Major Description
Using Dell D531 with ATI drivers from https://mifritscher.de/austausch/reactos/R163694.EXE , I got several crashes - one is here 
Its built with msvc 2017.
It works for some moments, but have tons of FPU save/restore warnings.
(..\ntoskrnl\ke\i386\cpu.c:1371) KeSaveFloatingPointState is not really implemented
|
(..\ntoskrnl\ke\i386\cpu.c:1403) KeRestoreFloatingPointState is not really implemented
|
Log:
|
kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
|
PAGE_FAULT_IN_NONPAGED_AREA (50)
|
Invalid system memory was referenced. This cannot be protected by try-except,
|
it must be protected by a Probe. Typically the address is just plain bad or it
|
is pointing at freed memory.
|
Arguments:
|
Arg1: ba0d3680, memory referenced.
|
Arg2: 00000000, value 0 = read operation, 1 = write operation.
|
Arg3: f30a375b, If non-zero, the instruction address which referenced the bad memory
|
address.
|
Arg4: 00000002, (reserved)
|
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: ba0d3680
|
|
|
FAULTING_IP:
|
ati2dvag+d75b
|
f30a375b 0f6f06 movq mm0,mmword ptr [esi]
|
|
|
MM_INTERNAL_CODE: 2
|
|
|
IMAGE_NAME: ati2dvag.dll
|
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 46aab864
|
|
|
MODULE_NAME: ati2dvag
|
|
|
FAULTING_MODULE: f3096000 ati2dvag
|
|
|
DEFAULT_BUCKET_ID: DRIVER_FAULT
|
|
|
BUGCHECK_STR: 0x50
|
|
|
PROCESS_NAME: csrss.exe
|
|
|
CURRENT_IRQL: 0
|
|
|
LAST_CONTROL_TRANSFER: from 80482208 to 80528658
|
|
|
STACK_TEXT:
|
f0b3d8b4 80482208 00000003 f0b3dbc4 ffdff408 nt!RtlpBreakWithStatusInstruction
|
f0b3d8e4 804817cf 00000003 f0dc1460 ba0d3680 nt!KiBugCheckDebugBreak+0x38 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 538]
|
f0b3dc84 804811a0 00000050 ba0d3680 00000000 nt!KeBugCheckWithTf+0x58f [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1101]
|
f0b3dca4 804a5971 00000050 ba0d3680 00000000 nt!KeBugCheckEx+0x20 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1462]
|
f0b3de38 804c8dab 00000000 ba0d3680 00000000 nt!MmArmAccessFault+0x301 [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\arm3\pagfault.c @ 1761]
|
f0b3de60 8050bc0b 00000000 ba0d3680 00000000 nt!MmAccessFault+0xdb [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\mmfault.c @ 251]
|
f0b3decc 804036ff f0b3df5c f30a375b badb0d00 nt!KiTrap0EHandler+0x2eb [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1340]
|
f0b3decc f30a375b f0b3df5c f30a375b badb0d00 nt!KiTrap0E+0x8f
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
f0b3df5c f30a011a f0dc1e60 ba0d2c80 00000a00 ati2dvag+0xd75b
|
f0b3e5c0 f30d2df6 000000ff 0000ff00 00ff0000 ati2dvag+0xa11a
|
f0b3e650 f31dc280 e2e37878 e32e9010 00000000 ati2dvag+0x3cdf6
|
f0b3e6d8 f3267807 e2e37878 e32e9010 00000000 win32k!IntEngBitBlt+0x270 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\eng\bitblt.c @ 704]
|
f0b3e7d4 f3266ea0 090100a3 00000000 00000000 win32k!NtGdiMaskBlt+0x557 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 489]
|
f0b3e810 8050ca4b 090100a3 00000000 00000000 win32k!NtGdiBitBlt+0x90 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 197]
|
f0b3e84c 8050acaf f3266e10 010cfc94 0000002c nt!KiSystemCallTrampoline+0x1b [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
|
f0b3e88c 80403e23 010cfcc4 7c92cffe badb0d00 nt!KiSystemServiceHandler+0x22f [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
|
f0b3e88c 7c92cffe 010cfcc4 7c92cffe badb0d00 nt!KiFastCallEntry+0x8c
|
010cfc88 7c62a62d 7c60e4f2 090100a3 00000000 ntdll!KiFastSystemCallRet
|
010cfc8c 7c60e4f2 090100a3 00000000 00000000 gdi32!ZwGdiBitBlt+0xc
|
010cfcc4 7a8a5d7a 090100a3 00000000 00000000 gdi32!BitBlt+0xc2 [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]
|
010cfd44 7a8a36ca 00254050 7c52e5b0 00227c10 winsrv!OnPaint+0xda [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 1029]
|
010cfda4 7c551b7a 00020096 0000000f 00000000 winsrv!ConWndProc+0x1fa [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 2219]
|
010cfdd4 7c543daf 7a8a34d0 00020096 0000000f user32!CALL_EXTERN_WNDPROC+0x1a
|
010cfe74 7c54847d 00b25760 00020096 0000000f user32!IntCallWindowProcW+0x4cf [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 1522]
|
010cfee8 7c92cf51 010cff00 00000020 010cff50 user32!User32CallWindowProcFromKernel+0x23d [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 2975]
|
010cff60 7a8a1e0e 010cff6c 00020096 0000000f ntdll!KiUserCallbackDispatcher+0x2e
|
010cfff4 00000000 00227c10 ffff00ff 00ffff00 winsrv!GuiConsoleInputThread+0x2ae [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 235]
|
|
|
|
|
STACK_COMMAND: kb
|
|
|
FOLLOWUP_IP:
|
ati2dvag+d75b
|
f30a375b 0f6f06 movq mm0,mmword ptr [esi]
|
|
|
SYMBOL_STACK_INDEX: 8
|
|
|
SYMBOL_NAME: ati2dvag+d75b
|
|
|
FOLLOWUP_NAME: MachineOwner
|
|
|
FAILURE_BUCKET_ID: 0x50_ati2dvag+d75b
|
|
|
BUCKET_ID: 0x50_ati2dvag+d75b
|
|
|
Followup: MachineOwner
|
---------
|
Backtrace:
f0b3d8b4 80482208 nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
|
f0b3d8e4 804818b0 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 4)+0x38 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 538]
|
f0b3dc84 804811a0 nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0x50, unsigned long BugCheckParameter1 = 0xba0d3680, unsigned long BugCheckParameter2 = 0, unsigned long BugCheckParameter3 = 0xf0b3ded4, unsigned long BugCheckParameter4 = 2, struct _KTRAP_FRAME * TrapFrame = 0xf0b3ded4)+0x670 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1200]
|
f0b3dca4 804a5971 nt!KeBugCheckEx(unsigned long BugCheckCode = 0x50, unsigned long BugCheckParameter1 = 0xba0d3680, unsigned long BugCheckParameter2 = 0, unsigned long BugCheckParameter3 = 0xf0b3ded4, unsigned long BugCheckParameter4 = 2)+0x20 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\bug.c @ 1462]
|
f0b3de38 804c8dab nt!MmArmAccessFault(unsigned long FaultCode = 0, void * Address = 0xba0d3680, char Mode = 0n0 '', void * TrapInformation = 0xf0b3ded4)+0x301 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\arm3\pagfault.c @ 1761]
|
f0b3de60 8050bc0b nt!MmAccessFault(unsigned long FaultCode = 0, void * Address = 0xba0d3680, char Mode = 0n0 '', void * TrapInformation = 0xf0b3ded4)+0xdb (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\mm\mmfault.c @ 251]
|
f0b3decc 804036ff nt!KiTrap0EHandler(struct _KTRAP_FRAME * TrapFrame = 0xf0b3ded4)+0x2eb (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1340]
|
f0b3decc f30a375b nt!KiTrap0E+0x8f (FPO: [0,0] TrapFrame @ f0b3ded4)
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
f0b3df5c f30a011a ati2dvag+0xd75b
|
f0b3e5c0 f30d2df6 ati2dvag+0xa11a
|
f0b3e650 f31dc280 ati2dvag+0x3cdf6
|
f0b3e6d8 f3267807 win32k!IntEngBitBlt(struct _SURFOBJ * psoTrg = 0xe2e37878, struct _SURFOBJ * psoSrc = 0xe32e9010, struct _SURFOBJ * psoMask = 0x00000000, struct _CLIPOBJ * pco = 0x00000000, struct _XLATEOBJ * pxlo = 0xf0b3e70c, struct _RECTL * prclTrg = 0xf0b3e7a8, struct _POINTL * pptlSrc = 0xf0b3e684, struct _POINTL * pptlMask = 0xf0b3e74c, struct _BRUSHOBJ * pbo = 0xe2e36e24, struct _POINTL * pptlBrush = 0xe10b9970, unsigned long Rop4 = 0xcccc)+0x270 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\eng\bitblt.c @ 704]
|
f0b3e7d4 f3266ea0 win32k!NtGdiMaskBlt(struct HDC__ * hdcDest = 0x090100a3, int nXDest = 0n0, int nYDest = 0n0, int nWidth = 0n-2055881496, int nHeight = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int nXSrc = 0n2055881475, int nYSrc = 0n131222, struct HBITMAP__ * hbmMask = 0x00000000, int xMask = 0n0, int yMask = 0n0, unsigned long dwRop4 = 0xcccc0020, unsigned long crBackColor = 0)+0x557 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 489]
|
f0b3e810 8050ca4b win32k!NtGdiBitBlt(struct HDC__ * hDCDest = 0x090100a3, int XDest = 0n0, int YDest = 0n0, int Width = 0n-2055881496, int Height = 0n2310074, struct HDC__ * hDCSrc = 0x010100eb, int XSrc = 0n2055881475, int YSrc = 0n131222, unsigned long dwRop = 0xcc0020, unsigned long crBackColor = 0, unsigned long fl = 0)+0x90 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\ntgdi\bitblt.c @ 197]
|
f0b3e84c 8050acaf nt!KiSystemCallTrampoline(void * Handler = 0xf3266e10, void * Arguments = 0x010cfc94, unsigned long StackBytes = 0x2c)+0x1b (FPO: [Non-Fpo]) (CONV: cdecl) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\include\internal\i386\ke.h @ 748]
|
f0b3e88c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf0b3e894, void * Arguments = 0x010cfc94)+0x22f (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1813]
|
f0b3e88c 7c92cffe nt!KiFastCallEntry+0x8c (FPO: [0,0] TrapFrame @ f0b3e894)
|
010cfc88 7c62a62d ntdll!KiFastSystemCallRet (FPO: [0,0,0])
|
010cfc8c 7c60e4f2 gdi32!ZwGdiBitBlt+0xc (FPO: [0,0,0])
|
010cfcc4 7a8a5d7a gdi32!BitBlt(struct HDC__ * hdcDest = 0x090100a3, int xDest = 0n0, int yDest = 0n0, int cx = 0n-2055881496, int cy = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int xSrc = 0n2055881475, int ySrc = 0n131222, unsigned long dwRop = 0xcc0020)+0xc2 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]
|
010cfd44 7a8a36ca winsrv!OnPaint(struct _GUI_CONSOLE_DATA * GuiData = 0x00254050)+0xda (FPO: [Non-Fpo]) (CONV: cdecl) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 1029]
|
010cfda4 7c551b7a winsrv!ConWndProc(struct HWND__ * hWnd = 0x00020096, unsigned int msg = 0xf, unsigned int wParam = 0, long lParam = 0n0)+0x1fa (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\conwnd.c @ 2219]
|
010cfdd4 7c543daf user32!CALL_EXTERN_WNDPROC+0x1a (FPO: [0,0,0])
|
010cfe74 7c54847d user32!IntCallWindowProcW(int IsAnsiProc = 0n0, <function> * WndProc = 0x7a8a34d0, struct _WND * pWnd = 0x00b25760, struct HWND__ * hWnd = 0x00020096, unsigned int Msg = 0xf, unsigned int wParam = 0, long lParam = 0n0)+0x4cf (FPO: [Non-Fpo]) (CONV: fastcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 1522]
|
010cfee8 7c92cf51 user32!User32CallWindowProcFromKernel(void * Arguments = 0x010cff00, unsigned long ArgumentLength = 0x20)+0x23d (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\user32\windows\message.c @ 2975]
|
010cff60 7a8a1e0e ntdll!KiUserCallbackDispatcher+0x2e
|
010cfff4 00000000 winsrv!GuiConsoleInputThread(void * Param = 0x00227c10)+0x2ae (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\user\winsrv\consrv\frontends\gui\guiterm.c @ 235]
|
Initial finding:
010cfcc4 7a8a5d7a gdi32!BitBlt(struct HDC__ * hdcDest = 0x090100a3, int xDest = 0n0, int yDest = 0n0, int cx = 0n-2055881496, int cy = 0n2310074, struct HDC__ * hdcSrc = 0x010100eb, int xSrc = 0n2055881475, int ySrc = 0n131222, unsigned long dwRop = 0xcc0020)+0xc2 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\users\michaelfritscher\documents\privat\reactos\reactos\win32ss\gdi\gdi32\objects\painting.c @ 447]
|
The arguments seem to be borked...