Because the font is, occasionally, not full of crap...

I've got three web servers, all running IIS 4 on NT 4. I'm experiencing a
locking situation by the look of it where all servers go up to 60% average
CPU usage and stay there.

I've done a IISState on one of the servers and get the following (in order
of my interpretation) :

Thread ID: 47
System Thread ID: 185
Kernel Time: 0:0:5.875
User Time: 0:0:46.453
Thread Status: Thread is in a WAIT state.
Other information: Thread is waiting for a lock to be released. Looking for
lock owner.
Owning thread System ID: 1d4
Thread Type: ASP
Executing Page: Either ASP.dll is not being called on this thread or symbol
file not available. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 0364f7c4 77f6cfe2 ntdll!NtWaitForSingleObject+0xb
01 0364f834 77f67646 ntdll!RtlpWaitForCriticalSection+0xa5
02 0364f83c 77f64e24 ntdll!RtlEnterCriticalSection+0x46
03 0364f860 77b2102c ntdll!RtlFreeHeap+0x94
04 0364f870 653415ae ole32!CRetailMalloc_Free+0x17
05 0364f890 65341554 OLEAUT32!APP_DATA::FreeCachedMem+0x85
06 0364f8a0 653422e5 OLEAUT32!SysFreeString+0x57
07 0364f8b4 6b6010b3 OLEAUT32!VariantClear+0x72
WARNING: Stack unwind information not available. Following frames may be
wrong.
08 0364f8c8 6b601629 vbscript+0x10b3
09 01341c28 00000000 vbscript+0x1629


Several of these, all waiting on thread 1d4 - 1d4 is the following :

Thread ID: 29
System Thread ID: 1d4
Kernel Time: 0:0:4.359
User Time: 0:0:41.125
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
vbscript.dll -
Thread Type: ASP
Executing Page: Either ASP.dll is not being called on this thread or symbol
file not available. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 01a5f9fc 77f65296 ntdll!RtlpInsertFreeBlock+0xdf
01 01a5fa3c 77f64e6f ntdll!RtlpDeCommitFreeBlock+0x2d4
02 01a5fa68 77b2102c ntdll!RtlFreeHeap+0xdf
03 01a5fa78 653415ae ole32!CRetailMalloc_Free+0x17
04 01a5fa98 65341554 OLEAUT32!APP_DATA::FreeCachedMem+0x85
05 01a5faa8 653422e5 OLEAUT32!SysFreeString+0x57
06 01a5fabc 6b6010b3 OLEAUT32!VariantClear+0x72
WARNING: Stack unwind information not available. Following frames may be
wrong.
07 01a5fad0 6b601629 vbscript+0x10b3
08 013147b0 00000000 vbscript+0x1629

Now to me that looks like a simple ASP page running through a VBScript - why
would it be causing all the others to wait for it to complete?

I can post the full IISState log if needs be, but it generally repeats the
above.

"dwb" <(E-Mail Removed)> wrote in message
news:c4n6j6$2l0b1s$(E-Mail Removed)...
> Because the font is, occasionally, not full of crap...
>
> I've got three web servers, all running IIS 4 on NT 4. I'm experiencing a
> locking situation by the look of it where all servers go up to 60% average
> CPU usage and stay there.
>
> I've done a IISState on one of the servers and get the following (in order
> of my interpretation) :
>
<snip>
>
> Now to me that looks like a simple ASP page running through a VBScript -
why
> would it be causing all the others to wait for it to complete?

*JEREMY*

--
Sorby

"Sorby" <(E-Mail Removed)> wrote in message
news:c4n6ud$2jpdvs$(E-Mail Removed)...
> "dwb" <(E-Mail Removed)> wrote in message
> > Now to me that looks like a simple ASP page running through a VBScript -
> why
> > would it be causing all the others to wait for it to complete?
>
> *JEREMY*

You think it could be the regional setting then?

"dwb" <(E-Mail Removed)> wrote in message
news:c4nb77$2jo70m$(E-Mail Removed)...
>
> "Sorby" <(E-Mail Removed)> wrote in message
> news:c4n6ud$2jpdvs$(E-Mail Removed)...
> > "dwb" <(E-Mail Removed)> wrote in message
> > > Now to me that looks like a simple ASP page running through a
VBScript -
> > why
> > > would it be causing all the others to wait for it to complete?
> >
> > *JEREMY*
>
> You think it could be the regional setting then?

Heh - I've no idea - but I do propose we shout *JEREMY* whenever anyone
posts a computer-related technical query.

--
Sorby

Sorby wrote:

> Heh - I've no idea - but I do propose we shout JEREMY whenever anyone
> posts a computer-related technical query.

Only to ones I can answer.

--
Simon

Brighton | MYSOB: http://www.sweller.co.uk/sob/
England | MZSOB: http://www.mztech.fsnet.co.uk/

dwb wrote:

> Because the font is, occasionally, not full of crap...
>
> I've got three web servers, all running IIS 4 on NT 4. I'm
> experiencing a locking situation by the look of it where all servers
> go up to 60% average CPU usage and stay there.
>
> I've done a IISState on one of the servers and get the following (in
> order of my interpretation) :
>
<snip detail>
>
> I can post the full IISState log if needs be, but it generally
> repeats the above.

<fx: scratches chin knowingly>

Hmmm, have you tried slapping the side of the box? Let me know if that
doesn't fix it - I have more.

--
Abso [at] ukrm [dot] net

CHI#1 WG*#3 PM#4 DFV#9 BOTAFOT#108

"Abso" <(E-Mail Removed)> wrote in message
news:c4ndcl$u5v$(E-Mail Removed)...
> Hmmm, have you tried slapping the side of the box? Let me know if that
> doesn't fix it - I have more.

Hmm - tough choice - slap it around, or spill coffee on it...

Drat, it's in a data centre so I can't do either

dwb wrote:

>
> "Abso" <(E-Mail Removed)> wrote in message
> news:c4ndcl$u5v$(E-Mail Removed)...
> > Hmmm, have you tried slapping the side of the box? Let me know if
> > that doesn't fix it - I have more.
>
> Hmm - tough choice - slap it around, or spill coffee on it...
>
> Drat, it's in a data centre so I can't do either

Damn. Gotta admit it, this one's got me beat. You're screwed. HTH,
etc..

--
Abso [at] ukrm [dot] net

CHI#1 WG*#3 PM#4 DFV#9 BOTAFOT#108

"dwb" <(E-Mail Removed)> wrote in message
news:c4n6j6$2l0b1s$(E-Mail Removed)...
> Because the font is, occasionally, not full of crap...
>
> I've got three web servers, all running IIS 4 on NT 4. I'm experiencing a
> locking situation by the look of it where all servers go up to 60% average
> CPU usage and stay there.
>
> I've done a IISState on one of the servers and get the following (in order
> of my interpretation) :
>
> Thread ID: 47
> System Thread ID: 185
> Kernel Time: 0:0:5.875
> User Time: 0:0:46.453
> Thread Status: Thread is in a WAIT state.
> Other information: Thread is waiting for a lock to be released. Looking
for
> lock owner.
> Owning thread System ID: 1d4
> Thread Type: ASP
> Executing Page: Either ASP.dll is not being called on this thread or
symbol
> file not available. Unable to locate ASP page.
> Continuing with other analysis.
<snip>

Is the script accessing references to apartment-threaded objects (such as
objects created from VB6 class modules) in Application or Session state?

I'm wondering if there's a deadlock when marshalling across apartment
boundaries.


--
Smorgo (Steve Morgan)
Hello: '01 VFR 800 FI, '86 V8 110
Goodbye: '01 NT650V
E-Mail address is spam-trapped. Use my first name at wormpurple dot com

In article <c4n6j6$2l0b1s$(E-Mail Removed)>,
(E-Mail Removed) says...
> # ChildEBP RetAddr
> 00 01a5f9fc 77f65296 ntdll!RtlpInsertFreeBlock+0xdf
> 01 01a5fa3c 77f64e6f ntdll!RtlpDeCommitFreeBlock+0x2d4
> 02 01a5fa68 77b2102c ntdll!RtlFreeHeap+0xdf
> 03 01a5fa78 653415ae ole32!CRetailMalloc_Free+0x17
> 04 01a5fa98 65341554 OLEAUT32!APP_DATA::FreeCachedMem+0x85
> 05 01a5faa8 653422e5 OLEAUT32!SysFreeString+0x57
> 06 01a5fabc 6b6010b3 OLEAUT32!VariantClear+0x72
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> 07 01a5fad0 6b601629 vbscript+0x10b3
> 08 013147b0 00000000 vbscript+0x1629
>
> Now to me that looks like a simple ASP page running through a VBScript - why
> would it be causing all the others to wait for it to complete?

Best bit of L1 analysis I've seen in ages. Cab, take a note.

The above is trying to free some allocation back and holding a lock
that the others are all waiting to get

> 01 0364f834 77f67646 ntdll!RtlpWaitForCriticalSection+0xa5
> 02 0364f83c 77f64e24 ntdll!RtlEnterCriticalSection+0x46

It looks like it's running through a big long chain of free blocks to
deposit this newly freed allocation, given that you've caught it in:

> 00 01a5f9fc 77f65296 ntdll!RtlpInsertFreeBlock+0xdf

If this list is huge or f**ked, then everyone is going to be sitting
around waiting for the lock. It's probably not circular or everything
would stop dear behind this.

I'll have a look tomorrow to see how the above works.

--
R1150GS
Insert u in the obvious place to reply...
(E-Mail Removed)