Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Plz help to resolve PAGE_FAULT_IN_NONPAGED_AREA (50)

SeungjinLeeSeungjinLee Member Posts: 4
edited November 2019 in WINDBG

Hello,
My driver get PAGE_FAULT_IN_NONPAGED_AREA (50) on some XEON processor machines.
I am investigating the problem but am unable to find the reason. Please help me to resolve this issue.

dump and source file attached.

pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);

289] newPdoList->Count = relations->Count;

For your reference, I have never experienced the BSOD, but some our users are reporting the BSOD and an user sent the dump files.

Post edited by SeungjinLee on
· Share on Facebook

Comments

  • SeungjinLeeSeungjinLee Member Posts: 4

    pnp.c @ 289:
    288] RtlMoveMemory(newPrevRelations, relations, size);
    289] newPdoList->Count = relations->Count;

    · Share on Facebook
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 263

    And I thought I was bad at posting code on forums ;)

    At the point of crash [rax+rdx-10h] is exactly the address at fault, suggesting your size calculation is incorrect, or he "relations" pool that you seem to return via Irp->IoStatus.Information is of incorrect size.

    Dump that memory.

    · Share on Facebook
  • SeungjinLeeSeungjinLee Member Posts: 4

    Thanks for the answer.
    As I mentioned before, I cannot reproduce this issue, and an user sent the mini dump files. Can I dump that memory from the mini dump files?

    Size calculation seems to be correct. My driver is a bus filter driver and the "relations" info is returned by the bus driver. It means that the bus driver would return the incorrect "relations" info.

    · Share on Facebook
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,231
    Mini dump won’t help much. Get a kernel summary dump and debug it. Something is up with the pointers you’re passing to memcpy.

    -scott
    OSR

    · Share on Facebook
  • SeungjinLeeSeungjinLee Member Posts: 4
    edited November 2019

    Is there any difference between
    if (NT_SUCCESS(status))
    and
    if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
    ?

    I changed it to the latter and am waiting for the user's response.

    · Share on Facebook
  • ashish_kohliashish_kohli Member - All Emails Posts: 61

    where is the dump.You have just attached txt.zip the dump and attach

    · Share on Facebook
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,683

    Is there any difference between
    if (NT_SUCCESS(status))
    and
    if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
    ?

    Well, yes there’s a difference. STATUS_SUCCESS is just one of the many possible success status codes. Depending on what you’re looking at the return from, this will either matter or it will not matter.

    Get us a dump to look at, and a proper dump not a mini dump, as we’ve all requested. this should not be hard to debug. The source or destination pointer is bad...

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 LIVE ONLINE
Writing WDF Drivers 11 May 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA

Categories