Episode

Defrag Tools #137 - Debugging Kernel Mode Crashes and Hangs

In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to debug some kernel mode memory dumps. We investigate a kernel mode crash (BSOD), and a system hang.

[00:00] Introduction - kernel mode vs. user mode debugging
[02:18] Dump #1: minidump of a Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)
[03:24] Start with !analyze -v
[04:58] Debugger help has comprehensive list of bug check codes
[07:45] Do a web search for the functions on the stack
[08:58] Most likely this crash is fixed by KB 3055343
[10:22] Dump #2: Manually-generated crash dump of a system hang, submitted by Channel 9 viewer Tom
[11:22] Dump was forced via keyboard: Forcing a System Crash from the Keyboard
[12:15] !process 0 0 to list all running processes
[14:33] Andrew's funny story about diagnosing a server performance problem on a DEC Alpha cluster
[16:17] !process [address] 17 to see all the threads in a process (including user mode stacks)
[19:50] !thread with no parameters to see what was running on this CPU
[23:58] ~0 to switch to see what was running on processor 0
[24:44] A storport thread has been trying to acquire a spin lock for a long time. Introduction to Spin Locks
[29:05] !locks shows someone is holding IopDeviceTreeLock and PiEnginelock - some thread is doing Plug & Play work - bus re-enumeration
[31:53] lmvm to look at the storage driver - looks pretty old. Check for updates.
[33:22] !devnode 0 1 shows the device tree
[36:10] Questions? Email us at defragtools@microsoft.com