Reputation: 1
How to determine NonPaged pool leak using WPA
Got an issue on Windows OS - NP pool slowly increases in size, and after several weeks consumes up to several GBs. Tried to determine the faulty driver(?), but running this:
xperf -on proc_thread+loader+pool -stackwalk poolalloc -MaxFile 1024 -FileMode Circular
twice (after machine restart and after several hours) gives me this:
i.e., I do not see any information about processes\dlls which can be responsible for the leakage. Am I missing some arguments while taking the trace, or WPA is not enough in order to find some types of leakages?
@magicandre1981 The thing is that in my case Stack is not listed: WPA I can't rely on Impacting size here, because the leakage goes very slowly here, but 400 MB for NP pool is too big.
PoolMon shows that mainly Irp & FMic are leaking:
Upvotes: -1
Views: 734
Answers (1)
Reputation: 1
Big thanks to @magicandre1981. Was discussed already https://superuser.com/a/949246/174557, but just wanted to add - we should concentrate on AIFO pool type and search for suspicious modules inside each pool tag (in my case I was interested in Fmic, Even & IRP). Once it's done - disable application\driver one by one and check the results. For some reason WPA sorts the data by Pool Tag, and Type column is not enabled by default. Eventually, it should look like this Windows Performance Analyzer NP pool trace
Upvotes: 0
Related Questions
- How to tell if its a managed memory leak or native memory leak?
- Windows memory metric to detect memory leak
- How to find memory leak in WPF application
- UWP Memory leak
- Detecting memory leak in mixed environment(Managed-Unmanaged)
- How to detect where a Memory Leak is?
- How to detect .NET WPF memory leak or GC long run?
- How to detect a memory leak
- Dealing with incorrect memory leak reports on Windows
- WPF Memory Leak on XP (CMilChannel, HWND)