Deadlock during FlushFileBuffers

NTFSD
1

I’m trying to analyse a deadlock situation in one of our applications. The
app writes a large file (about 1 GB) and
finally flushes the buffers to ensure the file is written to disk before
continuing. This flush operation
blocks. In the dump it seems as if three partys are somehow competing for
the same file: the flush (my app), ccWriteBehind (Lazy writer ?) and the
mapped page writer.

This issue occurs only on a certain system and is not reproducible in our
lab.

Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: Server, suite: Enterprise
Kernel base = 0x80400000 PsLoadedModuleList = 0x80483de0
Debug session time: Thu Dec 11 19:19:56 2003

1: kd> !locks -v 0x84ddcb68

Resource @ 0x84ddcb68 Shared 1 owning threads
Contention Count = 18
NumberOfSharedWaiters = 1
NumberOfExclusiveWaiters = 1
Threads: 85e07620-01

THREAD 85e07620 Cid 8.2c Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
84f3c068 Semaphore Limit 0x7fffffff
85e07708 NotificationTimer
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 111253
Context Switch Count 11419
UserTime 0:00:00.0000
KernelTime 0:00:00.0937
Start Address nt!ExpWorkerThread (0x804170b4)
Stack Init f2050000 Current f204f91c Base f2050000 Limit f204d000 Call
0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f204f934 8042bfc7 00000000 84ddcb68 85e07620 nt!KiSwapThread+0x1b1
f204f95c 80415502 84f3c068 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f204f99c 80414a96 00000001 84fa84a8 00000000
nt!ExpWaitForResource+0x1b4
f204f9b4 f737bc27 84ddcb00 00000001 00000000
nt!ExAcquireResourceSharedLite+0xc6
f204fa3c f737bb68 84fa84a8 84f60e48 84f26020
Ntfs!NtfsCommonSetInformation+0x2de
f204faac 8041db29 84f26020 84f60e48 84fc8cd0
Ntfs!NtfsFsdSetInformation+0xbf
f204fac0 f5bc78df 84fc8cd0 84f60e48 00000010 nt!IopfCallDriver+0x35
f204fc80 f5bc2885 84fc8cd0 84f60e48 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f204fc94 8041db29 84fc8cd0 84f60e48 84dd16a8
IvdIfs_G!IvdIfsDispatch+0x45
f204fca8 8040dc4a 80065420 84dcfe28 800654f0 nt!IopfCallDriver+0x35
f204fcdc 8040e85c 84dd16a8 f204fcf8 00000000 nt!CcSetValidData+0xa4
f204fd0c 8041300a 85e032a8 80476d00 85e07620 nt!CcWriteBehind+0x278
f204fd78 80417163 85e032a8 00000000 00000000 nt!CcWorkerThread+0x158
f204fda8 804554ce 85e032a8 00000000 00000000 nt!ExpWorkerThread+0xaf
f204fddc 8046a9d2 804170b4 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

85e03300-64

THREAD 85e03300 Cid 8.54 Teb: 00000000 Win32Thread: 00000000 WAIT:
(WrVirtualMemory) KernelMode Non-Alertable
80483e90 NotificationEvent
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 84169
Context Switch Count 206
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address nt!MiMappedPageWriter (0x8043d042)
Stack Init f2078000 Current f2077d2c Base f2078000 Limit f2075000 Call
0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2077d44 8042bfc7 85e037f8 00000000 80065634 nt!KiSwapThread+0x1b1
f2077d6c 8043d08f 80483e90 00000012 00000000
nt!KeWaitForSingleObject+0x1a3
f2077da8 804554ce 00000000 00000000 00000000 nt!MiMappedPageWriter+0x4d
f2077ddc 8046a9d2 8043d042 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

1 total locks, 1 locks currently held

1: kd> !locks 0x84f264f4 -v

Resource @ 0x84f264f4 Shared 1 owning threads
Contention Count = 8
Threads: 84f2c540-01

THREAD 84f2c540 Cid 320.8ec Teb: 7ffde000 Win32Thread: e2e53408
WAIT: (Executive) KernelMode Non-Alertable
84f876a8 SynchronizationEvent
84f2c628 NotificationTimer
IRP List:
85007668: (0006,0100) Flags: 00000000 Mdl: 00000000
Not impersonating
Owning Process 84dd43e0
WaitTime (seconds) 111226
Context Switch Count 156800 LargeStack
UserTime 0:00:01.0203
KernelTime 0:00:13.0750
Start Address 0x77e8ca4e
Win32 Start Address 0x00405eb0
Stack Init f5777000 Current f5776930 Base f5777000 Limit f5773000 Call
0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f5776948 8042bfc7 00000000 84ddcb68 84f2c540 nt!KiSwapThread+0x1b1
f5776970 80415502 84f876a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f57769b0 804148ef 84ddcb68 84ddcb68 f57769d4
nt!ExpWaitForResource+0x1b4
f57769c0 80414943 85007668 84f2d768 00000000
nt!ExpAcquireResourceExclusiveLite+0x7b
f57769d4 f737e396 84ddcb9c 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x45
f5776a50 f737d9c5 84f2d768 85007668 84f26020
Ntfs!NtfsCommonFlushBuffers+0x10b
f5776ab4 8041db29 84f26020 85007668 84fc8cd0
Ntfs!NtfsFsdFlushBuffers+0xaf
f5776ac8 f5bc78df 84fc8cd0 85007668 00000000 nt!IopfCallDriver+0x35
f5776c88 f5bc2885 84fc8cd0 85007668 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f5776c9c 8041db29 84fc8cd0 85007668 85007668
IvdIfs_G!IvdIfsDispatch+0x45
f5776cb0 804b0998 c01df9e4 85007668 00000000 nt!IopfCallDriver+0x35
f5776cc4 804a346e 84fc8cd0 85007668 84dd16a8
nt!IopSynchronousServiceTail+0x60
f5776d54 80465d49 00000164 0011d180 00000000
nt!NtFlushBuffersFile+0x1c4
f5776d54 77884f59 00000164 0011d180 00000000 nt!KiSystemService+0xc9
0011d188 00fd10f3 00000164 0011f2b8 0011d210 +0x77884f59
0011d204 00f532ae 01127400 00f5328b 0012034c +0xfd10f3
0011f2d0 00f528b8 01238b08 0011f344 00c29414 +0xf532ae
00120364 100a1faf 01238b08 00c29414 01470086 +0xf528b8
001203dc 100a1c67 00c27400 00c29414 008a0150 +0x100a1faf
0012048c 0040282e 00c27400 001227bc 00000000 +0x100a1c67
001247c4 00401ce5 00e50e62 0012df64 00415e84 +0x40282e
0012ff80 00000000 00000000 00000000 00000000 +0x401ce5

1 total locks, 1 locks currently held

1: kd> !irp 85007668
Irp is active with 4 stacks 4 is current (= 0x85007744)
No Mdl Thread 84f2c540: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[9, 0] 0 0 84f26020 84dd16a8 00000000-00000000
\FileSystem\Ntfs
Args: 00000000 00000000 00000000 00000000
1: kd> !irp 84f60e48
Irp is active with 4 stacks 4 is current (= 0x84f60f24)
No Mdl Irp count = f204fcd4 Thread 85e07620: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[6, 0] 0 0 84f26020 84dd16a8 00000000-00000000
\FileSystem\Ntfs
Args: 00000008 00000014 00000000 00000100

Does anybody have an idea what might be the problem ?

Thanks in advance for any help.

With best regards,
Lars

2

Ummm… what exactly does your driver do? From the stack it appears to
be a filter of some sort? It looks like you’re violating the lock
acquisition heirarchy of NTFS->Cc->Mm, but to determine how we need to
know what your driver does. (The thread running the lazy writer work
item should not be blocking in NTFS because the appropriate locks should
have been pre-acquired.)

Lars Diehl wrote:

I’m trying to analyse a deadlock situation in one of our applications. The
app writes a large file (about 1 GB) and
finally flushes the buffers to ensure the file is written to disk before
continuing. This flush operation
blocks. In the dump it seems as if three partys are somehow competing for
the same file: the flush (my app), ccWriteBehind (Lazy writer ?) and the
mapped page writer.

This issue occurs only on a certain system and is not reproducible in our
lab.

Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 3) MP (2 procs) Free x86
compatible
Product: Server, suite: Enterprise
Kernel base = 0x80400000 PsLoadedModuleList = 0x80483de0
Debug session time: Thu Dec 11 19:19:56 2003

1: kd> !locks -v 0x84ddcb68

Resource @ 0x84ddcb68 Shared 1 owning threads
Contention Count = 18
NumberOfSharedWaiters = 1
NumberOfExclusiveWaiters = 1
Threads: 85e07620-01

THREAD 85e07620 Cid 8.2c Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
84f3c068 Semaphore Limit 0x7fffffff
85e07708 NotificationTimer
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 111253
Context Switch Count 11419
UserTime 0:00:00.0000
KernelTime 0:00:00.0937
Start Address nt!ExpWorkerThread (0x804170b4)
Stack Init f2050000 Current f204f91c Base f2050000 Limit f204d000 Call
0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f204f934 8042bfc7 00000000 84ddcb68 85e07620 nt!KiSwapThread+0x1b1
f204f95c 80415502 84f3c068 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f204f99c 80414a96 00000001 84fa84a8 00000000
nt!ExpWaitForResource+0x1b4
f204f9b4 f737bc27 84ddcb00 00000001 00000000
nt!ExAcquireResourceSharedLite+0xc6
f204fa3c f737bb68 84fa84a8 84f60e48 84f26020
Ntfs!NtfsCommonSetInformation+0x2de
f204faac 8041db29 84f26020 84f60e48 84fc8cd0
Ntfs!NtfsFsdSetInformation+0xbf
f204fac0 f5bc78df 84fc8cd0 84f60e48 00000010 nt!IopfCallDriver+0x35
f204fc80 f5bc2885 84fc8cd0 84f60e48 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f204fc94 8041db29 84fc8cd0 84f60e48 84dd16a8
IvdIfs_G!IvdIfsDispatch+0x45
f204fca8 8040dc4a 80065420 84dcfe28 800654f0 nt!IopfCallDriver+0x35
f204fcdc 8040e85c 84dd16a8 f204fcf8 00000000 nt!CcSetValidData+0xa4
f204fd0c 8041300a 85e032a8 80476d00 85e07620 nt!CcWriteBehind+0x278
f204fd78 80417163 85e032a8 00000000 00000000 nt!CcWorkerThread+0x158
f204fda8 804554ce 85e032a8 00000000 00000000 nt!ExpWorkerThread+0xaf
f204fddc 8046a9d2 804170b4 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

85e03300-64

THREAD 85e03300 Cid 8.54 Teb: 00000000 Win32Thread: 00000000 WAIT:
(WrVirtualMemory) KernelMode Non-Alertable
80483e90 NotificationEvent
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 84169
Context Switch Count 206
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address nt!MiMappedPageWriter (0x8043d042)
Stack Init f2078000 Current f2077d2c Base f2078000 Limit f2075000 Call
0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2077d44 8042bfc7 85e037f8 00000000 80065634 nt!KiSwapThread+0x1b1
f2077d6c 8043d08f 80483e90 00000012 00000000
nt!KeWaitForSingleObject+0x1a3
f2077da8 804554ce 00000000 00000000 00000000 nt!MiMappedPageWriter+0x4d
f2077ddc 8046a9d2 8043d042 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

1 total locks, 1 locks currently held

1: kd> !locks 0x84f264f4 -v

Resource @ 0x84f264f4 Shared 1 owning threads
Contention Count = 8
Threads: 84f2c540-01

THREAD 84f2c540 Cid 320.8ec Teb: 7ffde000 Win32Thread: e2e53408
WAIT: (Executive) KernelMode Non-Alertable
84f876a8 SynchronizationEvent
84f2c628 NotificationTimer
IRP List:
85007668: (0006,0100) Flags: 00000000 Mdl: 00000000
Not impersonating
Owning Process 84dd43e0
WaitTime (seconds) 111226
Context Switch Count 156800 LargeStack
UserTime 0:00:01.0203
KernelTime 0:00:13.0750
Start Address 0x77e8ca4e
Win32 Start Address 0x00405eb0
Stack Init f5777000 Current f5776930 Base f5777000 Limit f5773000 Call
0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f5776948 8042bfc7 00000000 84ddcb68 84f2c540 nt!KiSwapThread+0x1b1
f5776970 80415502 84f876a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f57769b0 804148ef 84ddcb68 84ddcb68 f57769d4
nt!ExpWaitForResource+0x1b4
f57769c0 80414943 85007668 84f2d768 00000000
nt!ExpAcquireResourceExclusiveLite+0x7b
f57769d4 f737e396 84ddcb9c 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x45
f5776a50 f737d9c5 84f2d768 85007668 84f26020
Ntfs!NtfsCommonFlushBuffers+0x10b
f5776ab4 8041db29 84f26020 85007668 84fc8cd0
Ntfs!NtfsFsdFlushBuffers+0xaf
f5776ac8 f5bc78df 84fc8cd0 85007668 00000000 nt!IopfCallDriver+0x35
f5776c88 f5bc2885 84fc8cd0 85007668 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f5776c9c 8041db29 84fc8cd0 85007668 85007668
IvdIfs_G!IvdIfsDispatch+0x45
f5776cb0 804b0998 c01df9e4 85007668 00000000 nt!IopfCallDriver+0x35
f5776cc4 804a346e 84fc8cd0 85007668 84dd16a8
nt!IopSynchronousServiceTail+0x60
f5776d54 80465d49 00000164 0011d180 00000000
nt!NtFlushBuffersFile+0x1c4
f5776d54 77884f59 00000164 0011d180 00000000 nt!KiSystemService+0xc9
0011d188 00fd10f3 00000164 0011f2b8 0011d210 +0x77884f59
0011d204 00f532ae 01127400 00f5328b 0012034c +0xfd10f3
0011f2d0 00f528b8 01238b08 0011f344 00c29414 +0xf532ae
00120364 100a1faf 01238b08 00c29414 01470086 +0xf528b8
001203dc 100a1c67 00c27400 00c29414 008a0150 +0x100a1faf
0012048c 0040282e 00c27400 001227bc 00000000 +0x100a1c67
001247c4 00401ce5 00e50e62 0012df64 00415e84 +0x40282e
0012ff80 00000000 00000000 00000000 00000000 +0x401ce5

1 total locks, 1 locks currently held

1: kd> !irp 85007668
Irp is active with 4 stacks 4 is current (= 0x85007744)
No Mdl Thread 84f2c540: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

>[9, 0] 0 0 84f26020 84dd16a8 00000000-00000000

\FileSystem\Ntfs
Args: 00000000 00000000 00000000 00000000
1: kd> !irp 84f60e48
Irp is active with 4 stacks 4 is current (= 0x84f60f24)
No Mdl Irp count = f204fcd4 Thread 85e07620: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

>[6, 0] 0 0 84f26020 84dd16a8 00000000-00000000

\FileSystem\Ntfs
Args: 00000008 00000014 00000000 00000100

Does anybody have an idea what might be the problem ?

Thanks in advance for any help.

With best regards,
Lars


Nick Ryan
(Microsoft Windows MVP for DDK)

3

It looks like the MappedPageWriter is actaully idle at this point in
time, implying that it at one point held this resource but didn’t
release it.

Does your filter attach to MUP and do you register AcquireForModWrite
and ReleaseForModWrite FAST_IO_DISPATCH routines? If so, what error
code do you return when the device to which you are attached does not
have an AcquireForModWrite or ReleaseForModWrite handler?

My guess is that you are getting bit by a bug that was in the NT 4.0 IFS
Kit Sfilter sample. You need to return STATUS_INVALID_DEVICE_REQUEST if
there is no lower filter to pass the request onto, not
STATUS_NOT_IMPLEMENTED. (If you check the archives, I posted a long
explanation of this bug to the list 2 or 3 months ago.)

Thanks,
Molly Brown
Microsoft Corporation

This posting is provided “AS IS” with no warranties and confers no
rights.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nick Ryan
Sent: Thursday, January 15, 2004 11:05 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Deadlock during FlushFileBuffers

Ummm… what exactly does your driver do? From the stack it appears to
be a filter of some sort? It looks like you’re violating the lock
acquisition heirarchy of NTFS->Cc->Mm, but to determine how we need to
know what your driver does. (The thread running the lazy writer work
item should not be blocking in NTFS because the appropriate locks should
have been pre-acquired.)

Lars Diehl wrote:

I’m trying to analyse a deadlock situation in one of our applications.

The app writes a large file (about 1 GB) and finally flushes the
buffers to ensure the file is written to disk before continuing. This
flush operation blocks. In the dump it seems as if three partys are
somehow competing for the same file: the flush (my app), ccWriteBehind

(Lazy writer ?) and the mapped page writer.

This issue occurs only on a certain system and is not reproducible in
our lab.

Executable search path is:
Windows 2000 Kernel Version 2195 (Service Pack 3) MP (2 procs) Free
x86 compatible
Product: Server, suite: Enterprise
Kernel base = 0x80400000 PsLoadedModuleList = 0x80483de0 Debug session

time: Thu Dec 11 19:19:56 2003

1: kd> !locks -v 0x84ddcb68

Resource @ 0x84ddcb68 Shared 1 owning threads
Contention Count = 18
NumberOfSharedWaiters = 1
NumberOfExclusiveWaiters = 1
Threads: 85e07620-01

THREAD 85e07620 Cid 8.2c Teb: 00000000 Win32Thread: 00000000
WAIT:
(Executive) KernelMode Non-Alertable
84f3c068 Semaphore Limit 0x7fffffff
85e07708 NotificationTimer
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 111253
Context Switch Count 11419
UserTime 0:00:00.0000
KernelTime 0:00:00.0937
Start Address nt!ExpWorkerThread (0x804170b4)
Stack Init f2050000 Current f204f91c Base f2050000 Limit f204d000

Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f204f934 8042bfc7 00000000 84ddcb68 85e07620
nt!KiSwapThread+0x1b1
f204f95c 80415502 84f3c068 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f204f99c 80414a96 00000001 84fa84a8 00000000
nt!ExpWaitForResource+0x1b4
f204f9b4 f737bc27 84ddcb00 00000001 00000000
nt!ExAcquireResourceSharedLite+0xc6
f204fa3c f737bb68 84fa84a8 84f60e48 84f26020
Ntfs!NtfsCommonSetInformation+0x2de
f204faac 8041db29 84f26020 84f60e48 84fc8cd0
Ntfs!NtfsFsdSetInformation+0xbf
f204fac0 f5bc78df 84fc8cd0 84f60e48 00000010
nt!IopfCallDriver+0x35
f204fc80 f5bc2885 84fc8cd0 84f60e48 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f204fc94 8041db29 84fc8cd0 84f60e48 84dd16a8
IvdIfs_G!IvdIfsDispatch+0x45
f204fca8 8040dc4a 80065420 84dcfe28 800654f0
nt!IopfCallDriver+0x35
f204fcdc 8040e85c 84dd16a8 f204fcf8 00000000
nt!CcSetValidData+0xa4
f204fd0c 8041300a 85e032a8 80476d00 85e07620
nt!CcWriteBehind+0x278
f204fd78 80417163 85e032a8 00000000 00000000
nt!CcWorkerThread+0x158
f204fda8 804554ce 85e032a8 00000000 00000000
nt!ExpWorkerThread+0xaf
f204fddc 8046a9d2 804170b4 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16

85e03300-64

THREAD 85e03300 Cid 8.54 Teb: 00000000 Win32Thread: 00000000
WAIT:
(WrVirtualMemory) KernelMode Non-Alertable
80483e90 NotificationEvent
Not impersonating
Owning Process 85e334a0
WaitTime (seconds) 84169
Context Switch Count 206
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address nt!MiMappedPageWriter (0x8043d042)
Stack Init f2078000 Current f2077d2c Base f2078000 Limit f2075000

Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2077d44 8042bfc7 85e037f8 00000000 80065634
nt!KiSwapThread+0x1b1
f2077d6c 8043d08f 80483e90 00000012 00000000
nt!KeWaitForSingleObject+0x1a3
f2077da8 804554ce 00000000 00000000 00000000
nt!MiMappedPageWriter+0x4d
f2077ddc 8046a9d2 8043d042 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16

1 total locks, 1 locks currently held

1: kd> !locks 0x84f264f4 -v

Resource @ 0x84f264f4 Shared 1 owning threads
Contention Count = 8
Threads: 84f2c540-01

THREAD 84f2c540 Cid 320.8ec Teb: 7ffde000 Win32Thread:
e2e53408
WAIT: (Executive) KernelMode Non-Alertable
84f876a8 SynchronizationEvent
84f2c628 NotificationTimer
IRP List:
85007668: (0006,0100) Flags: 00000000 Mdl: 00000000
Not impersonating
Owning Process 84dd43e0
WaitTime (seconds) 111226
Context Switch Count 156800 LargeStack
UserTime 0:00:01.0203
KernelTime 0:00:13.0750
Start Address 0x77e8ca4e
Win32 Start Address 0x00405eb0
Stack Init f5777000 Current f5776930 Base f5777000 Limit f5773000

Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f5776948 8042bfc7 00000000 84ddcb68 84f2c540
nt!KiSwapThread+0x1b1
f5776970 80415502 84f876a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a3
f57769b0 804148ef 84ddcb68 84ddcb68 f57769d4
nt!ExpWaitForResource+0x1b4
f57769c0 80414943 85007668 84f2d768 00000000
nt!ExpAcquireResourceExclusiveLite+0x7b
f57769d4 f737e396 84ddcb9c 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x45
f5776a50 f737d9c5 84f2d768 85007668 84f26020
Ntfs!NtfsCommonFlushBuffers+0x10b
f5776ab4 8041db29 84f26020 85007668 84fc8cd0
Ntfs!NtfsFsdFlushBuffers+0xaf
f5776ac8 f5bc78df 84fc8cd0 85007668 00000000
nt!IopfCallDriver+0x35
f5776c88 f5bc2885 84fc8cd0 85007668 00000000
IvdIfs_G!IvdIfsFSDispatch+0x150f
f5776c9c 8041db29 84fc8cd0 85007668 85007668
IvdIfs_G!IvdIfsDispatch+0x45
f5776cb0 804b0998 c01df9e4 85007668 00000000
nt!IopfCallDriver+0x35
f5776cc4 804a346e 84fc8cd0 85007668 84dd16a8
nt!IopSynchronousServiceTail+0x60
f5776d54 80465d49 00000164 0011d180 00000000
nt!NtFlushBuffersFile+0x1c4
f5776d54 77884f59 00000164 0011d180 00000000
nt!KiSystemService+0xc9
0011d188 00fd10f3 00000164 0011f2b8 0011d210 +0x77884f59
0011d204 00f532ae 01127400 00f5328b 0012034c +0xfd10f3
0011f2d0 00f528b8 01238b08 0011f344 00c29414 +0xf532ae
00120364 100a1faf 01238b08 00c29414 01470086 +0xf528b8
001203dc 100a1c67 00c27400 00c29414 008a0150 +0x100a1faf
0012048c 0040282e 00c27400 001227bc 00000000 +0x100a1c67
001247c4 00401ce5 00e50e62 0012df64 00415e84 +0x40282e
0012ff80 00000000 00000000 00000000 00000000 +0x401ce5

1 total locks, 1 locks currently held

1: kd> !irp 85007668
Irp is active with 4 stacks 4 is current (= 0x85007744) No Mdl Thread

84f2c540: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

>[9, 0] 0 0 84f26020 84dd16a8 00000000-00000000

\FileSystem\Ntfs
Args: 00000000 00000000 00000000 00000000
1: kd> !irp 84f60e48
Irp is active with 4 stacks 4 is current (= 0x84f60f24) No Mdl Irp
count = f204fcd4 Thread 85e07620: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

>[6, 0] 0 0 84f26020 84dd16a8 00000000-00000000

\FileSystem\Ntfs
Args: 00000008 00000014 00000000 00000100

Does anybody have an idea what might be the problem ?

Thanks in advance for any help.

With best regards,
Lars


Nick Ryan
(Microsoft Windows MVP for DDK)

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com