I am developing a wfp driver. It is working (kind of) and interacting with my user mode app. The user mode app sends IRPs to the driver to tell it what to do with queued network packets. All works fine. However at some random point the whole system freezes. Not a blue screen, rather a freeze.
My question is this. What would the panel on here do to investigate this? I have tried checking for deadlocks using verifier. No dice. As there is no BSOD then there is no crashdump.
Any advice greatly appreciated as always.
Hi.
Generate a manual Crash-Dump. Here’s the KB
http://support.microsoft.com/kb/244139/en-us
You will have to modify your registry. Google for CrashOnCtrlScroll. And
keep in mind … it’s the *right" Ctrl-Key.
wrote news:xxxxx@ntdev…
> I am developing a wfp driver. It is working (kind of) and interacting with
> my user mode app. The user mode app sends IRPs to the driver to tell it
> what to do with queued network packets. All works fine. However at some
> random point the whole system freezes. Not a blue screen, rather a freeze.
>
> My question is this. What would the panel on here do to investigate this?
> I have tried checking for deadlocks using verifier. No dice. As there is
> no BSOD then there is no crashdump.
>
> Any advice greatly appreciated as always.
>
Would this work if the system has already locked up?
It depends on the lockup. In order of chance of success:
-
Breaking in with the debugger (breaks in via the clock ISR)
-
Crashing the system via a P/S2 keyboard (crashes via the keyboard ISR)
-
Crashing the system via a USB keyboards (crashes via a DPC)
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Would this work if the system has already locked up?
>
It does work. I have loaded the minidump and can see the stack. How do you find out what caused the hang? Is there a kd command?
You need at least a kernel summary dump for a hang, the minidump isn’t going
to do you much good. Once you have a kernel summary dump, you need to start
picking through threads trying to figure out what the problem might be.
Here’s a start:
!running -it
!stacks 2
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> It does work. I have loaded the minidump and can see the stack. How do you
> find out what caused the hang? Is there a kd command?
>
Is see no option for “Kernel summary dump” in the windows config. Only Small/Kernel/Complete.
Do you mean the last one?
Kernel == Kernel Summary.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Is see no option for “Kernel summary dump” in the windows config. Only
> Small/Kernel/Complete.
>
> Do you mean the last one?
>
Great, so that is what it is currently set to. The files are still called minidump though.
I believe I have found the faulting code, more by luck than judgement. It appears when the WFP ale connect callout receives a notification and tries to get a spinlock on the packet queue it then freezes.
Not sure why as this has been working like a champ. Why on earth would trying to acquire a spinlock cause the system to hang? I thought the whole point of spinlocks was to prevent such things.
Weird, shouldn’t be.
Not sure why as this has been working like a champ. Why on earth would
trying to acquire a spinlock cause the system to >hang? I thought the whole
point of spinlocks was to prevent such things.
Likely you’re trying to acquire the same spinlock twice, either because it’s
already held by someone calling you or you forgot to release it someplace
(another option is that the lock itself became corrupted so the, “is it
held” bit is 1 even though it shouldn’t be).
Does your driver pass Verifier? How about Prefast? Don’t know anything about
WFP so it also might be some specific rule you’re violating, in which case
The Panel will probably have an opinion (BTW, I do like the image of a panel
of cloaked individuals arguing the correct way to drop locks).
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Great, so that is what it is currently set to. The files are still called
> minidump though.
> I believe I have found the faulting code, more by luck than judgement. It
> appears when the WFP ale connect callout receives a notification and tries
> to get a spinlock on the packet queue it then freezes.
>
> Not sure why as this has been working like a champ. Why on earth would
> trying to acquire a spinlock cause the system to hang? I thought the whole
> point of spinlocks was to prevent such things.
>
A freeze such as you describe generally indicates spinning while at high
IRQL. Have you looked at your usage of spinlocks? Is there a matching
release for every acquire? And – ohmagod – did you release them in the
proper order ?
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.uk
Sent: Friday, August 27, 2010 7:17 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] System lockup
Would this work if the system has already locked up?
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
From any of these forced crashes you can step back to the actual infinite
loop. Yeah, you’re going to be tiptoeing through assembly, but then that is
life in the kernel.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Friday, August 27, 2010 7:26 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] System lockup
It depends on the lockup. In order of chance of success:
-
Breaking in with the debugger (breaks in via the clock ISR)
-
Crashing the system via a P/S2 keyboard (crashes via the keyboard ISR)
-
Crashing the system via a USB keyboards (crashes via a DPC)
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Would this work if the system has already locked up?
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
wrote in message news:xxxxx@ntdev…
…
> Why on earth would trying to acquire a spinlock cause the system to hang?
> I thought the whole point of spinlocks was to prevent such things.
>
Get ready to another 100+ message thread.
– pa
>connect callout receives a notification and tries to get a spinlock on the packet queue it then freezes.
Deadlock on a spinlock. This occurs.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com