Dealing with a stack of all ?????????

So when you get something like below, how do you get it to print a stack that actually has some data in it so you can see what’s going on?

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)

Any other values for parameter 1 must be individually examined.

Arguments:
Arg1: 0000000000061946, The subtype of the bugcheck.
Arg2: ffffe000021bde10
Arg3: 0000000000034f08
Arg4: 0000000000000000

Debugging Details:

BUGCHECK_STR: 0x1a_61946

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff8033e8570ea to fffff8033e7d5890

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: ffffd0002ace4910

STACK_COMMAND: dds 2ACE4910-0x20 ; kb

STACK_TEXT:
000000002ace48f0 ???????? 000000002ace48f4 ???
000000002ace48f8 ???????? 000000002ace48fc ???
000000002ace4900 ???????? 000000002ace4904 ???
000000002ace4908 ???????? 000000002ace490c ???
000000002ace4910 ???????? 000000002ace4914 ???
000000002ace4918 ???????? 000000002ace491c ???
000000002ace4920 ???????? 000000002ace4924 ???
000000002ace4928 ???????? 000000002ace492c ???
000000002ace4930 ???????? 000000002ace4934 ???
000000002ace4938 ???????? 000000002ace493c ???
000000002ace4940 ???????? 000000002ace4944 ???
000000002ace4948 ???????? 000000002ace494c ???
000000002ace4950 ???????? 000000002ace4954 ???
000000002ace4958 ???????? 000000002ace495c ???
000000002ace4960 ???????? 000000002ace4964 ???
000000002ace4968 ???????? 000000002ace496c ???

FOLLOWUP_IP:
Ntfs!NtfsLookupNtfsMcbEntry+1c7
fffff800`00ac1797 b001 mov al,1

SYMBOL_NAME: Ntfs!NtfsLookupNtfsMcbEntry+1c7

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME: Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 531d42e5

FAILURE_BUCKET_ID: X64_0x1a_61946_Ntfs!NtfsLookupNtfsMcbEntry+1c7

BUCKET_ID: X64_0x1a_61946_Ntfs!NtfsLookupNtfsMcbEntry+1c7

Followup: MachineOwner

xxxxx@terabyteunlimited.com wrote:

So when you get something like below, how do you get it to print a stack that actually has some data in it so you can see what’s going on?

You can’t. The value of the stack pointer in the register dump is bad.
You can dump the registers to see if there is anything usable at all in
them,

I assume you did enough Googling to see that 61946 means someone tried
to create a flawed MDL, usually meaning a bad call to
MmProbeAndLockPages. Have you checked the stack and registers in the
other processors?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Tim, Thanks. Yes, that question is in the other group.

How would I look at other CPU stacks? My little cheat sheet I have two main things I typically use to figure things out:

!stacks 2 mydrivername!
!locks -v

I used to have another one about how to switch to a different thread context but must have been before I started writing this stuff down so I don’t forget when six months to a year goes by…

xxxxx@terabyteunlimited.com wrote:

Tim, Thanks. Yes, that question is in the other group.

How would I look at other CPU stacks? My little cheat sheet I have two main things I typically use to figure things out:

!stacks 2 mydrivername!
!locks -v

I used to have another one about how to switch to a different thread context but must have been before I started writing this stuff down so I don’t forget when six months to a year goes by…

Windbg has a “help” file, although admittedly it’s hard to find
information unless you already know what you’re looking for.

To look at a particular processor, just prefix the processor number.

0kb
1kb
2kb
3kb
0r
1r
2r
3r


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.