Type something to search...
to navigateto selectESC to close

0x19C.50 Lid

2: kd> .bugcheck
Bugcheck code 0000019C
Arguments 00000000`00000050 ffffbf87`de64a3c0 00000000`00000000 00000000`00000000
2: kd> !thread ffffbf87`de64a3c0
THREAD ffffbf87de64a3c0  Cid 05b8.0768  Teb: 0000004ed26ae000 Win32Thread: ffffbf87ec7e9680 WAIT: (Executive) KernelMode Non-Alertable
    fffff8052f119678  NotificationEvent
IRP List:
    ffffbf87d25fcea0: (0006,0118) Flags: 00060000  Mdl: 00000000
Not impersonating
DeviceMap                 ffff9585e1c49a50
Owning Process            ffffbf87debe7180       Image:         csrss.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      1681451        Ticks: 640 (0:00:00:10.000)
Context Switch Count      304            IdealProcessor: 5
UserTime                  00:00:00.000
KernelTime                00:00:00.062
Win32 Start Address winsrvext!PowerNotificationThread (0x00007ffbd6263950)
Stack Init ffffa784a007f5f0 Current ffffa784a007e520
Base ffffa784a0080000 Limit ffffa784a0079000 Call 0000000000000000
Priority 14  BasePriority 13  IoPriority 2  PagePriority 5
Child-SP          RetAddr               : Args to Child                                                           : Call Site
ffffa784`a007e560 fffff805`2b86c9d5     : 00000000`00000020 00000000`00000000 ffffac01`0e897180 ffffa784`a007e7d0 : nt!KiSwapContext+0x76 [minkernel\ntos\ke\amd64\ctxswap.asm @ 134]
ffffa784`a007e6a0 fffff805`2b86ebb7     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapThread+0xab5 [minkernel\ntos\ke\thredsup.c @ 14700]
ffffa784`a007e7f0 fffff805`2b870ad6     : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x137 [minkernel\ntos\ke\waitsup.c @ 795]
ffffa784`a007e8a0 fffff805`2f270804     : 00000000`00000000 ffffbf87`cc50c180 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x256 [minkernel\ntos\ke\wait.c @ 867]
ffffa784`a007ec40 fffff805`2f1883b8     : ffff5b27`867bc44f ffff9585`00000000 ffffa784`a007efd0 00000000`00015228 : dxgkrnl!DxgkPowerOnOffMonitor+0xa68f8 [onecoreuap\windows\core\dxkernel\dxgkrnl\port\dpfdo.cxx @ 10607]
ffffa784`a007ed70 fffff805`2f1b7d0f     : ffffbf87`ffffffff ffffbf87`d25fcea0 ffffbf87`eba1de70 fffff805`2b8deab1 : dxgkrnl!DpiGdoDispatchInternalIoctl+0x578 [onecoreuap\windows\core\dxkernel\dxgkrnl\port\dpgdo.cxx @ 1297]
ffffa784`a007ee20 fffff805`2b8ec0a5     : 00000000`c0000002 00000000`00000010 00000000`c0000002 00000000`00000010 : dxgkrnl!DpiDispatchInternalIoctl+0xff [onecoreuap\windows\core\dxkernel\dxgkrnl\port\dpport.cxx @ 2789]
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : nt!IopfCallDriver+0x40 (Inline Function @ fffff805`2b8ec0a5) [minkernel\ntos\io\iomgr\mp\objfre\amd64\iomgr.h @ 3709]
ffffa784`a007ef50 ffffd6a2`10f973e0     : 00000000`00000002 ffff9bfd`0fa00000 ffff9585`f6618740 ffffd6a2`10f8e60a : nt!IofCallDriver+0x55 [minkernel\ntos\io\iomgr\iosubs.c @ 3384]
ffffa784`a007ef90 ffffd6a2`1103ee43     : ffff9585`f6618740 ffffa784`a007f130 00000000`00000002 ffffbf87`c72fe670 : win32kbase!GreDeviceIoControlImpl+0x100
ffffa784`a007f030 ffffd6a2`1103ebcf     : ffffa784`a007f2b0 00000000`706d7447 00000000`00000001 00000000`00000000 : win32kbase!DrvSetWddmDeviceMonitorPowerState+0x253
ffffa784`a007f180 ffffd6a2`10f8c93b     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32kbase!DrvSetMonitorPowerState+0x2f
ffffa784`a007f1b0 ffffd6a2`10f8ba76     : 00000000`00000000 ffffa784`a007f2c9 00000000`0000000c 00000000`00000001 : win32kbase!PowerOnMonitor+0x21b
ffffa784`a007f220 ffffd6a2`10f8b634     : ffffbf87`f0150da0 ffffbf87`f0150da0 00000000`00000001 00000000`00000001 : win32kbase!xxxUserPowerEventCalloutWorker+0x33e
ffffa784`a007f330 ffffd6a2`10ae5302     : ffffbf87`de64a3c0 00000000`00000000 00000000`00000020 fffff805`2bd3f5de : win32kbase!xxxUserPowerCalloutWorker+0x264
ffffa784`a007f400 ffffd6a2`10796ed5     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000000f4 : win32kfull!NtUserUserPowerCalloutWorker+0x22
ffffa784`a007f430 fffff805`2ba2bce8     : ffffbf87`000005a2 76e75c5b`7c220000 00000000`00000000 00000000`00000000 : win32k!NtUserUserPowerCalloutWorker+0x15
ffffa784`a007f460 00007ffb`d655c8f4     : 00007ffb`d62639b6 00000050`000000fe 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffa784`a007f460) [minkernel\ntos\ke\amd64\trap.asm @ 3605]
0000004e`d2b7f988 00007ffb`d62639b6     : 00000050`000000fe 00000000`00000000 00000000`00000000 00000000`00000000 : win32u!NtUserUserPowerCalloutWorker+0x14
0000004e`d2b7f990 00007ffb`d900aa65     : 00000000`00000800 80000000`0000000f 00000000`00000000 00000000`00000000 : winsrvext!PowerNotificationThread+0x66
0000004e`d2b7f9c0 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x35 [minkernel\ntdll\rtlstrt.c @ 1162]

Power worker thread is waiting on something, let’s find what it is.

It came from dxgkrnl!DpGlobals+0x1f8

2: kd> dt dxgkrnl!DpGlobals
...
   +0x1f0 NumPendingLidSwitchEvents : 1
   +0x1f8 NoPendingLidSwitchEvent : _KEVENT

This is a KEVENT, judging by its name, NumPendingLidSwitchEvents probably indicates how many outstanding there is, and when all lid switch events are done, the NoPendingLidSwitchEvent is signaled.

No other suspected threads found in dump, I used a live system to find where this event is created.

0: kd> ba w 8 dxgkrnl!DpGlobals+0x1f0
0: kd> g
>>> I close the lid here <<<
Breakpoint 0 hit
dxgkrnl!DpiAcpiCallAcpiEventHandler+0x137:
fffff801`beeca26b 488d0d06f40c00  lea     rcx,[dxgkrnl!DpGlobals+0x1f8 (fffff801`bef99678)]
10: kd> k
 # Child-SP          RetAddr               Call Site
00 ffffaf8f`9a01f050 fffff801`bee9ecc8     dxgkrnl!DpiAcpiCallAcpiEventHandler+0x137 [onecoreuap\windows\core\dxkernel\dxgkrnl\port\dpacpi.cxx @ 94]
01 ffffaf8f`9a01f100 fffff801`81b3e0a9     dxgkrnl!DpiAcpiPowerStateCallback+0x1c9a8 [onecoreuap\windows\core\dxkernel\dxgkrnl\port\dpacpi.cxx @ 1527]
02 ffffaf8f`9a01f130 fffff801`81b3dfcc     nt!ExNotifyWithProcessing+0xc9 [minkernel\ntos\ex\callback.c @ 1093]
03 ffffaf8f`9a01f190 fffff801`82188a92     nt!ExNotifyCallback+0xc [minkernel\ntos\ex\callback.c @ 929]
04 ffffaf8f`9a01f1c0 fffff801`81ecae38     nt!PopBroadcastLegacyLidSwitchChangeCallback+0x42 [minkernel\ntos\po\switch.c @ 662]
05 ffffaf8f`9a01f1f0 fffff801`81ecad0d     nt!PopCallPowerSettingCallback+0xc4 [minkernel\ntos\po\posetting.c @ 905]
06 ffffaf8f`9a01f2d0 fffff801`81ec995c     nt!PopDispatchPowerSettingCallbacks+0xbd [minkernel\ntos\po\posetting.c @ 1933]
07 ffffaf8f`9a01f310 fffff801`81b60a98     nt!PopPolicyWorkerNotify+0x3c [minkernel\ntos\po\pwork.c @ 472]
08 ffffaf8f`9a01f340 fffff801`81a34f85     nt!PopPolicyWorkerThread+0xa8 [minkernel\ntos\po\pwork.c @ 271]
09 ffffaf8f`9a01f380 fffff801`81b07317     nt!ExpWorkerThread+0x155 [minkernel\ntos\ex\worker.c @ 4308]
0a ffffaf8f`9a01f570 fffff801`81c1bcc4     nt!PspSystemThreadStartup+0x57 [minkernel\ntos\ps\psexec.c @ 10885]
0b ffffaf8f`9a01f5c0 00000000`00000000     nt!KiStartSystemThread+0x34 [minkernel\ntos\ke\amd64\threadbg.asm @ 83]

Something something ACPI, which makes sense, lid event came from ACPI stuff.

Search for ACPI in dump.

2: kd> !stacks 2 Acpi
Proc.Thread  .Thread  Ticks   ThreadState Blocker
                            [fffff8052c348f40 Idle]
                            [ffffbf87b95c8040 System]
   4.0001ac  ffffbf87c3ee2080 000003f Blocked    nt!KiSwapContext+0x76
                                        nt!KiSwapThread+0xab5
                                        nt!KiCommitThreadWait+0x137
                                        nt!KeWaitForMultipleObjects+0x306
                                        ACPI!ACPIWorkerThread+0x9a
                                        nt!PspSystemThreadStartup+0x57
                                        nt!KiStartSystemThread+0x34
   4.0001dc  ffffbf87c5be7100 019a9d8 Blocked    nt!KiSwapContext+0x76
                                        nt!KiSwapThread+0xab5
                                        nt!KiCommitThreadWait+0x137
                                        nt!KeWaitForMultipleObjects+0x306
                                        ACPI!PciRootBusBiosMethodDispatcherOnResume+0x57
                                        nt!PspSystemThreadStartup+0x57
                                        nt!KiStartSystemThread+0x34
   4.003704  ffffbf87d9779080 00000a7 Blocked    nt!KiSwapContext+0x76
                                        nt!KiSwapThread+0xab5
                                        nt!KiCommitThreadWait+0x137
                                        nt!KeWaitForSingleObject+0x256
                                        nt!ExpWaitForResource+0x6b
                                        nt!ExpAcquireResourceExclusiveLite+0x317
                                        nt!ExpAcquireResourceExclusiveLite+0x317
                                        nt!ExAcquireResourceExclusiveLite+0x13c
                                        dxgkrnl!DXGADAPTER::AcquireCoreResourceExclusiveWithTracking+0x7f
                                        dxgkrnl!DXGADAPTER::AcquireCoreResourceExclusive+0xcb
                                        dxgkrnl!DXGADAPTER::AcquireCoreSync+0x86
                                        dxgkrnl!DxgkAcquireAdapterCoreSync+0x62
                                        dxgkrnl!DpiAcpiHandleAcpiEvent+0x1cf
                                        dxgkrnl!DpiAcpiHandleAcpiEventWork+0xf4
                                        nt!IopProcessWorkItem+0x8e
                                        nt!ExpWorkerThread+0x155
                                        nt!PspSystemThreadStartup+0x57
                                        nt!KiStartSystemThread+0x34

Waiting on EResource, identify it.

EResource = 0xffffbf87`cc2d2290

Try to find how long have you been waiting, EResource needs a special way to identify wait time.

Time

2: kd> .frame 0n4;dv /t /v
04 ffffa784`a2d66d80 fffff805`2b868317     nt!ExpWaitForResource+0x6b [minkernel\ntos\ex\resource_common.c @ 968]
@rbx              struct _ERESOURCE_COMMON * Resource = 0xffffbf87`cc2d2290
@r13              struct _KWAIT_CHAIN_ENTRY * WaitChainEntry = 0xffffa784`a2d66e48
@r12d             unsigned long WaitType = 0x10224
@r14              <function> * RewaitCallback = 0xfffff805`2b969cc0
@esi              unsigned long WaitCount = 2
ffffa784`a2d66db8 union _LARGE_INTEGER Timeout = {-40000000}
<unavailable>     struct _ERESOURCE_TIMEOUT_WORK_ITEM_CONTEXT * ResourceTimeoutWorkItemContext = <value unavailable>
@edi              unsigned long PerfLogTracingLimit = 2
@eax              long Status = 0n0

0.5s + (2 - 1) * 4s + 2.609s = 7.109s. Seems good ;)

2: kd> !locks 0xffffbf87`cc2d2290
KD: Scanning for held locks.................................................

Resource @ 0xffffbf87cc2d2290    Shared 1 owning threads
    Contention Count = 133
    NumberOfSharedWaiters = 1
    NumberOfExclusiveWaiters = 1
     Threads: ffffbf87e87280c0-01<*> **ffffbf87dd4570c0-01 < Someone else is waiting share**

     Threads Waiting On Exclusive Access:
              **ffffbf87d9779080 < We're waiting for exclusive access**
1 total locks
2: kd> !thread ffffbf87e87280c0
THREAD ffffbf87e87280c0  Cid 10cc.28ac  Teb: 000000f878e68000 Win32Thread: ffffa784a33bef90 WAIT: (Executive) KernelMode Non-Alertable
    ffffbf87f409a658  NotificationEvent
Not impersonating
DeviceMap                 ffff9585ee0295e0
Owning Process            ffffbf87e89090c0       Image:         HPSystemEventUtilityHost.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      1681624        Ticks: 467 (0:00:00:07.296)
Context Switch Count      144            IdealProcessor: 1
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x00007ffb95ebdbc0
Stack Init ffffa784a33bf5f0 Current ffffa784a33bdc60
Base ffffa784a33c0000 Limit ffffa784a33b9000 Call 0000000000000000
Priority 15  BasePriority 4  Unusual Boost 11  IoPriority 2  PagePriority 5
Child-SP          RetAddr               : Args to Child                                                           : Call Site
ffffa784`a33bdca0 fffff805`2b86c9d5     : 00000000`00000020 00000000`00000000 ffffbf87`e8728880 ffffac01`0e563180 : nt!KiSwapContext+0x76 [minkernel\ntos\ke\amd64\ctxswap.asm @ 134]
ffffa784`a33bdde0 fffff805`2b86ebb7     : ffffac01`0e563180 fffff805`2ba20527 ffffbf87`e89090c0 00000000`00000000 : nt!KiSwapThread+0xab5 [minkernel\ntos\ke\thredsup.c @ 14700]
ffffa784`a33bdf30 fffff805`2b870ad6     : ffff9585`00000000 ffff9585`00000001 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x137 [minkernel\ntos\ke\waitsup.c @ 795]
ffffa784`a33bdfe0 fffff805`285dbdc8     : ffffbf87`f409a610 ffffbf87`f409a610 ffffbf87`c64fe1e8 ffffbf87`c64fe1f0 : nt!KeWaitForSingleObject+0x256 [minkernel\ntos\ke\wait.c @ 867]
ffffa784`a33be380 fffff805`285d05f7     : ffffa784`a33be600 00000000`00000000 00000000`40000c80 ffff9585`f6d8bd70 : dxgmms2!VIDMM_GLOBAL::CloseOneAllocation+0xf8 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 5302]
ffffa784`a33be4d0 fffff805`2854268a     : 00000000`00000000 ffff9585`f6d8bd70 ffffa784`a33be6e0 00000000`00000000 : dxgmms2!VIDMM_GLOBAL::CloseAllocation+0xc3 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 5111]
ffffa784`a33be520 fffff805`2f18eed3     : 00000000`00000000 ffff9585`f581da40 00000000`0000000b 00000000`00000000 : dxgmms2!VidMmCloseAllocation+0x1a [onecoreuap\windows\core\dxkernel\dxgkrnl\inc\dxgmms.hxx @ 1178]
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : dxgkrnl!VIDMM_EXPORT::VidMmCloseAllocation+0x28 (Inline Function @ fffff805`2f18eed3) [onecoreuap\windows\core\dxkernel\dxgkrnl\inc\mmsthunk.hxx @ 1776]
ffffa784`a33be560 fffff805`2f18eb8e     : ffff9585`f427b010 fffff805`2f16024e ffff9585`f427b010 ffff9585`f427b100 : dxgkrnl!DXGDEVICE::DestroyAllocations+0x323 [onecoreuap\windows\core\dxkernel\dxgkrnl\core\alloc.cxx @ 1552]
ffffa784`a33be830 fffff805`2f16044e     : ffff9585`f427b010 00000000`00000000 ffff9585`f427b200 00000000`00000000 : dxgkrnl!DXGDEVICE::DrainAllocations+0x5e [onecoreuap\windows\core\dxkernel\dxgkrnl\core\device.cxx @ 8468]
ffffa784`a33be890 fffff805`2f160f8f     : ffff9585`f427b010 ffff9585`f5bb9c00 ffffbf87`eea6dc80 ffffa784`a33bea38 : dxgkrnl!DXGDEVICE::DestroyAllDeviceState+0x1c6 [onecoreuap\windows\core\dxkernel\dxgkrnl\core\device.cxx @ 888]
ffffa784`a33be900 fffff805`2f1730aa     : 00000000`00000000 ffffa784`a33bea80 ffff9585`f427b010 ffff9585`f6d8beb0 : dxgkrnl!ADAPTER_RENDER::DestroyDevice+0x103 [onecoreuap\windows\core\dxkernel\dxgkrnl\core\adapterrender.cxx @ 1951]
ffffa784`a33be980 fffff805`2f172a30     : ffff9585`f6d8bd70 00000000`00000000 00000000`00040002 00000000`00000000 : dxgkrnl!DXGPROCESS::Destroy+0x45a [onecoreuap\windows\core\dxkernel\dxgkrnl\core\process.cxx @ 2026]
ffffa784`a33beb20 fffff805`2f171887     : ffff9585`f6d8bd70 ffff9585`f6d8bd70 00000000`ffffffff ffffbf87`caf02170 : dxgkrnl!DXGPROCESS::DestroyDxgProcess+0x13c [onecoreuap\windows\core\dxkernel\dxgkrnl\core\process.cxx @ 116]
ffffa784`a33becb0 ffffd6a2`107917d9     : 00000000`00000000 00000000`00000000 00000000`00001000 ffffa784`a33bed48 : dxgkrnl!DxgkProcessCallout+0x237 [onecoreuap\windows\core\dxkernel\dxgkrnl\core\process.cxx @ 385]
ffffa784`a33bee50 ffffd6a2`10fb5dba     : 00000000`000010cc 00000000`00000000 ffffd6a2`111bba20 00000000`00000000 : win32k!DxDdProcessCallout+0x69
ffffa784`a33bee80 ffffd6a2`10a7996d     : ffff9585`f065c610 ffffbf87`e89090c0 00000000`00000000 ffffa784`a33bf1c8 : win32kbase!GdiProcessCallout+0x2ca
ffffa784`a33bef00 ffffd6a2`11050dd1     : 00000000`00000000 00000000`00000001 ffffa784`a33bf1c8 00000000`00000000 : win32kfull!W32pProcessCallout+0x8d
ffffa784`a33bef40 ffffd6a2`107910cb     : 00000000`00000000 00000000`00000000 ffffbf87`d75d8890 fffff805`2bdc04b8 : win32kbase!W32CalloutDispatch+0x3a1
ffffa784`a33bf090 fffff805`2bd24881     : ffffa784`a33bf1c8 00000000`00000000 fffff805`2c237c60 ffff9585`f1715b60 : win32k!W32CalloutDispatchThunk+0x2b
ffffa784`a33bf0c0 fffff805`2bd247e3     : 00000000`00000000 ffffa784`a33bf2b9 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x3d [minkernel\ntos\ex\callback.c @ 1654]
ffffa784`a33bf0f0 fffff805`2bcdc5b9     : ffffbf87`d75d8890 00000000`00000000 ffffa784`00000000 00000000`00000000 : nt!PsInvokeWin32Callout+0x33 [minkernel\ntos\ps\callback.c @ 1754]
ffffa784`a33bf120 fffff805`2bdcde78     : 00000000`ffffffff ffffa784`a33bf301 ffffbf87`00000100 ffffbf87`ddebf3c0 : nt!PspExitThread+0x5e5 [minkernel\ntos\ps\psdelete.c @ 2466]
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : nt!PsExitCurrentUserThread+0x14 (Inline Function @ fffff805`2bdcde78) [minkernel\ntos\ps\psdelete.c @ 1956]
ffffa784`a33bf220 fffff805`2b90ba3d     : 000002c2`427f86e0 00000000`00000004 ffffa784`a33bf460 ffffa881`61213fc0 : nt!KiSchedulerApcTerminate+0x38 [minkernel\ntos\ke\thredsup.c @ 11838]
ffffa784`a33bf260 fffff805`2ba1cf20     : 00000000`00000001 ffffa784`a33bf320 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x47d [minkernel\ntos\ke\apcsup.c @ 514]
ffffa784`a33bf320 fffff805`2ba2bd8f     : ffffbf87`e87280c0 ffffbf87`ce3dd060 00000000`00000000 00000000`00000000 : nt!KiInitiateUserApc+0x70 [minkernel\ntos\ke\amd64\apcint.asm @ 165]
ffffa784`a33bf460 00007ffb`d904f3f4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f (TrapFrame @ ffffa784`a33bf460) [minkernel\ntos\ke\amd64\trap.asm @ 3639]
000000f8`7abff9b8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!ZwWaitForSingleObject+0x14 [minkernel\ntdll\daytona\objfre\amd64\usrstubs.asm @ 251]

2: kd> .frame 0n4;dv /t /v
04 ffffa784`a33be380 fffff805`285d05f7     dxgmms2!VIDMM_GLOBAL::CloseOneAllocation+0xf8 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 5302]
@r14              class VIDMM_GLOBAL * this = 0xffffbf87`ebcca000
@rbx              struct VIDMM_ALLOC * pAlloc = 0xffffbf87`f409a610
@r15              struct _VIDMM_LOCAL_ALLOC ** DeferredFreeHandle = 0x00000000`00000000
@edi              unsigned char bFailIfBusy = 0x00 ''
ffffa784`a33be4f0 struct _D3DDDICB_DESTROYALLOCATION2FLAGS DestroyFlags = struct _D3DDDICB_DESTROYALLOCATION2FLAGS
ffffa784`a33be4f8 struct _KEVENT ** TerminationEvent = 0x00000000`00000000
ffffa784`a33be4e0 unsigned int AllocationHandle = 0x40000c80
ffffa784`a33be4d8 unsigned int ResourceHandle = 0
ffffa784`a33be400 class VIDMM_DEVICE * pVidMmDevice = 0xffffbf87`ef1561b0
@rsi              struct _VIDMM_GLOBAL_ALLOC * GlobalAlloc = 0xffff9585`f6986720
<unavailable>     void * hProcessAllocDetails = <value unavailable>
ffffa784`a33be410 void * PrivateRuntimeResourceHandle = 0x00000000`00000000
ffffa784`a33be408 void * pVirtualAddress = 0x000002c2`36580000
<unavailable>     struct _WD_LOGENTRY * pEntry = <value unavailable>
<unavailable>     struct _WD_LOGENTRY * pEntry = <value unavailable>
ffffa784`a33be430 struct _VIDMM_SYSTEM_COMMAND SystemCommand = struct _VIDMM_SYSTEM_COMMAND
<unavailable>     class CVirtualAddressAllocator * pVaAllocator = <value unavailable>
2: kd> dx -id 0,0,ffffbf87debe7180 -r1 ((dxgmms2!VIDMM_ALLOC *)0xffffbf87f409a610)
((dxgmms2!VIDMM_ALLOC *)0xffffbf87f409a610)                 : 0xffffbf87f409a610 [Type: VIDMM_ALLOC *]
    [+0x000] LocalAlloc       : 0xffff9585f6d59490 [Type: _VIDMM_LOCAL_ALLOC *]
    [+0x008] VidMmDevice      : 0xffffbf87ef1561b0 [Type: VIDMM_DEVICE *]
    [+0x010] DxgAllocation    : 0xffff9585f581da40 [Type: DXGALLOCATION *]
    [+0x018] ReadOnly         : 0x0 [Type: unsigned char]
    [+0x019 ( 0: 0)] Pinned           : 0x0 [Type: unsigned char]
    [+0x019 ( 1: 1)] AsyncUnpinScheduled : 0x0 [Type: unsigned char]
    [+0x019 ( 2: 2)] AsyncUnpinCancelled : 0x0 [Type: unsigned char]
    [+0x01a] VirtualAddressRangeCommitted : 0x0 [Type: unsigned char]
    [+0x01b] MakeResidentCountedCharge : 0x0 [Type: unsigned char]
    [+0x01c ( 1: 0)] State            : VidMmAllocFaulted (0x1) [Type: _VIDMM_ALLOC_STATE]
    [+0x01c ( 2: 2)] Terminated       : 0x0 [Type: unsigned long]
    [+0x01c ( 3: 3)] Shareable        : 0x0 [Type: unsigned long]
    [+0x01c ( 4: 4)] HasCommitmentReference : 0x0 [Type: unsigned long]
    [+0x01c ( 5: 5)] VidMmAllocDebug  : 0x0 [Type: unsigned long]
    [+0x01c ( 6: 6)] AllocInitialized : 0x1 [Type: unsigned long]
    [+0x020 ( 0: 0)] Terminating      : 0x1 [Type: unsigned long]
    [+0x020 ( 1: 1)] TerminatingOnSyncPoint : 0x0 [Type: unsigned long]
    [+0x020 ( 7: 2)] PhysicalAdapterIndex : 0x0 [Type: unsigned long]
    [+0x024 ( 0: 0)] CountsAgainstPreferredBudget : false [Type: bool]
    [+0x028] AllocListEntry   [Type: _LIST_ENTRY]
    [+0x038] CommittedListEntry [Type: _LIST_ENTRY]
    [+0x038] FaultedListEntry [Type: _LIST_ENTRY]
    [+0x038] TrimmedListEntry [Type: _LIST_ENTRY]
    [+0x048] TerminationEvent [Type: _KEVENT]
    [+0x060] pGlobalData      : 0xffffbf87cefd1b10 [Type: _VIDMM_GLOBAL_ALLOC_NONPAGED *]
    [+0x068] PresentQueueReferences [Type: InterlockedCounterWithHistory]
    [+0x070] ResidencyListEntry [Type: _LIST_ENTRY]
    [+0x080] AllocMappedVaRangeListHead [Type: _LIST_ENTRY]
    [+0x090] IoMmuVirtualAddress : 0x0 [Type: void *]
    [+0x098] ResidencyReferenceCount : 1 [Type: long]
    [+0x09c] DMAReferences    : 0 [Type: long]
    [+0x0a0] PagingPacketReferenceCount : 0 [Type: long]
    [+0x0a4] PendingEvictionCount : 0 [Type: long]
    [+0x0a8] PagingPacketReferenceCountEvent [Type: _KEVENT]
    [+0x0c0] Tracker          : 0x0 [Type: DXGTERMINATIONTRACKER *]
    [+0x0c8] TerminationListEntry [Type: _LIST_ENTRY]
    [+0x0d8] PendingOfferListEntry [Type: _LIST_ENTRY]
    [+0x0e8] AllocRundownProtection [Type: _EX_RUNDOWN_REF]

When checked with live system, every time it calls into the routine this event has already been signaled.

Now I really don’t know where to go from here.. BUT!

dxgmms2!VIDMM_GLOBAL has a worker thread we could check out, from past experience, it is usually related to the worker thread needing to do stuff. So we could check the worker thread status first.

2: kd> .frame 0n5;dv /t /v
05 ffffa784`a33be4d0 fffff805`2854268a     dxgmms2!VIDMM_GLOBAL::CloseAllocation+0xc3 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 5111]
@r14              class VIDMM_GLOBAL * this = 0xffffbf87`ebcca000
@rsi              struct _VIDMM_MULTI_ALLOC * MultiAlloc = 0xffffbf87`f409a610
@bpl              unsigned char bFailIfBusy = 0x00 ''
@rdi              struct _VIDMM_LOCAL_ALLOC ** DeferredFreeHandle = 0x00000000`00000000
ffffa784`a33be540 struct _D3DDDICB_DESTROYALLOCATION2FLAGS DestroyFlags = struct _D3DDDICB_DESTROYALLOCATION2FLAGS
ffffa784`a33be548 struct _KEVENT ** TerminationEvent = 0x00000000`00000000
ffffa784`a33be528 class DXGPROCESSVIDMMLOCK VidMmLock = class DXGPROCESSVIDMMLOCK
@eax              long ntStatus = 0n0
2: kd> dx -id 0,0,ffffbf87debe7180 -r1 ((dxgmms2!VIDMM_GLOBAL *)0xffffbf87ebcca000)
((dxgmms2!VIDMM_GLOBAL *)0xffffbf87ebcca000)                 : 0xffffbf87ebcca000 [Type: VIDMM_GLOBAL *]
    [+0x000] _WorkerThread    : 0xffff9585e94c5050 [Type: VIDMM_WORKER_THREAD *]
    [+0x008] _CurrentOperation : VidMmOpPageInDevice (116) [Type: _VIDMM_OPERATION]
    [+0x010] _pRenderCore     : 0xffffbf87d5de7810 [Type: ADAPTER_RENDER *]
    [+0x018] _pDxgAdapter     : 0xffffbf87ebacd000 [Type: DXGADAPTER *]
    [+0x020] _DriverVersion   : 0x11005 [Type: unsigned long
2: kd> dx -id 0,0,ffffbf87debe7180 -r1 ((dxgmms2!VIDMM_WORKER_THREAD *)0xffff9585e94c5050)
((dxgmms2!VIDMM_WORKER_THREAD *)0xffff9585e94c5050)                 : 0xffff9585e94c5050 [Type: VIDMM_WORKER_THREAD *]
    [+0x000] _VidMmGlobal     : 0xffffbf87ebcca000 [Type: VIDMM_GLOBAL *]
    [+0x008] _KernelThread    : 0xffffbf87de47b3c0 [Type: _KTHREAD *]
    [+0x010] _SelectedDevice  : 0xffffbf87e58fe3d0 [Type: VIDMM_DEVICE *]
2: kd> !thread 0xffffbf87de47b3c0
THREAD ffffbf87de47b3c0  Cid 0004.055c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
    ffffbf87ce8d0ee0  SynchronizationEvent
Not impersonating
DeviceMap                 ffff9585ebf8b8b0
Owning Process            ffffbf87b95c8040       Image:         System
Attached Process          ffffbf87ec352180       Image:         dwm.exe
Wait Start TickCount      1681625        Ticks: 466 (0:00:00:07.281)
Context Switch Count      6143           IdealProcessor: 7
UserTime                  00:00:00.000
KernelTime                00:00:00.343
Win32 Start Address dxgmms2!VidMmWorkerThreadProc (0xfffff805285f6620)
Stack Init ffffa7849fd6f5f0 Current ffffa7849fd6e180
Base ffffa7849fd70000 Limit ffffa7849fd69000 Call 0000000000000000
Priority 15  BasePriority 15  IoPriority 2  PagePriority 5
Child-SP          RetAddr               : Args to Child                                                           : Call Site
ffffa784`9fd6e1c0 fffff805`2b86c9d5     : ffffac01`0eb98180 00000000`00000000 ffffbf87`b9610040 00000000`00000000 : nt!KiSwapContext+0x76 [minkernel\ntos\ke\amd64\ctxswap.asm @ 134]
ffffa784`9fd6e300 fffff805`2b86ebb7     : 00000000`00000000 fffff805`2ba44bc9 ffffbf87`e37ea698 00000000`00000000 : nt!KiSwapThread+0xab5 [minkernel\ntos\ke\thredsup.c @ 14700]
ffffa784`9fd6e450 fffff805`2b870ad6     : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x137 [minkernel\ntos\ke\waitsup.c @ 795]
ffffa784`9fd6e500 fffff805`285daee9     : ffff9585`ecc80e00 ffff9585`ecc80e00 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x256 [minkernel\ntos\ke\wait.c @ 867]
ffffa784`9fd6e8a0 fffff805`285e908d     : 00000000`0000025e ffffbf87`00000000 ffffbf87`ebcca000 00000000`00000000 : dxgmms2!VIDMM_GLOBAL::WaitForFences+0x1b9 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 17187]
ffffa784`9fd6e9f0 fffff805`285f41e5     : 00000000`00020000 ffffbf87`ebcca000 ffffa784`9fd6ef18 ffffa784`9fd6ef28 : dxgmms2!VIDMM_GLOBAL::xWaitForAllPagingEngines+0x5d [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 17019]
ffffa784`9fd6ea40 fffff805`286391cf     : 00000000`00020000 ffffa784`9fd6ef18 ffffa784`9fd6eaa0 ffffbf87`ec352180 : dxgmms2!VIDMM_GLOBAL::WaitForAllPagingEngines+0x45 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 16934]
ffffa784`9fd6ea80 fffff805`2c02f63b     : 00000000`00000000 ffffbf87`eca189d0 ffffbf87`ce878e20 00000000`00000000 : dxgmms2!VIDMM_MEMORY_SEGMENT::RotateFrameBufferCopyCallback+0x10f [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmlmseg.cxx @ 3265]
ffffa784`9fd6eb00 fffff805`2c02fa7b     : fffff805`2c26afc0 ffffbf87`eca189d0 ffffa784`9fd6ec40 ffffbf87`ce878e20 : nt!MiRotateToFrameBuffer+0x22b [minkernel\ntos\mm\vidsup.c @ 1351]
ffffa784`9fd6ebc0 fffff805`28635fcc     : 00000000`00000000 fffff805`2c26afc0 00000000`00000000 fffff805`2b880b97 : nt!MmRotatePhysicalView+0x13b [minkernel\ntos\mm\vidsup.c @ 735]
(Inline Function) --------`--------     : --------`-------- --------`-------- --------`-------- --------`-------- : dxgmms2!VidMmiDebugRotate+0x2b (Inline Function @ fffff805`28635fcc) [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmrecycleheap.cxx @ 145]
ffffa784`9fd6ec40 fffff805`28635bb2     : 00000233`6fc80000 00000000`00000003 00000000`00000000 ffffbf87`ce878e20 : dxgmms2!VIDMM_RECYCLE_MULTIRANGE::Rotate+0x3c0 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmrecycleheap.cxx @ 3661]
ffffa784`9fd6ed10 fffff805`28626e57     : ffffbf87`d8850810 ffff9585`ecc80d60 ffffbf87`d2421d68 00000000`00000001 : dxgmms2!VIDMM_RECYCLE_HEAP_MGR::Rotate+0xb2 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmrecycleheap.cxx @ 10336]
ffffa784`9fd6eda0 fffff805`28639aa6     : ffff9585`ecc5cb90 ffff9585`ecc80d60 ffff9585`ecc80d60 00000000`00000000 : dxgmms2!VIDMM_GLOBAL::Rotate+0x7b [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 31292]
ffffa784`9fd6ee10 fffff805`2863820b     : ffff9585`ecc80d60 00000000`00000000 ffffbf87`d2421f58 ffffbf87`d2421d60 : dxgmms2!VIDMM_MEMORY_SEGMENT::TransferToSegment+0x1c2 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmlmseg.cxx @ 658]
ffffa784`9fd6ef90 fffff805`285d97d3     : ffff9585`e94d0008 00000000`00000000 ffffbf87`ebcca000 00000000`00000000 : dxgmms2!VIDMM_MEMORY_SEGMENT::CommitResource+0x19b [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmlmseg.cxx @ 1255]
ffffa784`9fd6f010 fffff805`285c48fb     : ffffbf87`f409b110 ffff9585`f6d59990 00000000`00000000 ffffbf87`e58fe3d0 : dxgmms2!VIDMM_GLOBAL::PageInOneAllocation+0x763 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 18215]
ffffa784`9fd6f150 fffff805`285e0f42     : ffffbf87`ecc81010 00000000`00000002 ffffbf87`e58fe3d0 00000000`00000000 : dxgmms2!VIDMM_GLOBAL::PageInFaultedAllocation+0xbb [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 18724]
ffffa784`9fd6f1b0 fffff805`285e100c     : ffffbf87`ebcca000 ffffa784`9fd6f341 ffffbf87`e58fe301 ffffa784`9fd6f341 : dxgmms2!VIDMM_GLOBAL::PageInDeviceInternal+0x19a [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 18930]
ffffa784`9fd6f240 fffff805`285e123b     : ffffa784`9fd6f368 00000000`00000000 ffffbf87`e58fe3d0 fffff805`285583dc : dxgmms2!VIDMM_GLOBAL::TryPageInDevice+0x50 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmglobal.cxx @ 18674]
ffffa784`9fd6f280 fffff805`285f856a     : fffff805`28599a74 ffffa784`9fd6f3f0 00000000`00000000 ffff9585`e94c5050 : dxgmms2!VIDMM_DEVICE::Resume+0x87 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmdevice.cxx @ 1035]
ffffa784`9fd6f2f0 fffff805`285f6629     : ffff9585`e94c5050 ffffbf87`b9570001 ffffbf87`de47b301 ffffbf87`00000001 : dxgmms2!VIDMM_WORKER_THREAD::Run+0x1f2a [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmworker.cxx @ 2138]
ffffa784`9fd6f540 fffff805`2b907317     : ffffbf87`de47b3c0 fffff805`285f6620 ffff9585`e94c5050 005fe07f`b8bbbdff : dxgmms2!VidMmWorkerThreadProc+0x9 [onecoreuap\windows\core\dxkernel\dxgkrnl\dxgmms2\vidmm\mmworker.cxx @ 51]
ffffa784`9fd6f570 fffff805`2ba1bcc4     : ffffac01`0e897180 ffffbf87`de47b3c0 fffff805`2b9072c0 b30f4100`018ce185 : nt!PspSystemThreadStartup+0x57 [minkernel\ntos\ps\psexec.c @ 10885]
ffffa784`9fd6f5c0 00000000`00000000     : ffffa784`9fd70000 ffffa784`9fd69000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34 [minkernel\ntos\ke\amd64\threadbg.asm @ 83]

Ok, we’re probably waiting on a fence, which fences are usually reported with ISR + DPCs.

Tags :

Related Posts

0x19C.50 Stx S3S4Restart

6: kd> .bugcheck Bugcheck code 0000019C Arguments 00000000`00000050 ffff800b`a18fa380 00000000`00000000 00000000`000000006: kd> .thread

read more

0x9F.3 Strix Stress ACP

6: kd> .bugcheck Bugcheck code 0000009F Arguments 00000000`00000003 ffff948f`e9be4060 ffffe381`3d0ef040 ffff948f`ee90eba06: kd> !addrMap

read more

0x19C.50 Stx S4 Resume Video Playing

5: kd> .bugcheck Bugcheck code 0000019C Arguments 00000000`00000050 ffff808e`23621380 00000000`00000000 00000000`000000005: kd> !thread

read more

0x133.1 3xW6400 PBR

0: kd> .bugcheck Bugcheck code 00000133 Arguments 00000000`00000001 00000000`00001e00 fffff807`0a91c340 00000000`000000000: kd> !corelis

read more

0x9F.3 Strix S4

5: kd> .bugcheck Bugcheck code 0000009F Arguments 00000000`00000003 ffff800f`943e4360 ffffc906`fbaa7178 ffff800f`a4a6c7505: kd> !irp ffff

read more

0x50 AcpBt EBox Plug In

Issue Description Repro step:Boot system without EBOX connected normally connect EBOX with RTX3060 Wait 5s System BSODIssue CND if

read more

0x0 Live AcpWdfWorkItem Leak

Customer observed higher memory usage after using Edge to play music overnight. Captured live dump after playing music for a while. 0: kd> !p

read more

0x0 Live Lid Close Open Screen Dim

Symptom The display dims automatically 5s after lid close → open. Issue occurs only on SKUs with ToF sensor (HPD). Display Connect a live syste

read more

0x9F.3 Gfx Stuck Cause Acp PoIrp Timeout

5: kd> .bugcheck Bugcheck code 0000009F Arguments 00000000`00000003 ffffcf07`04d3caf0 ffffcd04`6bb4f010 ffffcf07`0dec88a0 9: kd> k # Child-SP

read more

0x19C.50 WuReject PostT7Delay

In dce110_edp_backlight_control, we request a wait of "post_T7_delay". This wait was n

read more

0x133.0 NPU Line Interrupt

The BSOD sequence of event looks like this:OS is starting up NPU device.Something w

read more

Session Space

When debugging Windows kernels, sometimes you see addresses that “looks” like kernel space memory. It begins with 0xffff, resides within module presen

read more

!pte "Levels not implemented for this platform"

!pte command comes from extension kdexts.dll, which is bundled with debuggers for Windows package. The command performs machine type check with t

read more

Recursively Debug User-Mode Child Process

When you enable “debug child process” in WinDbg, it only attempts to debug the children. 0:000> sxe -c ".childdbg 1;bu wlanapi!WlanQueryInterfac

read more

Rundown Protection

Acquire with nt!ExAcquireRundownProtection. 0: kd> uf fffff802`148c8d80 nt!ExAcquireRundownProtection [minkernel\ntos\ex\rundown.c @ 333]: 3

read more

DISPATCHER_HEADER

See DISPATCHER_HEADER (geoffchappell.com)

read more

Power IRP Source

All Windows drivers / component / internally dispatch Power IRP with the routine. 0: kd> dt nt!PoRequestPowerIrp PoRequestPowerIrp long ( _D

read more

WDF

WDF is object based, the objects have to be created and manipulated by function calls to WDF itself. WDF objects are used by handles! Not their ptr t

read more

WinDbg System Uptime

Trace print code of “System Uptime” unicode string. 0:007> !for_each_module s-u @#Base @#End "System Uptime" 00007ffe`d8ec8e30 0053 0079 0073

read more

NT Wait Times

NT Wait Time OS store shared data as nt!_KUSER_SHARED_DATA . It is always mapped to 0xfffff78000000000 in all process. It is done through page t

read more

Self-Signed WHQL Certificate for Testing

Root Certificate $params = @{ Type = 'Custom' SerialNumber = '28cc3a25bfba44ac449a9b586b4339aa' KeyAlgorithm = 'RSA' HashAlgo

read more

When entering S3/S4, GFX receives D0 request

What is the D0? Set BP on our handler, and filter by cond BP for set power state 12: kd> bl 0 e Disable Clear fffff802`7b359020 000

read more