Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-14463

Crash in consrv if using x1270 driver

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.10
    • Component/s: Win32SS
    • Labels:
      None

      Description

      Using Dell D531 with ATI drivers from https://mifritscher.de/austausch/reactos/R163694.EXE , I got several crashes - one is here Its built with msvc 2017.

      It works for some moments, but have tons of  FPU save/restore warnings.

      (..\ntoskrnl\ke\i386\cpu.c:1371) KeSaveFloatingPointState is not really implemented
      (..\ntoskrnl\ke\i386\cpu.c:1403) KeRestoreFloatingPointState is not really implemented

      Log:

       
      kd> !analyze -v
      *******************************************************************************
      *                                                                             *
      *                        Bugcheck Analysis                                    *
      *                                                                             *
      *******************************************************************************
       
      PAGE_FAULT_IN_NONPAGED_AREA (50)
      Invalid system memory was referenced.  This cannot be protected by try-except,
      it must be protected by a Probe.  Typically the address is just plain bad or it
      is pointing at freed memory.
      Arguments:
      Arg1: ba0d3680, memory referenced.
      Arg2: 00000000, value 0 = read operation, 1 = write operation.
      Arg3: f30a375b, If non-zero, the instruction address which referenced the bad memory
          address.
      Arg4: 00000002, (reserved)
       
      Debugging Details:
      ------------------
       
      READ_ADDRESS:  ba0d3680 
       
      FAULTING_IP: 
      ati2dvag+d75b
      f30a375b 0f6f06          movq    mm0,mmword ptr [esi]
       
      MM_INTERNAL_CODE:  2
       
      IMAGE_NAME:  ati2dvag.dll
       
      DEBUG_FLR_IMAGE_TIMESTAMP:  46aab864
       
      MODULE_NAME: ati2dvag
       
      FAULTING_MODULE: f3096000 ati2dvag
       
      DEFAULT_BUCKET_ID:  DRIVER_FAULT
       
      BUGCHECK_STR:  0x50
       
      PROCESS_NAME:  csrss.exe
       
      CURRENT_IRQL:  0
       
      LAST_CONTROL_TRANSFER:  from 80482208 to 80528658
       
      STACK_TEXT:  
      f0b3d8b4 80482208 00000003 f0b3dbc4 ffdff408 nt!RtlpBreakWithStatusInstruction
      f0b3d8e4 804817cf 00000003 f0dc1460 ba0d3680 nt!KiBugCheckDebugBreak+0x38 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 538]
      f0b3dc84 804811a0 00000050 ba0d3680 00000000 nt!KeBugCheckWithTf+0x58f [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1101]
      f0b3dca4 804a5971 00000050 ba0d3680 00000000 nt!KeBugCheckEx+0x20 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1462]
      f0b3de38 804c8dab 00000000 ba0d3680 00000000 nt!MmArmAccessFault+0x301 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\arm3\pagfault.c @ 1761]
      f0b3de60 8050bc0b 00000000 ba0d3680 00000000 nt!MmAccessFault+0xdb [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\mmfault.c @ 251]
      f0b3decc 804036ff f0b3df5c f30a375b badb0d00 nt!KiTrap0EHandler+0x2eb [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1340]
      f0b3decc f30a375b f0b3df5c f30a375b badb0d00 nt!KiTrap0E+0x8f
      WARNING: Stack unwind information not available. Following frames may be wrong.
      f0b3df5c f30a011a f0dc1e60 ba0d2c80 00000a00 ati2dvag+0xd75b
      f0b3e5c0 f30d2df6 000000ff 0000ff00 00ff0000 ati2dvag+0xa11a
      f0b3e650 f31dc280 e2e37878 e32e9010 00000000 ati2dvag+0x3cdf6
      f0b3e6d8 f3267807 e2e37878 e32e9010 00000000 win32k!IntEngBitBlt+0x270 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\eng\bitblt.c @ 704]
      f0b3e7d4 f3266ea0 090100a3 00000000 00000000 win32k!NtGdiMaskBlt+0x557 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 489]
      f0b3e810 8050ca4b 090100a3 00000000 00000000 win32k!NtGdiBitBlt+0x90 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 197]
      f0b3e84c 8050acaf f3266e10 010cfc94 0000002c nt!KiSystemCallTrampoline+0x1b [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
      f0b3e88c 80403e23 010cfcc4 7c92cffe badb0d00 nt!KiSystemServiceHandler+0x22f [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
      f0b3e88c 7c92cffe 010cfcc4 7c92cffe badb0d00 nt!KiFastCallEntry+0x8c
      010cfc88 7c62a62d 7c60e4f2 090100a3 00000000 ntdll!KiFastSystemCallRet
      010cfc8c 7c60e4f2 090100a3 00000000 00000000 gdi32!ZwGdiBitBlt+0xc
      010cfcc4 7a8a5d7a 090100a3 00000000 00000000 gdi32!BitBlt+0xc2 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]
      010cfd44 7a8a36ca 00254050 7c52e5b0 00227c10 winsrv!OnPaint+0xda [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 1029]
      010cfda4 7c551b7a 00020096 0000000f 00000000 winsrv!ConWndProc+0x1fa [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 2219]
      010cfdd4 7c543daf 7a8a34d0 00020096 0000000f user32!CALL_EXTERN_WNDPROC+0x1a
      010cfe74 7c54847d 00b25760 00020096 0000000f user32!IntCallWindowProcW+0x4cf [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 1522]
      010cfee8 7c92cf51 010cff00 00000020 010cff50 user32!User32CallWindowProcFromKernel+0x23d [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 2975]
      010cff60 7a8a1e0e 010cff6c 00020096 0000000f ntdll!KiUserCallbackDispatcher+0x2e
      010cfff4 00000000 00227c10 ffff00ff 00ffff00 winsrv!GuiConsoleInputThread+0x2ae [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 235]
       
       
      STACK_COMMAND:  kb
       
      FOLLOWUP_IP: 
      ati2dvag+d75b
      f30a375b 0f6f06          movq    mm0,mmword ptr [esi]
       
      SYMBOL_STACK_INDEX:  8
       
      SYMBOL_NAME:  ati2dvag+d75b
       
      FOLLOWUP_NAME:  MachineOwner
       
      FAILURE_BUCKET_ID:  0x50_ati2dvag+d75b
       
      BUCKET_ID:  0x50_ati2dvag+d75b
       
      Followup: MachineOwner
      ---------

      Backtrace:

      f0b3d8b4 80482208 nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
       f0b3d8e4 804818b0 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 4)+0x38 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 538]
       f0b3dc84 804811a0 nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0x50, unsigned long BugCheckParameter1 = 0xba0d3680, unsigned long BugCheckParameter2 = 0, unsigned long BugCheckParameter3 = 0xf0b3ded4, unsigned long BugCheckParameter4 = 2, struct _KTRAP_FRAME * TrapFrame = 0xf0b3ded4)+0x670 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1200]
       f0b3dca4 804a5971 nt!KeBugCheckEx(unsigned long BugCheckCode = 0x50, unsigned long BugCheckParameter1 = 0xba0d3680, unsigned long BugCheckParameter2 = 0, unsigned long BugCheckParameter3 = 0xf0b3ded4, unsigned long BugCheckParameter4 = 2)+0x20 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1462]
       f0b3de38 804c8dab nt!MmArmAccessFault(unsigned long FaultCode = 0, void * Address = 0xba0d3680, char Mode = 0n0 '', void * TrapInformation = 0xf0b3ded4)+0x301 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\arm3\pagfault.c @ 1761]
       f0b3de60 8050bc0b nt!MmAccessFault(unsigned long FaultCode = 0, void * Address = 0xba0d3680, char Mode = 0n0 '', void * TrapInformation = 0xf0b3ded4)+0xdb (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\mmfault.c @ 251]
       f0b3decc 804036ff nt!KiTrap0EHandler(struct _KTRAP_FRAME * TrapFrame = 0xf0b3ded4)+0x2eb (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1340]
       f0b3decc f30a375b nt!KiTrap0E+0x8f (FPO: [0,0] TrapFrame @ f0b3ded4)
       WARNING: Stack unwind information not available. Following frames may be wrong.
       f0b3df5c f30a011a ati2dvag+0xd75b
       f0b3e5c0 f30d2df6 ati2dvag+0xa11a
       f0b3e650 f31dc280 ati2dvag+0x3cdf6
       f0b3e6d8 f3267807 win32k!IntEngBitBlt(struct _SURFOBJ * psoTrg = 0xe2e37878, struct _SURFOBJ * psoSrc = 0xe32e9010, struct _SURFOBJ * psoMask = 0x00000000, struct _CLIPOBJ * pco = 0x00000000, struct _XLATEOBJ * pxlo = 0xf0b3e70c, struct _RECTL * prclTrg = 0xf0b3e7a8, struct _POINTL * pptlSrc = 0xf0b3e684, struct _POINTL * pptlMask = 0xf0b3e74c, struct _BRUSHOBJ * pbo = 0xe2e36e24, struct _POINTL * pptlBrush = 0xe10b9970, unsigned long Rop4 = 0xcccc)+0x270 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\eng\bitblt.c @ 704]
       f0b3e7d4 f3266ea0 win32k!NtGdiMaskBlt(struct HDC__ * hdcDest = 0x090100a3, int nXDest = 0n0, int nYDest = 0n0, int nWidth = 0n-2055881496, int nHeight = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int nXSrc = 0n2055881475, int nYSrc = 0n131222, struct HBITMAP__ * hbmMask = 0x00000000, int xMask = 0n0, int yMask = 0n0, unsigned long dwRop4 = 0xcccc0020, unsigned long crBackColor = 0)+0x557 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 489]
       f0b3e810 8050ca4b win32k!NtGdiBitBlt(struct HDC__ * hDCDest = 0x090100a3, int XDest = 0n0, int YDest = 0n0, int Width = 0n-2055881496, int Height = 0n2310074, struct HDC__ * hDCSrc = 0x010100eb, int XSrc = 0n2055881475, int YSrc = 0n131222, unsigned long dwRop = 0xcc0020, unsigned long crBackColor = 0, unsigned long fl = 0)+0x90 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 197]
       f0b3e84c 8050acaf nt!KiSystemCallTrampoline(void * Handler = 0xf3266e10, void * Arguments = 0x010cfc94, unsigned long StackBytes = 0x2c)+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
       f0b3e88c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf0b3e894, void * Arguments = 0x010cfc94)+0x22f (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
       f0b3e88c 7c92cffe nt!KiFastCallEntry+0x8c (FPO: [0,0] TrapFrame @ f0b3e894)
       010cfc88 7c62a62d ntdll!KiFastSystemCallRet (FPO: [0,0,0])
       010cfc8c 7c60e4f2 gdi32!ZwGdiBitBlt+0xc (FPO: [0,0,0])
       010cfcc4 7a8a5d7a gdi32!BitBlt(struct HDC__ * hdcDest = 0x090100a3, int xDest = 0n0, int yDest = 0n0, int cx = 0n-2055881496, int cy = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int xSrc = 0n2055881475, int ySrc = 0n131222, unsigned long dwRop = 0xcc0020)+0xc2 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]
       010cfd44 7a8a36ca winsrv!OnPaint(struct _GUI_CONSOLE_DATA * GuiData = 0x00254050)+0xda (FPO: [Non-Fpo]) (CONV: cdecl) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 1029]
       010cfda4 7c551b7a winsrv!ConWndProc(struct HWND__ * hWnd = 0x00020096, unsigned int msg = 0xf, unsigned int wParam = 0, long lParam = 0n0)+0x1fa (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 2219]
       010cfdd4 7c543daf user32!CALL_EXTERN_WNDPROC+0x1a (FPO: [0,0,0])
       010cfe74 7c54847d user32!IntCallWindowProcW(int IsAnsiProc = 0n0, <function> * WndProc = 0x7a8a34d0, struct _WND * pWnd = 0x00b25760, struct HWND__ * hWnd = 0x00020096, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n0)+0x4cf (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 1522]
       010cfee8 7c92cf51 user32!User32CallWindowProcFromKernel(void * Arguments = 0x010cff00, unsigned long ArgumentLength = 0x20)+0x23d (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 2975]
       010cff60 7a8a1e0e ntdll!KiUserCallbackDispatcher+0x2e
       010cfff4 00000000 winsrv!GuiConsoleInputThread(void * Param = 0x00227c10)+0x2ae (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 235]

      Initial finding:

      010cfcc4 7a8a5d7a gdi32!BitBlt(struct HDC__ * hdcDest = 0x090100a3, int xDest = 0n0, int yDest = 0n0, int cx = 0n-2055881496, int cy = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int xSrc = 0n2055881475, int ySrc = 0n131222, unsigned long dwRop = 0xcc0020)+0xc2 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]

      The arguments seem to be borked...

        Attachments

        1. consrv.log
          6 kB
        2. log.log
          5 kB

          Activity

            People

            • Assignee:
              ThePhysicist Timo Kreuzer
              Reporter:
              mifritscher mifritscher
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: