locked
VDS Handle Leak - Windows Server 2008 R2 RRS feed

  • Question

  • one of the windows 2008 r2 server is experiencing Handle Leak issue on VDS.exe process. I have followed the below troubleshooting from Jeff_dailey and was able to identify the open handles.

    https://channel9.msdn.com/Blogs/jeff_dailey/Understanding-handle-leaks-and-how-to-use-htrace-to-find-them 

    However unable to identify what is causing the Events to be opened and not close them, eventually adding up to the virtual memory and increasing number of handles. Below is the result from Windbg.

    Outstanding handles opened since the previous snapshot:
    --------------------------------------
    Handle = 0x0000000000007228 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717c5ba: ntdll!NtCreateThreadEx+0x000000000000000a
    0x000007fefd0eae13: KERNELBASE!CreateRemoteThreadEx+0x0000000000000163
    0x000007fefd122333: KERNELBASE!CreateThread+0x0000000000000033
    0x000007fef60b49f4: verifier!AVrfpCreateThread+0x00000000000000b0
    0x00000000ffb9f72b: vds!CVdsCallbackObject::Advise+0x000000000000040b
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    --------------------------------------
    Handle = 0x0000000000007104 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f5ce: vds!CVdsCallbackObject::Advise+0x00000000000002ae
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x000000000000701c - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f578: vds!CVdsCallbackObject::Advise+0x0000000000000258
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x0000000000007190 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717c5ba: ntdll!NtCreateThreadEx+0x000000000000000a
    0x000007fefd0eae13: KERNELBASE!CreateRemoteThreadEx+0x0000000000000163
    0x000007fefd122333: KERNELBASE!CreateThread+0x0000000000000033
    0x000007fef60b49f4: verifier!AVrfpCreateThread+0x00000000000000b0
    0x00000000ffb9f72b: vds!CVdsCallbackObject::Advise+0x000000000000040b
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    --------------------------------------
    Handle = 0x0000000000007120 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f5ce: vds!CVdsCallbackObject::Advise+0x00000000000002ae
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x0000000000007100 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f578: vds!CVdsCallbackObject::Advise+0x0000000000000258
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x0000000000007348 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717c5ba: ntdll!NtCreateThreadEx+0x000000000000000a
    0x000007fefd0eae13: KERNELBASE!CreateRemoteThreadEx+0x0000000000000163
    0x000007fefd122333: KERNELBASE!CreateThread+0x0000000000000033
    0x000007fef60b49f4: verifier!AVrfpCreateThread+0x00000000000000b0
    0x00000000ffb9f72b: vds!CVdsCallbackObject::Advise+0x000000000000040b
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    --------------------------------------
    Handle = 0x00000000000070b4 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f5ce: vds!CVdsCallbackObject::Advise+0x00000000000002ae
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x00000000000070f8 - OPEN
    Thread ID = 0x0000000000006f10, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x00000000ffb9f578: vds!CVdsCallbackObject::Advise+0x0000000000000258
    0x00000000ffb73771: vds!CVdsService::Advise+0x0000000000000059
    0x000007feff1de9d5: RPCRT4!Invoke+0x0000000000000065
    0x000007feff28b54e: RPCRT4!Ndr64StubWorker+0x000000000000061b
    0x000007feff1e0e76: RPCRT4!NdrStubCall3+0x00000000000000b5
    0x000007fefe940857: ole32!CStdStubBuffer_Invoke+0x000000000000005b
    0x000007fefe94124d: ole32!SyncStubInvoke+0x000000000000005d
    0x000007fefe9411c3: ole32!StubInvoke+0x00000000000000db
    0x000007fefe7f9d70: ole32!CCtxComChnl::ContextInvoke+0x0000000000000190
    0x000007fefe9413a6: ole32!AppInvoke+0x00000000000000c2
    --------------------------------------
    Handle = 0x0000000000007108 - OPEN
    Thread ID = 0x000000000000946c, Process ID = 0x0000000000003684

    0x000000007717befa: ntdll!ZwDuplicateObject+0x000000000000000a
    0x000007fef60b4143: verifier!AVrfpNtDuplicateObject+0x000000000000006b
    0x000007fefd0e2d95: KERNELBASE!DuplicateHandle+0x0000000000000035
    0x0000000076f252fb: kernel32!DuplicateHandleImplementation+0x000000000000015b
    0x000007feff1fc2b7: RPCRT4!THREAD::THREAD+0x00000000000000a7
    0x000007feff1fc1ec: RPCRT4!ThreadSelfHelper+0x0000000000000028
    0x000007feff1f0b37: RPCRT4!LrpcIoComplete+0x0000000000000121
    0x000000007719290a: ntdll!TppAlpcpExecuteCallback+0x00000000000002cd
    0x0000000077149d85: ntdll!TppWorkerThread+0x0000000000000554
    0x0000000076f259bd: kernel32!BaseThreadInitThunk+0x000000000000000d
    0x000000007715a2e1: ntdll!RtlUserThreadStart+0x000000000000001d
    --------------------------------------
    Handle = 0x0000000000007110 - OPEN
    Thread ID = 0x000000000000946c, Process ID = 0x0000000000003684

    0x000000007717bfba: ntdll!NtCreateEvent+0x000000000000000a
    0x000007fef60b20bb: verifier!AVrfpNtCreateEvent+0x000000000000008b
    0x000007fefd0e2d15: KERNELBASE!CreateEventExW+0x0000000000000061
    0x000007fef60b2281: verifier!AVrfpCreateEventW+0x00000000000000a1
    0x000007feff1fc195: RPCRT4!EVENT::EVENT+0x0000000000000035
    0x000007feff1fc23a: RPCRT4!THREAD::THREAD+0x000000000000002a
    0x000007feff1fc1ec: RPCRT4!ThreadSelfHelper+0x0000000000000028
    0x000007feff1f0b37: RPCRT4!LrpcIoComplete+0x0000000000000121
    0x000000007719290a: ntdll!TppAlpcpExecuteCallback+0x00000000000002cd
    0x0000000077149d85: ntdll!TppWorkerThread+0x0000000000000554
    0x0000000076f259bd: kernel32!BaseThreadInitThunk+0x000000000000000d
    0x000000007715a2e1: ntdll!RtlUserThreadStart+0x000000000000001d
    --------------------------------------
    Displayed 0xb stack traces for outstanding handles opened since the previous snapshot.
    0:2291> lsa KERNELBASE!DuplicateHandle+0x0000000000000035
    0:2291> lsa vds!CVdsCallbackObject::Advise+0x000000000000040b

    how can this be fixed, do i need to get a hotfix from Microsoft ?

    Regards,

    Satbir Bajwa

    Monday, July 11, 2016 5:09 PM

All replies

  • Hi,

    How long was the Duration between the Snapshots. Because the Diff shows Handles open since previous snapshot. In this case, I see 11 handles. That doesn't seem to be a Handle Leak. 

    During the Life time of a Process lot of threads take Birth for executing instructions and also events are triggered. So, it is normal to see Handles to these Objects for a Process.

    Monday, September 5, 2016 9:19 PM