

On further analysis with the !analyze -v and !deadlock commands, I observe
the following -

0: kd> !deadlock 1
issue: 00001001 00000000 8A7D4B28 FFFFFFFF

Deadlock detected (2 resources in 2 threads):

Thread 0: 00000000 took locks in the following order:

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: Mydriver!MydriverTimer+0xCA
nt!KiTimerExpiration+0x255
8B110F70
Mydriver!ClientEventReceive+0x96
DBGHELP: tcpip - public symbols
c:\symbols\tcpip.pdb\471846DDF72D4D6195488E9DD171FAC52\tcpip.pdb
tcpip!IndicateData+0x214
tcpip!TCPRcv+0xADB
tcpip!DeliverToUser+0x17B
tcpip!IPRcvPacket+0x66C

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!AddPktToAbortList+0x18
Mydriver!MydriverTimer+0x11B
nt!KiTimerExpiration+0x255

Thread 1: 80579D00 took locks in the following order:

Lock B – Mydriver!abortPktListSpinLock (Queued Spinlock)
Stack: Mydriver!SendAborts+0x1F
nt!KiTimerExpiration+0x255
8B110F70

Lock A – 8a7d4b28 (Queued Spinlock)
Stack: << Current stack >>

I have a fn which has the following logic -

Fn()
{
KeAcquireSpinLock A
:
Do something
:
KeAcquireSpinLock B
:
Do something
:
KeReleaseSpinLock B
KeReleaseSpinLock A

:
Do something
:

KeAcquireSpinLock B
:
Do something
:
KeAcquireSpinLock A
:
Do something
:
KeReleaseSpinLock A
KeReleaseSpinLock B

}

Very clearly, this code will result in a deadlock if two threads execute
Fn() at different times. However, in my case, only one thread executes this
code. Does Driver Verifier crash only after it has entered a deadlock state,
or will it crash when it sees a possibility of a deadlock ?

The !deadlock command showed Thread 0 as 00000000 … what does that mean
? In my driver, only one thread could be running the Fn() code at a given
time.

Your critical comments are awaited …

Thanks,
-g


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Prokash Sinha wrote:

IN A DRIVER HOW COULD YOU ENSURE THAT A PIECE OF CODE WOULD BE EXECUTED
BY ONE AND ONLY ONE THREAD !!!.

-PRO

Stop yelling, and think for a minute, OK?

One trivial example: You’ve got a function that’s executed only by a
worker thread that you’ve created.

Peter
OSR