DeviceTree 2.30 BSOD

Eugene · May 27, 2011, 8:02am

Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff80003207000 PsLoadedModuleList = 0xfffff8000344c650
Debug session time: Fri May 27 13:43:53.974 2011 (UTC + 4:00)
System Uptime: 0 days 0:10:23.393
Loading Kernel Symbols

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8002f97d1f, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffffa80082fa230, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:

WRITE_ADDRESS: fffffa8002f97d1f

FAULTING_IP:
+694a2faf03fdd974
fffffa80`082fa230 30a22f0880fa xor byte ptr [rdx-57FF7D1h],ah

MM_INTERNAL_CODE: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: devicetree.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff8800854b5c0 -- (.trap 0xfffff8800854b5c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8008797698 rbx=0000000000000000 rcx=fffffa80082fa060
rdx=fffffa80087974f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa80082fa230 rsp=fffff8800854b758 rbp=fffffa80082fa060
r8=fffffa80082fa230 r9=0000000000000001 r10=fffffa8006d43960
r11=fffff8800854b730 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
fffffa80082fa230 30a22f0880fa xor byte ptr [rdx-57FF7D1h],ah ds:fffffa8002f97d1f=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80003231400 to fffff80003286d00

STACK_TEXT:
fffff8800854b458 fffff80003231400 : 0000000000000050 fffffa8002f97d1f 0000000000000001 fffff8800854b5c0 : nt!KeBugCheckEx
fffff8800854b460 fffff80003284e2e : 0000000000000001 fffffa8002f97d1f 0000000000000000 0000000000000007 : nt! ?? ::FNODOBFM::string'+0x448c6 fffff8800854b5c0 fffffa80082fa230 : fffff88004507eb0 fffffa8008499000 fffffa80082fa1b0 fffffa80082fa060 : nt!KiPageFault+0x16e fffff8800854b758 fffff88004507eb0 : fffffa8008499000 fffffa80082fa1b0 fffffa80082fa060 fffffa80087974f0 : 0xfffffa80082fa230
fffff8800854b760 fffff88004aa8435 : fffffa80087974f0 0000000000000000 fffffa80082fa060 fffffa80087974f0 : dxgkrnl!DpiDispatchPnp+0xc8
fffff8800854b7b0 fffff88007fd2469 : fffffa80087974f0 0000000000000000 fffff8800854bb60 fffff88003165180 : nvlddmkm+0x92435
fffff8800854b800 fffff88007fd2ffb : fffffa800760e910 fffffa80087974f0 0000000000000000 fffffa8009d8ac30 : OBJINFO+0x1469
fffff8800854b870 fffff800035a1127 : fffffa800760e910 fffffa8009d8ac30 fffffa8009d8ad48 fffffa8009d8ac30 : OBJINFO+0x1ffb
fffff8800854b8d0 fffff800035a1986 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
fffff8800854ba00 fffff80003285f93 : 0000000002e8d500 0000000000000005 000000000de4f6c0 000000000df109c0 : nt!NtDeviceIoControlFile+0x56
fffff8800854ba70 0000000076df138a : 00000000ffccc726 000000000df10130 0000000000000039 0000000000000184 : nt!KiSystemServiceCopyEnd+0x13
000000000021f0e8 00000000ffccc726 : 000000000df10130 0000000000000039 0000000000000184 000007fefe2810c4 : ntdll!NtDeviceIoControlFile+0xa
000000000021f0f0 000000000df10130 : 0000000000000039 0000000000000184 000007fefe2810c4 000000000021f148 : devicetree+0xfc726
000000000021f0f8 0000000000000039 : 0000000000000184 000007fefe2810c4 000000000021f148 00000000cf53200f : 0xdf10130
000000000021f100 0000000000000184 : 000007fefe2810c4 000000000021f148 00000000cf53200f 000000000021f178 : 0x39
000000000021f108 000007fefe2810c4 : 000000000021f148 00000000cf53200f 000000000021f178 0000000000000008 : 0x184
000000000021f110 000007fe0493e000 : 0000000000000000 0000000000000039 00000000000000ac 00000000ffd49250 : msvcrt!free+0x1c
000000000021f140 0000000000000000 : 0000000000000039 00000000000000ac 00000000ffd49250 0000000000000000 : 0x7fe`0493e000

STACK_COMMAND: kb

FOLLOWUP_IP:
dxgkrnl!DpiDispatchPnp+c8
fffff880`04507eb0 8bf0 mov esi,eax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: dxgkrnl!DpiDispatchPnp+c8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dxgkrnl

IMAGE_NAME: dxgkrnl.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799fa

FAILURE_BUCKET_ID: X64_0x50_dxgkrnl!DpiDispatchPnp+c8

BUCKET_ID: X64_0x50_dxgkrnl!DpiDispatchPnp+c8

Followup: MachineOwner

2: kd> !irp fffffa80`087974f0 1
Irp is active with 4 stacks 4 is current (= 0xfffffa8008797698)
No Mdl: No System Buffer: Thread fffffa8007ef7b60: Irp stack trace.
Flags = 00000000
ThreadListEntry.Flink = fffffa8008797510
ThreadListEntry.Blink = fffffa8008797510
IoStatus.Status = c00000bb
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = fffff8800854b830
UserEvent = 00000000
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = fffffa8008797568
Tail.Overlay.Thread = fffffa8007ef7b60
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = fffffa8008797698
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[1b, 7] 0 e0 fffffa80082fa060 00000000 fffff88007fd2318-fffff8800854b840 Success Error Cancel
\Driver\nvlddmkm OBJINFO
Args: 00000000 00000000 00000000 00000000

BSOD reproduces every time on my config when I switch to PnP View.
nvlddmkm.sys - nVidia driver 260.99.

Peter_Viscarola_OSR · May 27, 2011, 8:13am

(Thanks for the post, though this really isn’t the DeviceTree support forum.)

Looks to me like a compatibility problem with the nVidia LDDM driver that’s installed.

There’s a reason we display that “this is a diagnostic utility, don’t run this on a production system” dialog box.

Peter
OSR

OSR_Community_User · May 27, 2011, 8:23am

This kind of crash is typically caused by some driver not handling requests from DeviceTree properly. We did some searching on the net and it appears that the nvlddmkm driver has lots of issues. While it could be DeviceTree, I would see if there are any updates to the nvlddmkm driver and try it again. If not contact me directly and we can figure it out.

--Mark Cariddi
OSR Open Systems Resources, Inc.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@mail.ru
Sent: Friday, May 27, 2011 8:02 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] DeviceTree 2.30 BSOD

Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff80003207000 PsLoadedModuleList = 0xfffff8000344c650 Debug session time: Fri May 27 13:43:53.974 2011 (UTC + 4:00) System Uptime: 0 days 0:10:23.393 Loading Kernel Symbols

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffa8002f97d1f, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffffa80082fa230, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:

WRITE_ADDRESS: fffffa8002f97d1f

FAULTING_IP:
+694a2faf03fdd974
fffffa80`082fa230 30a22f0880fa xor byte ptr [rdx-57FF7D1h],ah

MM_INTERNAL_CODE: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: devicetree.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff8800854b5c0 -- (.trap 0xfffff8800854b5c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8008797698 rbx=0000000000000000 rcx=fffffa80082fa060
rdx=fffffa80087974f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa80082fa230 rsp=fffff8800854b758 rbp=fffffa80082fa060
r8=fffffa80082fa230 r9=0000000000000001 r10=fffffa8006d43960
r11=fffff8800854b730 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
fffffa80082fa230 30a22f0880fa xor byte ptr [rdx-57FF7D1h],ah ds:fffffa8002f97d1f=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80003231400 to fffff80003286d00

STACK_TEXT:
fffff8800854b458 fffff80003231400 : 0000000000000050 fffffa8002f97d1f 0000000000000001 fffff8800854b5c0 : nt!KeBugCheckEx
fffff8800854b460 fffff80003284e2e : 0000000000000001 fffffa8002f97d1f 0000000000000000 0000000000000007 : nt! ?? ::FNODOBFM::string'+0x448c6 fffff8800854b5c0 fffffa80082fa230 : fffff88004507eb0 fffffa8008499000 fffffa80082fa1b0 fffffa80082fa060 : nt!KiPageFault+0x16e fffff8800854b758 fffff88004507eb0 : fffffa8008499000 fffffa80082fa1b0 fffffa80082fa060 fffffa80087974f0 : 0xfffffa80082fa230
fffff8800854b760 fffff88004aa8435 : fffffa80087974f0 0000000000000000 fffffa80082fa060 fffffa80087974f0 : dxgkrnl!DpiDispatchPnp+0xc8
fffff8800854b7b0 fffff88007fd2469 : fffffa80087974f0 0000000000000000 fffff8800854bb60 fffff88003165180 : nvlddmkm+0x92435
fffff8800854b800 fffff88007fd2ffb : fffffa800760e910 fffffa80087974f0 0000000000000000 fffffa8009d8ac30 : OBJINFO+0x1469
fffff8800854b870 fffff800035a1127 : fffffa800760e910 fffffa8009d8ac30 fffffa8009d8ad48 fffffa8009d8ac30 : OBJINFO+0x1ffb
fffff8800854b8d0 fffff800035a1986 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
fffff8800854ba00 fffff80003285f93 : 0000000002e8d500 0000000000000005 000000000de4f6c0 000000000df109c0 : nt!NtDeviceIoControlFile+0x56
fffff8800854ba70 0000000076df138a : 00000000ffccc726 000000000df10130 0000000000000039 0000000000000184 : nt!KiSystemServiceCopyEnd+0x13
000000000021f0e8 00000000ffccc726 : 000000000df10130 0000000000000039 0000000000000184 000007fefe2810c4 : ntdll!NtDeviceIoControlFile+0xa
000000000021f0f0 000000000df10130 : 0000000000000039 0000000000000184 000007fefe2810c4 000000000021f148 : devicetree+0xfc726
000000000021f0f8 0000000000000039 : 0000000000000184 000007fefe2810c4 000000000021f148 00000000cf53200f : 0xdf10130
000000000021f100 0000000000000184 : 000007fefe2810c4 000000000021f148 00000000cf53200f 000000000021f178 : 0x39
000000000021f108 000007fefe2810c4 : 000000000021f148 00000000cf53200f 000000000021f178 0000000000000008 : 0x184
000000000021f110 000007fe0493e000 : 0000000000000000 0000000000000039 00000000000000ac 00000000ffd49250 : msvcrt!free+0x1c
000000000021f140 0000000000000000 : 0000000000000039 00000000000000ac 00000000ffd49250 0000000000000000 : 0x7fe`0493e000

STACK_COMMAND: kb

FOLLOWUP_IP:
dxgkrnl!DpiDispatchPnp+c8
fffff880`04507eb0 8bf0 mov esi,eax

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: dxgkrnl!DpiDispatchPnp+c8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dxgkrnl

IMAGE_NAME: dxgkrnl.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799fa

FAILURE_BUCKET_ID: X64_0x50_dxgkrnl!DpiDispatchPnp+c8

BUCKET_ID: X64_0x50_dxgkrnl!DpiDispatchPnp+c8

Followup: MachineOwner

2: kd> !irp fffffa80`087974f0 1
Irp is active with 4 stacks 4 is current (= 0xfffffa8008797698) No Mdl: No System Buffer: Thread fffffa8007ef7b60: Irp stack trace.
Flags = 00000000
ThreadListEntry.Flink = fffffa8008797510 ThreadListEntry.Blink = fffffa8008797510 IoStatus.Status = c00000bb IoStatus.Information = 00000000 RequestorMode = 00000000 Cancel = 00 CancelIrql = 0 ApcEnvironment = 00 UserIosb = fffff8800854b830 UserEvent = 00000000 Overlay.AsynchronousParameters.UserApcRoutine = 00000000 Overlay.AsynchronousParameters.UserApcContext = 00000000 Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = fffffa8008797568 Tail.Overlay.Thread = fffffa8007ef7b60 Tail.Overlay.AuxiliaryBuffer = 00000000 Tail.Overlay.ListEntry.Flink = 00000000 Tail.Overlay.ListEntry.Blink = 00000000 Tail.Overlay.CurrentStackLocation = fffffa8008797698 Tail.Overlay.OriginalFileObject = 00000000 Tail.Apc = 00000000 Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[1b, 7] 0 e0 fffffa80082fa060 00000000 fffff88007fd2318-fffff8800854b840 Success Error Cancel
\Driver\nvlddmkm OBJINFO
Args: 00000000 00000000 00000000 00000000

BSOD reproduces every time on my config when I switch to PnP View.
nvlddmkm.sys - nVidia driver 260.99.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:

To unsubscribe, visit the List Server section of OSR Online at ListServer/Forum

Eugene · May 27, 2011, 9:04am

I’ve tried nVidia drivers 270.61 and it works fine!

Mark, Peter, thank you very much!