Steps to repro: 2nd stage installer, pressing enter really fast to get through the screens. At the last screen:
Note that the backtrace seems to be missing kernel-mode stuff beyond the syscall. The crash is actually at token.c:1723. In asm:
800b6657: 3b 02 cmp (%edx),%eax
edx is 0x00929004 which is invalid:
Entered debugger on last-chance exception number 14 (Page Fault) Memory at 0x929004 could not be read: Page not present.
Either this function is missing seh, or something has been changed with the token rewrite which messes things up.
More info:
KMODE_EXCEPTION_NOT_HANDLED
Technical information:
*** STOP: 0x0000001E (0xc0000005,0x800b6657,0x00000000,0x00929004)
*** ntoskrnl.exe - Address 0x800b6657 base at 0x80000000, DateStamp 0x0
Page Fault Exception: 14(0) Processor: 0 CS:EIP 8:800b6657 <ntoskrnl.exe:b6657 (se/token.c:1723 (NtAdjustPrivilegesToken))> cr2 929004 cr3 6d8b000 Proc: 80ab8290 Pid: ac <setup.ex> Thrd: 80aba0c8 Tid: b0 DS 10 ES 10 FS 30 GS 23 EAX: 00000007 EBX: 00000000 ECX: 8cada688 EDX: 00929004 EBP: 9d8c8d54 ESI: 0064ec20 ESP: 9d8c8c88 EDI: 8cada688 EFLAGS: 00000206 kESP 9d8c8c88 kernel stack base 9d8c6000 Frames: <ntoskrnl.exe:39c2 (/home/alex/tmp/cc6fkKWh.s:178 (KiSystemService))> <advapi32.dll:13dca (token/token.c:58 (AdjustTokenPrivileges))>
kdb:> bt Frames: <ntoskrnl.exe:39c2 (/home/alex/tmp/cc6fkKWh.s:178 (KiSystemService))> <advapi32.dll:13dca (token/token.c:58 (AdjustTokenPrivileges))> <syssetup.dll:2aff (wizard.c:1164 (DateTimePageDlgProc))> <user32.dll:ea41 (windows/message.c:982 (IntCallWindowProcA))> <user32.dll:eaef (windows/message.c:1031 (CallWindowProcA))> <user32.dll:1717e (windows/dialog.c:1458 (DefDlgProcA))> <user32.dll:ea41 (windows/message.c:982 (IntCallWindowProcA))> <user32.dll:f456 (windows/message.c:1491 (SendMessageA))> <comctl32.dll:28aac (propsheet.c:1713 (PROPSHEET_Next))> <comctl32.dll:28d83 (propsheet.c:3075 (PROPSHEET_DoCommand))> <comctl32.dll:2ab1a (propsheet.c:3412 (PROPSHEET_DialogProc))> <user32.dll:ea06 (windows/message.c:964 (IntCallWindowProcW))> <user32.dll:eb75 (windows/message.c:1057 (CallWindowProcW))> <user32.dll:1700e (windows/dialog.c:1519 (DefDlgProcW))> <user32.dll:ea06 (windows/message.c:964 (IntCallWindowProcW))> <user32.dll:f364 (windows/message.c:1428 (SendMessageW))> <user32.dll:17aca (windows/dialog.c:2220 (IsDialogMessageW))> <user32.dll:17c5a (windows/dialog.c:531 (DIALOG_DoDialogBox))> <user32.dll:17df8 (windows/dialog.c:1608 (DialogBoxIndirectParamW))> <comctl32.dll:27b57 (propsheet.c:729 (PROPSHEET_CreateDialog))> <comctl32.dll:299ce (propsheet.c:2841 (PropertySheetW))> <syssetup.dll:2f4a (wizard.c:1482 (InstallWizard))> <syssetup.dll:172c (install.c:491 (InstallReactOS))>--- Press q to abort, any other key to continue ---
<setup.exe:1333 (setup.c:79 (WinMain))> <setup.exe:145b (setup.c:116 (WinMain))> setup.exe:116a setup.exe:1038 <kernel32.dll:20c30 (process/create.c:339 (BaseProcessStart))> <deadbeef>
kdb:> regs CS:EIP 0x0008:0x800b6657 SS:ESP 0x0028:0x80105cb9 EAX 0x00000007 EBX 0x00000000 ECX 0x8cada688 EDX 0x00929004 ESI 0x0064ec20 EDI 0x8cada688 EBP 0x9d8c8d54 EFLAGS 0x00000206 PF IF IOPL0 kdb:> cregs CR0 0xe001003b PE MP TS ET NE WP NW CD PG CR2 0x00929004 CR3 0x06d8b000 Pagedir-Base 0x06d8b000 CR4 0x00000080 PGE GDTR Base 0x800d6100 Size 0x0058 LDTR Base 0x00000000 Size 0x0000 IDTR Base 0x80130320 Size 0x0800
Alex Ionescu wrote:
Steps to repro: 2nd stage installer, pressing enter really fast to get through the screens. At the last screen:
Note that the backtrace seems to be missing kernel-mode stuff beyond the syscall. The crash is actually at token.c:1723. In asm:
I haven't touched that code but I will take a look at it.
Best Regards, Thomas
-
Alex Ionescu -
Thomas Weidenmueller