1

Closed

Hanging when pressing TAB

description

Hello!

I have clear WinDbg (x64) installation
Latest version of pykd (PYKD BOOTSTRAPPER 2.0 + PYKD 0.3.2.4) and the lastest python3
Load it like this:
0:000> .load pykd
0:000> !py -3
Then type something like this:
Input> string = "a
Then press TAB (to get string = "a\t") and windbg hanging forever
Closed May 4 at 10:02 PM by ussrhero

comments

ussrhero wrote Apr 13 at 5:06 PM

Unfortunately, It's a well known windbg bug.

It's a UI thread handling TAB click:
0030c684 77caff65 58cc5ea8 0030d478 58ce56a7 ntdll!RtlpEnterCriticalSectionContended+0xd5
0030c690 58ce56a7 58ec2abc c3aa465c 081fa060 ntdll!RtlEnterCriticalSection+0x45
0030d478 00a8300c 04c37438 0000000e 00a9bb14 dbgeng+0xd56a7
0030d4d4 00a82f6b 04c37438 00000000 0030da58 windbg+0x4300c
0030d4f4 00a50d60 00000100 000904c6 00000100 windbg+0x42f6b
0030d51c 00a555cf 000904c6 00000fa3 0030da58 windbg+0x10d60
0030d5f0 7760d2b3 0007057e 0000004e 00000fa3 windbg+0x155cf
0030d61c 775ee88a 00a54fb0 0007057e 0000004e USER32!_InternalCallWinProc+0x2b
0030d704 7761764b 00a54fb0 00000000 0000004e USER32!UserCallWinProcCheckWow+0x30a
0030d770 775f0c00 04f96150 00000000 0030da58 USER32!SendMessageWorker+0x269cb
0030d7ac 55d93e6b 0007057e 0000004e 00000fa3 USER32!SendMessageW+0x140
0030d9ec 55e52373 00000fa3 0030da58 55e522e0 MSFTEDIT!CW32System::SendMessage+0x42
0030da20 55e52b39 00000700 0030da58 000f0001 MSFTEDIT!CTxtWinHost::TxNotify+0x93
0030da90 7760d2b3 000904c6 00000100 00000009 MSFTEDIT!RichEditWndProc+0x1c9
0030dabc 775ee88a 55e52970 000904c6 00000100 USER32!_InternalCallWinProc+0x2b
0030dba4 775ee1e4 55e52970 00000000 00000100 USER32!UserCallWinProcCheckWow+0x30a
0030dc18 775edfa0 ec1b29f9 0030dc48 00a7a983 USER32!DispatchMessageWorker+0x234
0030dc24 00a7a983 0030dc54 00000400 00000000 USER32!DispatchMessageW+0x10


0:015> dt _RTL_CRITICAL_SECTION 58ec2abc
   +0x000 DebugInfo        : 0x009dc258 _RTL_CRITICAL_SECTION_DEBUG
   +0x004 LockCount        : 0n-6
   +0x008 RecursionCount   : 0n1
   +0x00c OwningThread     : 0x00000f08 Void
   +0x010 LockSemaphore    : 0xffffffff Void
   +0x014 SpinCount        : 0x20007d0

08e5cd0c 75d3ae59 000001f0 00000000 00000000 ntdll!NtWaitForSingleObject+0xc
08e5cd80 75d3adb2 000001f0 ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x99
08e5cd94 58ce235d 000001f0 ffffffff cb7f4d00 KERNELBASE!WaitForSingleObject+0x12
08e5cdfc 58ce2612 00000000 08e5cef8 00010000 dbgeng+0xd235d
08e5cebc 58cefde1 00010000 00000001 cb7f4e2c dbgeng+0xd2612
08e5cff0 56d41ea6 081d62b8 09595f48 00010000 dbgeng!DebugCreate+0x1961
08e5d090 56d479c0 08e5d0ac bd6bf8e3 08fb61b8 pykd+0x11ea6
08e5d0f0 56d47776 00000000 0920dda0 56d715e0 pykd!pip+0x44a0
08e5d104 54692ae3 00000000 092110b0 546929d0 pykd!pip+0x4256
08e5d120 54658b9d 0920dda0 092110b0 00000000 python35!PyCFunction_Call+0x113
08e5d13c 5466af76 0920dda0 092110b0 00000000 python35!PyObject_Call+0x6d
08e5d15c 54658b9d 0920dda0 088c0030 00000000 python35!PyMethod_New+0x666
08e5d178 546f3c9a 088fc0f8 088c0030 00000000 python35!PyObject_Call+0x6d
08e5d194 5467b04f 088fc0f8 088c0030 00000000 python35!PyEval_CallObjectWithKeywords+0x8a
08e5d1b8 546ed6fa 0920bfd0 ffffffff 088e7b70 python35!PyFile_GetLine+0x9f
08e5d1f4 546ead4f 09211220 08e5d21c 54692ae3 python35!PyAST_FromNode+0x840a
08e5d200 54692ae3 088e6540 091e1d70 088e7b70 python35!PyAST_FromNode+0x5a5f
08e5d21c 546f409f 088e7b70 091e1d70 00000000 python35!PyCFunction_Call+0x113
08e5d250 546f12a5 092b6030 00000002 00000043 python35!PyEval_GetFuncDesc+0x37f
08e5d2c8 546f301f 092b6030 00000000 0955e914 python35!PyEval_EvalFrameEx+0x20a5
08e5d314 546f4259 00000000 0955e914 00000002 python35!PyEval_EvalFrameEx+0x3e1f
08e5d35c 546f40f3 00000002 00000002 00000000 python35!PyEval_GetFuncDesc+0x539
08e5d390 546f12a5 0955e7c0 0955e904 00000043 python35!PyEval_GetFuncDesc+0x3d3
08e5d408 546f301f 0955e7c0 00000000 08f8db2c python35!PyEval_EvalFrameEx+0x20a5
08e5d454 546f4259 00000000 08f8db2c 00000001 python35!PyEval_EvalFrameEx+0x3e1f
08e5d49c 546f40f3 00000001 00000001 00000000 python35!PyEval_GetFuncDesc+0x539
08e5d4d0 546f12a5 08f8d9f0 00000000 00000040 python35!PyEval_GetFuncDesc+0x3d3
08e5d548 546f301f 08f8d9f0 00000000 08636cb0 python35!PyEval_EvalFrameEx+0x20a5
08e5d594 54729e52 08f67e40 00000000 00000000 python35!PyEval_EvalFrameEx+0x3e1f
08e5d5d0 54729c47 08f67e40 08f67e40 00000000 python35!PyRun_FileExFlags+0x1f2
08e5d5f4 5472acd6 56d6bd28 00000101 08f67e40 python35!PyRun_StringFlags+0xa7
08e5d610 56d42dc9 56d6bd28 00000101 08f67e40 python35!PyRun_String+0x16
08e5d848 58d5883d 081d62b4 08e5d91c cb7f5838 pykd!py+0x4c9
08e5d8c4 58d589b0 081d62b0 08e5dae4 08e5da38 dbgeng!DebugCreate+0x6a3bd
08e5da68 58d58a28 081d62b0 08e5dae4 08e5dae8 dbgeng!DebugCreate+0x6a530
08e5da8c 58d57a38 08e5dae4 08e5dae8 00000000 dbgeng!DebugCreate+0x6a5a8
08e5def8 58d8bd01 00000000 00000000 00000000 dbgeng!DebugCreate+0x695b8
08e5df70 58d8c9f1 cb7f5f2c 08e5e01e 00000001 dbgeng!DebugCreate+0x9d881
08e5dfd0 58cf4b61 00000000 cb7f5f1c 00000000 dbgeng!DebugCreate+0x9e571
08e5e43c 58cf4d6d 00000002 00000000 cb7f64ac dbgeng!DebugCreate+0x66e1
08e5e48c 00a6051c 081d62b8 00000001 08e5e870 dbgeng!DebugCreate+0x68ed
08e5e850 00a609b4 ffffffff ffffff00 00000000 windbg+0x2051c
08e5f870 00a625f5 00a62200 00a62200 00000000 windbg+0x209b4
08e5f894 748762c4 00000000 748762a0 e7053f0e windbg+0x225f5
08e5f8a8 77cd0fd9 00000000 e44f8c4d 00000000 KERNEL32!BaseThreadInitThunk+0x24
08e5f8f0 77cd0fa4 ffffffff 77cf2ef8 00000000 ntdll!__RtlUserThreadStart+0x2f
08e5f900 00000000 00a62200 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b
Command thread hold critical section and wait Input Completion, UI thread can not complete input because it is waiting on critical section.

I can advise:
1) Not push TAB button
2) Try to report it to windbgfb@microsoft.com

kernelnet wrote Apr 14 at 9:06 AM

  • there is a similar bug with windbg closing:
If you try to close windbg when it is waiting user input from extension it will hung

kernelnet wrote May 4 at 8:59 AM

In Windbg 15063 bug is not reproduced, try to update it

wrote May 4 at 10:02 PM