memory leak when running the windbg script

0
votes
 .foreach (runtime {!da 00000086c74c3b70 })
{                                                
    .foreach(obj {!dumpobj  poi(poi(${runtime})+0x8)})

    {
         .if(0 == $sicmp("${obj}", "abcdxxxxxxx"))
         {

           .echo *****
           !dumpobj  poi(poi(${runtime})+0x8)
           !dumpobj  poi(${runtime})
           !dumpobj  poi(${runtime}+0x8)                                                     
           .echo *****
          }

    }   
}

I run the code above by windbg, and the windbg process consumed almost all of my PC memory(6G), and wouldn't released it even the above script ran done. BTW,the results of !da 00000086c74c3b70 is about 8000 rows My questions is how to release the memory or prevent the memory leak?

1
memory-leakswindbg
.foreach ... !dumpobj doesn't seem to make sense. `!dumpobj´ works on a single object. What do you expect to loop over? How large is the dump? Are 6 GB roughly equal to the size of the dump? Depending on what memory is accessed, WinDbg may read those portions of the dump into memory and it'll be handled like in any other program. - Thomas Weller
The size of the dump is around 1G, each elements of the array is bucket, which has following layout, private struct bucket{ public object key; public object val; public int hash_coll;} And the type of the key ,which is one of the field of bucket, is class, which contains a string field.So the result of the poi(poi(${runtime})+0x8)} is the address of string instance for one of fields of key , so the results of !dumpobj poi(poi(${runtime})+0x8) contains many fields besides the string constant itself, so I used the .foreach(obj {!dumpobj poi(poi(${runtime})+0x8)}) to filter. - Jason
BTW, I reference the following URL to write the windbg script debuggingtoolbox - Jason
@Jason It is well known that WinDbg leaks. As you have found out, it becomes more apparent in scripts that output / parse large volumes of data. As far as I know, there is nothing that you can do about it. There is no manual memory release commands. Not ideal, but when this happens to me, I usually quite and restart the debugging session. You could try reporting it to Microsoft, but I wouldn't expect a timely fix; I've been seeing this issue for a number of years now. - Dono
@dono the people who watch [email protected] right from DrewBliss to Andyluhrs do acknowledge and revert back if you report problems with specific steps to reproduce the issue vague unreproducible absolute statements may not elicit responses - blabb

1 Answers

0
votes

lets go step by step the result of !da is as follows
how can you do .foreach on this without filtering

.foreach will be passing Name: , System.Int32 , MethodTable , 621ff680 ....
[0] ,,, [n] , [actual address] in your script and no wonder windbg
tries like hell to read crap from Name , System.int32 strings and trying to dump them as an object
i would say even if you have 60 gb it wouldnt be sufficient if you do .foreach like this take some time to read the docs 

0:004> !da 016e1da4
Name:        System.Int32[]
MethodTable: 621ff680
EEClass:     61e3fd78
Size:        300(0x12c) bytes
Array:       Rank 1, Number of elements 72, Type Int32
Element Methodtable: 621ff6bc
[0] 016e1dac
[1] 016e1db0
[2] 016e1db4
[3] 016e1db8

you probably want to do .foreach on 16e1dac,db0,db4,db8 etc ??

if so your first line should be mimicking this ie
instead of dd place l1 you should be using your {? poi(${place}) } whatever
also make sure every dereference here can actually be dereferenced 

0:004> .foreach /pS 16 /ps 1 (place { !da 016e1da4 } ) {dd place l1 }
016e1dac  00000003
016e1db0  00000007
016e1db4  0000000b
016e1db8  00000011
016e1dbc  00000017
016e1dc0  0000001d
016e1dc4  00000025

in this example i cant dereference anything > poi(${place}) because it is an Int Array 

0:004> .foreach /pS 16 /ps 1 (place { !da -length 5 016e1da4 } ) {? poi(${place})  }
Evaluate expression: 3 = 00000003
Evaluate expression: 7 = 00000007
Evaluate expression: 11 = 0000000b
Evaluate expression: 17 = 00000011
Evaluate expression: 23 = 00000017

you can't do arbitrary things and expect sane results