https://bugs.winehq.org/show_bug.cgi?id=39732

Bug ID: 39732 Summary: A race in services.exe may lead to infinite loop with 100% cpu utilization Product: Wine Version: 1.8-rc2 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: dmitry@baikal.ru Distribution: ---

I have an application that installs 12 kernel drivers for various hardware dongles the application may work with. Most of these drivers don't work in Wine and simply crash, so I just moved c:\windows\system32\drivers out of the way. Actually under Windows these drivers fail to load as well if they couldn't find a supported hardware at startup, so removing them under Wine simulates "no supported hardware" scenario, and simply matches the "load and fail" way. The application works just fine without the drivers.

Time from time I observe a 100% cpu utilization (wineserver 15%, services.exe 85%). After quite a bit of investigation I've figured out a way to reliably reproduce the problem.

How to reproduce:

1. Add a non-existent kernel driver entry to the registry (so that winedevice fails to load it). 2. In order to 100% provoke a race add Sleep(100) right at the beginning of programs/services/services.c,service_wait_for_startup().

The problem is that winedevice calls SetServiceStatus(SERVICE_STOPPED) which adds service_terminate() to the timeout_queue list which is going to be executed after a timeout. But service_terminate() is also called by service_start() when a service fails to start. So, what happens is that after service_terminate() call is queued by SetServiceStatus(), subsequent service_terminate() from service_start() sets service->process = 0; and when events_loop() fills out the handles array to wait for the process handle is already 0 which leads to WaitForMultipleObjects() returning -1 (WAIT_FAILED) because of an invalid handle, which causes events_loop() to not process the wait queue and call WaitForMultipleObjects() again and again with the same array of handles.