3 Replies Latest reply on Sep 13, 2014 12:57 PM by andrez81

    DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6)

    andrez81

      I enabled DriverVerifier (Driver Verifier (Windows Drivers)) to debug a different issue on my Toshiba Encore 8 and got this BSOD during boot:

       

      *******************************************************************************

      *                                                                             *

      *                        Bugcheck Analysis                                    *

      *                                                                             *

      *******************************************************************************

       

      DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6)

      N bytes of memory was allocated and more than N bytes are being referenced.

      This cannot be protected by try-except.

      When possible, the guilty driver's name (Unicode string) is printed on

      the bugcheck screen and saved in KiBugCheckDriver.

      Arguments:

      Arg1: aefe9000, memory referenced

      Arg2: 00000001, value 0 = read operation, 1 = write operation

      Arg3: 91b56959, if non-zero, the address which referenced memory.

      Arg4: 00000000, (reserved)

       

      Debugging Details:

      ------------------

       

       

      WRITE_ADDRESS:  aefe9000 Special pool

       

      FAULTING_IP:

      DptfDevDisplay+1959

      91b56959 894e08          mov     dword ptr [esi+8],ecx

       

      MM_INTERNAL_CODE:  0

       

      IMAGE_NAME:  DptfDevDisplay.sys

       

      DEBUG_FLR_IMAGE_TIMESTAMP:  52982e04

       

      MODULE_NAME: DptfDevDisplay

       

      FAULTING_MODULE: 91b55000 DptfDevDisplay

       

      DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

       

      BUGCHECK_STR:  0xD6

       

      PROCESS_NAME:  DptfParticipan

       

      CURRENT_IRQL:  0

       

      ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

       

      DEVICE_OBJECT: 91022660

       

      DRIVER_OBJECT: 00000000

       

      TRAP_FRAME:  82fef9a0 -- (.trap 0xffffffff82fef9a0)

      ErrCode = 00000002

      eax=00000000 ebx=82fefa60 ecx=00000064 edx=00000012 esi=aefe8ff8 edi=aee18f38

      eip=91b56959 esp=82fefa14 ebp=82fefa30 iopl=0         nv up ei pl zr na pe nc

      cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246

      DptfDevDisplay+0x1959:

      91b56959 894e08          mov     dword ptr [esi+8],ecx ds:0023:aefe9000=????????

      Resetting default scope

       

      LAST_CONTROL_TRANSFER:  from 8194fbaa to 81913244

       

      STACK_TEXT: 

      82fef824 8194fbaa 00000050 aefe9000 00000001 nt!KeBugCheckEx

      82fef880 8185d122 82fef9a0 00001a09 82fef8f8 nt! ?? ::FNODOBFM::`string'+0x22f88

      82fef908 81927845 00000001 aefe9000 00000000 nt!MmAccessFault+0x742

      82fef908 91b56959 00000001 aefe9000 00000000 nt!KiTrap0E+0xf1

      WARNING: Stack unwind information not available. Following frames may be wrong.

      82fefa30 91b568b6 935cca80 00222004 aefe8ff8 DptfDevDisplay+0x1959

      82fefa64 83290a6a 51025059 935cca80 00000004 DptfDevDisplay+0x18b6

      82fefab4 83290499 510250e0 935f6de8 aefdaf18 Wdf01000!FxIoQueue::DispatchRequestToDriver+0x175

      82fefaec 83294bb2 935f6d00 00000000 aefdaf18 Wdf01000!FxIoQueue::DispatchEvents+0x289

      82fefb10 8328dc4f aefdaf18 a850e2f0 aee18f20 Wdf01000!FxIoQueue::QueueRequest+0x6f

      82fefbbc 81cc3b3d 00b6e208 aee18f20 81cc3871 Wdf01000!FxDevice::DispatchWithLock+0xf4e

      82fefbe0 81871a52 81a8566e 91022660 aee18f20 nt!IovCallDriver+0x2cc

      82fefbf4 81a8566e aee18fd8 aee18f20 00000000 nt!IofCallDriver+0x62

      82fefc50 81a88328 91022660 00000000 00000001 nt!IopSynchronousServiceTail+0x16e

      82fefcf8 81a87f32 00000000 00000000 00000204 nt!IopXxxControlFile+0x3e8

      82fefd24 81924377 000000dc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a

      82fefd24 77b835d4 000000dc 00000000 00000000 nt!KiSystemServicePostCall

      0157fdb8 00000000 00000000 00000000 00000000 0x77b835d4

       

       

      STACK_COMMAND:  kb

       

      FOLLOWUP_IP:

      DptfDevDisplay+1959

      91b56959 894e08          mov     dword ptr [esi+8],ecx

       

      SYMBOL_STACK_INDEX:  4

       

      SYMBOL_NAME:  DptfDevDisplay+1959

       

      FAILURE_BUCKET_ID:  0xD6_VRF_DptfDevDisplay+1959

       

      BUCKET_ID:  0xD6_VRF_DptfDevDisplay+1959

       

      ANALYSIS_SOURCE:  KM

       

      FAILURE_ID_HASH_STRING:  km:0xd6_vrf_dptfdevdisplay+1959

       

      FAILURE_ID_HASH:  {22c40be8-8845-e808-9beb-e07ea10e88db}

       

      ---------

       

       

       

      2: kd> !PROCESS 9100b380 f

      PROCESS 9100b380  SessionId: 0  Cid: 01f8    Peb: 7fdb9000  ParentCid: 02f4

          DirBase: 79ff3440  ObjectTable: b73aca80  HandleCount: <Data Not Accessible>

          Image: DptfParticipantDisplayService.exe

          VadRoot 9100f2f0 Vads 43 Clone 0 Private 121. Modified 0. Locked 0.

          DeviceMap 82a09f20

          Token                             b73a9620

          ElapsedTime                       00:00:00.093

          UserTime                          00:00:00.000

          KernelTime                        00:00:00.000

          QuotaPoolUsage[PagedPool]         47292

          QuotaPoolUsage[NonPagedPool]      3240

          Working Set Sizes (now,min,max)  (721, 50, 345) (2884KB, 200KB, 1380KB)

          PeakWorkingSetSize                695

          VirtualSize                       24 Mb

          PeakVirtualSize                   24 Mb

          PageFaultCount                    729

          MemoryPriority                    BACKGROUND

          BasePriority                      8

          CommitCharge                      137

          Job                               8caba240

       

              THREAD 91014bc0  Cid 01f8.0298  Teb: 7fdbf000 Win32Thread: aa213278 WAIT: (UserRequest) UserMode Non-Alertable

                  9101c070  SynchronizationEvent

              Not impersonating

              DeviceMap                 82a09f20

              Owning Process            9100b380       Image:         DptfParticipantDisplayService.exe

              Attached Process          N/A            Image:         N/A

              Wait Start TickCount      1406           Ticks: 3 (0:00:00:00.046)

              Context Switch Count      70             IdealProcessor: 0            

              UserTime                  00:00:00.000

              KernelTime                00:00:00.031

              Win32 Start Address 0x00f63e02

              Stack Init b1913de0 Current b1913b74 Base b1914000 Limit b1911000 Call 0

              Priority 13 BasePriority 8 UnusualBoost 5 ForegroundBoost 0 IoPriority 2 PagePriority 5

              ChildEBP RetAddr 

              b1913b8c 8187a702 nt!KiSwapContext+0x19 (FPO: [Uses EBP] [1,0,4])

              b1913be8 8187a1b1 nt!KiSwapThread+0x172 (FPO: [Non-Fpo])

              b1913c2c 81875176 nt!KiCommitThreadWait+0x141 (FPO: [3,11,4])

              b1913ce0 81a8bc9f nt!KeWaitForSingleObject+0x176 (FPO: [5,37,4])

              b1913d40 81924377 nt!NtWaitForSingleObject+0xcf (FPO: [Non-Fpo])

              b1913d40 77b835d4 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame @ b1913d54)

      WARNING: Frame IP not in any known module. Following frames may be wrong.

              0096f5f4 00000000 0x77b835d4

       

              THREAD 91022bc0  Cid 01f8.02e4  Teb: 7fdbe000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Alertable

                  91020a80  QueueObject

              Not impersonating

              DeviceMap                 82a09f20

              Owning Process            9100b380       Image:         DptfParticipantDisplayService.exe

              Attached Process          N/A            Image:         N/A

              Wait Start TickCount      1406           Ticks: 3 (0:00:00:00.046)

              Context Switch Count      9              IdealProcessor: 0            

              UserTime                  00:00:00.000

              KernelTime                00:00:00.000

              Win32 Start Address 0x77b2e840

              Stack Init b1734de0 Current b1734aac Base b1735000 Limit b1732000 Call 0

              Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

              ChildEBP RetAddr 

              b1734ac4 8187a702 nt!KiSwapContext+0x19 (FPO: [Uses EBP] [1,0,4])

              b1734b20 8187a1b1 nt!KiSwapThread+0x172 (FPO: [Non-Fpo])

              b1734b64 8187d131 nt!KiCommitThreadWait+0x141 (FPO: [3,11,4])

              b1734be4 8187cd5e nt!KeRemoveQueueEx+0x271 (FPO: [6,23,4])

              b1734c50 8187dd9b nt!IoRemoveIoCompletion+0x2c (FPO: [Non-Fpo])

              b1734d38 81924377 nt!NtWaitForWorkViaWorkerFactory+0x20b (FPO: [Non-Fpo])

              b1734d38 77b835d4 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame @ b1734d54)

      WARNING: Frame IP not in any known module. Following frames may be wrong.

              00f2fac0 00000000 0x77b835d4

       

              THREAD 91026bc0  Cid 01f8.0324  Teb: 7fdbc000 Win32Thread: 00000000 RUNNING on processor 2

              IRP List:

                  aee18f20: (0006,00dc) Flags: 40060070  Mdl: 00000000

              Not impersonating

              DeviceMap                 82a09f20

              Owning Process            9100b380       Image:         DptfParticipantDisplayService.exe

              Attached Process          N/A            Image:         N/A

              Wait Start TickCount      1409           Ticks: 0

              Context Switch Count      61             IdealProcessor: 0            

              UserTime                  00:00:00.000

              KernelTime                00:00:00.000

              Win32 Start Address 0x00f61460

              Stack Init 82fefde0 Current 82fefa50 Base 82ff0000 Limit 82fed000 Call 0

              Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

              ChildEBP RetAddr 

              82fef824 8194fbaa nt!KeBugCheckEx

              82fef880 8185d122 nt! ?? ::FNODOBFM::`string'+0x22f88

              82fef908 81927845 nt!MmAccessFault+0x742 (FPO: [4,23,4])

              82fef908 91b56959 nt!KiTrap0E+0xf1 (FPO: [0,0] TrapFrame @ 82fef9a0)

      WARNING: Stack unwind information not available. Following frames may be wrong.

              82fefa30 91b568b6 DptfDevDisplay+0x1959

              82fefa64 83290a6a DptfDevDisplay+0x18b6

              82fefab4 83290499 Wdf01000!FxIoQueue::DispatchRequestToDriver+0x175 (FPO: [Non-Fpo])

              82fefaec 83294bb2 Wdf01000!FxIoQueue::DispatchEvents+0x289 (FPO: [Non-Fpo])

              82fefb10 8328dc4f Wdf01000!FxIoQueue::QueueRequest+0x6f (FPO: [Non-Fpo])

              82fefbbc 81cc3b3d Wdf01000!FxDevice::DispatchWithLock+0xf4e (FPO: [Non-Fpo])

              82fefbe0 81871a52 nt!IovCallDriver+0x2cc (FPO: [Non-Fpo])

              82fefbf4 81a8566e nt!IofCallDriver+0x62 (FPO: [Non-Fpo])

              82fefc50 81a88328 nt!IopSynchronousServiceTail+0x16e (FPO: [Non-Fpo])

              82fefcf8 81a87f32 nt!IopXxxControlFile+0x3e8 (FPO: [Non-Fpo])

              82fefd24 81924377 nt!NtDeviceIoControlFile+0x2a (FPO: [Non-Fpo])

              82fefd24 77b835d4 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame @ 82fefd54)

              0157fdb8 00000000 0x77b835d4

       

      2: kd> lmvm DptfDevDisplay

      start    end        module name

      91b55000 91b5e000   DptfDevDisplay   (no symbols)          

          Loaded symbol image file: DptfDevDisplay.sys

          Image path: \SystemRoot\system32\DRIVERS\DptfDevDisplay.sys

          Image name: DptfDevDisplay.sys

          Timestamp:        Fri Nov 29 07:02:44 2013 (52982E04)

          CheckSum:         00013218

          ImageSize:        00009000

          Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

       

       

      2: kd> .trap 0xffffffff82fef9a0

      ErrCode = 00000002

      eax=00000000 ebx=82fefa60 ecx=00000064 edx=00000012 esi=aefe8ff8 edi=aee18f38

      eip=91b56959 esp=82fefa14 ebp=82fefa30 iopl=0         nv up ei pl zr na pe nc

      cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246

      DptfDevDisplay+0x1959:

      91b56959 894e08          mov     dword ptr [esi+8],ecx ds:0023:aefe9000=????????

       

       

      Have you seen this before? What is this DptfParticipantDisplayService.exe doing? I use the last version (10E) that Toshiba provides:

       

      http://www.toshiba.eu/innovation/download_driver_details.jsp?service=EU&selCategory=2&selFamily=387&selSeries=418&selProduct=17569&selShortMod=4522&language=13&selOS=45&selType=all&yearupload=2014&monthupload=3&dayupload=27&useDate=null&mode=allMachines&search=&action=search&macId=&country=all&selectedLanguage=13&type=all&page=1&ID=90268&OSID=45&driverLanguage=42