Crash Dump Analysis Patterns (Part 42o)

Slim Reader/Writer locks are available from Windows Vista and sometimes we can see them in Stack Trace Collection. Although, at the time of this writing, there is no WinDbg support for them, the techniques described in the example for C++11 condition variable Wait Chain analysis pattern can be used. Here is an example where we used semantics of stack trace similarity such as “rendering” to find the stack trace of the possible owner thread:

0:000> ~*k

[...]

4  Id: be4.2af4 Suspend: 0 Teb: 7efa1000 Unfrozen
# ChildEBP RetAddr
00 0414bfe8 776e2157 ntdll_77670000!NtWaitForKeyedEvent+0×15
01 0414c054 5c9c3f8e ntdll_77670000!RtlAcquireSRWLockExclusive+0×12e

02 0414c06c 5ca2ad83 mshtml!TSmartResource<CDXRenderLock>::Acquire<enum DXLock::Type>+0×5e
03 0414c09c 5cdffa63 mshtml!CDXSystem::CheckAndHandleDeviceReset+0×43
04 0414c0b0 5cdff9eb mshtml!CDoc::CheckAndHandleDeviceReset+0×23
05 0414c130 5cabe82e mshtml!CDoc::OnPaint+0xcb
06 0414c164 5c9d632b mshtml!CServer::OnWindowMessage+0xfb
07 0414c324 5c9bbcb0 mshtml!CDoc::OnWindowMessage+0×24c
08 0414c354 76ea62fa mshtml!CServer::WndProc+0×58
09 0414c380 76ea731e user32!InternalCallWinProc+0×23
0a 0414c3f8 76ea6ded user32!UserCallWinProcCheckWow+0xd8
0b 0414c458 76ea6e4c user32!DispatchClientMessage+0xec
0c 0414c494 7768011a user32!__fnDWORD+0×2b
0d 0414c4cc 76eb1342 ntdll_77670000!KiUserCallbackDispatcher+0×2e
0e 0414c514 76ea789a user32!DispatchMessageWorker+0×442
0f 0414c524 5f69a97c user32!DispatchMessageW+0xf
10 0414f6f4 5f6dc648 ieframe!CTabWindow::_TabWindowThreadProc+0×464
11 0414f7b4 7543dbfc ieframe!LCIETab_ThreadProc+0×3e7
12 0414f7cc 6b303a31 iertutil!_IsoThreadProc_WrapperToReleaseScope+0×1c
13 0414f804 7696338a IEShims!NS_CreateThread::DesktopIE_ThreadProc+0×94
14 0414f810 776a9902 kernel32!BaseThreadInitThunk+0xe
15 0414f850 776a98d5 ntdll_77670000!__RtlUserThreadStart+0×70
16 0414f868 00000000 ntdll_77670000!_RtlUserThreadStart+0×1b

[...]

23  Id: be4.b88 Suspend: 0 Teb: 7ef4a000 Unfrozen
# ChildEBP RetAddr
00 0f3cbb60 76a815ce ntdll_77670000!NtWaitForSingleObject+0x15
01 0f3cbbcc 76961194 KERNELBASE!WaitForSingleObjectEx+0x98
02 0f3cbbe4 76961148 kernel32!WaitForSingleObjectExImplementation+0x75
03 0f3cbbf8 746a5aa5 kernel32!WaitForSingleObject+0x12
04 0f3cbcac 6aef2f6c dwmapi!DwmpDxGetWindowSharedSurface+0x374
05 0f3cc198 6aef1c2e dxgi!CDXGISwapChain::PresentImpl+0x6fa
06 0f3cc1f0 5d59339f dxgi!CDXGISwapChain::Present+0x5d
07 0f3cc214 5cea42bc mshtml!CDXSwapChainTargetSurface::OnPresent+0x2f
08 0f3cc240 5cea360d mshtml!CDXRenderTarget::Present+0×5c
09 0f3cc5c4 5cdbf5e1 mshtml!CPaintHandler::RenderInternal+0xad3
0a 0f3cc5f0 5ca1da8e mshtml!CPaintController::Render+0×39
0b 0f3cc630 5ce8692b mshtml!CRenderTaskDrawInPlace::Execute+0xc1
0c 0f3cc66c 5ca1c4c9 mshtml!CRenderTaskQueue::AddRenderTask+0xd2
0d 0f3cc6e0 5ca1a466 mshtml!CView::RenderInPlace+0×3cd
0e 0f3cc718 5ca1a4d4 mshtml!CDoc::PaintWorker+0×24d
0f 0f3cc738 5ca2983b mshtml!CDoc::PaintInPlace+0×40
10 0f3cc76c 5ca2978a mshtml!CPaintController::RunRenderingLoop+0×68

11 0f3cc790 5ca1180c mshtml!CPaintController::OnUpdateBeat+0×66
12 0f3cc7cc 5ca2a7af mshtml!CPaintBeat::OnBeat+0×234
13 0f3cc7f8 5c9bd27b mshtml!CPaintBeat::OnVSyncMethodCall+0×86
14 0f3cc840 5c9bc99c mshtml!GlobalWndOnMethodCall+0×17b
15 0f3cc894 76ea62fa mshtml!GlobalWndProc+0×103
16 0f3cc8c0 76ea6d3a user32!InternalCallWinProc+0×23
17 0f3cc938 76ea77d3 user32!UserCallWinProcCheckWow+0×109
18 0f3cc99c 76ea789a user32!DispatchMessageWorker+0×3cb
19 0f3cc9ac 5f69a97c user32!DispatchMessageW+0xf
1a 0f3cfb7c 5f6dc648 ieframe!CTabWindow::_TabWindowThreadProc+0×464
1b 0f3cfc3c 7543dbfc ieframe!LCIETab_ThreadProc+0×3e7
1c 0f3cfc54 6b303a31 iertutil!_IsoThreadProc_WrapperToReleaseScope+0×1c
1d 0f3cfc8c 7696338a IEShims!NS_CreateThread::DesktopIE_ThreadProc+0×94
1e 0f3cfc98 776a9902 kernel32!BaseThreadInitThunk+0xe
1f 0f3cfcd8 776a98d5 ntdll_77670000!__RtlUserThreadStart+0×70
20 0f3cfcf0 00000000 ntdll_77670000!_RtlUserThreadStart+0×1b

[...]

28  Id: be4.17c8 Suspend: 0 Teb: 7ef3d000 Unfrozen
# ChildEBP RetAddr
00 0ee2c988 776e2157 ntdll_77670000!NtWaitForKeyedEvent+0×15
01 0ee2c9f4 5c9c3f8e ntdll_77670000!RtlAcquireSRWLockExclusive+0×12e

02 0ee2ca0c 5cc69e25 mshtml!TSmartResource<CDXRenderLock>::Acquire<enum DXLock::Type>+0×5e
03 0ee2ca3c 5cc71743 mshtml!CDXSystemShared::PurgeResourceCaches+0×29
04 0ee2ca50 5cc7170d mshtml!CDXSystem::~CDXSystem+0×1d
05 0ee2ca5c 5cc716e6 mshtml!RefCounted<CDXSystem,SingleThreadedRefCount>::`vector deleting destructor’+0xd
06 0ee2ca6c 5c9bea0d mshtml!RefCounted<CDXSystem,SingleThreadedRefCount>::Release+0×2d
07 0ee2ca7c 5cc6a734 mshtml!TSmartPointer<Windows::Foundation::IAsyncOperation<Windows::Foundation:: Collections::IMapView<HSTRING__ *,Windows::Storage::Streams::RandomAccessStreamReference *> *> >::~TSmartPointer<Windows::Foundation::IAsyncOperation<Windows::Foundation:: Collections::IMapView<HSTRING__ *,Windows::Storage::Streams::RandomAccessStreamReference *> *> >+0×1d
08 0ee2ca84 5cc6a6e0 mshtml!DeinitRenderSystem+0×14
09 0ee2caa0 5cc6a63a mshtml!DeinitThreadStateStruct<void (__stdcall*)(EXTENDEDTHREADSTATE *),EXTENDEDTHREADSTATE>+0×22
0a 0ee2cab0 5d272f1d mshtml!DeinitExtendedThreadState+0×24
0b 0ee2cacc 5cabd85e mshtml!_DecrementObjectCount+0×79
0c 0ee2cad8 5f78b662 mshtml!CBaseLockCF::LockServer+0×4a
0d 0ee2cafc 5f797c4d ieframe!CBaseBrowser2::~CBaseBrowser2+0×265
0e 0ee2cb08 5f797c2e ieframe!CShellBrowser2::`vector deleting destructor’+0xd
0f 0ee2cb24 5f78e7bf ieframe!CShellBrowser2::Release+0×47
10 0ee2fcf4 5f6dc648 ieframe!CTabWindow::_TabWindowThreadProc+0×83e
11 0ee2fdb4 7543dbfc ieframe!LCIETab_ThreadProc+0×3e7
12 0ee2fdcc 6b303a31 iertutil!_IsoThreadProc_WrapperToReleaseScope+0×1c
13 0ee2fe04 7696338a IEShims!NS_CreateThread::DesktopIE_ThreadProc+0×94
14 0ee2fe10 776a9902 kernel32!BaseThreadInitThunk+0xe
15 0ee2fe50 776a98d5 ntdll_77670000!__RtlUserThreadStart+0×70
16 0ee2fe68 00000000 ntdll_77670000!_RtlUserThreadStart+0×1b

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Leave a Reply