这是我试图分析这么多天的崩溃。有人可以帮我分析一下这个问题吗?任何帮助将不胜感激。
我们为自己的打印机定制了语言监视器。有一个线程可以轮询打印机每分钟的状态。 DDK的GetPrinterDataFromPort函数获取打印机状态数据。崩溃源于此。
bResult = g_stMonitor.pfnGetPrinterDataFromPort
( m_hPort,
dwIOCTLUSB,
NULL,
(LPWSTR) byCmdBuf, (DWORD)sizeof byCmdBuf,
(LPWSTR) (&vRsp[0]), (DWORD)vRsp.size(),
&dwLen
);
g_stMonitor-> pfnGetPrinterDataFromPort初始化为DDKs Port Monitor结构,如下所示。 g_stMonitor及其函数指针在调用之前完全有效。
g_stMonitor->pfnGetPrinterDataFromPort = pDDKMon->pfnGetPrinterDataFromPort;
以下是崩溃线程的调用堆栈:(修改后的打印机DLL名称和函数名称)
0:006> kbM
# ChildEBP RetAddr Args to Child
00 00d7f68c 7c901046 00365db0 723f2894 00365db0 ntdll!RtlpWaitForCriticalSection+0x8c
01 00d7f694 723f2894 00365db0 00d7f6d8 00365d68 ntdll!RtlEnterCriticalSection+0x46
02 00d7f6b0 723f2acb 00d7fbcc 00dee0b0 00000000 usbmon!CBasePort::open+0x1a
03 00d7f6dc 723f1c07 0022003c 00000000 00d7f950 usbmon!CBasePort::getPrinterDataFromPort+0x55
04 00d7f700 00aaac27 007f67c0 0022003c 00000000 usbmon!DynaMon_GetPrinterDataFromPort+0x31
05 00d7f968 00aadf64 00000000 00000014 00000100 Printer_DLL!PrintPrimitives::CPortMon::getPrinterDataFromPort_Base+0x267
06 00d7fb9c 00b61200 00000000 00000014 00000100 Printer_DLL!PrintPrimitives::CPortMon::GetPrinterDataFromPort+0xd4
07 00d7fbf0 00b402e6 00d7fd58 00d7fc10 122de300 Printer_DLL!PrintPrimitives::CMyPrinter::refreshStatus_+0x60
08 00d7fc88 00b43834 00d7fd58 00000000 122de194 Printer_DLL!PrintPrimitives::CMyVariant::refreshStatus_+0x86
09 00d7fe1c 00b36424 00000000 00000000 00000000 Printer_DLL!PrintPrimitives::CMyVariant::pollPlusWin32_+0xc4
0a 00d7fe30 00b5bfeb 00000000 00000000 00a9c3d8 Printer_DLL!PrintPrimitives::CMyVariant::poll_+0x14
0b 00d7fe3c 00a9c3d8 122de09c 7c91003d 00c99668 Printer_DLL!PrintPrimitives::CMyPrinter::refreshStatus_+0xb
0c 00d7ff14 00a9c839 122de0f8 7c911432 00c989f8 Printer_DLL!OSBase::CThread::threadMain+0x3a8
0d 00d7ff70 00ae9836 00c99668 122de020 7c91003d Printer_DLL!OSBase::CThread::threadEntryEx+0x49
0e 00d7ffa8 00ae98c0 7c911432 00d7ffec 7c80b713 Printer_DLL!_callthreadstartex+0x1b
0f 00d7ffb4 7c80b713 00c9c5d8 7c91003d 7c911432 Printer_DLL!_threadstartex+0x64
10 00d7ffec 00000000 00ae985c 00c9c5d8 00000000 kernel32!BaseThreadStart+0x37
对g_stMonitor.pfnGetPrinterDataFromPort()的调用来自第05帧。
传递给pfnGetPrinterDataFromPort()的值有效。
0:006> dd 00d7f700
00d7f700 00d7f968 00aaac27 007f67c0 0022003c
00d7f710 00000000 00d7f950 00000008 00ddc058
00d7f720 00000008 00d7f74c 122de6e0 00000000
00d7f730 00dee0b0 00000000 00c90838 00ae7781
00d7f740 00d7f9fc 00000002 00000000 00000000
00d7f750 0022003c 00000002 00000000 00ae7781
00d7f760 00000068 00000002 00000000 00ae7781
00d7f770 00000000 00000002 00000000 00ae7781
m_hPort:007f67c0
dwIOCTLUSB:0022003c(即IOCTL_USBPRINT_VENDOR_GET_COMMAND)
第3个参数在00d7f710
时为NULLbyCmdBuf:00d7f950
0:006> db 00d7f950
00d7f950 14 01 00 00 00 00 00 00-e0 e6 2d 12 90 fb d7 00 ..........-.....
14 01 00是获取状态命令
(DWORD)sizeof byCmdBuf显示8
& vRsp [0]位于00ddc058
地址00d7f720
的大小为8dwLen位于地址00d7f74c
在上面的调用堆栈中,传递给ntdll!RtlEnterCriticalSection的参数是00365db0。这是CRITICAL_SECTION对象的地址。
0:006> dd 00365db0
00365db0 00000000 00000001 00000000 00000000
这表明传递的参数是NULL。这意味着CS未初始化。
!analyze -v显示以下结果:
0:006> !analyze -v
FAULTING_IP: NTDLL!RtlpWaitForCriticalSection + 8C 7c91b1fa ff4010 inc dword ptr [eax + 10h]
EXCEPTION_RECORD:ffffffff - (.exr 0xffffffffffffffff) 异常地址:7c91b1fa(ntdll!RtlpWaitForCriticalSection + 0x0000008c) ExceptionCode:c0000005(访问冲突) ExceptionFlags:00000000 NumberParameters:2 参数[0]:00000001 参数[1]:00000010 尝试写入地址00000010
PROCESS_NAME:spoolsv.exe
ERROR_CODE:(NTSTATUS)0xc0000005 - " 0x%08lx"的指令参考记忆在" 0x%08lx"。记忆不能是"%s"。
EXCEPTION_CODE:(NTSTATUS)0xc0000005 - " 0x%08lx"的指令参考记忆在" 0x%08lx"。记忆不能是"%s"。
EXCEPTION_PARAMETER1:00000001
EXCEPTION_PARAMETER2:00000010
WRITE_ADDRESS:00000010
FOLLOWUP_IP: spoolsv!主+ B 010043cc 6a00推0
NTGLOBALFLAG:0
APPLICATION_VERIFIER_FLAGS:0
APP:spoolsv.exe
CRITICAL_SECTION:00365db0 - (!cs -s 00365db0)
BLOCKING_THREAD:000006bc
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
6 6b8.a2c临界区 - > 0 6b8.6bc文件IO
WAIT_CHAIN_COMMAND:~6s; k ;;〜0s; k ;;
DEFAULT_BUCKET_ID:NULL_CLASS_PTR_WRITE
PRIMARY_PROBLEM_CLASS:NULL_CLASS_PTR_WRITE
FAULTING_THREAD:00000000
BUGCHECK_STR:APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_BlockedOn_FileIO
LAST_CONTROL_TRANSFER:从7c90d9bc到7c90e4f4
STACK_TEXT:
0007fbd0 7c90d9bc 7c801879 0000006c 00000000 ntdll!KiFastSystemCallRet
0007fbd4 7c801879 0000006c 00000000 00000000 ntdll!NtReadFile + 0xc
0007fc3c 77df346b 0000006c 0007fd08 00000216 kernel32!ReadFile + 0x16c
0007fc68 77df32ff 0000006c 0007fd08 00000216 advapi32!ScGetPipeInput + 0x2a
0007fcdc 77df3608 0000006c 0007fd08 00000216 advapi32!ScDispatcherLoop + 0x3f
0007ff3c 010043cc 0100d508 01004729 00000001 advapi32!StartServiceCtrlDispatcherW + 0xe3
0007ff44 01004729 00000001 00363e88 00362a90 spoolsv!main + 0xb
0007ffc0 7c817067 0007fbc8 00000000 7ffd8000 spoolsv!mainCRTStartup + 0x3b
0007fff0 00000000 0100461b 00000000 78746341 kernel32!BaseProcessStart + 0x23
SYMBOL_STACK_INDEX:6
SYMBOL_NAME:spoolsv!main + b
FOLLOWUP_NAME:MachineOwner
MODULE_NAME:spoolsv
IMAGE_NAME:spoolsv.exe
DEBUG_FLR_IMAGE_TIMESTAMP:48025ce1
STACK_COMMAND:dt ntdll!LdrpLastDllInitializer BaseDllName; dt ntdll!LdrpFailureData; 〜0s; KB
FAILURE_BUCKET_ID:NULL_CLASS_PTR_WRITE_c0000005_spoolsv.exe!main
BUCKET_ID:APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_BlockedOn_FileIO_spoolsv!main + b
WATSON_STAGEONE_URL:http://watson.microsoft.com/StageOne/spoolsv_exe/5_1_2600_5512/48025ce1/ntdll_dll/5_1_2600_5512/4802a12c/c0000005/0001b1fa.htm?Retriage=1
在语言监视器启动后以及第一次调用g_stMonitor.pfnGetPrinterDataFromPort时发生崩溃。
以下是我试图解决的问题。
我是WinDDK的新手。任何人都可以帮助我解决这个问题吗?
编辑:
0:006> !cs 00365db0 00d7f6d8 00365d68
-----------------------------------------
DebugInfo = 0x7c97b720
Critical section = 0x003b0608 (+0x3B0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x7c97b740
Critical section = 0x003c0608 (+0x3C0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x7c97b920
Critical section = 0x003e0608 (+0x3E0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x00099168
Critical section = 0x00380608 (+0x380608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x0009e530
Critical section = 0x007b0608 (+0x7B0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x0009e5d0
Critical section = 0x007f0608 (+0x7F0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x0009e648
Critical section = 0x00840608 (+0x840608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a3a30
Critical section = 0x00980608 (+0x980608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a3bf8
Critical section = 0x006f0608 (+0x6F0608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a4738
Critical section = 0x00710608 (+0x710608)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a4a30
Critical section = 0x007124a8 (+0x7124A8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7dd0
Critical section = 0x00c90608 (+0xC90608)
NOT LOCKED
LockSemaphore = 0x850
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7df8
Critical section = 0x00c13328 Printer_DLL!lclcritsects+0x0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7e20
Critical section = 0x00c13340 Printer_DLL!lclcritsects+0x18)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7e48
Critical section = 0x00c13358 Printer_DLL!lclcritsects+0x30)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7e70
Critical section = 0x00c13370 Printer_DLL!lclcritsects+0x48)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7e98
Critical section = 0x00c13388 Printer_DLL!lclcritsects+0x60)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7ec0
Critical section = 0x00c133a0 Printer_DLL!lclcritsects+0x78)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7ee8
Critical section = 0x00c133b8 Printer_DLL!lclcritsects+0x90)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7f10
Critical section = 0x00c133d0 Printer_DLL!lclcritsects+0xA8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7f38
Critical section = 0x00c133e8 Printer_DLL!lclcritsects+0xC0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7f60
Critical section = 0x00c13400 Printer_DLL!lclcritsects+0xD8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7f88
Critical section = 0x00c13418 Printer_DLL!lclcritsects+0xF0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7fb0
Critical section = 0x00c13430 Printer_DLL!lclcritsects+0x108)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a7fd8
Critical section = 0x00c13448 Printer_DLL!lclcritsects+0x120)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a76c8
Critical section = 0x00c13460 Printer_DLL!lclcritsects+0x138)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000a76f0
Critical section = 0x00c12490 Printer_DLL!mtx+0x0)
NOT LOCKED
LockSemaphore = 0x218
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7718
Critical section = 0x00c124a8 Printer_DLL!mtx+0x18)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7740
Critical section = 0x00c124c0 Printer_DLL!mtx+0x30)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7768
Critical section = 0x00c124d8 Printer_DLL!mtx+0x48)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7790
Critical section = 0x00c93e28 (+0xC93E28)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7860
Critical section = 0x00c94bcc (+0xC94BCC)
NOT LOCKED
LockSemaphore = 0x21C
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a78b0
Critical section = 0x00c121ec Printer_DLL!OSBase::g_ShutdownHandler+0x0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a78d8
Critical section = 0x00c96448 (+0xC96448)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7900
Critical section = 0x00c122f4 Printer_DLL!USB80mm::g_evtLog+0x64)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7c80
Critical section = 0x00c95210 (+0xC95210)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a7ca8
Critical section = 0x00c99e14 (+0xC99E14)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a8118
Critical section = 0x00c99f10 (+0xC99F10)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000a81c0
Critical section = 0x00c9ba1c (+0xC9BA1C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa898
Critical section = 0x007f5c3c (+0x7F5C3C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa758
Critical section = 0x007f5cd4 (+0x7F5CD4)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa8c0
Critical section = 0x007f5d6c (+0x7F5D6C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa8e8
Critical section = 0x007f5e04 (+0x7F5E04)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa910
Critical section = 0x007f5e9c (+0x7F5E9C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa938
Critical section = 0x007f5f34 (+0x7F5F34)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa960
Critical section = 0x007f5fcc (+0x7F5FCC)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa988
Critical section = 0x007f6064 (+0x7F6064)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000aa9b0
Critical section = 0x007f6104 (+0x7F6104)
NOT LOCKED
LockSemaphore = 0x3E4
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b3630
Critical section = 0x007b1eb4 (+0x7B1EB4)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b3658
Critical section = 0x007b49d8 (+0x7B49D8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b3790
Critical section = 0x007b1ef0 (+0x7B1EF0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b3d78
Critical section = 0x007f68f4 (+0x7F68F4)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b4088
Critical section = 0x007f698c (+0x7F698C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b0d10
Critical section = 0x007f6a24 (+0x7F6A24)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b42d8
Critical section = 0x007f6c48 (+0x7F6C48)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b4300
Critical section = 0x007f84c8 (+0x7F84C8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000b4328
Critical section = 0x007f9830 (+0x7F9830)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000c0488
Critical section = 0x0036956c (+0x36956C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000ad2f8
Critical section = 0x00c97288 (+0xC97288)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000f9688
Critical section = 0x00c963a8 (+0xC963A8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000f99a8
Critical section = 0x00c9bbf8 (+0xC9BBF8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000f9ef8
Critical section = 0x00c9263c (+0xC9263C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x000e8d50
Critical section = 0x00c9267c (+0xC9267C)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000fa0
-----------------------------------------
DebugInfo = 0x00104290
Critical section = 0x00365db0 (+0x365DB0)
LOCKED
LockCount = 0x1
OwningThread = 0x00000000
RecursionCount = 0x0
LockSemaphore = 0xAA8
SpinCount = 0x00000000
WARNING: critical section DebugInfo = 0x00000000 doesn't point back
to the DebugInfo found in the active critical sections list = 0x00104290.
The critical section was probably reused without calling DeleteCriticalSection.
Cannot read structure field value at 0x00000002, error 0
ntdll!RtlpStackTraceDataBase is NULL. Probably the stack traces are not enabled.
ntdll!RtlpStackTraceDataBase is NULL. Probably the stack traces are not enabled.
-----------------------------------------
DebugInfo = 0x00110fc8
Critical section = 0x00c966e8 (+0xC966E8)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x000e83f8
Critical section = 0x007fc7cc (+0x7FC7CC)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
-----------------------------------------
DebugInfo = 0x0009e028
Critical section = 0x007fd1bc (+0x7FD1BC)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000
答案 0 :(得分:1)
在我看来,您的关键部分已被其他一些使用DeleteCriticalSection API的线程删除。由于这个你当前的线程(程序正在崩溃)试图将EnterCriticalSection调用到已经删除的一个或者可能是这个关键部分没有被InitializeCriticalSection初始化从日志(!cs)
DebugInfo = 0x00104290
Critical section = 0x00365db0 (+0x365DB0)
LOCKED
LockCount = 0x1
OwningThread = 0x00000000
RecursionCount = 0x0
LockSemaphore = 0xAA8
SpinCount = 0x00000000
WARNING: critical section DebugInfo = 0x00000000 doesn't point back
to the DebugInfo found in the active critical sections list = 0x00104290.
The critical section was probably reused without calling DeleteCriticalSection