Plz help to resolve PAGE_FAULT_IN_NONPAGED_AREA (50)

Hello,
My driver get PAGE_FAULT_IN_NONPAGED_AREA (50) on some XEON processor machines.
I am investigating the problem but am unable to find the reason. Please help me to resolve this issue.
dump and source file attached.

pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);
289] newPdoList->Count = relations->Count;

For your reference, I have never experienced the BSOD, but some our users are reporting the BSOD and an user sent the dump files.

pnp.c @ 289:
288] RtlMoveMemory(newPrevRelations, relations, size);
289] newPdoList->Count = relations->Count;

And I thought I was bad at posting code on forums :wink:

At the point of crash [rax+rdx-10h] is exactly the address at fault, suggesting your size calculation is incorrect, or he “relations” pool that you seem to return via Irp->IoStatus.Information is of incorrect size.

Dump that memory.

Thanks for the answer.
As I mentioned before, I cannot reproduce this issue, and an user sent the mini dump files. Can I dump that memory from the mini dump files?

Size calculation seems to be correct. My driver is a bus filter driver and the “relations” info is returned by the bus driver. It means that the bus driver would return the incorrect “relations” info.

Mini dump won’t help much. Get a kernel summary dump and debug it. Something is up with the pointers you’re passing to memcpy.

Is there any difference between
if (NT_SUCCESS(status))
and
if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
?

I changed it to the latter and am waiting for the user’s response.

where is the dump.You have just attached txt.zip the dump and attach

Is there any difference between
if (NT_SUCCESS(status))
and
if (NT_SUCCESS(status) && Irp->IoStatus.Status == STATUS_SUCCESS)
?

Well, yes there’s a difference. STATUS_SUCCESS is just one of the many possible success status codes. Depending on what you’re looking at the return from, this will either matter or it will not matter.

Get us a dump to look at, and a proper dump not a mini dump, as we’ve all requested. this should not be hard to debug. The source or destination pointer is bad…

Peter

@Dejan_Maksimovic said:

At the point of crash [rax+rdx-10h] is exactly the address at fault, suggesting your size calculation is incorrect, or he “relations” pool that you seem to return via Irp->IoStatus.Information is of incorrect size.

Finally, found the bug.
for (ULONG j = 0; j < prevRelations->Count; j++)
must be
for (ULONG j = 0; j < relations->Count; j++)
:s

Thank you.