!analyze -v -hang, Cannot get _ERESOURCE type, W7-32bits checked + symbols, Windbg ver. 6.12.0002.63

Hi,

*I've searched the archives but found nothing.

Can't use analze -v -hang, to analyze a system hang, any hints? Symbols are
from MSDN.

Thank you,

kd> !analyze -v -hang
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:

Scanning for threads blocked on locks ...
*Cannot get _ERESOURCE type*

PROCESS_NAME: System

FAULTING_IP:
nt!RtlpBreakWithStatusInstruction+0
829b5f8c cc int 3

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 829b5f8c (nt!RtlpBreakWithStatusInstruction)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 829f9580
Parameter[2]: 00000000

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint
has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments
are invalid

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 829f9580

EXCEPTION_PARAMETER3: 00000000

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x0

CURRENT_IRQL: 1c

BLOCKED_THREAD: 95e58878

LAST_CONTROL_TRANSFER: from 82887d5e to 829b5f8c

STACK_TEXT:
829ecb68 82887d5e 00000001 82898f4f 00000000
nt!RtlpBreakWithStatusInstruction
829ecb70 82898f4f 00000000 00000000 00000001 nt!KdCheckForDebugBreak+0x22
829ecb98 8289985c 82830c96 63bacea0 00000000 nt!KeUpdateRunTime+0x1a1
829ecc0c 829c855f 8296d702 8296d702 00000030 nt!KeUpdateSystemTime+0x900
829ecc0c 82830c96 8296d702 8296d702 00000030
nt!KeUpdateSystemTimeAssist+0x13
829ecc90 82956fa0 00000064 829f9580 829eff00 hal!HalProcessorIdle+0x2
829ecd20 829c9833 00000000 0000000e 00000000 nt!PoIdle+0x700
829ecd24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xf

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KdCheckForDebugBreak+22
82887d5e c3 ret

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KdCheckForDebugBreak+22

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc575

FAILURE_BUCKET_ID: 0x0_nt!KdCheckForDebugBreak+22

BUCKET_ID: 0x0_nt!KdCheckForDebugBreak+22

Followup: MachineOwner

kd> DT _ERESOURCE
hal!_ERESOURCE
+0x000 SystemResourcesList : _LIST_ENTRY
+0x008 OwnerTable : Ptr32 _OWNER_ENTRY
+0x00c ActiveCount : Int2B
+0x00e Flag : Uint2B
+0x010 SharedWaiters : Ptr32 _KSEMAPHORE
+0x014 ExclusiveWaiters : Ptr32 _KEVENT
+0x018 OwnerEntry : _OWNER_ENTRY
+0x020 ActiveEntries : Uint4B
+0x024 ContentionCount : Uint4B
+0x028 NumberOfSharedWaiters : Uint4B
+0x02c NumberOfExclusiveWaiters : Uint4B
+0x030 Address : Ptr32 Void
+0x030 CreatorBackTraceIndex : Uint4B
+0x034 SpinLock : Uint4B

kd> !READY
Processor 0: No threads in READY state

kd> !threads
Index TID TEB StackBase
StackLimit DeAlloc StackSize ThreadProc
0 00000000 0x829f9580 0x00000000 0x829f9588 0x00000005
0x7d606a78 ReadVirtual: fffffff4 not properly sign extended
0x8007001e
Total VM consumed by thread stacks 0x7d606a78

I never use this command so I hadn’t realized it was broken…Looks like
this hasn’t been updated to reflect changes to the ERESOURCE structure:

0: kd> .show_sym_failures /s /t
Show symbol lookup failures: yes
Show type lookup failures: yes
0: kd> !analyze -hang
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {a56aee00, 0, 84e68eea, 0}

Scanning for threads blocked on locks …
type lookup ‘nt!_ERESOURCE’ failure, field ‘OwnerThreads’ not found.
Cannot get _ERESOURCE type

And it looks like that field of the ERESOURCE disappeared as of Vista or so.

If you believe that you have an ERESOURCE deadlock you can use !locks -v
instead, which *has* been updated to reflect the new ERESOURCE structure.

As for !threads, that’s a new one to me. It appears to be undocumented and
not work, so I’d stay away from that What info were you trying to get
from that command?

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

!threads works only with sos extension for managed threads. (my mistake)

I want to see all threads on the system(information grouped as in !exqueue).

I`m using !locks -v. All threads are waiting for some synchronization
objects, including worker threads.

How can I see which thread has a lock? With !locks I can see waiting
threads.

Only the mouse is working, everything else is in “hang state” -new
windows state.

Thank you,

kd> !exqueue
Dumping ExWorkerQueue: 82C00F00

**** Critical WorkQueue( current = 0 maximum = 1 )
THREAD 86ed5020 Cid 0004.0018 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5d48 Cid 0004.001c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5a70 Cid 0004.0020 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5798 Cid 0004.0024 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed54c0 Cid 0004.0028 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 878e9778 Cid 0004.089c Teb: 00000000 Win32Thread: 00000000 WAIT

**** Delayed WorkQueue( current = 0 maximum = 1 )
THREAD 86ed6020 Cid 0004.002c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6d48 Cid 0004.0030 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6a70 Cid 0004.0034 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6798 Cid 0004.0038 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed64c0 Cid 0004.003c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed8020 Cid 0004.0040 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed8d48 Cid 0004.0044 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91a88810 Cid 0004.020c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 87f09b50 Cid 0004.021c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91bf88f8 Cid 0004.0220 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91a3fd48 Cid 0004.0234 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 919fed48 Cid 0004.0248 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95c02918 Cid 0004.026c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95c03918 Cid 0004.0274 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91893c78 Cid 0004.0368 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91b7daf8 Cid 0004.0370 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 8eaec570 Cid 0004.0374 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da1020 Cid 0004.03c8 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da25c0 Cid 0004.03d8 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da4d48 Cid 0004.03e4 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 878bed48 Cid 0004.0a5c Teb: 00000000 Win32Thread: 00000000 WAIT

**** HyperCritical WorkQueue( current = 0 maximum = 1 )
THREAD 86ed8a70 Cid 0004.0048 Teb: 00000000 Win32Thread: 00000000 WAIT

On Thu, Mar 31, 2011 at 5:49 PM, Scott Noone wrote:

> I never use this command so I hadn’t realized it was broken…Looks like
> this hasn’t been updated to reflect changes to the ERESOURCE structure:
>
> 0: kd> .show_sym_failures /s /t
> Show symbol lookup failures: yes
> Show type lookup failures: yes
> 0: kd> !analyze -hang
>
> ***
> *
> * Bugcheck Analysis
> *
>
>
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck D5, {a56aee00, 0, 84e68eea, 0}
>
>
> Scanning for threads blocked on locks …
> type lookup ‘nt!_ERESOURCE’ failure, field ‘OwnerThreads’ not found.
> Cannot get _ERESOURCE type
>
> And it looks like that field of the ERESOURCE disappeared as of Vista or
> so.
>
> If you believe that you have an ERESOURCE deadlock you can use !locks -v
> instead, which has been updated to reflect the new ERESOURCE structure.
>
> As for !threads, that’s a new one to me. It appears to be undocumented and
> not work, so I’d stay away from that What info were you trying to get
> from that command?
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

>I want to see all threads on the system(information grouped as in

!exqueue).

!exqueue just shows the system worker queue threads. If you want to see all
threads in the system that is:

!process 0 7

You can also use:

!stacks

Or:

!stacks 2

If you want a clean summary view.

How can I see which thread has a lock? With !locks I can see waiting
threads.

!locks shows information about all of the ERESOURCEs in the system and the
output includes both threads waiting for the lock and the threads that own
the lock. In the output, an asterisk next to the thread address indicates
that the thread owns the lock, if there isn’t an asterisk the thread is
waiting for the lock.

Note however that !locks doesn’t show ALL types of locks in the system, just
ERESOURCEs. If you post the output of !locks (without the -v) I can tell you
if the hang is related to ERESOURCEs at all.

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Neagoe Gabriel” wrote in message news:xxxxx@windbg…
!threads works only with sos extension for managed threads. (my mistake)

I want to see all threads on the system(information grouped as in !exqueue).

I`m using !locks -v. All threads are waiting for some synchronization
objects, including worker threads.

How can I see which thread has a lock? With !locks I can see waiting
threads.

Only the mouse is working, everything else is in “hang state” -new
windows state.

Thank you,

kd> !exqueue
Dumping ExWorkerQueue: 82C00F00

Critical WorkQueue( current = 0 maximum = 1 )
THREAD 86ed5020 Cid 0004.0018 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5d48 Cid 0004.001c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5a70 Cid 0004.0020 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed5798 Cid 0004.0024 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed54c0 Cid 0004.0028 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 878e9778 Cid 0004.089c Teb: 00000000 Win32Thread: 00000000 WAIT

Delayed WorkQueue( current = 0 maximum = 1 )
THREAD 86ed6020 Cid 0004.002c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6d48 Cid 0004.0030 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6a70 Cid 0004.0034 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed6798 Cid 0004.0038 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed64c0 Cid 0004.003c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed8020 Cid 0004.0040 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 86ed8d48 Cid 0004.0044 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91a88810 Cid 0004.020c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 87f09b50 Cid 0004.021c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91bf88f8 Cid 0004.0220 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91a3fd48 Cid 0004.0234 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 919fed48 Cid 0004.0248 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95c02918 Cid 0004.026c Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95c03918 Cid 0004.0274 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91893c78 Cid 0004.0368 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 91b7daf8 Cid 0004.0370 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 8eaec570 Cid 0004.0374 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da1020 Cid 0004.03c8 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da25c0 Cid 0004.03d8 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 95da4d48 Cid 0004.03e4 Teb: 00000000 Win32Thread: 00000000 WAIT
THREAD 878bed48 Cid 0004.0a5c Teb: 00000000 Win32Thread: 00000000 WAIT

HyperCritical WorkQueue( current = 0 maximum = 1 )
THREAD 86ed8a70 Cid 0004.0048 Teb: 00000000 Win32Thread: 00000000 WAIT

On Thu, Mar 31, 2011 at 5:49 PM, Scott Noone wrote:
I never use this command so I hadn’t realized it was broken…Looks like
this hasn’t been updated to reflect changes to the ERESOURCE structure:

0: kd> .show_sym_failures /s /t
Show symbol lookup failures: yes
Show type lookup failures: yes
0: kd> !analyze -hang
**************************************************************************

Bugcheck Analysis
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {a56aee00, 0, 84e68eea, 0}

Scanning for threads blocked on locks …
type lookup ‘nt!_ERESOURCE’ failure, field ‘OwnerThreads’ not found.
Cannot get _ERESOURCE type

And it looks like that field of the ERESOURCE disappeared as of Vista or so.

If you believe that you have an ERESOURCE deadlock you can use !locks -v
instead, which has been updated to reflect the new ERESOURCE structure.

As for !threads, that’s a new one to me. It appears to be undocumented and
not work, so I’d stay away from that What info were you trying to get
from that command?

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Neagoe Gabriel wrote:

*I’ve searched the archives but found nothing.

Can’t use analze -v -hang, to analyze a system hang, any hints?
Symbols are from MSDN.
…
FAULTING_IP:
nt!RtlpBreakWithStatusInstruction+0
829b5f8c cc int 3

EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 829b5f8c (nt!RtlpBreakWithStatusInstruction)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 829f9580
Parameter[2]: 00000000
…
STACK_TEXT:
829ecb68 82887d5e 00000001 82898f4f 00000000
nt!RtlpBreakWithStatusInstruction
829ecb70 82898f4f 00000000 00000000 00000001 nt!KdCheckForDebugBreak+0x22
829ecb98 8289985c 82830c96 63bacea0 00000000 nt!KeUpdateRunTime+0x1a1
829ecc0c 829c855f 8296d702 8296d702 00000030 nt!KeUpdateSystemTime+0x900
829ecc0c 82830c96 8296d702 8296d702 00000030
nt!KeUpdateSystemTimeAssist+0x13

According to that stack, this was not a crash. Instead, you used
Ctrl-Break to force a break into the debugger. If so, I hope it is not
too surprising that there is nothing to analyze. !analyze analyzes
bugchecks. You don’t have a bugcheck. You have a normally operating
system.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Here it is:

kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held
locks…

Resource @ 0x85629564 Shared 2 owning threads
Contention Count = 16
Threads: 86ed5798-01<*> 95e58878-01<*>

Resource @ 0x8562959c Shared 1 owning threads
Threads: 86ed5a70-01<*>
KD: Scanning for held locks.

Resource @ 0x87fb296c Shared 1 owning threads
Contention Count = 85
Threads: 86ed5020-01<*>
KD: Scanning for held locks.

Resource @ 0x8ead488c Shared 17 owning threads
Contention Count = 9415
NumberOfSharedWaiters = 12
NumberOfExclusiveWaiters = 12
Threads: 86ed5d48-01<*> 878bed48-01<*> 91bf88f8-01<*> 86ed6798-01<*>
95da1020-01<*> 919fed48-01<*> 86ed8020-01<*> 86ed6d48-01<*>
86ed6a70-01<*> 95da4d48-01<*> 91b7daf8-01<*> 86ed64c0-01<*>
95da25c0-01<*> 8eaec570-01<*> 91893c78-01<*> 95c02918-01<*>
91a88810-01<*> 91a3fd48-01 86ed5798-01 86ed5a70-01
86ed5020-01 86ed54c0-01 8e82b758-01 87804d48-01
87fc83a8-01 95dfb8a8-01 878884d8-01 86ed9328-01
8eb2dd48-01
Threads Waiting On Exclusive Access:
91babd48 87981430 87fc3ca0 877f5d48
8793b718 95c03918 87942508 95db3030
95e3cd48 8e938d48 878af730 8e88ab40

KD: Scanning for held
locks…

Resource @ 0x91b8664c Shared 1 owning threads
Contention Count = 4
NumberOfExclusiveWaiters = 1
Threads: 86ed54c0-01<*>
Threads Waiting On Exclusive Access:
95e58878

KD: Scanning for held
locks…

Resource @ 0x95c0708c Shared 1 owning threads
Threads: 86ed5d48-01<*>
KD: Scanning for held locks…

Resource @ 0x87f03d90 Exclusively owned
Threads: 95db3030-01<*>
KD: Scanning for held locks.

Resource @ 0x95d8b500 Exclusively owned
Contention Count = 2
NumberOfExclusiveWaiters = 2
Threads: 95db3030-01<*>
Threads Waiting On Exclusive Access:
8e947a70 8792ad48

KD: Scanning for held
locks…

Resource @ 0x8782fa88 Exclusively owned
Threads: 86ed5020-01<*>

Resource @ 0x87840728 Exclusively owned
Threads: 86ed54c0-01<*>
KD: Scanning for held locks.

Resource @ 0x878eeca0 Exclusively owned
Threads: 86ed5a70-01<*>

Resource @ 0x80df993c Exclusively owned
Threads: 86ed5798-01<*>
KD: Scanning for held locks.
14373 total locks, 12 locks currently held

On Thu, Mar 31, 2011 at 7:36 PM, Scott Noone wrote:

> I want to see all threads on the system(information grouped as in
>> !exqueue).
>>
>
> !exqueue just shows the system worker queue threads. If you want to see all
> threads in the system that is:
>
> !process 0 7
>
> You can also use:
>
> !stacks
>
> Or:
>
> !stacks 2
>
> If you want a clean summary view.
>
>
> How can I see which thread has a lock? With !locks I can see waiting
>> threads.
>>
>
> !locks shows information about all of the ERESOURCEs in the system and the
> output includes both threads waiting for the lock and the threads that own
> the lock. In the output, an asterisk next to the thread address indicates
> that the thread owns the lock, if there isn’t an asterisk the thread is
> waiting for the lock.
>
> Note however that !locks doesn’t show ALL types of locks in the system,
> just ERESOURCEs. If you post the output of !locks (without the -v) I can
> tell you if the hang is related to ERESOURCEs at all.
>
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
> “Neagoe Gabriel” wrote in message news:xxxxx@windbg.
> …
>
> !threads works only with sos extension for managed threads. (my mistake)
>
> I want to see all threads on the system(information grouped as in
> !exqueue).
>
> I`m using !locks -v. All threads are waiting for some synchronization
> objects, including worker threads.
>
> How can I see which thread has a lock? With !locks I can see waiting
> threads.
>
> Only the mouse is working, everything else is in “hang state” -new
> windows state.
>
> Thank you,
>
> kd> !exqueue
> Dumping ExWorkerQueue: 82C00F00
>
> Critical WorkQueue( current = 0 maximum = 1 )
> THREAD 86ed5020 Cid 0004.0018 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed5d48 Cid 0004.001c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed5a70 Cid 0004.0020 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed5798 Cid 0004.0024 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed54c0 Cid 0004.0028 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 878e9778 Cid 0004.089c Teb: 00000000 Win32Thread: 00000000 WAIT
>
> Delayed WorkQueue( current = 0 maximum = 1 )
> THREAD 86ed6020 Cid 0004.002c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed6d48 Cid 0004.0030 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed6a70 Cid 0004.0034 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed6798 Cid 0004.0038 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed64c0 Cid 0004.003c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed8020 Cid 0004.0040 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 86ed8d48 Cid 0004.0044 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 91a88810 Cid 0004.020c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 87f09b50 Cid 0004.021c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 91bf88f8 Cid 0004.0220 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 91a3fd48 Cid 0004.0234 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 919fed48 Cid 0004.0248 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 95c02918 Cid 0004.026c Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 95c03918 Cid 0004.0274 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 91893c78 Cid 0004.0368 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 91b7daf8 Cid 0004.0370 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 8eaec570 Cid 0004.0374 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 95da1020 Cid 0004.03c8 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 95da25c0 Cid 0004.03d8 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 95da4d48 Cid 0004.03e4 Teb: 00000000 Win32Thread: 00000000 WAIT
> THREAD 878bed48 Cid 0004.0a5c Teb: 00000000 Win32Thread: 00000000 WAIT
>
> HyperCritical WorkQueue( current = 0 maximum = 1 )
> THREAD 86ed8a70 Cid 0004.0048 Teb: 00000000 Win32Thread: 00000000 WAIT
>
>
>
> On Thu, Mar 31, 2011 at 5:49 PM, Scott Noone wrote:
> I never use this command so I hadn’t realized it was broken…Looks like
> this hasn’t been updated to reflect changes to the ERESOURCE structure:
>
> 0: kd> .show_sym_failures /s /t
> Show symbol lookup failures: yes
> Show type lookup failures: yes
> 0: kd> !analyze -hang
>
>***************************************************************************
> * *
> * Bugcheck Analysis *
> * *
>
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck D5, {a56aee00, 0, 84e68eea, 0}
>
>
> Scanning for threads blocked on locks …
> type lookup ‘nt!_ERESOURCE’ failure, field ‘OwnerThreads’ not found.
> Cannot get _ERESOURCE type
>
> And it looks like that field of the ERESOURCE disappeared as of Vista or
> so.
>
> If you believe that you have an ERESOURCE deadlock you can use !locks -v
> instead, which has been updated to reflect the new ERESOURCE structure.
>
> As for !threads, that’s a new one to me. It appears to be undocumented and
> not work, so I’d stay away from that What info were you trying to get
> from that command?
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

“Tim Roberts” wrote in message news:xxxxx@windbg…

If so, I hope it is not too surprising that there is nothing to analyze.
!analyze analyzes
bugchecks. You don’t have a bugcheck. You have a normally operating
system.

!analyze -hang *should* be legitimate in this case, according to the docs:

“In kernel mode, !analyze -hang investigates locks that the system holds and
then scans the DPC queue chain.”

In practice it doesn’t do anything on Vista and later because it was never
updated (I never used it anyway and instead just go the long way).

!analyze -v by itself would of course be more useless (if that’s even
possible :))

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

More input: All seventeen threads that are owning 0x8ead488c are doing
ExAcquireResourceSharedLite on the resource and after that is some
processing and before unlocking the resource a call to *
FsRtlNotifyFullReportChange* is made, where a call to KeWaitForSingleObject,
on event, is made. All threads are OS worker threads.

On Thu, Mar 31, 2011 at 7:58 PM, Scott Noone wrote:

> “Tim Roberts” wrote in message news:xxxxx@windbg…
>
> If so, I hope it is not too surprising that there is nothing to analyze.
>> !analyze analyzes
>> bugchecks. You don’t have a bugcheck. You have a normally operating
>> system.
>>
>
> !analyze -hang should be legitimate in this case, according to the docs:
>
> “In kernel mode, !analyze -hang investigates locks that the system holds
> and then scans the DPC queue chain.”
>
> In practice it doesn’t do anything on Vista and later because it was never
> updated (I never used it anyway and instead just go the long way).
>
> !analyze -v by itself would of course be more useless (if that’s even
> possible :))
>
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Those would indeed be the interesting threads based on the locks output.
What’s the call stack of one of those threads?

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Neagoe Gabriel” wrote in message news:xxxxx@windbg…
More input: All seventeen threads that are owning 0x8ead488c are doing
ExAcquireResourceSharedLite on the resource and after that is some
processing and before unlocking the resource a call to
FsRtlNotifyFullReportChange is made, where a call to KeWaitForSingleObject,
on event, is made. All threads are OS worker threads.

80e05a90 828abcc0 86ed6d48 000031d8 00000000 nt!KiSwapContext+0x26 (FPO:
[Uses EBP] [0,0,4])
80e05ac8 828ad21b 86ed6e08 86ed6d48 87fd70c4 nt!KiSwapThread+0x394
80e05af0 8289e7cb 86ed6d48 86ed6e08 00000000 nt!KiCommitThreadWait+0x461
80e05b60 8288e821 87fd70c4 00000022 00000000 nt!KeWaitForSingleObject+0x505;
87fd70c4 = event
80e05b88 82d213ce 396eb57a 8e9c1970 82821c94 nt!KiAcquireFastMutex+0x7f
80e05c0c 82d21304 87fd70b8 8ead4860 80e05c7c
nt!FsRtlNotifyFilterReportChange+0xc0
80e05c40 893dc1f4 87fd70b8 8ead4860 80e05c7c
nt!FsRtlNotifyFullReportChange+0x48
80e05c8c 893dc0fb 8ead47b8 8be07124 00000008
MyDriver!NotifyDirectoryChanged+0xe4
(FPO: [Non-Fpo]) (CONV: stdcall)
80e05ca8 893e270a 8ead47b8 8be07120 00000008
MyDriver!NotifyChangeDirectory+0x5b
(FPO: [Non-Fpo]) (CONV: stdcall)
80e05d04 829ac2d5 8e9c1970 86ec67c8 86ed6d48 MyDriver!WriteWorker+0xba (FPO:
[Non-Fpo]) (CONV: stdcall) - Here the resource is acquired with
KeEnterCriticalRegion(); ExAcquireResourceSharedLite(…);
80e05d54 82f1679c 00000001 396eb4e6 00000000 nt!ExpWorkerThread+0x129
80e05d90 829c9a35 829ac1ac 00000001 00000000 nt!PspSystemThreadStartup+0x178
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

On Thu, Mar 31, 2011 at 8:52 PM, Scott Noone wrote:

> Those would indeed be the interesting threads based on the locks output.
> What?s the call stack of one of those threads?
>
>
> -scott
>
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
> “Neagoe Gabriel” wrote in message news:xxxxx@windbg.
> …
>
> More input: All seventeen threads that are owning 0x8ead488c are doing
> ExAcquireResourceSharedLite on the resource and after that is some
> processing and before unlocking the resource a call to
> FsRtlNotifyFullReportChange is made, where a call to KeWaitForSingleObject,
> on event, is made. All threads are OS worker threads.
>
>
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

The more interesting line is the line before it:

nt!KiAcquireFastMutex+0x7f

Can you dig out the first parameter to that function? It doesn’t appear to
be at EBP+8 in that frame (0x396eb57a is a user address). The structure type
of that parameter should be nt!_FAST_MUTEX and there’s an owner field that
will say who owns the mutex.

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Neagoe Gabriel” wrote in message news:xxxxx@windbg…
80e05a90 828abcc0 86ed6d48 000031d8 00000000 nt!KiSwapContext+0x26 (FPO:
[Uses EBP] [0,0,4])
80e05ac8 828ad21b 86ed6e08 86ed6d48 87fd70c4 nt!KiSwapThread+0x394
80e05af0 8289e7cb 86ed6d48 86ed6e08 00000000 nt!KiCommitThreadWait+0x461
80e05b60 8288e821 87fd70c4 00000022 00000000 nt!KeWaitForSingleObject+0x505;
87fd70c4 = event
80e05b88 82d213ce 396eb57a 8e9c1970 82821c94 nt!KiAcquireFastMutex+0x7f
80e05c0c 82d21304 87fd70b8 8ead4860 80e05c7c
nt!FsRtlNotifyFilterReportChange+0xc0
80e05c40 893dc1f4 87fd70b8 8ead4860 80e05c7c
nt!FsRtlNotifyFullReportChange+0x48
80e05c8c 893dc0fb 8ead47b8 8be07124 00000008
MyDriver!NotifyDirectoryChanged+0xe4 (FPO: [Non-Fpo]) (CONV: stdcall)
80e05ca8 893e270a 8ead47b8 8be07120 00000008
MyDriver!NotifyChangeDirectory+0x5b (FPO: [Non-Fpo]) (CONV: stdcall)
80e05d04 829ac2d5 8e9c1970 86ec67c8 86ed6d48 MyDriver!WriteWorker+0xba (FPO:
[Non-Fpo]) (CONV: stdcall) - Here the resource is acquired with
KeEnterCriticalRegion(); ExAcquireResourceSharedLite(…);
80e05d54 82f1679c 00000001 396eb4e6 00000000 nt!ExpWorkerThread+0x129
80e05d90 829c9a35 829ac1ac 00000001 00000000 nt!PspSystemThreadStartup+0x178
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

On Thu, Mar 31, 2011 at 8:52 PM, Scott Noone wrote:
Those would indeed be the interesting threads based on the locks output.
What’s the call stack of one of those threads?

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Neagoe Gabriel” wrote in message news:xxxxx@windbg…

More input: All seventeen threads that are owning 0x8ead488c are doing
ExAcquireResourceSharedLite on the resource and after that is some
processing and before unlocking the resource a call to
FsRtlNotifyFullReportChange is made, where a call to KeWaitForSingleObject,
on event, is made. All threads are OS worker threads.

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer