Hanging problem

Hello Gurus,

I have a filter driver which logs all WRITE and CREATE and
SET_INFORMATION in a file . I see that while installing a MS Word
application . The system gets hanged at a particular point. Without my
driver attached in a normal system in installation, the installation
progress window takes a longer to cross ( this shows the hanging point
is a heavy operation).

I got a !stacks trace below , which I do not understand much, can any
body give me some ideas what could be wrong.

Regards,
Anurag

kd> !stacks
Proc.Thread Thread Ticks ThreadState Blocker
[System]
8.000004 8189e860 0000054 BLOCKED nt!KiSwapThread+0xc5
8.00000c 8189d020 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000010 8189dda0 000003b BLOCKED nt!KiSwapThread+0xc5
8.000014 8189db20 00000ee BLOCKED nt!KiSwapThread+0xc5
8.000018 8189d8a0 00000a1 BLOCKED nt!KiSwapThread+0xc5
8.00001c 8189d620 0009d3b BLOCKED nt!KiSwapThread+0xc5
8.000020 8189d3a0 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000024 8189c020 0000010 BLOCKED nt!KiSwapThread+0xc5
8.000028 8189cda0 000db70 BLOCKED nt!KiSwapThread+0xc5
8.00002c 8189cb20 0002022 BLOCKED nt!KiSwapThread+0xc5
8.000030 8189c8a0 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000034 8189a020 0009162 BLOCKED nt!KiSwapThread+0xc5
8.000038 8189ada0 0000b6f BLOCKED nt!KiSwapThread+0xc5
8.00003c 8189ab20 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000040 8189a8a0 000000e BLOCKED nt!KiSwapThread+0xc5
8.000044 81896020 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.000048 81896da0 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.00004c 81891020 0013994 BLOCKED nt!KiSwapThread+0xc5
8.000050 8188f760 0000b67 BLOCKED nt!KiSwapThread+0xc5
8.000054 81877b80 0013b56 BLOCKED nt!KiSwapThread+0xc5
8.000058 8185f840 0013754 BLOCKED nt!KiSwapThread+0xc5
8.000064 817cd020 00131b0 BLOCKED nt!KiSwapThread+0xc5
8.000068 817cdda0 001398d BLOCKED nt!KiSwapThread+0xc5
8.00006c 817c49a0 0013941 BLOCKED nt!KiSwapThread+0xc5
8.000074 81770320 00000e4 BLOCKED nt!KiSwapThread+0xc5
8.000078 8175fda0 000f417 BLOCKED nt!KiSwapThread+0xc5
8.00007c 8175fb20 0000675 BLOCKED nt!KiSwapThread+0xc5
8.000084 8175e840 0013506 BLOCKED ?? Kernel stack not resident
??
8.000200 8168b020 00136e5 BLOCKED nt!KiSwapThread+0xc5
8.0001ec 816e74e0 00136c3 BLOCKED ?? Kernel stack not resident
??
8.000220 81688020 00136c2 BLOCKED ?? Kernel stack not resident
??
8.00045c fcca1da0 0000141 BLOCKED nt!KiSwapThread+0xc5

[SMSS.EXE]
8c.000088 81762020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000090 81762cc0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000094 81762a20 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00005c 81743020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00009c 81743da0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000098 81743b20 00131c9 BLOCKED ?? Kernel stack not resident
??

[CSRSS.EXE]
a4.0000a8 816c2b20 0012c6c BLOCKED ?? Kernel stack not resident
??
a4.0000ac 81715260 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000b0 816c1d40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.0000b4 816c1a40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.000080 816bf920 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000c0 81710b60 0000003 BLOCKED nt!KiSwapThread+0xc5
a4.0000c4 81710480 0004021 BLOCKED nt!KiSwapThread+0xc5
a4.0000e4 816b5020 0012b99 BLOCKED ?? Kernel stack not resident
??
a4.000340 815a14c0 000e048 BLOCKED nt!KiSwapThread+0xc5

[WINLOGON.EXE]
b8.0000a0 81714020 000d1b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000bc 81712a40 00001b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000cc 8170fc80 0002fcf BLOCKED nt!KiSwapThread+0xc5
b8.0000d8 816b7020 00116d3 BLOCKED ?? Kernel stack not resident
??
b8.0000f8 816b3b80 000e87e BLOCKED ?? Kernel stack not resident
??
b8.00012c 816ae020 000c9f5 BLOCKED nt!KiSwapThread+0xc5
b8.000248 81683020 00131c9 BLOCKED ?? Kernel stack not resident
??
b8.00024c 81666940 000a787 BLOCKED nt!KiSwapThread+0xc5
b8.000250 81666220 00090b2 BLOCKED nt!KiSwapThread+0xc5
b8.000210 8169b580 00001d2 BLOCKED nt!KiSwapThread+0xc5
b8.00029c 81651940 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.000288 81652020 0000906 BLOCKED nt!KiSwapThread+0xc5
b8.0002c4 81648da0 000090a BLOCKED nt!KiSwapThread+0xc5
b8.0002e0 81640020 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.0002f4 8163d6e0 000e9c3 BLOCKED ?? Kernel stack not resident
??

[SERVICES.EXE]
d4.0000ec 8170bca0 000d1c0 BLOCKED nt!KiSwapThread+0xc5
d4.000134 816afca0 0001640 BLOCKED nt!KiSwapThread+0xc5
d4.000138 816ad7c0 0002236 BLOCKED nt!KiSwapThread+0xc5
d4.00013c 816add40 0000b6a BLOCKED nt!KiSwapThread+0xc5
d4.000140 81702980 00003e7 BLOCKED nt!KiSwapThread+0xc5
d4.000148 816ad4c0 000027d BLOCKED nt!KiSwapThread+0xc5
d4.00014c 81702020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000060 81700020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000160 816aa180 0000657 BLOCKED nt!KiSwapThread+0xc5
d4.000150 816a9020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000164 816aa740 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000168 816ff020 000f417 BLOCKED ?? Kernel stack not resident
??
d4.00016c 816a4d60 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000170 816fab20 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000174 816fa8a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000178 816a3300 0012834 BLOCKED ?? Kernel stack not resident
??
d4.00017c 816f9700 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000180 816f92a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000188 816f8da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00018c 816f8560 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001a0 8169d020 000a677 BLOCKED nt!KiSwapThread+0xc5
d4.0001c4 816f3420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001d8 81692020 00009f8 BLOCKED nt!KiSwapThread+0xc5
d4.0001e4 81691da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00020c 8168c020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00022c 81685b20 0012ddf BLOCKED ?? Kernel stack not resident
??
d4.000238 81686b20 0002036 BLOCKED nt!KiSwapThread+0xc5
d4.00023c 81684980 0002ccb BLOCKED nt!KiSwapThread+0xc5
d4.000240 81684da0 0002edf BLOCKED nt!KiSwapThread+0xc5
d4.0000fc 81663380 0002bb4 BLOCKED nt!KiSwapThread+0xc5
d4.000258 8165cc20 000042b BLOCKED nt!KiSwapThread+0xc5
d4.0002ac 81658020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b0 8164d020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b8 8164b5a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002bc 8164b120 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002dc 81641b60 0000758 BLOCKED nt!KiSwapThread+0xc5
d4.000368 8160f020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0000d0 8160f420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001bc 81357260 00045bc BLOCKED nt!KiSwapThread+0xc5

[LSASS.EXE]
e0.0000e8 816b4020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0000f0 8170b3e0 001296d BLOCKED ?? Kernel stack not resident
??
e0.0000f4 816b3020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000100 81709020 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000104 817088e0 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000110 81704100 00090b0 BLOCKED nt!KiSwapThread+0xc5
e0.00011c 816b0220 0003da3 BLOCKED nt!KiSwapThread+0xc5
e0.000120 816b06c0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.00015c 816ab840 000d1b2 BLOCKED nt!KiSwapThread+0xc5
e0.0001e8 81691340 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000214 816876e0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000394 816e9020 000e88c BLOCKED ?? Kernel stack not resident
??
e0.0003a0 81603020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0003a4 81603b80 00131c9 BLOCKED ?? Kernel stack not resident
??

[svchost.exe]
190.000184 816a2020 00131c9 BLOCKED ?? Kernel stack not resident
??
190.000194 816a1020 00017e4 BLOCKED nt!KiSwapThread+0xc5
190.00019c 8169ea00 00131c9 BLOCKED ?? Kernel stack not resident
??
190.0001a4 8169d560 000000e BLOCKED nt!KiSwapThread+0xc5
190.0001d0 816f2020 00027a2 BLOCKED nt!KiSwapThread+0xc5
190.00010c 8161f020 0001565 BLOCKED nt!KiSwapThread+0xc5
190.0004ac 8157b740 0001565 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
1cc.0001c8 81692da0 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.0001d4 816f26e0 000d194 BLOCKED nt!KiSwapThread+0xc5
1cc.0001e0 816f1020 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.0001f0 816ee720 0007fe5 BLOCKED nt!KiSwapThread+0xc5
1cc.00025c 8165c1a0 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000278 816555e0 0000148 BLOCKED nt!KiSwapThread+0xc5
1cc.000290 81652320 00107ce BLOCKED ?? Kernel stack not resident
??
1cc.000294 816527c0 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00034c 81627540 000a2a6 BLOCKED nt!KiSwapThread+0xc5
1cc.000398 81626c20 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00039c 81606680 0002549 BLOCKED nt!KiSwapThread+0xc5
1cc.0003b0 815f7da0 0002c79 BLOCKED nt!KiSwapThread+0xc5
1cc.00040c 815d3620 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.000410 815d2980 00005c2 BLOCKED nt!KiSwapThread+0xc5
1cc.000418 815d1020 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.00041c 815d0560 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000424 815d21e0 00131b6 BLOCKED ?? Kernel stack not resident
??
1cc.000428 815cf660 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.00042c 815ce800 00131b0 BLOCKED ?? Kernel stack not resident
??
1cc.000430 815cdc00 00131af BLOCKED ?? Kernel stack not resident
??
1cc.000434 815cc620 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.000438 815cc2a0 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.00043c 815cb680 0009cf9 BLOCKED nt!KiSwapThread+0xc5
1cc.000440 815d00a0 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.000444 815c8020 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000448 815c6020 000239d BLOCKED nt!KiSwapThread+0xc5
1cc.00044c 815c6da0 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000458 815c5020 000e669 BLOCKED ?? Kernel stack not resident
??
1cc.0003cc 815c1020 0012b8a BLOCKED ?? Kernel stack not resident
??
1cc.00031c 81602800 0000425 BLOCKED nt!KiSwapThread+0xc5

[regsvc.exe]
1fc.0001f8 816ed020 00131c9 BLOCKED ?? Kernel stack not resident
??
1fc.000208 816ec540 0000369 BLOCKED nt!KiSwapThread+0xc5

[mstask.exe]
21c.000218 816e9da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000254 81664da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000264 816e3b20 000ea38 BLOCKED ?? Kernel stack not resident
??
21c.000268 8165a7e0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.0001dc 81691020 00001b4 BLOCKED nt!KiSwapThread+0xc5
21c.000270 81657380 000092d BLOCKED nt!KiSwapThread+0xc5
21c.000274 8182ea00 0009f23 BLOCKED nt!KiSwapThread+0xc5

[WinMgmt.exe]
280.00027c 81654560 00131c9 BLOCKED ?? Kernel stack not resident
??
280.000128 816508c0 00090b4 BLOCKED nt!KiSwapThread+0xc5
280.0003ac 815fc020 0003448 BLOCKED nt!KiSwapThread+0xc5
280.0004b0 8157bbc0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
280.0003f4 fc6aa180 0000093 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
2a4.0002a0 8164f8c0 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.0002a8 8164e4a0 000d194 BLOCKED nt!KiSwapThread+0xc5
2a4.0002d4 8164dda0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
2a4.000260 8163f400 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.000108 815adda0 001258c BLOCKED ?? Kernel stack not resident
??

[explorer.exe]
304.000300 8163b980 0004031 BLOCKED nt!KiSwapThread+0xc5
304.000314 81638020 0000998 BLOCKED nt!KiSwapThread+0xc5
304.000318 81634a60 0009030 BLOCKED nt!KiSwapThread+0xc5
304.000284 8162e960 0000088 BLOCKED nt!KiSwapThread+0xc5
304.000330 8162dc60 0000018 BLOCKED nt!KiSwapThread+0xc5
304.000334 816424e0 0009f04 BLOCKED nt!KiSwapThread+0xc5
304.000158 815e6ae0 0003448 BLOCKED nt!KiSwapThread+0xc5
304.000400 815c3b40 000ea73 BLOCKED ?? Kernel stack not resident
??
304.000404 815c2d60 0000386 BLOCKED nt!KiSwapThread+0xc5
304.0002d8 8175f020 000092f BLOCKED nt!KiSwapThread+0xc5
304.0000c8 81647020 0000010 BLOCKED nt!KiSwapThread+0xc5
304.0001f4 8159c2a0 000e7cb BLOCKED ?? Kernel stack not resident
??
304.0003f0 815aa020 00027a4 BLOCKED nt!KiSwapThread+0xc5

[igfxtray.exe]
348.000344 816291a0 000d194 BLOCKED nt!KiSwapThread+0xc5
348.0004b8 815833e0 0008cb8 BLOCKED nt!KiSwapThread+0xc5

[hkcmd.exe]
354.000350 81626540 000d194 BLOCKED nt!KiSwapThread+0xc5
354.000324 81621020 0008cb8 BLOCKED nt!KiSwapThread+0xc5
354.0003a8 816004c0 00131c9 BLOCKED ?? Kernel stack not resident
??

[WZQKPICK.EXE]
358.00033c 8161eda0 000e87e BLOCKED ?? Kernel stack not resident
??

[wuauclt.exe]
38c.000130 81610880 000c18e BLOCKED nt!KiSwapThread+0xc5
38c.0003b4 815aac00 000768e BLOCKED nt!KiSwapThread+0xc5
38c.0002f0 815aa620 00121c6 BLOCKED ?? Kernel stack not resident
??
38c.0003d4 815a9020 00004c6 BLOCKED nt!KiSwapThread+0xc5
38c.0003d0 815a9da0 0008bc6 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
420.000204 815a1800 0000003 BLOCKED nt!KiSwapThread+0xc5
420.000384 8159b2a0 0000024 BLOCKED nt!KiSwapThread+0xc5
420.0003e4 815b8700 000dda1 BLOCKED nt!KiSwapThread+0xc5
420.0004bc 813fd4c0 00027a4 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
2c8.0002fc 8163e9c0 000ddb7 BLOCKED nt!KiSwapThread+0xc5
2c8.000224 815b2d20 000d194 BLOCKED nt!KiSwapThread+0xc5
2c8.000228 815ae920 0000002 BLOCKED nt!KiSwapThread+0xc5
2c8.000388 81585da0 000008f BLOCKED nt!KiSwapThread+0xc5
2c8.0004c0 815849e0 000d1bb BLOCKED nt!KiSwapThread+0xc5
2c8.0004d4 81583020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
454.000408 815f6820 000d194 BLOCKED nt!KiSwapThread+0xc5
454.000298 8163e020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
4c8.0004c4 8150a860 000d194 BLOCKED nt!KiSwapThread+0xc5
4c8.0004cc 8153a020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
1b0.000378 813569c0 000cf33 BLOCKED nt!KiSwapThread+0xc5
1b0.000540 81419160 00027a3 BLOCKED nt!KiSwapThread+0xc5

You are seeing a deadlock, so you can try the !lock(s) command. There is an
excellent article on ntinsider ( look on line at osr site ). You need to
load an extension kdext2 or something, it is a windbg extension dll . And
the article gives you the steps to follow. You might be able to see where
the resource are being improperly used …

If you happen to be running under XP, then run the driver verifier with your
driver, and turn the deadlock switch on for detection. That would be your
first step.

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Friday, November 19, 2004 9:19 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Hanging problem

Hello Gurus,

I have a filter driver which logs all WRITE and CREATE and
SET_INFORMATION in a file . I see that while installing a MS Word
application . The system gets hanged at a particular point. Without my
driver attached in a normal system in installation, the installation
progress window takes a longer to cross ( this shows the hanging point
is a heavy operation).

I got a !stacks trace below , which I do not understand much, can any
body give me some ideas what could be wrong.

Regards,
Anurag

kd> !stacks
Proc.Thread Thread Ticks ThreadState Blocker
[System]
8.000004 8189e860 0000054 BLOCKED nt!KiSwapThread+0xc5
8.00000c 8189d020 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000010 8189dda0 000003b BLOCKED nt!KiSwapThread+0xc5
8.000014 8189db20 00000ee BLOCKED nt!KiSwapThread+0xc5
8.000018 8189d8a0 00000a1 BLOCKED nt!KiSwapThread+0xc5
8.00001c 8189d620 0009d3b BLOCKED nt!KiSwapThread+0xc5
8.000020 8189d3a0 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000024 8189c020 0000010 BLOCKED nt!KiSwapThread+0xc5
8.000028 8189cda0 000db70 BLOCKED nt!KiSwapThread+0xc5
8.00002c 8189cb20 0002022 BLOCKED nt!KiSwapThread+0xc5
8.000030 8189c8a0 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000034 8189a020 0009162 BLOCKED nt!KiSwapThread+0xc5
8.000038 8189ada0 0000b6f BLOCKED nt!KiSwapThread+0xc5
8.00003c 8189ab20 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000040 8189a8a0 000000e BLOCKED nt!KiSwapThread+0xc5
8.000044 81896020 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.000048 81896da0 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.00004c 81891020 0013994 BLOCKED nt!KiSwapThread+0xc5
8.000050 8188f760 0000b67 BLOCKED nt!KiSwapThread+0xc5
8.000054 81877b80 0013b56 BLOCKED nt!KiSwapThread+0xc5
8.000058 8185f840 0013754 BLOCKED nt!KiSwapThread+0xc5
8.000064 817cd020 00131b0 BLOCKED nt!KiSwapThread+0xc5
8.000068 817cdda0 001398d BLOCKED nt!KiSwapThread+0xc5
8.00006c 817c49a0 0013941 BLOCKED nt!KiSwapThread+0xc5
8.000074 81770320 00000e4 BLOCKED nt!KiSwapThread+0xc5
8.000078 8175fda0 000f417 BLOCKED nt!KiSwapThread+0xc5
8.00007c 8175fb20 0000675 BLOCKED nt!KiSwapThread+0xc5
8.000084 8175e840 0013506 BLOCKED ?? Kernel stack not resident
??
8.000200 8168b020 00136e5 BLOCKED nt!KiSwapThread+0xc5
8.0001ec 816e74e0 00136c3 BLOCKED ?? Kernel stack not resident
??
8.000220 81688020 00136c2 BLOCKED ?? Kernel stack not resident
??
8.00045c fcca1da0 0000141 BLOCKED nt!KiSwapThread+0xc5

[SMSS.EXE]
8c.000088 81762020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000090 81762cc0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000094 81762a20 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00005c 81743020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00009c 81743da0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000098 81743b20 00131c9 BLOCKED ?? Kernel stack not resident
??

[CSRSS.EXE]
a4.0000a8 816c2b20 0012c6c BLOCKED ?? Kernel stack not resident
??
a4.0000ac 81715260 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000b0 816c1d40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.0000b4 816c1a40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.000080 816bf920 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000c0 81710b60 0000003 BLOCKED nt!KiSwapThread+0xc5
a4.0000c4 81710480 0004021 BLOCKED nt!KiSwapThread+0xc5
a4.0000e4 816b5020 0012b99 BLOCKED ?? Kernel stack not resident
??
a4.000340 815a14c0 000e048 BLOCKED nt!KiSwapThread+0xc5

[WINLOGON.EXE]
b8.0000a0 81714020 000d1b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000bc 81712a40 00001b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000cc 8170fc80 0002fcf BLOCKED nt!KiSwapThread+0xc5
b8.0000d8 816b7020 00116d3 BLOCKED ?? Kernel stack not resident
??
b8.0000f8 816b3b80 000e87e BLOCKED ?? Kernel stack not resident
??
b8.00012c 816ae020 000c9f5 BLOCKED nt!KiSwapThread+0xc5
b8.000248 81683020 00131c9 BLOCKED ?? Kernel stack not resident
??
b8.00024c 81666940 000a787 BLOCKED nt!KiSwapThread+0xc5
b8.000250 81666220 00090b2 BLOCKED nt!KiSwapThread+0xc5
b8.000210 8169b580 00001d2 BLOCKED nt!KiSwapThread+0xc5
b8.00029c 81651940 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.000288 81652020 0000906 BLOCKED nt!KiSwapThread+0xc5
b8.0002c4 81648da0 000090a BLOCKED nt!KiSwapThread+0xc5
b8.0002e0 81640020 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.0002f4 8163d6e0 000e9c3 BLOCKED ?? Kernel stack not resident
??

[SERVICES.EXE]
d4.0000ec 8170bca0 000d1c0 BLOCKED nt!KiSwapThread+0xc5
d4.000134 816afca0 0001640 BLOCKED nt!KiSwapThread+0xc5
d4.000138 816ad7c0 0002236 BLOCKED nt!KiSwapThread+0xc5
d4.00013c 816add40 0000b6a BLOCKED nt!KiSwapThread+0xc5
d4.000140 81702980 00003e7 BLOCKED nt!KiSwapThread+0xc5
d4.000148 816ad4c0 000027d BLOCKED nt!KiSwapThread+0xc5
d4.00014c 81702020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000060 81700020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000160 816aa180 0000657 BLOCKED nt!KiSwapThread+0xc5
d4.000150 816a9020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000164 816aa740 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000168 816ff020 000f417 BLOCKED ?? Kernel stack not resident
??
d4.00016c 816a4d60 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000170 816fab20 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000174 816fa8a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000178 816a3300 0012834 BLOCKED ?? Kernel stack not resident
??
d4.00017c 816f9700 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000180 816f92a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000188 816f8da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00018c 816f8560 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001a0 8169d020 000a677 BLOCKED nt!KiSwapThread+0xc5
d4.0001c4 816f3420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001d8 81692020 00009f8 BLOCKED nt!KiSwapThread+0xc5
d4.0001e4 81691da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00020c 8168c020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00022c 81685b20 0012ddf BLOCKED ?? Kernel stack not resident
??
d4.000238 81686b20 0002036 BLOCKED nt!KiSwapThread+0xc5
d4.00023c 81684980 0002ccb BLOCKED nt!KiSwapThread+0xc5
d4.000240 81684da0 0002edf BLOCKED nt!KiSwapThread+0xc5
d4.0000fc 81663380 0002bb4 BLOCKED nt!KiSwapThread+0xc5
d4.000258 8165cc20 000042b BLOCKED nt!KiSwapThread+0xc5
d4.0002ac 81658020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b0 8164d020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b8 8164b5a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002bc 8164b120 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002dc 81641b60 0000758 BLOCKED nt!KiSwapThread+0xc5
d4.000368 8160f020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0000d0 8160f420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001bc 81357260 00045bc BLOCKED nt!KiSwapThread+0xc5

[LSASS.EXE]
e0.0000e8 816b4020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0000f0 8170b3e0 001296d BLOCKED ?? Kernel stack not resident
??
e0.0000f4 816b3020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000100 81709020 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000104 817088e0 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000110 81704100 00090b0 BLOCKED nt!KiSwapThread+0xc5
e0.00011c 816b0220 0003da3 BLOCKED nt!KiSwapThread+0xc5
e0.000120 816b06c0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.00015c 816ab840 000d1b2 BLOCKED nt!KiSwapThread+0xc5
e0.0001e8 81691340 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000214 816876e0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000394 816e9020 000e88c BLOCKED ?? Kernel stack not resident
??
e0.0003a0 81603020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0003a4 81603b80 00131c9 BLOCKED ?? Kernel stack not resident
??

[svchost.exe]
190.000184 816a2020 00131c9 BLOCKED ?? Kernel stack not resident
??
190.000194 816a1020 00017e4 BLOCKED nt!KiSwapThread+0xc5
190.00019c 8169ea00 00131c9 BLOCKED ?? Kernel stack not resident
??
190.0001a4 8169d560 000000e BLOCKED nt!KiSwapThread+0xc5
190.0001d0 816f2020 00027a2 BLOCKED nt!KiSwapThread+0xc5
190.00010c 8161f020 0001565 BLOCKED nt!KiSwapThread+0xc5
190.0004ac 8157b740 0001565 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
1cc.0001c8 81692da0 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.0001d4 816f26e0 000d194 BLOCKED nt!KiSwapThread+0xc5
1cc.0001e0 816f1020 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.0001f0 816ee720 0007fe5 BLOCKED nt!KiSwapThread+0xc5
1cc.00025c 8165c1a0 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000278 816555e0 0000148 BLOCKED nt!KiSwapThread+0xc5
1cc.000290 81652320 00107ce BLOCKED ?? Kernel stack not resident
??
1cc.000294 816527c0 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00034c 81627540 000a2a6 BLOCKED nt!KiSwapThread+0xc5
1cc.000398 81626c20 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00039c 81606680 0002549 BLOCKED nt!KiSwapThread+0xc5
1cc.0003b0 815f7da0 0002c79 BLOCKED nt!KiSwapThread+0xc5
1cc.00040c 815d3620 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.000410 815d2980 00005c2 BLOCKED nt!KiSwapThread+0xc5
1cc.000418 815d1020 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.00041c 815d0560 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000424 815d21e0 00131b6 BLOCKED ?? Kernel stack not resident
??
1cc.000428 815cf660 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.00042c 815ce800 00131b0 BLOCKED ?? Kernel stack not resident
??
1cc.000430 815cdc00 00131af BLOCKED ?? Kernel stack not resident
??
1cc.000434 815cc620 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.000438 815cc2a0 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.00043c 815cb680 0009cf9 BLOCKED nt!KiSwapThread+0xc5
1cc.000440 815d00a0 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.000444 815c8020 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000448 815c6020 000239d BLOCKED nt!KiSwapThread+0xc5
1cc.00044c 815c6da0 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000458 815c5020 000e669 BLOCKED ?? Kernel stack not resident
??
1cc.0003cc 815c1020 0012b8a BLOCKED ?? Kernel stack not resident
??
1cc.00031c 81602800 0000425 BLOCKED nt!KiSwapThread+0xc5

[regsvc.exe]
1fc.0001f8 816ed020 00131c9 BLOCKED ?? Kernel stack not resident
??
1fc.000208 816ec540 0000369 BLOCKED nt!KiSwapThread+0xc5

[mstask.exe]
21c.000218 816e9da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000254 81664da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000264 816e3b20 000ea38 BLOCKED ?? Kernel stack not resident
??
21c.000268 8165a7e0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.0001dc 81691020 00001b4 BLOCKED nt!KiSwapThread+0xc5
21c.000270 81657380 000092d BLOCKED nt!KiSwapThread+0xc5
21c.000274 8182ea00 0009f23 BLOCKED nt!KiSwapThread+0xc5

[WinMgmt.exe]
280.00027c 81654560 00131c9 BLOCKED ?? Kernel stack not resident
??
280.000128 816508c0 00090b4 BLOCKED nt!KiSwapThread+0xc5
280.0003ac 815fc020 0003448 BLOCKED nt!KiSwapThread+0xc5
280.0004b0 8157bbc0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
280.0003f4 fc6aa180 0000093 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
2a4.0002a0 8164f8c0 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.0002a8 8164e4a0 000d194 BLOCKED nt!KiSwapThread+0xc5
2a4.0002d4 8164dda0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
2a4.000260 8163f400 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.000108 815adda0 001258c BLOCKED ?? Kernel stack not resident
??

[explorer.exe]
304.000300 8163b980 0004031 BLOCKED nt!KiSwapThread+0xc5
304.000314 81638020 0000998 BLOCKED nt!KiSwapThread+0xc5
304.000318 81634a60 0009030 BLOCKED nt!KiSwapThread+0xc5
304.000284 8162e960 0000088 BLOCKED nt!KiSwapThread+0xc5
304.000330 8162dc60 0000018 BLOCKED nt!KiSwapThread+0xc5
304.000334 816424e0 0009f04 BLOCKED nt!KiSwapThread+0xc5
304.000158 815e6ae0 0003448 BLOCKED nt!KiSwapThread+0xc5
304.000400 815c3b40 000ea73 BLOCKED ?? Kernel stack not resident
??
304.000404 815c2d60 0000386 BLOCKED nt!KiSwapThread+0xc5
304.0002d8 8175f020 000092f BLOCKED nt!KiSwapThread+0xc5
304.0000c8 81647020 0000010 BLOCKED nt!KiSwapThread+0xc5
304.0001f4 8159c2a0 000e7cb BLOCKED ?? Kernel stack not resident
??
304.0003f0 815aa020 00027a4 BLOCKED nt!KiSwapThread+0xc5

[igfxtray.exe]
348.000344 816291a0 000d194 BLOCKED nt!KiSwapThread+0xc5
348.0004b8 815833e0 0008cb8 BLOCKED nt!KiSwapThread+0xc5

[hkcmd.exe]
354.000350 81626540 000d194 BLOCKED nt!KiSwapThread+0xc5
354.000324 81621020 0008cb8 BLOCKED nt!KiSwapThread+0xc5
354.0003a8 816004c0 00131c9 BLOCKED ?? Kernel stack not resident
??

[WZQKPICK.EXE]
358.00033c 8161eda0 000e87e BLOCKED ?? Kernel stack not resident
??

[wuauclt.exe]
38c.000130 81610880 000c18e BLOCKED nt!KiSwapThread+0xc5
38c.0003b4 815aac00 000768e BLOCKED nt!KiSwapThread+0xc5
38c.0002f0 815aa620 00121c6 BLOCKED ?? Kernel stack not resident
??
38c.0003d4 815a9020 00004c6 BLOCKED nt!KiSwapThread+0xc5
38c.0003d0 815a9da0 0008bc6 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
420.000204 815a1800 0000003 BLOCKED nt!KiSwapThread+0xc5
420.000384 8159b2a0 0000024 BLOCKED nt!KiSwapThread+0xc5
420.0003e4 815b8700 000dda1 BLOCKED nt!KiSwapThread+0xc5
420.0004bc 813fd4c0 00027a4 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
2c8.0002fc 8163e9c0 000ddb7 BLOCKED nt!KiSwapThread+0xc5
2c8.000224 815b2d20 000d194 BLOCKED nt!KiSwapThread+0xc5
2c8.000228 815ae920 0000002 BLOCKED nt!KiSwapThread+0xc5
2c8.000388 81585da0 000008f BLOCKED nt!KiSwapThread+0xc5
2c8.0004c0 815849e0 000d1bb BLOCKED nt!KiSwapThread+0xc5
2c8.0004d4 81583020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
454.000408 815f6820 000d194 BLOCKED nt!KiSwapThread+0xc5
454.000298 8163e020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
4c8.0004c4 8150a860 000d194 BLOCKED nt!KiSwapThread+0xc5
4c8.0004cc 8153a020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
1b0.000378 813569c0 000cf33 BLOCKED nt!KiSwapThread+0xc5
1b0.000540 81419160 00027a3 BLOCKED nt!KiSwapThread+0xc5

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

!stacks by itself is not a lot of help. It tells you what threads were
present, but it does not give you the stack traces for those threads. You
need to run ‘!process 0 7’ . Actually first you need to get some coffee or
tea, your breakfast, lunch, or supper, whichever is appropriate, and then
you need to run !process 0 7. Capture the output from this command and save
it away in a scratch file.

You need to grovel through all of the stack traces looking for what each
thread is waiting on. As mentioned elsewhere, !locks may help in this task.
Short stack traces tend to be uninteresting. Long stack traces are
frequently closely related to why the system is hung. Most of the threads
will simply be victims of your filter driver’s deadlock-inducing defect.
These thread stack tracess will all have approximately the same ‘look and
feel’, and you can ignore them.

You of course have incorporated extensive tracing and diagnostics into your
filter driver. You should use these debugging aids to understand exactly
what your filter was doing at the time of the hang. You should run the
checked build. You should have driver verifier active. Etc. etc. etc.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 12:19 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Hanging problem

Hello Gurus,

I have a filter driver which logs all WRITE and CREATE and
SET_INFORMATION in a file . I see that while installing a MS
Word application . The system gets hanged at a particular
point. Without my driver attached in a normal system in
installation, the installation progress window takes a longer
to cross ( this shows the hanging point
is a heavy operation).

I got a !stacks trace below , which I do not understand much,
can any body give me some ideas what could be wrong.

Regards,
Anurag

kd> !stacks
Proc.Thread Thread Ticks ThreadState Blocker
[System]
8.000004 8189e860 0000054 BLOCKED nt!KiSwapThread+0xc5
8.00000c 8189d020 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000010 8189dda0 000003b BLOCKED nt!KiSwapThread+0xc5
8.000014 8189db20 00000ee BLOCKED nt!KiSwapThread+0xc5
8.000018 8189d8a0 00000a1 BLOCKED nt!KiSwapThread+0xc5
8.00001c 8189d620 0009d3b BLOCKED nt!KiSwapThread+0xc5
8.000020 8189d3a0 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000024 8189c020 0000010 BLOCKED nt!KiSwapThread+0xc5
8.000028 8189cda0 000db70 BLOCKED nt!KiSwapThread+0xc5
8.00002c 8189cb20 0002022 BLOCKED nt!KiSwapThread+0xc5
8.000030 8189c8a0 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000034 8189a020 0009162 BLOCKED nt!KiSwapThread+0xc5
8.000038 8189ada0 0000b6f BLOCKED nt!KiSwapThread+0xc5
8.00003c 8189ab20 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000040 8189a8a0 000000e BLOCKED nt!KiSwapThread+0xc5
8.000044 81896020 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.000048 81896da0 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.00004c 81891020 0013994 BLOCKED nt!KiSwapThread+0xc5
8.000050 8188f760 0000b67 BLOCKED nt!KiSwapThread+0xc5
8.000054 81877b80 0013b56 BLOCKED nt!KiSwapThread+0xc5
8.000058 8185f840 0013754 BLOCKED nt!KiSwapThread+0xc5
8.000064 817cd020 00131b0 BLOCKED nt!KiSwapThread+0xc5
8.000068 817cdda0 001398d BLOCKED nt!KiSwapThread+0xc5
8.00006c 817c49a0 0013941 BLOCKED nt!KiSwapThread+0xc5
8.000074 81770320 00000e4 BLOCKED nt!KiSwapThread+0xc5
8.000078 8175fda0 000f417 BLOCKED nt!KiSwapThread+0xc5
8.00007c 8175fb20 0000675 BLOCKED nt!KiSwapThread+0xc5
8.000084 8175e840 0013506 BLOCKED ?? Kernel stack not resident
??
8.000200 8168b020 00136e5 BLOCKED nt!KiSwapThread+0xc5
8.0001ec 816e74e0 00136c3 BLOCKED ?? Kernel stack not resident
??
8.000220 81688020 00136c2 BLOCKED ?? Kernel stack not resident
??
8.00045c fcca1da0 0000141 BLOCKED nt!KiSwapThread+0xc5

[SMSS.EXE]
8c.000088 81762020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000090 81762cc0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000094 81762a20 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00005c 81743020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00009c 81743da0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000098 81743b20 00131c9 BLOCKED ?? Kernel stack not resident
??

[CSRSS.EXE]
a4.0000a8 816c2b20 0012c6c BLOCKED ?? Kernel stack not resident
??
a4.0000ac 81715260 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000b0 816c1d40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.0000b4 816c1a40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.000080 816bf920 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000c0 81710b60 0000003 BLOCKED nt!KiSwapThread+0xc5
a4.0000c4 81710480 0004021 BLOCKED nt!KiSwapThread+0xc5
a4.0000e4 816b5020 0012b99 BLOCKED ?? Kernel stack not resident
??
a4.000340 815a14c0 000e048 BLOCKED nt!KiSwapThread+0xc5

[WINLOGON.EXE]
b8.0000a0 81714020 000d1b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000bc 81712a40 00001b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000cc 8170fc80 0002fcf BLOCKED nt!KiSwapThread+0xc5
b8.0000d8 816b7020 00116d3 BLOCKED ?? Kernel stack not resident
??
b8.0000f8 816b3b80 000e87e BLOCKED ?? Kernel stack not resident
??
b8.00012c 816ae020 000c9f5 BLOCKED nt!KiSwapThread+0xc5
b8.000248 81683020 00131c9 BLOCKED ?? Kernel stack not resident
??
b8.00024c 81666940 000a787 BLOCKED nt!KiSwapThread+0xc5
b8.000250 81666220 00090b2 BLOCKED nt!KiSwapThread+0xc5
b8.000210 8169b580 00001d2 BLOCKED nt!KiSwapThread+0xc5
b8.00029c 81651940 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.000288 81652020 0000906 BLOCKED nt!KiSwapThread+0xc5
b8.0002c4 81648da0 000090a BLOCKED nt!KiSwapThread+0xc5
b8.0002e0 81640020 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.0002f4 8163d6e0 000e9c3 BLOCKED ?? Kernel stack not resident
??

[SERVICES.EXE]
d4.0000ec 8170bca0 000d1c0 BLOCKED nt!KiSwapThread+0xc5
d4.000134 816afca0 0001640 BLOCKED nt!KiSwapThread+0xc5
d4.000138 816ad7c0 0002236 BLOCKED nt!KiSwapThread+0xc5
d4.00013c 816add40 0000b6a BLOCKED nt!KiSwapThread+0xc5
d4.000140 81702980 00003e7 BLOCKED nt!KiSwapThread+0xc5
d4.000148 816ad4c0 000027d BLOCKED nt!KiSwapThread+0xc5
d4.00014c 81702020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000060 81700020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000160 816aa180 0000657 BLOCKED nt!KiSwapThread+0xc5
d4.000150 816a9020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000164 816aa740 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000168 816ff020 000f417 BLOCKED ?? Kernel stack not resident
??
d4.00016c 816a4d60 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000170 816fab20 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000174 816fa8a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000178 816a3300 0012834 BLOCKED ?? Kernel stack not resident
??
d4.00017c 816f9700 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000180 816f92a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000188 816f8da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00018c 816f8560 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001a0 8169d020 000a677 BLOCKED nt!KiSwapThread+0xc5
d4.0001c4 816f3420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001d8 81692020 00009f8 BLOCKED nt!KiSwapThread+0xc5
d4.0001e4 81691da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00020c 8168c020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00022c 81685b20 0012ddf BLOCKED ?? Kernel stack not resident
??
d4.000238 81686b20 0002036 BLOCKED nt!KiSwapThread+0xc5
d4.00023c 81684980 0002ccb BLOCKED nt!KiSwapThread+0xc5
d4.000240 81684da0 0002edf BLOCKED nt!KiSwapThread+0xc5
d4.0000fc 81663380 0002bb4 BLOCKED nt!KiSwapThread+0xc5
d4.000258 8165cc20 000042b BLOCKED nt!KiSwapThread+0xc5
d4.0002ac 81658020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b0 8164d020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b8 8164b5a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002bc 8164b120 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002dc 81641b60 0000758 BLOCKED nt!KiSwapThread+0xc5
d4.000368 8160f020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0000d0 8160f420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001bc 81357260 00045bc BLOCKED nt!KiSwapThread+0xc5

[LSASS.EXE]
e0.0000e8 816b4020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0000f0 8170b3e0 001296d BLOCKED ?? Kernel stack not resident
??
e0.0000f4 816b3020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000100 81709020 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000104 817088e0 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000110 81704100 00090b0 BLOCKED nt!KiSwapThread+0xc5
e0.00011c 816b0220 0003da3 BLOCKED nt!KiSwapThread+0xc5
e0.000120 816b06c0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.00015c 816ab840 000d1b2 BLOCKED nt!KiSwapThread+0xc5
e0.0001e8 81691340 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000214 816876e0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000394 816e9020 000e88c BLOCKED ?? Kernel stack not resident
??
e0.0003a0 81603020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0003a4 81603b80 00131c9 BLOCKED ?? Kernel stack not resident
??

[svchost.exe]
190.000184 816a2020 00131c9 BLOCKED ?? Kernel stack not resident
??
190.000194 816a1020 00017e4 BLOCKED nt!KiSwapThread+0xc5
190.00019c 8169ea00 00131c9 BLOCKED ?? Kernel stack not resident
??
190.0001a4 8169d560 000000e BLOCKED nt!KiSwapThread+0xc5
190.0001d0 816f2020 00027a2 BLOCKED nt!KiSwapThread+0xc5
190.00010c 8161f020 0001565 BLOCKED nt!KiSwapThread+0xc5
190.0004ac 8157b740 0001565 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
1cc.0001c8 81692da0 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.0001d4 816f26e0 000d194 BLOCKED nt!KiSwapThread+0xc5
1cc.0001e0 816f1020 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.0001f0 816ee720 0007fe5 BLOCKED nt!KiSwapThread+0xc5
1cc.00025c 8165c1a0 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000278 816555e0 0000148 BLOCKED nt!KiSwapThread+0xc5
1cc.000290 81652320 00107ce BLOCKED ?? Kernel stack not resident
??
1cc.000294 816527c0 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00034c 81627540 000a2a6 BLOCKED nt!KiSwapThread+0xc5
1cc.000398 81626c20 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00039c 81606680 0002549 BLOCKED nt!KiSwapThread+0xc5
1cc.0003b0 815f7da0 0002c79 BLOCKED nt!KiSwapThread+0xc5
1cc.00040c 815d3620 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.000410 815d2980 00005c2 BLOCKED nt!KiSwapThread+0xc5
1cc.000418 815d1020 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.00041c 815d0560 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000424 815d21e0 00131b6 BLOCKED ?? Kernel stack not resident
??
1cc.000428 815cf660 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.00042c 815ce800 00131b0 BLOCKED ?? Kernel stack not resident
??
1cc.000430 815cdc00 00131af BLOCKED ?? Kernel stack not resident
??
1cc.000434 815cc620 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.000438 815cc2a0 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.00043c 815cb680 0009cf9 BLOCKED nt!KiSwapThread+0xc5
1cc.000440 815d00a0 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.000444 815c8020 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000448 815c6020 000239d BLOCKED nt!KiSwapThread+0xc5
1cc.00044c 815c6da0 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000458 815c5020 000e669 BLOCKED ?? Kernel stack not resident
??
1cc.0003cc 815c1020 0012b8a BLOCKED ?? Kernel stack not resident
??
1cc.00031c 81602800 0000425 BLOCKED nt!KiSwapThread+0xc5

[regsvc.exe]
1fc.0001f8 816ed020 00131c9 BLOCKED ?? Kernel stack not resident
??
1fc.000208 816ec540 0000369 BLOCKED nt!KiSwapThread+0xc5

[mstask.exe]
21c.000218 816e9da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000254 81664da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000264 816e3b20 000ea38 BLOCKED ?? Kernel stack not resident
??
21c.000268 8165a7e0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.0001dc 81691020 00001b4 BLOCKED nt!KiSwapThread+0xc5
21c.000270 81657380 000092d BLOCKED nt!KiSwapThread+0xc5
21c.000274 8182ea00 0009f23 BLOCKED nt!KiSwapThread+0xc5

[WinMgmt.exe]
280.00027c 81654560 00131c9 BLOCKED ?? Kernel stack not resident
??
280.000128 816508c0 00090b4 BLOCKED nt!KiSwapThread+0xc5
280.0003ac 815fc020 0003448 BLOCKED nt!KiSwapThread+0xc5
280.0004b0 8157bbc0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
280.0003f4 fc6aa180 0000093 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
2a4.0002a0 8164f8c0 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.0002a8 8164e4a0 000d194 BLOCKED nt!KiSwapThread+0xc5
2a4.0002d4 8164dda0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
2a4.000260 8163f400 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.000108 815adda0 001258c BLOCKED ?? Kernel stack not resident
??

[explorer.exe]
304.000300 8163b980 0004031 BLOCKED nt!KiSwapThread+0xc5
304.000314 81638020 0000998 BLOCKED nt!KiSwapThread+0xc5
304.000318 81634a60 0009030 BLOCKED nt!KiSwapThread+0xc5
304.000284 8162e960 0000088 BLOCKED nt!KiSwapThread+0xc5
304.000330 8162dc60 0000018 BLOCKED nt!KiSwapThread+0xc5
304.000334 816424e0 0009f04 BLOCKED nt!KiSwapThread+0xc5
304.000158 815e6ae0 0003448 BLOCKED nt!KiSwapThread+0xc5
304.000400 815c3b40 000ea73 BLOCKED ?? Kernel stack not resident
??
304.000404 815c2d60 0000386 BLOCKED nt!KiSwapThread+0xc5
304.0002d8 8175f020 000092f BLOCKED nt!KiSwapThread+0xc5
304.0000c8 81647020 0000010 BLOCKED nt!KiSwapThread+0xc5
304.0001f4 8159c2a0 000e7cb BLOCKED ?? Kernel stack not resident
??
304.0003f0 815aa020 00027a4 BLOCKED nt!KiSwapThread+0xc5

[igfxtray.exe]
348.000344 816291a0 000d194 BLOCKED nt!KiSwapThread+0xc5
348.0004b8 815833e0 0008cb8 BLOCKED nt!KiSwapThread+0xc5

[hkcmd.exe]
354.000350 81626540 000d194 BLOCKED nt!KiSwapThread+0xc5
354.000324 81621020 0008cb8 BLOCKED nt!KiSwapThread+0xc5
354.0003a8 816004c0 00131c9 BLOCKED ?? Kernel stack not resident
??

[WZQKPICK.EXE]
358.00033c 8161eda0 000e87e BLOCKED ?? Kernel stack not resident
??

[wuauclt.exe]
38c.000130 81610880 000c18e BLOCKED nt!KiSwapThread+0xc5
38c.0003b4 815aac00 000768e BLOCKED nt!KiSwapThread+0xc5
38c.0002f0 815aa620 00121c6 BLOCKED ?? Kernel stack not resident
??
38c.0003d4 815a9020 00004c6 BLOCKED nt!KiSwapThread+0xc5
38c.0003d0 815a9da0 0008bc6 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
420.000204 815a1800 0000003 BLOCKED nt!KiSwapThread+0xc5
420.000384 8159b2a0 0000024 BLOCKED nt!KiSwapThread+0xc5
420.0003e4 815b8700 000dda1 BLOCKED nt!KiSwapThread+0xc5
420.0004bc 813fd4c0 00027a4 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
2c8.0002fc 8163e9c0 000ddb7 BLOCKED nt!KiSwapThread+0xc5
2c8.000224 815b2d20 000d194 BLOCKED nt!KiSwapThread+0xc5
2c8.000228 815ae920 0000002 BLOCKED nt!KiSwapThread+0xc5
2c8.000388 81585da0 000008f BLOCKED nt!KiSwapThread+0xc5
2c8.0004c0 815849e0 000d1bb BLOCKED nt!KiSwapThread+0xc5
2c8.0004d4 81583020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
454.000408 815f6820 000d194 BLOCKED nt!KiSwapThread+0xc5
454.000298 8163e020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
4c8.0004c4 8150a860 000d194 BLOCKED nt!KiSwapThread+0xc5
4c8.0004cc 8153a020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
1b0.000378 813569c0 000cf33 BLOCKED nt!KiSwapThread+0xc5
1b0.000540 81419160 00027a3 BLOCKED nt!KiSwapThread+0xc5

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Try !process 0 7 instead of !stacks, and then grep for “Resource” and for
“FastMutext”.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Anurag Sarin”
To: “Windows System Software Devs Interest List”
Sent: Saturday, November 20, 2004 8:19 AM
Subject: [ntdev] Hanging problem

Hello Gurus,

I have a filter driver which logs all WRITE and CREATE and
SET_INFORMATION in a file . I see that while installing a MS Word
application . The system gets hanged at a particular point. Without my
driver attached in a normal system in installation, the installation
progress window takes a longer to cross ( this shows the hanging point
is a heavy operation).

I got a !stacks trace below , which I do not understand much, can any
body give me some ideas what could be wrong.

Regards,
Anurag

kd> !stacks
Proc.Thread Thread Ticks ThreadState Blocker
[System]
8.000004 8189e860 0000054 BLOCKED nt!KiSwapThread+0xc5
8.00000c 8189d020 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000010 8189dda0 000003b BLOCKED nt!KiSwapThread+0xc5
8.000014 8189db20 00000ee BLOCKED nt!KiSwapThread+0xc5
8.000018 8189d8a0 00000a1 BLOCKED nt!KiSwapThread+0xc5
8.00001c 8189d620 0009d3b BLOCKED nt!KiSwapThread+0xc5
8.000020 8189d3a0 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000024 8189c020 0000010 BLOCKED nt!KiSwapThread+0xc5
8.000028 8189cda0 000db70 BLOCKED nt!KiSwapThread+0xc5
8.00002c 8189cb20 0002022 BLOCKED nt!KiSwapThread+0xc5
8.000030 8189c8a0 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000034 8189a020 0009162 BLOCKED nt!KiSwapThread+0xc5
8.000038 8189ada0 0000b6f BLOCKED nt!KiSwapThread+0xc5
8.00003c 8189ab20 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000040 8189a8a0 000000e BLOCKED nt!KiSwapThread+0xc5
8.000044 81896020 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.000048 81896da0 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.00004c 81891020 0013994 BLOCKED nt!KiSwapThread+0xc5
8.000050 8188f760 0000b67 BLOCKED nt!KiSwapThread+0xc5
8.000054 81877b80 0013b56 BLOCKED nt!KiSwapThread+0xc5
8.000058 8185f840 0013754 BLOCKED nt!KiSwapThread+0xc5
8.000064 817cd020 00131b0 BLOCKED nt!KiSwapThread+0xc5
8.000068 817cdda0 001398d BLOCKED nt!KiSwapThread+0xc5
8.00006c 817c49a0 0013941 BLOCKED nt!KiSwapThread+0xc5
8.000074 81770320 00000e4 BLOCKED nt!KiSwapThread+0xc5
8.000078 8175fda0 000f417 BLOCKED nt!KiSwapThread+0xc5
8.00007c 8175fb20 0000675 BLOCKED nt!KiSwapThread+0xc5
8.000084 8175e840 0013506 BLOCKED ?? Kernel stack not resident
??
8.000200 8168b020 00136e5 BLOCKED nt!KiSwapThread+0xc5
8.0001ec 816e74e0 00136c3 BLOCKED ?? Kernel stack not resident
??
8.000220 81688020 00136c2 BLOCKED ?? Kernel stack not resident
??
8.00045c fcca1da0 0000141 BLOCKED nt!KiSwapThread+0xc5

[SMSS.EXE]
8c.000088 81762020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000090 81762cc0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000094 81762a20 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00005c 81743020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00009c 81743da0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000098 81743b20 00131c9 BLOCKED ?? Kernel stack not resident
??

[CSRSS.EXE]
a4.0000a8 816c2b20 0012c6c BLOCKED ?? Kernel stack not resident
??
a4.0000ac 81715260 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000b0 816c1d40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.0000b4 816c1a40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.000080 816bf920 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000c0 81710b60 0000003 BLOCKED nt!KiSwapThread+0xc5
a4.0000c4 81710480 0004021 BLOCKED nt!KiSwapThread+0xc5
a4.0000e4 816b5020 0012b99 BLOCKED ?? Kernel stack not resident
??
a4.000340 815a14c0 000e048 BLOCKED nt!KiSwapThread+0xc5

[WINLOGON.EXE]
b8.0000a0 81714020 000d1b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000bc 81712a40 00001b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000cc 8170fc80 0002fcf BLOCKED nt!KiSwapThread+0xc5
b8.0000d8 816b7020 00116d3 BLOCKED ?? Kernel stack not resident
??
b8.0000f8 816b3b80 000e87e BLOCKED ?? Kernel stack not resident
??
b8.00012c 816ae020 000c9f5 BLOCKED nt!KiSwapThread+0xc5
b8.000248 81683020 00131c9 BLOCKED ?? Kernel stack not resident
??
b8.00024c 81666940 000a787 BLOCKED nt!KiSwapThread+0xc5
b8.000250 81666220 00090b2 BLOCKED nt!KiSwapThread+0xc5
b8.000210 8169b580 00001d2 BLOCKED nt!KiSwapThread+0xc5
b8.00029c 81651940 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.000288 81652020 0000906 BLOCKED nt!KiSwapThread+0xc5
b8.0002c4 81648da0 000090a BLOCKED nt!KiSwapThread+0xc5
b8.0002e0 81640020 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.0002f4 8163d6e0 000e9c3 BLOCKED ?? Kernel stack not resident
??

[SERVICES.EXE]
d4.0000ec 8170bca0 000d1c0 BLOCKED nt!KiSwapThread+0xc5
d4.000134 816afca0 0001640 BLOCKED nt!KiSwapThread+0xc5
d4.000138 816ad7c0 0002236 BLOCKED nt!KiSwapThread+0xc5
d4.00013c 816add40 0000b6a BLOCKED nt!KiSwapThread+0xc5
d4.000140 81702980 00003e7 BLOCKED nt!KiSwapThread+0xc5
d4.000148 816ad4c0 000027d BLOCKED nt!KiSwapThread+0xc5
d4.00014c 81702020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000060 81700020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000160 816aa180 0000657 BLOCKED nt!KiSwapThread+0xc5
d4.000150 816a9020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000164 816aa740 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000168 816ff020 000f417 BLOCKED ?? Kernel stack not resident
??
d4.00016c 816a4d60 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000170 816fab20 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000174 816fa8a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000178 816a3300 0012834 BLOCKED ?? Kernel stack not resident
??
d4.00017c 816f9700 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000180 816f92a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000188 816f8da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00018c 816f8560 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001a0 8169d020 000a677 BLOCKED nt!KiSwapThread+0xc5
d4.0001c4 816f3420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001d8 81692020 00009f8 BLOCKED nt!KiSwapThread+0xc5
d4.0001e4 81691da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00020c 8168c020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00022c 81685b20 0012ddf BLOCKED ?? Kernel stack not resident
??
d4.000238 81686b20 0002036 BLOCKED nt!KiSwapThread+0xc5
d4.00023c 81684980 0002ccb BLOCKED nt!KiSwapThread+0xc5
d4.000240 81684da0 0002edf BLOCKED nt!KiSwapThread+0xc5
d4.0000fc 81663380 0002bb4 BLOCKED nt!KiSwapThread+0xc5
d4.000258 8165cc20 000042b BLOCKED nt!KiSwapThread+0xc5
d4.0002ac 81658020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b0 8164d020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b8 8164b5a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002bc 8164b120 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002dc 81641b60 0000758 BLOCKED nt!KiSwapThread+0xc5
d4.000368 8160f020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0000d0 8160f420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001bc 81357260 00045bc BLOCKED nt!KiSwapThread+0xc5

[LSASS.EXE]
e0.0000e8 816b4020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0000f0 8170b3e0 001296d BLOCKED ?? Kernel stack not resident
??
e0.0000f4 816b3020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000100 81709020 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000104 817088e0 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000110 81704100 00090b0 BLOCKED nt!KiSwapThread+0xc5
e0.00011c 816b0220 0003da3 BLOCKED nt!KiSwapThread+0xc5
e0.000120 816b06c0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.00015c 816ab840 000d1b2 BLOCKED nt!KiSwapThread+0xc5
e0.0001e8 81691340 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000214 816876e0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000394 816e9020 000e88c BLOCKED ?? Kernel stack not resident
??
e0.0003a0 81603020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0003a4 81603b80 00131c9 BLOCKED ?? Kernel stack not resident
??

[svchost.exe]
190.000184 816a2020 00131c9 BLOCKED ?? Kernel stack not resident
??
190.000194 816a1020 00017e4 BLOCKED nt!KiSwapThread+0xc5
190.00019c 8169ea00 00131c9 BLOCKED ?? Kernel stack not resident
??
190.0001a4 8169d560 000000e BLOCKED nt!KiSwapThread+0xc5
190.0001d0 816f2020 00027a2 BLOCKED nt!KiSwapThread+0xc5
190.00010c 8161f020 0001565 BLOCKED nt!KiSwapThread+0xc5
190.0004ac 8157b740 0001565 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
1cc.0001c8 81692da0 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.0001d4 816f26e0 000d194 BLOCKED nt!KiSwapThread+0xc5
1cc.0001e0 816f1020 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.0001f0 816ee720 0007fe5 BLOCKED nt!KiSwapThread+0xc5
1cc.00025c 8165c1a0 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000278 816555e0 0000148 BLOCKED nt!KiSwapThread+0xc5
1cc.000290 81652320 00107ce BLOCKED ?? Kernel stack not resident
??
1cc.000294 816527c0 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00034c 81627540 000a2a6 BLOCKED nt!KiSwapThread+0xc5
1cc.000398 81626c20 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00039c 81606680 0002549 BLOCKED nt!KiSwapThread+0xc5
1cc.0003b0 815f7da0 0002c79 BLOCKED nt!KiSwapThread+0xc5
1cc.00040c 815d3620 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.000410 815d2980 00005c2 BLOCKED nt!KiSwapThread+0xc5
1cc.000418 815d1020 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.00041c 815d0560 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000424 815d21e0 00131b6 BLOCKED ?? Kernel stack not resident
??
1cc.000428 815cf660 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.00042c 815ce800 00131b0 BLOCKED ?? Kernel stack not resident
??
1cc.000430 815cdc00 00131af BLOCKED ?? Kernel stack not resident
??
1cc.000434 815cc620 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.000438 815cc2a0 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.00043c 815cb680 0009cf9 BLOCKED nt!KiSwapThread+0xc5
1cc.000440 815d00a0 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.000444 815c8020 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000448 815c6020 000239d BLOCKED nt!KiSwapThread+0xc5
1cc.00044c 815c6da0 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000458 815c5020 000e669 BLOCKED ?? Kernel stack not resident
??
1cc.0003cc 815c1020 0012b8a BLOCKED ?? Kernel stack not resident
??
1cc.00031c 81602800 0000425 BLOCKED nt!KiSwapThread+0xc5

[regsvc.exe]
1fc.0001f8 816ed020 00131c9 BLOCKED ?? Kernel stack not resident
??
1fc.000208 816ec540 0000369 BLOCKED nt!KiSwapThread+0xc5

[mstask.exe]
21c.000218 816e9da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000254 81664da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000264 816e3b20 000ea38 BLOCKED ?? Kernel stack not resident
??
21c.000268 8165a7e0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.0001dc 81691020 00001b4 BLOCKED nt!KiSwapThread+0xc5
21c.000270 81657380 000092d BLOCKED nt!KiSwapThread+0xc5
21c.000274 8182ea00 0009f23 BLOCKED nt!KiSwapThread+0xc5

[WinMgmt.exe]
280.00027c 81654560 00131c9 BLOCKED ?? Kernel stack not resident
??
280.000128 816508c0 00090b4 BLOCKED nt!KiSwapThread+0xc5
280.0003ac 815fc020 0003448 BLOCKED nt!KiSwapThread+0xc5
280.0004b0 8157bbc0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
280.0003f4 fc6aa180 0000093 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
2a4.0002a0 8164f8c0 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.0002a8 8164e4a0 000d194 BLOCKED nt!KiSwapThread+0xc5
2a4.0002d4 8164dda0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
2a4.000260 8163f400 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.000108 815adda0 001258c BLOCKED ?? Kernel stack not resident
??

[explorer.exe]
304.000300 8163b980 0004031 BLOCKED nt!KiSwapThread+0xc5
304.000314 81638020 0000998 BLOCKED nt!KiSwapThread+0xc5
304.000318 81634a60 0009030 BLOCKED nt!KiSwapThread+0xc5
304.000284 8162e960 0000088 BLOCKED nt!KiSwapThread+0xc5
304.000330 8162dc60 0000018 BLOCKED nt!KiSwapThread+0xc5
304.000334 816424e0 0009f04 BLOCKED nt!KiSwapThread+0xc5
304.000158 815e6ae0 0003448 BLOCKED nt!KiSwapThread+0xc5
304.000400 815c3b40 000ea73 BLOCKED ?? Kernel stack not resident
??
304.000404 815c2d60 0000386 BLOCKED nt!KiSwapThread+0xc5
304.0002d8 8175f020 000092f BLOCKED nt!KiSwapThread+0xc5
304.0000c8 81647020 0000010 BLOCKED nt!KiSwapThread+0xc5
304.0001f4 8159c2a0 000e7cb BLOCKED ?? Kernel stack not resident
??
304.0003f0 815aa020 00027a4 BLOCKED nt!KiSwapThread+0xc5

[igfxtray.exe]
348.000344 816291a0 000d194 BLOCKED nt!KiSwapThread+0xc5
348.0004b8 815833e0 0008cb8 BLOCKED nt!KiSwapThread+0xc5

[hkcmd.exe]
354.000350 81626540 000d194 BLOCKED nt!KiSwapThread+0xc5
354.000324 81621020 0008cb8 BLOCKED nt!KiSwapThread+0xc5
354.0003a8 816004c0 00131c9 BLOCKED ?? Kernel stack not resident
??

[WZQKPICK.EXE]
358.00033c 8161eda0 000e87e BLOCKED ?? Kernel stack not resident
??

[wuauclt.exe]
38c.000130 81610880 000c18e BLOCKED nt!KiSwapThread+0xc5
38c.0003b4 815aac00 000768e BLOCKED nt!KiSwapThread+0xc5
38c.0002f0 815aa620 00121c6 BLOCKED ?? Kernel stack not resident
??
38c.0003d4 815a9020 00004c6 BLOCKED nt!KiSwapThread+0xc5
38c.0003d0 815a9da0 0008bc6 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
420.000204 815a1800 0000003 BLOCKED nt!KiSwapThread+0xc5
420.000384 8159b2a0 0000024 BLOCKED nt!KiSwapThread+0xc5
420.0003e4 815b8700 000dda1 BLOCKED nt!KiSwapThread+0xc5
420.0004bc 813fd4c0 00027a4 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
2c8.0002fc 8163e9c0 000ddb7 BLOCKED nt!KiSwapThread+0xc5
2c8.000224 815b2d20 000d194 BLOCKED nt!KiSwapThread+0xc5
2c8.000228 815ae920 0000002 BLOCKED nt!KiSwapThread+0xc5
2c8.000388 81585da0 000008f BLOCKED nt!KiSwapThread+0xc5
2c8.0004c0 815849e0 000d1bb BLOCKED nt!KiSwapThread+0xc5
2c8.0004d4 81583020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
454.000408 815f6820 000d194 BLOCKED nt!KiSwapThread+0xc5
454.000298 8163e020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
4c8.0004c4 8150a860 000d194 BLOCKED nt!KiSwapThread+0xc5
4c8.0004cc 8153a020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
1b0.000378 813569c0 000cf33 BLOCKED nt!KiSwapThread+0xc5
1b0.000540 81419160 00027a3 BLOCKED nt!KiSwapThread+0xc5

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi Anurag

I suggest as follows. First as other posters have suggested “!process 0 7”
will provide more (much more) information. You might start to see that a lot
of threads are stuck in same or related places; you might even see this as
the “!process 0 7” command output scrolls past in windbag! Second assume it
is caused by your driver - you know the synchronization constructs of your
driver so as much as you can see what theads have acquired these and what
threads are waiting on these. Once you have assembled and internalised all
of that information you should start to form one or more working hypotheses
on the cause of the deadlock. Choose one hypothesis - your best hunch - and
work to prove or disprove the hypothesis. If you can disprove the hypothesis
then rinse and repeat with your next best hunch.

Cheers
Lyndon

“Anurag Sarin” wrote in message
news:xxxxx@ntdev…
Hello Gurus,

I have a filter driver which logs all WRITE and CREATE and
SET_INFORMATION in a file . I see that while installing a MS Word
application . The system gets hanged at a particular point. Without my
driver attached in a normal system in installation, the installation
progress window takes a longer to cross ( this shows the hanging point
is a heavy operation).

I got a !stacks trace below , which I do not understand much, can any
body give me some ideas what could be wrong.

Regards,
Anurag

kd> !stacks
Proc.Thread Thread Ticks ThreadState Blocker
[System]
8.000004 8189e860 0000054 BLOCKED nt!KiSwapThread+0xc5
8.00000c 8189d020 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000010 8189dda0 000003b BLOCKED nt!KiSwapThread+0xc5
8.000014 8189db20 00000ee BLOCKED nt!KiSwapThread+0xc5
8.000018 8189d8a0 00000a1 BLOCKED nt!KiSwapThread+0xc5
8.00001c 8189d620 0009d3b BLOCKED nt!KiSwapThread+0xc5
8.000020 8189d3a0 0013b73 BLOCKED ?? Kernel stack not resident
??
8.000024 8189c020 0000010 BLOCKED nt!KiSwapThread+0xc5
8.000028 8189cda0 000db70 BLOCKED nt!KiSwapThread+0xc5
8.00002c 8189cb20 0002022 BLOCKED nt!KiSwapThread+0xc5
8.000030 8189c8a0 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000034 8189a020 0009162 BLOCKED nt!KiSwapThread+0xc5
8.000038 8189ada0 0000b6f BLOCKED nt!KiSwapThread+0xc5
8.00003c 8189ab20 0000014 BLOCKED nt!KiSwapThread+0xc5
8.000040 8189a8a0 000000e BLOCKED nt!KiSwapThread+0xc5
8.000044 81896020 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.000048 81896da0 0013b67 BLOCKED nt!KiSwapThread+0xc5
8.00004c 81891020 0013994 BLOCKED nt!KiSwapThread+0xc5
8.000050 8188f760 0000b67 BLOCKED nt!KiSwapThread+0xc5
8.000054 81877b80 0013b56 BLOCKED nt!KiSwapThread+0xc5
8.000058 8185f840 0013754 BLOCKED nt!KiSwapThread+0xc5
8.000064 817cd020 00131b0 BLOCKED nt!KiSwapThread+0xc5
8.000068 817cdda0 001398d BLOCKED nt!KiSwapThread+0xc5
8.00006c 817c49a0 0013941 BLOCKED nt!KiSwapThread+0xc5
8.000074 81770320 00000e4 BLOCKED nt!KiSwapThread+0xc5
8.000078 8175fda0 000f417 BLOCKED nt!KiSwapThread+0xc5
8.00007c 8175fb20 0000675 BLOCKED nt!KiSwapThread+0xc5
8.000084 8175e840 0013506 BLOCKED ?? Kernel stack not resident
??
8.000200 8168b020 00136e5 BLOCKED nt!KiSwapThread+0xc5
8.0001ec 816e74e0 00136c3 BLOCKED ?? Kernel stack not resident
??
8.000220 81688020 00136c2 BLOCKED ?? Kernel stack not resident
??
8.00045c fcca1da0 0000141 BLOCKED nt!KiSwapThread+0xc5

[SMSS.EXE]
8c.000088 81762020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000090 81762cc0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000094 81762a20 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00005c 81743020 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.00009c 81743da0 00131c9 BLOCKED ?? Kernel stack not resident
??
8c.000098 81743b20 00131c9 BLOCKED ?? Kernel stack not resident
??

[CSRSS.EXE]
a4.0000a8 816c2b20 0012c6c BLOCKED ?? Kernel stack not resident
??
a4.0000ac 81715260 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000b0 816c1d40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.0000b4 816c1a40 00131c9 BLOCKED ?? Kernel stack not resident
??
a4.000080 816bf920 0002022 BLOCKED nt!KiSwapThread+0xc5
a4.0000c0 81710b60 0000003 BLOCKED nt!KiSwapThread+0xc5
a4.0000c4 81710480 0004021 BLOCKED nt!KiSwapThread+0xc5
a4.0000e4 816b5020 0012b99 BLOCKED ?? Kernel stack not resident
??
a4.000340 815a14c0 000e048 BLOCKED nt!KiSwapThread+0xc5

[WINLOGON.EXE]
b8.0000a0 81714020 000d1b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000bc 81712a40 00001b2 BLOCKED nt!KiSwapThread+0xc5
b8.0000cc 8170fc80 0002fcf BLOCKED nt!KiSwapThread+0xc5
b8.0000d8 816b7020 00116d3 BLOCKED ?? Kernel stack not resident
??
b8.0000f8 816b3b80 000e87e BLOCKED ?? Kernel stack not resident
??
b8.00012c 816ae020 000c9f5 BLOCKED nt!KiSwapThread+0xc5
b8.000248 81683020 00131c9 BLOCKED ?? Kernel stack not resident
??
b8.00024c 81666940 000a787 BLOCKED nt!KiSwapThread+0xc5
b8.000250 81666220 00090b2 BLOCKED nt!KiSwapThread+0xc5
b8.000210 8169b580 00001d2 BLOCKED nt!KiSwapThread+0xc5
b8.00029c 81651940 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.000288 81652020 0000906 BLOCKED nt!KiSwapThread+0xc5
b8.0002c4 81648da0 000090a BLOCKED nt!KiSwapThread+0xc5
b8.0002e0 81640020 00131c7 BLOCKED ?? Kernel stack not resident
??
b8.0002f4 8163d6e0 000e9c3 BLOCKED ?? Kernel stack not resident
??

[SERVICES.EXE]
d4.0000ec 8170bca0 000d1c0 BLOCKED nt!KiSwapThread+0xc5
d4.000134 816afca0 0001640 BLOCKED nt!KiSwapThread+0xc5
d4.000138 816ad7c0 0002236 BLOCKED nt!KiSwapThread+0xc5
d4.00013c 816add40 0000b6a BLOCKED nt!KiSwapThread+0xc5
d4.000140 81702980 00003e7 BLOCKED nt!KiSwapThread+0xc5
d4.000148 816ad4c0 000027d BLOCKED nt!KiSwapThread+0xc5
d4.00014c 81702020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000060 81700020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000160 816aa180 0000657 BLOCKED nt!KiSwapThread+0xc5
d4.000150 816a9020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000164 816aa740 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000168 816ff020 000f417 BLOCKED ?? Kernel stack not resident
??
d4.00016c 816a4d60 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000170 816fab20 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000174 816fa8a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000178 816a3300 0012834 BLOCKED ?? Kernel stack not resident
??
d4.00017c 816f9700 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000180 816f92a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.000188 816f8da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00018c 816f8560 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001a0 8169d020 000a677 BLOCKED nt!KiSwapThread+0xc5
d4.0001c4 816f3420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001d8 81692020 00009f8 BLOCKED nt!KiSwapThread+0xc5
d4.0001e4 81691da0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00020c 8168c020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.00022c 81685b20 0012ddf BLOCKED ?? Kernel stack not resident
??
d4.000238 81686b20 0002036 BLOCKED nt!KiSwapThread+0xc5
d4.00023c 81684980 0002ccb BLOCKED nt!KiSwapThread+0xc5
d4.000240 81684da0 0002edf BLOCKED nt!KiSwapThread+0xc5
d4.0000fc 81663380 0002bb4 BLOCKED nt!KiSwapThread+0xc5
d4.000258 8165cc20 000042b BLOCKED nt!KiSwapThread+0xc5
d4.0002ac 81658020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b0 8164d020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002b8 8164b5a0 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002bc 8164b120 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0002dc 81641b60 0000758 BLOCKED nt!KiSwapThread+0xc5
d4.000368 8160f020 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0000d0 8160f420 00131c9 BLOCKED ?? Kernel stack not resident
??
d4.0001bc 81357260 00045bc BLOCKED nt!KiSwapThread+0xc5

[LSASS.EXE]
e0.0000e8 816b4020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0000f0 8170b3e0 001296d BLOCKED ?? Kernel stack not resident
??
e0.0000f4 816b3020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000100 81709020 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000104 817088e0 0000392 BLOCKED nt!KiSwapThread+0xc5
e0.000110 81704100 00090b0 BLOCKED nt!KiSwapThread+0xc5
e0.00011c 816b0220 0003da3 BLOCKED nt!KiSwapThread+0xc5
e0.000120 816b06c0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.00015c 816ab840 000d1b2 BLOCKED nt!KiSwapThread+0xc5
e0.0001e8 81691340 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000214 816876e0 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.000394 816e9020 000e88c BLOCKED ?? Kernel stack not resident
??
e0.0003a0 81603020 00131c9 BLOCKED ?? Kernel stack not resident
??
e0.0003a4 81603b80 00131c9 BLOCKED ?? Kernel stack not resident
??

[svchost.exe]
190.000184 816a2020 00131c9 BLOCKED ?? Kernel stack not resident
??
190.000194 816a1020 00017e4 BLOCKED nt!KiSwapThread+0xc5
190.00019c 8169ea00 00131c9 BLOCKED ?? Kernel stack not resident
??
190.0001a4 8169d560 000000e BLOCKED nt!KiSwapThread+0xc5
190.0001d0 816f2020 00027a2 BLOCKED nt!KiSwapThread+0xc5
190.00010c 8161f020 0001565 BLOCKED nt!KiSwapThread+0xc5
190.0004ac 8157b740 0001565 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
1cc.0001c8 81692da0 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.0001d4 816f26e0 000d194 BLOCKED nt!KiSwapThread+0xc5
1cc.0001e0 816f1020 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.0001f0 816ee720 0007fe5 BLOCKED nt!KiSwapThread+0xc5
1cc.00025c 8165c1a0 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000278 816555e0 0000148 BLOCKED nt!KiSwapThread+0xc5
1cc.000290 81652320 00107ce BLOCKED ?? Kernel stack not resident
??
1cc.000294 816527c0 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00034c 81627540 000a2a6 BLOCKED nt!KiSwapThread+0xc5
1cc.000398 81626c20 00131c9 BLOCKED ?? Kernel stack not resident
??
1cc.00039c 81606680 0002549 BLOCKED nt!KiSwapThread+0xc5
1cc.0003b0 815f7da0 0002c79 BLOCKED nt!KiSwapThread+0xc5
1cc.00040c 815d3620 00131c2 BLOCKED ?? Kernel stack not resident
??
1cc.000410 815d2980 00005c2 BLOCKED nt!KiSwapThread+0xc5
1cc.000418 815d1020 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.00041c 815d0560 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.000424 815d21e0 00131b6 BLOCKED ?? Kernel stack not resident
??
1cc.000428 815cf660 000e87d BLOCKED ?? Kernel stack not resident
??
1cc.00042c 815ce800 00131b0 BLOCKED ?? Kernel stack not resident
??
1cc.000430 815cdc00 00131af BLOCKED ?? Kernel stack not resident
??
1cc.000434 815cc620 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.000438 815cc2a0 00131ad BLOCKED ?? Kernel stack not resident
??
1cc.00043c 815cb680 0009cf9 BLOCKED nt!KiSwapThread+0xc5
1cc.000440 815d00a0 00131a1 BLOCKED ?? Kernel stack not resident
??
1cc.000444 815c8020 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000448 815c6020 000239d BLOCKED nt!KiSwapThread+0xc5
1cc.00044c 815c6da0 001319d BLOCKED ?? Kernel stack not resident
??
1cc.000458 815c5020 000e669 BLOCKED ?? Kernel stack not resident
??
1cc.0003cc 815c1020 0012b8a BLOCKED ?? Kernel stack not resident
??
1cc.00031c 81602800 0000425 BLOCKED nt!KiSwapThread+0xc5

[regsvc.exe]
1fc.0001f8 816ed020 00131c9 BLOCKED ?? Kernel stack not resident
??
1fc.000208 816ec540 0000369 BLOCKED nt!KiSwapThread+0xc5

[mstask.exe]
21c.000218 816e9da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000254 81664da0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.000264 816e3b20 000ea38 BLOCKED ?? Kernel stack not resident
??
21c.000268 8165a7e0 00131c9 BLOCKED ?? Kernel stack not resident
??
21c.0001dc 81691020 00001b4 BLOCKED nt!KiSwapThread+0xc5
21c.000270 81657380 000092d BLOCKED nt!KiSwapThread+0xc5
21c.000274 8182ea00 0009f23 BLOCKED nt!KiSwapThread+0xc5

[WinMgmt.exe]
280.00027c 81654560 00131c9 BLOCKED ?? Kernel stack not resident
??
280.000128 816508c0 00090b4 BLOCKED nt!KiSwapThread+0xc5
280.0003ac 815fc020 0003448 BLOCKED nt!KiSwapThread+0xc5
280.0004b0 8157bbc0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
280.0003f4 fc6aa180 0000093 BLOCKED nt!KiSwapThread+0xc5

[svchost.exe]
2a4.0002a0 8164f8c0 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.0002a8 8164e4a0 000d194 BLOCKED nt!KiSwapThread+0xc5
2a4.0002d4 8164dda0 0008cb8 BLOCKED nt!KiSwapThread+0xc5
2a4.000260 8163f400 00131c9 BLOCKED ?? Kernel stack not resident
??
2a4.000108 815adda0 001258c BLOCKED ?? Kernel stack not resident
??

[explorer.exe]
304.000300 8163b980 0004031 BLOCKED nt!KiSwapThread+0xc5
304.000314 81638020 0000998 BLOCKED nt!KiSwapThread+0xc5
304.000318 81634a60 0009030 BLOCKED nt!KiSwapThread+0xc5
304.000284 8162e960 0000088 BLOCKED nt!KiSwapThread+0xc5
304.000330 8162dc60 0000018 BLOCKED nt!KiSwapThread+0xc5
304.000334 816424e0 0009f04 BLOCKED nt!KiSwapThread+0xc5
304.000158 815e6ae0 0003448 BLOCKED nt!KiSwapThread+0xc5
304.000400 815c3b40 000ea73 BLOCKED ?? Kernel stack not resident
??
304.000404 815c2d60 0000386 BLOCKED nt!KiSwapThread+0xc5
304.0002d8 8175f020 000092f BLOCKED nt!KiSwapThread+0xc5
304.0000c8 81647020 0000010 BLOCKED nt!KiSwapThread+0xc5
304.0001f4 8159c2a0 000e7cb BLOCKED ?? Kernel stack not resident
??
304.0003f0 815aa020 00027a4 BLOCKED nt!KiSwapThread+0xc5

[igfxtray.exe]
348.000344 816291a0 000d194 BLOCKED nt!KiSwapThread+0xc5
348.0004b8 815833e0 0008cb8 BLOCKED nt!KiSwapThread+0xc5

[hkcmd.exe]
354.000350 81626540 000d194 BLOCKED nt!KiSwapThread+0xc5
354.000324 81621020 0008cb8 BLOCKED nt!KiSwapThread+0xc5
354.0003a8 816004c0 00131c9 BLOCKED ?? Kernel stack not resident
??

[WZQKPICK.EXE]
358.00033c 8161eda0 000e87e BLOCKED ?? Kernel stack not resident
??

[wuauclt.exe]
38c.000130 81610880 000c18e BLOCKED nt!KiSwapThread+0xc5
38c.0003b4 815aac00 000768e BLOCKED nt!KiSwapThread+0xc5
38c.0002f0 815aa620 00121c6 BLOCKED ?? Kernel stack not resident
??
38c.0003d4 815a9020 00004c6 BLOCKED nt!KiSwapThread+0xc5
38c.0003d0 815a9da0 0008bc6 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
420.000204 815a1800 0000003 BLOCKED nt!KiSwapThread+0xc5
420.000384 8159b2a0 0000024 BLOCKED nt!KiSwapThread+0xc5
420.0003e4 815b8700 000dda1 BLOCKED nt!KiSwapThread+0xc5
420.0004bc 813fd4c0 00027a4 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
2c8.0002fc 8163e9c0 000ddb7 BLOCKED nt!KiSwapThread+0xc5
2c8.000224 815b2d20 000d194 BLOCKED nt!KiSwapThread+0xc5
2c8.000228 815ae920 0000002 BLOCKED nt!KiSwapThread+0xc5
2c8.000388 81585da0 000008f BLOCKED nt!KiSwapThread+0xc5
2c8.0004c0 815849e0 000d1bb BLOCKED nt!KiSwapThread+0xc5
2c8.0004d4 81583020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
454.000408 815f6820 000d194 BLOCKED nt!KiSwapThread+0xc5
454.000298 8163e020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
4c8.0004c4 8150a860 000d194 BLOCKED nt!KiSwapThread+0xc5
4c8.0004cc 8153a020 00027a3 BLOCKED nt!KiSwapThread+0xc5

[msiexec.exe]
1b0.000378 813569c0 000cf33 BLOCKED nt!KiSwapThread+0xc5
1b0.000540 81419160 00027a3 BLOCKED nt!KiSwapThread+0xc5

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding.
But can some one look at this and help me as what does it all mean,
which area to concentrate? . Or is there a specific article to read on
OSR ?. I see many general articles on lock but explaing to track a
deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

>Thankyou all for your help. But !process 0 7 is a whole Bible of things

Correct. Then find the strings which contain “FastMutex” or “Resource” in it,
these will be the stacks of offending threads.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Anurag,

Dont take it personally, but I’ve always thought about selling just one of a
pair of shoes ( and hold the other one ). Would it be useful ??? Sure why
not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does not
solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some idea
   or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress or
   make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you can
   prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding.
But can some one look at this and help me as what does it all mean,
which area to concentrate? . Or is there a specific article to read on
OSR ?. I see many general articles on lock but explaing to track a
deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

>>There is an excellent article on ntinsider ( look on line at osr site
).

Please Please let me know the link.I searched but there are a number of
them, but don’t know which one talks of the step by step procedure.
I am on W2k hence DV would not help.

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

I see these as with string “Resource”, mostly like “ExpWaitForResource”
and ExpAcquireResourceSharedLite.

I got none with “FastMutex” .

From this Can I confirm that hang is because of my misuse of Fast
Mutex??

Also I see a lot of “Kernel stack not resident” what does this mean ???

THREAD 8189c020 Cid 8.24 Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
8169a2a8 Semaphore Limit 0x7fffffff
8189c108 NotificationTimer
IRP List:
82366188: (0006,01b4) Flags: 00000004 Mdl: 00000000
Not impersonating
Owning Process 8189eae0
Wait Start TickCount 35330 Elapsed Ticks: 154
Context Switch Count 1722
UserTime 0:00:00.0000
KernelTime 0:00:00.0078
Start Address nt!ExpWorkerThread (0x804190f0)
Stack Init eb43c000 Current eb43b9a8 Base eb43c000 Limit
eb439000 Call 0
Priority 14 BasePriority 12 PriorityDecrement 2 DecrementCount
16

ChildEBP RetAddr Args to Child
eb43b9c0 8042de88 00000000 818759d4 8189c020
nt!KiSwapThread+0xc5
eb43b9e8 8041766c 8169a2a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
eb43ba28 80416cf8 82366188 8148bd88 00000000
nt!ExpWaitForResource+0x1ac
eb43ba40 80416c31 818759d4 00000001 eb43bae0
nt!ExpAcquireResourceSharedLite+0xb0
eb43ba50 bff098e2 818759d4 00000001 8148bd88
nt!ExAcquireResourceSharedLite+0x41
eb43bae0 bff1877b 8148bd88 82366188 81875500 +0xbff098e2
eb43bb44 8041fb8b 81875500 82366188 000000c9 +0xbff1877b
eb43bb58 8053019b 82366310 82366334 80064b7c
nt!IopfCallDriver+0x35
eb43bbac 8041fb8b 815aac20 82366188 82366188
nt!IovCallDriver+0x77
eb43bbc0 8049a586 8451f208 82366188 00000000
nt!IopfCallDriver+0x35
eb43bbd4 8049700e 815aac20 82366188 81870028
nt!IopSynchronousServiceTail+0x60
eb43bc64 80465691 80000058 eb43bcf8 00000000
nt!NtFlushBuffersFile+0x1c9
eb43bc64 80400c61 80000058 eb43bcf8 00000000
nt!KiSystemService+0xc4
eb43bce4 804b7fa2 80000058 eb43bcf8 e10071e8
nt!ZwFlushBuffersFile+0xb
eb43bd00 804b6d4c e10071e8 00000000 e1007350
nt!CmpFileFlush+0x2a
eb43bd40 804b6d0a e10071e8 00000000 e10071e8
nt!HvpDoWriteHive+0x13
eb43bd54 804b478c e1007101 8046dc5c 804761e0 nt!HvSyncHive+0x44
eb43bd70 804b3d09 8189c020 804191b5 00000000
nt!CmpDoFlushAll+0x4c
eb43bd78 804191b5 00000000 00000000 00000000
nt!CmpLazyFlushWorker+0x16
eb43bda8 80455a16 00000000 00000000 00000000
nt!ExpWorkerThread+0xae
eb43bddc 80469bb2 804190f0 00000001 00000000
nt!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16

THREAD 862a0020 Cid 268.3d8 Teb: 7ffd8000 Win32Thread:
e2e36388 WAIT: (Executive) KernelMode Non-Alertable
84269148 SynchronizationEvent
862a0108 NotificationTimer
IRP List:
87559188: (0006,01b4) Flags: 00000404 Mdl: 00000000
Not impersonating
Owning Process 8165bd60
Wait Start TickCount 35330 Elapsed Ticks: 154
Context Switch Count 41 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Win32 Start Address 0x65c4b770
Stack Init f123d000 Current f123c384 Base f123d000 Limit
f1239000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16

ChildEBP RetAddr Args to Child
f123c39c 8042de88 00000000 81742848 862a0020
nt!KiSwapThread+0xc5
f123c3c4 8041766c 84269148 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f123c404 80416b4d 81742848 00742848 f123c41c
nt!ExpWaitForResource+0x1ac
f123c414 80416b92 f123c438 80416b3d 81742848
nt!ExpAcquireResourceExclusiveLite+0x64
f123c41c 80416b3d 81742848 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x4b
f123c438 80416b92 f123c6a0 bff05e49 81742848
nt!ExpAcquireResourceExclusiveLite+0x55
f123c440 bff05e49 81742848 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x4b
f123c6a0 bff0ad63 f123c6e8 87559188 81875500 +0xbff05e49
f123c818 8041fb8b 81875500 87559188 000000c9 +0xbff0ad63
f123c82c 8053019b 815aac20 87559188 87559198
nt!IopfCallDriver+0x35
f123c894 8041fb8b 815aac20 87559188 8319b188
nt!IovCallDriver+0x77
f123c8a8 8049d134 80064fac 818b6040 00000001
nt!IopfCallDriver+0x35
f123c8dc 804a5d99 8165bd60 815aac20 00100000
nt!IopCloseFile+0x275
f123c908 8044fbc8 8165bd60 8319b174 8319b188
nt!ObpDecrementHandleCount+0x13c
f123c9bc 80465691 00000230 00000000 f123ca34 nt!NtClose+0x1f0
f123c9bc 804009d1 00000230 00000000 f123ca34
nt!KiSystemService+0xc4
f123caf4 8053bec5 000a0008 f1352d88 f135f600 nt!ZwClose+0xb
f123cba0 8041fb8b 815aac20 862a0908 83b8b608
nt!MiAllocateSpecialPool+0x165
f123cbc8 8043de68 83b8b608 f123cbf0 f123cc78
nt!IopfCallDriver+0x35
f123cc94 804a0a6a e2ec8008 e2ec800c ffffffff
nt!MiFlushSectionInternal+0x36a
f123ccec 804a07b5 00000000 e2ec8008 81218bc0
nt!MmFlushVirtualMemory+0x364
f123cd4c 80465691 ffffffff 01d5fc70 01d5fc7c
nt!NtFlushVirtualMemory+0x104
f123cd4c 77f8a424 ffffffff 01d5fc70 01d5fc7c
nt!KiSystemService+0xc4
01d5fc50 00000000 00000000 00000000 00000000 +0x77f8a424

THREAD 8175f020 Cid 304.360 Teb: 7ffa6000 Win32Thread:
e2a24228 WAIT: (Executive) KernelMode Non-Alertable
8169a2a8 Semaphore Limit 0x7fffffff
8175f108 NotificationTimer
IRP List:
fc144ae8: (0006,01b4) Flags: 00000800 Mdl: 00000000
Not impersonating
Owning Process 8163c460
Wait Start TickCount 35461 Elapsed Ticks: 23
Context Switch Count 9069 LargeStack
UserTime 0:00:00.0125
KernelTime 0:00:01.0125
Start Address 0x7c4e9824
Win32 Start Address 0x7118a0cf
Stack Init f1378910 Current f13782ec Base f1379000 Limit
f1375000 Call f137891c
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16

ChildEBP RetAddr Args to Child
f1378304 8042de88 00000000 818759d4 8175f020
nt!KiSwapThread+0xc5
f137832c 8041766c 8169a2a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f137836c 80416cf8 fc144ae8 83d1bee8 00000000
nt!ExpWaitForResource+0x1ac
f1378384 80416c31 818759d4 00000001 f13783f8
nt!ExpAcquireResourceSharedLite+0xb0
f1378394 bff098e2 818759d4 00000001 f1378444
nt!ExAcquireResourceSharedLite+0x41
f13783f8 bff1b480 83d1bee8 fc144ae8 f1378444 +0xbff098e2
f137840c bff10372 83d1bee8 fc144ae8 f1378444 +0xbff1b480
f1378490 8041fb8b 81875500 fc144ae8 000000c9 +0xbff10372
f13784a4 8053019b 815aac20 fc144ae8 80064b7c
nt!IopfCallDriver+0x35
f13784d8 80418141 00000000 f13782c0 00090028
nt!IovCallDriver+0x77
f13784f4 ffffffff f137851c f13602f8 815aac20
nt!ExAllocatePoolWithTagPriority+0x67
804097a8 804564f6 80456507 00000000 ffffffff +0xffffffff
ffffffff 00000000 00000000 00000000 00000000 nt!DbgPrint+0x53
f1378934 8043102e f13789f4 f13789ec 00000000
nt!KiCallUserMode+0x4
f1378998 a008a681 00000002 f13789c8 00000018
nt!KeUserModeCallback+0xa6
f1378c28 a002e660 a03317a0 00000410 00000748 +0xa008a681
f1378ca0 a0003886 e2a24228 f1378d64 00000000 +0xa002e660
f1378cdc a0003f21 f1378d0c 000021ff 00000000 +0xa0003886
f1378d48 80465691 040dfef0 00000000 00000000 +0xa0003f21
f1378d48 77e1355b 040dfef0 00000000 00000000
nt!KiSystemService+0xc4
040dfc44 00000000 00000000 00000000 00000000 +0x77e1355b

THREAD 815ad020 Cid 70.308 Teb: 7ffd8000 Win32Thread:
e2c883a8 WAIT: (Executive) KernelMode Non-Alertable
8189f848 SynchronizationEvent
815ad108 NotificationTimer
IRP List:
bd2aee48: (0006,01b4) Flags: 00000404 Mdl: 00000000
Impersonation token: e2b7f470 (Level Impersonation)
Owning Process 815a4440
Wait Start TickCount 35451 Elapsed Ticks: 33
Context Switch Count 88529 LargeStack
UserTime 0:00:01.0640
KernelTime 0:00:22.0265
Start Address 0x7c4e9824
Win32 Start Address 0x004ce9b7
Stack Init f15b1000 Current f15b09b0 Base f15b1000 Limit
f15ae000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f15b09c8 8042de88 00000000 818759d4 815ad020
nt!KiSwapThread+0xc5
f15b09f0 8041766c 8189f848 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f15b0a30 80416b4d 811a76a8 008759d4 f15b0a48
nt!ExpWaitForResource+0x1ac
f15b0a40 80416b92 f15b0ae4 bff2b1c0 818759d4
nt!ExpAcquireResourceExclusiveLite+0x64
f15b0a48 bff2b1c0 818759d4 e1a1a301 811a76a8
nt!ExAcquireResourceExclusiveLite+0x4b
f15b0ae4 bff09aa3 811a76a8 e1a1a0d8 e1a1a008 +0xbff2b1c0
f15b0ba4 8041fb8b 81875500 bd2aee48 000000c9 +0xbff09aa3
f15b0bb8 8053019b 815aac20 bd2aee48 82e94608
nt!IopfCallDriver+0x35
f15b0c2c 8041fb8b 815aac20 bd2aee48 bd2aee58
nt!IovCallDriver+0x77
f15b0c40 8042a608 00000000 82e94604 8042a4c3
nt!IopfCallDriver+0x35
f15b0c74 804a51bf 81878300 82e945f0 818b6040
nt!IopDeleteFile+0x14b
f15b0c90 8044f861 82e94608 e2badd60 82e945f0
nt!ObpRemoveObjectRoutine+0xd6
f15b0cb4 8044fbd0 f15b0d64 00f3b130 8044f9a8
nt!ObfDereferenceObject+0x149
f15b0d58 80465691 000002b0 00000000 00000000 nt!NtClose+0x1f8
f15b0d58 77f84d9e 000002b0 00000000 00000000
nt!KiSystemService+0xc4
00f3b124 00000000 00000000 00000000 00000000 +0x77f84d9e

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Saturday, November 20, 2004 10:50 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things

Correct. Then find the strings which contain “FastMutex” or “Resource”
in it, these will be the stacks of offending threads.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Wanted to check my Use of Fast Mutex. I see that WRITE Dispatch routine
has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)}
If (Condition B)
{ I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)}
If (Condition D)
{ I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different Dispatch
routines. Like (Lock A) protects (A-link list) in both CREATE Dispatch
Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in different link
list?? I.e. do I uses
Like (Lock Z) to protect (A-link list) in WRITE Dispatch Routine and let
(Lock A) protects (A-link list) in CREATE Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

The name of the article (including other detail ) –

“Hang” in there … Help is on the way - Debugging deadlocks
Nt insider volume 8 issue 1, yr 2001(jan-feb).

I could not find it on the server also also I’m not sure if it is on the CD
that was distributed at DevCon, I’ve to check it, then that might be easy
for me to send the softcopy ( if allowed, here is a catch though ).

Since you are already on your way to debugging, if we see any of those
resources in contention then look at their addresses, and if it falls within
the addresses of your drivers space ( lm or something would give you where
is your driver mapped ( address range ). Once you narrow those, half of the
battle you own.

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:55 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

>There is an excellent article on ntinsider ( look on line at osr site
).

Please Please let me know the link.I searched but there are a number of
them, but don’t know which one talks of the step by step procedure.
I am on W2k hence DV would not help.

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

No you should use One and only one lock per list usually (specially when any
of the OPeration is destructive ( ie modify, add, write some such )…

May be you should try just mutex, since fast mutex is not recursive ( hence
if a thread tries to acquire it again, it is a dead lock if I could
recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE Dispatch routine
has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)}
If (Condition B)
{ I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)}
If (Condition D)
{ I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different Dispatch
routines. Like (Lock A) protects (A-link list) in both CREATE Dispatch
Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in different link
list?? I.e. do I uses
Like (Lock Z) to protect (A-link list) in WRITE Dispatch Routine and let
(Lock A) protects (A-link list) in CREATE Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

No, you’re seeing a deadlock on a resource, everything is fine with fast
mutexes.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Anurag Sarin”
To: “Windows System Software Devs Interest List”
Sent: Saturday, November 20, 2004 9:05 PM
Subject: RE: [ntdev] Hanging problem

I see these as with string “Resource”, mostly like “ExpWaitForResource”
and ExpAcquireResourceSharedLite.

I got none with “FastMutex” .

From this Can I confirm that hang is because of my misuse of Fast
Mutex??

Also I see a lot of “Kernel stack not resident” what does this mean ???

------------------------------------------------------------------------
------
THREAD 8189c020 Cid 8.24 Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
8169a2a8 Semaphore Limit 0x7fffffff
8189c108 NotificationTimer
IRP List:
82366188: (0006,01b4) Flags: 00000004 Mdl: 00000000
Not impersonating
Owning Process 8189eae0
Wait Start TickCount 35330 Elapsed Ticks: 154
Context Switch Count 1722
UserTime 0:00:00.0000
KernelTime 0:00:00.0078
Start Address nt!ExpWorkerThread (0x804190f0)
Stack Init eb43c000 Current eb43b9a8 Base eb43c000 Limit
eb439000 Call 0
Priority 14 BasePriority 12 PriorityDecrement 2 DecrementCount
16

ChildEBP RetAddr Args to Child
eb43b9c0 8042de88 00000000 818759d4 8189c020
nt!KiSwapThread+0xc5
eb43b9e8 8041766c 8169a2a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
eb43ba28 80416cf8 82366188 8148bd88 00000000
nt!ExpWaitForResource+0x1ac
eb43ba40 80416c31 818759d4 00000001 eb43bae0
nt!ExpAcquireResourceSharedLite+0xb0
eb43ba50 bff098e2 818759d4 00000001 8148bd88
nt!ExAcquireResourceSharedLite+0x41
eb43bae0 bff1877b 8148bd88 82366188 81875500 +0xbff098e2
eb43bb44 8041fb8b 81875500 82366188 000000c9 +0xbff1877b
eb43bb58 8053019b 82366310 82366334 80064b7c
nt!IopfCallDriver+0x35
eb43bbac 8041fb8b 815aac20 82366188 82366188
nt!IovCallDriver+0x77
eb43bbc0 8049a586 8451f208 82366188 00000000
nt!IopfCallDriver+0x35
eb43bbd4 8049700e 815aac20 82366188 81870028
nt!IopSynchronousServiceTail+0x60
eb43bc64 80465691 80000058 eb43bcf8 00000000
nt!NtFlushBuffersFile+0x1c9
eb43bc64 80400c61 80000058 eb43bcf8 00000000
nt!KiSystemService+0xc4
eb43bce4 804b7fa2 80000058 eb43bcf8 e10071e8
nt!ZwFlushBuffersFile+0xb
eb43bd00 804b6d4c e10071e8 00000000 e1007350
nt!CmpFileFlush+0x2a
eb43bd40 804b6d0a e10071e8 00000000 e10071e8
nt!HvpDoWriteHive+0x13
eb43bd54 804b478c e1007101 8046dc5c 804761e0 nt!HvSyncHive+0x44
eb43bd70 804b3d09 8189c020 804191b5 00000000
nt!CmpDoFlushAll+0x4c
eb43bd78 804191b5 00000000 00000000 00000000
nt!CmpLazyFlushWorker+0x16
eb43bda8 80455a16 00000000 00000000 00000000
nt!ExpWorkerThread+0xae
eb43bddc 80469bb2 804190f0 00000001 00000000
nt!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16
------------------------------------------------------------------------
------------------------------------------------------------------------
-----------------------------
THREAD 862a0020 Cid 268.3d8 Teb: 7ffd8000 Win32Thread:
e2e36388 WAIT: (Executive) KernelMode Non-Alertable
84269148 SynchronizationEvent
862a0108 NotificationTimer
IRP List:
87559188: (0006,01b4) Flags: 00000404 Mdl: 00000000
Not impersonating
Owning Process 8165bd60
Wait Start TickCount 35330 Elapsed Ticks: 154
Context Switch Count 41 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Win32 Start Address 0x65c4b770
Stack Init f123d000 Current f123c384 Base f123d000 Limit
f1239000 Call 0
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16

ChildEBP RetAddr Args to Child
f123c39c 8042de88 00000000 81742848 862a0020
nt!KiSwapThread+0xc5
f123c3c4 8041766c 84269148 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f123c404 80416b4d 81742848 00742848 f123c41c
nt!ExpWaitForResource+0x1ac
f123c414 80416b92 f123c438 80416b3d 81742848
nt!ExpAcquireResourceExclusiveLite+0x64
f123c41c 80416b3d 81742848 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x4b
f123c438 80416b92 f123c6a0 bff05e49 81742848
nt!ExpAcquireResourceExclusiveLite+0x55
f123c440 bff05e49 81742848 00000001 00000000
nt!ExAcquireResourceExclusiveLite+0x4b
f123c6a0 bff0ad63 f123c6e8 87559188 81875500 +0xbff05e49
f123c818 8041fb8b 81875500 87559188 000000c9 +0xbff0ad63
f123c82c 8053019b 815aac20 87559188 87559198
nt!IopfCallDriver+0x35
f123c894 8041fb8b 815aac20 87559188 8319b188
nt!IovCallDriver+0x77
f123c8a8 8049d134 80064fac 818b6040 00000001
nt!IopfCallDriver+0x35
f123c8dc 804a5d99 8165bd60 815aac20 00100000
nt!IopCloseFile+0x275
f123c908 8044fbc8 8165bd60 8319b174 8319b188
nt!ObpDecrementHandleCount+0x13c
f123c9bc 80465691 00000230 00000000 f123ca34 nt!NtClose+0x1f0
f123c9bc 804009d1 00000230 00000000 f123ca34
nt!KiSystemService+0xc4
f123caf4 8053bec5 000a0008 f1352d88 f135f600 nt!ZwClose+0xb
f123cba0 8041fb8b 815aac20 862a0908 83b8b608
nt!MiAllocateSpecialPool+0x165
f123cbc8 8043de68 83b8b608 f123cbf0 f123cc78
nt!IopfCallDriver+0x35
f123cc94 804a0a6a e2ec8008 e2ec800c ffffffff
nt!MiFlushSectionInternal+0x36a
f123ccec 804a07b5 00000000 e2ec8008 81218bc0
nt!MmFlushVirtualMemory+0x364
f123cd4c 80465691 ffffffff 01d5fc70 01d5fc7c
nt!NtFlushVirtualMemory+0x104
f123cd4c 77f8a424 ffffffff 01d5fc70 01d5fc7c
nt!KiSystemService+0xc4
01d5fc50 00000000 00000000 00000000 00000000 +0x77f8a424
------------------------------------------------------------------------
------------------------------------------------------------------------
----------------

THREAD 8175f020 Cid 304.360 Teb: 7ffa6000 Win32Thread:
e2a24228 WAIT: (Executive) KernelMode Non-Alertable
8169a2a8 Semaphore Limit 0x7fffffff
8175f108 NotificationTimer
IRP List:
fc144ae8: (0006,01b4) Flags: 00000800 Mdl: 00000000
Not impersonating
Owning Process 8163c460
Wait Start TickCount 35461 Elapsed Ticks: 23
Context Switch Count 9069 LargeStack
UserTime 0:00:00.0125
KernelTime 0:00:01.0125
Start Address 0x7c4e9824
Win32 Start Address 0x7118a0cf
Stack Init f1378910 Current f13782ec Base f1379000 Limit
f1375000 Call f137891c
Priority 14 BasePriority 8 PriorityDecrement 6 DecrementCount 16

ChildEBP RetAddr Args to Child
f1378304 8042de88 00000000 818759d4 8175f020
nt!KiSwapThread+0xc5
f137832c 8041766c 8169a2a8 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f137836c 80416cf8 fc144ae8 83d1bee8 00000000
nt!ExpWaitForResource+0x1ac
f1378384 80416c31 818759d4 00000001 f13783f8
nt!ExpAcquireResourceSharedLite+0xb0
f1378394 bff098e2 818759d4 00000001 f1378444
nt!ExAcquireResourceSharedLite+0x41
f13783f8 bff1b480 83d1bee8 fc144ae8 f1378444 +0xbff098e2
f137840c bff10372 83d1bee8 fc144ae8 f1378444 +0xbff1b480
f1378490 8041fb8b 81875500 fc144ae8 000000c9 +0xbff10372
f13784a4 8053019b 815aac20 fc144ae8 80064b7c
nt!IopfCallDriver+0x35
f13784d8 80418141 00000000 f13782c0 00090028
nt!IovCallDriver+0x77
f13784f4 ffffffff f137851c f13602f8 815aac20
nt!ExAllocatePoolWithTagPriority+0x67
804097a8 804564f6 80456507 00000000 ffffffff +0xffffffff
ffffffff 00000000 00000000 00000000 00000000 nt!DbgPrint+0x53
f1378934 8043102e f13789f4 f13789ec 00000000
nt!KiCallUserMode+0x4
f1378998 a008a681 00000002 f13789c8 00000018
nt!KeUserModeCallback+0xa6
f1378c28 a002e660 a03317a0 00000410 00000748 +0xa008a681
f1378ca0 a0003886 e2a24228 f1378d64 00000000 +0xa002e660
f1378cdc a0003f21 f1378d0c 000021ff 00000000 +0xa0003886
f1378d48 80465691 040dfef0 00000000 00000000 +0xa0003f21
f1378d48 77e1355b 040dfef0 00000000 00000000
nt!KiSystemService+0xc4
040dfc44 00000000 00000000 00000000 00000000 +0x77e1355b

------------------------------------------------------------------------
-----------------------------------------------------------------

THREAD 815ad020 Cid 70.308 Teb: 7ffd8000 Win32Thread:
e2c883a8 WAIT: (Executive) KernelMode Non-Alertable
8189f848 SynchronizationEvent
815ad108 NotificationTimer
IRP List:
bd2aee48: (0006,01b4) Flags: 00000404 Mdl: 00000000
Impersonation token: e2b7f470 (Level Impersonation)
Owning Process 815a4440
Wait Start TickCount 35451 Elapsed Ticks: 33
Context Switch Count 88529 LargeStack
UserTime 0:00:01.0640
KernelTime 0:00:22.0265
Start Address 0x7c4e9824
Win32 Start Address 0x004ce9b7
Stack Init f15b1000 Current f15b09b0 Base f15b1000 Limit
f15ae000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f15b09c8 8042de88 00000000 818759d4 815ad020
nt!KiSwapThread+0xc5
f15b09f0 8041766c 8189f848 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f15b0a30 80416b4d 811a76a8 008759d4 f15b0a48
nt!ExpWaitForResource+0x1ac
f15b0a40 80416b92 f15b0ae4 bff2b1c0 818759d4
nt!ExpAcquireResourceExclusiveLite+0x64
f15b0a48 bff2b1c0 818759d4 e1a1a301 811a76a8
nt!ExAcquireResourceExclusiveLite+0x4b
f15b0ae4 bff09aa3 811a76a8 e1a1a0d8 e1a1a008 +0xbff2b1c0
f15b0ba4 8041fb8b 81875500 bd2aee48 000000c9 +0xbff09aa3
f15b0bb8 8053019b 815aac20 bd2aee48 82e94608
nt!IopfCallDriver+0x35
f15b0c2c 8041fb8b 815aac20 bd2aee48 bd2aee58
nt!IovCallDriver+0x77
f15b0c40 8042a608 00000000 82e94604 8042a4c3
nt!IopfCallDriver+0x35
f15b0c74 804a51bf 81878300 82e945f0 818b6040
nt!IopDeleteFile+0x14b
f15b0c90 8044f861 82e94608 e2badd60 82e945f0
nt!ObpRemoveObjectRoutine+0xd6
f15b0cb4 8044fbd0 f15b0d64 00f3b130 8044f9a8
nt!ObfDereferenceObject+0x149
f15b0d58 80465691 000002b0 00000000 00000000 nt!NtClose+0x1f8
f15b0d58 77f84d9e 000002b0 00000000 00000000
nt!KiSystemService+0xc4
00f3b124 00000000 00000000 00000000 00000000 +0x77f84d9e

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Saturday, November 20, 2004 10:50 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Hanging problem

>Thankyou all for your help. But !process 0 7 is a whole Bible of things

Correct. Then find the strings which contain “FastMutex” or “Resource”
in it, these will be the stacks of offending threads.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

I think the OP indicated that he has two lists, each with their own locks.
Nothing in itself wrong with that, although he should of course be sure that
he doesn’t have a lock hierarchy problem.

If he has a lock recursion problem it will be obvious from the thread stack
trace. What he should not do is just start changing lock mechanisms in the
hope that the problem will get more obscure. Instead, the OP should use the
‘open the window wide’ rule. When looking for the cause of a software
defect, try to make the problem MORE reproducible not LESS.

It is unlikely that anybody with the skill set required to analyze a dump is
going to volunteer to grovel through the OP’s !process 0 7 output. That is
the OP’s job, and he is being paid for it. He’s been given excellent
pointers on how to proceed. Now he should just get on with it. Once he has a
clue as to what the deadlock is, he should perhaps come back here for advice
on how to resolve it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Saturday, November 20, 2004 1:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

No you should use One and only one lock per list usually
(specially when any of the OPeration is destructive ( ie
modify, add, write some such )…

May be you should try just mutex, since fast mutex is not
recursive ( hence if a thread tries to acquire it again, it
is a dead lock if I could recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE
Dispatch routine has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)} If (Condition
B) { I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)} If (Condition
D) { I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different
Dispatch routines. Like (Lock A) protects (A-link list) in
both CREATE Dispatch Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in
different link list?? I.e. do I uses Like (Lock Z) to protect
(A-link list) in WRITE Dispatch Routine and let (Lock A)
protects (A-link list) in CREATE Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about
selling just one of a pair of shoes ( and hold the other one
). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every
stage of life ) look for a simple solution and go for complex
one if simple does not solve it.

In priority order -

1. if it is your own code, and you understand the locks,
   rough crosss checking about how you define and uses those
   locks should give you some idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you
   can supress or make it verbose, but I bet you have not seen
   the article from osr

4. then ! process 0 7 or verbose !locks to go thru and
   checking and you can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight
for a rocky ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible
of things . Sorry to ask for spoon feeding. But can some one
look at this and help me as what does it all mean, which area
to concentrate? . Or is there a specific article to read on
OSR ?. I see many general articles on lock but explaing to
track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some
more commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only
at high stress of CREATE and WRITE operations like
installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000
Limit f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000
Limit f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000
Limit f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000
Limit f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000
Limit f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000
Limit f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument:
‘’ To unsubscribe send a blank email to
xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@divassoftware.com To unsubscribe send a blank email to
xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com

>>No you should use One and only one lock per list usually

One lock per list in all dispatch routines (same in CREATE and WRITE).??
In short- I am write in my flow for Fast Mutex, right???

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Sunday, November 21, 2004 12:07 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

No you should use One and only one lock per list usually (specially when
any of the OPeration is destructive ( ie modify, add, write some such
)…

May be you should try just mutex, since fast mutex is not recursive (
hence if a thread tries to acquire it again, it is a dead lock if I
could recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE Dispatch routine
has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)}
If (Condition B)
{ I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)}
If (Condition D)
{ I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different Dispatch
routines. Like (Lock A) protects (A-link list) in both CREATE Dispatch
Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in different link
list?? I.e. do I uses Like (Lock Z) to protect (A-link list) in WRITE
Dispatch Routine and let (Lock A) protects (A-link list) in CREATE
Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Yep, You’r right otherwise he would be making the same mistake !

Hard to judge if it is written by OP or someone else, also he did not
mention in his logic if there is any hierarchy problem. IF THE CODE IS
ENCAPSULATED IN ONE OR TWO ROUTINE SOMETIME IT IS BETTER TO PUT THAT AS IS
THAN SOME PSEUDO CODE ( I still remember lost in translation Mark ) …

Oh well, I think he is on his way to figure it out !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Mark Roddy
Sent: Saturday, November 20, 2004 10:58 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

I think the OP indicated that he has two lists, each with their own locks.
Nothing in itself wrong with that, although he should of course be sure that
he doesn’t have a lock hierarchy problem.

If he has a lock recursion problem it will be obvious from the thread stack
trace. What he should not do is just start changing lock mechanisms in the
hope that the problem will get more obscure. Instead, the OP should use the
‘open the window wide’ rule. When looking for the cause of a software
defect, try to make the problem MORE reproducible not LESS.

It is unlikely that anybody with the skill set required to analyze a dump is
going to volunteer to grovel through the OP’s !process 0 7 output. That is
the OP’s job, and he is being paid for it. He’s been given excellent
pointers on how to proceed. Now he should just get on with it. Once he has a
clue as to what the deadlock is, he should perhaps come back here for advice
on how to resolve it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Saturday, November 20, 2004 1:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

No you should use One and only one lock per list usually
(specially when any of the OPeration is destructive ( ie
modify, add, write some such )…

May be you should try just mutex, since fast mutex is not
recursive ( hence if a thread tries to acquire it again, it
is a dead lock if I could recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE
Dispatch routine has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)} If (Condition
B) { I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)} If (Condition
D) { I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different
Dispatch routines. Like (Lock A) protects (A-link list) in
both CREATE Dispatch Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in
different link list?? I.e. do I uses Like (Lock Z) to protect
(A-link list) in WRITE Dispatch Routine and let (Lock A)
protects (A-link list) in CREATE Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about
selling just one of a pair of shoes ( and hold the other one
). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every
stage of life ) look for a simple solution and go for complex
one if simple does not solve it.

In priority order -

1. if it is your own code, and you understand the locks,
   rough crosss checking about how you define and uses those
   locks should give you some idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you
   can supress or make it verbose, but I bet you have not seen
   the article from osr

4. then ! process 0 7 or verbose !locks to go thru and
   checking and you can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight
for a rocky ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible
of things . Sorry to ask for spoon feeding. But can some one
look at this and help me as what does it all mean, which area
to concentrate? . Or is there a specific article to read on
OSR ?. I see many general articles on lock but explaing to
track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some
more commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only
at high stress of CREATE and WRITE operations like
installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000
Limit f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000
Limit f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000
Limit f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000
Limit f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000
Limit f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000
Limit f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0
DecrementCount 0 Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument:
‘’ To unsubscribe send a blank email to
xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@divassoftware.com To unsubscribe send a blank email to
xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Since you found that taking out the locks letting you avoid the deadlock, it
is quite fair to assume that you have a locking problem, hope everyone would
agree some what on it –

Now take the very basic case, (a) everywhere you try to access the list you
would be PASSIVE LEVEL (b) Assume that you never going to think about
artificial partitioning on a list, that means you would be allowing only one
thread to access the list at any given point in time. IF THE ABOVE
ASSUMPTIONS ARE TRUE your one lock per list is fine.

Now you are using two locks for two lists, so you should be careful about
lock hierarchy ( that is every places you try to acquire two locks, you
acquire in the same order, make sure you releases too. BTW, there are osr
articles on this that are online and you can look at it.

Anytime you manage to get out of the deadlock, make sure you sit back and
clean it out properly, in otherwords justify why you ( or whoever ) using
those locks, why they should be deadlock free etc.,etc

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 11:09 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

>No you should use One and only one lock per list usually

One lock per list in all dispatch routines (same in CREATE and WRITE).??
In short- I am write in my flow for Fast Mutex, right???

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Sunday, November 21, 2004 12:07 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

No you should use One and only one lock per list usually (specially when
any of the OPeration is destructive ( ie modify, add, write some such
)…

May be you should try just mutex, since fast mutex is not recursive (
hence if a thread tries to acquire it again, it is a dead lock if I
could recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE Dispatch routine
has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)}
If (Condition B)
{ I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)}
If (Condition D)
{ I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different Dispatch
routines. Like (Lock A) protects (A-link list) in both CREATE Dispatch
Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in different link
list?? I.e. do I uses Like (Lock Z) to protect (A-link list) in WRITE
Dispatch Routine and let (Lock A) protects (A-link list) in CREATE
Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just one
of a pair of shoes ( and hold the other one ). Would it be useful ???
Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of
life ) look for a simple solution and go for complex one if simple does
not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you some
   idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can supress
   or make it verbose, but I bet you have not seen the article from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and you
   can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a rocky
ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of things
. Sorry to ask for spoon feeding. But can some one look at this and help
me as what does it all mean, which area to concentrate? . Or is there a
specific article to read on OSR ?. I see many general articles on lock
but explaing to track a deadlock and DV will not help as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

BTW what is an OP??

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Sunday, November 21, 2004 12:43 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Yep, You’r right otherwise he would be making the same mistake !

Hard to judge if it is written by OP or someone else, also he did not
mention in his logic if there is any hierarchy problem. IF THE CODE IS
ENCAPSULATED IN ONE OR TWO ROUTINE SOMETIME IT IS BETTER TO PUT THAT AS
IS THAN SOME PSEUDO CODE ( I still remember lost in translation Mark )
…

Oh well, I think he is on his way to figure it out !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Mark Roddy
Sent: Saturday, November 20, 2004 10:58 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

I think the OP indicated that he has two lists, each with their own
locks. Nothing in itself wrong with that, although he should of course
be sure that he doesn’t have a lock hierarchy problem.

If he has a lock recursion problem it will be obvious from the thread
stack trace. What he should not do is just start changing lock
mechanisms in the hope that the problem will get more obscure. Instead,
the OP should use the ‘open the window wide’ rule. When looking for the
cause of a software defect, try to make the problem MORE reproducible
not LESS.

It is unlikely that anybody with the skill set required to analyze a
dump is going to volunteer to grovel through the OP’s !process 0 7
output. That is the OP’s job, and he is being paid for it. He’s been
given excellent pointers on how to proceed. Now he should just get on
with it. Once he has a clue as to what the deadlock is, he should
perhaps come back here for advice on how to resolve it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Saturday, November 20, 2004 1:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

No you should use One and only one lock per list usually (specially
when any of the OPeration is destructive ( ie modify, add, write some
such )…

May be you should try just mutex, since fast mutex is not recursive (
hence if a thread tries to acquire it again, it is a dead lock if I
could recall ).

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 10:23 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Wanted to check my Use of Fast Mutex. I see that WRITE Dispatch
routine has some thing wrong as removing it gives no hanging.

In my CREATE Dispatch Routine

If (Condition A)
{ I do (A-link list) operation under (Lock A)} If (Condition
B) { I do (B-link list) operation under (Lock B)}

In my WRITE Dispatch Routine
If (Condition C)
{ I do (A-link list) operation under (Lock A)} If (Condition
D) { I do (B-link list) operation under (Lock B)}

In all I have used one lock each for my 2 Link Lists.
Both Locks are initialized in driver entry.

Same lock always protects the same Link List in two different Dispatch

routines. Like (Lock A) protects (A-link list) in both CREATE Dispatch

Routine and WRITE Dispatch Routine.

Now do I use a new lock for the same link list used in different link
list?? I.e. do I uses Like (Lock Z) to protect (A-link list) in WRITE
Dispatch Routine and let (Lock A) protects (A-link list) in CREATE
Dispatch Routine ??

Any ideas ???

Anurag

-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Saturday, November 20, 2004 11:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Anurag,

Dont take it personally, but I’ve always thought about selling just
one of a pair of shoes ( and hold the other one ). Would it be useful
??? Sure why not ? if I can manage to walk on one foot …

When it comes down to debugging ( or for that matter in every stage of

life ) look for a simple solution and go for complex one if simple
does not solve it.

In priority order -

1. if it is your own code, and you understand the locks, rough crosss
   checking about how you define and uses those locks should give you
   some idea or to catch .

2. if it is not your own code then DV (only for xp ) is good idea

3. if the !locks commamnd catches it is in order to try, you can
   supress or make it verbose, but I bet you have not seen the article
   from osr

4. then ! process 0 7 or verbose !locks to go thru and checking and
   you can prun using filter (grep) as Max said …

Debugging deadlock(s) can be painful at times, so hold tight for a
rocky ride !

-pro

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 9:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

Thankyou all for your help. But !process 0 7 is a whole Bible of
things . Sorry to ask for spoon feeding. But can some one look at this

and help me as what does it all mean, which area to concentrate? . Or
is there a specific article to read on OSR ?. I see many general
articles on lock but explaing to track a deadlock and DV will not help

as I am on WIN 2K.

I probably will be taking some inputs from this and use some more
commands to get to the bottom right??

I am using Fast Mutex locks on link lists. I see a hang only at high
stress of CREATE and WRITE operations like installation of MS office.

I am giving a small part of its output.

kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
.
.
.

PROCESS 81564ce0 SessionId: 0 Cid: 0458 Peb: 7ffdf000 ParentCid:
0070
DirBase: 008d4000 ObjectTable: 81564f88 TableSize: 644.
Image: msiexec.exe
VadRoot 81564588 Clone 0 Private 182. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2b3f2d0
ElapsedTime 0:06:32.0125
UserTime 0:00:00.0078
KernelTime 0:00:00.0546
QuotaPoolUsage[PagedPool] 27232
QuotaPoolUsage[NonPagedPool] 3320
Working Set Sizes (now,min,max) (784, 50, 345) (3136KB, 200KB,
1380KB)
PeakWorkingSetSize 876
VirtualSize 22 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2161
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 235

THREAD 81564960 Cid 458.3b0 Teb: 7ffde000 Win32Thread:
e2bdc008 WAIT: (UserRequest) UserMode Non-Alertable
8159bcc0 ProcessObject
81563e40 NotificationEvent
81564260 SynchronizationEvent
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 11712 Elapsed Ticks: 23772
Context Switch Count 454 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f13c9000 Current f13c8930 Base f13c9000 Limit
f13c6000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f13c8948 8042dba9 00000008 e2bb9868 81564f88
nt!KiSwapThread+0xc5
f13c897c 80450b9b 00000003 f13c89f8 00000001
nt!KeWaitForMultipleObjects+0x266
f13c8d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f13c8d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81519da0 Cid 458.4a0 Teb: 7ffd8000 Win32Thread:
e2bf5008 WAIT: (WrLpcReceive) UserMode Non-Alertable
81711288 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81564ce0
Wait Start TickCount 29857 Elapsed Ticks: 5627
Context Switch Count 39 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f130d000 Current f130cc48 Base f130d000 Limit
f130a000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f130cc60 8042de88 f130cd64 e2bdbbc0 00000000
nt!KiSwapThread+0xc5
f130cc88 80434d74 81711288 00000010 00000301
nt!KeWaitForSingleObject+0x1a1
f130cd48 80465691 000000f0 0193ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f130cd48 77f839c7 000000f0 0193ff54 00000000
nt!KiSystemService+0xc4
0193fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 8149cb20 SessionId: 0 Cid: 04c8 Peb: 7ffdf000 ParentCid:
0070
DirBase: 0fe01000 ObjectTable: 8153a188 TableSize: 656.
Image: msiexec.exe
VadRoot 815478e8 Clone 0 Private 196. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2c9aa70
ElapsedTime 0:06:18.0125
UserTime 0:00:00.0093
KernelTime 0:00:00.0562
QuotaPoolUsage[PagedPool] 27704
QuotaPoolUsage[NonPagedPool] 3632
Working Set Sizes (now,min,max) (831, 50, 345) (3324KB, 200KB,
1380KB)
PeakWorkingSetSize 963
VirtualSize 23 Mb
PeakVirtualSize 29 Mb
PageFaultCount 2729
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 251

THREAD 8149c8a0 Cid 4c8.4c4 Teb: 7ffde000 Win32Thread:
e2c9ada8 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
815126c0 NotificationEvent
8150e9a0 SynchronizationEvent
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 67 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f1591000 Current f1590930 Base f1591000 Limit
f158e000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f1590948 8042dba9 00000008 e2c99868 8153a188
nt!KiSwapThread+0xc5
f159097c 80450b9b 00000003 f15909f8 00000001
nt!KeWaitForMultipleObjects+0x266
f1590d48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f1590d48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 814b9a40 Cid 4c8.4cc Teb: 7ffdd000 Win32Thread:
e2c9e008 WAIT: (WrLpcReceive) UserMode Non-Alertable
8154db88 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 8149cb20
Wait Start TickCount 30869 Elapsed Ticks: 4615
Context Switch Count 97 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14d1000 Current f14d0c48 Base f14d1000 Limit
f14ce000 Call 0
Priority 9 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14d0c60 8042de88 f14d0d64 e2c83420 00000000
nt!KiSwapThread+0xc5
f14d0c88 80434d74 8154db88 00000010 f14d0d01
nt!KeWaitForSingleObject+0x1a1
f14d0d48 80465691 000000f0 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14d0d48 77f839c7 000000f0 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

PROCESS 81334b20 SessionId: 0 Cid: 0554 Peb: 7ffdf000 ParentCid:
0070
DirBase: 09f71000 ObjectTable: 814da6e8 TableSize: 79.
Image: msiexec.exe
VadRoot 813342a8 Clone 0 Private 144. Modified 0. Locked 0.
DeviceMap 8189e668
Token e2cc7bb0
ElapsedTime 0:06:12.0031
UserTime 0:00:00.0015
KernelTime 0:00:00.0000
QuotaPoolUsage[PagedPool] 19676
QuotaPoolUsage[NonPagedPool] 2956
Working Set Sizes (now,min,max) (579, 50, 345) (2316KB, 200KB,
1380KB)
PeakWorkingSetSize 619
VirtualSize 19 Mb
PeakVirtualSize 24 Mb
PageFaultCount 625
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 184

THREAD 813348a0 Cid 554.1b4 Teb: 7ffde000 Win32Thread:
e2cc6448 WAIT: (UserRequest) UserMode Non-Alertable
815a4440 ProcessObject
81416c00 NotificationEvent
814734c0 SynchronizationEvent
Not impersonating
Owning Process 81334b20
Wait Start TickCount 11806 Elapsed Ticks: 23678
Context Switch Count 65 LargeStack
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e87b3
Win32 Start Address 0x0100be5e
Stack Init f12fd000 Current f12fc930 Base f12fd000 Limit
f12f9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f12fc948 8042dba9 00000008 e2cc8868 814da6e8
nt!KiSwapThread+0xc5
f12fc97c 80450b9b 00000003 f12fc9f8 00000001
nt!KeWaitForMultipleObjects+0x266
f12fcd48 80465691 00000003 0006da88 00000001
nt!NtWaitForMultipleObjects+0x3a0
f12fcd48 77f9323e 00000003 0006da88 00000001
nt!KiSystemService+0xc4
0006da60 00000000 00000000 00000000 00000000 +0x77f9323e

THREAD 81307920 Cid 554.558 Teb: 7ffdd000 Win32Thread:
00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
81509b08 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 81334b20
Wait Start TickCount 30875 Elapsed Ticks: 4609
Context Switch Count 8
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address 0x7c4e9824
Stack Init f14e1000 Current f14e0c48 Base f14e1000 Limit
f14de000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

Kernel stack not resident.

ChildEBP RetAddr Args to Child
f14e0c60 8042de88 f14e0d64 e2be9560 00000000
nt!KiSwapThread+0xc5
f14e0c88 80434d74 81509b08 00000010 8044af01
nt!KeWaitForSingleObject+0x1a1
f14e0d48 80465691 000000f4 00d9ff54 00000000
nt!NtReplyWaitReceivePortEx+0x45e
f14e0d48 77f839c7 000000f4 00d9ff54 00000000
nt!KiSystemService+0xc4
00d9fe24 00000000 00000000 00000000 00000000 +0x77f839c7

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument:
‘’ To unsubscribe send a blank email to
xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@hollistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@divassoftware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Original poster !

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anurag Sarin
Sent: Saturday, November 20, 2004 11:43 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Hanging problem

BTW what is an OP??