Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
0.4.15-dev-3634-g983d9a1 https://github.com/reactos/reactos/commit/983d9a1c2a1fcf0bb8483384505c3babc4c72f3c
Description
0.4.15-dev-3634-g983d9a1c2a1
According to !analyze v the function pointer VBEDeviceExtension>Int10Interface.Int10CallBios is invalid, and this is indeed the case.
BOOT DRIVERS LOADED
|
(drivers\storage\port\scsiport\ioctl.c:542) unknown ioctl code: 0x66001B
|
(ntoskrnl\mm\ARM3\sysldr.c:182) Loading: \SystemRoot\system32\drivers\vgapnp.sys at F7813000 with 9 pages
|
(ntoskrnl\mm\ARM3\sysldr.c:182) Loading: \SystemRoot\system32\drivers\videoprt.sys at F77F4000 with 1f pages
|
(win32ss\drivers\videoprt\registry.c:315) Failed to open device software key. Status 0xc0000034
|
(ntoskrnl\io\pnpmgr\pnpres.c:648) Resource conflict: IRQ (0x9 0x9 vs. 0x9 0x9)
|
(ntoskrnl\io\pnpmgr\pnpres.c:112) Satisfying memory requirement with 0xa0000 (length: 0x20000)
|
(ntoskrnl\io\pnpmgr\pnpres.c:648) Resource conflict: IRQ (0x9 0x9 vs. 0x9 0x9)
|
(ntoskrnl\ps\thread.c:119) PS: Unhandled Kernel Mode Exception Pointers = 0xF785F1CC
|
(ntoskrnl\ps\thread.c:126) Code c0000005 Addr 80553FD8 Info0 00000000 Info1 00000000 Info2 00000000 Info3 CCCCCCCC
|
|
|
*** Fatal System Error: 0x0000007e
|
(0xC0000005,0x80553FD8,0xF785F684,0xF785F374)
|
|
|
Break instruction exception - code 80000003 (first chance)
|
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
|
A fatal system error has occurred.
|
|
|
For analysis of this file, run !analyze -v
|
nt!RtlpBreakWithStatusInstruction:
|
80572c78 cc int 3
|
Processing initial command '.load E:\Projects\windbgext\Debug\sampext.dll'
|
kd> .load E:\Projects\windbgext\Debug\sampext.dll
|
kd> kp
|
# ChildEBP RetAddr
|
00 f785ed60 804a5338 nt!RtlpBreakWithStatusInstruction
|
01 f785ed90 804a4416 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 3)+0x38 [R:\src\dev\ntoskrnl\ke\bug.c @ 500]
|
02 f785f158 804a3cb0 nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0x7e, unsigned long BugCheckParameter1 = 0xc0000005, unsigned long BugCheckParameter2 = 0x80553fd8, unsigned long BugCheckParameter3 = 0xf785f684, unsigned long BugCheckParameter4 = 0xf785f374, struct _KTRAP_FRAME * TrapFrame = 0x00000000)+0x6b6 [R:\src\dev\ntoskrnl\ke\bug.c @ 1071]
|
03 f785f178 8052d7b6 nt!KeBugCheckEx(unsigned long BugCheckCode = 0x7e, unsigned long BugCheckParameter1 = 0xc0000005, unsigned long BugCheckParameter2 = 0x80553fd8, unsigned long BugCheckParameter3 = 0xf785f684, unsigned long BugCheckParameter4 = 0xf785f374)+0x20 [R:\src\dev\ntoskrnl\ke\bug.c @ 1419]
|
04 f785f1a4 8052d5bf nt!PspUnhandledExceptionInSystemThread(struct _EXCEPTION_POINTERS * ExceptionPointers = 0xf785f1cc)+0x1a6 [R:\src\dev\ntoskrnl\ps\thread.c @ 134]
|
05 f785f1ac 8055e5d2 nt!PspSystemThreadStartup(<function> * StartRoutine = 0x804462f0, void * StartContext = 0x00000001)+0x8f [R:\src\dev\ntoskrnl\ps\thread.c @ 159]
|
06 f785fdbc 80553df3 nt!_except_handler3+0x54
|
07 f785fddc 8052d52f nt!KiThreadStartup(void)+0x63 [R:\src\dev\ntoskrnl\ke\i386\thrdini.c @ 78]
|
08 f785fde0 804462ef nt!PspCreateThread+0xedf
|
09 f785fde4 00000000 nt!ExpWorkerThreadBalanceManager+0x25f
|
kd> !analyze -v
|
Connected to Windows Server 2003 3790 x86 compatible target at (Thu Jan 6 21:55:52.788 2022 (UTC + 1:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................
|
Loading User Symbols
|
|
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
|
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
|
This is a very common bugcheck. Usually the exception address pinpoints
|
the driver/function that caused the problem. Always note this address
|
as well as the link date of the driver/image that contains this address.
|
Arguments:
|
Arg1: c0000005, The exception code that was not handled
|
Arg2: 80553fd8, The address that the exception occurred at
|
Arg3: f785f684, Exception Record Address
|
Arg4: f785f374, Context Record Address
|
|
|
Debugging Details:
|
------------------
|
|
|
*** No owner thread found for resource 805e892c
|
*** No owner thread found for resource 805e892c
|
*** No owner thread found for resource 805e892c
|
|
|
KEY_VALUES_STRING: 1
|
|
|
Key : AV.Dereference
|
Value: NullPtr
|
|
|
Key : AV.Fault
|
Value: Read
|
|
|
Key : Analysis.CPU.Sec
|
Value: 1
|
|
|
Key : Analysis.DebugAnalysisProvider.CPP
|
Value: Create: 8007007e on DEV2
|
|
|
Key : Analysis.DebugData
|
Value: CreateObject
|
|
|
Key : Analysis.DebugModel
|
Value: CreateObject
|
|
|
Key : Analysis.Elapsed.Sec
|
Value: 4
|
|
|
Key : Analysis.Memory.CommitPeak.Mb
|
Value: 54
|
|
|
Key : Analysis.System
|
Value: CreateObject
|
|
|
|
|
BUGCHECK_CODE: 7e
|
|
|
BUGCHECK_P1: ffffffffc0000005
|
|
|
BUGCHECK_P2: ffffffff80553fd8
|
|
|
BUGCHECK_P3: fffffffff785f684
|
|
|
BUGCHECK_P4: fffffffff785f374
|
|
|
EXCEPTION_RECORD: f785f684 -- (.exr 0xfffffffff785f684)
|
ExceptionAddress: 80553fd8 (nt!KiCheckForSListFault+0x00000068)
|
ExceptionCode: c0000005 (Access violation)
|
ExceptionFlags: 00000000
|
NumberParameters: 2
|
Parameter[0]: 00000000
|
Parameter[1]: 00000000
|
Attempt to read from address 00000000
|
|
|
CONTEXT: f785f374 -- (.cxr 0xfffffffff785f374)
|
eax=00000000 ebx=00009000 ecx=00000000 edx=f785f864 esi=f785f8e4 edi=f785f808
|
eip=80553fd8 esp=f785f7cc ebp=f785f820 iopl=0 nv up ei pl nz na pe nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210206
|
nt!KiCheckForSListFault+0x68:
|
80553fd8 0fb60c08 movzx ecx,byte ptr [eax+ecx] ds:0023:00000000=??
|
Resetting default scope
|
|
|
PROCESS_NAME: System
|
|
|
READ_ADDRESS: Target machine operating system not supported
|
00000000
|
|
|
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
|
|
|
EXCEPTION_CODE_STR: c0000005
|
|
|
EXCEPTION_PARAMETER1: 00000000
|
|
|
EXCEPTION_PARAMETER2: 00000000
|
|
|
EXCEPTION_STR: 0xc0000005
|
|
|
TRAP_FRAME: f785f864 -- (.trap 0xfffffffff785f864)
|
ErrCode = 00000000
|
eax=00000000 ebx=00009000 ecx=b4ff0d8c edx=00000000 esi=f785f8e4 edi=f785f914
|
eip=00000000 esp=f785f8d8 ebp=f785f914 iopl=0 nv up ei pl zr na pe nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246
|
00000000 ?? ???
|
Resetting default scope
|
|
|
PNP_TRIAGE_DATA:
|
Lock address : 0x00000000
|
Thread Count : 0
|
Thread address: 0x00000000
|
Thread wait : 0x0
|
|
|
IP_IN_FREE_BLOCK: 0
|
|
|
STACK_TEXT:
|
f785f820 80555c87 f785f914 cccccccc cccccccc nt!KiCheckForSListFault+0x68 [R:\src\dev\ntoskrnl\ke\i386\traphdlr.c @ 1265]
|
f785f85c 804036f1 f785f914 00000000 badb0d00 nt!KiTrap0EHandler+0x107 [R:\src\dev\ntoskrnl\ke\i386\traphdlr.c @ 1362]
|
f785f85c 00000000 f785f914 00000000 badb0d00 nt!KiTrap0E+0x98
|
WARNING: Frame IP not in any known module. Following frames may be wrong.
|
f785f8d4 f78142d3 00000000 f785f8f0 f785f9e8 0x0
|
f785f914 f781407a b4ff0d8c 00000000 b4ff1654 vgapnp!VBEReadEdid+0x63 [R:\src\dev\win32ss\drivers\miniport\vbe\edid.c @ 192]
|
f785f92c f7804392 b4ff0d8c f785f9c8 b4ff1650 vgapnp!VBEGetVideoChildDescriptor+0x6a [R:\src\dev\win32ss\drivers\miniport\vbe\edid.c @ 256]
|
f785f9e8 f7803891 b4ff0d8c 00000000 f785fb54 videoprt!VideoPortEnumerateChildren+0x2b2 [R:\src\dev\win32ss\drivers\videoprt\videoprt.c @ 1241]
|
f785fae4 f77f95d9 b5006268 b4ff2a68 b4ff0ba8 videoprt!IntVideoPortFindAdapter+0x3c1 [R:\src\dev\win32ss\drivers\videoprt\videoprt.c @ 480]
|
f785fb54 f77f89f3 b4ff0ba8 b4ff76e8 f785fb9c videoprt!IntVideoPortPnPStartDevice+0x329 [R:\src\dev\win32ss\drivers\videoprt\dispatch.c @ 914]
|
f785fb78 f77f8e4d b4ff0ba8 b4ff76e8 b4ff0c60 videoprt!IntVideoPortDispatchFdoPnp+0x83 [R:\src\dev\win32ss\drivers\videoprt\dispatch.c @ 1025]
|
f785fb8c 804802f7 b4ff0ba8 b4ff76e8 f785fc5c videoprt!IntVideoPortDispatchPnp+0x2d [R:\src\dev\win32ss\drivers\videoprt\dispatch.c @ 1094]
|
f785fbb8 80491252 f785fc6c f785fc78 cccccccc nt!IofCallDriver+0xc7 [R:\src\dev\ntoskrnl\io\iomgr\irp.c @ 1286]
|
f785fc08 8049193d b510b038 f785fc38 f785fc64 nt!IopSynchronousCall+0xf2 [R:\src\dev\ntoskrnl\io\pnpmgr\pnpirp.c @ 67]
|
f785fc6c 8048bae5 b5108618 f785fd10 f785fcd0 nt!PiIrpStartDevice+0xdd [R:\src\dev\ntoskrnl\io\pnpmgr\pnpirp.c @ 104]
|
f785fcc4 8048d4ec b51c7560 f785fd88 f785fd1c nt!PiDevNodeStateMachine+0x125 [R:\src\dev\ntoskrnl\io\pnpmgr\devaction.c @ 2378]
|
f785fd10 804464ba 00000000 f7863c7c f785fd94 nt!PipDeviceActionWorker+0x15c [R:\src\dev\ntoskrnl\io\pnpmgr\devaction.c @ 2574]
|
f785fd88 8052d5a6 00000001 f7863c7c f785fdcc nt!ExpWorkerThreadEntryPoint+0x1ca [R:\src\dev\ntoskrnl\ex\work.c @ 158]
|
f785fdbc 80553df3 804462f0 00000001 8000003b nt!PspSystemThreadStartup+0x76 [R:\src\dev\ntoskrnl\ps\thread.c @ 156]
|
f785fddc 8052d52f 804462f0 00000001 74736100 nt!KiThreadStartup+0x63 [R:\src\dev\ntoskrnl\ke\i386\thrdini.c @ 78]
|
f785fde0 804462ef 00000001 74736100 0000027f nt!PspCreateThread+0xedf
|
f785fde4 00000000 74736100 0000027f 00000000 nt!ExpWorkerThreadBalanceManager+0x25f
|
|
|
|
|
FAULTING_SOURCE_LINE: R:\src\dev\win32ss\drivers\miniport\vbe\edid.c
|
|
|
FAULTING_SOURCE_FILE: R:\src\dev\win32ss\drivers\miniport\vbe\edid.c
|
|
|
FAULTING_SOURCE_LINE_NUMBER: 192
|
|
|
FAULTING_SOURCE_CODE:
|
188: * Check if DDC1/DDC2 is supported
|
189: */
|
190: VideoPortZeroMemory(&BiosRegisters, sizeof(BiosRegisters));
|
191: BiosRegisters.Eax = VBE_DDC;
|
> 192: VBEDeviceExtension->Int10Interface.Int10CallBios(
|
193: VBEDeviceExtension->Int10Interface.Context,
|
194: &BiosRegisters);
|
195: if (VBE_GETRETURNCODE(BiosRegisters.Eax) != VBE_SUCCESS)
|
196: return FALSE;
|
197: if ((BiosRegisters.Ebx & 3) == 0)
|
|
|
|
|
SYMBOL_NAME: vgapnp!VBEReadEdid+63
|
|
|
MODULE_NAME: vgapnp
|
|
|
IMAGE_NAME: vgapnp.sys
|
|
|
STACK_COMMAND: .cxr 0xfffffffff785f374 ; kb
|
|
|
FAILURE_BUCKET_ID: 0x7E_vgapnp!VBEReadEdid+63
|
|
|
OSPLATFORM_TYPE: x86
|
|
|
OSNAME: Windows Server 2003
|
|
|
FAILURE_ID_HASH: {89ec814c-e1af-8c7b-9f89-21ba411f78b1}
|
|
|
Followup: MachineOwner
|
---------
|
|
|
|