Our Windows app is often hanging in memory and I'm trying to use windbg to track down the problem. I'm very new to windbg and could use some advice (I have started to read Advanced Windows Debugging though).
The app is a mix of C++ and COM objects written in VB. Occasionally when you exit, the app appears to go away but task manager shows it hanging around in memory, apparently idle.
!threads shows me this:
ThreadCount: 2
UnstartedThread: 0
BackgroundThread: 2
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
PreEmptive GC Alloc Lock
ID OSID ThreadOBJ State GC Context Domain Count APT Exception
0 1 175c 001aa040 4220 Enabled 09131b78:09131fe8 001a2b80 0 STA
6 2 143c 001b4b48 b220 Enabled 00000000:00000000 001a2b80 0 MTA (Finalizer)
To my untrained eye, it looks like it is being kept alive by the finalize queue being blocked by a single-threaded apartment. Does this seem reasonable?
~0kb yields:
ntdll!KiFastSystemCallRet
user32!NtUserGetMessage+0xc
mfc80!AfxInternalPumpMessage+0x18 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 153]
mfc80!CWinThread::Run+0x54 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 625]
mfc80!AfxWinMain+0x69 [f:\sp\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp @ 47]
WARNING: Stack unwind information not available. Following frames may be wrong.
OurApp+0x7e8274
kernel32!BaseProcessStart+0x23
~6kb yields:
ntdll!KiFastSystemCallRet
ntdll!ZwWaitForMultipleObjects+0xc
kernel32!WaitForMultipleObjectsEx+0x12c
kernel32!WaitForMultipleObjects+0x18
mscorwks!WKS::WaitForFinalizerEvent+0x7a
mscorwks!WKS::GCHeap::FinalizerThreadWorker+0x75
mscorwks!Thread::UserResumeThread+0xfb
mscorwks!Thread::DoADCallBack+0x355
mscorwks!Thread::DoADCallBack+0x541
mscorwks!ManagedThreadBase_NoADTransition+0x32
mscorwks!ManagedThreadBase::FinalizerBase+0xb
mscorwks!WKS::GCHeap::FinalizerThreadStart+0xbb
mscorwks!Thread::intermediateThreadProc+0x49
kernel32!BaseThreadStart+0x37
I would appreciate a little course correction here. If my guess of a blocked finalizer seems reasonable, please let me know. I would also be very happy to get some advice on figuring out what exactly is blocking.
Edit:
Shane asked for the output from !analyze. This is actually from a different dump -- I have lots of them and they all look pretty much the same.
FAULTING_IP: +18a952f00ebdf74 00000000 ?? ??? EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 00000000 ExceptionCode: 80000007 (Wake debugger) ExceptionFlags: 00000000 NumberParameters: 0 BUGCHECK_STR: 80000007 PROCESS_NAME: OurApp.exe OVERLAPPED_MODULE: Address regions for 'OurApp' and 'Unknown_Module_00350062' overlap ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt. EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 MANAGED_STACK: !dumpstack -EE OS Thread Id: 0x4490 (0) Current frame: ChildEBP RetAddr Caller,Callee DERIVED_WAIT_CHAIN: Dl Eid Cid WaitType -- --- ------- -------------------------- 0 48c8.4490 Speculated (Triage) --> 5 48c8.4b74 Event WAIT_CHAIN_COMMAND: ~0s;k;;~5s;k;; BLOCKING_THREAD: 00004b74 DEFAULT_BUCKET_ID: APPLICATION_HANG_BlockedOn_EventHandle PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_BlockedOn_EventHandle LAST_CONTROL_TRANSFER: from 7c90df4a to 7c90e514 FAULTING_THREAD: 00000005 STACK_TEXT: 0882fcd0 7c90df4a 7c809590 00000002 0882fcfc ntdll!KiFastSystemCallRet 0882fcd4 7c809590 00000002 0882fcfc 00000001 ntdll!ZwWaitForMultipleObjects+0xc 0882fd70 7c80a115 00000002 7a3b8d28 00000000 kernel32!WaitForMultipleObjectsEx+0x12c 0882fd8c 79f92c5b 00000002 7a3b8d28 00000000 kernel32!WaitForMultipleObjects+0x18 0882fdac 79f970b8 001b1ad8 0882feb0 001a0b18 mscorwks!WKS::WaitForFinalizerEvent+0x77 0882fdc0 79e984cf 0882feb0 00000000 00000000 mscorwks!WKS::GCHeap::FinalizerThreadWorker+0x49 0882fdd4 79e9846b 0882feb0 0882fe5c 79f7762b mscorwks!Thread::DoADCallBack+0x32a 0882fe68 79e98391 0882feb0 9f3f02e2 00000000 mscorwks!Thread::ShouldChangeAbortToUnload+0xe3 0882fea4 79eef74c 0882feb0 00000000 001a86c0 mscorwks!Thread::ShouldChangeAbortToUnload+0x30a 0882fecc 79eef75d 79f9706d 00000008 0882ff14 mscorwks!ManagedThreadBase_NoADTransition+0x32 0882fedc 79f3c6bc 79f9706d 9f3f0352 00000000 mscorwks!ManagedThreadBase::FinalizerBase+0xd 0882ff14 79f920a5 00000000 86fb6620 804fb078 mscorwks!WKS::GCHeap::FinalizerThreadStart+0xbb 0882ffb4 7c80b729 001a0b18 00730074 00610020 mscorwks!Thread::intermediateThreadProc+0x49 0882ffec 00000000 79f9205f 001a0b18 00000000 kernel32!BaseThreadStart+0x37 FOLLOWUP_IP: mscorwks!WKS::WaitForFinalizerEvent+77 79f92c5b 85c0 test eax,eax SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: mscorwks!WKS::WaitForFinalizerEvent+77 FOLLOWUP_NAME: MachineOwner MODULE_NAME: mscorwks IMAGE_NAME: mscorwks.dll DEBUG_FLR_IMAGE_TIMESTAMP: 492b82c1 STACK_COMMAND: ~5s ; kb BUCKET_ID: 80000007_mscorwks!WKS::WaitForFinalizerEvent+77 FAILURE_BUCKET_ID: APPLICATION_HANG_BlockedOn_EventHandle_80000007_mscorwks.dll!WKS::WaitForFinalizerEvent WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/OurApp_exe/6_2_6_1/4a29a184/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1 Followup: MachineOwner --------- 0:000> !threads ThreadCount: 2 UnstartedThread: 0 BackgroundThread: 2 PendingThread: 0 DeadThread: 0 Hosted Runtime: no PreEmptive GC Alloc Lock ID OSID ThreadOBJ State GC Context Domain Count APT Exception 0 1 4490 0019de20 4220 Enabled 09003658:09003fe8 001a86c0 0 STA 5 2 4b74 001b1b08 b220 Enabled 00000000:00000000 001a86c0 0 MTA (Finalizer)
The finalizer thread is idle and is waiting for work -- its trace looks fine. Theread 0 also looks fine and is idle -- it waits for the next UI message.
Can you give some details on how you 'exit' the application? Given that the message loop is still running, it seems to me that something is wrong with your close-application logic.
I agree with J. Passing.
Since one thread is managed code, have you tried loading the SOS debug extension in windbg to get the managed stack trace. Also you could try windbg's "!analyze -v" command ans see what that says.
User contributions licensed under CC BY-SA 3.0