Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Upcoming OSR Seminars:

Writing WDF Drivers I: Core Concepts, Nashua, NH 15-19 May, 2017
Writing WDF Drivers II: Advanced Implementation Tech., Nashua, NH 23-26 May, 2017
Kernel Debugging and Crash Analysis, Dulles, VA 26-30 June, 2017
Windows Internals & Software Driver Development, Nashua, NH 24-28 July, 2017


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 5  
14 Jul 17 14:21
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1330
PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

I have a client who is sending me !analyze -v where the second argument = of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is = Windows 10 with the lack of symbols because the symbol server not = keeping up with the OS updates. Anyone have a clue as to why this is 2? I'm trying to help them = remotely find this problem. Don Burn Windows Driver Consulting Website: http://www.windrvr.com=20 kd> !analyze -v *************************************************************************= ****** * = * * Bugcheck Analysis = * * = * *************************************************************************= ****** PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by = try-except. Typically the address is just plain bad or it is pointing at freed = memory. Arguments: Arg1: ffffcb81ab600000, memory referenced. Arg2: 0000000000000002, value 0 =3D read operation, 1 =3D write = operation. Arg3: fffff80a6d419a47, If non-zero, the instruction address which = referenced the bad memory address. Arg4: 0000000000000002, (reserved) Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 5109 BIOS_DATE: 10/16/2012 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: F2A85-V PRO BASEBOARD_VERSION: Rev X.0x DUMP_TYPE: 1 BUGCHECK_P1: ffffcb81ab600000 BUGCHECK_P2: 2 BUGCHECK_P3: fffff80a6d419a47 BUGCHECK_P4: 2 FAULTING_IP:=20 netvmini_build!Ndis64Write32+37 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664api \ttes_api_os_ndis.c @ 177] fffff80a`6d419a47 8908 mov dword ptr [rax],ecx MM_INTERNAL_CODE: 2 IMAGE_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAULTING_MODULE: fffff80a6d400000 netvmini_build CPU_COUNT: 2 CPU_MHZ: e10 CPU_VENDOR: AuthenticAMD CPU_FAMILY: 15 CPU_MODEL: 10 CPU_STEPPING: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: AV PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: PREDATOR ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349 ANALYSIS_VERSION: 10.0.14321.1024 amd64fre TRAP_FRAME: ffffcb81a959a710 -- (.trap 0xffffcb81a959a710) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=3Dffffcb81ab600000 rbx=3D0000000000000000 rcx=3D0000000010000000 rdx=3D0000000000000006 rsi=3D0000000000000000 rdi=3D0000000000000000 rip=3Dfffff80a6d419a47 rsp=3Dffffcb81a959a8a0 rbp=3Dffffcb81a959ae90 r8=3D0000000000000065 r9=3D0000000000000003 r10=3D0000000000000000 r11=3Dffffcb81a959a640 r12=3D0000000000000000 r13=3D0000000000000000 r14=3D0000000000000000 r15=3D0000000000000000 iopl=3D0 nv up ei pl nz na pe nc netvmini_build!Ndis64Write32+0x37: fffff80a`6d419a47 8908 mov dword ptr [rax],ecx = ds:ffffcb81`ab600000=3D???????? Resetting default scope LOCK_ADDRESS: fffff801fa7a8880 -- (!locks fffff801fa7a8880) Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned Contention Count =3D 11 Threads: ffff938d547da040-01<*>=20 1 total locks, 1 locks currently held PNP_TRIAGE:=20 Lock address : 0xfffff801fa7a8880 Thread Count : 1 Thread address: 0xffff938d547da040 Thread wait : 0xbaf6 LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960 STACK_TEXT: =20 ffffcb81`a959a418 fffff801`fa60ae11 : 00000000`00000050 = ffffcb81`ab600000 00000000`00000002 ffffcb81`a959a710 : nt!KeBugCheckEx ffffcb81`a959a420 fffff801`fa4e60fd : 00000000`00000002 = 00000000`00000000 ffffcb81`a959a710 ffffcb81`ab600000 : = nt!MiSystemFault+0x100201 ffffcb81`a959a510 fffff801`fa5e9ffc : 72000a20`32726142 = 2c747365`54737365 73736572`64644120 43464646`465b203a : = nt!MmAccessFault+0x27d ffffcb81`a959a710 fffff80a`6d419a47 : ffffcb81`ab600000 = fffff80a`6d454440 ffffcb81`a959aaa0 ffffcb81`ab3e4000 : = nt!KiPageFault+0x13c ffffcb81`a959a8a0 fffff80a`6d406af4 : ffffcb81`ab600000 = 00000000`10000000 00000000`00000065 00000000`00000003 : netvmini_build! Ndis64Write32+0x37 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664api \ttes_api_os_ndis.c @ 177] ffffcb81`a959a8e0 fffff80a`6d401e29 : fffff80a`6d5968c0 = ffffcb81`00000001 00000000`00000001 00000000`00064000 : netvmini_build! i664InternalSetPhys+0x1a4 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664api \i664_api_internal.c @ 864] ffffcb81`a959a970 fffff80a`6d42a07e : fffff80a`6d5968c0 = fffff80a`6d43bce0 00000000`00000065 00000000`00000003 : netvmini_build! Ndisi664ESConfigureEx+0xe29 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664api \i664_api_es.c @ 1208] ffffcb81`a959aa20 fffff80a`6d42d8c7 : ffff938d`52b19040 = ffff938d`52b19040 00000000`00000a80 ffffdfef`f6dfe460 : netvmini_build! A664DeviceInitialize+0x42e = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664device.c @=20 118] ffffcb81`a959aac0 fffff80a`6d42c644 : ffff938d`52b19040 = ffffcb81`a959ae90 ffffcb81`a959ae90 ffffcb81`a959abe8 : netvmini_build! HWInitialize+0x507 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664mphal.c @ 214] ffffcb81`a959ab90 fffff80a`6b6fd762 : ffff938d`55fd81a0 = fffff80a`6d43b7c0 ffffcb81`a959ae90 ffff938d`55fd9028 : netvmini_build! MPInitializeEx+0x604 = [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmin= i_build\netvmini_build\a664adapter.c @ 404] ffffcb81`a959ad30 fffff80a`6b73b848 : ffff938d`55fd8ed8 = 00000000`00000000 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisMInvokeInitialize+0x5e ffffcb81`a959ad90 fffff80a`6b6fdc03 : 00000000`00000000 = 00000000`000000a0 ffff938d`53600400 01d2fcb0`4e560014 : ndis! ndisMInitializeAdapter+0x4d4 ffffcb81`a959b450 fffff80a`6b6fdd10 : 00000000`000000a0 = ffff938d`551b41a0 ffffb985`d5427c80 ffff938d`55fd81a0 : ndis! ndisInitializeAdapter+0x5f ffffcb81`a959b4a0 fffff80a`6b6efb2b : ffff938d`55fd81a0 = 00000000`00000004 ffff938d`530f72a0 fffff80a`6b66a10d : = ndis!ndisPnPStartDevice +0x80 ffffcb81`a959b4e0 fffff80a`6b6eefd5 : ffff938d`55fd81a0 = ffff938d`55fd81a0 ffff938d`530f72a0 ffff938d`55fd81a0 : ndis! ndisStartDeviceSynchronous+0x4f ffffcb81`a959b530 fffff80a`6b6eebf9 : ffff938d`530f72a0 = ffffcb81`a959b5a0 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisPnPIrpStartDevice+0x149 ffffcb81`a959b560 fffff801`fa9768dd : ffff938d`530f72a0 = ffffcb81`a959b604 00000000`00000001 00000000`00000001 : = ndis!ndisPnPDispatch +0x149 ffffcb81`a959b5d0 fffff801`fa58bb0e : ffff938d`52fba060 = 00000000`00000000 ffff938d`55353de0 00000000`00000000 : = nt!PnpAsynchronousCall +0xe5 ffffcb81`a959b610 fffff801`fa582ba4 : 00000000`00000000 = ffff938d`52fba060 fffff801`fa58c050 fffff801`fa58c050 : = nt!PnpSendIrp+0x92 ffffcb81`a959b680 fffff801`fa976117 : ffff938d`52fb9010 = ffff938d`55353de0 00000000`00000000 00000000`00000000 : = nt!PnpStartDevice+0x88 ffffcb81`a959b710 fffff801`fa940bff : ffff938d`52fb9010 = ffffcb81`a959b8e0 00000000`00000000 ffff938d`52fb9010 : = nt!PnpStartDeviceNode +0xdb ffffcb81`a959b7a0 fffff801`fa97ad69 : ffff938d`52fb9010 = 00000000`00000001 00000000`00000001 ffff938d`52fb9010 : nt! PipProcessStartPhase1+0x53 ffffcb81`a959b7e0 fffff801`faad576a : ffff938d`52fb9010 = 00000000`00000001 ffffcb81`a959bb19 fffff801`fa97b273 : = nt!PipProcessDevNodeTree +0x401 ffffcb81`a959ba60 fffff801`fa63590a : 00000001`00000003 = 00000000`00000000 fffff801`fa7a7360 fffff801`fa7a7430 : = nt!PiRestartDevice+0xba ffffcb81`a959bab0 fffff801`fa4f7599 : ffff938d`547da040 = fffff801`fa7a7320 fffff801`fa847280 fffff801`fa847280 : = nt!PnpDeviceActionWorker +0xac1fe ffffcb81`a959bb80 fffff801`fa547965 : fffff801`fa7cd180 = 00000000`00000080 ffff938d`526b06c0 ffff938d`547da040 : = nt!ExpWorkerThread+0xe9 ffffcb81`a959bc10 fffff801`fa5e5e26 : fffff801`fa7cd180 = ffff938d`547da040 fffff801`fa547924 00000000`00000000 : nt! PspSystemThreadStartup+0x41 ffffcb81`a959bc60 00000000`00000000 : ffffcb81`a959c000 = ffffcb81`a9596000 00000000`00000000 00000000`00000000 : = nt!KiStartSystemThread +0x16
  Message 2 of 5  
14 Jul 17 14:33
Jan Bottorff
xxxxxx@pmatrix.com
Join Date: 16 Apr 2013
Posts To This List: 383
PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

I’ll take a WAG… 1) faulting instruction is a memory write 2) DEFAULT_BUCKET_ID: CODE_CORRUPTION 3) BUGCHECK_STR: AV Perhaps a memory write to code memory? You could look at the faulting destination address, and figure out if that’s a data or code region (execute only). Jan On 7/14/17, 11:20 AM, "xxxxx@lists.osr.com on behalf of Don Burn" <xxxxx@lists.osr.com on behalf of xxxxx@windrvr.com> wrote: I have a client who is sending me !analyze -v where the second argument of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is Windows 10 with the lack of symbols because the symbol server not keeping up with the OS updates. Anyone have a clue as to why this is 2? I'm trying to help them remotely find this problem. Don Burn Windows Driver Consulting Website: http://www.windrvr.com kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: ffffcb81ab600000, memory referenced. Arg2: 0000000000000002, value 0 = read operation, 1 = write operation. Arg3: fffff80a6d419a47, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000002, (reserved) Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 5109 BIOS_DATE: 10/16/2012 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: F2A85-V PRO BASEBOARD_VERSION: Rev X.0x DUMP_TYPE: 1 BUGCHECK_P1: ffffcb81ab600000 BUGCHECK_P2: 2 BUGCHECK_P3: fffff80a6d419a47 BUGCHECK_P4: 2 FAULTING_IP: netvmini_build!Ndis64Write32+37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \ttes_api_os_ndis.c @ 177] fffff80a`6d419a47 8908 mov dword ptr [rax],ecx MM_INTERNAL_CODE: 2 IMAGE_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAULTING_MODULE: fffff80a6d400000 netvmini_build CPU_COUNT: 2 CPU_MHZ: e10 CPU_VENDOR: AuthenticAMD CPU_FAMILY: 15 CPU_MODEL: 10 CPU_STEPPING: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: AV PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: PREDATOR ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349 ANALYSIS_VERSION: 10.0.14321.1024 amd64fre TRAP_FRAME: ffffcb81a959a710 -- (.trap 0xffffcb81a959a710) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffcb81ab600000 rbx=0000000000000000 rcx=0000000010000000 rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80a6d419a47 rsp=ffffcb81a959a8a0 rbp=ffffcb81a959ae90 r8=0000000000000065 r9=0000000000000003 r10=0000000000000000 r11=ffffcb81a959a640 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc netvmini_build!Ndis64Write32+0x37: fffff80a`6d419a47 8908 mov dword ptr [rax],ecx ds:ffffcb81`ab600000=???????? Resetting default scope LOCK_ADDRESS: fffff801fa7a8880 -- (!locks fffff801fa7a8880) Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned Contention Count = 11 Threads: ffff938d547da040-01<*> 1 total locks, 1 locks currently held PNP_TRIAGE: Lock address : 0xfffff801fa7a8880 Thread Count : 1 Thread address: 0xffff938d547da040 Thread wait : 0xbaf6 LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960 STACK_TEXT: ffffcb81`a959a418 fffff801`fa60ae11 : 00000000`00000050 ffffcb81`ab600000 00000000`00000002 ffffcb81`a959a710 : nt!KeBugCheckEx ffffcb81`a959a420 fffff801`fa4e60fd : 00000000`00000002 00000000`00000000 ffffcb81`a959a710 ffffcb81`ab600000 : nt!MiSystemFault+0x100201 ffffcb81`a959a510 fffff801`fa5e9ffc : 72000a20`32726142 2c747365`54737365 73736572`64644120 43464646`465b203a : nt!MmAccessFault+0x27d ffffcb81`a959a710 fffff80a`6d419a47 : ffffcb81`ab600000 fffff80a`6d454440 ffffcb81`a959aaa0 ffffcb81`ab3e4000 : nt!KiPageFault+0x13c ffffcb81`a959a8a0 fffff80a`6d406af4 : ffffcb81`ab600000 00000000`10000000 00000000`00000065 00000000`00000003 : netvmini_build! Ndis64Write32+0x37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \ttes_api_os_ndis.c @ 177] ffffcb81`a959a8e0 fffff80a`6d401e29 : fffff80a`6d5968c0 ffffcb81`00000001 00000000`00000001 00000000`00064000 : netvmini_build! i664InternalSetPhys+0x1a4 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \i664_api_internal.c @ 864] ffffcb81`a959a970 fffff80a`6d42a07e : fffff80a`6d5968c0 fffff80a`6d43bce0 00000000`00000065 00000000`00000003 : netvmini_build! Ndisi664ESConfigureEx+0xe29 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \i664_api_es.c @ 1208] ffffcb81`a959aa20 fffff80a`6d42d8c7 : ffff938d`52b19040 ffff938d`52b19040 00000000`00000a80 ffffdfef`f6dfe460 : netvmini_build! A664DeviceInitialize+0x42e [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664device.c @ 118] ffffcb81`a959aac0 fffff80a`6d42c644 : ffff938d`52b19040 ffffcb81`a959ae90 ffffcb81`a959ae90 ffffcb81`a959abe8 : netvmini_build! HWInitialize+0x507 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664mphal.c @ 214] ffffcb81`a959ab90 fffff80a`6b6fd762 : ffff938d`55fd81a0 fffff80a`6d43b7c0 ffffcb81`a959ae90 ffff938d`55fd9028 : netvmini_build! MPInitializeEx+0x604 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664adapter.c @ 404] ffffcb81`a959ad30 fffff80a`6b73b848 : ffff938d`55fd8ed8 00000000`00000000 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisMInvokeInitialize+0x5e ffffcb81`a959ad90 fffff80a`6b6fdc03 : 00000000`00000000 00000000`000000a0 ffff938d`53600400 01d2fcb0`4e560014 : ndis! ndisMInitializeAdapter+0x4d4 ffffcb81`a959b450 fffff80a`6b6fdd10 : 00000000`000000a0 ffff938d`551b41a0 ffffb985`d5427c80 ffff938d`55fd81a0 : ndis! ndisInitializeAdapter+0x5f ffffcb81`a959b4a0 fffff80a`6b6efb2b : ffff938d`55fd81a0 00000000`00000004 ffff938d`530f72a0 fffff80a`6b66a10d : ndis!ndisPnPStartDevice +0x80 ffffcb81`a959b4e0 fffff80a`6b6eefd5 : ffff938d`55fd81a0 ffff938d`55fd81a0 ffff938d`530f72a0 ffff938d`55fd81a0 : ndis! ndisStartDeviceSynchronous+0x4f ffffcb81`a959b530 fffff80a`6b6eebf9 : ffff938d`530f72a0 ffffcb81`a959b5a0 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisPnPIrpStartDevice+0x149 ffffcb81`a959b560 fffff801`fa9768dd : ffff938d`530f72a0 ffffcb81`a959b604 00000000`00000001 00000000`00000001 : ndis!ndisPnPDispatch +0x149 ffffcb81`a959b5d0 fffff801`fa58bb0e : ffff938d`52fba060 00000000`00000000 ffff938d`55353de0 00000000`00000000 : nt!PnpAsynchronousCall +0xe5 ffffcb81`a959b610 fffff801`fa582ba4 : 00000000`00000000 ffff938d`52fba060 fffff801`fa58c050 fffff801`fa58c050 : nt!PnpSendIrp+0x92 ffffcb81`a959b680 fffff801`fa976117 : ffff938d`52fb9010 ffff938d`55353de0 00000000`00000000 00000000`00000000 : nt!PnpStartDevice+0x88 ffffcb81`a959b710 fffff801`fa940bff : ffff938d`52fb9010 ffffcb81`a959b8e0 00000000`00000000 ffff938d`52fb9010 : nt!PnpStartDeviceNode +0xdb ffffcb81`a959b7a0 fffff801`fa97ad69 : ffff938d`52fb9010 00000000`00000001 00000000`00000001 ffff938d`52fb9010 : nt! PipProcessStartPhase1+0x53 ffffcb81`a959b7e0 fffff801`faad576a : ffff938d`52fb9010 00000000`00000001 ffffcb81`a959bb19 fffff801`fa97b273 : nt!PipProcessDevNodeTree +0x401 ffffcb81`a959ba60 fffff801`fa63590a : 00000001`00000003 00000000`00000000 fffff801`fa7a7360 fffff801`fa7a7430 : nt!PiRestartDevice+0xba ffffcb81`a959bab0 fffff801`fa4f7599 : ffff938d`547da040 fffff801`fa7a7320 fffff801`fa847280 fffff801`fa847280 : nt!PnpDeviceActionWorker +0xac1fe ffffcb81`a959bb80 fffff801`fa547965 : fffff801`fa7cd180 00000000`00000080 ffff938d`526b06c0 ffff938d`547da040 : nt!ExpWorkerThread+0xe9 ffffcb81`a959bc10 fffff801`fa5e5e26 : fffff801`fa7cd180 ffff938d`547da040 fffff801`fa547924 00000000`00000000 : nt! PspSystemThreadStartup+0x41 ffffcb81`a959bc60 00000000`00000000 : ffffcb81`a959c000 ffffcb81`a9596000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread +0x16 --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 3 of 5  
14 Jul 17 15:09
Scott Noone
xxxxxx@osr.com
Join Date:
Posts To This List: 1310
List Moderator
PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

!pte on the faulting address would be interesting. (Also, PDBs look fine to me) -scott OSR @OSRDrivers wrote in message news:224667@ntdev... I’ll take a WAG… 1) faulting instruction is a memory write 2) DEFAULT_BUCKET_ID: CODE_CORRUPTION 3) BUGCHECK_STR: AV Perhaps a memory write to code memory? You could look at the faulting destination address, and figure out if that’s a data or code region (execute only). Jan On 7/14/17, 11:20 AM, "xxxxx@lists.osr.com on behalf of Don Burn" <xxxxx@lists.osr.com on behalf of xxxxx@windrvr.com> wrote: I have a client who is sending me !analyze -v where the second argument of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is Windows 10 with the lack of symbols because the symbol server not keeping up with the OS updates. Anyone have a clue as to why this is 2? I'm trying to help them remotely find this problem. Don Burn Windows Driver Consulting Website: http://www.windrvr.com kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: ffffcb81ab600000, memory referenced. Arg2: 0000000000000002, value 0 = read operation, 1 = write operation. Arg3: fffff80a6d419a47, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000002, (reserved) Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 5109 BIOS_DATE: 10/16/2012 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: F2A85-V PRO BASEBOARD_VERSION: Rev X.0x DUMP_TYPE: 1 BUGCHECK_P1: ffffcb81ab600000 BUGCHECK_P2: 2 BUGCHECK_P3: fffff80a6d419a47 BUGCHECK_P4: 2 FAULTING_IP: netvmini_build!Ndis64Write32+37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \ttes_api_os_ndis.c @ 177] fffff80a`6d419a47 8908 mov dword ptr [rax],ecx MM_INTERNAL_CODE: 2 IMAGE_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAULTING_MODULE: fffff80a6d400000 netvmini_build CPU_COUNT: 2 CPU_MHZ: e10 CPU_VENDOR: AuthenticAMD CPU_FAMILY: 15 CPU_MODEL: 10 CPU_STEPPING: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: AV PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: PREDATOR ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349 ANALYSIS_VERSION: 10.0.14321.1024 amd64fre TRAP_FRAME: ffffcb81a959a710 -- (.trap 0xffffcb81a959a710) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffcb81ab600000 rbx=0000000000000000 rcx=0000000010000000 rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80a6d419a47 rsp=ffffcb81a959a8a0 rbp=ffffcb81a959ae90 r8=0000000000000065 r9=0000000000000003 r10=0000000000000000 r11=ffffcb81a959a640 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc netvmini_build!Ndis64Write32+0x37: fffff80a`6d419a47 8908 mov dword ptr [rax],ecx ds:ffffcb81`ab600000=???????? Resetting default scope LOCK_ADDRESS: fffff801fa7a8880 -- (!locks fffff801fa7a8880) Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned Contention Count = 11 Threads: ffff938d547da040-01<*> 1 total locks, 1 locks currently held PNP_TRIAGE: Lock address : 0xfffff801fa7a8880 Thread Count : 1 Thread address: 0xffff938d547da040 Thread wait : 0xbaf6 LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960 STACK_TEXT: ffffcb81`a959a418 fffff801`fa60ae11 : 00000000`00000050 ffffcb81`ab600000 00000000`00000002 ffffcb81`a959a710 : nt!KeBugCheckEx ffffcb81`a959a420 fffff801`fa4e60fd : 00000000`00000002 00000000`00000000 ffffcb81`a959a710 ffffcb81`ab600000 : nt!MiSystemFault+0x100201 ffffcb81`a959a510 fffff801`fa5e9ffc : 72000a20`32726142 2c747365`54737365 73736572`64644120 43464646`465b203a : nt!MmAccessFault+0x27d ffffcb81`a959a710 fffff80a`6d419a47 : ffffcb81`ab600000 fffff80a`6d454440 ffffcb81`a959aaa0 ffffcb81`ab3e4000 : nt!KiPageFault+0x13c ffffcb81`a959a8a0 fffff80a`6d406af4 : ffffcb81`ab600000 00000000`10000000 00000000`00000065 00000000`00000003 : netvmini_build! Ndis64Write32+0x37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \ttes_api_os_ndis.c @ 177] ffffcb81`a959a8e0 fffff80a`6d401e29 : fffff80a`6d5968c0 ffffcb81`00000001 00000000`00000001 00000000`00064000 : netvmini_build! i664InternalSetPhys+0x1a4 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \i664_api_internal.c @ 864] ffffcb81`a959a970 fffff80a`6d42a07e : fffff80a`6d5968c0 fffff80a`6d43bce0 00000000`00000065 00000000`00000003 : netvmini_build! Ndisi664ESConfigureEx+0xe29 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664api \i664_api_es.c @ 1208] ffffcb81`a959aa20 fffff80a`6d42d8c7 : ffff938d`52b19040 ffff938d`52b19040 00000000`00000a80 ffffdfef`f6dfe460 : netvmini_build! A664DeviceInitialize+0x42e [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664device.c @ 118] ffffcb81`a959aac0 fffff80a`6d42c644 : ffff938d`52b19040 ffffcb81`a959ae90 ffffcb81`a959ae90 ffffcb81`a959abe8 : netvmini_build! HWInitialize+0x507 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664mphal.c @ 214] ffffcb81`a959ab90 fffff80a`6b6fd762 : ffff938d`55fd81a0 fffff80a`6d43b7c0 ffffcb81`a959ae90 ffff938d`55fd9028 : netvmini_build! MPInitializeEx+0x604 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\ netvmini_build\a664adapter.c @ 404] ffffcb81`a959ad30 fffff80a`6b73b848 : ffff938d`55fd8ed8 00000000`00000000 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisMInvokeInitialize+0x5e ffffcb81`a959ad90 fffff80a`6b6fdc03 : 00000000`00000000 00000000`000000a0 ffff938d`53600400 01d2fcb0`4e560014 : ndis! ndisMInitializeAdapter+0x4d4 ffffcb81`a959b450 fffff80a`6b6fdd10 : 00000000`000000a0 ffff938d`551b41a0 ffffb985`d5427c80 ffff938d`55fd81a0 : ndis! ndisInitializeAdapter+0x5f ffffcb81`a959b4a0 fffff80a`6b6efb2b : ffff938d`55fd81a0 00000000`00000004 ffff938d`530f72a0 fffff80a`6b66a10d : ndis!ndisPnPStartDevice +0x80 ffffcb81`a959b4e0 fffff80a`6b6eefd5 : ffff938d`55fd81a0 ffff938d`55fd81a0 ffff938d`530f72a0 ffff938d`55fd81a0 : ndis! ndisStartDeviceSynchronous+0x4f ffffcb81`a959b530 fffff80a`6b6eebf9 : ffff938d`530f72a0 ffffcb81`a959b5a0 00000000`00000000 ffff938d`55fd81a0 : ndis! ndisPnPIrpStartDevice+0x149 ffffcb81`a959b560 fffff801`fa9768dd : ffff938d`530f72a0 ffffcb81`a959b604 00000000`00000001 00000000`00000001 : ndis!ndisPnPDispatch +0x149 ffffcb81`a959b5d0 fffff801`fa58bb0e : ffff938d`52fba060 00000000`00000000 ffff938d`55353de0 00000000`00000000 : nt!PnpAsynchronousCall +0xe5 ffffcb81`a959b610 fffff801`fa582ba4 : 00000000`00000000 ffff938d`52fba060 fffff801`fa58c050 fffff801`fa58c050 : nt!PnpSendIrp+0x92 ffffcb81`a959b680 fffff801`fa976117 : ffff938d`52fb9010 ffff938d`55353de0 00000000`00000000 00000000`00000000 : nt!PnpStartDevice+0x88 ffffcb81`a959b710 fffff801`fa940bff : ffff938d`52fb9010 ffffcb81`a959b8e0 00000000`00000000 ffff938d`52fb9010 : nt!PnpStartDeviceNode +0xdb ffffcb81`a959b7a0 fffff801`fa97ad69 : ffff938d`52fb9010 00000000`00000001 00000000`00000001 ffff938d`52fb9010 : nt! PipProcessStartPhase1+0x53 ffffcb81`a959b7e0 fffff801`faad576a : ffff938d`52fb9010 00000000`00000001 ffffcb81`a959bb19 fffff801`fa97b273 : nt!PipProcessDevNodeTree +0x401 ffffcb81`a959ba60 fffff801`fa63590a : 00000001`00000003 00000000`00000000 fffff801`fa7a7360 fffff801`fa7a7430 : nt!PiRestartDevice+0xba ffffcb81`a959bab0 fffff801`fa4f7599 : ffff938d`547da040 fffff801`fa7a7320 fffff801`fa847280 fffff801`fa847280 : nt!PnpDeviceActionWorker +0xac1fe ffffcb81`a959bb80 fffff801`fa547965 : fffff801`fa7cd180 00000000`00000080 ffff938d`526b06c0 ffff938d`547da040 : nt!ExpWorkerThread+0xe9 ffffcb81`a959bc10 fffff801`fa5e5e26 : fffff801`fa7cd180 ffff938d`547da040 fffff801`fa547924 00000000`00000000 : nt! PspSystemThreadStartup+0x41 ffffcb81`a959bc60 00000000`00000000 : ffffcb81`a959c000 ffffcb81`a9596000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread +0x16 --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 4 of 5  
14 Jul 17 15:55
Alex Grig
xxxxxx@broadcom.com
Join Date: 14 Apr 2008
Posts To This List: 3208
PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

@Don: 2 is Execute - instruction fetch fault
  Message 5 of 5  
22 Jul 17 11:20
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 4349
PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

<trolling mode> If 0 and 1 are the codes for respectively read and write accesses that have caused a page fault, what may the code of 2 for a page fault possibly indicate???? This is what happens when people lose their ability to think on their own - once the word "undocumented" is synonymous with "no-go-area" on the OP's books, he is already in sort of "intellectual impasse" every time he encounters something undocumented, no matter how trivial the problem is PS. Sorry, but I could nor resist the temptation this time </trolling mode> Having said the above, I don't see anything that indicates the invalid instruction fetch The whole thing looks (at least to me) like an attempt to overwrite the stack. Please note that the target of the failing write instruction (ffffcb81ab600000) is not that different from the RSP of the failing thread (ffffcb81a959a8a0) , i.e. is just 8304 pages higher in virtual memory. In other words, it seems to fall into the area that is reserved for the kernel thread stacks. Probably, this is how the system responds when an page fault is due to the attempt to write to memory area that is reserved for the kernel thread stacks.... Anton Bassov
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 16:45.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license