Details
Major Description
- Go past the boot screen, press any button
Nothing happens except it gets kicked into kdb.
Apologies. Here is the backtrace:
Eip:
|
<ntoskrnl.exe:159219 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
|
Frames:
|
<ntoskrnl.exe:8bb2b (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
|
<ntoskrnl.exe:8c114 (ntoskrnl/ke/bug.c:1494 (KeBugCheckEx))>
|
<ntoskrnl.exe:1950b4 (ntoskrnl/ps/psmgr.c:303 (PsLocateSystemDll))>
|
<ntoskrnl.exe:18bbdd (ntoskrnl/io/iomgr/iomgr.c:643 (IoInitSystem))>
|
<ntoskrnl.exe:186a9a (ntoskrnl/ex/init.c:1805 (Phase1InitializationDiscard))>
|
<ntoskrnl.exe:3319a (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
|
<ntoskrnl.exe:11f254 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
|
<ntoskrnl.exe:138df5 (ntoskrnl/ke/i386/thrdini.c:85 (KiThreadStartup))>
|
<ntoskrnl.exe:11f21b (ntoskrnl/ps/state.c:607 (NtQueueApcThread))>
|
<5d8950ec>
|
Couldn't access memory at 0x83E58959!
|
Debug logs attached below.
Some pieces of information that looked interesting that I turned up are:
(ntoskrnl/cc/pin.c:398) CcMapData(FileObject 0xB49C4238, FileOffset 0, Length 108, Flags 0x1, pBcb 0xF76845AC, pBuffer 0xF76845A0)
|
(ntoskrnl/cc/pin.c:91) SectionSize 800, FileSize 6c
|
(ntoskrnl/cc/pin.c:449) FileObject=B49C4238 FileOffset=F768422C Length=108 Flags=0x1 -> 1 Bcb=B49C2ED8
|
(ntoskrnl/cc/pin.c:398) CcMapData(FileObject 0xB49C24D8, FileOffset 0, Length 2048, Flags 0x1, pBcb 0xF7684238, pBuffer 0xF768422C)
|
(ntoskrnl/cc/pin.c:91) SectionSize 800, FileSize 800
|
|
|
(ntoskrnl/cc/pin.c:143) FileObject=B49C24D8 FileOffset=F768413C Length=2048 Flags=0x11 -> FALSE
|
(ntoskrnl/cc/pin.c:595) Bcb=B49C2ED8
|
(ntoskrnl/cc/pin.c:612) Bcb=B49C2ED8 ResourceThreadId=3033201432
|
Here's some more info I managed to dig up:
(drivers/storage/scsiport/scsiport.c:2572) ScsiPortDispatchScsi(DeviceObject B4CBC560 Irp B4CD2160)
|
(drivers/storage/scsiport/scsiport.c:2591) Srb: B4CD09A4
|
(drivers/storage/scsiport/scsiport.c:2592) Srb>Function: 21-
|
(drivers/storage/scsiport/scsiport.c:2593) PathId: 0 TargetId: 0 Lun: 0
|
(drivers/storage/scsiport/scsiport.c:3373) SpiGetLunExtension(B4CBC618 0 0 0) called
|
(drivers/storage/scsiport/scsiport.c:2715) SRB_FUNCTION_FLUSH_QUEUE
|
(drivers/storage/scsiport/scsiport.c:5077) ScsiPortDpcForIsr() done
|
I've found that the area that turns the status to STATUS_VERIFY_REQUIRED is in this file:
drivers/storage/class/class2/class2.c
and the lines of code are this
if (DeviceObject->Flags & DO_VERIFY_VOLUME && |
!(currentIrpStack->Flags & SL_OVERRIDE_VERIFY_VOLUME)) {
|
|
|
// |
// if DO_VERIFY_VOLUME bit is set |
// in device object flags, fail request. |
// |
|
|
IoSetHardErrorOrVerifyDevice(Irp, DeviceObject);
|
|
|
Irp->IoStatus.Status = STATUS_VERIFY_REQUIRED;
|
Irp->IoStatus.Information = 0; |
|
|
IoCompleteRequest(Irp, 0); |
return STATUS_VERIFY_REQUIRED; |
}
|
Now, the reason why this is going through is that this expression:
DeviceObject->Flags & DO_VERIFY_VOLUME
|
The place that the flags take a strange value of 152 on real hardware is after deviosup.c calls this:
(VOID)KeWaitForSingleObject( &Vcb->SectorCacheEvent,
|
Executive,
|
KernelMode,
|
FALSE,
|
NULL );
|
I've tracked down where the STATUS_VERIFY_REQUIRED flag is set.
class2.c: ScsiClassInterpretSenseInfo
in this place, lines 2455 to 2466:
if (DeviceObject->Characteristics & FILE_REMOVABLE_MEDIA && |
DeviceObject->Vpb->Flags & VPB_MOUNTED) {
|
|
|
// |
// Set bit to indicate that media may have changed |
// and volume needs verification. |
// |
|
|
DeviceObject->Flags |= DO_VERIFY_VOLUME;
|
|
|
*Status = STATUS_VERIFY_REQUIRED;
|
retry = FALSE
|
Here are two interesting statuses I found.
When ReactOS attempts to verify the volume, it ends up with the status:
STATUS_IO_DEVICE_ERROR
|
That's kind of generic.
Yet, earlier on I noticed this earlier in the verification process this status:
STATUS_CANT_WAIT
|
I believe I found the place where it sets the status of
STATUS_IO_DEVICE_ERROR
|
drivers/storage/class/cdrom/cdrom.c in function CdRomUpdateCapacity, line 7285
// |
// Set the return value in the IRP that will be completed |
// upon completion of the read capacity. |
// |
|
|
IrpToComplete->IoStatus.Status = STATUS_IO_DEVICE_ERROR;
|
IoMarkIrpPending(IrpToComplete);
|
|
|
IoCallDriver(DeviceExtension->PortDeviceObject, irp);
|
|
|
// |
// status is not checked because the completion routine for this |
// IRP will always get called and it will free the resources. |
// |
|
|
return STATUS_PENDING; |
I have suspicion that a completion routine doesn't currently exist for this particular situation, or it does, but is not properly put onto the Stack.
Here is the relevant part of the log I've created that I'm going off of:
(drivers/storage/class/cdrom/cdrom.c:7355) End of CdRomUpdateCapacity
|
(drivers/storage/class/cdrom/cdrom.c:3134) realIrp->IoStatus.Status: C0000185
|
(drivers/storage/class/cdrom/cdrom.c:3135) realIrp: B49C1B78
|
(drivers/storage/port/scsiport/scsiport.c:4602) In SpiCompletionRoutine after IoCompleteRequest, InitialIrp->IoStatus.Status: 00000000
|
(drivers/storage/port/scsiport/scsiport.c:4392) 1 Irp->IoStatus.Status: 00000000
|
(drivers/storage/port/scsiport/scsiport.c:4406) 2 Irp->IoStatus.Status: 00000000
|
(drivers/storage/port/scsiport/scsiport.c:4407) First return
|
(drivers/storage/port/scsiport/scsiport.c:4244) SpiProcessCompletedRequest()
|
(drivers/storage/port/scsiport/scsiport.c:4390) 0 Irp->IoStatus.Status: 00000000
|
(ntoskrnl/io/iomgr/irp.c:1335) Irp: B49C0008
|
(ntoskrnl/io/iomgr/irp.c:1336) Irp->IoStatus: 00000000
|
(ntoskrnl/io/iomgr/irp.c:1337) Irp->IoStatus.Status: 00000000
|
(ntoskrnl/io/iomgr/irp.c:1409) StackPtr->CompletionRoutine: F7A4B25D
|
(drivers/storage/class/cdrom/cdrom.c:6985) CdRomUpdateGeometryCompletion() Irp: B49C0008
|
(drivers/storage/class/cdrom/cdrom.c:6986) CdRomUpdateGeometryCompletion: F7A4B25D
|
(drivers/storage/class/cdrom/cdrom.c:6995) originalIrp->IoStatus.Status: C0000185
|
(drivers/storage/class/cdrom/cdrom.c:6996) originalIrp: B49C1B78
|
(drivers/storage/class/cdrom/cdrom.c:6997) CdRomUpdateGeometryCompletion Irp->IoStatus.Status: 00000000
|
(ntoskrnl/io/iomgr/irp.c:1335) Irp: B49C1B78
|
(ntoskrnl/io/iomgr/irp.c:1336) Irp->IoStatus: C0000185
|
(ntoskrnl/io/iomgr/irp.c:1337) Irp->IoStatus.Status: C0000185
|
(ntoskrnl/io/iomgr/irp.c:1421) No more completion routines...
|