Running the following batch script in a console window:
start notepad.exe
taskkill /im notepad.exe
goto a
After a short time, the system hangs, after the critical section timeout period it breaks into the debugger:
ERROR: RtlpWaitForCriticalSection at ..\sdk\lib\rtl\critical.c:172
Deadlock: 0x0022B0F4
Break instruction exception - code 80000003 (first chance)
001b:7c9307d2 cc int 3
kd> !process
PROCESS b5534020 SessionId: 0 Cid: 0084 Peb: 7ffaf000 ParentCid: 0054
DirBase: 7c879000 ObjectTable: e158cb48 HandleCount: 142.
Image: csrss.exe
VadRoot b552d410 Vads 177 Clone 0 Private 378. Modified 0. Locked 0.
DeviceMap b57b9080
Token e158c3a8
ElapsedTime 00:06:57.676
UserTime 00:00:00.029
KernelTime 00:00:01.229
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (3780608, 0, 300) (15122432KB, 0KB, 1200KB)
PeakWorkingSetSize 3796992
VirtualSize 25 Mb
PeakVirtualSize 25 Mb
PageFaultCount 0
MemoryPriority BACKGROUND
BasePriority 13
CommitCharge 98
THREAD b551b250 Cid 0084.008c Teb: 7ffde000 Win32Thread: b5519008 WAIT: (UserRequest) KernelMode Alertable
805f4d30 NotificationEvent
b55a85e8 NotificationTimer
b551c634 NotificationEvent
b551b5c4 NotificationEvent
THREAD b551bdb0 Cid 0084.0090 Teb: 7ffdd000 Win32Thread: b5519e18 WAIT: (UserRequest) UserMode Non-Alertable
b5519e00 SynchronizationEvent
THREAD b551b700 Cid 0084.0094 Teb: 7ffdc000 Win32Thread: b5507ba8 WAIT: (WrLpcReceive) UserMode Non-Alertable
b551bc18 Semaphore Limit 0x7fffffff
THREAD b55199a0 Cid 0084.0098 Teb: 7ffdb000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
b5519c60 Semaphore Limit 0x7fffffff
THREAD b5513590 Cid 0084.00a4 Teb: 7ffdf000 Win32Thread: b550a9f0 WAIT: (UserRequest) UserMode Non-Alertable
e1504748 NotificationEvent
b550fbf8 SynchronizationEvent
b539a0d8 Thread
THREAD b539a0d8 Cid 0084.03c8 Teb: 7ffda000 Win32Thread: b53e66a0 RUNNING on processor 0
THREAD b54e58e8 Cid 0084.046c Teb: 7ffd9000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
b551bc18 Semaphore Limit 0x7fffffff
kd> ?? Console->Lock
+0x000 DebugInfo : 0x7c9a8b78 _CRITICAL_SECTION_DEBUG
+0x004 LockCount : 0n1
+0x008 RecursionCount : 0n1
+0x00c OwningThread : 0x000000a4 Void
+0x010 LockSemaphore : 0x000006a8 Void
+0x014 SpinCount : 0
kd> !thread
THREAD b539a0d8 Cid 0084.03c8 Teb: 7ffda000 Win32Thread: b53e66a0 RUNNING on processor 0
Not impersonating
Owning Process b5534020 Image: csrss.exe
Attached Process N/A Image: N/A
Wait Start TickCount 28779 Ticks: 0
Context Switch Count 833 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:01.109
Start Address winsrv!GuiConsoleInputThread (0x7a8a62b0)
Stack Init f7071880 Current f7071408 Base f7072000 Limit f706d000 Call f7071888
Priority 13 BasePriority 13 PriorityDecrement 0
ChildEBP RetAddr Args to Child
00f6fc10 7c93eb90 00f6fd4c 01cccccc cccccccc ntdll!DbgBreakPoint (FPO: [0,0,0])
00f6fc7c 7c93e351 0022b0f4 000003c8 00f6fc98 ntdll!RtlpWaitForCriticalSection+0x110 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\sdk\lib\rtl\critical.c @ 172]
00f6fc8c 7a89e596 0022b0f4 00f6fccc 7a8a995e ntdll!RtlEnterCriticalSection+0x51 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\sdk\lib\rtl\critical.c @ 520]
00f6fc98 7a8a995e 0022b008 00000001 00000001 winsrv!ConDrvValidateConsoleUnsafe+0x26 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\winsrv\consrv\condrv\console.c @ 137]
00f6fccc 7a8a8721 0022e9f0 00000000 00f6fe2c winsrv!OnFocus+0x3e (FPO: [Non-Fpo]) (CONV: cdecl) [c:\ros\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 698]
00f6fd4c 7c5617fa 000a0106 00000008 00000000 winsrv!ConWndProc+0x5d1 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 2427]
00f6fd7c 7c55093f 7a8a8150 000a0106 00000008 user32!CALL_EXTERN_WNDPROC+0x1a (FPO: [0,0,0])
00f6fe44 7c55614e 00b249c0 000a0106 00000008 user32!IntCallWindowProcW+0x54f (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\user32\windows\message.c @ 1522]
00f6fed0 7c930111 00f6fee8 00000020 ffffffff user32!User32CallWindowProcFromKernel+0x24e (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\user32\windows\message.c @ 2967]
00f6ff24 7a8a637a 00f6ffa4 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x2e
00f6fff4 00000000 00225728 00000000 00000000 winsrv!GuiConsoleInputThread+0xca (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 143]
kd> !thread b5513590
THREAD b5513590 Cid 0084.00a4 Teb: 7ffdf000 Win32Thread: b550a9f0 WAIT: (UserRequest) UserMode Non-Alertable
e1504748 NotificationEvent
b550fbf8 SynchronizationEvent
b539a0d8 Thread
Not impersonating
Owning Process b5534020 Image: csrss.exe
Attached Process N/A Image: N/A
Wait Start TickCount 8771 Ticks: 20008 (0:00:05:00.023)
Context Switch Count 1361 NoStackSwap LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.134
LPC Server thread working on message Id 9fc
Start Address 0x000009fc
Stack Init f7479000 Current f747885c Base f7479000 Limit f7475000 Call 0
Priority 14 BasePriority 13 PriorityDecrement 0
ChildEBP RetAddr Args to Child
f74788b0 804ae2ba f7478a0c f7478980 00000001 nt!KiSwapContext+0x19
f7478958 f75e35a3 00000003 f74789b4 00000001 nt!KeWaitForMultipleObjects+0x77a (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\ntoskrnl\ke\wait.c @ 842]
f7478a0c f75d6b36 000000ae 00000008 00000000 win32k!co_MsqSendMessage+0x6b3 (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\ntuser\msgqueue.c @ 1242]
f7478a9c f75d6484 00000008 00000000 00000000 win32k!co_IntSendMessageTimeoutSingle+0x576 (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1452]
f7478ad4 f75d6354 00000008 00000000 00000000 win32k!co_IntSendMessageTimeout+0x54 (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1507]
f7478b04 f75d6231 00000008 00000000 f7478cd0 win32k!co_IntSendMessage+0x44 (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1298]
f7478b84 f75d8a17 00000008 00000000 00000000 win32k!co_IntDoSendMessage+0x141 (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1846]
f7478ce8 80541bdb 000a0106 000000ae 00000008 win32k!NtUserMessageCall+0xc97 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\ntuser\message.c @ 2732]
f7478d14 8053fb1b f75d7d80 00b1fc5c 0000001c nt!KiSystemCallTrampoline+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [c:\ros\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
f7478d5c 80403e23 00b1fcdc 7c9301be badb0d00 nt!KiSystemServiceHandler+0x24b (FPO: [Non-Fpo]) (CONV: fastcall) [c:\ros\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
f7478d5c 7c9301be 00b1fcdc 7c9301be badb0d00 nt!KiFastCallEntry+0x8c (FPO: [0,0] TrapFrame @ f7478d64)
00b1fc50 7c5657fd 7c555a84 000a0106 000000ae ntdll!KiFastSystemCallRet (FPO: [0,0,0])
00b1fc54 7c555a84 000a0106 000000ae 00000008 user32!ZwUserMessageCall+0xc (FPO: [0,0,0])
00b1fcdc 7c538a01 000a0106 000000ae 00000008 user32!SendMessageW+0x184 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\user32\windows\message.c @ 2395]
00b1fd10 7c53767c 00b249c0 00000008 00b1ffdc user32!UserPaintCaption+0x91 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\ros\reactos\win32ss\user\user32\windows\defwnd.c @ 278]
00b1fd90 7aa1384c 000a0106 0000000c 00000000 user32!RealDefWindowProcW+0x33c (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\user32\windows\defwnd.c @ 1110]
00b1fdb0 7c53651d 000a0106 0000000c 00000000 uxtheme!ThemeDefWindowProcW+0x5c (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\dll\win32\uxtheme\themehooks.c @ 279]
00b1fe00 7c55e72b 000a0106 0000000c 00000000 user32!DefWindowProcW+0xbd (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\user32\windows\defwnd.c @ 1255]
00b1fe24 7a8a5a82 000a0106 0023fb48 0022e9f0 user32!SetWindowTextW+0x4b (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\user32\windows\window.c @ 1703]
00b1fe38 7a898e97 0022b010 00b1fe74 0000005e winsrv!GuiChangeTitle+0x32 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 877]
00b1fe64 100022e3 00b1fed8 00b1ffb4 00000005 winsrv!SrvSetConsoleTitle+0x217 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\win32ss\user\winsrv\consrv\console.c @ 1376]
00b1fff4 00000000 00000000 e10100e0 00000000 csrsrv!CsrApiRequestThread+0xc63 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\ros\reactos\subsystems\win32\csrsrv\api.c @ 811]
Apparently it's holding the console critical section while calling SetWindowText, and message processing in the target thread (for WM_FOCUS) tries to acquire the same critical section.
hbelusca, any thoughts?
Issue Links
- duplicates
CORE-12461 Deadlock in consrv
- Untriaged
- is duplicated by
CORE-14648 Deadlock in winsrv while buidling ReactOS
- Resolved
CORE-14600 Intermittent "Deadlock" wrt "csrss.exe", during "zz_flash_player_10.3.183.25 : 3.SA_LoadOnlineFlash", on Test KVM AHK
- Untriaged