一个异常的死锁问题

WinDbg

一个异常的死锁问题

william 2009-06-01, 21:49 下午
上过张老师的软件调试课程,深深佩服他在window架构以及trouble shooting上的修行,最近碰上了一个棘手的问题,借宝地求助了。

我的项目是用installshield 10.0生成安装包,有windows installer 安装,但是在windows 2003 serve sp2 上安装的时候有时候会hung住(并不是总是发生),每次只要hang住,用windbg查看就是hang在loadlibrary函数,我已经考虑过load lock死锁的问题了,但是就是不明白发生了什么,是否是死锁,第二个线程是工作线程,hang在EnterCriticalSection里,而该CriticalSection并没有被任何其他的线程占有,但是Event就是没有被触发,所以线程2一直在死等。 高手们帮我看看下买你的栈到底发生了什么。

0:005> ~* kb 300

   0  Id: da8.708 Suspend: 1 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr  Args to Child             
0007d990 7c827d19 77e6202c 00000003 0007d9e0 ntdll!KiFastSystemCallRet
0007d994 77e6202c 00000003 0007d9e0 00000001 ntdll!NtWaitForMultipleObjects+0xc
0007da3c 7739bbd1 00000003 0007da64 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
0007da98 7739ce36 00000002 0007dafc ffffffff user32!RealMsgWaitForMultipleObjectsEx+0x141
0007dab4 0100a772 00000002 0007dafc 00000000 user32!MsgWaitForMultipleObjects+0x1f
0007fee0 0100a8f2 01000000 ffffffff 00000000 msiexec!ServerMain+0x13e6
0007ff1c 0100f4a4 01000000 00000000 000a24b0 msiexec!WinMain+0x34
0007ffc0 77e6f23b 00000000 00000000 7ffd8000 msiexec!WinMainCRTStartup+0x182
0007fff0 00000000 0100f322 00000000 00000000 kernel32!BaseProcessStart+0x23

   1  Id: da8.ccc Suspend: 1 Teb: 7ffdd000 Unfrozen
ChildEBP RetAddr  Args to Child             
00c2f4d8 7c827d29 77e61d1e 00000258 00000000 ntdll!KiFastSystemCallRet
00c2f4dc 77e61d1e 00000258 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00c2f54c 77e61c8d 00000258 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xac
00c2f560 746a58f5 00000258 ffffffff 00c2f588 kernel32!WaitForSingleObject+0x12
00c2f584 77c80193 00000000 00000dc4 00c2f798 msi!CMsiCustomAction::RunDLLCustomAction+0x113
00c2f5a4 77ce33e1 746a57e2 00c2f788 00000003 rpcrt4!Invoke+0x30
00c2f9a4 77ce2ed5 000b8a60 000b11b0 000b5bb8 rpcrt4!NdrStubCall2+0x299
00c2f9fc 7778d01b 000b8a60 000b5bb8 000b11b0 rpcrt4!CStdStubBuffer_Invoke+0xc6
00c2fa40 7778cfc8 000b5bb8 000b8af0 000b3768 ole32!SyncStubInvoke+0x37
00c2fa88 776c120b 000b5bb8 000b8950 000b8a60 ole32!StubInvoke+0xa7
00c2fb64 776c0bf5 000b11b0 00000000 000b8a60 ole32!CCtxComChnl::ContextInvoke+0xec
00c2fb80 7778d2a7 000b5bb8 00000001 000b8a60 ole32!MTAInvoke+0x1a
00c2fbb0 7778cd66 d0908070 000b11b0 000b8a60 ole32!AppInvoke+0xa3
00c2fc84 7778d2c6 000b5b60 000b13d0 000b8ad8 ole32!ComInvokeWithLockAndIPID+0x2c5
00c2fcd0 77c7ff7a 000b8d94 000b8ad8 000b8d94 ole32!ThreadInvoke+0x2e3
00c2fd04 77c8042d 7778d238 000b8d94 00c2fdec rpcrt4!DispatchToStubInCNoAvrf+0x38
00c2fd58 77c80353 00000000 00000000 7767bfc8 rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x11f
00c2fd7c 77c7e0d4 000b8d94 00000000 7767bfc8 rpcrt4!RPC_INTERFACE::DispatchToStub+0xa3
00c2fdbc 77c7e080 000b8d94 000b8d4c 00000000 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0xc0
00c2fdfc 77c812f0 000afd10 000a33f0 000afc08 rpcrt4!LRPC_SCALL::DealWithRequestMessage+0x41e
00c2fe20 77c88678 000a3428 00c2fe38 000afd10 rpcrt4!LRPC_ADDRESS::DealWithLRPCRequest+0x127
00c2ff84 77c88792 00c2ffac 77c8872d 000a33f0 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x430
00c2ff8c 77c8872d 000a33f0 00000000 00000000 rpcrt4!RecvLotsaCallsWrapper+0xd
00c2ffac 77c7b110 000a6448 00c2ffec 77e6482f rpcrt4!BaseCachedThreadRoutine+0x9d
00c2ffb8 77e6482f 000b0738 00000000 00000000 rpcrt4!ThreadStartRoutine+0x1b
00c2ffec 00000000 77c7b0f5 000b0738 00000000 kernel32!BaseThreadStart+0x34

   2  Id: da8.dc4 Suspend: 1 Teb: 7ffda000 Unfrozen
ChildEBP RetAddr  Args to Child             
00ceb714 7c827d29 7c83d266 00000234 00000000 ntdll!KiFastSystemCallRet
00ceb718 7c83d266 00000234 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00ceb754 7c83d2b1 00000234 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
00ceb774 7c82d263 7c8897a0 00000000 76f1b6b3 ntdll!RtlEnterCriticalSection+0xa8
00ceb7a8 7c834051 00000001 00000000 00ceb7e4 ntdll!LdrLockLoaderLock+0xe4
00ceba18 77e41bf7 000dc0b0 00ceba64 00ceba44 ntdll!LdrLoadDll+0xc9
00ceba80 77e41dc1 7ffdac00 00000000 00000000 kernel32!LoadLibraryExW+0x1b2
00ceba94 77e41df7 01151f10 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00cebab4 76f18434 01151f10 01152158 76f33250 kernel32!LoadLibraryA+0xb5
00cebacc 76f1b5d8 76f1b6a8 00000000 7c81a3ab wldap32!LoadSystem32LibraryA+0x8d
00cebadc 76f13e87 7c81a360 01152158 00cebb10 wldap32!LoadUser32Now+0x32
00cebaec 76f178cb 01152158 00000000 00000000 wldap32!SetConnectionError+0x28
00cebb10 76f1834c 00000000 00000000 00000000 wldap32!LdapConnect+0x1e5
00cebb30 76dc457b 011522e8 00000000 00000000 wldap32!ldap_connect+0x26
00cebb54 76dc43fb 00000003 00000000 00000cc4 adsldpc!LdapOpen+0x1cc
00cebb84 76dc42fe 000db4e0 00000000 00cec6dc adsldpc!LdapOpenBindWithDefaultCredentials+0x10e
00cebfec 712d29aa 000db4e0 00000000 00000000 adsldpc!LdapOpenObject2+0x128
00cec26c 712d284c 000dbd6c 00cec28c 00cec6dc adsldp!GetServerBasedObject+0x18f
00cec6c4 712d52f3 000dbd6c 00cec6dc 00cec6ec adsldp!GetObjectW+0x69
00cec6f0 76df1bbb 000abab8 000dbd6c 00000000 adsldp!CLDAPNamespace::OpenDSObject+0x34
00cec748 6d10ab4e 000dbd6c 00000000 00000000 activeds!ADsOpenObject+0xb2
00ced174 6d10c16c 00ced21c 386f984f 00ced214 utilDirectory!CDirectorySearcher::CRefCountWrapper::FindOne+0x43e
00ced1d4 00d29595 00ced21c 386f984a 6cdb5550 utilDirectory!CDirectorySearcher::FindOne+0x10c
00cede74 00d297a4 00d3b184 010d4cb0 00cedf14 instISDeferredCustomAction!rUtilGetObjSID+0x155
00cede84 00d1d9ea 010d4cb0 00cedf14 386faa2e instISDeferredCustomAction!rUtilGetGroupSID+0x14
00cee020 00d1dc9a 00cee040 386faa72 00000008 instISDeferredCustomAction!GetDaclforServerManagement+0xaa
00cee140 00d23512 00cee17c 386fa916 00000008 instISDeferredCustomAction!GetSecurityAttributesforCCR+0x8a
00cee318 00d24262 010d7b00 010d7dc0 00000000 instISDeferredCustomAction!InstallSMEXDataFiles_+0xb2
00cef5c8 00d19b1c 000d92b0 000d9798 000d1f96 instISDeferredCustomAction!InstallSMEXDataFiles+0x1c2
00cef700 6af84ddb 00002bbf 00000000 00000011 instISDeferredCustomAction!CreateSMEXResources+0x71c
00cef770 6af85026 00cef8d8 00000000 00002bbf instISDeferredCustomActionStub!ExecuteCustomAction+0x19b
00cefcd8 746db4d0 00002bbf 00000000 745e4a48 instISDeferredCustomActionStub!CallDeferredMSICA+0x1c6
00cefcf4 746a5d6d 6af84e60 00cefce4 00002bbf msi!CallCustomDllEntrypoint+0x25
00ceffb8 77e6482f 000ba220 00000000 00000000 msi!CMsiCustomAction::CustomActionThread+0x223
00ceffec 00000000 746a5b40 000ba220 00000000 kernel32!BaseThreadStart+0x34

   3  Id: da8.85c Suspend: 1 Teb: 7ffd9000 Unfrozen
ChildEBP RetAddr  Args to Child             
01377e7c 7c827d19 77e6202c 00000002 01377ecc ntdll!KiFastSystemCallRet
01377e80 77e6202c 00000002 01377ecc 00000001 ntdll!NtWaitForMultipleObjects+0xc
01377f28 77e62fbe 00000002 01377f70 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
01377f44 6a967f94 00000002 01377f70 00000000 kernel32!WaitForMultipleObjects+0x18
0138ff78 781329bb 00000000 ce2d4177 00000000 utilDebug!RegistryMonitorThreadFunc+0xc4
0138ffb0 78132a47 00000000 77e6482f 010d5478 msvcr80!_endthreadex+0x3b
0138ffb8 77e6482f 010d5478 00000000 00000000 msvcr80!_endthreadex+0xc7
0138ffec 00000000 781329e1 010d5478 00000000 kernel32!BaseThreadStart+0x34

   4  Id: da8.4fc Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr  Args to Child             
00c6fe18 7c827859 77c885ac 000000e8 00c6ff74 ntdll!KiFastSystemCallRet
00c6fe1c 77c885ac 000000e8 00c6ff74 00000000 ntdll!NtReplyWaitReceivePortEx+0xc
00c6ff84 77c88792 00c6ffac 77c8872d 000a33f0 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
00c6ff8c 77c8872d 000a33f0 00000000 00000000 rpcrt4!RecvLotsaCallsWrapper+0xd
00c6ffac 77c7b110 000a6448 00c6ffec 77e6482f rpcrt4!BaseCachedThreadRoutine+0x9d
00c6ffb8 77e6482f 000bacd0 00000000 00000000 rpcrt4!ThreadStartRoutine+0x1b
00c6ffec 00000000 77c7b0f5 000bacd0 00000000 kernel32!BaseThreadStart+0x34

#  5  Id: da8.b88 Suspend: 1 Teb: 7ffde000 Unfrozen
ChildEBP RetAddr  Args to Child             
0038ffc8 7c83fe08 00000005 00000004 00000001 ntdll!DbgBreakPoint
0038fff4 00000000 00000000 00000000 00000000 ntdll!DbgUiRemoteBreakin+0x36

Re: 一个异常的死锁问题

william 2009-06-01, 21:51 下午
Critical Section 7c8897a0 并没有被任何线程占有,但是envent 234就是没有被触发

Re: 一个异常的死锁问题

Thomson 2009-06-01, 22:20 下午
你把0x7c8897a0这里这个critical section的内容dump出来看看吧.

Re: 一个异常的死锁问题

william 2009-06-02, 11:29 上午
!cs 0x7c8897a0 失败了,可能是页面page out了,但是还有另外一个hang的memory dump, 两个hang都非常相似。
!analyze -v hang

DEFAULT_BUCKET_ID: APPLICATION_HANG

PROCESS_NAME: msiexec.exe

ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

LOADERLOCK_BLOCKED_API: LoadLibraryExW:LdrLoadDll:LdrLockLoaderLock:

DERIVED_WAIT_CHAIN:

Dl Eid Cid WaitType
-- --- ------- --------------------------
3 1788.af8 Critical Section

WAIT_CHAIN_COMMAND: ~3s;k;;

BLOCKING_THREAD: 00000af8

PRIMARY_PROBLEM_CLASS: APPLICATION_HANG

LAST_CONTROL_TRANSFER: from 7c827d0b to 7c8285ec

FAULTING_THREAD: 00000003

STACK_TEXT:
00cebffc 7c827d0b 7c83d236 00000240 00000000 ntdll!KiFastSystemCallRet
00cec000 7c83d236 00000240 00000000 00000000 ntdll!NtWaitForSingleObject+0xc
00cec03c 7c83d281 00000240 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
00cec05c 7c82d243 7c8877a0 00000000 76f1b560 ntdll!RtlEnterCriticalSection+0xa8
00cec090 7c834029 00000001 00000000 00cec0cc ntdll!LdrLockLoaderLock+0xe4
00cec300 77e41bf3 000dc498 00cec34c 00cec32c ntdll!LdrLoadDll+0xc9
00cec368 77e41dbd 7ffdac00 00000000 00000000 kernel32!LoadLibraryExW+0x1b2
00cec37c 77e41df3 01171f10 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00cec39c 76f18434 01171f10 00001000 76f33250 kernel32!LoadLibraryA+0xb5
00cec3b4 76f1b512 76f1b554 00000080 00000000 wldap32!LoadSystem32LibraryA+0x8d
00cec400 76f198cb 00172158 00cec780 00000486 wldap32!LdapGetServiceNameForBind+0x7e
00cec7a0 76f1a5cc 00000007 00000000 00000486 wldap32!LdapBind+0x290
00cec7c8 76dc467d 011722e8 00000000 00000000 wldap32!ldap_bind_sW+0x2c
00cec814 76dc4410 000e93f8 00000000 00000000 adsldpc!LdapBindS+0xe4
00cec840 76dc42fe 00cecf08 00cecd00 000c8efc adsldpc!LdapOpenBindWithDefaultCredentials+0x18d
00cecca8 712e3e5a 00cecf08 00cecd00 00000000 adsldpc!LdapOpenObject2+0x128
00ced114 712e4149 00ced12c 6a96a3d0 00000000 adsldp!CLDAPNamespaceEnum::GetTreeObject+0xd7
00ced138 712e4205 00000001 00ced1b0 00ced150 adsldp!CLDAPNamespaceEnum::EnumObjects+0x3d
00ced154 76dfe899 000c8ee8 00000001 00ced1b0 adsldp!CLDAPNamespaceEnum::Next+0x32
00ced16c 6d108382 000c8ee8 00000001 00ced1b0 activeds!ADsEnumerateNext+0x17
00ced1c8 00d592c2 00ced264 00000400 00ced266 utilDirectory!CDirectoryHelper::GetRootGCPath+0xd2
00cede78 00d59574 00d6b184 012682f8 00cedf18 instISDeferredCustomAction!rUtilGetObjSID+0xb2
00cede88 00d4d9ea 012682f8 00cedf18 ce97883f instISDeferredCustomAction!rUtilGetGroupSID+0x14
00cee024 00d4dc9a 00cee044 ce97889b 00000008 instISDeferredCustomAction!GetDaclforServerManagement+0xaa
00cee144 00d53512 00cee180 ce978b07 00000008 instISDeferredCustomAction!GetSecurityAttributesforCCR+0x8a
00cee31c 00d54262 012687e0 01268db8 00000000 instISDeferredCustomAction!InstallSMEXDataFiles_+0xb2
00cef5cc 00d49b1c 000d97a8 000dc088 000d7e8e instISDeferredCustomAction!InstallSMEXDataFiles+0x1c2
00cef704 6af84ddb 00003d3c 00000000 0000000e instISDeferredCustomAction!CreateSMEXResources+0x71c
00cef774 6af85018 00cef8d8 00000000 00003d3c instISDeferredCustomActionStub!ExecuteCustomAction+0x19b
00cefcd8 746da588 00003d3c 00000000 745e4a48 instISDeferredCustomActionStub!CallDeferredMSICA+0x1b8
00cefcf4 746a503d 6af84e60 00cefce4 00003d3c msi!CallCustomDllEntrypoint+0x25
00ceffb8 77e64829 000ba310 00000000 00000000 msi!CMsiCustomAction::CustomActionThread+0x223
00ceffec 00000000 746a4e10 000ba310 00000000 kernel32!BaseThreadStart+0x34


FOLLOWUP_IP:
adsldp!CLDAPNamespaceEnum::GetTreeObject+d7
712e3e5a 8bd8 mov ebx,eax

SYMBOL_STACK_INDEX: 10

SYMBOL_NAME: adsldp!CLDAPNamespaceEnum::GetTreeObject+d7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: adsldp

IMAGE_NAME: adsldp.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 45d70a21

STACK_COMMAND: ~3s ; kb

BUCKET_ID: 80000007_adsldp!CLDAPNamespaceEnum::GetTreeObject+d7

FAILURE_BUCKET_ID: APPLICATION_HANG_80000007_adsldp.dll!CLDAPNamespaceEnum::GetTreeObject

Followup: MachineOwner。

0:000> !locks

CritSec wldap32!LoadLibLock+0 at 76f33250
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread af8
EntryCount 0
ContentionCount 0
*** Locked

Scanned 460 critical sections
0:000> ~* kb 300

. 0 Id: 1788.ab0 Suspend: 1 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr Args to Child
0007d990 7c827cfb 77e6202c 00000003 0007d9e0 ntdll!KiFastSystemCallRet
0007d994 77e6202c 00000003 0007d9e0 00000001 ntdll!NtWaitForMultipleObjects+0xc
0007da3c 7739bbd1 00000003 0007da64 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
0007da98 7739ce36 00000002 0007dafc ffffffff user32!RealMsgWaitForMultipleObjectsEx+0x141
0007dab4 0100a772 00000002 0007dafc 00000000 user32!MsgWaitForMultipleObjects+0x1f
0007fee0 0100a8f2 01000000 ffffffff 00000000 msiexec!ServerMain+0x13e6
0007ff1c 0100f4a4 01000000 00000000 000a24b0 msiexec!WinMain+0x34
0007ffc0 77e6f23b 00000000 00000000 7ffd5000 msiexec!WinMainCRTStartup+0x182
0007fff0 00000000 0100f322 00000000 78746341 kernel32!BaseProcessStart+0x23

1 Id: 1788.1638 Suspend: 1 Teb: 7ffdd000 Unfrozen
ChildEBP RetAddr Args to Child
00c2f4d8 7c827d0b 77e61d1e 00000264 00000000 ntdll!KiFastSystemCallRet
00c2f4dc 77e61d1e 00000264 00000000 00000000 ntdll!NtWaitForSingleObject+0xc
00c2f54c 77e61c8d 00000264 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xac
00c2f560 746a4bc7 00000264 ffffffff 00c2f588 kernel32!WaitForSingleObject+0x12
00c2f584 77c80193 00000000 00000af8 00c2f798 msi!CMsiCustomAction::RunDLLCustomAction+0x113
00c2f5a4 77ce33e1 746a4ab4 00c2f788 00000003 rpcrt4!Invoke+0x30
00c2f9a4 77ce2ed5 000b8b70 000b11f8 000b3e68 rpcrt4!NdrStubCall2+0x299
00c2f9fc 7778d01b 000b8b70 000b3e68 000b11f8 rpcrt4!CStdStubBuffer_Invoke+0xc6
00c2fa40 7778cfc8 000b3e68 000b8c00 000b53e8 ole32!SyncStubInvoke+0x37
00c2fa88 776c120b 000b3e68 000b8a60 000b8b70 ole32!StubInvoke+0xa7
00c2fb64 776c0bf5 000b11f8 00000000 000b8b70 ole32!CCtxComChnl::ContextInvoke+0xec
00c2fb80 7778d2a7 000b3e68 00000001 000b8b70 ole32!MTAInvoke+0x1a
00c2fbb0 7778cd66 d0908070 000b11f8 000b8b70 ole32!AppInvoke+0xa3
00c2fc84 7778d2c6 000b3e10 000b1418 000b8be8 ole32!ComInvokeWithLockAndIPID+0x2c5
00c2fcd0 77c7ff7a 000b8ea4 000b8be8 000b8ea4 ole32!ThreadInvoke+0x2e3
00c2fd04 77c8042d 7778d238 000b8ea4 00c2fdec rpcrt4!DispatchToStubInCNoAvrf+0x38
00c2fd58 77c80353 00000000 00000000 7767bfc8 rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x11f
00c2fd7c 77c7e0d4 000b8ea4 00000000 7767bfc8 rpcrt4!RPC_INTERFACE::DispatchToStub+0xa3
00c2fdbc 77c7e080 000b8ea4 000b8e5c 00000000 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0xc0
00c2fdfc 77c812f0 000afd78 000a33f0 000afc70 rpcrt4!LRPC_SCALL::DealWithRequestMessage+0x41e
00c2fe20 77c88678 000a3428 00c2fe38 000afd78 rpcrt4!LRPC_ADDRESS::DealWithLRPCRequest+0x127
00c2ff84 77c88792 00c2ffac 77c8872d 000a33f0 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x430
00c2ff8c 77c8872d 000a33f0 00000000 00000000 rpcrt4!RecvLotsaCallsWrapper+0xd
00c2ffac 77c7b110 000a6420 00c2ffec 77e64829 rpcrt4!BaseCachedThreadRoutine+0x9d
00c2ffb8 77e64829 000b07a0 00000000 00000000 rpcrt4!ThreadStartRoutine+0x1b
00c2ffec 00000000 77c7b0f5 000b07a0 00000000 kernel32!BaseThreadStart+0x34

2 Id: 1788.140c Suspend: 1 Teb: 7ffdb000 Unfrozen
ChildEBP RetAddr Args to Child
00cafe18 7c82783b 77c885ac 000000e8 00caff74 ntdll!KiFastSystemCallRet
00cafe1c 77c885ac 000000e8 00caff74 00000000 ntdll!NtReplyWaitReceivePortEx+0xc
00caff84 77c88792 00caffac 77c8872d 000a33f0 rpcrt4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
00caff8c 77c8872d 000a33f0 00000000 00000000 rpcrt4!RecvLotsaCallsWrapper+0xd
00caffac 77c7b110 000a6420 00caffec 77e64829 rpcrt4!BaseCachedThreadRoutine+0x9d
00caffb8 77e64829 000b52f0 00000000 00000000 rpcrt4!ThreadStartRoutine+0x1b
00caffec 00000000 77c7b0f5 000b52f0 00000000 kernel32!BaseThreadStart+0x34

3 Id: 1788.af8 Suspend: 1 Teb: 7ffda000 Unfrozen
ChildEBP RetAddr Args to Child
00cebffc 7c827d0b 7c83d236 00000240 00000000 ntdll!KiFastSystemCallRet
00cec000 7c83d236 00000240 00000000 00000000 ntdll!NtWaitForSingleObject+0xc
00cec03c 7c83d281 00000240 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
00cec05c 7c82d243 7c8877a0 00000000 76f1b560 ntdll!RtlEnterCriticalSection+0xa8
00cec090 7c834029 00000001 00000000 00cec0cc ntdll!LdrLockLoaderLock+0xe4
00cec300 77e41bf3 000dc498 00cec34c 00cec32c ntdll!LdrLoadDll+0xc9
00cec368 77e41dbd 7ffdac00 00000000 00000000 kernel32!LoadLibraryExW+0x1b2
00cec37c 77e41df3 01171f10 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00cec39c 76f18434 01171f10 00001000 76f33250 kernel32!LoadLibraryA+0xb5
00cec3b4 76f1b512 76f1b554 00000080 00000000 wldap32!LoadSystem32LibraryA+0x8d
00cec400 76f198cb 00172158 00cec780 00000486 wldap32!LdapGetServiceNameForBind+0x7e
00cec7a0 76f1a5cc 00000007 00000000 00000486 wldap32!LdapBind+0x290
00cec7c8 76dc467d 011722e8 00000000 00000000 wldap32!ldap_bind_sW+0x2c
00cec814 76dc4410 000e93f8 00000000 00000000 adsldpc!LdapBindS+0xe4
00cec840 76dc42fe 00cecf08 00cecd00 000c8efc adsldpc!LdapOpenBindWithDefaultCredentials+0x18d
00cecca8 712e3e5a 00cecf08 00cecd00 00000000 adsldpc!LdapOpenObject2+0x128
00ced114 712e4149 00ced12c 6a96a3d0 00000000 adsldp!CLDAPNamespaceEnum::GetTreeObject+0xd7
00ced138 712e4205 00000001 00ced1b0 00ced150 adsldp!CLDAPNamespaceEnum::EnumObjects+0x3d
00ced154 76dfe899 000c8ee8 00000001 00ced1b0 adsldp!CLDAPNamespaceEnum::Next+0x32
00ced16c 6d108382 000c8ee8 00000001 00ced1b0 activeds!ADsEnumerateNext+0x17
00ced1c8 00d592c2 00ced264 00000400 00ced266 utilDirectory!CDirectoryHelper::GetRootGCPath+0xd2
00cede78 00d59574 00d6b184 012682f8 00cedf18 instISDeferredCustomAction!rUtilGetObjSID+0xb2
00cede88 00d4d9ea 012682f8 00cedf18 ce97883f instISDeferredCustomAction!rUtilGetGroupSID+0x14
00cee024 00d4dc9a 00cee044 ce97889b 00000008 instISDeferredCustomAction!GetDaclforServerManagement+0xaa
00cee144 00d53512 00cee180 ce978b07 00000008 instISDeferredCustomAction!GetSecurityAttributesforCCR+0x8a
00cee31c 00d54262 012687e0 01268db8 00000000 instISDeferredCustomAction!InstallSMEXDataFiles_+0xb2
00cef5cc 00d49b1c 000d97a8 000dc088 000d7e8e instISDeferredCustomAction!InstallSMEXDataFiles+0x1c2
00cef704 6af84ddb 00003d3c 00000000 0000000e instISDeferredCustomAction!CreateSMEXResources+0x71c
00cef774 6af85018 00cef8d8 00000000 00003d3c instISDeferredCustomActionStub!ExecuteCustomAction+0x19b
00cefcd8 746da588 00003d3c 00000000 745e4a48 instISDeferredCustomActionStub!CallDeferredMSICA+0x1b8
00cefcf4 746a503d 6af84e60 00cefce4 00003d3c msi!CallCustomDllEntrypoint+0x25
00ceffb8 77e64829 000ba310 00000000 00000000 msi!CMsiCustomAction::CustomActionThread+0x223
00ceffec 00000000 746a4e10 000ba310 00000000 kernel32!BaseThreadStart+0x34

4 Id: 1788.11d4 Suspend: 1 Teb: 7ffd9000 Unfrozen
ChildEBP RetAddr Args to Child
013d7e7c 7c827cfb 77e6202c 00000002 013d7ecc ntdll!KiFastSystemCallRet
013d7e80 77e6202c 00000002 013d7ecc 00000001 ntdll!NtWaitForMultipleObjects+0xc
013d7f28 77e62fbe 00000002 013d7f70 00000000 kernel32!WaitForMultipleObjectsEx+0x11a
013d7f44 6a967f94 00000002 013d7f70 00000000 kernel32!WaitForMultipleObjects+0x18
013eff78 781329bb 00000000 f4525c47 00000000 utilDebug!RegistryMonitorThreadFunc+0xc4
013effb0 78132a47 00000000 77e64829 01135280 msvcr80!_callthreadstartex+0x1b
013effb8 77e64829 01135280 00000000 00000000 msvcr80!_threadstartex+0x66
013effec 00000000 781329e1 01135280 00000000 kernel32!BaseThreadStart+0x34
0:000> !cs 7c8877a0
-----------------------------------------
Critical section = 0x7c8877a0 (ntdll!LdrpLoaderLock+0x0)
DebugInfo = 0x7c8877c0
NOT LOCKED
LockSemaphore = 0x240
SpinCount = 0x00000000

Re: 一个异常的死锁问题

格蠹老雷 2009-06-02, 23:16 下午
你好,William,确实是一个与LoaderLock有关的问题,随便Google一下,可以发现很多这方面的死锁:
http://support.microsoft.com/kb/839343
https://blogs.msdn.com/larryosterman/archive/2006/06/15/632502.aspx
http://www.issociate.de/board/post/433852/LoaderLock_problem.html
可以说这是Windows中的一个烫手山芋。因此还专门有篇文档来指导大家如何避免中招:
http://www.microsoft.com/whdc/driver/kernel/DLL_bestprac.mspx

回到上面的问题,!cs 7c8877a0显示的信息很不够,建议你观察整个结构:
先观察LdrpLoaderLock结构:
dt _RTL_CRITICAL_SECTION 0x7c8877a0
然后再观察其中专门用来支持调试的子结构:
dt _RTL_CRITICAL_SECTION_DEBUG 0x7c8877c0
根据栈回溯,应该有人进入过这个关键区,所以af8线程才会开始等待关键区的LockSemaphore(其实是一个Event)。
如果能进行活动内核调试,那么可以在发生Hang时,在内核中观察这个Event的拥有线程,那么就很容易发现根源了。
这是一个很好的案例,如果能同时收集一个内核转储,然后上传到一个FTP最好。


Re: 一个异常的死锁问题

william 2009-06-03, 20:35 下午
Hi Raymond,很感谢您的回复,你贴出来的那些资料我都看过了,并且检查了我们的代码,应该没有违反那些规则。 我按你的提示分析了一下,但是仍然没有什么眉目,这是另一次hang的memory dump是在user mode没有抓取kernel mode的dump。 以下是windbg的分析:
0:000> !locks

CritSec wldap32!LoadLibLock+0 at 76f33250
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread c4c
EntryCount 0
ContentionCount 0
*** Locked
这次hang的线程是c4c。
线程的堆栈是;
3 Id: 109c.c4c Suspend: 1 Teb: 7ffda000 Unfrozen
ChildEBP RetAddr Args to Child
00cec3d0 7c827d29 7c83d266 00000238 00000000 ntdll!KiFastSystemCallRet
00cec3d4 7c83d266 00000238 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00cec410 7c83d2b1 00000238 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
00cec430 7c82d263 7c8897a0 00000000 76f1b6b3 ntdll!RtlEnterCriticalSection+0xa8
00cec464 7c834051 00000001 00000000 00cec4a0 ntdll!LdrLockLoaderLock+0xe4
00cec6d4 77e41bf7 000dc788 00cec720 00cec700 ntdll!LdrLoadDll+0xc9
00cec73c 77e41dc1 7ffdac00 00000000 00000000 kernel32!LoadLibraryExW+0x1b2
00cec750 77e41df7 01151f10 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00cec770 76f18434 01151f10 01152158 76f33250 kernel32!LoadLibraryA+0xb5
00cec788 76f1b5d8 76f1b6a8 00000000 7c81a3ab wldap32!LoadSystem32LibraryA+0x8d
00cec798 76f13e87 7c81a360 01152158 00cec7cc wldap32!LoadUser32Now+0x32
00cec7a8 76f178cb 01152158 00000000 00000000 wldap32!SetConnectionError+0x28
00cec7cc 76f1834c 00000000 00000000 00000000 wldap32!LdapConnect+0x1e5
00cec7ec 76dc457b 011522e8 00000000 00cecd00 wldap32!ldap_connect+0x26
00cec810 76dc43fb 00cecd00 00cecd00 00000cc4 adsldpc!LdapOpen+0x1cc
00cec840 76dc42fe 00cecf08 00cecd00 000bd0e4 adsldpc!LdapOpenBindWithDefaultCredentials+0x10e
00cecca8 712e3e5a 00cecf08 00cecd00 00000000 adsldpc!LdapOpenObject2+0x128
00ced114 712e4149 00ced12c 6a96a3d0 00000000 adsldp!CLDAPNamespaceEnum::GetTreeObject+0xd7
00ced138 712e4205 00000001 00ced1b0 00ced150 adsldp!CLDAPNamespaceEnum::EnumObjects+0x3d
00ced154 76dfe899 000bd0d0 00000001 00ced1b0 adsldp!CLDAPNamespaceEnum::Next+0x32
00ced16c 6d108382 000bd0d0 00000001 00ced1b0 activeds!ADsEnumerateNext+0x17
WARNING: Stack unwind information not available. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 utilDirectory!CDirectoryHelper::GetRootGCPath+0xd2

0:000> da 01151f10
01151f10 "C:\WINDOWS\system32\USER32.DLL"

0:000> dt _RTL_CRITICAL_SECTION 0x7c8897a0
mfc80u!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x7c8897c0 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -11
+0x008 RecursionCount : 0
+0x00c OwningThread : (null)
+0x010 LockSemaphore : 0x00000238
+0x014 SpinCount : 0

0:000> dt _RTL_CRITICAL_SECTION_DEBUG 0x7c8897c0
mfc80u!_RTL_CRITICAL_SECTION_DEBUG
+0x000 Type : 0
+0x002 CreatorBackTraceIndex : 0
+0x004 CriticalSection : 0x7c8897a0 _RTL_CRITICAL_SECTION
+0x008 ProcessLocksList : _LIST_ENTRY [ 0x7c889be8 - 0x7c889bc8 ]
+0x010 EntryCount : 0
+0x014 ContentionCount : 4
+0x018 Spare : [2] 0

0:000> !address 0x7c889be8
7c800000 : 7c889000 - 00003000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:\WINDOWS\system32\ntdll.dll

0:000> !address 0x7c889bc8
7c800000 : 7c889000 - 00003000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:\WINDOWS\system32\ntdll.dll

0:000> dt _RTL_CRITICAL_SECTION 76f33250
mfc80u!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x000c8610 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -2
+0x008 RecursionCount : 1
+0x00c OwningThread : 0x00000c4c
+0x010 LockSemaphore : (null)
+0x014 SpinCount : 0

0:000> dt _RTL_CRITICAL_SECTION_DEBUG 0x000c8610
mfc80u!_RTL_CRITICAL_SECTION_DEBUG
+0x000 Type : 0
+0x002 CreatorBackTraceIndex : 0
+0x004 CriticalSection : 0x76f33250 _RTL_CRITICAL_SECTION
+0x008 ProcessLocksList : _LIST_ENTRY [ 0xc85f0 - 0xc8640 ]
+0x010 EntryCount : 0
+0x014 ContentionCount : 0
+0x018 Spare : [2] 0

0:000> !address 0xc85f0
000a0000 : 000a0000 - 00053000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageHeap
Handle 000a0000
0:000> !address 0xc8640
000a0000 : 000a0000 - 00053000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageHeap

Re: 一个异常的死锁问题

william 2009-06-03, 21:04 下午
Hi Raymond, 我已经把memory dump上传我的qq文件中转站去了,我的qq号码是:68615598,不知道你是否使用qq,至于调试符号文件,如果你需要的话,我再上传上去(需要咨询一下领导上传pdb文件是否违反policy)。

Re: 一个异常的死锁问题

格蠹老雷 2009-06-03, 22:15 下午
我不使用qq,压缩一下,寄到我的GMAIL信箱(yinkui.zhang@gmail.com)吧。

Re: 一个异常的死锁问题

格蠹老雷 2009-06-07, 23:47 下午

注意LockCount字段的值-11:

0:000> dt _RTL_CRITICAL_SECTION 0x7c8897a0
mfc80u!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x7c8897c0 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -11

将其格式化为二进制:

0:003> .formats -0n11
Evaluate expression:
  Hex:     fffffff5
  Decimal: -11
  Octal:   37777777765
  Binary:  11111111 11111111 11111111 11110101
按照LockCount在Svr2K3 SP1起的定义:

  1. 最低位为1的含义是这个关键区对象此时(观察时——也就是DUMP时)没有锁定。
  2. 次低位的0含义是已经唤醒了等待这个关键区的一个线程。
  3. 余下的30位的补码(2)代表有多少个线程在等待这个关键区对象。

综合以上信息,可以作出这样一种猜测:

3号线程(1788.af8 )曾经和另外一个线程一起等待LdrLockLoaderLock这个关键区,当用于LdrLockLoaderLock的线程离开这个关键区时,系统唤醒了另外一个线程,但这个线程在关键区内意外退出了,系统在清理线程时,擦除了LdrLockLoaderLock中OwningThread中的登记......

那么这另外一个线程是谁呢?这从DUMP文件就较难获悉了,可以考虑以下方法:

1)启用MSI的诊断日志:http://msdn.microsoft.com/en-us/library/aa372847(VS.85).aspx

2)如果是在调试目标,那么把g_dmDiagnosticMode改为1,启用调试信息输出

3)使用如下命令之一,启用验证器的死锁检测功能(参见《软件调试》第19章):

appverif.exe -enable locks -for TestApplicaiton.exe 
 
gflags.exe -v IMAGE /enable TestApplicaiton.exe LOCK_CHECKS 

因为等待最终是发生在内核态的,等待对象的很多属性也只有内核模式才看得到,所以最好同时配以内核调试,在抓取转储时,同时抓取内核转储。

 

Re: 一个异常的死锁问题

william 2009-07-07, 19:00 下午
张老师,您好,很久没有和您联系过了,因为出了一趟长差昨天刚刚回来上班,今天又发现了这个问题,这次抓到了kernel model的dump,分析了一下,也没发现什么线程异常,由于Critical Section没有kernel mode的对象,请问我该如何着手分析呢?

Re: 一个异常的死锁问题

格蠹老雷 2009-07-07, 20:26 下午

每个CS结构都有一个对应的Event对象,当需要等待进入临界区时,等待线程就开始等待这个事件,LockSemaphore 字段就是这个Event对象的句柄:

0:000> dt _RTL_CRITICAL_SECTION 0x7c8897a0
mfc80u!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x7c8897c0 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -11
+0x008 RecursionCount : 0
+0x00c OwningThread : (null)
+0x010 LockSemaphore : 0x00000238
+0x014 SpinCount : 0

在内核转储会话中,可以先切换到出问题的进程,然后执行!handle 238显示这个Event对象的详细信息,其中包括这个对象的内核态地址。然后可以使用!object命令进一步观察这个对象。

也可以使用dt -r _KEVENT 对象地址来观察Event对象,其中包含对象的信号状态和等待这个对象的线程列表。


 

Re: 一个异常的死锁问题

手语 2009-07-08, 11:06 上午
这种情况,有可能是因为错误调用TerminateThread()而引起的。
正在等待CriticalSection的线程被其他线程强行中止了。
可以在代码中搜索一下,分析他们什么情况下可能被调用,也许有帮助。
鸿鹄安知燕雀之志

Re: 一个异常的死锁问题

william 2009-07-14, 19:32 下午
张老师您好,
今天又把这个问题重现了一下,用户态的栈是:
2 Id: b5c.788 Suspend: 1 Teb: 7ffd8000 Unfrozen
ChildEBP RetAddr Args to Child
00cec3cc 7c827d29 7c83d266 0000023c 00000000 ntdll!KiFastSystemCallRet
00cec3d0 7c83d266 0000023c 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00cec40c 7c83d2b1 0000023c 00000004 00000001 ntdll!RtlpWaitOnCriticalSection+0x1a3
00cec42c 7c82d263 7c8897a0 00000000 76f1b6b3 ntdll!RtlEnterCriticalSection+0xa8
00cec460 7c834051 00000001 00000000 00cec49c ntdll!LdrLockLoaderLock+0xe4
00cec6d0 77e41bf7 000dcb20 00cec71c 00cec6fc ntdll!LdrLoadDll+0xc9
00cec738 77e41dc1 7ffd8c00 00000000 00000000 kernel32!LoadLibraryExW+0x1b2
00cec74c 77e41df7 01171f10 00000000 00000000 kernel32!LoadLibraryExA+0x1f
00cec76c 76f18434 01171f10 01172158 76f33250 kernel32!LoadLibraryA+0xb5
00cec784 76f1b5d8 76f1b6a8 00000000 7c81a3ab WLDAP32!LoadSystem32LibraryA+0x8d
00cec794 76f13e87 7c81a360 01172158 00cec7c8 WLDAP32!LoadUser32Now+0x32
00cec7a4 76f178cb 01172158 00000000 00000000 WLDAP32!SetConnectionError+0x28
00cec7c8 76f1834c 00000000 00000000 00000000 WLDAP32!LdapConnect+0x1e5
00cec7e8 76dc457b 011722e8 00000000 00ceccfc WLDAP32!ldap_connect+0x26
00cec80c 76dc43fb 00ceccfc 00ceccfc 00000cc4 adsldpc!LdapOpen+0x1cc
00cec83c 76dc42fe 00cecf04 00ceccfc 000a70d4 adsldpc!LdapOpenBindWithDefaultCredentials+0x10e
00cecca4 712e3e5a 00cecf04 00ceccfc 00000000 adsldpc!LdapOpenObject2+0x128
00ced110 712e4149 00ced128 6a96a3d0 00000000 adsldp!CLDAPNamespaceEnum::GetTreeObject+0xd7
00ced134 712e4205 00000001 00ced1ac 00ced14c adsldp!CLDAPNamespaceEnum::EnumObjects+0x3d
00ced150 76dfe899 000a70c0 00000001 00ced1ac adsldp!CLDAPNamespaceEnum::Next+0x32
00ced168 6d108342 000a70c0 00000001 00ced1ac ACTIVEDS!ADsEnumerateNext+0x17
00ced1c4 00d59362 00ced260 00000400 00ced262 utilDirectory!CDirectoryHelper::GetRootGCPath+0xd2 [d:\archsource\smex\10.0\win32\en\source\src\utility\utildirectory\util_directoryhelper.cpp @ 121]
00cede74 00d59614 00d6b1e4 011378b8 00cedf14 instISDeferredCustomAction!rUtilGetObjSID+0xb2 [d:\archsource\smex\10.0\win32\en\source\src\setup\rifcore\rutilprivilegechecking.cpp @ 277]
00cede84 00d4da8a 011378b8 00cedf14 2b117b8f instISDeferredCustomAction!rUtilGetGroupSID+0x14 [d:\archsource\smex\10.0\win32\en\source\src\setup\rifcore\rutilprivilegechecking.cpp @ 284]
00cee020 00d4dd3a 00cee040 2b117bd3 00000008 instISDeferredCustomAction!GetDaclforServerManagement+0xaa [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomaction\instisdeferredcustomaction.cpp @ 3750]
00cee140 00d535b2 00cee17c 2b1178b7 00000008 instISDeferredCustomAction!GetSecurityAttributesforCCR+0x8a [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomaction\instisdeferredcustomaction.cpp @ 3804]
00cee318 00d54302 01137c58 01137f18 00000000 instISDeferredCustomAction!InstallSMEXDataFiles_+0xb2 [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomaction\instisinstallutility.cpp @ 290]
00cef5c8 00d49bbc 000da590 000daac8 000d20b6 instISDeferredCustomAction!InstallSMEXDataFiles+0x1c2 [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomaction\instisinstallutility.cpp @ 126]
00cef700 6af84ddb 00004fca 00000000 00000011 instISDeferredCustomAction!CreateSMEXResources+0x71c [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomaction\instisdeferredcustomaction.cpp @ 4271]
00cef770 6af85026 00cef8d8 00000000 00004fca instISDeferredCustomActionStub!ExecuteCustomAction+0x19b [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomactionstub\instisdeferredcustomactionstub.cpp @ 215]
00cefcd8 746db4d0 00004fca 00000000 745e4a48 instISDeferredCustomActionStub!CallDeferredMSICA+0x1c6 [d:\archsource\smex\10.0\win32\en\source\src\setup\instisdeferredcustomactionstub\instisdeferredcustomactionstub.cpp @ 370]
00cefcf4 746a5d6d 6af84e60 00cefce4 00004fca msi!CallCustomDllEntrypoint+0x25
00ceffb8 77e6482f 000ba348 00000000 00000000 msi!CMsiCustomAction::CustomActionThread+0x223
00ceffec 00000000 746a5b40 000ba348 00000000 kernel32!BaseThreadStart+0x34

0:005> dt _RTL_CRITICAL_SECTION 0x7c8897a0
instISDeferredCustomAction!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x7c8897c0 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -11
+0x008 RecursionCount : 0
+0x00c OwningThread : (null)
+0x010 LockSemaphore : 0x0000023c
+0x014 SpinCount : 0

内核态的句柄状态为:
kd> !handle 23c 0x1 b5c event
processor number 0, process 00000b5c
Searching for Process with Cid == b5c
Searching for handles of type event
PROCESS 83991d88 SessionId: 0 Cid: 0b5c Peb: 7ffde000 ParentCid: 0fe4
DirBase: 33e60440 ObjectTable: e1079a68 HandleCount: 177.
Image: msiexec.exe

Handle table at e2193000 with 177 Entries in use
023c: Object: 839bb590 GrantedAccess: 00100003

kd> !object 839bb590
Object: 839bb590 Type: (847a0720) Event
ObjectHeader: 839bb578 (old version)
HandleCount: 1 PointerCount: 2
kd> dt -r _KEVENT 839bb590
nt!_KEVENT
+0x000 Header : _DISPATCHER_HEADER
+0x000 Type : 0x1 ''
+0x001 Absolute : 0x80 ''
+0x001 NpxIrql : 0x80 ''
+0x002 Size : 0x4 ''
+0x002 Hand : 0x4 ''
+0x003 Inserted : 0xf7 ''
+0x003 DebugActive : 0xf7 ''
+0x000 Lock : -150700031
+0x004 SignalState : 0
+0x008 WaitListHead : _LIST_ENTRY [ 0x83a5c630 - 0x83a5c630 ]
+0x000 Flink : 0x83a5c630 _LIST_ENTRY [ 0x839bb598 - 0x839bb598 ]
+0x004 Blink : 0x83a5c630 _LIST_ENTRY [ 0x839bb598 - 0x839bb598 ]

从WaitListHead来看,只有一个对象在等待这个event,event也没有被触发,而那个等对的对象应该正是线程788,现在看来这条路好像有点走不通了。

Re: 一个异常的死锁问题

william 2009-07-14, 19:40 下午
比较奇怪的是执行!locks命令发现了另一个loaderlock
0:006> !locks

CritSec WLDAP32!LoadLibLock+0 at 76f33250
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 788
EntryCount 0
ContentionCount 0
*** Locked

Scanned 464 critical sections
0:006> dt _RTL_CRITICAL_SECTION 0x76f33250
instISDeferredCustomAction!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : 0x000c87b0 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : -2
+0x008 RecursionCount : 1
+0x00c OwningThread : 0x00000788
+0x010 LockSemaphore : (null)
+0x014 SpinCount : 0
这个LoaderLock的LockSemaphore为什么是NULL呢, 并且LoaderLock是每个进城只有一个,为什么在这个msiexec.exe进城里竟然发现了两个呢?

Re: 一个异常的死锁问题

格蠹老雷 2009-07-14, 23:54 下午
WLDAP32!LoadLibLock是WLDAP32模块自己定义的一个临界区,每个进程的LoaderLock是登记在PEB结构中的,二者不一样。
现在问题还是出在LoaderLock上,788这个线程等着它,但是它却没有被置信号,说明当前拥有这个Event的线程没有释放或者出其它问题了。
手语推测的原因是很可能的,拥有LoaderLock的那个线程意外退出了。


 总页数 1 第 2 页 [共有 19 条记录] 1 2 >

Powered by Community Server Powered by CnForums.Net