I have a dump from a D5 bugcheck that has a value of “2” for the operation (Arg2). I’ve been searching for an explanation of what that value means but haven’t found anything so far. Has anyone ever seen this?
Here’s what !analyze reports:
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffb68191104fe8, memory referenced
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation
Arg3: fffff808f1c4137c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)
Someone else saw this on NTDEV and we didn’t get any additional details to
go on. Can you post the full !analyze -v output as well as the output of
!pte ffffb68191104fe8?
I have a dump from a D5 bugcheck that has a value of “2” for the operation
(Arg2). I’ve been searching for an explanation of what that value means but
haven’t found anything so far. Has anyone ever seen this?
Here’s what !analyze reports:
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffb68191104fe8, memory referenced
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation
Arg3: fffff808f1c4137c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)
Below is the output of !analyze -v and !pte ffffb68191104fe8.
That address is bogus because I’m seeing a lot of memory corruption, which is why the bugcheck occurred. Unfortunately, all I have is a kernel triage dump.
========================================= 26: kd> !pte ffffb68191104fe8 ========================================= VA ffffb68191104fe8 PXE at FFFFF379BCDE6B68 PPE at FFFFF379BCD6D030 PDE at FFFFF379ADA06440 PTE at FFFFF35B40C88820 contains 0000000077C49863 contains 00000180E3141863 contains 0000018229EFC863 contains 36818C5900000000 pfn 77c49 —DA–KWEV pfn 180e3141 —DA–KWEV pfn 18229efc —DA–KWEV not valid Page has been freed
It looks like some bugcheck parameters were updated without updating the docs and !analyze, we’ll look at getting those updated. For this case, 2 means a write access faulted.
It looks like some bugcheck parameters were updated without updating the
docs and !analyze, we’ll look at getting those updated. For this case, 2
means a write access faulted.
Unfortunately, pool tagging was not enabled on this particular system so it didn’t produce anything (according to the response from !verifier). We had requested that pool tagging was to be enabled but apparently it wasn’t. We have asked again.