PAGE_FAULT_IN_NONPAGED_AREA with Arg2 having a value of 2!

I have a client who is sending me !analyze -v where the second argument of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is Windows 10 with the lack of symbols because the symbol server not keeping up with the OS updates.

Anyone have a clue as to why this is 2? I’m trying to help them remotely find this problem.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffcb81ab600000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff80a6d419a47, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004

SYSTEM_MANUFACTURER: System manufacturer

SYSTEM_PRODUCT_NAME: System Product Name

SYSTEM_SKU: SKU

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 5109

BIOS_DATE: 10/16/2012

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: F2A85-V PRO

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 1

BUGCHECK_P1: ffffcb81ab600000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff80a6d419a47

BUGCHECK_P4: 2

FAULTING_IP:
netvmini_build!Ndis64Write32+37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\ttes_api_os_ndis.c @ 177]
fffff80a`6d419a47 8908 mov dword ptr [rax],ecx

MM_INTERNAL_CODE: 2

IMAGE_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAULTING_MODULE: fffff80a6d400000 netvmini_build

CPU_COUNT: 2

CPU_MHZ: e10

CPU_VENDOR: AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 10

CPU_STEPPING: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: AV

PROCESS_NAME: System

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: PREDATOR

ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

TRAP_FRAME: ffffcb81a959a710 – (.trap 0xffffcb81a959a710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffcb81ab600000 rbx=0000000000000000 rcx=0000000010000000
rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80a6d419a47 rsp=ffffcb81a959a8a0 rbp=ffffcb81a959ae90
r8=0000000000000065 r9=0000000000000003 r10=0000000000000000
r11=ffffcb81a959a640 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
netvmini_build!Ndis64Write32+0x37:
fffff80a6d419a47 8908 mov dword ptr [rax],ecx ds:ffffcb81ab600000=???
Resetting default scope

LOCK_ADDRESS: fffff801fa7a8880 – (!locks fffff801fa7a8880)

Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned
Contention Count = 11
Threads: ffff938d547da040-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff801fa7a8880
Thread Count : 1
Thread address: 0xffff938d547da040
Thread wait : 0xbaf6

LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960

STACK_TEXT:
ffffcb81a959a418 fffff801fa60ae11 : 0000000000000050 ffffcb81ab600000 0000000000000002 ffffcb81a959a710 : nt!KeBugCheckEx
ffffcb81a959a420 fffff801fa4e60fd : 0000000000000002 0000000000000000 ffffcb81a959a710 ffffcb81ab600000 : nt!MiSystemFault+0x100201
ffffcb81a959a510 fffff801fa5e9ffc : 72000a2032726142 2c74736554737365 7373657264644120 43464646465b203a : nt!MmAccessFault+0x27d
ffffcb81a959a710 fffff80a6d419a47 : ffffcb81ab600000 fffff80a6d454440 ffffcb81a959aaa0 ffffcb81ab3e4000 : nt!KiPageFault+0x13c
ffffcb81a959a8a0 fffff80a6d406af4 : ffffcb81ab600000 0000000010000000 0000000000000065 0000000000000003 : netvmini_build!

Ndis64Write32+0x37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\ttes_api_os_ndis.c @ 177]
ffffcb81a959a8e0 fffff80a6d401e29 : fffff80a6d5968c0 ffffcb8100000001 0000000000000001 0000000000064000 : netvmini_build!

i664InternalSetPhys+0x1a4 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\i664_api_internal.c @ 864]
ffffcb81a959a970 fffff80a6d42a07e : fffff80a6d5968c0 fffff80a6d43bce0 0000000000000065 0000000000000003 : netvmini_build!

Ndisi664ESConfigureEx+0xe29 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\i664_api_es.c @ 1208]
ffffcb81a959aa20 fffff80a6d42d8c7 : ffff938d52b19040 ffff938d52b19040 0000000000000a80 ffffdfeff6dfe460 : netvmini_build!

A664DeviceInitialize+0x42e [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664device.c @

118]
ffffcb81a959aac0 fffff80a6d42c644 : ffff938d52b19040 ffffcb81a959ae90 ffffcb81a959ae90 ffffcb81a959abe8 : netvmini_build!

HWInitialize+0x507 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664mphal.c @ 214]
ffffcb81a959ab90 fffff80a6b6fd762 : ffff938d55fd81a0 fffff80a6d43b7c0 ffffcb81a959ae90 ffff938d55fd9028 : netvmini_build!

MPInitializeEx+0x604 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664adapter.c @ 404]
ffffcb81a959ad30 fffff80a6b73b848 : ffff938d55fd8ed8 0000000000000000 0000000000000000 ffff938d55fd81a0 : ndis!

ndisMInvokeInitialize+0x5e
ffffcb81a959ad90 fffff80a6b6fdc03 : 0000000000000000 00000000000000a0 ffff938d53600400 01d2fcb04e560014 : ndis!

ndisMInitializeAdapter+0x4d4
ffffcb81a959b450 fffff80a6b6fdd10 : 00000000000000a0 ffff938d551b41a0 ffffb985d5427c80 ffff938d55fd81a0 : ndis!

ndisInitializeAdapter+0x5f
ffffcb81a959b4a0 fffff80a6b6efb2b : ffff938d55fd81a0 0000000000000004 ffff938d530f72a0 fffff80a6b66a10d : ndis!ndisPnPStartDevice

+0x80
ffffcb81a959b4e0 fffff80a6b6eefd5 : ffff938d55fd81a0 ffff938d55fd81a0 ffff938d530f72a0 ffff938d55fd81a0 : ndis!

ndisStartDeviceSynchronous+0x4f
ffffcb81a959b530 fffff80a6b6eebf9 : ffff938d530f72a0 ffffcb81a959b5a0 0000000000000000 ffff938d55fd81a0 : ndis!

ndisPnPIrpStartDevice+0x149
ffffcb81a959b560 fffff801fa9768dd : ffff938d530f72a0 ffffcb81a959b604 0000000000000001 0000000000000001 : ndis!ndisPnPDispatch

+0x149
ffffcb81a959b5d0 fffff801fa58bb0e : ffff938d52fba060 0000000000000000 ffff938d55353de0 0000000000000000 : nt!PnpAsynchronousCall

+0xe5
ffffcb81a959b610 fffff801fa582ba4 : 0000000000000000 ffff938d52fba060 fffff801fa58c050 fffff801fa58c050 : nt!PnpSendIrp+0x92
ffffcb81a959b680 fffff801fa976117 : ffff938d52fb9010 ffff938d55353de0 0000000000000000 0000000000000000 : nt!PnpStartDevice+0x88
ffffcb81a959b710 fffff801fa940bff : ffff938d52fb9010 ffffcb81a959b8e0 0000000000000000 ffff938d52fb9010 : nt!PnpStartDeviceNode

+0xdb
ffffcb81a959b7a0 fffff801fa97ad69 : ffff938d52fb9010 0000000000000001 0000000000000001 ffff938d52fb9010 : nt!

PipProcessStartPhase1+0x53
ffffcb81a959b7e0 fffff801faad576a : ffff938d52fb9010 0000000000000001 ffffcb81a959bb19 fffff801fa97b273 : nt!PipProcessDevNodeTree

+0x401
ffffcb81a959ba60 fffff801fa63590a : 0000000100000003 0000000000000000 fffff801fa7a7360 fffff801fa7a7430 : nt!PiRestartDevice+0xba
ffffcb81a959bab0 fffff801fa4f7599 : ffff938d547da040 fffff801fa7a7320 fffff801fa847280 fffff801fa847280 : nt!PnpDeviceActionWorker

+0xac1fe
ffffcb81a959bb80 fffff801fa547965 : fffff801fa7cd180 0000000000000080 ffff938d526b06c0 ffff938d547da040 : nt!ExpWorkerThread+0xe9
ffffcb81a959bc10 fffff801fa5e5e26 : fffff801fa7cd180 ffff938d547da040 fffff801fa547924 0000000000000000 : nt!

PspSystemThreadStartup+0x41
ffffcb81a959bc60 0000000000000000 : ffffcb81a959c000 ffffcb81a9596000 0000000000000000 0000000000000000 : nt!KiStartSystemThread

+0x16

I’ll take a WAG…

  1. faulting instruction is a memory write
  2. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  3. BUGCHECK_STR: AV

Perhaps a memory write to code memory? You could look at the faulting destination address, and figure out if that’s a data or code region (execute only).

Jan

On 7/14/17, 11:20 AM, “xxxxx@lists.osr.com on behalf of Don Burn” wrote:

I have a client who is sending me !analyze -v where the second argument of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is Windows 10 with the lack of symbols because the symbol server not keeping up with the OS updates.

Anyone have a clue as to why this is 2? I’m trying to help them remotely find this problem.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

kd> !analyze -v
***
*
* Bugcheck Analysis
*


PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffcb81ab600000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff80a6d419a47, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004

SYSTEM_MANUFACTURER: System manufacturer

SYSTEM_PRODUCT_NAME: System Product Name

SYSTEM_SKU: SKU

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 5109

BIOS_DATE: 10/16/2012

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: F2A85-V PRO

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 1

BUGCHECK_P1: ffffcb81ab600000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff80a6d419a47

BUGCHECK_P4: 2

FAULTING_IP:
netvmini_build!Ndis64Write32+37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\ttes_api_os_ndis.c @ 177]
fffff80a6d419a47 8908 mov dword ptr [rax],ecx<br><br>MM_INTERNAL_CODE: 2<br><br>IMAGE_NAME: memory_corruption<br><br>DEBUG_FLR_IMAGE_TIMESTAMP: 0<br><br>FAULTING_MODULE: fffff80a6d400000 netvmini_build<br><br>CPU_COUNT: 2<br><br>CPU_MHZ: e10<br><br>CPU_VENDOR: AuthenticAMD<br><br>CPU_FAMILY: 15<br><br>CPU_MODEL: 10<br><br>CPU_STEPPING: 1<br><br>DEFAULT_BUCKET_ID: CODE_CORRUPTION<br><br>BUGCHECK_STR: AV<br><br>PROCESS_NAME: System<br><br>CURRENT_IRQL: 0<br><br>ANALYSIS_SESSION_HOST: PREDATOR<br><br>ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349<br><br>ANALYSIS_VERSION: 10.0.14321.1024 amd64fre<br><br>TRAP_FRAME: ffffcb81a959a710 -- (.trap 0xffffcb81a959a710)<br> NOTE: The trap frame does not contain all registers.<br> Some register values may be zeroed or incorrect.<br> rax=ffffcb81ab600000 rbx=0000000000000000 rcx=0000000010000000<br> rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000<br> rip=fffff80a6d419a47 rsp=ffffcb81a959a8a0 rbp=ffffcb81a959ae90<br> r8=0000000000000065 r9=0000000000000003 r10=0000000000000000<br> r11=ffffcb81a959a640 r12=0000000000000000 r13=0000000000000000<br> r14=0000000000000000 r15=0000000000000000<br> iopl=0 nv up ei pl nz na pe nc<br> netvmini_build!Ndis64Write32+0x37:<br> fffff80a6d419a47 8908 mov dword ptr [rax],ecx ds:ffffcb81ab600000=????????<br> Resetting default scope<br><br>LOCK_ADDRESS: fffff801fa7a8880 -- (!locks fffff801fa7a8880)<br><br>Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned<br> Contention Count = 11<br> Threads: ffff938d547da040-01&lt;*&gt; <br> 1 total locks, 1 locks currently held<br><br>PNP_TRIAGE: <br> Lock address : 0xfffff801fa7a8880<br> Thread Count : 1<br> Thread address: 0xffff938d547da040<br> Thread wait : 0xbaf6<br><br>LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960<br><br>STACK_TEXT: <br> ffffcb81a959a418 fffff801fa60ae11 : 0000000000000050 ffffcb81ab600000 0000000000000002 ffffcb81a959a710 : nt!KeBugCheckEx<br> ffffcb81a959a420 fffff801fa4e60fd : 0000000000000002 0000000000000000 ffffcb81a959a710 ffffcb81ab600000 : nt!MiSystemFault+0x100201<br> ffffcb81a959a510 fffff801fa5e9ffc : 72000a2032726142 2c74736554737365 7373657264644120 43464646465b203a : nt!MmAccessFault+0x27d<br> ffffcb81a959a710 fffff80a6d419a47 : ffffcb81ab600000 fffff80a6d454440 ffffcb81a959aaa0 ffffcb81ab3e4000 : nt!KiPageFault+0x13c<br> ffffcb81a959a8a0 fffff80a6d406af4 : ffffcb81ab600000 0000000010000000 0000000000000065 0000000000000003 : netvmini_build!<br><br>Ndis64Write32+0x37 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\ttes_api_os_ndis.c @ 177]<br> ffffcb81a959a8e0 fffff80a6d401e29 : fffff80a6d5968c0 ffffcb8100000001 0000000000000001 0000000000064000 : netvmini_build!<br><br>i664InternalSetPhys+0x1a4 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\i664_api_internal.c @ 864]<br> ffffcb81a959a970 fffff80a6d42a07e : fffff80a6d5968c0 fffff80a6d43bce0 0000000000000065 0000000000000003 : netvmini_build!<br><br>Ndisi664ESConfigureEx+0xe29 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\i664_api_es.c @ 1208]<br> ffffcb81a959aa20 fffff80a6d42d8c7 : ffff938d52b19040 ffff938d52b19040 0000000000000a80 ffffdfeff6dfe460 : netvmini_build!<br><br>A664DeviceInitialize+0x42e [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664device.c @ <br><br>118]<br> ffffcb81a959aac0 fffff80a6d42c644 : ffff938d52b19040 ffffcb81a959ae90 ffffcb81a959ae90 ffffcb81a959abe8 : netvmini_build!<br><br>HWInitialize+0x507 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664mphal.c @ 214]<br> ffffcb81a959ab90 fffff80a6b6fd762 : ffff938d55fd81a0 fffff80a6d43b7c0 ffffcb81a959ae90 ffff938d55fd9028 : netvmini_build!<br><br>MPInitializeEx+0x604 [c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664adapter.c @ 404]<br> ffffcb81a959ad30 fffff80a6b73b848 : ffff938d55fd8ed8 0000000000000000 0000000000000000 ffff938d55fd81a0 : ndis!<br><br>ndisMInvokeInitialize+0x5e<br> ffffcb81a959ad90 fffff80a6b6fdc03 : 0000000000000000 00000000000000a0 ffff938d53600400 01d2fcb04e560014 : ndis!<br><br>ndisMInitializeAdapter+0x4d4<br> ffffcb81a959b450 fffff80a6b6fdd10 : 00000000000000a0 ffff938d551b41a0 ffffb985d5427c80 ffff938d55fd81a0 : ndis!<br><br>ndisInitializeAdapter+0x5f<br> ffffcb81a959b4a0 fffff80a6b6efb2b : ffff938d55fd81a0 0000000000000004 ffff938d530f72a0 fffff80a6b66a10d : ndis!ndisPnPStartDevice<br><br>+0x80<br> ffffcb81a959b4e0 fffff80a6b6eefd5 : ffff938d55fd81a0 ffff938d55fd81a0 ffff938d530f72a0 ffff938d55fd81a0 : ndis!<br><br>ndisStartDeviceSynchronous+0x4f<br> ffffcb81a959b530 fffff80a6b6eebf9 : ffff938d530f72a0 ffffcb81a959b5a0 0000000000000000 ffff938d55fd81a0 : ndis!<br><br>ndisPnPIrpStartDevice+0x149<br> ffffcb81a959b560 fffff801fa9768dd : ffff938d530f72a0 ffffcb81a959b604 0000000000000001 0000000000000001 : ndis!ndisPnPDispatch<br><br>+0x149<br> ffffcb81a959b5d0 fffff801fa58bb0e : ffff938d52fba060 0000000000000000 ffff938d55353de0 0000000000000000 : nt!PnpAsynchronousCall<br><br>+0xe5<br> ffffcb81a959b610 fffff801fa582ba4 : 0000000000000000 ffff938d52fba060 fffff801fa58c050 fffff801fa58c050 : nt!PnpSendIrp+0x92<br> ffffcb81a959b680 fffff801fa976117 : ffff938d52fb9010 ffff938d55353de0 0000000000000000 0000000000000000 : nt!PnpStartDevice+0x88<br> ffffcb81a959b710 fffff801fa940bff : ffff938d52fb9010 ffffcb81a959b8e0 0000000000000000 ffff938d52fb9010 : nt!PnpStartDeviceNode<br><br>+0xdb<br> ffffcb81a959b7a0 fffff801fa97ad69 : ffff938d52fb9010 0000000000000001 0000000000000001 ffff938d52fb9010 : nt!<br><br>PipProcessStartPhase1+0x53<br> ffffcb81a959b7e0 fffff801faad576a : ffff938d52fb9010 0000000000000001 ffffcb81a959bb19 fffff801fa97b273 : nt!PipProcessDevNodeTree<br><br>+0x401<br> ffffcb81a959ba60 fffff801fa63590a : 0000000100000003 0000000000000000 fffff801fa7a7360 fffff801fa7a7430 : nt!PiRestartDevice+0xba<br> ffffcb81a959bab0 fffff801fa4f7599 : ffff938d547da040 fffff801fa7a7320 fffff801fa847280 fffff801fa847280 : nt!PnpDeviceActionWorker<br><br>+0xac1fe<br> ffffcb81a959bb80 fffff801fa547965 : fffff801fa7cd180 0000000000000080 ffff938d526b06c0 ffff938d547da040 : nt!ExpWorkerThread+0xe9<br> ffffcb81a959bc10 fffff801fa5e5e26 : fffff801fa7cd180 ffff938d547da040 fffff801fa547924 0000000000000000 : nt!<br><br>PspSystemThreadStartup+0x41<br> ffffcb81a959bc60 0000000000000000 : ffffcb81a959c000 ffffcb81a9596000 0000000000000000 00000000`00000000 : nt!KiStartSystemThread

+0x16


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>

!pte on the faulting address would be interesting.

(Also, PDBs look fine to me)

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntdev…

I’ll take a WAG…

  1. faulting instruction is a memory write
  2. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  3. BUGCHECK_STR: AV

Perhaps a memory write to code memory? You could look at the faulting
destination address, and figure out if that’s a data or code region (execute
only).

Jan

On 7/14/17, 11:20 AM, “xxxxx@lists.osr.com on behalf of Don
Burn”
wrote:

I have a client who is sending me !analyze -v where the second argument
of PAGE_FAULT_IN_NONPAGED_AREA is 2 which is not documented. This is
Windows 10 with the lack of symbols because the symbol server not keeping up
with the OS updates.

Anyone have a clue as to why this is 2? I’m trying to help them
remotely find this problem.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

kd> !analyze -v

*

* Bugcheck Analysis

*

***

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except.
Typically the address is just plain bad or it is pointing at freed
memory.
Arguments:
Arg1: ffffcb81ab600000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff80a6d419a47, If non-zero, the instruction address which
referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 14393.1480.amd64fre.rs1_release.170706-2004

SYSTEM_MANUFACTURER: System manufacturer

SYSTEM_PRODUCT_NAME: System Product Name

SYSTEM_SKU: SKU

SYSTEM_VERSION: System Version

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 5109

BIOS_DATE: 10/16/2012

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: F2A85-V PRO

BASEBOARD_VERSION: Rev X.0x

DUMP_TYPE: 1

BUGCHECK_P1: ffffcb81ab600000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff80a6d419a47

BUGCHECK_P4: 2

FAULTING_IP:
netvmini_build!Ndis64Write32+37
[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api

\ttes_api_os_ndis.c @ 177]
fffff80a6d419a47 8908 mov dword ptr [rax],ecx<br><br>MM_INTERNAL_CODE: 2<br><br>IMAGE_NAME: memory_corruption<br><br>DEBUG_FLR_IMAGE_TIMESTAMP: 0<br><br>FAULTING_MODULE: fffff80a6d400000 netvmini_build<br><br>CPU_COUNT: 2<br><br>CPU_MHZ: e10<br><br>CPU_VENDOR: AuthenticAMD<br><br>CPU_FAMILY: 15<br><br>CPU_MODEL: 10<br><br>CPU_STEPPING: 1<br><br>DEFAULT_BUCKET_ID: CODE_CORRUPTION<br><br>BUGCHECK_STR: AV<br><br>PROCESS_NAME: System<br><br>CURRENT_IRQL: 0<br><br>ANALYSIS_SESSION_HOST: PREDATOR<br><br>ANALYSIS_SESSION_TIME: 07-14-2017 10:22:40.0349<br><br>ANALYSIS_VERSION: 10.0.14321.1024 amd64fre<br><br>TRAP_FRAME: ffffcb81a959a710 -- (.trap 0xffffcb81a959a710)<br> NOTE: The trap frame does not contain all registers.<br> Some register values may be zeroed or incorrect.<br> rax=ffffcb81ab600000 rbx=0000000000000000 rcx=0000000010000000<br> rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000<br> rip=fffff80a6d419a47 rsp=ffffcb81a959a8a0 rbp=ffffcb81a959ae90<br> r8=0000000000000065 r9=0000000000000003 r10=0000000000000000<br> r11=ffffcb81a959a640 r12=0000000000000000 r13=0000000000000000<br> r14=0000000000000000 r15=0000000000000000<br> iopl=0 nv up ei pl nz na pe nc<br> netvmini_build!Ndis64Write32+0x37:<br> fffff80a6d419a47 8908 mov dword ptr [rax],ecx
ds:ffffcb81ab600000=????????<br> Resetting default scope<br><br>LOCK_ADDRESS: fffff801fa7a8880 -- (!locks fffff801fa7a8880)<br><br>Resource @ nt!PiEngineLock (0xfffff801fa7a8880) Exclusively owned<br> Contention Count = 11<br> Threads: ffff938d547da040-01&lt;*&gt;<br> 1 total locks, 1 locks currently held<br><br>PNP_TRIAGE:<br> Lock address : 0xfffff801fa7a8880<br> Thread Count : 1<br> Thread address: 0xffff938d547da040<br> Thread wait : 0xbaf6<br><br>LAST_CONTROL_TRANSFER: from fffff801fa60ae11 to fffff801fa5e0960<br><br>STACK_TEXT:<br> ffffcb81a959a418 fffff801fa60ae11 : 0000000000000050
ffffcb81ab600000 0000000000000002 ffffcb81a959a710 : nt!KeBugCheckEx<br> ffffcb81a959a420 fffff801fa4e60fd : 0000000000000002
0000000000000000 ffffcb81a959a710 ffffcb81ab600000 : <br>nt!MiSystemFault+0x100201<br> ffffcb81a959a510 fffff801fa5e9ffc : 72000a2032726142
2c74736554737365 7373657264644120 43464646465b203a : <br>nt!MmAccessFault+0x27d<br> ffffcb81a959a710 fffff80a6d419a47 : ffffcb81ab600000
fffff80a6d454440 ffffcb81a959aaa0 ffffcb81ab3e4000 : nt!KiPageFault+0x13c<br> ffffcb81a959a8a0 fffff80a6d406af4 : ffffcb81ab600000
0000000010000000 0000000000000065 0000000000000003 : netvmini_build!<br><br>Ndis64Write32+0x37 <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\ttes_api_os_ndis.c @ 177]<br> ffffcb81a959a8e0 fffff80a6d401e29 : fffff80a6d5968c0
ffffcb8100000001 0000000000000001 0000000000064000 : netvmini_build!<br><br>i664InternalSetPhys+0x1a4 <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\i664_api_internal.c @ 864]<br> ffffcb81a959a970 fffff80a6d42a07e : fffff80a6d5968c0
fffff80a6d43bce0 0000000000000065 0000000000000003 : netvmini_build!<br><br>Ndisi664ESConfigureEx+0xe29 <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664api<br><br>\i664_api_es.c @ 1208]<br> ffffcb81a959aa20 fffff80a6d42d8c7 : ffff938d52b19040
ffff938d52b19040 0000000000000a80 ffffdfeff6dfe460 : netvmini_build!<br><br>A664DeviceInitialize+0x42e <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664device.c <br>@<br><br>118]<br> ffffcb81a959aac0 fffff80a6d42c644 : ffff938d52b19040
ffffcb81a959ae90 ffffcb81a959ae90 ffffcb81a959abe8 : netvmini_build!<br><br>HWInitialize+0x507 <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664mphal.c <br>@ 214]<br> ffffcb81a959ab90 fffff80a6b6fd762 : ffff938d55fd81a0
fffff80a6d43b7c0 ffffcb81a959ae90 ffff938d55fd9028 : netvmini_build!<br><br>MPInitializeEx+0x604 <br>[c:\shop\codelever\a664-ndis-driver\netvmini\a664-driver-solution\netvmini_build\netvmini_build\a664adapter.c <br>@ 404]<br> ffffcb81a959ad30 fffff80a6b73b848 : ffff938d55fd8ed8
0000000000000000 0000000000000000 ffff938d55fd81a0 : ndis!<br><br>ndisMInvokeInitialize+0x5e<br> ffffcb81a959ad90 fffff80a6b6fdc03 : 0000000000000000
00000000000000a0 ffff938d53600400 01d2fcb04e560014 : ndis!<br><br>ndisMInitializeAdapter+0x4d4<br> ffffcb81a959b450 fffff80a6b6fdd10 : 00000000000000a0
ffff938d551b41a0 ffffb985d5427c80 ffff938d55fd81a0 : ndis!<br><br>ndisInitializeAdapter+0x5f<br> ffffcb81a959b4a0 fffff80a6b6efb2b : ffff938d55fd81a0
0000000000000004 ffff938d530f72a0 fffff80a6b66a10d : <br>ndis!ndisPnPStartDevice<br><br>+0x80<br> ffffcb81a959b4e0 fffff80a6b6eefd5 : ffff938d55fd81a0
ffff938d55fd81a0 ffff938d530f72a0 ffff938d55fd81a0 : ndis!<br><br>ndisStartDeviceSynchronous+0x4f<br> ffffcb81a959b530 fffff80a6b6eebf9 : ffff938d530f72a0
ffffcb81a959b5a0 0000000000000000 ffff938d55fd81a0 : ndis!<br><br>ndisPnPIrpStartDevice+0x149<br> ffffcb81a959b560 fffff801fa9768dd : ffff938d530f72a0
ffffcb81a959b604 0000000000000001 0000000000000001 : ndis!ndisPnPDispatch<br><br>+0x149<br> ffffcb81a959b5d0 fffff801fa58bb0e : ffff938d52fba060
0000000000000000 ffff938d55353de0 0000000000000000 : <br>nt!PnpAsynchronousCall<br><br>+0xe5<br> ffffcb81a959b610 fffff801fa582ba4 : 0000000000000000
ffff938d52fba060 fffff801fa58c050 fffff801fa58c050 : nt!PnpSendIrp+0x92<br> ffffcb81a959b680 fffff801fa976117 : ffff938d52fb9010
ffff938d55353de0 0000000000000000 0000000000000000 : <br>nt!PnpStartDevice+0x88<br> ffffcb81a959b710 fffff801fa940bff : ffff938d52fb9010
ffffcb81a959b8e0 0000000000000000 ffff938d52fb9010 : <br>nt!PnpStartDeviceNode<br><br>+0xdb<br> ffffcb81a959b7a0 fffff801fa97ad69 : ffff938d52fb9010
0000000000000001 0000000000000001 ffff938d52fb9010 : nt!<br><br>PipProcessStartPhase1+0x53<br> ffffcb81a959b7e0 fffff801faad576a : ffff938d52fb9010
0000000000000001 ffffcb81a959bb19 fffff801fa97b273 : <br>nt!PipProcessDevNodeTree<br><br>+0x401<br> ffffcb81a959ba60 fffff801fa63590a : 0000000100000003
0000000000000000 fffff801fa7a7360 fffff801fa7a7430 : <br>nt!PiRestartDevice+0xba<br> ffffcb81a959bab0 fffff801fa4f7599 : ffff938d547da040
fffff801fa7a7320 fffff801fa847280 fffff801fa847280 : <br>nt!PnpDeviceActionWorker<br><br>+0xac1fe<br> ffffcb81a959bb80 fffff801fa547965 : fffff801fa7cd180
0000000000000080 ffff938d526b06c0 ffff938d547da040 : <br>nt!ExpWorkerThread+0xe9<br> ffffcb81a959bc10 fffff801fa5e5e26 : fffff801fa7cd180
ffff938d547da040 fffff801fa547924 0000000000000000 : nt!<br><br>PspSystemThreadStartup+0x41<br> ffffcb81a959bc60 0000000000000000 : ffffcb81a959c000
ffffcb81a9596000 0000000000000000 00000000`00000000 :
nt!KiStartSystemThread

+0x16


NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

@Don:
2 is Execute - instruction fetch fault



If 0 and 1 are the codes for respectively read and write accesses that have caused a page fault, what may the code of 2 for a page fault possibly indicate???

This is what happens when people lose their ability to think on their own - once the word “undocumented” is synonymous with “no-go-area” on the OP’s books, he is already in sort of “intellectual impasse” every time he encounters something undocumented, no matter how trivial the problem is

PS. Sorry, but I could nor resist the temptation this time

Having said the above, I don’t see anything that indicates the invalid instruction fetch

The whole thing looks (at least to me) like an attempt to overwrite the stack.

Please note that the target of the failing write instruction (ffffcb81ab600000) is
not that different from the RSP of the failing thread (ffffcb81a959a8a0) , i.e. is just 8304 pages higher in virtual memory. In other words, it seems to fall into the area that is reserved for the kernel thread stacks. Probably, this is how the system responds when an page fault is due to the attempt to write to memory area that is reserved for the kernel thread stacks…

Anton Bassov