RE: A BSOD stack dump. Help me to find the buggy code.

Futoshi_Baba · November 5, 2002, 4:23am

Hi,

memory area your kernel mode driver handled has been already paged out.
Ithis memory area should be assigned non-paged pool, should not it?

Thanks Futoshi

-----Original Message-----
From: Chen ZM [mailto:xxxxx@sina.com]
Sent: Friday, November 05, 2004 6:12 PM
To: NT Developers Interest List
Subject: [ntdev] A BSOD stack dump. Help me to find the buggy code.

Hi,

My Win2K kernel mode driver frequently crashes the system, and don’t know
where to find the guilty code. Following is the stack dump when system
crashed:

Error=50(PAGE_FAULT_IN_NONPAGED_AREA)
P1=E2707000 P2=1 P3=ED42BB8C P4=1

ntoskrnl!KeBugCheckEx+001
ntoskrnl!memmove+00B7
ntoskrnl!PAGE+0005B18F
ntoskrnl!MmPageEntireDriver+0B42
ntoskrnl!CcSetDirtyPinnedData+0C7E
ntoskrnl!CcWaitForCurrentLazyWriterActivity+05A9
ntoskrnl!ExQueurWorkItem+017D
ntoskrnl!PsSetCreateThreadNotifyRoutine+00AA
ntoskrnl!KiUnexpectedInterrrup+0180

Thanks for any suggestions.

Chen ZM

You are currently subscribed to ntdev as: xxxxx@citrix.co.jp
To unsubscribe send a blank email to %%email.unsub%%

James_Antognini · November 5, 2002, 11:48am

When I’ve encountered this particular error, it was because my code was
referring to an address in a non-paged area but the address was not
backed because virtual storage had not been obtained first. This is a
different error from trying to touch a pageable area for which storage
had in fact been obtained but for which the real-memory backing had been
stolen.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini

OSR_Community_User · November 6, 2002, 7:17am

Hi James,

When I’ve encountered this particular error, it was because my code was
referring to an address in a non-paged area but the address was not
backed because virtual storage had not been obtained first. This is a
different error from trying to touch a pageable area for which storage
had in fact been obtained but for which the real-memory backing had been
stolen.

All buffers allocated in my driver is specified as non-pagable, so I think your description may help me to resovle my problem. But I am not very clear about what you said. What do you mean by “the address was not backed because virtual storage had not been obtained first.” and “for which storage had in fact been obtained but for which the real-memory backing had been stolen.”

Thanks a lot!

Chen Z.M

James_Antognini · November 6, 2002, 10:49am

There are certain address ranges in kernel space that are intended for
pages that are always backed by real memory, PROVIDED that something,
like the OS or a driver, has in fact obtained storage (eg, with
ExAllocatePoolWithTag() with pool type NonPagedPool). But if a kernel
routine refers to an address in such a range but there was no previous
and still valid (because the storage was not freed)
ExAllocatePoolWithTag() for that address – if, in short, there is no
backing – one will encounter the error you saw.

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini

Tom_Stonecypher-1 · November 6, 2002, 9:07pm

I think you mean “mapping”, not “backing”. Unless I’m wrong, the term “backing” refers to the the “backed up” copy of a
paged-out virtual address range, on disk in the pagefile. Nonpaged pool has a system-space mapping, but there is no
backing, since it’s never paged out.

-Tom

Tom Stonecypher
xxxxx@iStreamConsulting.com
www.iStreamConsulting.com
+1-803-463-6340

“James Antognini” wrote in message news:xxxxx@ntdev…
>
> There are certain address ranges in kernel space that are intended for
> pages that are always backed by real memory, PROVIDED that something,
> like the OS or a driver, has in fact obtained storage (eg, with
> ExAllocatePoolWithTag() with pool type NonPagedPool). But if a kernel
> routine refers to an address in such a range but there was no previous
> and still valid (because the storage was not freed)
> ExAllocatePoolWithTag() for that address – if, in short, there is no
> backing – one will encounter the error you saw.
>
> –
> If replying by e-mail, please remove “nospam.” from the address.
>
> James Antognini
>
>
>
>

James_Antognini · November 6, 2002, 11:22pm

You are quite right in that “backing store” is very commonly intended to
mean paging files. My usage reflects my mainframe origins. But now that
you raise the issue, I note that the DDK uses “backing” to denote
physical memory in various places. For example, under “Storage Class
Driver’s SplitTransferRequest Routine,” there is “how many noncontiguous
pages the HBA can manage in the physical memory backing a system
buffer.” And under the topics of IEEE 1394 and NDIS, “backing store” is
employed in a similar way.

(By the way, the search engine for the DDK at the OSR Web site is vastly
superior to that supplied with the DDK as installed from CD.)

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini

Peter_Viscarola_OSR · November 15, 2002, 4:32pm

Please refer to the previous post on this list entitled
GUIDANCE: Why Is My Driver Crashing??

From 5 September 2002

Peter
OSR

“Chen ZM” wrote in message news:xxxxx@ntdev…
>
> Hi,
>
> My Win2K kernel mode driver frequently crashes the system, and don’t know
where to find the guilty code. Following is the stack dump when system
crashed:
>
> Error=50(PAGE_FAULT_IN_NONPAGED_AREA)
> P1=E2707000 P2=1 P3=ED42BB8C P4=1
>
> ntoskrnl!KeBugCheckEx+001
> ntoskrnl!memmove+00B7
> ntoskrnl!PAGE+0005B18F
> ntoskrnl!MmPageEntireDriver+0B42
> ntoskrnl!CcSetDirtyPinnedData+0C7E
> ntoskrnl!CcWaitForCurrentLazyWriterActivity+05A9
> ntoskrnl!ExQueurWorkItem+017D
> ntoskrnl!PsSetCreateThreadNotifyRoutine+00AA
> ntoskrnl!KiUnexpectedInterrrup+0180
>
> Thanks for any suggestions.
>
> Chen ZM
>
>
>
>
>
>