Remove From My Forums

[NDIS] Bluescreen error : Unable to get PXE

Question

0

Sign in to vote
Hi,

I am getting the bluescreen error while using NDIS.

Debugging is being done based on the information in the link - http://blogs.msdn.com/b/ntdebugging/archive/2013/12/31/understanding-pool-corruption-part-3-special-pool-for-double-frees.aspx

But, a different log like 'Unable to get PXE FFFFF6FB7DBED000' is displayed as below

kd> !pte 000000000000000a
VA 000000000000000a
PXE at FFFFF6FB7DBED000 PPE at FFFFF6FB7DA00000 PDE at FFFFF6FB40000000 PTE at FFFFF68000000000
Unable to get PXE FFFFF6FB7DBED000

Can you pls suggest how to overcome this and go ahead with debugging ?

I have provided below the complete logs for your reference.

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\Dell3\Desktop\log report _bluescreen\New_Crash_with_verifier\012116-32089-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Inaccessible path: 'C:\Windows\System32\drivers\nsmuxtun.sys'
WARNING: Path element is empty
Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols;;C:\Users\Dell3\Desktop\k4.5.0.002_Win101\build\output\Windows7_x86_64_kmod_release
Executable search path is: C:\Windows\System32\drivers\nsmuxtun.sys
Windows 7 Kernel Version 7601 (Service Pack 1) UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02a14000 PsLoadedModuleList = 0xfffff800`02c59e90
Debug session time: Thu Jan 21 17:49:42.581 2016 (UTC + 5:30)
System Uptime: 0 days 0:21:07.751
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {a, 2, 0, fffff88003c4d695}

Unable to load image nsmuxtun.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nsmuxtun.sys
Probably caused by : Unknown_Image ( nsmuxtun!CFilter::SendNetBufferListsComplete+65 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000000000a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88003c4d695, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc50e8
000000000000000a

CURRENT_IRQL: 2

FAULTING_IP:
nsmuxtun!CFilter::SendNetBufferListsComplete+65 [c:\users\dell3\desktop\k4.5.0.002_win101\src\cpp\client\driver\multiplexer\windows\ndis62\filter.cpp @ 490]
fffff880`03c4d695 0fb7410a movzx eax,word ptr [rcx+0Ah]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: chrome.exe

LAST_CONTROL_TRANSFER: from 0000000000000000 to 0000000000000000

STACK_TEXT:
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
nsmuxtun!CFilter::SendNetBufferListsComplete+65 [c:\users\dell3\desktop\k4.5.0.002_win101\src\cpp\client\driver\multiplexer\windows\ndis62\filter.cpp @ 490]
fffff880`03c4d695 0fb7410a movzx eax,word ptr [rcx+0Ah]

SYMBOL_NAME: nsmuxtun!CFilter::SendNetBufferListsComplete+65

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUCKET_ID: INVALID_KERNEL_CONTEXT

Followup: MachineOwner
---------

kd> !pool fffff88003c4d695
Pool page fffff88003c4d695 region is Unknown
GetUlongFromAddress: unable to read from fffff80002c32210
fffff88003c4d000 is not a valid small pool allocation, checking large pool...
unable to get pool big page table - either wrong symbols or pool tagging is disabled
fffff88003c4d000 is freed (or corrupt) pool
Bad previous allocation size @fffff88003c4d000, last size was 0

***
*** An error (or corruption) in the pool was detected;
*** Pool Region unknown (0xFFFFF88003C4D000)
***
*** Use !poolval fffff88003c4d000 for more details.
***

kd> ub .
^ Unable to find valid previous instruction for 'ub .'
kd> kn
# Child-SP RetAddr Call Site
00 00000000`00000000 00000000`00000000 0x0
kd>
# Child-SP RetAddr Call Site
00 00000000`00000000 00000000`00000000 0x0
kd>
# Child-SP RetAddr Call Site
00 00000000`00000000 00000000`00000000 0x0
kd> dd 000000000000000a
00000000`0000000a ???????? ???????? ???????? ????????
00000000`0000001a ???????? ???????? ???????? ????????
00000000`0000002a ???????? ???????? ???????? ????????
00000000`0000003a ???????? ???????? ???????? ????????
00000000`0000004a ???????? ???????? ???????? ????????
00000000`0000005a ???????? ???????? ???????? ????????
00000000`0000006a ???????? ???????? ???????? ????????
00000000`0000007a ???????? ???????? ???????? ????????
kd> !pte 000000000000000a
VA 000000000000000a
PXE at FFFFF6FB7DBED000 PPE at FFFFF6FB7DA00000 PDE at FFFFF6FB40000000 PTE at FFFFF68000000000
Unable to get PXE FFFFF6FB7DBED000
kd> k
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0
kd>
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0
kd>
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0
kd>
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0
kd>
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0
kd>
Child-SP RetAddr Call Site
00000000`00000000 00000000`00000000 0x0

Thanks,

Karthik Balaguru
- Moved by Just KarlModerator Tuesday, January 26, 2016 3:22 PM Looking for the correct forum.
Friday, January 22, 2016 4:09 AM

Reply

|

Quote

Answers

0

Sign in to vote
Hello,

I'd ask in the Windows 7 IT Pro forums:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})
- Proposed as answer by Dave PatrickMVP, Moderator Tuesday, January 26, 2016 3:38 PM
- Marked as answer by Dave PatrickMVP, Moderator Sunday, January 31, 2016 3:26 PM
Tuesday, January 26, 2016 3:22 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote

The earlier analysis was based on minidump. So, we tried with

On Analyzing the MEMORY dump, we get the following. Please let me know the exact issue.

Furnished below the required logs for your reference :

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\NSLASP3\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

WARNING: Path element is empty
Symbol search path is: srv*https://msdl.microsoft.com/download/symbols;;C:\Users\NSLASP3\Desktop\Windows7_x86_64_kmod_debug
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.19045.amd64fre.win7sp1_gdr.151019-1254
Machine Name:
Kernel base = 0xfffff800`02c66000 PsLoadedModuleList = 0xfffff800`02ead730
Debug session time: Mon Jan 25 17:23:06.738 2016 (UTC + 5:30)
System Uptime: 0 days 1:38:38.940
Loading Kernel Symbols
...............................................................
................................................................
......Page 1c2a12 not present in the dump file. Type ".hh dbgerr004" for details
.................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`fffdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff980919bee20, 2, 0, fffff8800b7dd1a9}

*** ERROR: Module load completed but symbols could not be loaded for nsvnet.sys
*** ERROR: Module load completed but symbols could not be loaded for nsmuxtun.sys
Probably caused by : nsvnet.sys ( nsvnet+21a9 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff980919bee20, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800b7dd1a9, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: fffff980919bee20 Special pool

CURRENT_IRQL: 2

FAULTING_IP:
nsvnet+21a9
fffff880`0b7dd1a9 488b1a mov rbx,qword ptr [rdx]

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: chrome.exe

TRAP_FRAME: fffff8800585b4c0 -- (.trap 0xfffff8800585b4c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff880016a1ec0
rdx=fffff980919bee20 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800b7dd1a9 rsp=fffff8800585b650 rbp=fffff980919aae20
r8=fffffa80067f2780 r9=fffffa8009366270 r10=0000000000000002
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nsvnet+0x21a9:
fffff880`0b7dd1a9 488b1a mov rbx,qword ptr [rdx] ds:fffff980`919bee20=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002cd91e9 to fffff80002cd9c40

STACK_TEXT:
fffff880`0585b378 fffff800`02cd91e9 : 00000000`0000000a fffff980`919bee20 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0585b380 fffff800`02cd7e60 : fffff980`9077cd30 fffff980`9077cd30 00000000`00000000 fffff980`919bee20 : nt!KiBugCheckDispatch+0x69
fffff880`0585b4c0 fffff880`0b7dd1a9 : fffff980`919bee20 fffff980`919aae20 00000000`00000000 fffff980`08382f78 : nt!KiPageFault+0x260
fffff880`0585b650 fffff880`016f94f1 : fffffa80`081c11a0 00000000`00000000 fffff980`919bee20 fffff800`0317c37c : nsvnet+0x21a9
fffff880`0585b680 fffff880`0163c4b4 : 00000000`00000000 fffff980`08212c80 00000000`00000000 00000000`00000000 : ndis!ndisMSendNBLToMiniport+0xb1
fffff880`0585b6e0 fffff880`0423a5fc : fffff980`9077cd30 00000000`00000000 fffff980`02f50fa8 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64
fffff880`0585b720 fffff880`0163c4b4 : fffff980`08042c80 00000000`00000000 00000000`00000000 00000000`00000000 : nsmuxtun+0x35fc
fffff880`0585b790 fffff880`0400a199 : 00000000`00000000 fffffa80`081c11a0 00000000`00000000 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64
fffff880`0585b7d0 fffff880`0163c3f9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : pacer!PcFilterSendNetBufferLists+0x29
fffff880`0585b8d0 fffff880`016f95d5 : 00000000`00000863 00000000`00000000 fffffa80`081c11a0 fffff800`02d054a0 : ndis!ndisSendNBLToFilter+0x69
fffff880`0585b930 fffff880`0185f5ce : 00000000`00000000 00000000`0000000e fffffa80`075a7010 fffff800`02d054a0 : ndis!NdisSendNetBufferLists+0x85
fffff880`0585b990 fffff880`0185d1c7 : fffff880`0196e9a0 00000000`00000000 fffffa80`08000000 fffff980`01960800 : tcpip!IppFragmentPackets+0x39e
fffff880`0585bab0 fffff880`0185ebf5 : 00000000`00000000 00000000`00000000 fffffa80`09660080 fffffa80`07d03cec : tcpip!IppDispatchSendPacketHelper+0x87
fffff880`0585bb70 fffff880`0185de7e : fffffa80`07d03c06 fffff880`0585bf00 00000000`00000014 fffffa80`00000000 : tcpip!IppPacketizeDatagrams+0x2d5
fffff880`0585bc90 fffff880`0186079e : 00000000`00000000 00000000`00004007 00000000`5b211f01 fffffa80`0815c890 : tcpip!IppSendDatagramsCommon+0x87e
fffff880`0585be30 fffff880`01868aad : fffffa80`08253190 00000000`00000001 00000000`0000c2d8 00000000`0000060e : tcpip!IpNlpSendDatagrams+0x3e
fffff880`0585be70 fffff880`01869450 : 61000001`d3a80860 fffff880`041a1650 00000000`00000000 00000000`00004800 : tcpip!TcpTcbSend+0x6ad
fffff880`0585c0f0 fffff880`018681a8 : 00000000`00000000 00000000`00000000 fffff880`0585c310 fffff880`0585c420 : tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa0
fffff880`0585c120 fffff880`0186836b : fffff880`00000000 00001f80`0108471c 00000000`00004800 fffffa80`08c63880 : tcpip!TcpEnqueueTcbSend+0x258
fffff880`0585c1d0 fffff800`02ce6188 : 00000000`00000001 fffffa80`08627b60 00000000`00000000 fffff880`05855000 : tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
fffff880`0585c200 fffff880`0186922a : fffff880`01868350 00000000`00000000 81a00000`206da900 fffff880`041a1601 : nt!KeExpandKernelStackAndCalloutEx+0xd8
fffff880`0585c2e0 fffff880`041b99cb : fffffa80`083a5730 fffff880`0585cb60 00000000`0000060e fffffa80`077d4d90 : tcpip!TcpTlConnectionSend+0x7a
fffff880`0585c350 fffff880`041a0469 : 00000000`000001f1 00000000`00000000 fffff6fb`7e280148 fffff800`02d0ad26 : afd!AfdFastConnectionSend+0x38b
fffff880`0585c510 fffff800`02ff9690 : 00000000`0000060e 00000000`00000000 fffffa80`08107930 00000000`0552e9a0 : afd!AfdFastIoDeviceControl+0x459
fffff880`0585c880 fffff800`02ff9dc6 : fffff880`0585cab8 00000000`00000ae4 00000000`00000001 00000000`0d524e08 : nt!IopXxxControlFile+0x520
fffff880`0585ca00 fffff800`02cd8ed3 : fffff880`0585cb60 fffffa80`09675e10 fffff880`0585cab8 fffff800`02fc5c00 : nt!NtDeviceIoControlFile+0x56
fffff880`0585ca70 00000000`744a2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0552e928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x744a2e09

STACK_COMMAND: kb

FOLLOWUP_IP:
nsvnet+21a9
fffff880`0b7dd1a9 488b1a mov rbx,qword ptr [rdx]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nsvnet+21a9

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nsvnet

IMAGE_NAME: nsvnet.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 560bb2b5

FAILURE_BUCKET_ID: X64_0xD1_VRF_nsvnet+21a9

BUCKET_ID: X64_0xD1_VRF_nsvnet+21a9

Followup: MachineOwner
---------

2: kd> kn
# Child-SP RetAddr Call Site
00 fffff880`0585b378 fffff800`02cd91e9 nt!KeBugCheckEx
01 fffff880`0585b380 fffff800`02cd7e60 nt!KiBugCheckDispatch+0x69
02 fffff880`0585b4c0 fffff880`0b7dd1a9 nt!KiPageFault+0x260
03 fffff880`0585b650 fffff880`016f94f1 nsvnet+0x21a9
04 fffff880`0585b680 fffff880`0163c4b4 ndis!ndisMSendNBLToMiniport+0xb1
05 fffff880`0585b6e0 fffff880`0423a5fc ndis!NdisFSendNetBufferLists+0x64
06 fffff880`0585b720 fffff880`0163c4b4 nsmuxtun+0x35fc
07 fffff880`0585b790 fffff880`0400a199 ndis!NdisFSendNetBufferLists+0x64
08 fffff880`0585b7d0 fffff880`0163c3f9 pacer!PcFilterSendNetBufferLists+0x29
09 fffff880`0585b8d0 fffff880`016f95d5 ndis!ndisSendNBLToFilter+0x69
0a fffff880`0585b930 fffff880`0185f5ce ndis!NdisSendNetBufferLists+0x85
0b fffff880`0585b990 fffff880`0185d1c7 tcpip!IppFragmentPackets+0x39e
0c fffff880`0585bab0 fffff880`0185ebf5 tcpip!IppDispatchSendPacketHelper+0x87
0d fffff880`0585bb70 fffff880`0185de7e tcpip!IppPacketizeDatagrams+0x2d5
0e fffff880`0585bc90 fffff880`0186079e tcpip!IppSendDatagramsCommon+0x87e
0f fffff880`0585be30 fffff880`01868aad tcpip!IpNlpSendDatagrams+0x3e
10 fffff880`0585be70 fffff880`01869450 tcpip!TcpTcbSend+0x6ad
11 fffff880`0585c0f0 fffff880`018681a8 tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xa0
12 fffff880`0585c120 fffff880`0186836b tcpip!TcpEnqueueTcbSend+0x258
13 fffff880`0585c1d0 fffff800`02ce6188 tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
14 fffff880`0585c200 fffff880`0186922a nt!KeExpandKernelStackAndCalloutEx+0xd8
15 fffff880`0585c2e0 fffff880`041b99cb tcpip!TcpTlConnectionSend+0x7a
16 fffff880`0585c350 fffff880`041a0469 afd!AfdFastConnectionSend+0x38b
17 fffff880`0585c510 fffff800`02ff9690 afd!AfdFastIoDeviceControl+0x459
18 fffff880`0585c880 fffff800`02ff9dc6 nt!IopXxxControlFile+0x520
19 fffff880`0585ca00 fffff800`02cd8ed3 nt!NtDeviceIoControlFile+0x56
1a fffff880`0585ca70 00000000`744a2e09 nt!KiSystemServiceCopyEnd+0x13
1b 00000000`0552e928 00000000`00000000 0x744a2e09
2: kd> dd fffff980919bee20
fffff980`919bee20 ???????? ???????? ???????? ????????
fffff980`919bee30 ???????? ???????? ???????? ????????
fffff980`919bee40 ???????? ???????? ???????? ????????
fffff980`919bee50 ???????? ???????? ???????? ????????
fffff980`919bee60 ???????? ???????? ???????? ????????
fffff980`919bee70 ???????? ???????? ???????? ????????
fffff980`919bee80 ???????? ???????? ???????? ????????
fffff980`919bee90 ???????? ???????? ???????? ????????
2: kd> !pte fffff980919bee20
VA fffff980919bee20
PXE at FFFFF6FB7DBEDF98 PPE at FFFFF6FB7DBF3010 PDE at FFFFF6FB7E602460 PTE at FFFFF6FCC048CDF0
contains 00000001E4E87863 contains 000000013EA93863 contains 000000008E4D8863 contains 180918E000000000
pfn 1e4e87 ---DA--KWEV pfn 13ea93 ---DA--KWEV pfn 8e4d8 ---DA--KWEV not valid
PageFile: 0
Offset: 180918e0
Protect: 0

2: kd> .frame /r 6
06 fffff880`0585b720 fffff880`0163c4b4 nsmuxtun+0x35fc
rax=fffff8800585b480 rbx=0000000000000000 rcx=000000000000000a
rdx=fffff980919bee20 rsi=fffff98002f50fa8 rdi=0000000000000000
rip=fffff8800423a5fc rsp=fffff8800585b720 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=fffff8800b7dd1a9
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=fffff980919aae20
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00200282
nsmuxtun+0x35fc:
fffff880`0423a5fc 4885ed test rbp,rbp
2: kd> ub fffff880`0423a5fc
nsmuxtun+0x35db:
fffff880`0423a5db 0f859bfeffff jne nsmuxtun+0x347c (fffff880`0423a47c)
fffff880`0423a5e1 4d85ff test r15,r15
fffff880`0423a5e4 7416 je nsmuxtun+0x35fc (fffff880`0423a5fc)
fffff880`0423a5e6 448b842480000000 mov r8d,dword ptr [rsp+80h]
fffff880`0423a5ee 488b0e mov rcx,qword ptr [rsi]
fffff880`0423a5f1 458bcd mov r9d,r13d
fffff880`0423a5f4 498bd7 mov rdx,r15
fffff880`0423a5f7 e8c6f70000 call nsmuxtun+0x12dc2 (fffff880`04249dc2)
2: kd> !verifier 80 fffff98002f50fa8

Log of recent kernel pool Allocate and Free operations:

There are up to 0x10000 entries in the log.

Parsing 0x0000000000010000 log entries, searching for address 0xfffff98002f50fa8.

Finished parsing all pool tracking information.
No entries matching address fffff98002f50fa8 have been found.

2: kd> .frame /r 3
03 fffff880`0585b650 fffff880`016f94f1 nsvnet+0x21a9
rax=fffff8800585b480 rbx=fffff980919bee20 rcx=000000000000000a
rdx=fffff980919bee20 rsi=0000000000000000 rdi=fffff98008382f78
rip=fffff8800b7dd1a9 rsp=fffff8800585b650 rbp=fffff980919aae20
r8=0000000000000002 r9=0000000000000000 r10=fffff8800b7dd1a9
r11=0000000000000000 r12=0000000000000000 r13=fffff8800b7dd1e4
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00200282
nsvnet+0x21a9:
fffff880`0b7dd1a9 488b1a mov rbx,qword ptr [rdx] ds:002b:fffff980`919bee20=????????????????
2: kd> !verifier 80 fffff980919bee20

Log of recent kernel pool Allocate and Free operations:

There are up to 0x10000 entries in the log.

Parsing 0x0000000000010000 log entries, searching for address 0xfffff980919bee20.

======================================================================
Pool block fffff980919bee00, Size 0000000000000200, Thread fffffa80083ef890
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8800163c212 ndis!NdisFreeNetBufferList+0x112
fffff8800423a671 nsmuxtun+0x3671
fffff880016f921d ndis!NdisMSendNetBufferListsComplete+0x6d
fffff8800b7dd1cb nsvnet+0x21cb
fffff880016f94f1 ndis!ndisMSendNBLToMiniport+0xb1
fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
fffff8800423a5fc nsmuxtun+0x35fc
fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
fffff8800400a199 pacer!PcFilterSendNetBufferLists+0x29
fffff8800163c3f9 ndis!ndisSendNBLToFilter+0x69
fffff880016f95d5 ndis!NdisSendNetBufferLists+0x85
======================================================================
Pool block fffff980919bee00, Size 0000000000000200, Thread fffffa80083ef890
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
fffff88001642d2e ndis!ndisAllocateFromNPagedPool+0x1e
fffff8800163e42f ndis!NdisAllocateNetBufferAndNetBufferList+0x293
fffff8800423a500 nsmuxtun+0x3500
fffff8800163c4b4 ndis!NdisFSendNetBufferLists+0x64
fffff8800400a199 pacer!PcFilterSendNetBufferLists+0x29
fffff8800163c3f9 ndis!ndisSendNBLToFilter+0x69
fffff880016f95d5 ndis!NdisSendNetBufferLists+0x85
fffff8800185f5ce tcpip!IppFragmentPackets+0x39e
fffff8800185d1c7 tcpip!IppDispatchSendPacketHelper+0x87
fffff8800185ebf5 tcpip!IppPacketizeDatagrams+0x2d5
fffff8800185de7e tcpip!IppSendDatagramsCommon+0x87e
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa80083e5b50
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8000318a156 nt!VfIoFreeIrp+0xe6
fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fltmgr.sys -
fffff880010d77b8 fltmgr!FltIsCallbackDataDirty+0x1ec8
fffff8800110e126 fltmgr!FltNotifyFilterChangeDirectory+0x636
fffff8800110eb38 fltmgr!FltFsControlFile+0x48
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mfehidk.sys -
fffff880012a0ce3 mfehidk+0x6ace3
fffff880012a2b7f mfehidk+0x6cb7f
*** ERROR: Module load completed but symbols could not be loaded for mfeavfk.sys
fffff8800677f99f mfeavfk+0xd99f
fffff8800677a576 mfeavfk+0x8576
fffff8800677c6b1 mfeavfk+0xa6b1
fffff88001264a8e mfehidk+0x2ea8e
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa80083e5b50
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180d90 nt!ViIrpAllocate+0x40
fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
fffff8000318abc2 nt!IovAllocateIrp+0x52
fffff880010d89cf fltmgr!FltPerformSynchronousIo+0x1af
fffff8800110e0b5 fltmgr!FltNotifyFilterChangeDirectory+0x5c5
fffff8800110eb38 fltmgr!FltFsControlFile+0x48
fffff880012a0ce3 mfehidk+0x6ace3
fffff880012a2b7f mfehidk+0x6cb7f
fffff8800677f99f mfeavfk+0xd99f
fffff8800677a576 mfeavfk+0x8576
fffff8800677c6b1 mfeavfk+0xa6b1
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa8008646b50
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8000318a156 nt!VfIoFreeIrp+0xe6
fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
fffff80002cdc3d4 nt!IopfCompleteRequest+0x454
fffff80003184eef nt!IovCompleteRequest+0x19f
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
fffff8800142f7fc Ntfs+0x107fc
fffff8800142c1c5 Ntfs+0xd1c5
fffff8800142c398 Ntfs+0xd398
fffff8000318bd46 nt!IovCallDriver+0x566
fffff880010d5bcf fltmgr!FltIsCallbackDataDirty+0x2df
fffff880010d46df fltmgr+0x16df
fffff8000318bd46 nt!IovCallDriver+0x566
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa8008646b50
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180d90 nt!ViIrpAllocate+0x40
fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
fffff8000318abc2 nt!IovAllocateIrp+0x52
fffff80002d01562 nt!IoPageRead+0x82
fffff80002d01209 nt!MiIssueHardFault+0x255
fffff80002ce7ac9 nt!MmAccessFault+0x1399
fffff80002cd7d6e nt!KiPageFault+0x16e
fffff80002fd9b27 nt!CcMapData+0x117
======================================================================
Pool block fffff980919bea50, Size 00000000000005b0, Thread fffffa80083072f0
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff88001642d65 ndis!NdisFreeMemory+0x15
fffff88004245af6 nsmuxtun+0xeaf6
fffff880042455bf nsmuxtun+0xe5bf
fffff8800425b85d nsmuxtun+0x2485d
fffff88004254ea2 nsmuxtun+0x1dea2
fffff88004244c2a nsmuxtun+0xdc2a
fffff88004248164 nsmuxtun+0x11164
fffff88004247e03 nsmuxtun+0x10e03
fffff88004247a68 nsmuxtun+0x10a68
fffff8800428005d nsmuxtun+0x4905d
fffff8800429b140 nsmuxtun+0x64140
======================================================================
Pool block fffff980919bea50, Size 00000000000005a8, Thread fffffa80083072f0
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
fffff8800423db29 nsmuxtun+0x6b29
fffff88004245a83 nsmuxtun+0xea83
fffff88004243fde nsmuxtun+0xcfde
fffff8800423e7f8 nsmuxtun+0x77f8
fffff8800423964a nsmuxtun+0x264a
fffff8800423a022 nsmuxtun+0x3022
fffff8800165d1c7 ndis! ?? ::FNODOBFM::`string'+0xcd8f
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
fffff8800b6f3868 Rt64win7+0x1b868
fffff8800b6de7c4 Rt64win7+0x67c4
fffff8800163b921 ndis!ndisInterruptDpc+0x151
======================================================================
Pool block fffff980919bea50, Size 00000000000005b0, Thread fffffa80083072f0
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff88001642d65 ndis!NdisFreeMemory+0x15
fffff88004245af6 nsmuxtun+0xeaf6
fffff880042455bf nsmuxtun+0xe5bf
fffff8800425b85d nsmuxtun+0x2485d
fffff88004254ea2 nsmuxtun+0x1dea2
fffff88004244c2a nsmuxtun+0xdc2a
fffff88004248164 nsmuxtun+0x11164
fffff88004247e03 nsmuxtun+0x10e03
fffff88004247a68 nsmuxtun+0x10a68
fffff8800428005d nsmuxtun+0x4905d
fffff8800429b140 nsmuxtun+0x64140
======================================================================
Pool block fffff980919bea50, Size 00000000000005a8, Thread fffffa800975db50
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
fffff8800423db29 nsmuxtun+0x6b29
fffff88004245a83 nsmuxtun+0xea83
fffff88004243fde nsmuxtun+0xcfde
fffff8800423e7f8 nsmuxtun+0x77f8
fffff8800423964a nsmuxtun+0x264a
fffff8800423a022 nsmuxtun+0x3022
fffff8800165d1c7 ndis! ?? ::FNODOBFM::`string'+0xcd8f
fffff8800b6f3868 Rt64win7+0x1b868
fffff8800b6de7c4 Rt64win7+0x67c4
fffff8800163b921 ndis!ndisInterruptDpc+0x151
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa800802e210
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8000318a156 nt!VfIoFreeIrp+0xe6
fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
fffff80002fd985e nt!IopDeleteFile+0x14e
fffff80002ce3504 nt!ObfDereferenceObject+0xd4
fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
======================================================================
Pool block fffff980919bebd0, Size 0000000000000430, Thread fffffa800802e210
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180d90 nt!ViIrpAllocate+0x40
fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
fffff8000318abc2 nt!IovAllocateIrp+0x52
fffff80002cee5e6 nt!IopAllocateIrpMustSucceed+0x16
fffff80002fd978c nt!IopDeleteFile+0x7c
fffff80002ce3504 nt!ObfDereferenceObject+0xd4
fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
fffff80002fd4144 nt!ObpCloseHandle+0x94
======================================================================
Pool block fffff980919bea20, Size 00000000000005e0, Thread fffffa80083ef890
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff88001642d65 ndis!NdisFreeMemory+0x15
fffff8800423a419 nsmuxtun+0x3419
fffff880016c28d4 ndis!ndisReturnNetBufferListsInternal+0x94
fffff880016f917b ndis!NdisReturnNetBufferLists+0x3b
fffff88001857f26 tcpip!FlpReturnNetBufferListChain+0x96
*** ERROR: Symbol file could not be found. Defaulted to export symbols for NETIO.SYS -
fffff8800172f872 NETIO!NetioDereferenceNetBufferListChain+0x132
fffff8800187eea1 tcpip!TcpTlProviderReleaseIndicationList+0x81
fffff8800417747d afd!AfdTLReleaseIndications+0x2d
fffff880041b88a1 afd!AfdFastConnectionReceive+0x8d1
fffff880041a07bb afd!AfdFastIoDeviceControl+0x7ab
fffff80002ff9690 nt!IopXxxControlFile+0x520
======================================================================
Pool block fffff980919bea20, Size 00000000000005d4, Thread fffffa80083072f0
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180cc7 nt!VerifierExAllocatePoolWithTagPriority+0x17
fffff88001668623 ndis!ndisVerifierAllocateMemoryWithTag+0x73
fffff88004248a11 nsmuxtun+0x11a11
fffff88004239995 nsmuxtun+0x2995
fffff8800423ee8e nsmuxtun+0x7e8e
fffff88004246cb1 nsmuxtun+0xfcb1
fffff880042427de nsmuxtun+0xb7de
fffff80002f73b86 nt!PspSystemThreadStartup+0x5a
======================================================================
Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa80083ef890
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8000318a156 nt!VfIoFreeIrp+0xe6
fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
fffff80002ceedec nt!IopCompleteRequest+0x54c
fffff80002cdc5ea nt!IopfCompleteRequest+0x66a
fffff80003184eef nt!IovCompleteRequest+0x19f
fffff880041bbfc7 afd!AfdTliIoControl+0x8d7
fffff8000318bd46 nt!IovCallDriver+0x566
fffff80002fe5f3b nt!IopSynchronousServiceTail+0xfb
fffff80002ff9d57 nt!IopXxxControlFile+0xbe4
fffff80002ff9dc6 nt!NtDeviceIoControlFile+0x56
fffff80002cd8ed3 nt!KiSystemServiceCopyEnd+0x13
======================================================================
Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa80083ef890
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180d90 nt!ViIrpAllocate+0x40
fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
fffff8000318abc2 nt!IovAllocateIrp+0x52
fffff80002ff9808 nt!IopXxxControlFile+0x698
fffff80002ff9dc6 nt!NtDeviceIoControlFile+0x56
fffff80002cd8ed3 nt!KiSystemServiceCopyEnd+0x13
======================================================================
Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa800a2a3b50
fffff800031808fa nt!VfFreePoolNotification+0x4a
fffff80002e1080a nt!ExFreePool+0x871
fffff8000318a156 nt!VfIoFreeIrp+0xe6
fffff8000318a71c nt!IovFreeIrpPrivate+0x5c
fffff80002fd985e nt!IopDeleteFile+0x14e
fffff80002ce3504 nt!ObfDereferenceObject+0xd4
fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
fffff80002fd4144 nt!ObpCloseHandle+0x94
======================================================================
Pool block fffff980919bee10, Size 00000000000001f0, Thread fffffa800a2a3b50
fffff80003180c86 nt!VeAllocatePoolWithTagPriority+0x2b6
fffff80003180d90 nt!ViIrpAllocate+0x40
fffff8000318a4d8 nt!ViIrpAllocateLockedPacket+0x28
fffff8000318a5f3 nt!VfIoAllocateIrp1+0x23
fffff8000318abc2 nt!IovAllocateIrp+0x52
fffff80002cee5e6 nt!IopAllocateIrpMustSucceed+0x16
fffff80002fd978c nt!IopDeleteFile+0x7c
fffff80002ce3504 nt!ObfDereferenceObject+0xd4
fffff80002fd3a31 nt!ObpCloseHandleTableEntry+0xc1
fffff80002fd4144 nt!ObpCloseHandle+0x94

Finished parsing all pool tracking information.

Thanks,

Karthik Balaguru

Monday, January 25, 2016 2:55 PM

Reply

|

Quote

0

Sign in to vote

Hello,

The 'Academic Initiatives - Technical Queries' forum is for posts Related to technical / coding / programming related issues as related to Microsoft's Academic Initiatives.

As it's off-topic here, I am moving the question to the Where is the forum for... forum.

Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Tuesday, January 26, 2016 3:20 PM

Reply

|

Quote

Moderator

0

Sign in to vote
Hello,

I'd ask in the Windows 7 IT Pro forums:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})
- Proposed as answer by Dave PatrickMVP, Moderator Tuesday, January 26, 2016 3:38 PM
- Marked as answer by Dave PatrickMVP, Moderator Sunday, January 31, 2016 3:26 PM
Tuesday, January 26, 2016 3:22 PM

Reply

|

Quote

Moderator

Answered by:

[NDIS] Bluescreen error : Unable to get PXE

Question

Answers

All replies