Kernel panic
Posted by Anonymous on Thu 2nd Nov 2023 09:32
raw | new post


************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.016 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.312 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\cygwin64\home\roland_mainz\tmp\nfs_crash20231102_001_MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff801`5cc00000 PsLoadedModuleList = 0xfffff801`5d82a360
Debug session time: Thu Nov  2 08:34:25.949 2023 (UTC + 1:00)
System Uptime: 0 days 3:29:58.668
Loading Kernel Symbols
...............................................................
................................................................
..............................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000084`2a3d2018).  Type ".hh dbgerr001" for details
Loading unloaded module list
......
For analysis of this file, run !analyze -v
Unable to load image \SystemRoot\system32\DRIVERS\nfs41_driver.sys, Win32 error 0n2
nt!KeBugCheckEx:
fffff801`5cffd640 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffc88d`adf73f20=0000000000000027
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

RDR_FILE_SYSTEM (27)
    If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
    exception record and context record. Do a .cxr on the 3rd parameter and then kb to
    obtain a more informative stack trace.
    The high 16 bits of the first parameter is the RDBSS BugCheck code, which is defined
    as follows:
     RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
     RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
     RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
     RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
Arguments:
Arg1: 00000000baad0080
Arg2: ffffc88dadf74f88
Arg3: ffffc88dadf747c0
Arg4: fffff8015d1f7617

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 4312

    Key  : Analysis.Elapsed.mSec
    Value: 4406

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 2

    Key  : Analysis.IO.Write.Mb
    Value: 2

    Key  : Analysis.Init.CPU.mSec
    Value: 1031

    Key  : Analysis.Init.Elapsed.mSec
    Value: 7286

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 101

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x27

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x27

    Key  : Failure.Bucket
    Value: 0x27_nfs41_driver!handle_upcall

    Key  : Failure.Hash
    Value: {8cc3c03c-4f74-c78a-fa41-0d8f60b7b819}

    Key  : Hypervisor.Enlightenments.Value
    Value: 12576

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 3120

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 1

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 0

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 1

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 0

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 1

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 1

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 1

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 536632

    Key  : Hypervisor.Flags.ValueHex
    Value: 83038

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 1

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1


BUGCHECK_CODE:  27

BUGCHECK_P1: baad0080

BUGCHECK_P2: ffffc88dadf74f88

BUGCHECK_P3: ffffc88dadf747c0

BUGCHECK_P4: fffff8015d1f7617

FILE_IN_CAB:  nfs_crash20231102_001_MEMORY.DMP

EXCEPTION_RECORD:  ffffc88dadf74f88 -- (.exr 0xffffc88dadf74f88)
ExceptionAddress: fffff8015d1f7617 (nt!SeTokenCanImpersonate+0x0000000000000047)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  ffffc88dadf747c0 -- (.cxr 0xffffc88dadf747c0)
rax=ffffc88dadf75228 rbx=00000000007a0079 rcx=ffffe28e3d7ee400
rdx=006f006900670065 rsi=006f006900670065 rdi=ffffe28e3d7ee400
rip=fffff8015d1f7617 rsp=ffffc88dadf751c0 rbp=ffffa80d057ead00
 r8=00000000007a0079  r9=ffffc88dadf752c0 r10=ffffa80d05872080
r11=ffffc88dadf752c0 r12=0000000000000000 r13=ffffa80d057c0538
r14=ffffe28e3d7ee400 r15=0000000000000001
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
nt!SeTokenCanImpersonate+0x47:
fffff801`5d1f7617 817a18e6030000  cmp     dword ptr [rdx+18h],3E6h ds:002b:006f0069`0067007d=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  nfsd_debug.exe

READ_ADDRESS:  ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%p verwies auf Arbeitsspeicher bei 0x%p. Der Vorgang %s konnte im Arbeitsspeicher nicht durchgef hrt werden.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

EXCEPTION_STR:  0xc0000005

STACK_TEXT:
ffffc88d`adf751c0 fffff801`5d1f7ac6     : ffffa80d`057c0000 fffff801`61c4fe00 00000000`00000000 ffffc88d`00000000 : nt!SeTokenCanImpersonate+0x47
ffffc88d`adf75230 fffff801`5d321035     : 00000000`00000000 fffff801`007a0079 ffffa80d`047f7010 ffffc88d`adf75368 : nt!PsImpersonateClient+0x126
ffffc88d`adf752c0 fffff801`61c34869     : 00000000`00000001 ffffa80d`057eadc0 fffff801`61c4fe40 fffff801`5ce1dff0 : nt!SeImpersonateClientEx+0x35
ffffc88d`adf75300 fffff801`61c400d7     : ffffa80d`047f7010 ffffa80d`06f441c0 ffffc88d`adf75384 00000000`00000000 : nfs41_driver!handle_upcall+0x59 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 1331]
ffffc88d`adf75350 fffff801`61c39de8     : ffffa80d`047f7010 ffffc88d`00282018 00000000`00000000 ffffa80d`05c77ef0 : nfs41_driver!nfs41_upcall+0xe7 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 1547]
ffffc88d`adf753c0 fffff801`61c65976     : ffffa80d`047f7010 ffffa80c`ffd7f060 00000000`00000002 ffffa80d`047f7010 : nfs41_driver!nfs41_DevFcbXXXControlFile+0x128 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 2363]
ffffc88d`adf75440 fffff801`61c65698     : ffffa80d`047f7010 ffffa80d`047f7010 ffffa80c`ffd7f000 ffffa80d`047f7010 : nfs41_driver!RxXXXControlFileCallthru+0x76 [base\fs\rdr2\rdbss\ntdevfcb.c @ 130]
ffffc88d`adf75470 fffff801`61c45a52     : 00000000`00000000 ffffa80d`057eadc0 ffffa80c`ffd7f001 00000000`00000000 : nfs41_driver!RxCommonDevFCBIoCtl+0x58 [base\fs\rdr2\rdbss\ntdevfcb.c @ 491]
ffffc88d`adf754a0 fffff801`61c5c97d     : fffff801`61c4f370 00000000`00001000 ffffa80d`05c77e50 ffffa80c`ffd7f060 : nfs41_driver!RxFsdCommonDispatch+0x442 [base\fs\rdr2\rdbss\ntfsd.c @ 848]
ffffc88d`adf755a0 fffff801`61c3a927     : ffffa80d`04e68570 00000000`00000001 00000000`00000000 00000000`00000000 : nfs41_driver!RxFsdDispatch+0xfd [base\fs\rdr2\rdbss\ntfsd.c @ 442]
ffffc88d`adf755d0 fffff801`5ce10665     : ffffa80c`ffd7f060 ffffa80d`057eadc0 ffffa80d`05872730 fffff801`5ce1ffcb : nfs41_driver!nfs41_FsdDispatch+0x67 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 6618]
ffffc88d`adf75610 fffff801`60d6f248     : fffff801`60d68000 00000000`00000000 ffffa80c`ffb13950 ffffa80d`04a8ce78 : nt!IofCallDriver+0x55
ffffc88d`adf75650 fffff801`60d6ed99     : ffffe28e`2d61bd80 00000000`00000000 fffff801`60d68000 00000000`00000000 : mup!MupiCallUncProvider+0xb8
ffffc88d`adf756c0 fffff801`60d6ecce     : ffffa80d`057eadc0 ffffa80d`04a8ce70 ffffa80d`05c77e50 00000000`00000000 : mup!MupStateMachine+0x59
ffffc88d`adf756f0 fffff801`5ce10665     : ffffa80d`05c77e50 00000000`00000000 ffffa80d`04e68570 00000000`00000001 : mup!MupFsdIrpPassThrough+0x17e
ffffc88d`adf75760 fffff801`5a044a76     : 00000000`00282018 ffffc88d`adf75958 ffffa80c`ffd7f060 fffff801`5d202441 : nt!IofCallDriver+0x55
ffffc88d`adf757a0 fffff801`5ce10665     : 00000000`00000002 00000000`00000000 ffffc88d`20206f49 ffffc88d`adf75958 : FLTMGR!FltpDispatch+0xd6
ffffc88d`adf75800 fffff801`5d20142c     : 00000000`00000001 ffffa80d`057eaf68 ffffa80d`05c77e50 ffffa80d`057c0080 : nt!IofCallDriver+0x55
ffffc88d`adf75840 fffff801`5d201081     : ffffa80d`057eaf68 ffffc88d`adf75b80 00000000`00000005 ffffa80d`057eaf68 : nt!IopSynchronousServiceTail+0x34c
ffffc88d`adf758e0 fffff801`5d2003f6     : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc71
ffffc88d`adf75a20 fffff801`5d010ef5     : 00000000`00000000 fffff801`5ce204de ffffa80d`04339080 00000084`2a3d2000 : nt!NtDeviceIoControlFile+0x56
ffffc88d`adf75a90 00007ffa`549cd0c4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000084`2c0fdac8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`549cd0c4


FAULTING_SOURCE_LINE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c

FAULTING_SOURCE_FILE:  C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c

FAULTING_SOURCE_LINE_NUMBER:  1331

FAULTING_SOURCE_CODE:
  1327:     PLOWIO_CONTEXT LowIoContext = &RxContext->LowIoContext;
  1328:     ULONG cbOut = LowIoContext->ParamsFor.IoCtl.OutputBufferLength;
  1329:     unsigned char *pbOut = LowIoContext->ParamsFor.IoCtl.pOutputBuffer;
  1330:
> 1331:     status = SeImpersonateClientEx(entry->psec_ctx, NULL);
  1332:     if (status != STATUS_SUCCESS) {
  1333:         print_error("SeImpersonateClientEx failed %x\n", status);
  1334:         goto out;
  1335:     }
  1336:


SYMBOL_NAME:  nfs41_driver!handle_upcall+59

MODULE_NAME: nfs41_driver

IMAGE_NAME:  nfs41_driver.sys

STACK_COMMAND:  .cxr 0xffffc88dadf747c0 ; kb

BUCKET_ID_FUNC_OFFSET:  59

FAILURE_BUCKET_ID:  0x27_nfs41_driver!handle_upcall

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {8cc3c03c-4f74-c78a-fa41-0d8f60b7b819}

Followup:     MachineOwner
---------

1: kd> ~*kp
       ^ Syntax error in '~*kp'
1: kd> kp
 # Child-SP          RetAddr               Call Site
00 ffffc88d`adf73f18 fffff801`61c471c9     nt!KeBugCheckEx
01 ffffc88d`adf73f20 fffff801`61c4afc0     nfs41_driver!RxExceptionFilter(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010, struct _EXCEPTION_POINTERS * ExceptionPointer = 0xffffc88d`adf74000)+0x159 [base\fs\rdr2\rdbss\ntexcept.c @ 126]
02 ffffc88d`adf73f90 fffff801`5cfd01bf     nfs41_driver!RxFsdCommonDispatch$filt$0+0x15 [base\fs\rdr2\rdbss\ntfsd.c @ 876]
03 ffffc88d`adf73fd0 fffff801`5d007d2f     nt!_C_specific_handler+0x9f
04 ffffc88d`adf74040 fffff801`5ceca3c7     nt!RtlpExecuteHandlerForException+0xf
05 ffffc88d`adf74070 fffff801`5cec94e6     nt!RtlDispatchException+0x297
06 ffffc88d`adf74790 fffff801`5d01186c     nt!KiDispatchException+0x186
07 ffffc88d`adf74e50 fffff801`5d00ce5a     nt!KiExceptionDispatch+0x12c
08 ffffc88d`adf75030 fffff801`5d1f7617     nt!KiGeneralProtectionFault+0x31a
09 ffffc88d`adf751c0 fffff801`5d1f7ac6     nt!SeTokenCanImpersonate+0x47
0a ffffc88d`adf75230 fffff801`5d321035     nt!PsImpersonateClient+0x126
0b ffffc88d`adf752c0 fffff801`61c34869     nt!SeImpersonateClientEx+0x35
0c ffffc88d`adf75300 fffff801`61c400d7     nfs41_driver!handle_upcall(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010, struct _updowncall_entry * entry = 0xffffa80d`06f441c0, unsigned long * len = 0xffffc88d`adf75384)+0x59 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 1331]
0d ffffc88d`adf75350 fffff801`61c39de8     nfs41_driver!nfs41_upcall(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010)+0xe7 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 1547]
0e ffffc88d`adf753c0 fffff801`61c65976     nfs41_driver!nfs41_DevFcbXXXControlFile(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010)+0x128 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 2363]
0f ffffc88d`adf75440 fffff801`61c65698     nfs41_driver!RxXXXControlFileCallthru(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010, struct _IRP * Irp = 0xffffa80d`057eadc0)+0x76 [base\fs\rdr2\rdbss\ntdevfcb.c @ 130]
10 ffffc88d`adf75470 fffff801`61c45a52     nfs41_driver!RxCommonDevFCBIoCtl(struct _RX_CONTEXT * RxContext = 0xffffa80d`047f7010, struct _IRP * Irp = <Value unavailable error>)+0x58 [base\fs\rdr2\rdbss\ntdevfcb.c @ 491]
11 ffffc88d`adf754a0 fffff801`61c5c97d     nfs41_driver!RxFsdCommonDispatch(struct _RX_FSD_DISPATCH_VECTOR * DispatchVector = 0xfffff801`61c4f370, struct _IRP * Irp = 0xffffa80d`057eadc0, struct _FILE_OBJECT * FileObject = 0xffffa80d`05c77e50 "" - Device for "\FileSystem\Mup", struct _RDBSS_DEVICE_OBJECT * RxDeviceObject = 0xffffa80c`ffd7f060)+0x442 [base\fs\rdr2\rdbss\ntfsd.c @ 848]
12 ffffc88d`adf755a0 fffff801`61c3a927     nfs41_driver!RxFsdDispatch(struct _RDBSS_DEVICE_OBJECT * RxDeviceObject = <Value unavailable error>, struct _IRP * Irp = <Value unavailable error>)+0xfd [base\fs\rdr2\rdbss\ntfsd.c @ 442]
13 ffffc88d`adf755d0 fffff801`5ce10665     nfs41_driver!nfs41_FsdDispatch(struct _DEVICE_OBJECT * dev = 0xffffa80c`ffd7f060 Device for "\FileSystem\nfs41_driver", struct _IRP * Irp = 0xffffa80d`057eadc0)+0x67 [C:\cygwin64\home\roland_mainz\work\msnfs41_uidmapping\ms-nfs41-client\sys\nfs41_driver.c @ 6618]
14 ffffc88d`adf75610 fffff801`60d6f248     nt!IofCallDriver+0x55
15 ffffc88d`adf75650 fffff801`60d6ed99     mup!MupiCallUncProvider+0xb8
16 ffffc88d`adf756c0 fffff801`60d6ecce     mup!MupStateMachine+0x59
17 ffffc88d`adf756f0 fffff801`5ce10665     mup!MupFsdIrpPassThrough+0x17e
18 ffffc88d`adf75760 fffff801`5a044a76     nt!IofCallDriver+0x55
19 ffffc88d`adf757a0 fffff801`5ce10665     FLTMGR!FltpDispatch+0xd6
1a ffffc88d`adf75800 fffff801`5d20142c     nt!IofCallDriver+0x55
1b ffffc88d`adf75840 fffff801`5d201081     nt!IopSynchronousServiceTail+0x34c
1c ffffc88d`adf758e0 fffff801`5d2003f6     nt!IopXxxControlFile+0xc71
1d ffffc88d`adf75a20 fffff801`5d010ef5     nt!NtDeviceIoControlFile+0x56
1e ffffc88d`adf75a90 00007ffa`549cd0c4     nt!KiSystemServiceCopyEnd+0x25
1f 00000084`2c0fdac8 00000000`00000000     0x00007ffa`549cd0c4