none
Why my thread is blocked when no other thread owned the critical section RRS feed

  • Question

  • I am seeing performance issue in my code, when i took the dump of the application, i see most of threads are waiting for a critical section, that is not owned by any other thread. For example, when i checked the call stack of the one waiting thread and saw the critical section it was not owned by any threads. 

        [+0x000] DebugInfo        : 0xffffffffffffffff [Type: _RTL_CRITICAL_SECTION_DEBUG *]
        [+0x008] LockCount        : -1 [Type: long]
        [+0x00c] RecursionCount   : 0 [Type: long]
        [+0x010] OwningThread     : 0x0 [Type: void *]
        [+0x018] LockSemaphore    : 0x0 [Type: void *]
        [+0x020] SpinCount        : 0xfa0 [Type: unsigned __int64]

    My thread is waiting on the above critical section, but why?

    Monday, December 9, 2019 11:38 PM

All replies

  • Use !process to view all the threads in the process, and it will list the object(s) the threads are waiting on. If there are a lot of threads, you can use !thread on just the threads you're interested in.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, December 10, 2019 12:01 AM
    Moderator
  • I have taken the above output from user mode dump file of a process. Most of the worker threads are waiting for this CS which was not owned by any thread.
    Tuesday, December 10, 2019 3:24 AM
  • The question then becomes, "Who created the CS and what is it used for?" I know of two ways to do this: 1. Windows Performance Analyzer (WPA), 2. Kernel debugger (WinDbg, the one in the Microsoft Store is the best, and it is free). Both have a rather steep learning curve. There are videos on Microsoft's Channel 9 on how to use both techniques (search for "WPA" or "critical section"). Here is one on debugging critical section problems with WinDbg

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, December 10, 2019 3:41 AM
    Moderator
  • I am suspecting that the thread is waiting on wrong object. When i read this 

    "LockSemaphore This field is misnamed; it's really an auto-reset event, not a semaphore. It's a kernel object handle and it's used to signal the operating system that the critical section is now free. The operating system silently creates one of these the first time a thread tries to acquire the critical section, but is blocked by another thread already owning it. You should call DeleteCriticalSection (which issues a CloseHandle call on the event and frees the debug structure if necessary) or a resource leak will occur."

    When i checked the call stack of the thread and examined on what object it is waiting:

    0:044> !handle 00000000000009e4 f
    Handle 00000000000009e4
      Type          Event
      Attributes    0
      GrantedAccess 0x1f0003:
             Delete,ReadControl,WriteDac,WriteOwner,Synch
             QueryState,ModifyState
      HandleCount  2
      PointerCount 65538
      Name          <none>
      Object specific information
        Event Type Auto Reset
        Event is Waiting

    So this auto-reset event handle should be there on the critical section object->LockSemaphore field, (which currently is not) am i correct?' 

    [+0x000] DebugInfo        : 0xffffffffffffffff [Type: _RTL_CRITICAL_SECTION_DEBUG *]
        [+0x008] LockCount        : -1 [Type: long]
        [+0x00c] RecursionCount   : 0 [Type: long]
        [+0x010] OwningThread     : 0x0 [Type: void *]
        [+0x018] LockSemaphore    : 0x0 [Type: void *]
        [+0x020] SpinCount        : 0xfa0 [Type: unsigned __int64]

    Also i am observing most of the critical section object has LockSemaphore either 0 or -1. 

    DebugInfo          = 0x0000024104f32b20
    Critical section   = 0x000002414896f720 (+0x2414896F720)
    NOT LOCKED
    LockSemaphore      = 0xFFFFFFFF
    SpinCount          = 0x0000000000000fa0
    -----------------------------------------
    DebugInfo          = 0x000002417c4f0ea0
    Critical section   = 0x00000241003a02c0 (+0x241003A02C0)
    NOT LOCKED
    LockSemaphore      = 0x0
    SpinCount          = 0x00000000020007d0

    • Edited by Boomi.s Tuesday, December 10, 2019 5:10 AM
    Tuesday, December 10, 2019 5:05 AM