pastebin - collaborative debugging tool
rovema.kpaste.net RSS


kernel crash "PFN list corrupt" with |MmUnmapLockedPages()| disabled
Posted by Anonymous on Mon 16th Oct 2023 15:09
raw | new post

  1. Kernel crash with "PFN list corrupt".
  2.  
  3. Current patch:
  4. ---- snip ----
  5. diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c
  6. index 0368732..1b16a18 100644
  7. --- a/sys/nfs41_driver.c
  8. +++ b/sys/nfs41_driver.c
  9. @@ -1632,7 +1632,7 @@ NTSTATUS unmarshal_nfs41_rw(
  10.      DbgP("unmarshal_nfs41_rw: returned len %lu ChangeTime %llu\n",
  11.          cur->buf_len, cur->ChangeTime);
  12.  #endif
  13. -#if 1
  14. +#if 0^M
  15.      /* 08/27/2010: it looks like we really don't need to call
  16.          * MmUnmapLockedPages() eventhough we called
  17.          * MmMapLockedPagesSpecifyCache() as the MDL passed to us
  18. ---- snip ----
  19.  
  20. Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
  21. Copyright (c) Microsoft Corporation. All rights reserved.
  22.  
  23.  
  24. Loading Dump File [C:\cygwin64\home\roland_mainz\tmp\nfsd_as_per_user_service_pfn_list_corrupt_20231016_002_MEMORY.DMP]
  25. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  26.  
  27.  
  28. ************* Path validation summary **************
  29. Response                         Time (ms)     Location
  30. Deferred                                       srv*
  31. Symbol search path is: srv*
  32. Executable search path is:
  33. Windows 10 Kernel Version 19041 MP (6 procs) Free x64
  34. Product: WinNt, suite: TerminalServer SingleUserTS
  35. Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
  36. Kernel base = 0xfffff802`46c00000 PsLoadedModuleList = 0xfffff802`4782a360
  37. Debug session time: Mon Oct 16 16:03:22.549 2023 (UTC + 2:00)
  38. System Uptime: 0 days 0:46:22.273
  39. Loading Kernel Symbols
  40. ...............................................................
  41. ................................................................
  42. ..............................................................
  43. Loading User Symbols
  44. PEB is paged out (Peb.Ldr = 00000000`00fd0018).  Type ".hh dbgerr001" for details
  45. Loading unloaded module list
  46. ......
  47. For analysis of this file, run !analyze -v
  48. nt!KeBugCheckEx:
  49. fffff802`46ffd640 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffc708`88f23f00=000000000000004e
  50. 4: kd> !analyze -v
  51. *******************************************************************************
  52. *                                                                             *
  53. *                        Bugcheck Analysis                                    *
  54. *                                                                             *
  55. *******************************************************************************
  56.  
  57. PFN_LIST_CORRUPT (4e)
  58. Typically caused by drivers passing bad memory descriptor lists (ie: calling
  59. MmUnlockPages twice with the same list, etc).  If a kernel debugger is
  60. available get the stack trace.
  61. Arguments:
  62. Arg1: 000000000000009a,
  63. Arg2: 0000000000018e15
  64. Arg3: 0000000000000006
  65. Arg4: 0000000000000002
  66.  
  67. Debugging Details:
  68. ------------------
  69.  
  70.  
  71. KEY_VALUES_STRING: 1
  72.  
  73.     Key  : Analysis.CPU.mSec
  74.     Value: 4311
  75.  
  76.     Key  : Analysis.Elapsed.mSec
  77.     Value: 4328
  78.  
  79.     Key  : Analysis.IO.Other.Mb
  80.     Value: 0
  81.  
  82.     Key  : Analysis.IO.Read.Mb
  83.     Value: 5
  84.  
  85.     Key  : Analysis.IO.Write.Mb
  86.     Value: 16
  87.  
  88.     Key  : Analysis.Init.CPU.mSec
  89.     Value: 1515
  90.  
  91.     Key  : Analysis.Init.Elapsed.mSec
  92.     Value: 46006
  93.  
  94.     Key  : Analysis.Memory.CommitPeak.Mb
  95.     Value: 99
  96.  
  97.     Key  : Bugcheck.Code.KiBugCheckData
  98.     Value: 0x4e
  99.  
  100.     Key  : Bugcheck.Code.LegacyAPI
  101.     Value: 0x4e
  102.  
  103.     Key  : Failure.Bucket
  104.     Value: 0x4E_9a_nt!MiDeleteNonPagedPoolPte
  105.  
  106.     Key  : Failure.Hash
  107.     Value: {aec87dc6-8e5e-ffb2-0aed-142948a6cbb3}
  108.  
  109.     Key  : Hypervisor.Enlightenments.Value
  110.     Value: 12576
  111.  
  112.     Key  : Hypervisor.Enlightenments.ValueHex
  113.     Value: 3120
  114.  
  115.     Key  : Hypervisor.Flags.AnyHypervisorPresent
  116.     Value: 1
  117.  
  118.     Key  : Hypervisor.Flags.ApicEnlightened
  119.     Value: 0
  120.  
  121.     Key  : Hypervisor.Flags.ApicVirtualizationAvailable
  122.     Value: 0
  123.  
  124.     Key  : Hypervisor.Flags.AsyncMemoryHint
  125.     Value: 0
  126.  
  127.     Key  : Hypervisor.Flags.CoreSchedulerRequested
  128.     Value: 0
  129.  
  130.     Key  : Hypervisor.Flags.CpuManager
  131.     Value: 0
  132.  
  133.     Key  : Hypervisor.Flags.DeprecateAutoEoi
  134.     Value: 1
  135.  
  136.     Key  : Hypervisor.Flags.DynamicCpuDisabled
  137.     Value: 0
  138.  
  139.     Key  : Hypervisor.Flags.Epf
  140.     Value: 0
  141.  
  142.     Key  : Hypervisor.Flags.ExtendedProcessorMasks
  143.     Value: 0
  144.  
  145.     Key  : Hypervisor.Flags.HardwareMbecAvailable
  146.     Value: 0
  147.  
  148.     Key  : Hypervisor.Flags.MaxBankNumber
  149.     Value: 0
  150.  
  151.     Key  : Hypervisor.Flags.MemoryZeroingControl
  152.     Value: 0
  153.  
  154.     Key  : Hypervisor.Flags.NoExtendedRangeFlush
  155.     Value: 1
  156.  
  157.     Key  : Hypervisor.Flags.NoNonArchCoreSharing
  158.     Value: 0
  159.  
  160.     Key  : Hypervisor.Flags.Phase0InitDone
  161.     Value: 1
  162.  
  163.     Key  : Hypervisor.Flags.PowerSchedulerQos
  164.     Value: 0
  165.  
  166.     Key  : Hypervisor.Flags.RootScheduler
  167.     Value: 0
  168.  
  169.     Key  : Hypervisor.Flags.SynicAvailable
  170.     Value: 1
  171.  
  172.     Key  : Hypervisor.Flags.UseQpcBias
  173.     Value: 0
  174.  
  175.     Key  : Hypervisor.Flags.Value
  176.     Value: 536632
  177.  
  178.     Key  : Hypervisor.Flags.ValueHex
  179.     Value: 83038
  180.  
  181.     Key  : Hypervisor.Flags.VpAssistPage
  182.     Value: 1
  183.  
  184.     Key  : Hypervisor.Flags.VsmAvailable
  185.     Value: 0
  186.  
  187.     Key  : Hypervisor.RootFlags.AccessStats
  188.     Value: 0
  189.  
  190.     Key  : Hypervisor.RootFlags.CrashdumpEnlightened
  191.     Value: 0
  192.  
  193.     Key  : Hypervisor.RootFlags.CreateVirtualProcessor
  194.     Value: 0
  195.  
  196.     Key  : Hypervisor.RootFlags.DisableHyperthreading
  197.     Value: 0
  198.  
  199.     Key  : Hypervisor.RootFlags.HostTimelineSync
  200.     Value: 0
  201.  
  202.     Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
  203.     Value: 0
  204.  
  205.     Key  : Hypervisor.RootFlags.IsHyperV
  206.     Value: 0
  207.  
  208.     Key  : Hypervisor.RootFlags.LivedumpEnlightened
  209.     Value: 0
  210.  
  211.     Key  : Hypervisor.RootFlags.MapDeviceInterrupt
  212.     Value: 0
  213.  
  214.     Key  : Hypervisor.RootFlags.MceEnlightened
  215.     Value: 0
  216.  
  217.     Key  : Hypervisor.RootFlags.Nested
  218.     Value: 0
  219.  
  220.     Key  : Hypervisor.RootFlags.StartLogicalProcessor
  221.     Value: 0
  222.  
  223.     Key  : Hypervisor.RootFlags.Value
  224.     Value: 0
  225.  
  226.     Key  : Hypervisor.RootFlags.ValueHex
  227.     Value: 0
  228.  
  229.     Key  : SecureKernel.HalpHvciEnabled
  230.     Value: 0
  231.  
  232.     Key  : WER.OS.Branch
  233.     Value: vb_release
  234.  
  235.     Key  : WER.OS.Version
  236.     Value: 10.0.19041.1
  237.  
  238.  
  239. BUGCHECK_CODE:  4e
  240.  
  241. BUGCHECK_P1: 9a
  242.  
  243. BUGCHECK_P2: 18e15
  244.  
  245. BUGCHECK_P3: 6
  246.  
  247. BUGCHECK_P4: 2
  248.  
  249. FILE_IN_CAB:  nfsd_as_per_user_service_pfn_list_corrupt_20231016_002_MEMORY.DMP
  250.  
  251. BLACKBOXBSD: 1 (!blackboxbsd)
  252.  
  253.  
  254. BLACKBOXNTFS: 1 (!blackboxntfs)
  255.  
  256.  
  257. BLACKBOXPNP: 1 (!blackboxpnp)
  258.  
  259.  
  260. BLACKBOXWINLOGON: 1
  261.  
  262. PROCESS_NAME:  cl.exe
  263.  
  264. STACK_TEXT:  
  265. ffffc708`88f23ef8 fffff802`47077795     : 00000000`0000004e 00000000`0000009a 00000000`00018e15 00000000`00000006 : nt!KeBugCheckEx
  266. ffffc708`88f23f00 fffff802`46f302d2     : ffffc9c2`c7a73520 ffffc708`88f24070 ffff858f`00000002 ffffc9e4`00000000 : nt!MiDeleteNonPagedPoolPte+0x147395
  267. ffffc708`88f23f70 fffff802`46ec0f8e     : 001200a9`00000000 001200a9`00000300 ffffc708`88f24320 00000000`00000008 : nt!MiClearNonPagedPtes+0x162
  268. ffffc708`88f241a0 fffff802`46ec0db2     : 00000000`00000000 ffffc708`88f24311 ffffffff`ffffffff 00000000`00004000 : nt!MmFreePoolMemory+0x1aa
  269. ffffc708`88f24220 fffff802`46ec0d46     : 00000000`00000000 ffff858f`4e6a4000 00000000`00001000 00000000`00004000 : nt!RtlpHpEnvFreeVA+0x12
  270. ffffc708`88f24250 fffff802`46e92f83     : ffff858f`43402100 ffffffff`ffffffff ffff858f`45de006b 00000000`00000000 : nt!RtlpHpFreeVA+0x3a
  271. ffffc708`88f24290 fffff802`46e92c2e     : ffffffff`ffffff00 00000000`ffffffff 00000000`00000040 00000000`ffffffff : nt!RtlpHpSegMgrCommit+0x1e3
  272. ffffc708`88f24360 fffff802`46e9212b     : 00000000`00000001 ffff858f`4e600c80 ffff858f`00000040 00000000`00000001 : nt!RtlpHpSegPageRangeCommit+0x1ee
  273. ffffc708`88f24400 fffff802`46f46b89     : ffffc708`88f24590 00000000`00040000 00000000`00040000 00000000`00000000 : nt!RtlpHpSegAlloc+0x14b
  274. ffffc708`88f24460 fffff802`46f46b0c     : ffff858f`43402340 00000000`00000000 00000000`00040000 ffff858f`43402340 : nt!RtlpHpSegSubAllocate+0x3d
  275. ffffc708`88f244b0 fffff802`46f1a081     : ffff858f`43402340 00000000`00000000 00000000`00000016 00000000`00000001 : nt!RtlpHpSegLfhAllocate+0x1c
  276. ffffc708`88f244f0 fffff802`46e12c4e     : 00000000`00000170 ffffffff`00000013 ffffc708`00000000 fffff802`00000013 : nt!RtlpHpLfhSubsegmentCreate+0x135
  277. ffffc708`88f24580 fffff802`46e11611     : ffff858f`43402340 ffff858f`43404080 ffff858f`434041c0 00000000`00000170 : nt!RtlpHpLfhSlotAllocate+0xcbe
  278. ffffc708`88f246d0 fffff802`475b8074     : ffff858f`00000000 ffffa68d`8e93b5a0 00000000`4678744e 00000000`00000000 : nt!ExAllocateHeapPool+0x2b1
  279. ffffc708`88f24810 fffff802`48ce391e     : 003d0000`000077cb 00000000`00000008 00000000`00000160 00000000`00000000 : nt!ExAllocatePoolWithTag+0x64
  280. ffffc708`88f24860 fffff802`48df5430     : 003d0000`000077cb 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsAllocateNonpagedFcb+0x1e
  281. ffffc708`88f24890 fffff802`48ded146     : ffff858f`4bbe68a8 ffff858f`45e031a0 ffffa68d`78e8a000 003d0000`000077cb : Ntfs!NtfsCreateFcb+0x2a0
  282. ffffc708`88f249d0 fffff802`48db18f3     : ffff858f`4bbe68a8 ffffa68d`7fce2170 ffffa68d`8df67a70 ffffc708`88f25170 : Ntfs!NtfsCreateNewFile+0xae6
  283. ffffc708`88f24d80 fffff802`48dabe6b     : ffff858f`4d0f1af0 ffffc708`88f25170 ffff858f`4d0f1af0 00000000`00000000 : Ntfs!NtfsCommonCreate+0x14b3
  284. ffffc708`88f25060 fffff802`46e10665     : ffff858f`45e03050 ffff858f`4d0f1af0 ffffc708`88f25300 ffff858f`4e025740 : Ntfs!NtfsFsdCreate+0x1db
  285. ffffc708`88f252e0 fffff802`42b2710f     : ffff858f`4e025700 ffffc708`88f253d0 ffffc708`88f253d9 fffff802`42b25f7a : nt!IofCallDriver+0x55
  286. ffffc708`88f25320 fffff802`42b59f54     : ffffc708`88f253d0 ffff858f`4e025798 ffff858f`456d4950 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
  287. ffffc708`88f25390 fffff802`46e10665     : 00000000`00000000 ffff858f`4573c080 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
  288. ffffc708`88f25440 fffff802`46e0b674     : 00000000`00000003 ffff858f`4d0f1af0 ffff858f`6d4e6f49 fffff802`46e0b5e3 : nt!IofCallDriver+0x55
  289. ffffc708`88f25480 fffff802`471edf3b     : ffffc708`88f25740 ffff858f`4573c080 ffff858f`4e0257d8 00000000`00000000 : nt!IoCallDriverWithTracing+0x34
  290. ffffc708`88f254d0 fffff802`47206647     : ffff858f`4573c080 ffff858f`4573c050 ffff858f`43b6d010 ffffa68d`78e75101 : nt!IopParseDevice+0x11bb
  291. ffffc708`88f25640 fffff802`471fd5fa     : ffff858f`43b6d001 ffffc708`88f258a8 00000000`00000042 ffff858f`43adff00 : nt!ObpLookupObjectName+0x1117
  292. ffffc708`88f25810 fffff802`4726d46b     : ffff858f`00000000 00000000`00dbecf0 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1fa
  293. ffffc708`88f25940 fffff802`4726c129     : 00000000`00dbe420 00000000`c0100080 00000000`00dbecf0 00000000`00dbe438 : nt!IopCreateFile+0x132b
  294. ffffc708`88f25a00 fffff802`47010ef5     : ffff858f`4cf04080 00000000`00dbe448 00000000`00000000 ffff858f`00000008 : nt!NtCreateFile+0x79
  295. ffffc708`88f25a90 00007ffe`5c0eda84     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  296. 00000000`00dbe3a8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`5c0eda84
  297.  
  298.  
  299. SYMBOL_NAME:  nt!MiDeleteNonPagedPoolPte+147395
  300.  
  301. MODULE_NAME: nt
  302.  
  303. STACK_COMMAND:  .cxr; .ecxr ; kb
  304.  
  305. IMAGE_NAME:  ntkrnlmp.exe
  306.  
  307. BUCKET_ID_FUNC_OFFSET:  147395
  308.  
  309. FAILURE_BUCKET_ID:  0x4E_9a_nt!MiDeleteNonPagedPoolPte
  310.  
  311. OS_VERSION:  10.0.19041.1
  312.  
  313. BUILDLAB_STR:  vb_release
  314.  
  315. OSPLATFORM_TYPE:  x64
  316.  
  317. OSNAME:  Windows 10
  318.  
  319. FAILURE_ID_HASH:  {aec87dc6-8e5e-ffb2-0aed-142948a6cbb3}
  320.  
  321. Followup:     MachineOwner
  322. ---------

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at