pastebin - collaborative debugging tool
nrubsig.kpaste.net RSS


wintar workaround, patch, crash, WinDBG info, 2024-12-18
Posted by Anonymous on Wed 18th Dec 2024 14:37
raw | new post
modification of post by Anonymous (view diff)

  1. Patch for https://github.com/kofemann/ms-nfs41-client.git commit id #046f5de27df3ae1852ced7da5001c5a0a1582287 (intended to be a workaround for the Windows tar issue, which causes some block to be written as blocks of zeros if it unpacks a bzip2-compressed archive):
  2. ---- snip ----
  3. diff --git a/sys/nfs41sys_driver.h b/sys/nfs41sys_driver.h
  4. index 1c39ab6..0e0107c 100644
  5. --- a/sys/nfs41sys_driver.h
  6. +++ b/sys/nfs41sys_driver.h
  7. @@ -48,8 +48,10 @@
  8.      (POOL_FLAG_UNINITIALIZED|POOL_FLAG_CACHE_ALIGNED)
  9.  
  10.  #define RxAllocatePoolWithTag(rxallocpool, numbytes, tag) \
  11. -    ExAllocatePool2(((((rxallocpool) == NonPagedPoolNx)? \
  12. -            POOL_FLAG_NON_PAGED:POOL_FLAG_NON_PAGED_EXECUTE) | \
  13. +    ExAllocatePool2((( \
  14. +            ((rxallocpool) == PagedPool)?POOL_FLAG_PAGED: \
  15. +                (((rxallocpool) == NonPagedPoolNx)? \
  16. +                    POOL_FLAG_NON_PAGED:POOL_FLAG_NON_PAGED_EXECUTE)) | \
  17.              RXALLOCATEPOOL_DEFAULT_ALLOCATEPOOL2FLAGS), \
  18.          (numbytes), (tag))
  19.  #endif /* EXALLOCATEPOOLWITHTAG_DEPRECATED */
  20. diff --git a/sys/nfs41sys_readwrite.c b/sys/nfs41sys_readwrite.c
  21. index 050819c..c39a506 100644
  22. --- a/sys/nfs41sys_readwrite.c
  23. +++ b/sys/nfs41sys_readwrite.c
  24. @@ -58,6 +58,7 @@
  25.  #include <winerror.h>
  26.  
  27.  #include <Ntstrsafe.h>
  28. +#include <stdbool.h>
  29.  
  30.  #include "nfs41sys_buildconfig.h"
  31.  
  32. @@ -333,7 +334,7 @@ NTSTATUS nfs41_Write(
  33.      IN OUT PRX_CONTEXT RxContext)
  34.  {
  35.      NTSTATUS status = STATUS_INSUFFICIENT_RESOURCES;
  36. -    nfs41_updowncall_entry *entry;
  37. +    nfs41_updowncall_entry *entry = NULL;
  38.      BOOLEAN async = FALSE;
  39.      PLOWIO_CONTEXT LowIoContext  = &RxContext->LowIoContext;
  40.      __notnull PMRX_SRV_OPEN SrvOpen = RxContext->pRelevantSrvOpen;
  41. @@ -344,6 +345,10 @@ NTSTATUS nfs41_Write(
  42.      __notnull PNFS41_FCB nfs41_fcb = NFS41GetFcbExtension(RxContext->pFcb);
  43.      __notnull PNFS41_FOBX nfs41_fobx = NFS41GetFobxExtension(RxContext->pFobx);
  44.      DWORD io_delay;
  45. +#if 1
  46. +    void *userbuffer_mem = NULL;
  47. +    PMDL userbuffer_mdl = NULL;
  48. +#endif
  49.  #ifdef ENABLE_TIMINGS
  50.      LARGE_INTEGER t1, t2;
  51.      t1 = KeQueryPerformanceCounter(NULL);
  52. @@ -362,9 +367,91 @@ NTSTATUS nfs41_Write(
  53.          pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry);
  54.      if (status) goto out;
  55.  
  56. +#if 1
  57. +    ULONG padded_readwrite_bytecount = LowIoContext->ParamsFor.ReadWrite.ByteCount + (256) /* 256==debug padding */;
  58. +
  59. +    userbuffer_mem = ExAllocatePool2(POOL_FLAG_NON_PAGED, padded_readwrite_bytecount, 'ioio');
  60. +    if (userbuffer_mem == NULL) {
  61. +        status = STATUS_NO_MEMORY;
  62. +        goto out;
  63. +    }
  64. +
  65. +    RtlZeroMemory(userbuffer_mem, padded_readwrite_bytecount);
  66. +
  67. +    userbuffer_mdl = IoAllocateMdl(userbuffer_mem,
  68. +        padded_readwrite_bytecount,
  69. +        FALSE, FALSE, NULL);
  70. +    if (userbuffer_mdl == NULL) {
  71. +        status = STATUS_NO_MEMORY;
  72. +        goto out;
  73. +    }
  74. +
  75. +#pragma warning( push )
  76. +/*
  77. + * C28145: "The opaque MDL structure should not be modified by a
  78. + * driver.", |MDL_MAPPING_CAN_FAIL| is the exception
  79. + */
  80. +#pragma warning (disable : 28145)
  81. +        userbuffer_mdl->MdlFlags |= MDL_MAPPING_CAN_FAIL;
  82. +#pragma warning( pop )
  83. +    MmProbeAndLockPages(userbuffer_mdl, KernelMode, IoModifyAccess);
  84. +
  85. +    PVOID Src;
  86. +    if ((Src = MmGetSystemAddressForMdlSafe(
  87. +            LowIoContext->ParamsFor.ReadWrite.Buffer,
  88. +            NormalPagePriority)) == NULL) {
  89. +        status = STATUS_INSUFFICIENT_RESOURCES;
  90. +        goto out;
  91. +    }
  92. +
  93. +    ULONG mdl_bytecount = MmGetMdlByteCount(LowIoContext->ParamsFor.ReadWrite.Buffer);
  94. +
  95. +    if (mdl_bytecount < LowIoContext->ParamsFor.ReadWrite.ByteCount) {
  96. +        DbgP("#### ERROR: mdl_bytecount(=%lld) < LowIoContext->ParamsFor.ReadWrite.ByteCount(=%lld)\n",
  97. +            (long long)mdl_bytecount,
  98. +            (long long)LowIoContext->ParamsFor.ReadWrite.ByteCount);
  99. +        DbgP("ReadWrite.Buffer=(Next=0x%p, Size=%ld, MdlFlags=0x%lx, "
  100. +            "Process=0x%p, MappedSystemVa=0x%p, StartVa=0x%p, "
  101. +            "ByteCount=%ld, ByteOffset=%ld)\n",
  102. +            (void *)LowIoContext->ParamsFor.ReadWrite.Buffer->Next,
  103. +            (long)LowIoContext->ParamsFor.ReadWrite.Buffer->Size,
  104. +            (long)LowIoContext->ParamsFor.ReadWrite.Buffer->MdlFlags,
  105. +            (void *)LowIoContext->ParamsFor.ReadWrite.Buffer->Process,
  106. +            (void *)LowIoContext->ParamsFor.ReadWrite.Buffer->MappedSystemVa,
  107. +            (void *)LowIoContext->ParamsFor.ReadWrite.Buffer->StartVa,
  108. +            (long)LowIoContext->ParamsFor.ReadWrite.Buffer->ByteCount,
  109. +            (long)LowIoContext->ParamsFor.ReadWrite.Buffer->ByteOffset);
  110. +        status = STATUS_INTERNAL_ERROR;
  111. +        goto out;
  112. +    }
  113. +
  114. +#if 1
  115. +    volatile char *cp_dest = userbuffer_mem;
  116. +    volatile char *cp_src = ((char *)Src)+LowIoContext->ParamsFor.ReadWrite.ByteOffset;
  117. +    volatile char tmpbyte;
  118. +
  119. +    long long cp_i;
  120. +
  121. +    long long cp_max = LowIoContext->ParamsFor.ReadWrite.ByteCount;
  122. +
  123. +    for (cp_i = 0 ; cp_i < cp_max ; cp_i++) {
  124. +        tmpbyte = *cp_src++;
  125. +
  126. +        *cp_dest++ = tmpbyte;
  127. +    }
  128. +#else
  129. +    (void)RtlCopyMemory(userbuffer_mem,
  130. +        ((char *)Src)+LowIoContext->ParamsFor.ReadWrite.ByteOffset,
  131. +        LowIoContext->ParamsFor.ReadWrite.ByteCount);
  132. +#endif
  133. +    entry->u.ReadWrite.MdlAddress = userbuffer_mdl;
  134. +    entry->buf_len = LowIoContext->ParamsFor.ReadWrite.ByteCount;
  135. +    entry->u.ReadWrite.offset = 0;
  136. +#else
  137.      entry->u.ReadWrite.MdlAddress = LowIoContext->ParamsFor.ReadWrite.Buffer;
  138.      entry->buf_len = LowIoContext->ParamsFor.ReadWrite.ByteCount;
  139.      entry->u.ReadWrite.offset = LowIoContext->ParamsFor.ReadWrite.ByteOffset;
  140. +#endif
  141.  
  142.      if (FlagOn(RxContext->CurrentIrpSp->FileObject->Flags,
  143.              FO_SYNCHRONOUS_IO) == FALSE) {
  144. @@ -420,6 +507,17 @@ NTSTATUS nfs41_Write(
  145.      }
  146.      nfs41_UpcallDestroy(entry);
  147.  out:
  148. +#if 1
  149. +    if (!async) {
  150. +        if (userbuffer_mdl) {
  151. +            IoFreeMdl(userbuffer_mdl);
  152. +        }
  153. +        if (userbuffer_mem) {
  154. +            RxFreePool(userbuffer_mem);
  155. +        }
  156. +    }
  157. +#endif
  158. +
  159.  #ifdef ENABLE_TIMINGS
  160.      t2 = KeQueryPerformanceCounter(NULL);
  161.      InterlockedIncrement(&write.tops);
  162. ---- snip ----
  163.  
  164.  
  165. This crashes when using $ git clone git://repo.or.cz/bash.git # in Cygwin with "Page Fault in non-paged area" like this:
  166. ************* Preparing the environment for Debugger Extensions Gallery repositories **************
  167.    ExtensionRepository : Implicit
  168.    UseExperimentalFeatureForNugetShare : true
  169.    AllowNugetExeUpdate : true
  170.    NonInteractiveNuget : true
  171.    AllowNugetMSCredentialProviderInstall : true
  172.    AllowParallelInitializationOfLocalRepositories : true
  173.    EnableRedirectToChakraJsProvider : false
  174.  
  175.    -- Configuring repositories
  176.       ----> Repository : LocalInstalled, Enabled: true
  177.       ----> Repository : UserExtensions, Enabled: true
  178.  
  179. >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
  180.  
  181. ************* Waiting for Debugger Extensions Gallery to Initialize **************
  182.  
  183. >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.532 seconds
  184.    ----> Repository : UserExtensions, Enabled: true, Packages count: 0
  185.    ----> Repository : LocalInstalled, Enabled: true, Packages count: 42
  186.  
  187. Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
  188. Copyright (c) Microsoft Corporation. All rights reserved.
  189.  
  190.  
  191. Loading Dump File [C:\Windows\MEMORY.DMP]
  192. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  193.  
  194.  
  195. ************* Path validation summary **************
  196. Response                         Time (ms)     Location
  197. Deferred                                       srv*
  198. OK                                             C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\destdir\cygdrive\c\cygwin64\sbin
  199. OK                                             C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\build.vc19\x64\Debug\nfs41_driver
  200. Symbol search path is: srv*;C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\destdir\cygdrive\c\cygwin64\sbin;C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\build.vc19\x64\Debug\nfs41_driver
  201. Executable search path is:
  202. Windows 10 Kernel Version 19041 MP (8 procs) Free x64
  203. Product: WinNt, suite: TerminalServer SingleUserTS
  204. Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
  205. Kernel base = 0xfffff806`19400000 PsLoadedModuleList = 0xfffff806`1a02a3e0
  206. Debug session time: Wed Dec 18 11:50:41.555 2024 (UTC + 1:00)
  207. System Uptime: 0 days 0:09:39.323
  208. Loading Kernel Symbols
  209. ...............................................................
  210. ...........Page de19 not present in the dump file. Type ".hh dbgerr004" for details
  211. .....................................................
  212. ................................................................
  213. ......
  214. Loading User Symbols
  215.  
  216. Loading unloaded module list
  217. ......
  218. For analysis of this file, run !analyze -v
  219. nt!KeBugCheckEx:
  220. fffff806`197fe8f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff9582`32c5a910=0000000000000050
  221. 1: kd> !analyze -v
  222. *******************************************************************************
  223. *                                                                             *
  224. *                        Bugcheck Analysis                                    *
  225. *                                                                             *
  226. *******************************************************************************
  227.  
  228. PAGE_FAULT_IN_NONPAGED_AREA (50)
  229. Invalid system memory was referenced.  This cannot be protected by try-except.
  230. Typically the address is just plain bad or it is pointing at freed memory.
  231. Arguments:
  232. Arg1: ffffc90145a8d000, memory referenced.
  233. Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE.
  234.         bit 1 is set if the fault was due to a write, clear if a read.
  235.         bit 3 is set if the processor decided the fault was due to a corrupted PTE.
  236.         bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
  237.         - ARM64: bit 1 is set if the fault was due to a write, clear if a read.
  238.         bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
  239. Arg3: fffff8061ed3361d, If non-zero, the instruction address which referenced the bad memory
  240.         address.
  241. Arg4: 0000000000000000, (reserved)
  242.  
  243. Debugging Details:
  244. ------------------
  245.  
  246.  
  247. KEY_VALUES_STRING: 1
  248.  
  249.     Key  : AV.Type
  250.     Value: Read
  251.  
  252.     Key  : Analysis.CPU.mSec
  253.     Value: 2453
  254.  
  255.     Key  : Analysis.Elapsed.mSec
  256.     Value: 4796
  257.  
  258.     Key  : Analysis.IO.Other.Mb
  259.     Value: 0
  260.  
  261.     Key  : Analysis.IO.Read.Mb
  262.     Value: 3
  263.  
  264.     Key  : Analysis.IO.Write.Mb
  265.     Value: 2
  266.  
  267.     Key  : Analysis.Init.CPU.mSec
  268.     Value: 781
  269.  
  270.     Key  : Analysis.Init.Elapsed.mSec
  271.     Value: 5718
  272.  
  273.     Key  : Analysis.Memory.CommitPeak.Mb
  274.     Value: 99
  275.  
  276.     Key  : Analysis.Version.DbgEng
  277.     Value: 10.0.27725.1000
  278.  
  279.     Key  : Analysis.Version.Description
  280.     Value: 10.2408.27.01 amd64fre
  281.  
  282.     Key  : Analysis.Version.Ext
  283.     Value: 1.2408.27.1
  284.  
  285.     Key  : Bugcheck.Code.KiBugCheckData
  286.     Value: 0x50
  287.  
  288.     Key  : Bugcheck.Code.LegacyAPI
  289.     Value: 0x50
  290.  
  291.     Key  : Bugcheck.Code.TargetModel
  292.     Value: 0x50
  293.  
  294.     Key  : Failure.Bucket
  295.     Value: AV_R_(null)_nfs41_driver!nfs41_Write
  296.  
  297.     Key  : Failure.Hash
  298.     Value: {be85c6e9-381a-fb84-c448-edc4d53cac46}
  299.  
  300.     Key  : Hypervisor.Enlightenments.Value
  301.     Value: 12576
  302.  
  303.     Key  : Hypervisor.Enlightenments.ValueHex
  304.     Value: 3120
  305.  
  306.     Key  : Hypervisor.Flags.AnyHypervisorPresent
  307.     Value: 1
  308.  
  309.     Key  : Hypervisor.Flags.ApicEnlightened
  310.     Value: 0
  311.  
  312.     Key  : Hypervisor.Flags.ApicVirtualizationAvailable
  313.     Value: 0
  314.  
  315.     Key  : Hypervisor.Flags.AsyncMemoryHint
  316.     Value: 0
  317.  
  318.     Key  : Hypervisor.Flags.CoreSchedulerRequested
  319.     Value: 0
  320.  
  321.     Key  : Hypervisor.Flags.CpuManager
  322.     Value: 0
  323.  
  324.     Key  : Hypervisor.Flags.DeprecateAutoEoi
  325.     Value: 1
  326.  
  327.     Key  : Hypervisor.Flags.DynamicCpuDisabled
  328.     Value: 0
  329.  
  330.     Key  : Hypervisor.Flags.Epf
  331.     Value: 0
  332.  
  333.     Key  : Hypervisor.Flags.ExtendedProcessorMasks
  334.     Value: 0
  335.  
  336.     Key  : Hypervisor.Flags.HardwareMbecAvailable
  337.     Value: 0
  338.  
  339.     Key  : Hypervisor.Flags.MaxBankNumber
  340.     Value: 0
  341.  
  342.     Key  : Hypervisor.Flags.MemoryZeroingControl
  343.     Value: 0
  344.  
  345.     Key  : Hypervisor.Flags.NoExtendedRangeFlush
  346.     Value: 1
  347.  
  348.     Key  : Hypervisor.Flags.NoNonArchCoreSharing
  349.     Value: 0
  350.  
  351.     Key  : Hypervisor.Flags.Phase0InitDone
  352.     Value: 1
  353.  
  354.     Key  : Hypervisor.Flags.PowerSchedulerQos
  355.     Value: 0
  356.  
  357.     Key  : Hypervisor.Flags.RootScheduler
  358.     Value: 0
  359.  
  360.     Key  : Hypervisor.Flags.SynicAvailable
  361.     Value: 1
  362.  
  363.     Key  : Hypervisor.Flags.UseQpcBias
  364.     Value: 0
  365.  
  366.     Key  : Hypervisor.Flags.Value
  367.     Value: 536632
  368.  
  369.     Key  : Hypervisor.Flags.ValueHex
  370.     Value: 83038
  371.  
  372.     Key  : Hypervisor.Flags.VpAssistPage
  373.     Value: 1
  374.  
  375.     Key  : Hypervisor.Flags.VsmAvailable
  376.     Value: 0
  377.  
  378.     Key  : Hypervisor.RootFlags.AccessStats
  379.     Value: 0
  380.  
  381.     Key  : Hypervisor.RootFlags.CrashdumpEnlightened
  382.     Value: 0
  383.  
  384.     Key  : Hypervisor.RootFlags.CreateVirtualProcessor
  385.     Value: 0
  386.  
  387.     Key  : Hypervisor.RootFlags.DisableHyperthreading
  388.     Value: 0
  389.  
  390.     Key  : Hypervisor.RootFlags.HostTimelineSync
  391.     Value: 0
  392.  
  393.     Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
  394.     Value: 0
  395.  
  396.     Key  : Hypervisor.RootFlags.IsHyperV
  397.     Value: 0
  398.  
  399.     Key  : Hypervisor.RootFlags.LivedumpEnlightened
  400.     Value: 0
  401.  
  402.     Key  : Hypervisor.RootFlags.MapDeviceInterrupt
  403.     Value: 0
  404.  
  405.     Key  : Hypervisor.RootFlags.MceEnlightened
  406.     Value: 0
  407.  
  408.     Key  : Hypervisor.RootFlags.Nested
  409.     Value: 0
  410.  
  411.     Key  : Hypervisor.RootFlags.StartLogicalProcessor
  412.     Value: 0
  413.  
  414.     Key  : Hypervisor.RootFlags.Value
  415.     Value: 0
  416.  
  417.     Key  : Hypervisor.RootFlags.ValueHex
  418.     Value: 0
  419.  
  420.     Key  : SecureKernel.HalpHvciEnabled
  421.     Value: 0
  422.  
  423.     Key  : WER.OS.Branch
  424.     Value: vb_release
  425.  
  426.     Key  : WER.OS.Version
  427.     Value: 10.0.19041.1
  428.  
  429.  
  430. BUGCHECK_CODE:  50
  431.  
  432. BUGCHECK_P1: ffffc90145a8d000
  433.  
  434. BUGCHECK_P2: 0
  435.  
  436. BUGCHECK_P3: fffff8061ed3361d
  437.  
  438. BUGCHECK_P4: 0
  439.  
  440. FILE_IN_CAB:  MEMORY.DMP
  441.  
  442. FAULTING_THREAD:  ffff9d89a3815080
  443.  
  444. READ_ADDRESS: unable to get nt!PspSessionIdBitmap
  445.  ffffc90145a8d000
  446.  
  447. MM_INTERNAL_CODE:  0
  448.  
  449. IMAGE_NAME:  nfs41_driver.sys
  450.  
  451. MODULE_NAME: nfs41_driver
  452.  
  453. FAULTING_MODULE: fffff8061ed20000 nfs41_driver
  454.  
  455. BLACKBOXBSD: 1 (!blackboxbsd)
  456.  
  457.  
  458. BLACKBOXNTFS: 1 (!blackboxntfs)
  459.  
  460.  
  461. BLACKBOXWINLOGON: 1
  462.  
  463. PROCESS_NAME:  System
  464.  
  465. TRAP_FRAME:  ffff958232c5abb0 -- (.trap 0xffff958232c5abb0)
  466. NOTE: The trap frame does not contain all registers.
  467. Some register values may be zeroed or incorrect.
  468. rax=ffffc90145a8d000 rbx=0000000000000000 rcx=00000000000000f1
  469. rdx=0000000000000010 rsi=0000000000000000 rdi=0000000000000000
  470. rip=fffff8061ed3361d rsp=ffff958232c5ad40 rbp=ffff9d89a64b6aa0
  471.  r8=cfffffffffffffff  r9=fffff57aa7626910 r10=fffff8061a04f5c0
  472. r11=fffff57abd5eafff r12=0000000000000000 r13=0000000000000000
  473. r14=0000000000000000 r15=0000000000000000
  474. iopl=0         nv up ei ng nz na po cy
  475. nfs41_driver!nfs41_Write+0x46d:
  476. fffff806`1ed3361d 0fb600          movzx   eax,byte ptr [rax] ds:ffffc901`45a8d000=??
  477. Resetting default scope
  478.  
  479. STACK_TEXT:  
  480. ffff9582`32c5a908 fffff806`19846095     : 00000000`00000050 ffffc901`45a8d000 00000000`00000000 ffff9582`32c5abb0 : nt!KeBugCheckEx
  481. ffff9582`32c5a910 fffff806`19638cd0     : ffff9d89`a3815080 00000000`00000000 ffff9582`32c5ac30 00000000`00000000 : nt!MiSystemFault+0x1ce5f5
  482. ffff9582`32c5aa10 fffff806`1980ea6d     : ffff9d89`aa48d010 0000000f`ffffffff ffff9582`32c5aca9 00000000`00000000 : nt!MmAccessFault+0x400
  483. ffff9582`32c5abb0 fffff806`1ed3361d     : ffff9d89`a9105aa0 ffffae0e`00000010 0000021d`52627400 ffff9d89`aa48d010 : nt!KiPageFault+0x36d
  484. ffff9582`32c5ad40 fffff806`1ed53844     : ffff9d89`aa48d010 ffff9d89`00000000 ffff9d89`00000000 00000000`00000001 : nfs41_driver!nfs41_Write+0x46d [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_readwrite.c @ 438]
  485. ffff9582`32c5ae70 fffff806`1ed5ee3a     : ffffae0e`fa405660 ffff9d89`a64b6aa0 ffff9d89`a64b6aa0 fffff806`1ed3b3bd : nfs41_driver!RxLowIoSubmit+0x2d4 [base\fs\rdr2\rxce\lowio.c @ 805]
  486. ffff9582`32c5aed0 fffff806`1ed5e8af     : ffff9d89`aa48d010 ffff9d89`a64b6aa0 ffff9d89`a64b6aa0 00000000`00000004 : nfs41_driver!RxLowIoWriteShell+0x9a [base\fs\rdr2\rdbss\write.c @ 2095]
  487. ffff9582`32c5af20 fffff806`1ed3b262     : ffff9d89`aa48d010 ffff9d89`a64b6aa0 ffff9d89`a61e0000 00000000`00000001 : nfs41_driver!RxCommonWrite+0x1a2f [base\fs\rdr2\rdbss\write.c @ 1508]
  488. ffff9582`32c5b0f0 fffff806`1ed5696d     : fffff806`1ed49160 00000000`00000000 00000000`00000000 ffff9d89`a61e0060 : nfs41_driver!RxFsdCommonDispatch+0x442 [base\fs\rdr2\rdbss\ntfsd.c @ 848]
  489. ffff9582`32c5b1f0 fffff806`1ed28077     : ffff9d89`a36c5b00 ffff9d89`a33f6160 ffff9d89`a9d94ba0 ffff9d89`a9d94ca8 : nfs41_driver!RxFsdDispatch+0xfd [base\fs\rdr2\rdbss\ntfsd.c @ 442]
  490. ffff9582`32c5b220 fffff806`1964a295     : ffff9d89`a61e0060 ffff9d89`a64b6aa0 ffff9d89`a38156d0 fffff806`19659bbb : nfs41_driver!nfs41_FsdDispatch+0x67 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_driver.c @ 962]
  491. ffff9582`32c5b260 fffff806`1cd7f248     : fffff806`1cd78000 00000000`00000000 ffff9d89`a3f53910 ffff9d89`aa45faa8 : nt!IofCallDriver+0x55
  492. ffff9582`32c5b2a0 fffff806`1cd7ed99     : ffffae0e`f455d420 ffff9d89`a390e4c0 fffff806`1cd78000 00000000`00000000 : mup!MupiCallUncProvider+0xb8
  493. ffff9582`32c5b310 fffff806`1cd7ecce     : ffff9d89`a64b6aa0 ffff9d89`aa45faa0 ffff9d89`abd0e5b0 00000000`00000000 : mup!MupStateMachine+0x59
  494. ffff9582`32c5b340 fffff806`1964a295     : 00000000`00000000 00000000`00000000 ffff9d89`a36c5b00 fffff806`16085021 : mup!MupFsdIrpPassThrough+0x17e
  495. ffff9582`32c5b3b0 fffff806`1608710f     : 00000000`00000006 00000000`00000000 ffff9d89`a9d83b50 fffff806`1964ec5c : nt!IofCallDriver+0x55
  496. ffff9582`32c5b3f0 fffff806`16084a43     : ffff9582`32c5b480 ffff9d89`a9105aa0 00000000`00000140 ffff9d89`a384bb40 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
  497. ffff9582`32c5b460 fffff806`1964a295     : ffff9d89`a64b6aa0 fffff806`1964a2d7 00000000`00000004 00000000`00000004 : FLTMGR!FltpDispatch+0xa3
  498. ffff9582`32c5b4c0 fffff806`196b68e3     : ffff9d89`a9105aa0 ffff9d89`a64b6aa0 ffff9d89`abd0e5b0 ffff9582`32c5b580 : nt!IofCallDriver+0x55
  499. ffff9582`32c5b500 fffff806`19741dc8     : 00000000`00000000 ffff9582`32c5b5a0 ffff9d89`abd0e5b0 fffff806`19676175 : nt!IoSynchronousPageWriteEx+0x13b
  500. ffff9582`32c5b540 fffff806`19646312     : 00000000`00000011 ffffae0f`00ea3018 00000000`00001000 00000000`00000000 : nt!MiIssueSynchronousFlush+0x70
  501. ffff9582`32c5b5c0 fffff806`197034a9     : ffff9582`33053a88 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiFlushSectionInternal+0x862
  502. ffff9582`32c5b890 fffff806`19675a8d     : 00000000`00000001 ffff9d89`a3815080 00000000`0008d000 00000000`00001000 : nt!MmFlushSection+0xbd
  503. ffff9582`32c5b940 fffff806`19674bd4     : ffff9d89`a1cf4148 00000000`00000000 ffff9d89`00000001 00000000`00000000 : nt!CcFlushCachePriv+0x6cd
  504. ffff9582`32c5ba90 fffff806`196171c5     : ffff9d89`abe45880 fffff806`196fdc00 ffff9d89`a1a5ac01 00000000`00000000 : nt!CcWriteBehindInternal+0x1f4
  505. ffff9582`32c5bb70 fffff806`1975a165     : ffff9d89`a3815080 00000000`00000080 ffff9d89`a1a87080 00078404`ad9b3dfe : nt!ExpWorkerThread+0x105
  506. ffff9582`32c5bc10 fffff806`198078f8     : ffffc901`38fe3180 ffff9d89`a3815080 fffff806`1975a110 00000000`00000000 : nt!PspSystemThreadStartup+0x55
  507. ffff9582`32c5bc60 00000000`00000000     : ffff9582`32c5c000 ffff9582`32c56000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
  508.  
  509.  
  510. FAULTING_SOURCE_LINE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_readwrite.c
  511.  
  512. FAULTING_SOURCE_FILE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_readwrite.c
  513.  
  514. FAULTING_SOURCE_LINE_NUMBER:  438
  515.  
  516. FAULTING_SOURCE_CODE:  
  517.    434:
  518.    435:     long long cp_max = LowIoContext->ParamsFor.ReadWrite.ByteCount;
  519.    436:
  520.    437:     for (cp_i = 0 ; cp_i < cp_max ; cp_i++) {
  521. >  438:         tmpbyte = *cp_src++;
  522.    439:
  523.    440:         *cp_dest++ = tmpbyte;
  524.    441:     }
  525.    442: #else
  526.    443:     (void)RtlCopyMemory(userbuffer_mem,
  527.  
  528.  
  529. SYMBOL_NAME:  nfs41_driver!nfs41_Write+46d
  530.  
  531. STACK_COMMAND:  .process /r /p 0xffff9d89a1a87080; .thread 0xffff9d89a3815080 ; kb
  532.  
  533. BUCKET_ID_FUNC_OFFSET:  46d
  534.  
  535. FAILURE_BUCKET_ID:  AV_R_(null)_nfs41_driver!nfs41_Write
  536.  
  537. OS_VERSION:  10.0.19041.1
  538.  
  539. BUILDLAB_STR:  vb_release
  540.  
  541. OSPLATFORM_TYPE:  x64
  542.  
  543. OSNAME:  Windows 10
  544.  
  545. FAILURE_ID_HASH:  {be85c6e9-381a-fb84-c448-edc4d53cac46}
  546.  
  547. Followup:     MachineOwner
  548. ---------
  549.  
  550. 1: kd> kp
  551.  # Child-SP          RetAddr               Call Site
  552. 00 ffff9582`32c5a908 fffff806`19846095     nt!KeBugCheckEx
  553. 01 ffff9582`32c5a910 fffff806`19638cd0     nt!MiSystemFault+0x1ce5f5
  554. 02 ffff9582`32c5aa10 fffff806`1980ea6d     nt!MmAccessFault+0x400
  555. 03 ffff9582`32c5abb0 fffff806`1ed3361d     nt!KiPageFault+0x36d
  556. 04 ffff9582`32c5ad40 fffff806`1ed53844     nfs41_driver!nfs41_Write(struct _RX_CONTEXT * RxContext = 0xffff9d89`aa48d010)+0x46d [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_readwrite.c @ 438]
  557. 05 ffff9582`32c5ae70 fffff806`1ed5ee3a     nfs41_driver!RxLowIoSubmit(struct _RX_CONTEXT * RxContext = 0xffff9d89`aa48d010, struct _IRP * Irp = 0xffff9d89`a64b6aa0, struct _FCB * Fcb = 0xffffae0e`fa405660, <function> * CompletionRoutine = 0xfffff57a`a7626910)+0x2d4 [base\fs\rdr2\rxce\lowio.c @ 805]
  558. 06 ffff9582`32c5aed0 fffff806`1ed5e8af     nfs41_driver!RxLowIoWriteShell(struct _RX_CONTEXT * RxContext = 0xffff9d89`aa48d010, struct _IRP * Irp = 0xffff9d89`a64b6aa0, struct _FCB * Fcb = 0xffffae0e`fa405660)+0x9a [base\fs\rdr2\rdbss\write.c @ 2095]
  559. 07 ffff9582`32c5af20 fffff806`1ed3b262     nfs41_driver!RxCommonWrite(struct _RX_CONTEXT * RxContext = 0xffff9d89`aa48d010, struct _IRP * Irp = 0xffff9d89`a64b6aa0)+0x1a2f [base\fs\rdr2\rdbss\write.c @ 1508]
  560. 08 ffff9582`32c5b0f0 fffff806`1ed5696d     nfs41_driver!RxFsdCommonDispatch(struct _RX_FSD_DISPATCH_VECTOR * DispatchVector = 0xfffff806`1ed49160, struct _IRP * Irp = 0xffff9d89`a64b6aa0, struct _FILE_OBJECT * FileObject = 0x00000000`00000000, struct _RDBSS_DEVICE_OBJECT * RxDeviceObject = 0xffff9d89`a61e0060)+0x442 [base\fs\rdr2\rdbss\ntfsd.c @ 848]
  561. 09 ffff9582`32c5b1f0 fffff806`1ed28077     nfs41_driver!RxFsdDispatch(struct _RDBSS_DEVICE_OBJECT * RxDeviceObject = <Value unavailable error>, struct _IRP * Irp = <Value unavailable error>)+0xfd [base\fs\rdr2\rdbss\ntfsd.c @ 442]
  562. 0a ffff9582`32c5b220 fffff806`1964a295     nfs41_driver!nfs41_FsdDispatch(struct _DEVICE_OBJECT * dev = 0xffff9d89`a61e0060 Device for "\FileSystem\nfs41_driver", struct _IRP * Irp = 0xffff9d89`a64b6aa0)+0x67 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_driver.c @ 962]
  563. 0b ffff9582`32c5b260 fffff806`1cd7f248     nt!IofCallDriver+0x55
  564. 0c ffff9582`32c5b2a0 fffff806`1cd7ed99     mup!MupiCallUncProvider+0xb8
  565. 0d ffff9582`32c5b310 fffff806`1cd7ecce     mup!MupStateMachine+0x59
  566. 0e ffff9582`32c5b340 fffff806`1964a295     mup!MupFsdIrpPassThrough+0x17e
  567. 0f ffff9582`32c5b3b0 fffff806`1608710f     nt!IofCallDriver+0x55
  568. 10 ffff9582`32c5b3f0 fffff806`16084a43     FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
  569. 11 ffff9582`32c5b460 fffff806`1964a295     FLTMGR!FltpDispatch+0xa3
  570. 12 ffff9582`32c5b4c0 fffff806`196b68e3     nt!IofCallDriver+0x55
  571. 13 ffff9582`32c5b500 fffff806`19741dc8     nt!IoSynchronousPageWriteEx+0x13b
  572. 14 ffff9582`32c5b540 fffff806`19646312     nt!MiIssueSynchronousFlush+0x70
  573. 15 ffff9582`32c5b5c0 fffff806`197034a9     nt!MiFlushSectionInternal+0x862
  574. 16 ffff9582`32c5b890 fffff806`19675a8d     nt!MmFlushSection+0xbd
  575. 17 ffff9582`32c5b940 fffff806`19674bd4     nt!CcFlushCachePriv+0x6cd
  576. 18 ffff9582`32c5ba90 fffff806`196171c5     nt!CcWriteBehindInternal+0x1f4
  577. 19 ffff9582`32c5bb70 fffff806`1975a165     nt!ExpWorkerThread+0x105
  578. 1a ffff9582`32c5bc10 fffff806`198078f8     nt!PspSystemThreadStartup+0x55
  579. 1b ffff9582`32c5bc60 00000000`00000000     nt!KiStartSystemThread+0x28
  580. 1: kd> .frame 0n4;dv /t /v
  581. 04 ffff9582`32c5ad40 fffff806`1ed53844     nfs41_driver!nfs41_Write+0x46d [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41sys_readwrite.c @ 438]
  582. ffff9582`32c5ae70 struct _RX_CONTEXT * RxContext = 0xffff9d89`aa48d010
  583. ffff9582`32c5add8 struct _NFS41_FOBX * nfs41_fobx = 0xffffae0e`fa405b30
  584. ffff9582`32c5ade8 struct _NFS41_V_NET_ROOT_EXTENSION * pVNetRootContext = 0xffff9d89`a9d527b0
  585. ffff9582`32c5ae10 struct _NFS41_FCB * nfs41_fcb = 0xffffae0e`fa405900
  586. ffff9582`32c5adc0 struct _MDL * userbuffer_mdl = 0xffff9d89`a9566010
  587. ffff9582`32c5ae40 struct _NFS41_NETROOT_EXTENSION * pNetRootContext = 0xffff9d89`a9de43d0
  588. ffff9582`32c5ae08 char * cp_dest = 0xffff9d89`a44fc000 ""
  589. ffff9582`32c5ae50 int64 cp_max = 0n577536
  590. ffff9582`32c5ada8 struct _updowncall_entry * entry = 0xffff9d89`a8ee2e50
  591. ffff9582`32c5ade0 unsigned long mdl_bytecount = 0x8d000
  592. ffff9582`32c5ada0 struct _LOWIO_CONTEXT * LowIoContext = 0xffff9d89`aa48d1a8
  593. ffff9582`32c5ae38 void * Src = 0xffffc901`45a00000
  594. ffff9582`32c5adb8 struct _MRX_SRV_OPEN_ * SrvOpen = 0xffffae0e`fa405960
  595. ffff9582`32c5adb0 char tmpbyte = 0n-15 ''
  596. ffff9582`32c5ad94 long status = 0n0
  597. ffff9582`32c5adc8 unsigned long padded_readwrite_bytecount = 0x8d100
  598. ffff9582`32c5ad90 unsigned char async = 0x00 ''
  599. ffff9582`32c5adf0 unsigned long io_delay = 0
  600. ffff9582`32c5add0 void * userbuffer_mem = 0xffff9d89`a4470000
  601. ffff9582`32c5adf8 int64 cp_i = 0n573440
  602. ffff9582`32c5ae00 char * cp_src = 0xffffc901`45a8d000 "--- memory read error at address 0xffffc901`45a8d000 ---"
  603. 1: kd> dt -r LowIoContext
  604. Local var @ 0xffff958232c5ada0 Type _LOWIO_CONTEXT*
  605. 0xffff9d89`aa48d1a8
  606.    +0x000 Operation        : 1
  607.    +0x002 Flags            : 0
  608.    +0x008 CompletionRoutine : 0xfffff806`1ed5eeb0     long  nfs41_driver!RxLowIoWriteShellCompletion+0
  609.    +0x010 Resource         : 0xffff9d89`a1cf41c8 _ERESOURCE
  610.       +0x000 SystemResourcesList : _LIST_ENTRY [ 0xffff9d89`a1cf42b0 - 0xffff9d89`a1cf4160 ]
  611.          +0x000 Flink            : 0xffff9d89`a1cf42b0 _LIST_ENTRY [ 0xffff9d89`a8fe2690 - 0xffff9d89`a1cf41c8 ]
  612.          +0x008 Blink            : 0xffff9d89`a1cf4160 _LIST_ENTRY [ 0xffff9d89`a1cf41c8 - 0xffff9d89`a7dcb750 ]
  613.       +0x010 OwnerTable       : (null)
  614.       +0x018 ActiveCount      : 0n1
  615.       +0x01a Flag             : 0
  616.       +0x01a ReservedLowFlags : 0 ''
  617.       +0x01b WaiterPriority   : 0 ''
  618.       +0x020 SharedWaiters    : (null)
  619.       +0x028 ExclusiveWaiters : (null)
  620.       +0x030 OwnerEntry       : _OWNER_ENTRY
  621.          +0x000 OwnerThread      : 0xffff9d89`a3815080
  622.          +0x008 IoPriorityBoosted : 0y0
  623.          +0x008 OwnerReferenced  : 0y0
  624.          +0x008 IoQoSPriorityBoosted : 0y0
  625.          +0x008 OwnerCount       : 0y00000000000000000000000000010 (0x2)
  626.          +0x008 TableSize        : 0x10
  627.       +0x040 ActiveEntries    : 1
  628.       +0x044 ContentionCount  : 0
  629.       +0x048 NumberOfSharedWaiters : 0
  630.       +0x04c NumberOfExclusiveWaiters : 0
  631.       +0x050 Reserved2        : (null)
  632.       +0x058 Address          : (null)
  633.       +0x058 CreatorBackTraceIndex : 0
  634.       +0x060 SpinLock         : 0
  635.    +0x018 ResourceThreadId : 0xffff9d89`a3815080
  636.    +0x020 ParamsFor        : <anonymous-tag>
  637.       +0x000 ReadWrite        : <anonymous-tag>
  638.          +0x000 Flags            : 1
  639.          +0x008 Buffer           : 0xffff9d89`a9105aa0 _MDL
  640.          +0x010 ByteOffset       : 0n4096
  641.          +0x018 ByteCount        : 0x8d000
  642.          +0x01c Key              : 0
  643.          +0x020 NonPagedFcb      : (null)
  644.       +0x000 Locks            : <anonymous-tag>
  645.          +0x000 LockList         : 0x00000000`00000001 _LOWIO_LOCK_LIST
  646.          +0x000 Length           : 0n1
  647.          +0x008 Flags            : 0xa9105aa0
  648.          +0x010 ByteOffset       : 0n4096
  649.          +0x018 Key              : 0x8d000
  650.       +0x000 FsCtl            : _XXCTL_LOWIO_COMPONENT
  651.          +0x000 Flags            : 1
  652.          +0x004 FsControlCode    : 0
  653.          +0x004 IoControlCode    : 0
  654.          +0x008 InputBufferLength : 0xa9105aa0
  655.          +0x010 pInputBuffer     : 0x00000000`00001000 Void
  656.          +0x018 OutputBufferLength : 0x8d000
  657.          +0x020 pOutputBuffer    : (null)
  658.          +0x028 MinorFunction    : 0 ''
  659.       +0x000 IoCtl            : _XXCTL_LOWIO_COMPONENT
  660.          +0x000 Flags            : 1
  661.          +0x004 FsControlCode    : 0
  662.          +0x004 IoControlCode    : 0
  663.          +0x008 InputBufferLength : 0xa9105aa0
  664.          +0x010 pInputBuffer     : 0x00000000`00001000 Void
  665.          +0x018 OutputBufferLength : 0x8d000
  666.          +0x020 pOutputBuffer    : (null)
  667.          +0x028 MinorFunction    : 0 ''
  668.       +0x000 NotifyChangeDirectory : <anonymous-tag>
  669.          +0x000 WatchTree        : 0x1 ''
  670.          +0x004 CompletionFilter : 0
  671.          +0x008 NotificationBufferLength : 0xa9105aa0
  672.          +0x010 pNotificationBuffer : 0x00000000`00001000 Void
  673. 1: kd> dx -id 0,0,ffff9d89a1a87080 -r1 ((nfs41_driver!_MDL *)0xffff9d89a9105aa0)
  674. ((nfs41_driver!_MDL *)0xffff9d89a9105aa0)                 : 0xffff9d89a9105aa0 [Type: _MDL *]
  675.     [+0x000] Next             : 0x0 [Type: _MDL *]
  676.     [+0x008] Size             : 1176 [Type: short]
  677.     [+0x00a] MdlFlags         : 3 [Type: short]
  678.     [+0x010] Process          : 0x0 [Type: _EPROCESS *]
  679.     [+0x018] MappedSystemVa   : 0xffffc90145a00000 [Type: void *]
  680.     [+0x020] StartVa          : 0x0 [Type: void *]
  681.     [+0x028] ByteCount        : 0x8d000 [Type: unsigned long]
  682.     [+0x02c] ByteOffset       : 0x0 [Type: unsigned long]

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at