Deadlock in ObDereferenceObject

I have a deadlock in ObDereferenceObject. Here’s a stacktrace:

kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
f5438ae0 804ebd36 80d98718 80d986a8 804ec950 nt!KiSwapContext+0x2e
f5438aec 804ec950 80e9a668 80e9a628 80e9a66c nt!KiSwapThread+0x44
f5438b14 8055f8bf 00000000 00000000 00000000 nt!KeWaitForSingleObject+0x1c0
f5438b40 805d0f18 80e9a668 00000000 00000000
nt!IopAcquireFileObjectLock+0x4c
f5438b84 8057e49d 00e9a628 80e9a610 00000000 nt!IopDeleteFile+0x6a
f5438ba0 804ecc07 80e9a628 00000000 ffb91f48 nt!ObpRemoveObjectRoutine+0xdd
f5438bc4 f946749e f5438c1c f9467dca 80d963c8 nt!ObfDereferenceObject+0x5d
f5438bcc f9467dca 80d963c8 ffb91f48 80f34d28
Vba32dNT!VbaRtpFreeProxyFcb+0x1e
[r:!projects#vba4\products\monitor\filter\src\device_root.cpp @ 563]
f5438c1c f94675fe 80e99050 ffb91f48 80f34d28
Vba32dNT!VbaRtpCommonClose+0x102
[r:!projects#vba4\products\monitor\filter\src\device_root_close.cpp @ 328]
f5438c60 804eca36 80f34ba8 ffb91f38 ffb91f38
Vba32dNT!VbaRtpCleanupClose+0x8e
[r:!projects#vba4\products\monitor\filter\src\device_root_close.cpp @ 68]
f5438c70 805870ad 80e99ce0 00000000 00000000 nt!IopfCallDriver+0x31
f5438ca8 8057e49d 00e99cf8 80e99ce0 00000000 nt!IopDeleteFile+0x159
f5438cc4 804ecc07 80e99cf8 00000000 0000010c nt!ObpRemoveObjectRoutine+0xdd
f5438ce8 80581110 ffb84bd8 e10604e0 80d986a8 nt!ObfDereferenceObject+0x5d
f5438d00 8058132d e10604e0 80e99cf8 0000010c
nt!ObpCloseHandleTableEntry+0x153
f5438d48 8058136e 0000010c 00000001 00000000 nt!ObpCloseHandle+0x85
f5438d58 804da140 0000010c 007b97e0 007b97e0 nt!NtClose+0x19
f5438d58 7ffe0304 0000010c 007b97e0 007b97e0 nt!KiSystemService+0xc4
0012fa10 00000000 00000000 00000000 00000000
SharedUserData!SystemCallStub+0x4

The file object passed to ObfDereferenceObject is the following:

kd> !object 0x80e9a628
Object: 80e9a628 Type: (80f53ca0) File
ObjectHeader: 80e9a610
HandleCount: 0 PointerCount: 0
Directory Object: 00000000 Name: \Documents and Settings\htfv2\Local
Settings\History\History.IE5\MSHist012003052720030528\index.dat
{HarddiskVolume2}

What can be a reason for such a deadlock? How can all three arguments passed
to nt!KeWaitForSingleObject (3rd frame) be NULL?

-htfv

It seems you are dereferencing some kind of proxy file object that’s
associated with some primary file object that your filter is monitoring.
The system is preparing to send down clean and close IRPs to your proxy
file object because the pointer count is going to zero. It’s trying to
acquire FileObject->Lock and failing miserably. As you mention it looks
like the lock may have never been initialized in the first place. How
are you creating the proxy file object?

  • Nick Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexey Logachyov
Sent: Tuesday, May 27, 2003 6:17 AM
To: File Systems Developers
Subject: [ntfsd] Deadlock in ObDereferenceObject

I have a deadlock in ObDereferenceObject. Here’s a stacktrace:

kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child f5438ae0 804ebd36 80d98718
80d986a8 804ec950 nt!KiSwapContext+0x2e f5438aec 804ec950
80e9a668 80e9a628 80e9a66c nt!KiSwapThread+0x44 f5438b14
8055f8bf 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x1c0 f5438b40 805d0f18 80e9a668
00000000 00000000 nt!IopAcquireFileObjectLock+0x4c f5438b84
8057e49d 00e9a628 80e9a610 00000000 nt!IopDeleteFile+0x6a
f5438ba0 804ecc07 80e9a628 00000000 ffb91f48
nt!ObpRemoveObjectRoutine+0xdd f5438bc4 f946749e f5438c1c
f9467dca 80d963c8 nt!ObfDereferenceObject+0x5d f5438bcc
f9467dca 80d963c8 ffb91f48 80f34d28
Vba32dNT!VbaRtpFreeProxyFcb+0x1e
[r:!projects#vba4\products\monitor\filter\src\device_root.cp
p @ 563] f5438c1c f94675fe 80e99050 ffb91f48 80f34d28
Vba32dNT!VbaRtpCommonClose+0x102
[r:!projects#vba4\products\monitor\filter\src\device_root_cl
ose.cpp @ 328] f5438c60 804eca36 80f34ba8 ffb91f38 ffb91f38 >
Vba32dNT!VbaRtpCleanupClose+0x8e
[r:!projects#vba4\products\monitor\filter\src\device_root_cl
ose.cpp @ 68] f5438c70 805870ad 80e99ce0 00000000 00000000 >
nt!IopfCallDriver+0x31 f5438ca8 8057e49d 00e99cf8 80e99ce0
00000000 nt!IopDeleteFile+0x159 f5438cc4 804ecc07 80e99cf8
00000000 0000010c nt!ObpRemoveObjectRoutine+0xdd f5438ce8
80581110 ffb84bd8 e10604e0 80d986a8
nt!ObfDereferenceObject+0x5d f5438d00 8058132d e10604e0
80e99cf8 0000010c nt!ObpCloseHandleTableEntry+0x153 f5438d48
8058136e 0000010c 00000001 00000000 nt!ObpCloseHandle+0x85
f5438d58 804da140 0000010c 007b97e0 007b97e0 nt!NtClose+0x19
f5438d58 7ffe0304 0000010c 007b97e0 007b97e0
nt!KiSystemService+0xc4 0012fa10 00000000 00000000 00000000
00000000 SharedUserData!SystemCallStub+0x4

The file object passed to ObfDereferenceObject is the following:

kd> !object 0x80e9a628
Object: 80e9a628 Type: (80f53ca0) File
ObjectHeader: 80e9a610
HandleCount: 0 PointerCount: 0
Directory Object: 00000000 Name: \Documents and
Settings\htfv2\Local
Settings\History\History.IE5\MSHist012003052720030528\index.dat
{HarddiskVolume2}

What can be a reason for such a deadlock? How can all three
arguments passed to nt!KeWaitForSingleObject (3rd frame) be NULL?

-htfv


You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Ah, that was problem with my own code. Some uninitialized variables,
violations of locking hierarchy and all that stuff.

-htfv

----- Original Message -----
From: “Nick Ryan”
To: “File Systems Developers”
Sent: Wednesday, May 28, 2003 12:55 AM
Subject: [ntfsd] RE: Deadlock in ObDereferenceObject

> It seems you are dereferencing some kind of proxy file object that’s
> associated with some primary file object that your filter is monitoring.
> The system is preparing to send down clean and close IRPs to your proxy
> file object because the pointer count is going to zero. It’s trying to
> acquire FileObject->Lock and failing miserably. As you mention it looks
> like the lock may have never been initialized in the first place. How
> are you creating the proxy file object?
>
> - Nick Ryan
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Alexey Logachyov
> > Sent: Tuesday, May 27, 2003 6:17 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Deadlock in ObDereferenceObject
> >
> >
> > I have a deadlock in ObDereferenceObject. Here’s a stacktrace:
> >
> > kd> kb
> > *** Stack trace for last set context - .thread/.cxr resets it
> > ChildEBP RetAddr Args to Child f5438ae0 804ebd36 80d98718
> > 80d986a8 804ec950 nt!KiSwapContext+0x2e f5438aec 804ec950
> > 80e9a668 80e9a628 80e9a66c nt!KiSwapThread+0x44 f5438b14
> > 8055f8bf 00000000 00000000 00000000
> > nt!KeWaitForSingleObject+0x1c0 f5438b40 805d0f18 80e9a668
> > 00000000 00000000 nt!IopAcquireFileObjectLock+0x4c f5438b84
> > 8057e49d 00e9a628 80e9a610 00000000 nt!IopDeleteFile+0x6a
> > f5438ba0 804ecc07 80e9a628 00000000 ffb91f48
> > nt!ObpRemoveObjectRoutine+0xdd f5438bc4 f946749e f5438c1c
> > f9467dca 80d963c8 nt!ObfDereferenceObject+0x5d f5438bcc
> > f9467dca 80d963c8 ffb91f48 80f34d28
> > Vba32dNT!VbaRtpFreeProxyFcb+0x1e
> > [r:!projects#vba4\products\monitor\filter\src\device_root.cp
> > p @ 563] f5438c1c f94675fe 80e99050 ffb91f48 80f34d28
> > Vba32dNT!VbaRtpCommonClose+0x102
> > [r:!projects#vba4\products\monitor\filter\src\device_root_cl
> ose.cpp @ 328] f5438c60 804eca36 80f34ba8 ffb91f38 ffb91f38 >
> Vba32dNT!VbaRtpCleanupClose+0x8e
> > [r:!projects#vba4\products\monitor\filter\src\device_root_cl
> ose.cpp @ 68] f5438c70 805870ad 80e99ce0 00000000 00000000 >
> nt!IopfCallDriver+0x31 f5438ca8 8057e49d 00e99cf8 80e99ce0
> > 00000000 nt!IopDeleteFile+0x159 f5438cc4 804ecc07 80e99cf8
> > 00000000 0000010c nt!ObpRemoveObjectRoutine+0xdd f5438ce8
> > 80581110 ffb84bd8 e10604e0 80d986a8
> > nt!ObfDereferenceObject+0x5d f5438d00 8058132d e10604e0
> > 80e99cf8 0000010c nt!ObpCloseHandleTableEntry+0x153 f5438d48
> > 8058136e 0000010c 00000001 00000000 nt!ObpCloseHandle+0x85
> > f5438d58 804da140 0000010c 007b97e0 007b97e0 nt!NtClose+0x19
> > f5438d58 7ffe0304 0000010c 007b97e0 007b97e0
> > nt!KiSystemService+0xc4 0012fa10 00000000 00000000 00000000
> > 00000000 SharedUserData!SystemCallStub+0x4
> >
> >
> > The file object passed to ObfDereferenceObject is the following:
> >
> > kd> !object 0x80e9a628
> > Object: 80e9a628 Type: (80f53ca0) File
> > ObjectHeader: 80e9a610
> > HandleCount: 0 PointerCount: 0
> > Directory Object: 00000000 Name: \Documents and
> > Settings\htfv2\Local
> > Settings\History\History.IE5\MSHist012003052720030528\index.dat
> > {HarddiskVolume2}
> >
> >
> > What can be a reason for such a deadlock? How can all three
> > arguments passed to nt!KeWaitForSingleObject (3rd frame) be NULL?
> >
> > -htfv
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@nryan.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>