在windows 8下开发程序时,我们团队发现如果在UI程序中使用过多的控件层会导致windows蓝屏死机,错误号为0x7f(0x00000008, xxx, 0x00000000, 0x00000000)。在参考了这篇文章和这篇文章之后,我们确认我们遇到了内核堆栈溢出问题。并且方法win32k!xxxDCEWindowHitTest /2 消耗了 75% 的内核堆栈。我们确信这只会在 Windows 8 下发生。欢迎任何想法。谢谢。
Spy++ 结果是这样的:
内核栈是这样的:
0: kd> !analyze -v ****************************************** ************************************* * * * 错误检查分析 * * * ***** ****************************************************** ************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 803f6000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
TSS: 00000028 -- (.tss 0x28)
.tss 0x28
eax=c635fd8e ebx=825f1120 ecx=b241e0a0 edx=ffd014b8 esi=00000000 edi=b241e144
eip=80e1e16a esp=b241e000 ebp=b241e08c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
hal!HalpInterruptSendIpi+0x1c:
80e1e16a 56 push esi
.trap
Resetting default scope
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: GCPHost.exe
CURRENT_IRQL: 2
MANAGED_STACK: !dumpstack -EE
!dumpstack -EE
No export dumpstack found
LAST_CONTROL_TRANSFER: from 80e1dcaa to 80e1e16a
STACK_TEXT:
b241e08c 80e1dcaa 000000e1 810781c8 00000000 hal!HalpInterruptSendIpi+0x1c
b241e0ac 80e1dbdb 00000000 b241e144 000000e1 hal!HalRequestIpiSpecifyVector+0x78
b241e0c0 80f189d9 00000000 b241e144 81066120 hal!HalRequestIpi+0x15
b241e0d4 80fe9e0e 81066120 86d4f138 00000000 nt!KiIpiSend+0x31
b241e154 80ec35fb 83f7cb88 b241e224 00000000 nt!KiDeferredReadyThread+0x336
b241e1a8 81009a19 00fb3660 00000000 86d4f040 nt!KeReleaseSemaphoreEx+0x309
b241e244 810170ff 83f7cb88 840f54c0 93f8a2a6 nt!ExpReleaseResourceForThreadLite+0x6dd
b241e250 93f8a2a6 df695373 00000000 00000084 nt!ExReleaseResourceAndLeavePriorityRegion+0xd
b241e2c8 93f8a0bf 00000000 00000000 00000000 win32k!SfnDWORD+0x111
b241e31c 93f7c2f7 a746bef8 00000084 00000000 win32k!xxxSendMessageToClient+0xb4
b241e3c8 93f7c7c2 a746bef8 00000084 00000000 win32k!xxxSendMessageTimeout+0x115
b241e3f0 93f71226 a746bef8 00000084 00000000 win32k!xxxSendMessage+0x2c
b241e494 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x287
b241e4d0 93f711bd a746bef8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241e584 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241e5c0 93f711bd a746a0c8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241e674 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241e6b0 93f711bd a74662b8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241e764 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241e7a0 93f711bd a74631d8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241e854 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241e890 93f711bd a7463100 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241e944 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241e980 93f711bd a7463030 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241ea34 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ea70 93f711bd a7462f60 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241eb24 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241eb60 93f711bd a742cc90 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241ec14 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ec50 93f711bd a7462e90 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241ed04 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ed40 93f711bd a7462dc0 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241edf4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ee30 93f711bd a746bba8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241eee4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ef20 93f711bd a746bad8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241efd4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f010 93f711bd a7414db8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f0c4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f100 93f711bd a746ba08 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f1b4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f1f0 93f711bd a746b500 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f2a4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f2e0 93f711bd a746a4c8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f394 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f3d0 93f711bd a7414f58 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f484 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f4c0 93f711bd a7414e88 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f574 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f5b0 93f711bd a7465f18 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f664 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f6a0 93f711bd a7465e48 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f754 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f790 93f711bd a74643c8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f844 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f880 93f711bd a74642d8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241f934 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241f970 93f711bd a7464208 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fa24 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241fa60 93f711bd a7462b98 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fb14 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241fb50 93f711bd a745f9d8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fc04 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241fc40 93f711bd a74660e8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fcf4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241fd30 93f711bd a745f838 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fde4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241fe20 93f711bd a745ee60 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241fed4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b241ff10 93f711bd a744c0b0 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b241ffc4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b2420000 93f711bd a74193b8 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b24200b4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
b24200f0 93f711bd a7417520 00000200 00000000 win32k!xxxDCEWindowHitTest+0x6b
b24201a4 93f449bd 00000200 00000000 00e20253 win32k!xxxDCEWindowHitTest2+0x21e
STACK_COMMAND: .tss 0x28 ; kb
FOLLOWUP_IP:
win32k!SfnDWORD+111
93f8a2a6 8b350c801194 mov esi,dword ptr [win32k!_imp__PsGetCurrentThreadWin32Thread (9411800c)]
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: win32k!SfnDWORD+111
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 50f77916
BUCKET_ID_FUNC_OFFSET: 111
FAILURE_BUCKET_ID: 0x7f_8_win32k!SfnDWORD
BUCKET_ID: 0x7f_8_win32k!SfnDWORD
Followup: MachineOwner
---------