Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-11971

[PATCH] PAGE_FAULT_IN_NONPAGED_AREA in ftfd!gray_convert_glyph when executing rosautotest (72648)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 0.4.3
    • None
    • September 2016

    Description

      Hello,

      When executing rosautotests under debugger I am observing the following bugcheck:

      BugCheck 50, {e1992ffc, 0, f75b0ee8, 0}
       
      Probably caused by : ftfd.dll ( ftfd!gray_convert_glyph+148 )
       
      Followup: MachineOwner
      ---------
       
      nt!RtlpBreakWithStatusInstruction:
      8051f738 cc              int     3
      kd> !analyze -v
      *******************************************************************************
      *                                                                             *
      *                        Bugcheck Analysis                                    *
      *                                                                             *
      *******************************************************************************
       
      PAGE_FAULT_IN_NONPAGED_AREA (50)
      Invalid system memory was referenced.  This cannot be protected by try-except,
      it must be protected by a Probe.  Typically the address is just plain bad or it
      is pointing at freed memory.
      Arguments:
      Arg1: e1992ffc, memory referenced.
      Arg2: 00000000, value 0 = read operation, 1 = write operation.
      Arg3: f75b0ee8, If non-zero, the instruction address which referenced the bad memory
      	address.
      Arg4: 00000000, (reserved)
       
      Debugging Details:
      ------------------
       
       
      READ_ADDRESS:  e1992ffc 
       
      FAULTING_IP: 
      ftfd!gray_convert_glyph+148 [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftgrays.c @ 1953]
      f75b0ee8 c7049100000000  mov     dword ptr [ecx+edx*4],0
       
      MM_INTERNAL_CODE:  0
       
      IMAGE_NAME:  ftfd.dll
       
      DEBUG_FLR_IMAGE_TIMESTAMP:  57d4396e
       
      MODULE_NAME: ftfd
       
      FAULTING_MODULE: f7549000 ftfd
       
      DEFAULT_BUCKET_ID:  DRIVER_FAULT
       
      BUGCHECK_STR:  0x50
       
      PROCESS_NAME:  gdiplus_winetes
       
      CURRENT_IRQL:  1
       
      TRAP_FRAME:  00000010 -- (.trap 0x10)
      Unable to read trap frame at 00000010
       
      LAST_CONTROL_TRANSFER:  from 8047cbe8 to 8051f738
       
      STACK_TEXT:  
      f6f6306c 8047cbe8 00000003 f6f6337c ffdff408 nt!RtlpBreakWithStatusInstruction
      f6f6309c 8047c1af 00000003 f6f63d14 0012faf8 nt!KiBugCheckDebugBreak+0x38 [c:\users\volodymyr\reactos\ntoskrnl\ke\bug.c @ 538]
      f6f6343c 8047bb80 00000050 e1992ffc 00000000 nt!KeBugCheckWithTf+0x58f [c:\users\volodymyr\reactos\ntoskrnl\ke\bug.c @ 1101]
      f6f6345c 8049ec16 00000050 e1992ffc 00000000 nt!KeBugCheckEx+0x20 [c:\users\volodymyr\reactos\ntoskrnl\ke\bug.c @ 1462]
      f6f635dc 804c1aad 00000000 e1992ffc 00000000 nt!MmArmAccessFault+0x7f6 [c:\users\volodymyr\reactos\ntoskrnl\mm\arm3\pagfault.c @ 2000]
      f6f63600 805038ac 00000000 e1992ffc 00000000 nt!MmAccessFault+0xdd [c:\users\volodymyr\reactos\ntoskrnl\mm\mmfault.c @ 251]
      f6f6364c 804036ff f6f63800 f75b0ee8 badb0d00 nt!KiTrap0EHandler+0x1ec [c:\users\volodymyr\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1278]
      f6f6364c f75b0ee8 f6f63800 f75b0ee8 badb0d00 nt!KiTrap0E+0x8f
      f6f63800 f75b06ed f6f6380c f6f636bc 7ffde000 ftfd!gray_convert_glyph+0x148 [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftgrays.c @ 1953]
      f6f639c4 f75b0bcd e1415354 f6f639d4 f6f63b24 ftfd!gray_raster_render+0x3dd [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftgrays.c @ 2115]
      f6f63a80 f75b0839 e141537c f6f63ad8 00000000 ftfd!ft_smooth_render_generic+0x2fd [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftsmooth.c @ 308]
      f6f63a9c f754ec92 e141537c f6f63ad8 00000000 ftfd!ft_smooth_render+0x29 [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftsmooth.c @ 390]
      f6f63ac4 f75c69dc e1083594 f6f63ad8 00000000 ftfd!FT_Render_Glyph_Internal+0x92 [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\base\ftobjs.c @ 4167]
      f6f63bc0 f76ae451 f6f63c00 00000000 00000000 ftfd!FT_Glyph_To_Bitmap+0x12c [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\base\ftglyph.c @ 568]
      f6f63c0c f76a93a4 e145aa14 00000014 ffffb1e0 win32k!ftGdiGlyphCacheSet+0x71 [c:\documents and settings\volodymyr\reactos\win32ss\gdi\ntgdi\freetype.c @ 1468]
      f6f63c9c f76c69ac e1640e70 00000007 7fffffff win32k!TextIntGetTextExtentPoint+0x304 [c:\documents and settings\volodymyr\reactos\win32ss\gdi\ntgdi\freetype.c @ 2350]
      f6f63cec 8050468b 8e01038d 00134c98 00000007 win32k!NtGdiGetTextExtentExW+0x1cc [c:\documents and settings\volodymyr\reactos\win32ss\gdi\ntgdi\text.c @ 374]
      f6f63d1c 80502a4f f76c67e0 0012fad8 00000020 nt!KiSystemCallTrampoline+0x1b [c:\users\volodymyr\reactos\ntoskrnl\include\internal\i386\ke.h @ 742]
      f6f63d5c 80403e23 0012faf8 7c92c46e badb0d00 nt!KiSystemServiceHandler+0x22f [c:\users\volodymyr\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1738]
      f6f63d5c 7c92c46e 0012faf8 7c92c46e badb0d00 nt!KiFastCallEntry+0x8c
      0012facc 7c6289ac 7c6118f8 8e01038d 00134c98 ntdll!KiFastSystemCallRet
      0012fad0 7c6118f8 8e01038d 00134c98 00000007 gdi32!ZwGdiGetTextExtentExW+0xc
      0012faf8 7a7cb0ed 8e01038d 00134c98 00000007 gdi32!GetTextExtentExPointW+0x28 [c:\users\volodymyr\reactos\win32ss\gdi\gdi32\objects\text.c @ 279]
      0012fb9c 7a7c4c7b 8e01038d 00497f30 00000007 gdiplus!gdip_format_string+0x27d [c:\users\volodymyr\reactos\dll\win32\gdiplus\graphics.c @ 4562]
      0012fc28 00424b20 001356c8 00497f30 ffffffff gdiplus!GdipMeasureString+0x42b [c:\users\volodymyr\reactos\dll\win32\gdiplus\graphics.c @ 4899]
      0012fe30 00417ac7 00000003 0049565e 00000000 gdiplus_winetest!test_GdipMeasureString+0x490 [c:\users\volodymyr\reactos\modules\rostests\winetests\gdiplus\graphics.c @ 3585]
      0012fe78 00493b4e 0012fe8c 00000004 00000000 gdiplus_winetest!func_graphics+0x137 [c:\users\volodymyr\reactos\modules\rostests\winetests\gdiplus\graphics.c @ 5882]
      0012fe90 00493a7c 00134918 ffbadd11 00130fb0 gdiplus_winetest!run_test+0x8e [c:\users\volodymyr\reactos\sdk\include\reactos\wine\test.h @ 697]
      0012ff1c 00495c3c 00000002 001348d0 00131af0 gdiplus_winetest!main+0x18c [c:\users\volodymyr\reactos\sdk\include\reactos\wine\test.h @ 748]
      0012ffb4 00495e61 000000ff 0012fff0 7c76e2c2 gdiplus_winetest!__tmainCRTStartup+0x25c [c:\users\volodymyr\reactos\sdk\lib\crt\startup\crtexe.c @ 311]
      0012ffc0 7c76e2c2 00000000 00000000 7ffde000 gdiplus_winetest!mainCRTStartup+0x21 [c:\users\volodymyr\reactos\sdk\lib\crt\startup\crtexe.c @ 196]
      0012fff0 00000000 00495e40 00000000 ec0100ed kernel32!BaseProcessStartup+0x42 [c:\users\volodymyr\reactos\dll\win32\kernel32\client\proc.c @ 478]
       
       
      STACK_COMMAND:  kb
       
      FOLLOWUP_IP: 
      ftfd!gray_convert_glyph+148 [c:\users\volodymyr\reactos\sdk\lib\3rdparty\freetype\src\smooth\ftgrays.c @ 1953]
      f75b0ee8 c7049100000000  mov     dword ptr [ecx+edx*4],0
       
      FAULTING_SOURCE_CODE:  
        1949:           ras.max_cells = (FT_PtrDist)( FT_MAX_GRAY_POOL - cell_start );
        1950: 
        1951:           ras.ycells = (PCell*)buffer;
        1952:           while ( ycount )
      > 1953:             ras.ycells[--ycount] = NULL;
        1954:         }
        1955: 
        1956:         ras.num_cells = 0;
        1957:         ras.invalid   = 1;
        1958:         ras.min_ey    = band->min;
       
       
      SYMBOL_STACK_INDEX:  8
       
      SYMBOL_NAME:  ftfd!gray_convert_glyph+148
       
      FOLLOWUP_NAME:  MachineOwner
       
      FAILURE_BUCKET_ID:  0x50_ftfd!gray_convert_glyph+148
       
      BUCKET_ID:  0x50_ftfd!gray_convert_glyph+148
       
      Followup: MachineOwner
      ---------

      Looks consistent and I can repro it every time. Full debug log is attached to the ticket.

      Attachments

        1. bsod.png
          25 kB
          vshcherbyna
        2. ftgrays.c.patch
          0.8 kB
          vshcherbyna
        3. full_debug_log.txt
          1.77 MB
          vshcherbyna

        Issue Links

          Activity

            People

              AmineKhaldi AmineKhaldi
              vshcherbyna vshcherbyna
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: