none
[NDIS] Bluescreen error : Unable to get PXE

    Question

  • Hi,

    I am getting the bluescreen error while using NDIS. 

    Debugging is being done based on the information in the link  -  http://blogs.msdn.com/b/ntdebugging/archive/2013/12/31/understanding-pool-corruption-part-3-special-pool-for-double-frees.aspx

    But, a different log like 'Unable to get PXE FFFFF6FB7DBED000' is displayed as below 

    kd> !pte 000000000000000a
                                               VA 000000000000000a
    PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000000    PTE at FFFFF68000000000
    Unable to get PXE FFFFF6FB7DBED000

    Can you pls suggest how to overcome this and go ahead with debugging ?

    I have provided below the complete logs for your reference.  

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Dell3\Desktop\log report _bluescreen\New_Crash_with_verifier\012116-32089-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    WARNING: Inaccessible path: 'C:\Windows\System32\drivers\nsmuxtun.sys'
    WARNING: Path element is empty
    Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols;;C:\Users\Dell3\Desktop\k4.5.0.002_Win101\build\output\Windows7_x86_64_kmod_release
    Executable search path is: C:\Windows\System32\drivers\nsmuxtun.sys
    Windows 7 Kernel Version 7601 (Service Pack 1) UP Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`02a14000 PsLoadedModuleList = 0xfffff800`02c59e90
    Debug session time: Thu Jan 21 17:49:42.581 2016 (UTC + 5:30)
    System Uptime: 0 days 0:21:07.751
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................
    Loading User Symbols
    Loading unloaded module list
    ...........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {a, 2, 0, fffff88003c4d695}

    Unable to load image nsmuxtun.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for nsmuxtun.sys
    Probably caused by : Unknown_Image ( nsmuxtun!CFilter::SendNetBufferListsComplete+65 )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 000000000000000a, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff88003c4d695, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc50e8
     000000000000000a 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nsmuxtun!CFilter::SendNetBufferListsComplete+65 [c:\users\dell3\desktop\k4.5.0.002_win101\src\cpp\client\driver\multiplexer\windows\ndis62\filter.cpp @ 490]
    fffff880`03c4d695 0fb7410a        movzx   eax,word ptr [rcx+0Ah]

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  chrome.exe

    LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

    STACK_TEXT:  
    00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP: 
    nsmuxtun!CFilter::SendNetBufferListsComplete+65 [c:\users\dell3\desktop\k4.5.0.002_win101\src\cpp\client\driver\multiplexer\windows\ndis62\filter.cpp @ 490]
    fffff880`03c4d695 0fb7410a        movzx   eax,word ptr [rcx+0Ah]

    SYMBOL_NAME:  nsmuxtun!CFilter::SendNetBufferListsComplete+65

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: Unknown_Module

    IMAGE_NAME:  Unknown_Image

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    BUCKET_ID:  INVALID_KERNEL_CONTEXT

    Followup: MachineOwner
    ---------

    kd> !pool fffff88003c4d695
    Pool page fffff88003c4d695 region is Unknown
    GetUlongFromAddress: unable to read from fffff80002c32210
    fffff88003c4d000 is not a valid small pool allocation, checking large pool...
    unable to get pool big page table - either wrong symbols or pool tagging is disabled
    fffff88003c4d000 is freed (or corrupt) pool
    Bad previous allocation size @fffff88003c4d000, last size was 0

    ***
    *** An error (or corruption) in the pool was detected;
    *** Pool Region unknown (0xFFFFF88003C4D000)
    ***
    *** Use !poolval fffff88003c4d000 for more details.
    ***  

    kd> ub .
           ^ Unable to find valid previous instruction for 'ub .'
    kd> kn
     # Child-SP          RetAddr           Call Site
    00 00000000`00000000 00000000`00000000 0x0
    kd> 
     # Child-SP          RetAddr           Call Site
    00 00000000`00000000 00000000`00000000 0x0
    kd> 
     # Child-SP          RetAddr           Call Site
    00 00000000`00000000 00000000`00000000 0x0
    kd> dd 000000000000000a
    00000000`0000000a  ???????? ???????? ???????? ????????
    00000000`0000001a  ???????? ???????? ???????? ????????
    00000000`0000002a  ???????? ???????? ???????? ????????
    00000000`0000003a  ???????? ???????? ???????? ????????
    00000000`0000004a  ???????? ???????? ???????? ????????
    00000000`0000005a  ???????? ???????? ???????? ????????
    00000000`0000006a  ???????? ???????? ???????? ????????
    00000000`0000007a  ???????? ???????? ???????? ????????
    kd> !pte 000000000000000a
                                               VA 000000000000000a
    PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000000    PTE at FFFFF68000000000
    Unable to get PXE FFFFF6FB7DBED000
    kd> k
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0
    kd> 
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0
    kd> 
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0
    kd> 
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0
    kd> 
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0
    kd> 
    Child-SP          RetAddr           Call Site
    00000000`00000000 00000000`00000000 0x0

    Thanks,

    Karthik Balaguru

    • Moved by Just KarlModerator Tuesday, January 26, 2016 3:22 PM Looking for the correct forum.
    Friday, January 22, 2016 4:09 AM

Answers

All replies

  • The earlier analysis was based on minidump. So, we tried with 

    On Analyzing the MEMORY dump, we get the following. Please let me know the exact issue.

    Furnished below the required logs for your reference :

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\NSLASP3\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Path element is empty
    Symbol search path is: srv*https://msdl.microsoft.com/download/symbols;;C:\Users\NSLASP3\Desktop\Windows7_x86_64_kmod_debug
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.19045.amd64fre.win7sp1_gdr.151019-1254
    Machine Name:
    Kernel base = 0xfffff800`02c66000 PsLoadedModuleList = 0xfffff800`02ead730
    Debug session time: Mon Jan 25 17:23:06.738 2016 (UTC + 5:30)
    System Uptime: 0 days 1:38:38.940
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ......Page 1c2a12 not present in the dump file. Type ".hh dbgerr004" for details
    .................................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 00000000`fffdf018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ....................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {fffff980919bee20, 2, 0, fffff8800b7dd1a9}

    *** ERROR: Module load completed but symbols could not be loaded for nsvnet.sys
    *** ERROR: Module load completed but symbols could not be loaded for nsmuxtun.sys
    Probably caused by : nsvnet.sys ( nsvnet+21a9 )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff980919bee20, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff8800b7dd1a9, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS:  fffff980919bee20 Special pool

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nsvnet+21a9
    fffff880`0b7dd1a9 488b1a          mov     rbx,qword ptr [rdx]

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  chrome.exe

    TRAP_FRAME:  fffff8800585b4c0 -- (.trap 0xfffff8800585b4c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff880016a1ec0
    rdx=fffff980919bee20 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800b7dd1a9 rsp=fffff8800585b650 rbp=fffff980919aae20
     r8=fffffa80067f2780  r9=fffffa8009366270 r10=0000000000000002
    r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    nsvnet+0x21a9:
    fffff880`0b7dd1a9 488b1a          mov     rbx,qword ptr [rdx] ds:fffff980`919bee20=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80002cd91e9 to fffff80002cd9c40

    STACK_TEXT:  
    fffff880`0585b378 fffff800`02cd91e9 : 00000000`0000000a fffff980`919bee20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0585b380 fffff800`02cd7e60 : fffff980`9077cd30 fffff980`9077cd30 00000000`00000000 fffff980`919bee20 : nt!KiBugCheckDispatch+0x69
    fffff880`0585b4c0 fffff880`0b7dd1a9 : fffff980`919bee20 fffff980`919aae20 00000000`00000000 fffff980`08382f78 : nt!KiPageFault+0x260
    fffff880`0585b650 fffff880`016f94f1 : fffffa80`081c11a0 00000000`00000000 fffff980`919bee20 fffff800`0317c37c : nsvnet+0x21a9
    fffff880`0585b680 fffff880`0163c4b4 : 00000000`00000000 fffff980`08212c80 00000000`00000000 00000000`00000000 : ndis!ndisMSendNBLToMiniport+0xb1
    fffff880`0585b6e0 fffff880`0423a5fc : fffff980`9077cd30 00000000`00000000 fffff980`02f50fa8 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64
    fffff880`0585b720 fffff880`0163c4b4 : fffff980`08042c80 00000000`00000000 00000000`00000000 00000000`00000000 : nsmuxtun+0x35fc
    fffff880`0585b790 fffff880`0400a199 : 00000000`00000000 fffffa80`081c11a0 00000000`00000000 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64
    fffff880`0585b7d0 fffff880`0163c3f9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : pacer!PcFilterSendNetBufferLists+0x29
    fffff880`0585b8d0 fffff880`016f95d5 : 00000000`00000863 00000000`00000000 fffffa80`081c11a0 fffff800`02d054a0 : ndis!ndisSendNBLToFilter+0x69
    fffff880`0585b930 fffff880`0185f5ce : 00000000`00000000 00000000`0000000e fffffa80`075a7010 fffff800`02d054a0 : ndis!NdisSendNetBufferLists+0x85
    fffff880`0585b990 fffff880`0185d1c7 : fffff880`0196e9a0 00000000`00000000 fffffa80`08000000 fffff980`01960800 : tcpip!IppFragmentPackets+0x39e
    fffff880`0585bab0 fffff880`0185ebf5 : 00000000`00000000 00000000`00000000 fffffa80`09660080 fffffa80`07d03cec : tcpip!IppDispatchSendPacketHelper+0x87
    fffff880`0585bb70 fffff880`0185de7e : fffffa80`07d03c06 fffff880`0585bf00 00000000`00000014 fffffa80`00000000 : tcpip!IppPacketizeDatagrams+0x2d5
    fffff880`0585bc90 fffff880`0186079e : 00000000`00000000 00000000`00004007 00000000`5b211f01 fffffa80`0815c890 : tcpip!IppSendDatagramsCommon+0x87e
    fffff880`0585be30 fffff880`01868aad : fffffa80`08253190 00000000`00000001 00000000`0000c2d8 00000000`0000060e : tcpip!IpNlpSendDatagrams+0x3e
    fffff880`0585be70 fffff880`01869450 : 61000001`d3a80860 fffff880`041a1650 00000000`00000000 00000000`00004800 : tcpip!TcpTcbSend+0x6ad
    fffff880`0585c0f0 fffff880`018681a8 : 00000000`00000000 00000000`00000000 fffff880`0585c310 fffff880`0585c420 : tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa0
    fffff880`0585c120 fffff880`0186836b : fffff880`00000000 00001f80`0108471c 00000000`00004800 fffffa80`08c63880 : tcpip!TcpEnqueueTcbSend+0x258
    fffff880`0585c1d0 fffff800`02ce6188 : 00000000`00000001 fffffa80`08627b60 00000000`00000000 fffff880`05855000 : tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
    fffff880`0585c200 fffff880`0186922a : fffff880`01868350 00000000`00000000 81a00000`206da900 fffff880`041a1601 : nt!KeExpandKernelStackAndCalloutEx+0xd8
    fffff880`0585c2e0 fffff880`041b99cb : fffffa80`083a5730 fffff880`0585cb60 00000000`0000060e fffffa80`077d4d90 : tcpip!TcpTlConnectionSend+0x7a
    fffff880`0585c350 fffff880`041a0469 : 00000000`000001f1 00000000`00000000 fffff6fb`7e280148 fffff800`02d0ad26 : afd!AfdFastConnectionSend+0x38b
    fffff880`0585c510 fffff800`02ff9690 : 00000000`0000060e 00000000`00000000 fffffa80`08107930 00000000`0552e9a0 : afd!AfdFastIoDeviceControl+0x459
    fffff880`0585c880 fffff800`02ff9dc6 : fffff880`0585cab8 00000000`00000ae4 00000000`00000001 00000000`0d524e08 : nt!IopXxxControlFile+0x520
    fffff880`0585ca00 fffff800`02cd8ed3 : fffff880`0585cb60 fffffa80`09675e10 fffff880`0585cab8 fffff800`02fc5c00 : nt!NtDeviceIoControlFile+0x56
    fffff880`0585ca70 00000000`744a2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0552e928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x744a2e09


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    nsvnet+21a9
    fffff880`0b7dd1a9 488b1a          mov     rbx,qword ptr [rdx]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nsvnet+21a9

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nsvnet

    IMAGE_NAME:  nsvnet.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  560bb2b5

    FAILURE_BUCKET_ID:  X64_0xD1_VRF_nsvnet+21a9

    BUCKET_ID:  X64_0xD1_VRF_nsvnet+21a9

    Followup: MachineOwner
    ---------

    2: kd> kn
     # Child-SP          RetAddr           Call Site
    00 fffff880`0585b378 fffff800`02cd91e9 nt!KeBugCheckEx
    01 fffff880`0585b380 fffff800`02cd7e60 nt!KiBugCheckDispatch+0x69
    02 fffff880`0585b4c0 fffff880`0b7dd1a9 nt!KiPageFault+0x260
    03 fffff880`0585b650 fffff880`016f94f1 nsvnet+0x21a9
    04 fffff880`0585b680 fffff880`0163c4b4 ndis!ndisMSendNBLToMiniport+0xb1
    05 fffff880`0585b6e0 fffff880`0423a5fc ndis!NdisFSendNetBufferLists+0x64
    06 fffff880`0585b720 fffff880`0163c4b4 nsmuxtun+0x35fc
    07 fffff880`0585b790 fffff880`0400a199 ndis!NdisFSendNetBufferLists+0x64
    08 fffff880`0585b7d0 fffff880`0163c3f9 pacer!PcFilterSendNetBufferLists+0x29
    09 fffff880`0585b8d0 fffff880`016f95d5 ndis!ndisSendNBLToFilter+0x69
    0a fffff880`0585b930 fffff880`0185f5ce ndis!NdisSendNetBufferLists+0x85
    0b fffff880`0585b990 fffff880`0185d1c7 tcpip!IppFragmentPackets+0x39e
    0c fffff880`0585bab0 fffff880`0185ebf5 tcpip!IppDispatchSendPacketHelper+0x87
    0d fffff880`0585bb70 fffff880`0185de7e tcpip!IppPacketizeDatagrams+0x2d5
    0e fffff880`0585bc90 fffff880`0186079e tcpip!IppSendDatagramsCommon+0x87e
    0f fffff880`0585be30 fffff880`01868aad tcpip!IpNlpSendDatagrams+0x3e
    10 fffff880`0585be70 fffff880`01869450 tcpip!TcpTcbSend+0x6ad
    11 fffff880`0585c0f0 fffff880`018681a8 tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa0
    12 fffff880`0585c120 fffff880`0186836b tcpip!TcpEnqueueTcbSend+0x258
    13 fffff880`0585c1d0 fffff800`02ce6188 tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
    14 fffff880`0585c200 fffff880`0186922a nt!KeExpandKernelStackAndCalloutEx+0xd8
    15 fffff880`0585c2e0 fffff880`041b99cb tcpip!TcpTlConnectionSend+0x7a
    16 fffff880`0585c350 fffff880`041a0469 afd!AfdFastConnectionSend+0x38b
    17 fffff880`0585c510 fffff800`02ff9690 afd!AfdFastIoDeviceControl+0x459
    18 fffff880`0585c880 fffff800`02ff9dc6 nt!IopXxxControlFile+0x520
    19 fffff880`0585ca00 fffff800`02cd8ed3 nt!NtDeviceIoControlFile+0x56
    1a fffff880`0585ca70 00000000`744a2e09 nt!KiSystemServiceCopyEnd+0x13
    1b 00000000`0552e928 00000000`00000000 0x744a2e09
    2: kd> dd fffff980919bee20
    fffff980`919bee20  ???????? ???????? ???????? ????????
    fffff980`919bee30  ???????? ???????? ???????? ????????
    fffff980`919bee40  ???????? ???????? ???????? ????????
    fffff980`919bee50  ???????? ???????? ???????? ????????
    fffff980`919bee60  ???????? ???????? ???????? ????????
    fffff980`919bee70  ???????? ???????? ???????? ????????
    fffff980`919bee80  ???????? ???????? ???????? ????????
    fffff980`919bee90  ???????? ???????? ???????? ????????
    2: kd> !pte fffff980919bee20
                                               VA fffff980919bee20
    PXE at FFFFF6FB7DBEDF98    PPE at FFFFF6FB7DBF3010    PDE at FFFFF6FB7E602460    PTE at FFFFF6FCC048CDF0
    contains 00000001E4E87863  contains 000000013EA93863  contains 000000008E4D8863  contains 180918E000000000
    pfn 1e4e87    ---DA--KWEV  pfn 13ea93    ---DA--KWEV  pfn 8e4d8     ---DA--KWEV  not valid
                                                                                      PageFile:  0
                                                                                      Offset: 180918e0
                                                                                      Protect: 0

    2: kd> .frame /r 6
    06 fffff880`0585b720 fffff880`0163c4b4 nsmuxtun+0x35fc
    rax=fffff8800585b480 rbx=0000000000000000 rcx=000000000000000a
    rdx=fffff980919bee20 rsi=fffff98002f50fa8 rdi=0000000000000000
    rip=fffff8800423a5fc rsp=fffff8800585b720 rbp=0000000000000000
     r8=0000000000000002  r9=0000000000000000 r10=fffff8800b7dd1a9
    r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=fffff980919aae20
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00200282
    nsmuxtun+0x35fc:
    fffff880`0423a5fc 4885ed          test    rbp,rbp
    2: kd> ub fffff880`0423a5fc
    nsmuxtun+0x35db:
    fffff880`0423a5db 0f859bfeffff    jne     nsmuxtun+0x347c (fffff880`0423a47c)
    fffff880`0423a5e1 4d85ff          test    r15,r15
    fffff880`0423a5e4 7416            je      nsmuxtun+0x35fc (fffff880`0423a5fc)
    fffff880`0423a5e6 448b842480000000 mov     r8d,dword ptr [rsp+80h]
    fffff880`0423a5ee 488b0e          mov     rcx,qword ptr [rsi]
    fffff880`0423a5f1 458bcd          mov     r9d,r13d
    fffff880`0423a5f4 498bd7          mov     rdx,r15
    fffff880`0423a5f7 e8c6f70000      call    nsmuxtun+0x12dc2 (fffff880`04249dc2)
    2: kd> !verifier 80 fffff98002f50fa8

    Log of recent kernel pool Allocate and Free operations:

    There are up to 0x10000 entries in the log.

    Parsing 0x0000000000010000 log entries, searching for address 0xfffff98002f50fa8.



    Finished parsing all pool tracking information.
    No entries matching address fffff98002f50fa8 have been found.





    2: kd> .frame /r 3
    03 fffff880`0585b650 fffff880`016f94f1 nsvnet+0x21a9
    rax=fffff8800585b480 rbx=fffff980919bee20 rcx=000000000000000a
    rdx=fffff980919bee20 rsi=0000000000000000 rdi=fffff98008382f78
    rip=fffff8800b7dd1a9 rsp=fffff8800585b650 rbp=fffff980919aae20
     r8=0000000000000002  r9=0000000000000000 r10=fffff8800b7dd1a9
    r11=0000000000000000 r12=0000000000000000 r13=fffff8800b7dd1e4
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00200282
    nsvnet+0x21a9:
    fffff880`0b7dd1a9 488b1a          mov     rbx,qword ptr [rdx] ds:002b:fffff980`919bee20=????????????????
    2: kd> !verifier 80 fffff980919bee20

    Log of recent kernel pool Allocate and Free operations:

    There are up to 0x10000 entries in the log.

    Parsing 0x0000000000010000 log entries, searching for address 0xfffff980919bee20.


    ======================================================================
    Pool block fffff980919bee00, Size 0000000000000200, Thread fffffa80083ef890
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8800163c212 ndis!NdisFreeNetBufferList+0x112
    fffff8800423a671 nsmuxtun+0x3671
    fffff880016f921d ndis!NdisMSendNetBufferListsComplete+0x6d
    fffff8800b7dd1cb nsvnet+0x21cb
    fffff880016f94f1 ndis!ndisMSendNBLToMiniport+0xb1
    fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
    fffff8800423a5fc nsmuxtun+0x35fc
    fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
    fffff8800400a199 pacer!PcFilterSendNetBufferLists+0x29
    fffff8800163c3f9 ndis!ndisSendNBLToFilter+0x69
    fffff880016f95d5 ndis!NdisSendNetBufferLists+0x85
    ======================================================================
    Pool block fffff980919bee00, Size 0000000000000200, Thread fffffa80083ef890
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
    fffff88001642d2e ndis!ndisAllocateFromNPagedPool+0x1e
    fffff8800163e42f ndis!NdisAllocateNetBufferAndNetBufferList+0x293
    fffff8800423a500 nsmuxtun+0x3500
    fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
    fffff8800400a199 pacer!PcFilterSendNetBufferLists+0x29
    fffff8800163c3f9 ndis!ndisSendNBLToFilter+0x69
    fffff880016f95d5 ndis!NdisSendNetBufferLists+0x85
    fffff8800185f5ce tcpip!IppFragmentPackets+0x39e
    fffff8800185d1c7 tcpip!IppDispatchSendPacketHelper+0x87
    fffff8800185ebf5 tcpip!IppPacketizeDatagrams+0x2d5
    fffff8800185de7e tcpip!IppSendDatagramsCommon+0x87e
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa80083e5b50
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8000318a156 nt!VfIoFreeIrp+0xe6
    fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for fltmgr.sys - 
    fffff880010d77b8 fltmgr!FltIsCallbackDataDirty+0x1ec8
    fffff8800110e126 fltmgr!FltNotifyFilterChangeDirectory+0x636
    fffff8800110eb38 fltmgr!FltFsControlFile+0x48
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for mfehidk.sys - 
    fffff880012a0ce3 mfehidk+0x6ace3
    fffff880012a2b7f mfehidk+0x6cb7f
    *** ERROR: Module load completed but symbols could not be loaded for mfeavfk.sys
    fffff8800677f99f mfeavfk+0xd99f
    fffff8800677a576 mfeavfk+0x8576
    fffff8800677c6b1 mfeavfk+0xa6b1
    fffff88001264a8e mfehidk+0x2ea8e
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa80083e5b50
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180d90 nt!ViIrpAllocate+0x40
    fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
    fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
    fffff8000318abc2 nt!IovAllocateIrp+0x52
    fffff880010d89cf fltmgr!FltPerformSynchronousIo+0x1af
    fffff8800110e0b5 fltmgr!FltNotifyFilterChangeDirectory+0x5c5
    fffff8800110eb38 fltmgr!FltFsControlFile+0x48
    fffff880012a0ce3 mfehidk+0x6ace3
    fffff880012a2b7f mfehidk+0x6cb7f
    fffff8800677f99f mfeavfk+0xd99f
    fffff8800677a576 mfeavfk+0x8576
    fffff8800677c6b1 mfeavfk+0xa6b1
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa8008646b50
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8000318a156 nt!VfIoFreeIrp+0xe6
    fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
    fffff80002cdc3d4 nt!IopfCompleteRequest+0x454
    fffff80003184eef nt!IovCompleteRequest+0x19f
    *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
    fffff8800142f7fc Ntfs+0x107fc
    fffff8800142c1c5 Ntfs+0xd1c5
    fffff8800142c398 Ntfs+0xd398
    fffff8000318bd46 nt!IovCallDriver+0x566
    fffff880010d5bcf fltmgr!FltIsCallbackDataDirty+0x2df
    fffff880010d46df fltmgr+0x16df
    fffff8000318bd46 nt!IovCallDriver+0x566
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa8008646b50
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180d90 nt!ViIrpAllocate+0x40
    fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
    fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
    fffff8000318abc2 nt!IovAllocateIrp+0x52
    fffff80002d01562 nt!IoPageRead+0x82
    fffff80002d01209 nt!MiIssueHardFault+0x255
    fffff80002ce7ac9 nt!MmAccessFault+0x1399
    fffff80002cd7d6e nt!KiPageFault+0x16e
    fffff80002fd9b27 nt!CcMapData+0x117
    ======================================================================
    Pool block fffff980919bea50, Size 00000000000005b0, Thread fffffa80083072f0
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff88001642d65 ndis!NdisFreeMemory+0x15
    fffff88004245af6 nsmuxtun+0xeaf6
    fffff880042455bf nsmuxtun+0xe5bf
    fffff8800425b85d nsmuxtun+0x2485d
    fffff88004254ea2 nsmuxtun+0x1dea2
    fffff88004244c2a nsmuxtun+0xdc2a
    fffff88004248164 nsmuxtun+0x11164
    fffff88004247e03 nsmuxtun+0x10e03
    fffff88004247a68 nsmuxtun+0x10a68
    fffff8800428005d nsmuxtun+0x4905d
    fffff8800429b140 nsmuxtun+0x64140
    ======================================================================
    Pool block fffff980919bea50, Size 00000000000005a8, Thread fffffa80083072f0
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
    fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
    fffff8800423db29 nsmuxtun+0x6b29
    fffff88004245a83 nsmuxtun+0xea83
    fffff88004243fde nsmuxtun+0xcfde
    fffff8800423e7f8 nsmuxtun+0x77f8
    fffff8800423964a nsmuxtun+0x264a
    fffff8800423a022 nsmuxtun+0x3022
    fffff8800165d1c7 ndis! ?? ::FNODOBFM::`string'+0xcd8f
    *** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
    fffff8800b6f3868 Rt64win7+0x1b868
    fffff8800b6de7c4 Rt64win7+0x67c4
    fffff8800163b921 ndis!ndisInterruptDpc+0x151
    ======================================================================
    Pool block fffff980919bea50, Size 00000000000005b0, Thread fffffa80083072f0
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff88001642d65 ndis!NdisFreeMemory+0x15
    fffff88004245af6 nsmuxtun+0xeaf6
    fffff880042455bf nsmuxtun+0xe5bf
    fffff8800425b85d nsmuxtun+0x2485d
    fffff88004254ea2 nsmuxtun+0x1dea2
    fffff88004244c2a nsmuxtun+0xdc2a
    fffff88004248164 nsmuxtun+0x11164
    fffff88004247e03 nsmuxtun+0x10e03
    fffff88004247a68 nsmuxtun+0x10a68
    fffff8800428005d nsmuxtun+0x4905d
    fffff8800429b140 nsmuxtun+0x64140
    ======================================================================
    Pool block fffff980919bea50, Size 00000000000005a8, Thread fffffa800975db50
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
    fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
    fffff8800423db29 nsmuxtun+0x6b29
    fffff88004245a83 nsmuxtun+0xea83
    fffff88004243fde nsmuxtun+0xcfde
    fffff8800423e7f8 nsmuxtun+0x77f8
    fffff8800423964a nsmuxtun+0x264a
    fffff8800423a022 nsmuxtun+0x3022
    fffff8800165d1c7 ndis! ?? ::FNODOBFM::`string'+0xcd8f
    fffff8800b6f3868 Rt64win7+0x1b868
    fffff8800b6de7c4 Rt64win7+0x67c4
    fffff8800163b921 ndis!ndisInterruptDpc+0x151
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa800802e210
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8000318a156 nt!VfIoFreeIrp+0xe6
    fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
    fffff80002fd985e nt!IopDeleteFile+0x14e
    fffff80002ce3504 nt!ObfDereferenceObject+0xd4
    fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
    ======================================================================
    Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa800802e210
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180d90 nt!ViIrpAllocate+0x40
    fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
    fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
    fffff8000318abc2 nt!IovAllocateIrp+0x52
    fffff80002cee5e6 nt!IopAllocateIrpMustSucceed+0x16
    fffff80002fd978c nt!IopDeleteFile+0x7c
    fffff80002ce3504 nt!ObfDereferenceObject+0xd4
    fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
    fffff80002fd4144 nt!ObpCloseHandle+0x94
    ======================================================================
    Pool block fffff980919bea20, Size 00000000000005e0, Thread fffffa80083ef890
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff88001642d65 ndis!NdisFreeMemory+0x15
    fffff8800423a419 nsmuxtun+0x3419
    fffff880016c28d4 ndis!ndisReturnNetBufferListsInternal+0x94
    fffff880016f917b ndis!NdisReturnNetBufferLists+0x3b
    fffff88001857f26 tcpip!FlpReturnNetBufferListChain+0x96
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for NETIO.SYS - 
    fffff8800172f872 NETIO!NetioDereferenceNetBufferListChain+0x132
    fffff8800187eea1 tcpip!TcpTlProviderReleaseIndicationList+0x81
    fffff8800417747d afd!AfdTLReleaseIndications+0x2d
    fffff880041b88a1 afd!AfdFastConnectionReceive+0x8d1
    fffff880041a07bb afd!AfdFastIoDeviceControl+0x7ab
    fffff80002ff9690 nt!IopXxxControlFile+0x520
    ======================================================================
    Pool block fffff980919bea20, Size 00000000000005d4, Thread fffffa80083072f0
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
    fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
    fffff88004248a11 nsmuxtun+0x11a11
    fffff88004239995 nsmuxtun+0x2995
    fffff8800423ee8e nsmuxtun+0x7e8e
    fffff88004246cb1 nsmuxtun+0xfcb1
    fffff880042427de nsmuxtun+0xb7de
    fffff80002f73b86 nt!PspSystemThreadStartup+0x5a
    ======================================================================
    Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa80083ef890
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8000318a156 nt!VfIoFreeIrp+0xe6
    fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
    fffff80002ceedec nt!IopCompleteRequest+0x54c
    fffff80002cdc5ea nt!IopfCompleteRequest+0x66a
    fffff80003184eef nt!IovCompleteRequest+0x19f
    fffff880041bbfc7 afd!AfdTliIoControl+0x8d7
    fffff8000318bd46 nt!IovCallDriver+0x566
    fffff80002fe5f3b nt!IopSynchronousServiceTail+0xfb
    fffff80002ff9d57 nt!IopXxxControlFile+0xbe4
    fffff80002ff9dc6 nt!NtDeviceIoControlFile+0x56
    fffff80002cd8ed3 nt!KiSystemServiceCopyEnd+0x13
    ======================================================================
    Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa80083ef890
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180d90 nt!ViIrpAllocate+0x40
    fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
    fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
    fffff8000318abc2 nt!IovAllocateIrp+0x52
    fffff80002ff9808 nt!IopXxxControlFile+0x698
    fffff80002ff9dc6 nt!NtDeviceIoControlFile+0x56
    fffff80002cd8ed3 nt!KiSystemServiceCopyEnd+0x13
    ======================================================================
    Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa800a2a3b50
    fffff800031808fa nt!VfFreePoolNotification+0x4a
    fffff80002e1080a nt!ExFreePool+0x871
    fffff8000318a156 nt!VfIoFreeIrp+0xe6
    fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
    fffff80002fd985e nt!IopDeleteFile+0x14e
    fffff80002ce3504 nt!ObfDereferenceObject+0xd4
    fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
    fffff80002fd4144 nt!ObpCloseHandle+0x94
    ======================================================================
    Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa800a2a3b50
    fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
    fffff80003180d90 nt!ViIrpAllocate+0x40
    fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
    fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
    fffff8000318abc2 nt!IovAllocateIrp+0x52
    fffff80002cee5e6 nt!IopAllocateIrpMustSucceed+0x16
    fffff80002fd978c nt!IopDeleteFile+0x7c
    fffff80002ce3504 nt!ObfDereferenceObject+0xd4
    fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
    fffff80002fd4144 nt!ObpCloseHandle+0x94

    Finished parsing all pool tracking information.

    Thanks,

    Karthik Balaguru

    Monday, January 25, 2016 2:55 PM
  • Hello,

    The 'Academic Initiatives - Technical Queries' forum is for posts Related to technical / coding / programming related issues as related to Microsoft's Academic Initiatives.

    As it's off-topic here, I am moving the question to the Where is the forum for... forum.

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Tuesday, January 26, 2016 3:20 PM
    Moderator
  • Hello,

    I'd ask in the Windows 7 IT Pro forums:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Tuesday, January 26, 2016 3:22 PM
    Moderator