pastebin - collaborative debugging tool
nrubsig.kpaste.net RSS


Crash in RtlUTF8StringToUnicodeString
Posted by Anonymous on Sun 1st Mar 2026 22:34
raw | new post

  1.  
  2. Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5.  
  6. Loading Dump File [C:\Windows\MEMORY.DMP]
  7. Kernel Bitmap Dump File: Full address space is available
  8.  
  9. Symbol search path is: srv*
  10. Executable search path is:
  11. Windows 10 Kernel Version 19041 MP (8 procs) Free x64
  12. Product: WinNt, suite: TerminalServer SingleUserTS
  13. Built by: 19041.1.amd64fre.vb_release.191206-1406
  14. Machine Name:
  15. Kernel base = 0xfffff802`2b412000 PsLoadedModuleList = 0xfffff802`2c03c420
  16. Debug session time: Sun Mar  1 23:20:34.197 2026 (UTC + 1:00)
  17. System Uptime: 0 days 0:10:26.148
  18. Loading Kernel Symbols
  19. ...............................................................
  20. ................................................................
  21. ................................................................
  22. .....................
  23. Loading User Symbols
  24. .....................................
  25. Loading unloaded module list
  26. ..............
  27. For analysis of this file, run !analyze -v
  28. 7: kd> !analyze -v
  29. *******************************************************************************
  30. *                                                                             *
  31. *                        Bugcheck Analysis                                    *
  32. *                                                                             *
  33. *******************************************************************************
  34.  
  35. PAGE_FAULT_IN_NONPAGED_AREA (50)
  36. Invalid system memory was referenced.  This cannot be protected by try-except.
  37. Typically the address is just plain bad or it is pointing at freed memory.
  38. Arguments:
  39. Arg1: ffffd78ebbbed000, memory referenced.
  40. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
  41. Arg3: fffff8022b9a0faa, If non-zero, the instruction address which referenced the bad memory
  42.         address.
  43. Arg4: 0000000000000002, (reserved)
  44.  
  45. Debugging Details:
  46. ------------------
  47.  
  48.  
  49. KEY_VALUES_STRING: 1
  50.  
  51.     Key  : Analysis.CPU.Sec
  52.     Value: 4
  53.  
  54.     Key  : Analysis.DebugAnalysisProvider.CPP
  55.     Value: Create: 8007007e on WINGRENDEL02
  56.  
  57.     Key  : Analysis.DebugData
  58.     Value: CreateObject
  59.  
  60.     Key  : Analysis.DebugModel
  61.     Value: CreateObject
  62.  
  63.     Key  : Analysis.Elapsed.Sec
  64.     Value: 6
  65.  
  66.     Key  : Analysis.Memory.CommitPeak.Mb
  67.     Value: 128
  68.  
  69.     Key  : Analysis.System
  70.     Value: CreateObject
  71.  
  72.  
  73. BUGCHECK_CODE:  50
  74.  
  75. BUGCHECK_P1: ffffd78ebbbed000
  76.  
  77. BUGCHECK_P2: 0
  78.  
  79. BUGCHECK_P3: fffff8022b9a0faa
  80.  
  81. BUGCHECK_P4: 2
  82.  
  83. READ_ADDRESS:  ffffd78ebbbed000 Special pool
  84.  
  85. MM_INTERNAL_CODE:  2
  86.  
  87. BLACKBOXBSD: 1 (!blackboxbsd)
  88.  
  89.  
  90. BLACKBOXNTFS: 1 (!blackboxntfs)
  91.  
  92.  
  93. BLACKBOXPNP: 1 (!blackboxpnp)
  94.  
  95.  
  96. BLACKBOXWINLOGON: 1
  97.  
  98. PROCESS_NAME:  nfsd.exe
  99.  
  100. TRAP_FRAME:  ffffec8240bb0d70 -- (.trap 0xffffec8240bb0d70)
  101. NOTE: The trap frame does not contain all registers.
  102. Some register values may be zeroed or incorrect.
  103. rax=0000000000000004 rbx=0000000000000000 rcx=ffffd78ebbbed000
  104. rdx=0000000000000072 rsi=0000000000000000 rdi=0000000000000000
  105. rip=fffff8022b9a0faa rsp=ffffec8240bb0f08 rbp=00000000ffffffff
  106.  r8=0000000000000070  r9=000000000000006b r10=ffffd78ebbbecffa
  107. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  108. r14=0000000000000000 r15=0000000000000000
  109. iopl=0         nv up ei ng nz ac po cy
  110. nt!CountUTF8ToUnicode+0xc2:
  111. fffff802`2b9a0faa 440fbe09        movsx   r9d,byte ptr [rcx] ds:ffffd78e`bbbed000=??
  112. Resetting default scope
  113.  
  114. STACK_TEXT:  
  115. ffffec82`40bb0ac8 fffff802`2b85ab23 : 00000000`00000050 ffffd78e`bbbed000 00000000`00000000 ffffec82`40bb0d70 : nt!KeBugCheckEx
  116. ffffec82`40bb0ad0 fffff802`2b61f450 : 00000000`00000000 00000000`00000000 ffffec82`40bb0df0 00000000`00000000 : nt!MiSystemFault+0x1b70a3
  117. ffffec82`40bb0bd0 fffff802`2b81f66d : 00000000`00000080 fffff802`2ba4fdd4 ffffc281`42ab8030 ffffc281`42ab8030 : nt!MmAccessFault+0x400
  118. ffffec82`40bb0d70 fffff802`2b9a0faa : fffff802`2bd2b721 ffffd78e`bc428f50 00000000`00000000 ffffec82`40bb0f88 : nt!KiPageFault+0x36d
  119. ffffec82`40bb0f08 fffff802`2bd2b721 : ffffd78e`bc428f50 00000000`00000000 ffffec82`40bb0f88 ffffd78e`bd912a80 : nt!CountUTF8ToUnicode+0xc2
  120. ffffec82`40bb0f10 fffff800`223ba1e4 : ffffd78e`bd912a80 fffff802`00000000 fffff800`223d7160 fffff802`00000000 : nt!RtlUTF8StringToUnicodeString+0x31
  121. ffffec82`40bb0f60 fffff800`223bdad6 : ffffd78e`bc428e30 ffffec82`40bb1000 ffffec82`40bb1078 ffffec82`40bb1068 : nfs41_driver!unmarshal_nfs41_setattr+0x114 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_setfileinfo.c @ 200]
  122. ffffec82`40bb0fb0 fffff800`223a8c61 : ffffd78e`bd912a80 ffffd78e`bc3f0d80 00000000`00000005 fffff802`2b62ee22 : nfs41_driver!nfs41_downcall+0x546 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_updowncall.c @ 802]
  123. ffffec82`40bb1230 fffff800`223eed96 : ffffd78e`bd912a80 ffffd78e`b10543f0 fffff800`223bfbcf ffffd78e`bd912a80 : nfs41_driver!nfs41_DevFcbXXXControlFile+0x121 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_driver.c @ 747]
  124. ffffec82`40bb12b0 fffff800`223eeab8 : ffffd78e`bd912a80 00000000`00000002 fffff800`223c3169 ffffd78e`bd912a80 : nfs41_driver!RxXXXControlFileCallthru+0x76 [base\fs\rdr2\rdbss\ntdevfcb.c @ 130]
  125. ffffec82`40bb12e0 fffff800`223c34b2 : 00000000`00000000 00000000`00000000 ffffd78e`b3502001 00000000`00000000 : nfs41_driver!RxCommonDevFCBIoCtl+0x58 [base\fs\rdr2\rdbss\ntdevfcb.c @ 491]
  126. ffffec82`40bb1310 fffff800`223e39ad : fffff800`223d6370 00000000`00000000 00000000`00000000 ffffd78e`b3502080 : nfs41_driver!RxFsdCommonDispatch+0x442 [base\fs\rdr2\rdbss\ntfsd.c @ 848]
  127. ffffec82`40bb1410 fffff800`223a90b7 : ffffd78e`bc3f0d80 ffffd78e`bc3f0f28 00000000`00400000 ffffd78e`b3cd36f0 : nfs41_driver!RxFsdDispatch+0xfd [base\fs\rdr2\rdbss\ntfsd.c @ 442]
  128. ffffec82`40bb1440 fffff802`2b782c37 : ffffd78e`b3502080 ffffd78e`bc3f0d80 ffffd78e`00000000 ffffd78e`00000000 : nfs41_driver!nfs41_FsdDispatch+0x67 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_driver.c @ 1250]
  129. ffffec82`40bb1480 fffff802`2bdd6f1a : ffffd78e`bc3f0d80 ffffd78e`b3502080 00000000`00000001 ffffd78e`bbb01d80 : nt!IopfCallDriver+0x53
  130. ffffec82`40bb14c0 fffff802`2b86d079 : ffffd78e`b67639f0 ffffd78e`bc3f0d80 ffffd78e`bf40e730 ffffd78e`b8ab29c0 : nt!IovCallDriver+0x266
  131. ffffec82`40bb1500 fffff802`2ddff553 : fffff802`2ddf8000 00000000`00000000 ffffd78e`b3cd3080 ffffd78e`bf587988 : nt!IofCallDriver+0x188f09
  132. ffffec82`40bb1540 fffff802`2ddff0a9 : ffffc281`358ad230 00000000`00000000 fffff802`2ddf8000 00000000`00000000 : mup!MupiCallUncProvider+0xb3
  133. ffffec82`40bb15b0 fffff802`2ddfefde : ffffd78e`bc3f0d80 ffffd78e`bf587980 ffffd78e`bf4ba660 00000000`00000000 : mup!MupStateMachine+0x59
  134. ffffec82`40bb15e0 fffff802`2b782c37 : 00000000`00000000 00000000`00000000 ffffd78e`b67639f0 ffffd78e`00000000 : mup!MupFsdIrpPassThrough+0x17e
  135. ffffec82`40bb1650 fffff802`2bdd6f1a : ffffd78e`bc3f0d80 ffffd78e`b3cd3080 00000000`00000000 ffffec82`40bb1738 : nt!IopfCallDriver+0x53
  136. ffffec82`40bb1690 fffff802`2b86d079 : ffffd78e`b3cd36f0 00000000`00000000 00000000`00000000 ffffd78e`bf39f020 : nt!IovCallDriver+0x266
  137. ffffec82`40bb16d0 fffff802`2c724a71 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x188f09
  138. ffffec82`40bb1710 fffff802`2b782c37 : ffffd78e`bc3f0d80 fffff802`2bde31ae ffffd78e`00000001 ffffd78e`00000000 : FLTMGR!FltpDispatch+0xd1
  139. ffffec82`40bb1770 fffff802`2bdd6f1a : ffffd78e`bc3f0d80 ffffd78e`b3cd36f0 00000000`20206f49 00000000`00000000 : nt!IopfCallDriver+0x53
  140. ffffec82`40bb17b0 fffff802`2b86d079 : 00000000`00000002 ffffd78e`bf4ba660 00000000`00000028 ffffd78e`b8acd450 : nt!IovCallDriver+0x266
  141. ffffec82`40bb17f0 fffff802`2ba5e801 : ffffec82`40bb1b80 00000000`0028201c ffffd78e`bf4ba660 ffffec82`40bb1b80 : nt!IofCallDriver+0x188f09
  142. ffffec82`40bb1830 fffff802`2ba5e43a : 00000000`0028201c ffffec82`40bb1b80 00000000`00000000 00000000`0028201c : nt!IopSynchronousServiceTail+0x361
  143. ffffec82`40bb18d0 fffff802`2ba5d716 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xd0a
  144. ffffec82`40bb1a20 fffff802`2b823505 : 00000000`00000afc fffff802`2b6dd83e ffffd78e`b8587080 00007fff`6cd97cb8 : nt!NtDeviceIoControlFile+0x56
  145. ffffec82`40bb1a90 00007fff`a5b2d684 : 00007fff`a326dddb 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  146. 000000b7`29cf6308 00007fff`a326dddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtDeviceIoControlFile+0x14
  147. 000000b7`29cf6310 00007fff`a5415951 : 00000000`0028201c 00000000`00000afc 00000000`00000afc 00007fff`a326ec45 : KERNELBASE!DeviceIoControl+0x6b
  148. 000000b7`29cf6380 00007ff6`5e8025f2 : 00000000`00000000 000000b7`29cfa514 000000b7`29cf6480 00000000`00000000 : KERNEL32!DeviceIoControlImplementation+0x81
  149. 000000b7`29cf63d0 00007ff6`5e80222f : 00007ff6`5e86a010 00000000`00000000 00007fff`a32907b0 00007fff`a32907b0 : nfsd!nfsd_worker_thread_main+0x392 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_daemon.c @ 258]
  150. 000000b7`29cff870 00007fff`64e9a1bc : 00007ff6`5e86a010 00000000`00000000 00000000`00000000 00000000`00000000 : nfsd!nfsd_thread_main+0x1f [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\daemon\nfs41_daemon.c @ 279]
  151. 000000b7`29cff8f0 00007fff`64e99e13 : 00007ff6`5e802210 00007ff6`5e86a010 00000000`00000000 00000000`00000000 : ucrtbased!invoke_thread_procedure+0x2c [d:\th\minkernel\crts\ucrt\src\appcrt\startup\thread.cpp @ 92]
  152. 000000b7`29cff930 00007fff`a5417374 : 00000296`fb07ff00 00000000`00000000 00000000`00000000 00000000`00000000 : ucrtbased!thread_start<unsigned int (__cdecl*)(void * __ptr64)>+0x93 [d:\th\minkernel\crts\ucrt\src\appcrt\startup\thread.cpp @ 115]
  153. 000000b7`29cff980 00007fff`a5adcc91 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
  154. 000000b7`29cff9b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
  155.  
  156.  
  157. FAULTING_SOURCE_LINE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_setfileinfo.c
  158.  
  159. FAULTING_SOURCE_FILE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_setfileinfo.c
  160.  
  161. FAULTING_SOURCE_LINE_NUMBER:  200
  162.  
  163. FAULTING_SOURCE_CODE:  
  164.    196:                     cur->u.SetFile.linkrename_stale_dst.path_len,
  165.    197:                 .Buffer = (PCHAR)*buf
  166.    198:             };
  167.    199:
  168. >  200:             status = RtlUTF8StringToUnicodeString(
  169.    201:                 &cur->u.SetFile.linkrename_stale_dst.path,
  170.    202:                 &stale_utf8filename, TRUE);
  171.    203:             if (!NT_SUCCESS(status)) {
  172.    204:                 goto out;
  173.    205:             }
  174.  
  175.  
  176. SYMBOL_NAME:  nfs41_driver!unmarshal_nfs41_setattr+114
  177.  
  178. MODULE_NAME: nfs41_driver
  179.  
  180. IMAGE_NAME:  nfs41_driver.sys
  181.  
  182. STACK_COMMAND:  .thread ; .cxr ; kb
  183.  
  184. BUCKET_ID_FUNC_OFFSET:  114
  185.  
  186. FAILURE_BUCKET_ID:  AV_VRF_R_INVALID_nfs41_driver!unmarshal_nfs41_setattr
  187.  
  188. OS_VERSION:  10.0.19041.1
  189.  
  190. BUILDLAB_STR:  vb_release
  191.  
  192. OSPLATFORM_TYPE:  x64
  193.  
  194. OSNAME:  Windows 10
  195.  
  196. FAILURE_ID_HASH:  {201b1077-92ce-c949-4216-ef0ec87d049f}
  197.  
  198. Followup:     MachineOwner
  199. ---------

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at