Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-15641

Crash in PsGetThreadFreezeCount on 3rd stage boot

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • Win32SS
    • None

    Description

      For some reason ptiSendTo->EThread is NULL.

      kd> kp
      		 
      ChildEBP RetAddr  
      f21c1b98 f25f49fd nt!PsGetThreadFreezeCount(struct _ETHREAD * Thread = 0x00000000)+0x8 [c:\ros\reactos\ntoskrnl\ps\thread.c @ 687]
      		 
      f21c1bbc f25e88c7 win32k!MsqIsHung(struct _THREADINFO * pti = 0xf53f6e18)+0x5d [c:\ros\reactos\win32ss\user\ntuser\msgqueue.c @ 2206]
      		 
      f21c1c54 f25e8181 win32k!co_IntSendMessageTimeoutSingle(struct HWND__ * hWnd = 0x00040066, unsigned int Msg = 0x1a, unsigned int wParam = 0x14, long lParam = 0n-227661668, unsigned int uFlags = 0, unsigned int uTimeout = 0x64, unsigned long * uResult = 0xf21c1cc0)+0x707 [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1471]
      		 
      f21c1c8c f260e40b win32k!co_IntSendMessageTimeout(struct HWND__ * hWnd = 0x0000ffff, unsigned int Msg = 0x1a, unsigned int wParam = 0x14, long lParam = 0n-227661668, unsigned int uFlags = 0, unsigned int uTimeout = 0x64, unsigned long * uResult = 0xf21c1cc0)+0x151 [c:\ros\reactos\win32ss\user\ntuser\message.c @ 1549]
      		 
      f21c1cd0 f260e556 win32k!UserSystemParametersInfo(unsigned int uiAction = 0x14, unsigned int uiParam = 0, void * pvParam = 0x0012fba8, unsigned int fWinIni = 0x80002)+0x15b [c:\ros\reactos\win32ss\user\ntuser\sysparams.c @ 2114]
      		 
      f21c1cf0 8054a16b win32k!NtUserSystemParametersInfo(unsigned int uiAction = 0x14, unsigned int uiParam = 0, void * pvParam = 0x0012fba8, unsigned int fWinIni = 0x80002)+0xc6 [c:\ros\reactos\win32ss\user\ntuser\sysparams.c @ 2138]
      		 
      f21c1d10 80547dc8 nt!KiSystemCallTrampoline(void * Handler = 0xf260e490, void * Arguments = 0x0012fb8c, unsigned long StackBytes = 0x10)+0x1b [c:\ros\reactos\ntoskrnl\include\internal\i386\ke.h @ 766]
      		 
      f21c1d5c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf21c1d64, void * Arguments = 0x0012fb8c)+0x278 [c:\ros\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
      		 
      f21c1d5c 7c9364fe nt!KiFastCallEntry+0x8c
      		 
      0012fb80 77aa1f69 ntdll!KiFastSystemCallRet
      		 
      0012fb84 77a57965 user32!ZwUserSystemParametersInfo+0xc
      		 
      0012fbb4 77a57c7b user32!RealSystemParametersInfoW(unsigned int uiAction = 0x14, unsigned int uiParam = 0, void * pvParam = 0x0012fc38, unsigned int fWinIni = 2)+0x55 [c:\ros\reactos\win32ss\user\user32\misc\desktop.c @ 354]
      		 
      0012fc04 004044dd user32!SystemParametersInfoW(unsigned int uiAction = 0x14, unsigned int uiParam = 0, void * pvParam = 0x0012fc38, unsigned int fWinIni = 2)+0x6b [c:\ros\reactos\win32ss\user\user32\misc\desktop.c @ 410]
      		 
      0012fe6c 00403f9c userinit!SetUserWallpaper(void)+0x23d [c:\ros\reactos\base\system\userinit\userinit.c @ 458]
      		 
      0012fe78 00405914 userinit!SetUserSettings(void)+0x8c [c:\ros\reactos\base\system\userinit\userinit.c @ 475]
      		 
      0012feb4 00407bb0 userinit!wWinMain(struct HINSTANCE__ * hInst = 0x00400000, struct HINSTANCE__ * hPrevInstance = 0x00000000, wchar_t * lpszCmdLine = 0x00133e24 "", int nCmdShow = 0n5)+0x34 [c:\ros\reactos\base\system\userinit\userinit.c @ 669]
      		 
      0012fecc 004077aa userinit!wmain(int flags = 0n1, wchar_t ** cmdline = 0x00133f48, wchar_t ** inst = 0x001332d0)+0x20 [c:\ros\reactos\sdk\lib\crt\startup\crt0_w.c @ 26]
      		 
      0012ffb4 00407a78 userinit!__tmainCRTStartup(void)+0x2ba [c:\ros\reactos\sdk\lib\crt\startup\crtexe.c @ 312]
      		 
      0012ffc0 7c635c14 userinit!wWinMainCRTStartup(void)+0x28 [c:\ros\reactos\sdk\lib\crt\startup\crtexe.c @ 172]
      		 
      0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x00407a50)+0x54 [c:\ros\reactos\dll\win32\kernel32\client\proc.c @ 463]


      kd> ?? ptiSendTo
      		 
      struct _THREADINFO * 0xf53f6e18
      		 
         +0x000 pEThread         : (null) 
         +0x004 RefCount         : 0n1
      		 
         +0x008 ptlW32           : (null) 
         +0x00c pgdiDcattr       : (null) 
         +0x010 pgdiBrushAttr    : (null) 
         +0x014 pUMPDObjs        : (null) 
         +0x018 pUMPDHeap        : (null) 
         +0x01c dwEngAcquireCount : 0
      		 
         +0x020 pSemTable        : (null) 
         +0x024 pUMPDObj         : (null) 
         +0x028 ptl              : (null) 
         +0x02c ppi              : 0xb4acf008 _PROCESSINFO
      		 
         +0x030 MessageQueue     : 0xf52def10 _USER_MESSAGE_QUEUE
      		 
         +0x034 KeyboardLayout   : 0xbc40da48 tagKL
      		 
         +0x038 pcti             : 0xf53f6f71 _CLIENTTHREADINFO
      		 
         +0x03c rpdesk           : (null) 
         +0x040 pDeskInfo        : (null) 
         +0x044 pClientInfo      : 0x7ffdc6cc _CLIENTINFO
      		 
         +0x048 TIF_flags        : 0x2100041
      		 
         +0x04c pstrAppName      : (null) 
         +0x050 pusmSent         : (null) 
         +0x054 pusmCurrent      : (null) 
         +0x058 SentMessagesListHead : _LIST_ENTRY [ 0xf53f6e70 - 0xf53f6e70 ]
      		 
         +0x060 timeLast         : 0n10416
      		 
         +0x064 idLast           : 0
      		 
         +0x068 QuitPosted       : 0 ''
      		 
         +0x069 exitCode         : 0n0
      		 
         +0x06d hdesk            : (null) 
         +0x071 cPaintsReady     : 0
      		 
         +0x075 cTimersReady     : 0
      		 
         +0x079 pMenuState       : (null) 
         +0x07d dwExpWinVer      : 0
      		 
         +0x081 dwCompatFlags    : 0
      		 
         +0x085 dwCompatFlags2   : 0
      		 
         +0x089 pqAttach         : (null) 
         +0x08d ptiSibling       : 0xb4acfe18 _THREADINFO
      		 
         +0x091 fsHooks          : 0
      		 
         +0x095 sphkCurrent      : (null) 
         +0x099 lParamHkCurrent  : 0n0
      		 
         +0x09d wParamHkCurrent  : 0
      		 
         +0x0a1 pSBTrack         : (null) 
         +0x0a5 hEventQueueClient : (null) 
         +0x0a9 pEventQueueServer : 0xf528eff0 _KEVENT
      		 
         +0x0ad PtiLink          : _LIST_ENTRY [ 0xf6318ec5 - 0xb4acfec5 ]
      		 
         +0x0b5 iCursorLevel     : 0n0
      		 
         +0x0b9 ptLast           : _POINTL
      		 
         +0x0c1 cEnterCount      : 0n0
      		 
         +0x0c5 PostedMessagesListHead : _LIST_ENTRY [ 0xf53f6edd - 0xf53f6edd ]
      		 
         +0x0cd fsChangeBitsRemoved : 0
      		 
         +0x0cf wchInjected      : 0 ''
      		 
         +0x0d1 cWindows         : 0
      		 
         +0x0d5 cVisWindows      : 0xffffffff
      		 
       
      		 
      kd> ?? Window
      		 
      struct _WND * 0xbc6d0f98
      		 
         +0x000 head             : _THRDESKHEAD
      		 
         +0x014 state            : 0x80010048
      		 
         +0x018 state2           : 0x80000280
      		 
         +0x01c ExStyle          : 0x10101
      		 
         +0x020 style            : 0x84c008cc
      		 
         +0x024 hModule          : 0x77490000 HINSTANCE__
      		 
         +0x028 fnid             : 0x82a4
      		 
         +0x02c spwndNext        : (null) 
         +0x030 spwndPrev        : (null) 
         +0x034 spwndParent      : 0xbc6d07d8 _WND
      		 
         +0x038 spwndChild       : (null) 
         +0x03c spwndOwner       : (null) 
         +0x040 rcWindow         : _RECTL
      		 
         +0x050 rcClient         : _RECTL
      		 
         +0x060 lpfnWndProc      : 0x77a71080     long  user32!DefDlgProcW+0
      		 
         +0x064 pcls             : (null) 
         +0x068 hrgnUpdate       : (null) 
         +0x06c PropListHead     : _LIST_ENTRY [ 0xbc6d1004 - 0xbc6d1004 ]
      		 
         +0x074 PropListItems    : 0
      		 
         +0x078 pSBInfo          : (null) 
         +0x07c SystemMenu       : (null) 
         +0x080 IDMenu           : 0
      		 
         +0x084 hrgnClip         : (null) 
         +0x088 hrgnNewFrame     : (null) 
         +0x08c strName          : _LARGE_UNICODE_STRING
      		 
         +0x098 cbwndExtra       : 0x1e
      		 
         +0x09c spwndLastActive  : 0xbc6d0f98 _WND
      		 
         +0x0a0 hImc             : (null) 
         +0x0a4 dwUserData       : 0n0
      		 
         +0x0a8 pActCtx          : (null) 
         +0x0ac spwndClipboardListener : (null) 
         +0x0b0 ExStyle2         : 8
      		 
         +0x0b4 InternalPos      : <anonymous-tag>
      		 
         +0x0d8 Unicode          : 0y1
      		 
         +0x0d8 InternalPosInitialized : 0y0
      		 
         +0x0d8 HideFocus        : 0y1
      		 
         +0x0d8 HideAccel        : 0y1
      		 
         +0x0dc pSBInfoex        : (null) 
         +0x0e0 ThreadListEntry  : _LIST_ENTRY [ 0xbc6d0b28 - 0xf53f6fa1 ]

      The window seems to be a dialog, but it has no class or text, it's fnid is 0x82a4, which doesn't appear to be a valid value.
      Actually, pcls == NULL shouldn't be possible due to the pwnd->pcls->atomClassName == gpsi->atomSysClass[ICLS_SWITCH] check in co_IntSendMessageTimeout.

      Running with special pool enabled on 4b924a8685.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. CORE-15565 IsHungAppWindow reports hung within 5 seconds

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              ThFabba ThFabba
              Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: