API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 29th, 2017
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.28 KB | None | 0 0
raw download clone embed print report
  1. ==================================================================
  2. ==================================================================
  3. ==================================================================
  4. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  5. Copyright (c) Microsoft Corporation. All rights reserved.
  6. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052017-5375-01.dmp]
  7. Mini Kernel Dump File: Only registers and stack trace are available
  8. Symbol search path is: srv*
  9. Executable search path is:
  10. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  11. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  12. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  13. Machine Name:
  14. Kernel base = 0xfffff801`7947d000 PsLoadedModuleList = 0xfffff801`7977c000
  15. Debug session time: Sun May 21 02:55:49.276 2017 (UTC - 4:00)
  16. System Uptime: 0 days 2:35:33.934
  17.  
  18. BugCheck F7, {4efd97c19f20, 11a4264f3c41, ffffee5bd9b0c3be, 0}
  19. *** WARNING: Unable to verify timestamp for vrtaucbl.sys
  20. *** ERROR: Module load completed but symbols could not be loaded for vrtaucbl.sys
  21. *** WARNING: Unable to verify timestamp for win32k.sys
  22. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  23. Probably caused by : memory_corruption
  24. Followup: memory_corruption
  25. DRIVER_OVERRAN_STACK_BUFFER (f7)
  26. A driver has overrun a stack-based buffer. This overrun could potentially
  27. allow a malicious user to gain control of this machine.
  28. DESCRIPTION
  29. A driver overran a stack-based buffer (or local variable) in a way that would
  30. have overwritten the function's return address and jumped back to an arbitrary
  31. address when the function returned. This is the classic "buffer overrun"
  32. hacking attack and the system has been brought down to prevent a malicious user
  33. from gaining complete control of it.
  34. Do a kb to get a stack backtrace -- the last routine on the stack before the
  35. buffer overrun handlers and bugcheck call is the one that overran its local
  36. variable(s).
  37.  
  38. Arguments:
  39. Arg1: 00004efd97c19f20, Actual security check cookie from the stack
  40. Arg2: 000011a4264f3c41, Expected security check cookie
  41. Arg3: ffffee5bd9b0c3be, Complement of the expected security check cookie
  42. Arg4: 0000000000000000, zero
  43.  
  44. Debugging Details:
  45. DUMP_CLASS: 1
  46. DUMP_QUALIFIER: 400
  47. BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
  48. SYSTEM_MANUFACTURER: MSI
  49. SYSTEM_PRODUCT_NAME: MS-7850
  50. SYSTEM_SKU: To be filled by O.E.M.
  51. SYSTEM_VERSION: 1.0
  52. BIOS_VENDOR: American Megatrends Inc.
  53. BIOS_VERSION: V4.11
  54. BIOS_DATE: 02/16/2016
  55. BASEBOARD_MANUFACTURER: MSI
  56. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  57. BASEBOARD_VERSION: 1.0
  58. DUMP_TYPE: 2
  59. BUGCHECK_P1: 4efd97c19f20
  60. BUGCHECK_P2: 11a4264f3c41
  61. BUGCHECK_P3: ffffee5bd9b0c3be
  62. BUGCHECK_P4: 0
  63. SECURITY_COOKIE: Expected 000011a4264f3c41 found 00004efd97c19f20
  64. CPU_COUNT: 4
  65. CPU_MHZ: dac
  66. CPU_VENDOR: GenuineIntel
  67. CPU_FAMILY: 6
  68. CPU_MODEL: 3c
  69. CPU_STEPPING: 3
  70. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  71. CUSTOMER_CRASH_COUNT: 1
  72. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  73. BUGCHECK_STR: 0xF7
  74. PROCESS_NAME: System
  75. CURRENT_IRQL: 2
  76. ANALYSIS_SESSION_HOST: UserName-PC
  77. ANALYSIS_SESSION_TIME: 05-29-2017 12:07:48.0098
  78. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  79. EXCEPTION_RECORD: ffffca8921add030 -- (.exr 0xffffca8921add030)
  80. ExceptionAddress: ffffca8921add250
  81. ExceptionCode: 219af030
  82. ExceptionFlags: ffffca89
  83. NumberParameters: 0
  84. TRAP_FRAME: fffff80100000000 -- (.trap 0xfffff80100000000)
  85. Unable to read trap frame at fffff801`00000000
  86. LAST_CONTROL_TRANSFER: from fffff8017962a9e1 to fffff801795cbc00
  87. STACK_COMMAND: kb
  88. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  89. fffff801794ad03b-fffff801794ad03c 2 bytes - nt!MmUnlockPages+9b
  90. [ 80 f6:00 fa ]
  91. fffff801794ad065-fffff801794ad066 2 bytes - nt!MmUnlockPages+c5 (+0x2a)
  92. [ 80 f6:00 fa ]
  93. fffff801794ad0df-fffff801794ad0e1 3 bytes - nt!MmUnlockPages+13f (+0x7a)
  94. [ 40 fb f6:00 7d fa ]
  95. fffff801794ad397-fffff801794ad398 2 bytes - nt!MmUnlockPages+3f7 (+0x2b8)
  96. [ 80 f6:00 fa ]
  97. fffff801794ad53f-fffff801794ad540 2 bytes - nt!MmUnlockPages+59f (+0x1a8)
  98. [ ff f6:7f fa ]
  99. fffff801794ad57c - nt!MmUnlockPages+5dc (+0x3d)
  100. [ fa:99 ]
  101. fffff801794ad5a7 - nt!MmUnlockPages+607 (+0x2b)
  102. [ fa:99 ]
  103. fffff801794ad63d-fffff801794ad63e 2 bytes - nt!MmUnlockPages+69d (+0x96)
  104. [ 80 f6:00 fa ]
  105. fffff801794ad814-fffff801794ad815 2 bytes - nt!MmUnlockPages+874 (+0x1d7)
  106. [ 80 f6:00 fa ]
  107. fffff801794ad865-fffff801794ad866 2 bytes - nt!MmUnlockPages+8c5 (+0x51)
  108. [ 80 f6:00 fa ]
  109. fffff801794ad99f - nt!MmUnlockPages+9ff (+0x13a)
  110. [ fa:99 ]
  111. fffff801794ada6b-fffff801794ada6c 2 bytes - nt!MmUnlockPages+acb (+0xcc)
  112. [ ff f6:7f fa ]
  113. fffff801794adaa0-fffff801794adaa1 2 bytes - nt!MmUnlockPages+b00 (+0x35)
  114. [ ff f6:7f fa ]
  115. fffff801794adac6 - nt!MmUnlockPages+b26 (+0x26)
  116. [ fa:99 ]
  117. fffff801794adb05-fffff801794adb06 2 bytes - nt!MmUnlockPages+b65 (+0x3f)
  118. [ 80 f6:00 fa ]
  119. fffff801794adc58 - nt!MmUnlockPages+cb8 (+0x153)
  120. [ fa:99 ]
  121. fffff801794adda8-fffff801794adda9 2 bytes - nt!MmUnlockPages+e08 (+0x150)
  122. [ 80 f6:00 fa ]
  123. fffff801794ade7e-fffff801794ade7f 2 bytes - nt!MiInsertCachedPte+3e (+0xd6)
  124. [ 80 f6:00 fa ]
  125. fffff801794adfd8-fffff801794adfd9 2 bytes - nt!MiInsertCachedPte+198 (+0x15a)
  126. [ ff f6:7f fa ]
  127. 34 errors : !nt (fffff801794ad03b-fffff801794adfd9)
  128. MODULE_NAME: memory_corruption
  129. IMAGE_NAME: memory_corruption
  130. FOLLOWUP_NAME: memory_corruption
  131. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  132. MEMORY_CORRUPTOR: LARGE
  133. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  134. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  135. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  136. TARGET_TIME: 2017-05-21T06:55:49.000Z
  137. OSBUILD: 14393
  138. OSSERVICEPACK: 1198
  139. SERVICEPACK_NUMBER: 0
  140. OS_REVISION: 0
  141. SUITE_MASK: 784
  142. PRODUCT_TYPE: 1
  143. OSPLATFORM_TYPE: x64
  144. OSNAME: Windows 10
  145. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  146. OS_LOCALE:
  147. USER_LCID: 0
  148. OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
  149. BUILDDATESTAMP_STR: 170427-1353
  150. BUILDLAB_STR: rs1_release_sec
  151. BUILDOSVER_STR: 10.0.14393.1198
  152. ANALYSIS_SESSION_ELAPSED_TIME: 191a
  153. ANALYSIS_SOURCE: KM
  154. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  155. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  156. Followup: memory_corruption
  157. ==================================================================
  158. ==================================================================
  159. ==================================================================
  160. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  161. Copyright (c) Microsoft Corporation. All rights reserved.
  162. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052017-5734-01.dmp]
  163. Mini Kernel Dump File: Only registers and stack trace are available
  164. Symbol search path is: srv*
  165. Executable search path is:
  166. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  167. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  168. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  169. Machine Name:
  170. Kernel base = 0xfffff801`44076000 PsLoadedModuleList = 0xfffff801`44375000
  171. Debug session time: Sun May 21 00:19:49.394 2017 (UTC - 4:00)
  172. System Uptime: 0 days 1:12:15.053
  173.  
  174. BugCheck 3B, {c0000005, fffff80bff3fabef, ffffcc81cf0693a0, 0}
  175. Probably caused by : dxgkrnl.sys ( dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb )
  176. Followup: MachineOwner
  177. SYSTEM_SERVICE_EXCEPTION (3b)
  178. An exception happened while executing a system service routine.
  179.  
  180. Arguments:
  181. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  182. Arg2: fffff80bff3fabef, Address of the instruction which caused the bugcheck
  183. Arg3: ffffcc81cf0693a0, Address of the context record for the exception that caused the bugcheck
  184. Arg4: 0000000000000000, zero.
  185.  
  186. Debugging Details:
  187. DUMP_CLASS: 1
  188. DUMP_QUALIFIER: 400
  189. BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
  190. SYSTEM_MANUFACTURER: MSI
  191. SYSTEM_PRODUCT_NAME: MS-7850
  192. SYSTEM_SKU: To be filled by O.E.M.
  193. SYSTEM_VERSION: 1.0
  194. BIOS_VENDOR: American Megatrends Inc.
  195. BIOS_VERSION: V4.11
  196. BIOS_DATE: 02/16/2016
  197. BASEBOARD_MANUFACTURER: MSI
  198. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  199. BASEBOARD_VERSION: 1.0
  200. DUMP_TYPE: 2
  201. BUGCHECK_P1: c0000005
  202. BUGCHECK_P2: fffff80bff3fabef
  203. BUGCHECK_P3: ffffcc81cf0693a0
  204. BUGCHECK_P4: 0
  205. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  206. FAULTING_IP:
  207. dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
  208. fffff80b`ff3fabef c3 ret
  209. CONTEXT: ffffcc81cf0693a0 -- (.cxr 0xffffcc81cf0693a0)
  210. rax=0000000040005d00 rbx=0000000000000000 rcx=00000000fffffffc
  211. rdx=0000000000000002 rsi=ffffdf0648bc7000 rdi=ffffdf064b2f8a00
  212. rip=fffff80bff3fabef rsp=ffffcc81cf069db8 rbp=00000000c01e0104
  213. r8=ffffa70431af0f48 r9=0000000000000003 r10=7fffa70431af0f48
  214. r11=7ffffffffffffffc r12=0000000000000001 r13=ffffcc81cf06a9e0
  215. r14=ffffcc81cf06a068 r15=ffffa7042fced330
  216. iopl=0 nv up ei ng nz na pe nc
  217. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210282
  218. dxgkrnl!DXGPROCESS::UpdateHandleInstance+0xeb:
  219. fffff80b`ff3fabef c3 ret
  220. Resetting default scope
  221. CPU_COUNT: 4
  222. CPU_MHZ: dac
  223. CPU_VENDOR: GenuineIntel
  224. CPU_FAMILY: 6
  225. CPU_MODEL: 3c
  226. CPU_STEPPING: 3
  227. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  228. CUSTOMER_CRASH_COUNT: 1
  229. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  230. BUGCHECK_STR: 0x3B
  231. PROCESS_NAME: Battle.net.exe
  232. CURRENT_IRQL: 0
  233. ANALYSIS_SESSION_HOST: UserName-PC
  234. ANALYSIS_SESSION_TIME: 05-29-2017 12:12:12.0602
  235. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  236. LAST_CONTROL_TRANSFER: from fffff80bff499381 to fffff80bff3fabef
  237. THREAD_SHA1_HASH_MOD_FUNC: 270a5070c5aa99eb3fd91d60fad48fa669db12f1
  238. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 20d6d650f8ee37e927294cd5075125d2b7e4281e
  239. THREAD_SHA1_HASH_MOD: ff08c251ebf754aea31a7bc85deef3f57ecf5f61
  240. FOLLOWUP_IP:
  241. dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
  242. fffff80b`ff3fabef c3 ret
  243. FAULT_INSTR_CODE: 5c8948c3
  244. SYMBOL_STACK_INDEX: 0
  245. SYMBOL_NAME: dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
  246. FOLLOWUP_NAME: MachineOwner
  247. MODULE_NAME: dxgkrnl
  248. IMAGE_NAME: dxgkrnl.sys
  249. DEBUG_FLR_IMAGE_TIMESTAMP: 590280ba
  250. IMAGE_VERSION: 10.0.14393.1198
  251. STACK_COMMAND: .cxr 0xffffcc81cf0693a0 ; kb
  252. BUCKET_ID_FUNC_OFFSET: eb
  253. FAILURE_BUCKET_ID: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
  254. BUCKET_ID: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
  255. PRIMARY_PROBLEM_CLASS: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
  256. TARGET_TIME: 2017-05-21T04:19:49.000Z
  257. OSBUILD: 14393
  258. OSSERVICEPACK: 1198
  259. SERVICEPACK_NUMBER: 0
  260. OS_REVISION: 0
  261. SUITE_MASK: 784
  262. PRODUCT_TYPE: 1
  263. OSPLATFORM_TYPE: x64
  264. OSNAME: Windows 10
  265. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  266. OS_LOCALE:
  267. USER_LCID: 0
  268. OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
  269. BUILDDATESTAMP_STR: 170427-1353
  270. BUILDLAB_STR: rs1_release_sec
  271. BUILDOSVER_STR: 10.0.14393.1198
  272. ANALYSIS_SESSION_ELAPSED_TIME: afb
  273. ANALYSIS_SOURCE: KM
  274. FAILURE_ID_HASH_STRING: km:0x3b_dxgkrnl!dxgprocess::updatehandleinstance
  275. FAILURE_ID_HASH: {134ffa56-dbd0-f3f3-7f29-900975d0f0d0}
  276. Followup: MachineOwner
  277. ==================================================================
  278. ==================================================================
  279. ==================================================================
  280. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  281. Copyright (c) Microsoft Corporation. All rights reserved.
  282. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052117-5437-01.dmp]
  283. Mini Kernel Dump File: Only registers and stack trace are available
  284. Symbol search path is: srv*
  285. Executable search path is:
  286. Windows 10 Kernel Version 14393 MP (4 procs) Free x64
  287. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  288. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  289. Machine Name:
  290. Kernel base = 0xfffff802`27e7c000 PsLoadedModuleList = 0xfffff802`2817b000
  291. Debug session time: Sun May 21 07:47:13.884 2017 (UTC - 4:00)
  292. System Uptime: 0 days 4:15:02.543
  293.  
  294. BugCheck 1E, {ffffffffc0000005, fffff801b001159d, 0, ffffffffffffffff}
  295. Probably caused by : NETIO.SYS ( NETIO!RtlGetNextExpiredTimerWheelEntry+fd )
  296. Followup: MachineOwner
  297. KMODE_EXCEPTION_NOT_HANDLED (1e)
  298. This is a very common bugcheck. Usually the exception address pinpoints
  299. the driver/function that caused the problem. Always note this address
  300. as well as the link date of the driver/image that contains this address.
  301.  
  302. Arguments:
  303. Arg1: ffffffffc0000005, The exception code that was not handled
  304. Arg2: fffff801b001159d, The address that the exception occurred at
  305. Arg3: 0000000000000000, Parameter 0 of the exception
  306. Arg4: ffffffffffffffff, Parameter 1 of the exception
  307.  
  308. Debugging Details:
  309. DUMP_CLASS: 1
  310. DUMP_QUALIFIER: 400
  311. BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
  312. SYSTEM_MANUFACTURER: MSI
  313. SYSTEM_PRODUCT_NAME: MS-7850
  314. SYSTEM_SKU: To be filled by O.E.M.
  315. SYSTEM_VERSION: 1.0
  316. BIOS_VENDOR: American Megatrends Inc.
  317. BIOS_VERSION: V4.11
  318. BIOS_DATE: 02/16/2016
  319. BASEBOARD_MANUFACTURER: MSI
  320. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  321. BASEBOARD_VERSION: 1.0
  322. DUMP_TYPE: 2
  323. BUGCHECK_P1: ffffffffc0000005
  324. BUGCHECK_P2: fffff801b001159d
  325. BUGCHECK_P3: 0
  326. BUGCHECK_P4: ffffffffffffffff
  327. READ_ADDRESS: ffffffffffffffff
  328. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  329. FAULTING_IP:
  330. NETIO!RtlGetNextExpiredTimerWheelEntry+fd
  331. fffff801`b001159d 418b4010 mov eax,dword ptr [r8+10h]
  332. EXCEPTION_PARAMETER2: ffffffffffffffff
  333. BUGCHECK_STR: 0x1E_c0000005_R
  334. CPU_COUNT: 4
  335. CPU_MHZ: dac
  336. CPU_VENDOR: GenuineIntel
  337. CPU_FAMILY: 6
  338. CPU_MODEL: 3c
  339. CPU_STEPPING: 3
  340. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  341. CUSTOMER_CRASH_COUNT: 1
  342. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  343. PROCESS_NAME: System
  344. CURRENT_IRQL: 2
  345. ANALYSIS_SESSION_HOST: UserName-PC
  346. ANALYSIS_SESSION_TIME: 05-29-2017 12:19:09.0701
  347. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  348. TRAP_FRAME: ffffb88d9f412090 -- (.trap 0xffffb88d9f412090)
  349. Unable to read trap frame at ffffb88d`9f412090
  350. LAST_CONTROL_TRANSFER: from fffff80228049be2 to fffff80227fcac00
  351. STACK_COMMAND: kb
  352. THREAD_SHA1_HASH_MOD_FUNC: 4434700246d0c8bdb2162d225b663ff737d97853
  353. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c34bdddd4b678b94bb394ac09f45f317dbdbbe90
  354. THREAD_SHA1_HASH_MOD: 3f7952046da93f8cea99c4d89e5b05fa6b80aafe
  355. FOLLOWUP_IP:
  356. NETIO!RtlGetNextExpiredTimerWheelEntry+fd
  357. fffff801`b001159d 418b4010 mov eax,dword ptr [r8+10h]
  358. FAULT_INSTR_CODE: 10408b41
  359. SYMBOL_STACK_INDEX: 7
  360. SYMBOL_NAME: NETIO!RtlGetNextExpiredTimerWheelEntry+fd
  361. FOLLOWUP_NAME: MachineOwner
  362. MODULE_NAME: NETIO
  363. IMAGE_NAME: NETIO.SYS
  364. DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40
  365. IMAGE_VERSION: 10.0.14393.0
  366. BUCKET_ID_FUNC_OFFSET: fd
  367. FAILURE_BUCKET_ID: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
  368. BUCKET_ID: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
  369. PRIMARY_PROBLEM_CLASS: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
  370. TARGET_TIME: 2017-05-21T11:47:13.000Z
  371. OSBUILD: 14393
  372. OSSERVICEPACK: 1198
  373. SERVICEPACK_NUMBER: 0
  374. OS_REVISION: 0
  375. SUITE_MASK: 784
  376. PRODUCT_TYPE: 1
  377. OSPLATFORM_TYPE: x64
  378. OSNAME: Windows 10
  379. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  380. OS_LOCALE:
  381. USER_LCID: 0
  382. OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
  383. BUILDDATESTAMP_STR: 170427-1353
  384. BUILDLAB_STR: rs1_release_sec
  385. BUILDOSVER_STR: 10.0.14393.1198
  386. ANALYSIS_SESSION_ELAPSED_TIME: 28685
  387. ANALYSIS_SOURCE: KM
  388. FAILURE_ID_HASH_STRING: km:0x1e_c0000005_r_netio!rtlgetnextexpiredtimerwheelentry
  389. FAILURE_ID_HASH: {cfebd0ed-af9f-f49e-6fae-731930002c7a}
  390. Followup: MachineOwner
  391. GardenMan: I ran "!errrec fffff801b001159d" and got 10+ pages of errors like this:
  392. ===============================================================================
  393. Section 19467 : {20006500-7700-6900-006e-0064006f0077}
  394. -------------------------------------------------------------------------------
  395. Descriptor @ fffff801b0167935
  396. Section @ fffff801d001879d
  397. Offset : 536900096
  398. Length : 1694528000
  399. Flags : 0x76006900
  400. Severity : Invalid
  401. *** Unknown section format ***
  402. ===============================================================================
  403. Section 19468 : {6c006200-7900-2000-0063-006f006e0066}
  404. -------------------------------------------------------------------------------
  405. Descriptor @ fffff801b016797d
  406. Section @ fffff8020201159d
  407. Offset : 1375731712
  408. Length : 1627415808
  409. Flags : 0x6d006500
  410. Severity : Invalid
  411. *** Unknown section format ***
  412. ==================================================================
  413. ==================================================================
  414. ==================================================================
  415. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  416. Copyright (c) Microsoft Corporation. All rights reserved.
  417. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052717-5906-01.dmp]
  418. Mini Kernel Dump File: Only registers and stack trace are available
  419. Symbol search path is: srv*
  420. Executable search path is:
  421. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  422. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  423. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  424. Machine Name:
  425. Kernel base = 0xfffff802`8ea82000 PsLoadedModuleList = 0xfffff802`8edce5a0
  426. Debug session time: Sat May 27 06:56:25.823 2017 (UTC - 4:00)
  427. System Uptime: 1 days 12:58:31.447
  428. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
  429. Run !sym noisy before .reload to track down problems loading symbols.
  430.  
  431. BugCheck 50, {ffffffffffffff03, 0, ffffbb5ceca5a270, 0}
  432. Could not read faulting driver name
  433. Probably caused by : memory_corruption
  434. Followup: memory_corruption
  435. PAGE_FAULT_IN_NONPAGED_AREA (50)
  436. Invalid system memory was referenced. This cannot be protected by try-except.
  437. Typically the address is just plain bad or it is pointing at freed memory.
  438.  
  439. Arguments:
  440. Arg1: ffffffffffffff03, memory referenced.
  441. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
  442. Arg3: ffffbb5ceca5a270, If non-zero, the instruction address which referenced the bad memory
  443. address.
  444. Arg4: 0000000000000000, (reserved)
  445.  
  446. Debugging Details:
  447. Could not read faulting driver name
  448. DUMP_CLASS: 1
  449. DUMP_QUALIFIER: 400
  450. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  451. SYSTEM_MANUFACTURER: MSI
  452. SYSTEM_PRODUCT_NAME: MS-7850
  453. SYSTEM_SKU: To be filled by O.E.M.
  454. SYSTEM_VERSION: 1.0
  455. BIOS_VENDOR: American Megatrends Inc.
  456. BIOS_VERSION: V4.11
  457. BIOS_DATE: 02/16/2016
  458. BASEBOARD_MANUFACTURER: MSI
  459. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  460. BASEBOARD_VERSION: 1.0
  461. DUMP_TYPE: 2
  462. BUGCHECK_P1: ffffffffffffff03
  463. BUGCHECK_P2: 0
  464. BUGCHECK_P3: ffffbb5ceca5a270
  465. BUGCHECK_P4: 0
  466. READ_ADDRESS: ffffffffffffff03
  467. FAULTING_IP:
  468. win32kfull!RawInputThread+14a0
  469. ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h]
  470. MM_INTERNAL_CODE: 0
  471. CPU_COUNT: 4
  472. CPU_MHZ: dac
  473. CPU_VENDOR: GenuineIntel
  474. CPU_FAMILY: 6
  475. CPU_MODEL: 3c
  476. CPU_STEPPING: 3
  477. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  478. CUSTOMER_CRASH_COUNT: 1
  479. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  480. BUGCHECK_STR: AV
  481. PROCESS_NAME: csrss.exe
  482. CURRENT_IRQL: 2
  483. ANALYSIS_SESSION_HOST: UserName-PC
  484. ANALYSIS_SESSION_TIME: 05-29-2017 12:27:12.0235
  485. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  486. TRAP_FRAME: ffffbe811c2cd600 -- (.trap 0xffffbe811c2cd600)
  487. NOTE: The trap frame does not contain all registers.
  488. Some register values may be zeroed or incorrect.
  489. rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000004
  490. rdx=ffffbb5ced1fe120 rsi=0000000000000000 rdi=0000000000000000
  491. rip=ffffbb5ceca5a270 rsp=ffffbe811c2cd790 rbp=ffffbe811c2cd890
  492. r8=00000000ffffffff r9=0000000000000004 r10=0000000000000000
  493. r11=fffff8028ebfa80f r12=0000000000000000 r13=0000000000000000
  494. r14=0000000000000000 r15=0000000000000000
  495. iopl=0 nv up ei pl nz na pe nc
  496. win32kfull!RawInputThread+0x14a0:
  497. ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h] ds:ffffffff`ffffff03=????????????
  498. Resetting default scope
  499. MISALIGNED_IP:
  500. win32kfull!RawInputThread+14a0
  501. ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h]
  502. LAST_CONTROL_TRANSFER: from fffff8028ec1d05c to fffff8028ebee310
  503. STACK_COMMAND: kb
  504. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  505. fffff8028eaf0840 - nt!MmAccessFault+bc0
  506. [ f6:ce ]
  507. 1 error : !nt (fffff8028eaf0840)
  508. MODULE_NAME: memory_corruption
  509. IMAGE_NAME: memory_corruption
  510. FOLLOWUP_NAME: memory_corruption
  511. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  512. MEMORY_CORRUPTOR: ONE_BYTE
  513. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
  514. BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
  515. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BYTE
  516. TARGET_TIME: 2017-05-27T10:56:25.000Z
  517. OSBUILD: 15063
  518. OSSERVICEPACK: 296
  519. SERVICEPACK_NUMBER: 0
  520. OS_REVISION: 0
  521. SUITE_MASK: 784
  522. PRODUCT_TYPE: 1
  523. OSPLATFORM_TYPE: x64
  524. OSNAME: Windows 10
  525. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  526. OS_LOCALE:
  527. USER_LCID: 0
  528. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  529. BUILDDATESTAMP_STR: 160101.0800
  530. BUILDLAB_STR: WinBuild
  531. BUILDOSVER_STR: 10.0.15063.296
  532. ANALYSIS_SESSION_ELAPSED_TIME: 1607
  533. ANALYSIS_SOURCE: KM
  534. FAILURE_ID_HASH_STRING: km:memory_corruption_one_byte
  535. FAILURE_ID_HASH: {ad110d6a-3b33-2c0a-c931-570eae1ba92d}
  536. Followup: memory_corruption
  537. GardenMan: More errors with errrec, nothing useful.
  538. ==================================================================
  539. ==================================================================
  540. ==================================================================
  541. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  542. Copyright (c) Microsoft Corporation. All rights reserved.
  543. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5640-01.dmp]
  544. Mini Kernel Dump File: Only registers and stack trace are available
  545. Symbol search path is: srv*
  546. Executable search path is:
  547. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  548. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  549. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  550. Machine Name:
  551. Kernel base = 0xfffff800`45498000 PsLoadedModuleList = 0xfffff800`457e45a0
  552. Debug session time: Mon May 29 02:05:33.060 2017 (UTC - 4:00)
  553. System Uptime: 0 days 3:55:53.685
  554.  
  555. BugCheck D1, {ffffffffffffff8d, 9, 1, fffff80e64839673}
  556. *** WARNING: Unable to verify timestamp for atikmdag.sys
  557. *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
  558. Probably caused by : hardware ( atikmdag+179673 )
  559. Followup: MachineOwner
  560. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
  561. An attempt was made to access a pageable (or completely invalid) address at an
  562. interrupt request level (IRQL) that is too high. This is usually
  563. caused by drivers using improper addresses.
  564. If kernel debugger is available get stack backtrace.
  565.  
  566. Arguments:
  567. Arg1: ffffffffffffff8d, memory referenced
  568. Arg2: 0000000000000009, IRQL
  569. Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
  570. Arg4: fffff80e64839673, address which referenced memory
  571.  
  572. Debugging Details:
  573. DUMP_CLASS: 1
  574. DUMP_QUALIFIER: 400
  575. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  576. SYSTEM_MANUFACTURER: MSI
  577. SYSTEM_PRODUCT_NAME: MS-7850
  578. SYSTEM_SKU: To be filled by O.E.M.
  579. SYSTEM_VERSION: 1.0
  580. BIOS_VENDOR: American Megatrends Inc.
  581. BIOS_VERSION: V4.11
  582. BIOS_DATE: 02/16/2016
  583. BASEBOARD_MANUFACTURER: MSI
  584. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  585. BASEBOARD_VERSION: 1.0
  586. DUMP_TYPE: 2
  587. BUGCHECK_P1: ffffffffffffff8d
  588. BUGCHECK_P2: 9
  589. BUGCHECK_P3: 1
  590. BUGCHECK_P4: fffff80e64839673
  591. WRITE_ADDRESS: ffffffffffffff8d
  592. CURRENT_IRQL: 9
  593. FAULTING_IP:
  594. atikmdag+179673
  595. fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
  596. CPU_COUNT: 4
  597. CPU_MHZ: dac
  598. CPU_VENDOR: GenuineIntel
  599. CPU_FAMILY: 6
  600. CPU_MODEL: 3c
  601. CPU_STEPPING: 3
  602. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  603. CUSTOMER_CRASH_COUNT: 1
  604. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  605. BUGCHECK_STR: AV
  606. PROCESS_NAME: System
  607. ANALYSIS_SESSION_HOST: UserName-PC
  608. ANALYSIS_SESSION_TIME: 05-29-2017 12:33:44.0569
  609. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  610. TRAP_FRAME: fffff800477c72a0 -- (.trap 0xfffff800477c72a0)
  611. NOTE: The trap frame does not contain all registers.
  612. Some register values may be zeroed or incorrect.
  613. rax=fffff800477c88f8 rbx=0000000000000000 rcx=0000000000000000
  614. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  615. rip=fffff80e64839673 rsp=fffff800477c7430 rbp=ffffe68670f01010
  616. r8=0000000000000003 r9=ffffe68677cf2328 r10=0000000000000010
  617. r11=fffff80e6494d593 r12=0000000000000000 r13=0000000000000000
  618. r14=0000000000000000 r15=0000000000000000
  619. iopl=0 nv up ei pl zr na po nc
  620. atikmdag+0x179673:
  621. fffff80e`64839673 00498d add byte ptr [rcx-73h],cl ds:ffffffff`ffffff8d=??
  622. Resetting default scope
  623. MISALIGNED_IP:
  624. atikmdag+179673
  625. fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
  626. LAST_CONTROL_TRANSFER: from fffff8004560f6a9 to fffff80045604310
  627. STACK_COMMAND: kb
  628. THREAD_SHA1_HASH_MOD_FUNC: 27490373ec73fc45b554e0788b0424eecf249889
  629. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 59bd0b0b523e365068eb9a3747fd5d7cabdee296
  630. THREAD_SHA1_HASH_MOD: 1c00ea3ebc09108ed707b096697d00af46def685
  631. FOLLOWUP_IP:
  632. atikmdag+179673
  633. fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
  634. FAULT_INSTR_CODE: 4e8d4900
  635. SYMBOL_STACK_INDEX: 3
  636. SYMBOL_NAME: atikmdag+179673
  637. FOLLOWUP_NAME: MachineOwner
  638. MODULE_NAME: hardware
  639. IMAGE_NAME: hardware
  640. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  641. FAILURE_BUCKET_ID: IP_MISALIGNED_atikmdag.sys
  642. BUCKET_ID: IP_MISALIGNED_atikmdag.sys
  643. PRIMARY_PROBLEM_CLASS: IP_MISALIGNED_atikmdag.sys
  644. TARGET_TIME: 2017-05-29T06:05:33.000Z
  645. OSBUILD: 15063
  646. OSSERVICEPACK: 296
  647. SERVICEPACK_NUMBER: 0
  648. OS_REVISION: 0
  649. SUITE_MASK: 784
  650. PRODUCT_TYPE: 1
  651. OSPLATFORM_TYPE: x64
  652. OSNAME: Windows 10
  653. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  654. OS_LOCALE:
  655. USER_LCID: 0
  656. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  657. BUILDDATESTAMP_STR: 160101.0800
  658. BUILDLAB_STR: WinBuild
  659. BUILDOSVER_STR: 10.0.15063.296
  660. ANALYSIS_SESSION_ELAPSED_TIME: 17165
  661. ANALYSIS_SOURCE: KM
  662. FAILURE_ID_HASH_STRING: km:ip_misaligned_atikmdag.sys
  663. FAILURE_ID_HASH: {3ce26958-be6d-9cae-16e3-b57ff51098bd}
  664. Followup: MachineOwner
  665. GardenMan: Nothing useful from errrec
  666. ==================================================================
  667. ==================================================================
  668. ==================================================================
  669. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  670. Copyright (c) Microsoft Corporation. All rights reserved.
  671. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5656-01.dmp]
  672. Mini Kernel Dump File: Only registers and stack trace are available
  673. Symbol search path is: srv*
  674. Executable search path is:
  675. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  676. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  677. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  678. Machine Name:
  679. Kernel base = 0xfffff801`b7e8d000 PsLoadedModuleList = 0xfffff801`b81d95a0
  680. Debug session time: Sun May 28 22:09:10.488 2017 (UTC - 4:00)
  681. System Uptime: 0 days 3:06:45.114
  682.  
  683. BugCheck A, {fe083c6, b, 1, fffff801b7ee1528}
  684. *** WARNING: Unable to verify timestamp for win32k.sys
  685. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  686. Probably caused by : memory_corruption
  687. Followup: memory_corruption
  688. IRQL_NOT_LESS_OR_EQUAL (a)
  689. An attempt was made to access a pageable (or completely invalid) address at an
  690. interrupt request level (IRQL) that is too high. This is usually
  691. caused by drivers using improper addresses.
  692. If a kernel debugger is available get the stack backtrace.
  693.  
  694. Arguments:
  695. Arg1: 000000000fe083c6, memory referenced
  696. Arg2: 000000000000000b, IRQL
  697. Arg3: 0000000000000001, bitfield :
  698. bit 0 : value 0 = read operation, 1 = write operation
  699. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  700. Arg4: fffff801b7ee1528, address which referenced memory
  701.  
  702. Debugging Details:
  703. DUMP_CLASS: 1
  704. DUMP_QUALIFIER: 400
  705. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  706. SYSTEM_MANUFACTURER: MSI
  707. SYSTEM_PRODUCT_NAME: MS-7850
  708. SYSTEM_SKU: To be filled by O.E.M.
  709. SYSTEM_VERSION: 1.0
  710. BIOS_VENDOR: American Megatrends Inc.
  711. BIOS_VERSION: V4.11
  712. BIOS_DATE: 02/16/2016
  713. BASEBOARD_MANUFACTURER: MSI
  714. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  715. BASEBOARD_VERSION: 1.0
  716. DUMP_TYPE: 2
  717. BUGCHECK_P1: fe083c6
  718. BUGCHECK_P2: b
  719. BUGCHECK_P3: 1
  720. BUGCHECK_P4: fffff801b7ee1528
  721. WRITE_ADDRESS: 000000000fe083c6
  722. CURRENT_IRQL: b
  723. FAULTING_IP:
  724. nt!EtwpLogKernelEvent+268
  725. fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl
  726. CPU_COUNT: 4
  727. CPU_MHZ: dac
  728. CPU_VENDOR: GenuineIntel
  729. CPU_FAMILY: 6
  730. CPU_MODEL: 3c
  731. CPU_STEPPING: 3
  732. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  733. CUSTOMER_CRASH_COUNT: 1
  734. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  735. BUGCHECK_STR: AV
  736. PROCESS_NAME: System
  737. ANALYSIS_SESSION_HOST: UserName-PC
  738. ANALYSIS_SESSION_TIME: 05-29-2017 12:38:05.0473
  739. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  740. TRAP_FRAME: fffff801ba1d7ca0 -- (.trap 0xfffff801ba1d7ca0)
  741. NOTE: The trap frame does not contain all registers.
  742. Some register values may be zeroed or incorrect.
  743. rax=ffffa5046afef00f rbx=0000000000000000 rcx=fffff801b7ee1850
  744. rdx=0000000000000028 rsi=0000000000000000 rdi=0000000000000000
  745. rip=fffff801b7ee1528 rsp=fffff801ba1d7e30 rbp=fffff801ba1d7eb9
  746. r8=ffffa504627f7010 r9=0000000000000002 r10=0000000000000002
  747. r11=0000000000001000 r12=0000000000000000 r13=0000000000000000
  748. r14=0000000000000000 r15=0000000000000000
  749. iopl=0 nv up ei pl nz na po nc
  750. nt!EtwpLogKernelEvent+0x268:
  751. fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl ds:00000000`0fe083c6=??
  752. Resetting default scope
  753. MISALIGNED_IP:
  754. nt!EtwpLogKernelEvent+268
  755. fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl
  756. LAST_CONTROL_TRANSFER: from fffff801b80046a9 to fffff801b7ff9310
  757. STACK_COMMAND: kb
  758. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  759. fffff801b7ee1d6e-fffff801b7ee1d6f 2 bytes - nt!MmMapLockedPagesSpecifyCache+fe
  760. [ 80 f6:00 a1 ]
  761. fffff801b7ee1e13-fffff801b7ee1e14 2 bytes - nt!MmMapLockedPagesSpecifyCache+1a3 (+0xa5)
  762. [ ff f6:7f a1 ]
  763. fffff801b7ee1e24-fffff801b7ee1e26 3 bytes - nt!MmMapLockedPagesSpecifyCache+1b4 (+0x11)
  764. [ 40 fb f6:80 50 a1 ]
  765. fffff801b7ee1ede-fffff801b7ee1edf 2 bytes - nt!MmMapLockedPagesSpecifyCache+26e (+0xba)
  766. [ 80 fa:00 c7 ]
  767. fffff801b7ee1f3a-fffff801b7ee1f3b 2 bytes - nt!MmMapLockedPagesSpecifyCache+2ca (+0x5c)
  768. [ 80 fa:00 c7 ]
  769. fffff801b7ee1fc7-fffff801b7ee1fc8 2 bytes - nt!MmMapLockedPagesSpecifyCache+357 (+0x8d)
  770. [ 80 fa:00 c7 ]
  771. 13 errors : !nt (fffff801b7ee1d6e-fffff801b7ee1fc8)
  772. MODULE_NAME: memory_corruption
  773. IMAGE_NAME: memory_corruption
  774. FOLLOWUP_NAME: memory_corruption
  775. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  776. MEMORY_CORRUPTOR: LARGE
  777. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  778. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  779. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  780. TARGET_TIME: 2017-05-29T02:09:10.000Z
  781. OSBUILD: 15063
  782. OSSERVICEPACK: 296
  783. SERVICEPACK_NUMBER: 0
  784. OS_REVISION: 0
  785. SUITE_MASK: 784
  786. PRODUCT_TYPE: 1
  787. OSPLATFORM_TYPE: x64
  788. OSNAME: Windows 10
  789. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  790. OS_LOCALE:
  791. USER_LCID: 0
  792. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  793. BUILDDATESTAMP_STR: 160101.0800
  794. BUILDLAB_STR: WinBuild
  795. BUILDOSVER_STR: 10.0.15063.296
  796. ANALYSIS_SESSION_ELAPSED_TIME: 18d9
  797. ANALYSIS_SOURCE: KM
  798. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  799. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  800. Followup: memory_corruption
  801. GardenMan: errrec on Param 4 returned many many pages of stuff that looked like this:
  802. (2 sections repeated over and over)
  803. ===============================================================================
  804. Section 49280 : {004bff3c-ff4b-004b-7c6c-330054ff4b00}
  805. -------------------------------------------------------------------------------
  806. Descriptor @ fffff801b82439a8
  807. Section @ fffff801b81b9654
  808. Offset : 2982188
  809. Length : 4980464
  810. Flags : 0x002ef84c Reset ThresholdExceeded
  811. Severity : Invalid
  812. FRU Id : {004bffa2-66b8-002c-b0ff-4b0046044c00}
  813. FRU Text : LL
  814. *** Unknown section format ***
  815. ===============================================================================
  816. Section 49281 : {004c06a4-06fe-004c-d8f8-2e0004074c00}
  817. -------------------------------------------------------------------------------
  818. Descriptor @ fffff801b82439f0
  819. Section @ fffff801b81a7be0
  820. Offset : 2909880
  821. Length : 4982388
  822. Flags : 0x002ef8bc Reset ThresholdExceeded ResourceNotAvailable LatentError
  823. Severity : Invalid
  824. *** Unknown section format ***
  825. ==================================================================
  826. ==================================================================
  827. ==================================================================
  828. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  829. Copyright (c) Microsoft Corporation. All rights reserved.
  830. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5765-01.dmp]
  831. Mini Kernel Dump File: Only registers and stack trace are available
  832. Symbol search path is: srv*
  833. Executable search path is:
  834. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  835. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  836. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  837. Machine Name:
  838. Kernel base = 0xfffff802`04e0f000 PsLoadedModuleList = 0xfffff802`0515b5a0
  839. Debug session time: Sun May 28 05:59:48.614 2017 (UTC - 4:00)
  840. System Uptime: 0 days 23:02:45.239
  841. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
  842. Run !sym noisy before .reload to track down problems loading symbols.
  843.  
  844. BugCheck 1E, {ffffffffc000001d, fffff80204e64473, ffffc20114a2fc80, 0}
  845. *** WARNING: Unable to verify timestamp for win32k.sys
  846. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  847. Probably caused by : memory_corruption
  848. Followup: memory_corruption
  849. KMODE_EXCEPTION_NOT_HANDLED (1e)
  850. This is a very common bugcheck. Usually the exception address pinpoints
  851. the driver/function that caused the problem. Always note this address
  852. as well as the link date of the driver/image that contains this address.
  853.  
  854. Arguments:
  855. Arg1: ffffffffc000001d, The exception code that was not handled
  856. Arg2: fffff80204e64473, The address that the exception occurred at
  857. Arg3: ffffc20114a2fc80, Parameter 0 of the exception
  858. Arg4: 0000000000000000, Parameter 1 of the exception
  859.  
  860. Debugging Details:
  861. DUMP_CLASS: 1
  862. DUMP_QUALIFIER: 400
  863. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  864. SYSTEM_MANUFACTURER: MSI
  865. SYSTEM_PRODUCT_NAME: MS-7850
  866. SYSTEM_SKU: To be filled by O.E.M.
  867. SYSTEM_VERSION: 1.0
  868. BIOS_VENDOR: American Megatrends Inc.
  869. BIOS_VERSION: V4.11
  870. BIOS_DATE: 02/16/2016
  871. BASEBOARD_MANUFACTURER: MSI
  872. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  873. BASEBOARD_VERSION: 1.0
  874. DUMP_TYPE: 2
  875. BUGCHECK_P1: ffffffffc000001d
  876. BUGCHECK_P2: fffff80204e64473
  877. BUGCHECK_P3: ffffc20114a2fc80
  878. BUGCHECK_P4: 0
  879. EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.
  880. FAULTING_IP:
  881. nt!PpmCheckSnapAllDeliveredPerformance+1e3
  882. fffff802`04e64473 440fb7542440 movzx r10d,word ptr [rsp+40h]
  883. EXCEPTION_PARAMETER1: ffffc20114a2fc80
  884. BUGCHECK_STR: 0x1E_c000001d
  885. CPU_COUNT: 4
  886. CPU_MHZ: dac
  887. CPU_VENDOR: GenuineIntel
  888. CPU_FAMILY: 6
  889. CPU_MODEL: 3c
  890. CPU_STEPPING: 3
  891. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  892. CUSTOMER_CRASH_COUNT: 1
  893. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  894. PROCESS_NAME: System
  895. CURRENT_IRQL: 2
  896. ANALYSIS_SESSION_HOST: UserName-PC
  897. ANALYSIS_SESSION_TIME: 05-29-2017 12:41:56.0552
  898. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  899. EXCEPTION_RECORD: 0000001600000008 -- (.exr 0x1600000008)
  900. Cannot read Exception record @ 0000001600000008
  901. TRAP_FRAME: ffffb20c2aa39250 -- (.trap 0xffffb20c2aa39250)
  902. Unable to read trap frame at ffffb20c`2aa39250
  903. LAST_CONTROL_TRANSFER: from fffff8020500a1a6 to fffff80204f7b310
  904. FAILED_INSTRUCTION_ADDRESS:
  905. nt!PpmCheckSnapAllDeliveredPerformance+1e3
  906. fffff802`04e64473 440fb7542440 movzx r10d,word ptr [rsp+40h]
  907. STACK_COMMAND: kb
  908. CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
  909. 6 errors : !nt (fffff80204e6406f-fffff80204f17ab8)
  910. fffff80204e64060 82 2a fe ff ff e9 2a fe ff ff 48 b8 ff ff ff *bf .*....*...H.....
  911. fffff80204e64070 *78 *f1 ff ff 4c 3b f0 0f 87 b5 fd ff ff e9 ae eb x...L;..........
  912. fffff80204f17a80 8b e9 48 ba 00 00 00 00 80 *ea ff ff 4b 8d 2c 76 ..H.........K.,v
  913. fffff80204f17ab0 c1 48 b9 00 00 00 00 *00 *f1 ff ff 48 8b 0c 08 48 .H.........H...H
  914. MODULE_NAME: memory_corruption
  915. IMAGE_NAME: memory_corruption
  916. FOLLOWUP_NAME: memory_corruption
  917. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  918. MEMORY_CORRUPTOR: STRIDE
  919. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
  920. BUCKET_ID: MEMORY_CORRUPTION_STRIDE
  921. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_STRIDE
  922. TARGET_TIME: 2017-05-28T09:59:48.000Z
  923. OSBUILD: 15063
  924. OSSERVICEPACK: 296
  925. SERVICEPACK_NUMBER: 0
  926. OS_REVISION: 0
  927. SUITE_MASK: 784
  928. PRODUCT_TYPE: 1
  929. OSPLATFORM_TYPE: x64
  930. OSNAME: Windows 10
  931. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  932. OS_LOCALE:
  933. USER_LCID: 0
  934. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  935. BUILDDATESTAMP_STR: 160101.0800
  936. BUILDLAB_STR: WinBuild
  937. BUILDOSVER_STR: 10.0.15063.296
  938. ANALYSIS_SESSION_ELAPSED_TIME: 18f7
  939. ANALYSIS_SOURCE: KM
  940. FAILURE_ID_HASH_STRING: km:memory_corruption_stride
  941. FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
  942. Followup: memory_corruption
  943. GardenMan: errrec returned same results as above, first param was nothing.
  944. 2nd param was many pages like this:
  945. ===============================================================================
  946. Section 64164 : {b42cd835-4cff-ac8b-24f8-0000004c8bbc}
  947. -------------------------------------------------------------------------------
  948. Descriptor @ fffff802052cc313
  949. Section @ fffff80250e7cd73
  950. Offset : 1275169024
  951. Length : 753087885
  952. Flags : 0x8d4cff33 Primary ContainmentWarning ResourceNotAvailable LatentError
  953. Severity : Invalid
  954. FRU Id : {0000f024-4800-b48b-2490-000000488b4c}
  955. FRU Text : ÉtèÑ}¸ÿ?|$A
  956. *** Unknown section format ***
  957. ===============================================================================
  958. Section 64165 : {803084b6-34bf-4800-8bde-482bd8e923f9}
  959. -------------------------------------------------------------------------------
  960. Descriptor @ fffff802052cc35b
  961. Section @ fffff802ee2a68ef
  962. Offset : 3913557116
  963. Length : 4294965644
  964. Flags : 0x0f4203e0 LatentError
  965. Severity : Invalid
  966. *** Unknown section format ***
  967. ===============================================================================
  968. Section 64166 : {9c820f10-14b3-4100-c745-000000000049}
  969. -------------------------------------------------------------------------------
  970. Descriptor @ fffff802052cc3a3
  971. Section @ fffff8020ed14473
  972. Offset : 166395904
  973. Length : 1143227529
  974. Flags : 0xfc8341ff Primary ContainmentWarning Reset ThresholdExceeded ResourceNotAvailable LatentError
  975. Severity : Invalid
  976. FRU Id : {eb087d89-8992-2444-44e9-1ef9ffffcccc}
  977. *** Unknown section format ***
  978. ===============================================================================
  979. Section 64167 : {45c88b4d-c033-1ae8-0000-004883c448c3}
  980. -------------------------------------------------------------------------------
  981. Descriptor @ fffff802052cc3eb
  982. Section @ fffff80249718ca3
  983. Offset : 1149978672
  984. Length : 2303225892
  985. Flags : 0x20244c89 Primary ThresholdExceeded
  986. Severity : Invalid
  987. *** Unknown section format ***
  988. ===============================================================================
  989. Section 64168 : {d8b60f41-8b4c-33c1-d248-895424588894}
  990. -------------------------------------------------------------------------------
  991. Descriptor @ fffff802052cc433
  992. Section @ fffff8025b2799b4
  993. Offset : 1447122241
  994. Length : 2169001793
  995. Flags : 0xf18b4d00
  996. Severity : Invalid
  997. *** Unknown section format ***
  998. ===============================================================================
  999. Section 64169 : {f98b4900-8b49-0848-84db-0f8589030000}
  1000. -------------------------------------------------------------------------------
  1001. Descriptor @ fffff802052cc47b
  1002. Section @ fffff802e06a5374
  1003. Offset : 3682864897
  1004. Length : 1090519043
  1005. Flags : 0x00043082 ContainmentWarning
  1006. Severity : Invalid
  1007. *** Unknown section format ***
  1008. ===============================================================================
  1009. Section 64170 : {b60f105e-248c-00d0-0000-84c90f858602}
  1010. -------------------------------------------------------------------------------
  1011. Descriptor @ fffff802052cc4c3
  1012. Section @ fffff8020f5c28f7
  1013. Offset : 175498372
  1014. Length : 4162406
  1015. Flags : 0x8d490014 Reset ResourceNotAvailable
  1016. Severity : Invalid
  1017. FRU Text : À
  1018. ==================================================================
  1019. ==================================================================
  1020. ==================================================================
  1021. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  1022. Copyright (c) Microsoft Corporation. All rights reserved.
  1023. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-6015-01.dmp]
  1024. Mini Kernel Dump File: Only registers and stack trace are available
  1025. Symbol search path is: srv*
  1026. Executable search path is:
  1027. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  1028. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  1029. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  1030. Machine Name:
  1031. Kernel base = 0xfffff802`d7e80000 PsLoadedModuleList = 0xfffff802`d81cc5a0
  1032. Debug session time: Sun May 28 19:01:56.802 2017 (UTC - 4:00)
  1033. System Uptime: 0 days 8:41:15.426
  1034.  
  1035. BugCheck 3B, {c0000005, fffff802d7ecca89, ffff8780f511fdc0, 0}
  1036. Probably caused by : memory_corruption
  1037. Followup: memory_corruption
  1038. SYSTEM_SERVICE_EXCEPTION (3b)
  1039. An exception happened while executing a system service routine.
  1040.  
  1041. Arguments:
  1042. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  1043. Arg2: fffff802d7ecca89, Address of the instruction which caused the bugcheck
  1044. Arg3: ffff8780f511fdc0, Address of the context record for the exception that caused the bugcheck
  1045. Arg4: 0000000000000000, zero.
  1046.  
  1047. Debugging Details:
  1048. DUMP_CLASS: 1
  1049. DUMP_QUALIFIER: 400
  1050. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  1051. SYSTEM_MANUFACTURER: MSI
  1052. SYSTEM_PRODUCT_NAME: MS-7850
  1053. SYSTEM_SKU: To be filled by O.E.M.
  1054. SYSTEM_VERSION: 1.0
  1055. BIOS_VENDOR: American Megatrends Inc.
  1056. BIOS_VERSION: V4.11
  1057. BIOS_DATE: 02/16/2016
  1058. BASEBOARD_MANUFACTURER: MSI
  1059. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  1060. BASEBOARD_VERSION: 1.0
  1061. DUMP_TYPE: 2
  1062. BUGCHECK_P1: c0000005
  1063. BUGCHECK_P2: fffff802d7ecca89
  1064. BUGCHECK_P3: ffff8780f511fdc0
  1065. BUGCHECK_P4: 0
  1066. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
  1067. FAULTING_IP:
  1068. nt!IopCompleteRequest+509
  1069. fffff802`d7ecca89 41f6067f test byte ptr [r14],7Fh
  1070. CONTEXT: ffff8780f511fdc0 -- (.cxr 0xffff8780f511fdc0)
  1071. rax=0000000000000000 rbx=ffffd286e14a7d60 rcx=000002385fe64a58
  1072. rdx=ffffd286df2e5410 rsi=0000000000000000 rdi=ffffd286e1535600
  1073. rip=fffff802d7ecca89 rsp=ffff8780f51207c0 rbp=ffff8780f5120b80
  1074. r8=ffffd286df2e5410 r9=000000000000000d r10=ffff8780f1fa0f00
  1075. r11=ffffd286df55b780 r12=ffffd286e14a7dd8 r13=ffffd286e0114300
  1076. r14=0004000000000000 r15=ffffd286df248980
  1077. iopl=0 nv up ei pl nz na po nc
  1078. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
  1079. nt!IopCompleteRequest+0x509:
  1080. fffff802`d7ecca89 41f6067f test byte ptr [r14],7Fh ds:002b:00040000`00000000=??
  1081. Resetting default scope
  1082. CPU_COUNT: 4
  1083. CPU_MHZ: dac
  1084. CPU_VENDOR: GenuineIntel
  1085. CPU_FAMILY: 6
  1086. CPU_MODEL: 3c
  1087. CPU_STEPPING: 3
  1088. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  1089. CUSTOMER_CRASH_COUNT: 1
  1090. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1091. BUGCHECK_STR: 0x3B
  1092. PROCESS_NAME: chrome.exe
  1093. CURRENT_IRQL: 0
  1094. ANALYSIS_SESSION_HOST: UserName-PC
  1095. ANALYSIS_SESSION_TIME: 05-29-2017 12:45:47.0026
  1096. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  1097. IRP_ADDRESS: ffffd286e14a7d60
  1098. DEVICE_OBJECT: ffffd286dc326880
  1099. DRIVER_OBJECT: ffffd286dc2c8060
  1100. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1101. FAULTING_MODULE: fffff80b29790000 Npfs
  1102. LAST_CONTROL_TRANSFER: from fffff802d7e934a5 to fffff802d7ecca89
  1103. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1104. fffff802d7ef9463 - nt!MiDeletePteList+593
  1105. [ fa:99 ]
  1106. 1 error : !nt (fffff802d7ef9463)
  1107. MODULE_NAME: memory_corruption
  1108. IMAGE_NAME: memory_corruption
  1109. FOLLOWUP_NAME: memory_corruption
  1110. MEMORY_CORRUPTOR: ONE_BYTE
  1111. STACK_COMMAND: .cxr 0xffff8780f511fdc0 ; kb
  1112. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
  1113. BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
  1114. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BYTE
  1115. TARGET_TIME: 2017-05-28T23:01:56.000Z
  1116. OSBUILD: 15063
  1117. OSSERVICEPACK: 296
  1118. SERVICEPACK_NUMBER: 0
  1119. OS_REVISION: 0
  1120. SUITE_MASK: 784
  1121. PRODUCT_TYPE: 1
  1122. OSPLATFORM_TYPE: x64
  1123. OSNAME: Windows 10
  1124. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  1125. OS_LOCALE:
  1126. USER_LCID: 0
  1127. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  1128. BUILDDATESTAMP_STR: 160101.0800
  1129. BUILDLAB_STR: WinBuild
  1130. BUILDOSVER_STR: 10.0.15063.296
  1131. ANALYSIS_SESSION_ELAPSED_TIME: 192e
  1132. ANALYSIS_SOURCE: KM
  1133. FAILURE_ID_HASH_STRING: km:memory_corruption_one_byte
  1134. FAILURE_ID_HASH: {ad110d6a-3b33-2c0a-c931-570eae1ba92d}
  1135. Followup: memory_corruption
  1136. GardenMan: !errrec returned same results as above.
  1137. ==================================================================
  1138. ==================================================================
  1139. ==================================================================
  1140. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  1141. Copyright (c) Microsoft Corporation. All rights reserved.
  1142. Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-6640-01.dmp]
  1143. Mini Kernel Dump File: Only registers and stack trace are available
  1144. Symbol search path is: srv*
  1145. Executable search path is:
  1146. Windows 10 Kernel Version 15063 MP (4 procs) Free x64
  1147. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  1148. Built by: 15063.0.amd64fre.rs2_release.170317-1834
  1149. Machine Name:
  1150. Kernel base = 0xfffff801`9868e000 PsLoadedModuleList = 0xfffff801`989da5a0
  1151. Debug session time: Sun May 28 10:20:08.341 2017 (UTC - 4:00)
  1152. System Uptime: 0 days 4:19:49.969
  1153. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
  1154. Run !sym noisy before .reload to track down problems loading symbols.
  1155.  
  1156. BugCheck A, {4, 2, 1, fffff801986a9a74}
  1157. *** WARNING: Unable to verify timestamp for win32k.sys
  1158. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  1159. Probably caused by : memory_corruption
  1160. Followup: memory_corruption
  1161. IRQL_NOT_LESS_OR_EQUAL (a)
  1162. An attempt was made to access a pageable (or completely invalid) address at an
  1163. interrupt request level (IRQL) that is too high. This is usually
  1164. caused by drivers using improper addresses.
  1165. If a kernel debugger is available get the stack backtrace.
  1166.  
  1167. Arguments:
  1168. Arg1: 0000000000000004, memory referenced
  1169. Arg2: 0000000000000002, IRQL
  1170. Arg3: 0000000000000001, bitfield :
  1171. bit 0 : value 0 = read operation, 1 = write operation
  1172. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  1173. Arg4: fffff801986a9a74, address which referenced memory
  1174.  
  1175. Debugging Details:
  1176. DUMP_CLASS: 1
  1177. DUMP_QUALIFIER: 400
  1178. BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
  1179. SYSTEM_MANUFACTURER: MSI
  1180. SYSTEM_PRODUCT_NAME: MS-7850
  1181. SYSTEM_SKU: To be filled by O.E.M.
  1182. SYSTEM_VERSION: 1.0
  1183. BIOS_VENDOR: American Megatrends Inc.
  1184. BIOS_VERSION: V4.11
  1185. BIOS_DATE: 02/16/2016
  1186. BASEBOARD_MANUFACTURER: MSI
  1187. BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
  1188. BASEBOARD_VERSION: 1.0
  1189. DUMP_TYPE: 2
  1190. BUGCHECK_P1: 4
  1191. BUGCHECK_P2: 2
  1192. BUGCHECK_P3: 1
  1193. BUGCHECK_P4: fffff801986a9a74
  1194. WRITE_ADDRESS: 0000000000000004
  1195. CURRENT_IRQL: 2
  1196. FAULTING_IP:
  1197. nt!PpmParkDistributeUtility+114
  1198. fffff801`986a9a74 410fb7c0 movzx eax,r8w
  1199. CPU_COUNT: 4
  1200. CPU_MHZ: dac
  1201. CPU_VENDOR: GenuineIntel
  1202. CPU_FAMILY: 6
  1203. CPU_MODEL: 3c
  1204. CPU_STEPPING: 3
  1205. CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
  1206. CUSTOMER_CRASH_COUNT: 1
  1207. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1208. BUGCHECK_STR: AV
  1209. PROCESS_NAME: System
  1210. ANALYSIS_SESSION_HOST: UserName-PC
  1211. ANALYSIS_SESSION_TIME: 05-29-2017 12:48:40.0983
  1212. ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
  1213. TRAP_FRAME: fffff8019a9c95d0 -- (.trap 0xfffff8019a9c95d0)
  1214. NOTE: The trap frame does not contain all registers.
  1215. Some register values may be zeroed or incorrect.
  1216. rax=0000000000000574 rbx=0000000000000000 rcx=0000000000000000
  1217. rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
  1218. rip=fffff801986a9a74 rsp=fffff8019a9c9760 rbp=fffff8019a9c97b8
  1219. r8=0000000000000001 r9=0000000000000000 r10=0000000000000000
  1220. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  1221. r14=0000000000000000 r15=0000000000000000
  1222. iopl=0 nv up ei pl nz na pe nc
  1223. nt!PpmParkDistributeUtility+0x114:
  1224. fffff801`986a9a74 410fb7c0 movzx eax,r8w
  1225. Resetting default scope
  1226. LAST_CONTROL_TRANSFER: from fffff801988056a9 to fffff801987fa310
  1227. STACK_COMMAND: kb
  1228. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1229. fffff80198799335-fffff80198799336 2 bytes - nt!MiMakeProtoLeafValid+4d
  1230. [ 80 f6:00 f5 ]
  1231. 2 errors : !nt (fffff80198799335-fffff80198799336)
  1232. MODULE_NAME: memory_corruption
  1233. IMAGE_NAME: memory_corruption
  1234. FOLLOWUP_NAME: memory_corruption
  1235. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1236. MEMORY_CORRUPTOR: LARGE
  1237. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1238. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1239. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1240. TARGET_TIME: 2017-05-28T14:20:08.000Z
  1241. OSBUILD: 15063
  1242. OSSERVICEPACK: 296
  1243. SERVICEPACK_NUMBER: 0
  1244. OS_REVISION: 0
  1245. SUITE_MASK: 784
  1246. PRODUCT_TYPE: 1
  1247. OSPLATFORM_TYPE: x64
  1248. OSNAME: Windows 10
  1249. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  1250. OS_LOCALE:
  1251. USER_LCID: 0
  1252. OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
  1253. BUILDDATESTAMP_STR: 160101.0800
  1254. BUILDLAB_STR: WinBuild
  1255. BUILDOSVER_STR: 10.0.15063.296
  1256. ANALYSIS_SESSION_ELAPSED_TIME: 18c6
  1257. ANALYSIS_SOURCE: KM
  1258. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1259. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1260. Followup: memory_corruption
  1261. ==================================================================
  1262. ==================================================================
  1263. ==================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!