[Bug 39732] New: A race in services.exe may lead to infinite loop with 100% cpu utilization

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Dec 3 05:37:51 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=39732

            Bug ID: 39732
           Summary: A race in services.exe may lead to infinite loop with
                    100% cpu utilization
           Product: Wine
           Version: 1.8-rc2
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs at winehq.org
          Reporter: dmitry at baikal.ru
      Distribution: ---

I have an application that installs 12 kernel drivers for various hardware
dongles the application may work with. Most of these drivers don't work in
Wine and simply crash, so I just moved c:\windows\system32\drivers out of
the way. Actually under Windows these drivers fail to load as well if they
couldn't find a supported hardware at startup, so removing them under Wine
simulates "no supported hardware" scenario, and simply matches the "load and
fail" way. The application works just fine without the drivers.

Time from time I observe a 100% cpu utilization (wineserver 15%, services.exe
85%). After quite a bit of investigation I've figured out a way to reliably
reproduce the problem.

How to reproduce:

1. Add a non-existent kernel driver entry to the registry (so that winedevice
fails to load it).
2. In order to 100% provoke a race add Sleep(100) right at the beginning
of programs/services/services.c,service_wait_for_startup().

The problem is that winedevice calls SetServiceStatus(SERVICE_STOPPED)
which adds service_terminate() to the timeout_queue list which is going
to be executed after a timeout. But service_terminate() is also called by
service_start() when a service fails to start. So, what happens is that
after service_terminate() call is queued by SetServiceStatus(), subsequent
service_terminate() from service_start() sets service->process = 0; and when
events_loop() fills out the handles array to wait for the process handle is
already 0 which leads to WaitForMultipleObjects() returning -1 (WAIT_FAILED)
because of an invalid handle, which causes events_loop() to not process the
wait queue and call WaitForMultipleObjects() again and again with the same
array of handles.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list