spindump for Windows Kernel Debugging Devstudio

Question

So, when running into a deadlock, mutex, lock reversal etc etc, on OSX the spindump tool is quite useful. It just dumps all the thread stacks on the system (userland and kernel) and it is fairly visible as to what threads are blocked.

Now using Devstudio to do Kernel Debugging on 2nd VM, I encounter a deadlock. I see I can use "!process 0 0" to dump all processes. And I believe I can switch to a process, and dump threads (?), then pick a thread with "!thread " and "k" to see the stack. But there are literally thousands of threads, surely there is a way to dump them all without manually doing it?

"!process 0 7" runs for about 40mins, and set none of the stacks has my functions in them.

spindump output looks like Thread 0x8ab 1000 samples (1-1000) priority 81 (base 81) *1000 call_continuation + 23 (kernel.development + 1927415) *1000 arc_reclaim_thread + 2391 (arc.c:5095,11 in zfs + 131367) *1000 cv_timedwait_hires + 206 (spl-condvar.c:172,14 in spl + 8125) *1000 msleep + 98 (kernel.development + 7434066) *1000 _sleep + 219 (kernel.development + 7432603) *1000 lck_mtx_sleep_deadline + 147 (kernel.development + 2362339) *1000 thread_block_reason + 286 (kernel.development + 2407438)

So nothing magical there, just that it iterates through all threads.

Answer 1

use !stacks with 0,1,2

quoted from the windbg chm file

The !stacks extension gives a brief summary of the state of every thread. You   
can use this extension instead of the !process extension to get a quick overview    
of the system, especially when debugging multithread issues such as resource    
conflicts or deadlocks.

The !findstack user-mode extension also displays information about particular stacks.

Here is an example of the simplest !stacks display:

kd> !stacks 0
Proc.Thread  .Thread  ThreadState  Blocker
                                     [System]
   4.000050  827eea10  Blocked    +0xfe0343a5

                                     [smss.exe]

                                     [csrss.exe]
  b0.0000a8  82723b70  Blocked    ntoskrnl!_KiSystemService+0xc4
  b0.0000c8  82719620  Blocked    ntoskrnl!_KiSystemService+0xc4
  b0.0000d0  827d5d50  Blocked    ntoskrnl!_KiSystemService+0xc4
.....

edit

!stacks is a time consuming operation the speed is relative to the transport being used
vm to vm has its own overhead on a physical connection to a physical machine with net debugging or a 1394 on a pre win 10 is quiet faster than com port or pipe with 115200 baudrate

i am not sure what your vm is but if you are on vbox then you can try vmkd

any way to answer your comment

you can run this to log and grep the output

.logopen z:\foo.txt ; !stacks 0; .logclose

that will open a log file in your desired path and redirect all the output to the log file and close the log file once the command completes

also keep in mind !stacks accepts a wildcard filter string so that only stacks with a symbols that you know can be filtered

like

kd> .logopen c:\stacks.txt ; !stacks 0  Etw; .logclose
Opened log file 'c:\stacks.txt'

Proc.Thread  .Thread  Ticks   ThreadState Blocker

Max cache size is       : 1048576 bytes (0x400 KB) 
Total memory in cache   : 0 bytes (0 KB) 
Number of regions cached: 0
0 full reads broken into 0 partial reads
    counts: 0 cached/0 uncached, 0.00% cached
    bytes : 0 cached/0 uncached, 0.00% cached
** Prototype PTEs are implicitly decoded
                            [82965600 Idle]
                            [840dcc40 System]
   4.000078  8410ed48 0000081 Blocked    nt!EtwpLogger+0xd0
   4.000080  8410e4d8 0000081 Blocked    nt!EtwpLogger+0xd0
   4.000084  84142020 0000081 Blocked    nt!EtwpLogger+0xd0
   4.000088  84142d48 0000081 Blocked    nt!EtwpLogger+0xd0
   4.000090  8416c630 000001d Blocked    nt!EtwpLogger+0xd0
   4.000094  8496ea88 0000bf3 Blocked    nt!EtwpLogger+0xd0
   4.0000a0  84079a88 000004a Blocked    nt!EtwpLogger+0xd0
   4.000194  85144d48 000445c Blocked    nt!EtwpLogger+0xd0
   4.000308  851b9d48 0004035 Blocked    nt!EtwpLogger+0xd0
   4.00032c  851d3d48 0002d48 Blocked    nt!EtwpLogger+0xd0
   4.00034c  852e8d48 0003e4a Blocked    nt!EtwpLogger+0xd0
   4.000350  84973d48 0003df4 Blocked    nt!EtwpLogger+0xd0
   4.000354  84f0dd48 0003de4 Blocked    nt!EtwpLogger+0xd0
   4.000444  854c7970 0002158 Blocked    nt!EtwpLogger+0xd0

                            [84f0b930 smss.exe]

                            [8409eb38 csrss.exe]

                            [84f34d40 wininit.exe]

                            [84f4d030 csrss.exe]

                            [850f8d40 winlogon.exe]

                            [8515bb38 services.exe]

                            [85161d40 lsass.exe]

                            [85163d40 lsm.exe]