Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
VMware server freeze
Hello,
I have a server that is freezing. No reaction to any kind of commands even on the console.
I made a snapshot of the VM with memory. I transform it in a dump.
What are useful commands (!locks......) to find out why it was feezed. I am assuming there is a lock.
Also how do I read the result of the commands?
Windows Server 2019 OS
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 13-17 May 2024 | Live, Online |
| Developing Minifilters | 1-5 Apr 2024 | Live, Online |
| Internals & Software Drivers | 11-15 Mar 2024 | Live, Online |
| Writing WDF Drivers | 26 Feb - 1 Mar 2024 | Live, Online |
Comments
For a livelock (i.e. CPUs are spinning at 100% and nothing else can get done):
!running -ti
!ready f
For a deadlock (i.e. threads are sleeping and nothing is getting done):
!locks - ERESOURCEs only
!mex.uniquestacks (Mex available here: https://www.microsoft.com/en-us/download/details.aspx?id=53304)
!stacks 2
!process 0 f
-scott
OSR
Thank you for the commands. I will try to investigate. the fact is that the CPU was not at 100%. It was just frozen, also the memory went low under 1GB when you were checking the VM. Basically, nothing was running any longer, just stanning still.
0: kd> !ready f
Processor 0: No threads in READY state
Processor 1: No threads in READY state
Processor 2: No threads in READY state
Processor 3: No threads in READY state
Processor 4: No threads in READY state
Processor 5: No threads in READY state
Processor 6: No threads in READY state
Processor 7: No threads in READY state
0: kd> !running -ti
System Processors: (00000000000000ff)
Idle Processors: (00000000000000eb)
0 fffff802423c1180 fffff8024243d980 ( 0) fffff8024243d980 ................
# Child-SP RetAddr Call Site
00 fffff802
44331840 fffff8024210839c nt!PpmIdleGuestExecute+0x1501 fffff802
44331880 fffff8024210752a nt!PpmIdleExecuteTransition+0xcbc02 fffff802
44331b00 fffff802421df67c nt!PoIdle+0x33a03 fffff802
44331c60 0000000000000000 nt!KiIdleLoop+0x2c1 ffffe7806057c180 ffffe7806058d000 ( 0) ffffe7806058d000 ................
# Child-SP RetAddr Call Site
00 ffffe780
5ffe2840 fffff8024210839c nt!PpmIdleGuestExecute+0x1501 ffffe780
5ffe2880 fffff8024210752a nt!PpmIdleExecuteTransition+0xcbc02 ffffe780
5ffe2b00 fffff802421df67c nt!PoIdle+0x33a03 ffffe780
5ffe2c60 0000000000000000 nt!KiIdleLoop+0x2c2 ffffe78060240180 ffff91035c963080 (15) ffffe78060251000 ................
# Child-SP RetAddr Call Site
00 ffffe780
6e324a50 ffffc069adc5b36d win32kbase!SetHandleFlag+0x2601 ffffe780
6e324a80 ffffc069adc5b2fc win32kfull+0x5b36d02 ffffe780
6e324ad0 fffff802421ecc03 win32kfull+0x5b2fc03 ffffe780
6e324b00 00007ffe44b220e4 nt!KiSystemServiceCopyEnd+0x1304 000000d8
32f7f678 00007ffe2bd3c138 0x00007ffe44b220e4 05 000000d832f7f680 000000000000000e 0x00007ffe2bd3c13806 000000d8
32f7f688 00007ffe2bd67b3c 0xe07 000000d8
32f7f690 ffffffffffffffff 0x00007ffe2bd67b3c 08 000000d832f7f698 000000d832f7f828 0xffffffffffffffff09 000000d8
32f7f6a0 000000d832f7f6f0 0x000000d832f7f828 0a 000000d832f7f6a8 00000000000004a8 0x000000d832f7f6f00b 000000d8
32f7f6b0 000000000002001a 0x4a80c 000000d8
32f7f6b8 000000000002001a 0x2001a0d 000000d8
32f7f6c0 000000000000004a 0x2001a0e 000000d8
32f7f6c8 00007ffe47ba15a5 0x4a0f 000000d8
32f7f6d0 000001e430367a10 0x00007ffe47ba15a5 10 000000d832f7f6d8 000000d832f7f800 0x000001e430367a1011 000000d8
32f7f6e0 0000000000010018 0x000000d832f7f800 12 000000d832f7f6e8 000001e431287510 0x10018 13 000000d832f7f6f0 000000d800000012 0x000001e43128751014 000000d8
32f7f6f8 00007ffe00000012 0x000000d800000012 15 000000d832f7f700 0000000000000000 0x00007ffe000000123 ffffe780602ca180 ffffe780602db000 ( 0) ffffe780602db000 ................
# Child-SP RetAddr Call Site
00 ffffe780
602ff840 fffff8024210839c nt!PpmIdleGuestExecute+0x1501 ffffe780
602ff880 fffff8024210752a nt!PpmIdleExecuteTransition+0xcbc02 ffffe780
602ffb00 fffff802421df67c nt!PoIdle+0x33a03 ffffe780
602ffc60 0000000000000000 nt!KiIdleLoop+0x2c4 ffffe78060357180 ffff9103b29e85c0 ( 8) ffffe78060368000 ................
# Child-SP RetAddr Call Site
00 00000000
00000000 0000000000000000 0x05 ffffe780603e5180 ffffe780603f6000 ( 0) ffffe780603f6000 ................
# Child-SP RetAddr Call Site
00 ffffe780
6061b840 fffff8024210839c nt!PpmIdleGuestExecute+0x1501 ffffe780
6061b880 fffff8024210752a nt!PpmIdleExecuteTransition+0xcbc02 ffffe780
6061bb00 fffff802421df67c nt!PoIdle+0x33a03 ffffe780
6061bc60 0000000000000000 nt!KiIdleLoop+0x2c6 ffffe78060680180 ffffe78060691000 ( 0) ffffe78060691000 ................
# Child-SP RetAddr Call Site
00 ffffe780
60679840 fffff8024210839c nt!PpmIdleGuestExecute+0x1501 ffffe780
60679880 fffff8024210752a nt!PpmIdleExecuteTransition+0xcbc02 ffffe780
60679b00 fffff802421df67c nt!PoIdle+0x33a03 ffffe780
60679c60 0000000000000000 nt!KiIdleLoop+0x2c7 ffffe78060701180 ffffe78060712000 ( 0) ffffe78060712000 ................
# Child-SP RetAddr Call Site
00 ffffe780
607369e0 fffff802421df6aa nt!KiRetireDpcList+0x16301 ffffe780
60736c60 0000000000000000 nt!KiIdleLoop+0x5aProcess PID Thread Id Pri Base Pri Next CPU CSwitches User Kernel State Time Reason
================== ==== ================ ==== === ======== ======== ========= ====== ================ ======= ========== ==============
Idle 0 fffff8024243d980 0 0 0 0 507176964 0 27d.15:51:08.766 Running 30m:32.718 WrCalloutStack
Idle 0 ffffe7806058d000 0 0 0 1 538894446 0 27d.14:38:25.344 Running 31m:47.187 WrCalloutStack
winlogon.exe 3840 ffff91035c963080 9530 15 15 2 257963 0 16ms Running 46ms DelayExecution
Idle 0 ffffe780602db000 0 0 0 3 473101167 0 27d.19:03:01.094 Running 27m:44.968 WrCalloutStack
msedgewebview2.exe 4b78 ffff9103b29e85c0 597c 8 8 4 35189 6s.234 1s.016 Running 390ms UserRequest
Idle 0 ffffe780603f6000 0 0 0 5 540638435 0 27d.17:08:24.500 Running 30m:36.703 WrCalloutStack
Idle 0 ffffe78060691000 0 0 0 6 463232415 0 27d.16:48:22.844 Running 30m:16.718 WrCalloutStack
Idle 0 ffffe78060712000 0 0 0 7 641617303 0 27d.06:59:53.141 Running 33m:45.000 WrCalloutStack
One thing I don't think you know, and which is very difficult to tell with a Windows guest, is whether the VM is frozen, or the UI is frozen. Can you ping the network interface?
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Good question. for this one sadly i do not remember. The above VM`s was getting stuck, and also some others, and they had kind of the same application on them Citrix in general when you logged on to the system mainly with RDP. If i get a new one i will get back, as also the Citrix team did some changes at VMware.