More deadlocking of ntfs...

I have been working on learning why my driver is causing a livelock (or
deadlock but I can still move the mouse). What I have discovered is that
All my calls to IoCallDriver return and all my events that have been out
standing are signalled properly. The driver is filtering out deletes and
renaming the files to a protected location. In doing so, I roll an irp to
perform the IRP_MJ_SETINFORMATION. I get about 300-1000 files into the
deleting 66,000 files when I get a system hang.

Looking at the threads that are stuck, it appears that they are waiting to
acquire either the vcb or another semaphore (I don’t understand why
semaphore limit is 0x7fffffff). What follows is a snapshot of the three
threads holding locks and waiting for locks within my system.

Let me name the threads as follows:

A = 0x84992DA0
B = 0x8474BB40
C = 0x84992B20

Threads A and C attempt to acquire the vcb with a shared lock. Thread B
attempts to acquire the vcb with an exclusive lock. A and C are also
showing a semaphore limit of 0x7fffffff. The following is a snippet of the
!locks info:

Resource @ Ntfs!NtfsData (0xbe475c10) Shared 1 owning threads
Threads: 84992da0-01

Resource @ 0x847e24f4 Shared 1 owning threads
Contention Count = 6
NumberOfSharedWaiters = 2
NumberOfExclusiveWaiters = 1
Threads: 84992da0-01 84992b20-01

Does anyone know what might cause this and what the solution is?

tia! - jb

Thread A info

kd> !thread 84992da0
THREAD 84992da0 Cid 8.14 Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
846ee308 Semaphore Limit 0x7fffffff
84992e88 NotificationTimer
Not impersonating
Owning Process 849b8220
WaitTime (seconds) 39388
Context Switch Count 408
UserTime 0:00:00.0000
KernelTime 0:00:00.0010
Start Address ntoskrnl!ExpWorkerThread (0x80418ada)
Stack Init ed434000 Current ed433b20 Base ed434000 Limit ed431000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 1 DecrementCount 16

ChildEBP RetAddr Args to Child
ed433b38 8042d61c 00000000 847e24f4 84992da0 ntoskrnl!KiSwapThread+0xc5
ed433b60 80417148 846ee308 00000000 00000000
ntoskrnl!KeWaitForSingleObject+0x1a1
ed433ba0 804167d4 847e20f8 ed433c40 00000000
ntoskrnl!ExpWaitForResource+0x1ac
ed433bb8 8041670d 847e24f4 ed433c01 ed433d78
ntoskrnl!ExpAcquireResourceSharedLite+0xb0
ed433bc8 be482cea 847e24f4 ed433c01 847e20f0
ntoskrnl!ExAcquireResourceSharedLite+0x41
ed433bd8 be4d76d6 ed433c40 847e20f0 00000001
Ntfs!NtfsAcquireSharedVcb+0x1b
ed433d78 80418b9f 00000000 00000000 00000000
Ntfs!NtfsCheckUsnTimeOut+0x109
ed433da8 804524f6 00000000 00000000 00000000 ntoskrnl!ExpWorkerThread+0xae
ed433ddc 80465b62 80418ada 00000000 00000000
ntoskrnl!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000 ntoskrnl!KiThreadStartup+0x16

=================================================================
Thread B info

kd> !thread 8474bb40
THREAD 8474bb40 Cid 298.308 Teb: 7ffdb000 Win32Thread: e21b92e8 WAIT:
(Executive) KernelMode Non-Alertable
84727848 SynchronizationEvent
8474bc28 NotificationTimer
IRP List:
846454c8: (0006,0190) Flags: 00000830 Mdl: 00000000
Not impersonating
Owning Process 847431a0
WaitTime (seconds) 39363
Context Switch Count 2604 LargeStack
UserTime 0:00:00.0650
KernelTime 0:00:03.0434
Start Address 0x77e92c50
Win32 Start Address 0x76e32ab8
Stack Init bdfc68f0 Current bdfc61f8 Base bdfc7000 Limit bdfc0000 Call
bdfc68fc
Priority 14 BasePriority 8 PriorityDecrement 4 DecrementCount 16

ChildEBP RetAddr Args to Child
bdfc6210 8042d61c 00000000 847e24f4 8474bb40 ntoskrnl!KiSwapThread+0xc5
bdfc6238 80417148 84727848 00000000 00000000
ntoskrnl!KeWaitForSingleObject+0x1a1
bdfc6278 80416629 84631e48 007e24f4 bdfc6290
ntoskrnl!ExpWaitForResource+0x1ac
bdfc6288 8041666e bdfc632c be4768e0 847e24f4
ntoskrnl!ExpAcquireResourceExclusiveLite+0x64
bdfc6290 be4768e0 847e24f4 e2162901 84631e48
ntoskrnl!ExAcquireResourceExclusiveLite+0x4b
bdfc62a0 be4a2605 84631e48 847e20f0 00000001
Ntfs!NtfsAcquireExclusiveVcb+0x1b
bdfc632c be49993e 84631e48 8464ee68 847e2020
Ntfs!NtfsCommonSetInformation+0x2dd
bdfc639c 8041f54b 847e2020 8464ee68 84648a1c
Ntfs!NtfsFsdSetInformation+0xbf
bdfc63b0 be3c7008 8462e808 846454c8 8464efb0 ntoskrnl!IopfCallDriver+0x35
bdfc6414 be3c5bc9 847e2020 8464c9c8 8462e008 pqscnt!FileMove+0x3e0
bdfc64b4 be23c761 847e2020 846454c8 84748860
pqscnt!OnSetInformationDispatch+0x292
bdfc6524 8041f54b 84748860 846454c8 84645634 pqfilter!FilterDispatch+0x15c
bdfc6538 804b6b7a bdfc6654 00c6e488 804c1308 ntoskrnl!IopfCallDriver+0x35
bdfc6638 80461691 000002ec 00c6e4c8 00c6e4ef
ntoskrnl!NtSetInformationFile+0x58a
bdfc6638 77f93e4a 000002ec 00c6e4c8 00c6e4ef ntoskrnl!KiSystemService+0xc4
bdfc6200 bdfc6238 8474bbac 8474bb40 84727848 +0x77f93e4a
00c6e4f0 00000000 00000000 00000000 00000000 +0xbdfc6238
bdfc6914 804307da bdfc69d4 bdfc69cc 00000000 ntoskrnl!KiCallUserMode+0x4
bdfc6978 a001f885 00000002 bdfc69a8 00000018
ntoskrnl!KeUserModeCallback+0xa6
bdfc6c08 a001f56f a033bbe8 00000111 00017011 win32k!SfnDWORD+0xc2
bdfc6c60 a001b017 a033bbe8 00000111 00017011
win32k!xxxSendMessageTimeout+0x2c7
bdfc6c80 a00535f0 a033bbe8 00000111 00017011 win32k!xxxSendMessage+0x1a
bdfc6cc8 a00533c3 00000007 00000004 bdfc6cf0
win32k!xxxTranslateAccelerator+0x25d
bdfc6d50 80461691 00030116 00010112 00c6fef8
win32k!NtUserTranslateAccelerator+0xa1
bdfc6d50 77e19885 00030116 00010112 00c6fef8 ntoskrnl!KiSystemService+0xc4
bdfc68f8 bdfc7000 bdfc6d64 00000000 00c6ffa4 +0x77e19885
00c6fe9c 00000000 00000000 00000000 00000000 +0xbdfc7000

=================================================================
Thread C info

kd> !thread 84992b20
THREAD 84992b20 Cid 8.18 Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
846ee308 Semaphore Limit 0x7fffffff
84992c08 NotificationTimer
IRP List:
846a17a8: (0006,0190) Flags: 00000884 Mdl: 00000000
Not impersonating
Owning Process 849b8220
WaitTime (seconds) 39671
Context Switch Count 250
UserTime 0:00:00.0000
KernelTime 0:00:00.0871
Start Address ntoskrnl!ExpWorkerThread (0x80418ada)
Stack Init ed438000 Current ed43731c Base ed438000 Limit ed435000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 1 DecrementCount 16

ChildEBP RetAddr Args to Child
ed437334 8042d61c 00000000 847e24f4 84992b20 ntoskrnl!KiSwapThread+0xc5
ed43735c 80417148 846ee308 00000000 00000000
ntoskrnl!KeWaitForSingleObject+0x1a1
ed43739c 804167d4 846e39a8 846e39a8 ed437738
ntoskrnl!ExpWaitForResource+0x1ac
ed4373b4 8041670d 847e24f4 00000001 ed4376d8
ntoskrnl!ExpAcquireResourceSharedLite+0xb0
ed4373c4 be482cea 847e24f4 00000001 846a18f0
ntoskrnl!ExAcquireResourceSharedLite+0x41
ed4373d4 be483289 846e39a8 847e20f0 00000001
Ntfs!NtfsAcquireSharedVcb+0x1b
ed4376d8 be4849fd 846e39a8 846a17a8 ed437738 Ntfs!NtfsCommonCreate+0x1e1
ed437778 8041f54b 847e2020 846a17a8 846a1914 Ntfs!NtfsFsdCreate+0x157
ed43778c be23c4cd 846a1914 846a1938 ed437bcc ntoskrnl!IopfCallDriver+0x35
ed4377c8 be23d095 84748918 846a17a8 00000ab0 pqfilter!CallAndRelease+0x19d
ed43784c 8041f54b 84748860 846a17a8 846a17b8
pqfilter!FilterCreateDispatch+0x424
ed437860 804a3e54 804a392a 84999338 ed437b50 ntoskrnl!IopfCallDriver+0x35
ed4379e8 8044e27e 84999350 00000000 ed437a94 ntoskrnl!IopParseDevice+0xa04
ed437a54 804957ae 00000000 ed437b00 00000040
ntoskrnl!ObpLookupObjectName+0x4c4
ed437b64 804a78b8 00000000 00000000 8044c300
ntoskrnl!ObOpenObjectByName+0xc5
ed437c38 804a361e ed437d4c 00000080 ed437d04 ntoskrnl!IoCreateFile+0x3ec
ed437c78 be09725b ed437d4c 00000080 ed437d04 ntoskrnl!NtOpenFile+0x25
ed437d54 be07fe8c be08ab88 8046a5c0 84992b20 srv!CheckDiskSpace+0x10b
ed437d78 80418b9f 00000000 00000000 00000000 srv!ScavengerThread+0x67
ed437da8 804524f6 00000000 00000000 00000000 ntoskrnl!ExpWorkerThread+0xae
ed437ddc 80465b62 80418ada 00000000 00000000
ntoskrnl!PspSystemThreadStartup+0x69
00000000 00000000 00000000 00000000 00000000 ntoskrnl!KiThreadStartup+0x16


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com