starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-03 21:25:34 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

crash on startup in OpenConsole!SCREEN_INFORMATION::_makeCursorVisible #23592

New Issue
Closed
opened 2026-01-31 08:46:40 +00:00 by claunia · 4 comments
claunia commented 2026-01-31 08:46:40 +00:00
Owner
Copy Link

Originally created by @taviso on GitHub (Sep 6, 2025).

Windows Terminal version

1.24.2372.0

Windows build number

10.0.26100.4946

Other Software

N/A

Steps to reproduce

I just updated to Windows Terminal Preview 1.24.2372.0 via winget, I'm occasionally seeing a crash on startup.

It's not obvious what the conditions are, it happens maybe once or twice a day. I had no problems with the previous release.

Expected Behavior

No response

Actual Behavior

$ cdb -z OpenConsole.exe_250906_104835-1.dmp
0:000> .exr -1
ExceptionAddress: 00007ff7bbd54bdb (OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x0000000000000004)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
0:000> .ecxr
0:000> k
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr               Call Site
(Inline Function) --------`--------     OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x4
(Inline Function) --------`--------     OpenConsole!SCREEN_INFORMATION::SnapOnOutput::__l2::<lambda_1>::operator()+0x9
(Inline Function) --------`--------     OpenConsole!wil::details::lambda_call<`SCREEN_INFORMATION::SnapOnOutput'::`2'::<lambda_1> >::reset+0x9
(Inline Function) --------`--------     OpenConsole!wil::details::lambda_call<`SCREEN_INFORMATION::SnapOnOutput'::`2'::<lambda_1> >::{dtor}+0x9
00000023`0abff270 00007ff7`bbd54e4a     OpenConsole!WriteCharsVT+0x19b
00000023`0abff310 00007ff7`bbd5546f     OpenConsole!DoWriteConsole+0x1a
00000023`0abff350 00007ff7`bbd93b66     OpenConsole!ApiRoutines::WriteConsoleAImpl+0x60f
00000023`0abff490 00007ff7`bbd918d4     OpenConsole!ApiDispatchers::ServerWriteConsole+0x396
00000023`0abff540 00007ff7`bbd2efd7     OpenConsole!IoSorter::ServiceIoOperation+0x184
00000023`0abff590 00007ffc`4f34e8d7     OpenConsole!ConsoleIoThread+0x1d7
00000023`0abff810 00007ffc`513bc34c     kernel32!BaseThreadInitThunk+0x17
00000023`0abff840 00000000`00000000     ntdll!RtlUserThreadStart+0x2c
0:000> u
OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x4 [inlined in OpenConsole!WriteCharsVT+0x19b]:
00007ff7`bbd54bdb 80ba1101000000  cmp     byte ptr [rdx+111h],0
00007ff7`bbd54be2 7413            je      OpenConsole!WriteCharsVT+0x1b7 (00007ff7`bbd54bf7)
00007ff7`bbd54be4 488b9208010000  mov     rdx,qword ptr [rdx+108h]
00007ff7`bbd54beb 488bce          mov     rcx,rsi
00007ff7`bbd54bee e84d3efeff      call    OpenConsole!SCREEN_INFORMATION::MakeCursorVisible (00007ff7`bbd38a40)
00007ff7`bbd54bf3 488b45f0        mov     rax,qword ptr [rbp-10h]
00007ff7`bbd54bf7 4885c0          test    rax,rax
00007ff7`bbd54bfa 7420            je      OpenConsole!WriteCharsVT+0x1dc (00007ff7`bbd54c1c)

Looking at the code, I think rdx+111h is probably _textBuffer->_cursor._fIsVisible, so it's probably this

I don't know what the bug is though.

Originally created by @taviso on GitHub (Sep 6, 2025). ### Windows Terminal version 1.24.2372.0 ### Windows build number 10.0.26100.4946 ### Other Software N/A ### Steps to reproduce I just updated to Windows Terminal Preview 1.24.2372.0 via winget, I'm occasionally seeing a crash on startup. It's not obvious what the conditions are, it happens maybe once or twice a day. I had no problems with the previous release. ### Expected Behavior _No response_ ### Actual Behavior ``` $ cdb -z OpenConsole.exe_250906_104835-1.dmp 0:000> .exr -1 ExceptionAddress: 00007ff7bbd54bdb (OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x0000000000000004) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff 0:000> .ecxr 0:000> k *** Stack trace for last set context - .thread/.cxr resets it Child-SP RetAddr Call Site (Inline Function) --------`-------- OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x4 (Inline Function) --------`-------- OpenConsole!SCREEN_INFORMATION::SnapOnOutput::__l2::<lambda_1>::operator()+0x9 (Inline Function) --------`-------- OpenConsole!wil::details::lambda_call<`SCREEN_INFORMATION::SnapOnOutput'::`2'::<lambda_1> >::reset+0x9 (Inline Function) --------`-------- OpenConsole!wil::details::lambda_call<`SCREEN_INFORMATION::SnapOnOutput'::`2'::<lambda_1> >::{dtor}+0x9 00000023`0abff270 00007ff7`bbd54e4a OpenConsole!WriteCharsVT+0x19b 00000023`0abff310 00007ff7`bbd5546f OpenConsole!DoWriteConsole+0x1a 00000023`0abff350 00007ff7`bbd93b66 OpenConsole!ApiRoutines::WriteConsoleAImpl+0x60f 00000023`0abff490 00007ff7`bbd918d4 OpenConsole!ApiDispatchers::ServerWriteConsole+0x396 00000023`0abff540 00007ff7`bbd2efd7 OpenConsole!IoSorter::ServiceIoOperation+0x184 00000023`0abff590 00007ffc`4f34e8d7 OpenConsole!ConsoleIoThread+0x1d7 00000023`0abff810 00007ffc`513bc34c kernel32!BaseThreadInitThunk+0x17 00000023`0abff840 00000000`00000000 ntdll!RtlUserThreadStart+0x2c 0:000> u OpenConsole!SCREEN_INFORMATION::_makeCursorVisible+0x4 [inlined in OpenConsole!WriteCharsVT+0x19b]: 00007ff7`bbd54bdb 80ba1101000000 cmp byte ptr [rdx+111h],0 00007ff7`bbd54be2 7413 je OpenConsole!WriteCharsVT+0x1b7 (00007ff7`bbd54bf7) 00007ff7`bbd54be4 488b9208010000 mov rdx,qword ptr [rdx+108h] 00007ff7`bbd54beb 488bce mov rcx,rsi 00007ff7`bbd54bee e84d3efeff call OpenConsole!SCREEN_INFORMATION::MakeCursorVisible (00007ff7`bbd38a40) 00007ff7`bbd54bf3 488b45f0 mov rax,qword ptr [rbp-10h] 00007ff7`bbd54bf7 4885c0 test rax,rax 00007ff7`bbd54bfa 7420 je OpenConsole!WriteCharsVT+0x1dc (00007ff7`bbd54c1c) ``` Looking at the code, I think `rdx+111h` is probably `_textBuffer->_cursor._fIsVisible`, so it's probably [this](https://github.com/microsoft/terminal/commit/8a05910e3cd9dc5c6f2571471dff41b2f2e57e76#diff-7f360575e3775ef1ce9b12e00347be2d5a633c31fe4bcc751725658f435fe404R82) I don't know what the bug is though.
claunia added the Issue-BugNeeds-Tag-FixPriority-1Severity-Crash labels 2026-01-31 08:46:41 +00:00
claunia commented 2026-01-31 08:46:42 +00:00
Author
Owner
Copy Link

@j4james commented on GitHub (Sep 6, 2025):

We had an issue reported last year which was caused by the conpty connection thread being started up before the terminal was fully initialized (see #16749). I'm not positive, but this sounds like it might be a similar situation.

@j4james commented on GitHub (Sep 6, 2025): We had an issue reported last year which was caused by the conpty connection thread being started up before the terminal was fully initialized (see #16749). I'm not positive, but this sounds like it might be a similar situation.
claunia commented 2026-01-31 08:46:43 +00:00
Author
Owner
Copy Link

@lhecker commented on GitHub (Sep 7, 2025):

I found that this is trivially reproducible by simply exiting vim inside WSL (alt buffer destruction?). It's somewhat likely that there's an ordering issue at ConPTY startup but this hints at it being a further reaching issue.

@lhecker commented on GitHub (Sep 7, 2025): I found that this is trivially reproducible by simply exiting vim inside WSL (alt buffer destruction?). It's somewhat likely that there's an ordering issue at ConPTY startup but this hints at it being a further reaching issue.
claunia commented 2026-01-31 08:46:43 +00:00
Author
Owner
Copy Link

@lhecker commented on GitHub (Sep 7, 2025):

Oh right, of course, when the alt buffer gets disabled in the VT sequence, it's immediately deallocated in which case the scope-exit lambda refers a stale screenInfo reference… Some dangerous, spooky code we got there. 😄

@lhecker commented on GitHub (Sep 7, 2025): Oh right, of course, when the alt buffer gets disabled in the VT sequence, it's immediately deallocated in which case the scope-exit lambda refers a stale `screenInfo` reference… Some dangerous, spooky code we got there. 😄
claunia commented 2026-01-31 08:46:43 +00:00
Author
Owner
Copy Link

@DHowett commented on GitHub (Sep 10, 2025):

The canary build that comes out tonight will have a speculative fix in it. I'll try to circle back and let you know when it's out.

@DHowett commented on GitHub (Sep 10, 2025): The canary build that comes out tonight will have a speculative fix in it. I'll try to circle back and let you know when it's out.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label Issue-Bug Needs-Tag-Fix Priority-1 Severity-Crash
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#23592
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?