Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052017-5375-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff801`7947d000 PsLoadedModuleList = 0xfffff801`7977c000
- Debug session time: Sun May 21 02:55:49.276 2017 (UTC - 4:00)
- System Uptime: 0 days 2:35:33.934
- BugCheck F7, {4efd97c19f20, 11a4264f3c41, ffffee5bd9b0c3be, 0}
- *** WARNING: Unable to verify timestamp for vrtaucbl.sys
- *** ERROR: Module load completed but symbols could not be loaded for vrtaucbl.sys
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: 00004efd97c19f20, Actual security check cookie from the stack
- Arg2: 000011a4264f3c41, Expected security check cookie
- Arg3: ffffee5bd9b0c3be, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: 4efd97c19f20
- BUGCHECK_P2: 11a4264f3c41
- BUGCHECK_P3: ffffee5bd9b0c3be
- BUGCHECK_P4: 0
- SECURITY_COOKIE: Expected 000011a4264f3c41 found 00004efd97c19f20
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0xF7
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:07:48.0098
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- EXCEPTION_RECORD: ffffca8921add030 -- (.exr 0xffffca8921add030)
- ExceptionAddress: ffffca8921add250
- ExceptionCode: 219af030
- ExceptionFlags: ffffca89
- NumberParameters: 0
- TRAP_FRAME: fffff80100000000 -- (.trap 0xfffff80100000000)
- Unable to read trap frame at fffff801`00000000
- LAST_CONTROL_TRANSFER: from fffff8017962a9e1 to fffff801795cbc00
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff801794ad03b-fffff801794ad03c 2 bytes - nt!MmUnlockPages+9b
- [ 80 f6:00 fa ]
- fffff801794ad065-fffff801794ad066 2 bytes - nt!MmUnlockPages+c5 (+0x2a)
- [ 80 f6:00 fa ]
- fffff801794ad0df-fffff801794ad0e1 3 bytes - nt!MmUnlockPages+13f (+0x7a)
- [ 40 fb f6:00 7d fa ]
- fffff801794ad397-fffff801794ad398 2 bytes - nt!MmUnlockPages+3f7 (+0x2b8)
- [ 80 f6:00 fa ]
- fffff801794ad53f-fffff801794ad540 2 bytes - nt!MmUnlockPages+59f (+0x1a8)
- [ ff f6:7f fa ]
- fffff801794ad57c - nt!MmUnlockPages+5dc (+0x3d)
- [ fa:99 ]
- fffff801794ad5a7 - nt!MmUnlockPages+607 (+0x2b)
- [ fa:99 ]
- fffff801794ad63d-fffff801794ad63e 2 bytes - nt!MmUnlockPages+69d (+0x96)
- [ 80 f6:00 fa ]
- fffff801794ad814-fffff801794ad815 2 bytes - nt!MmUnlockPages+874 (+0x1d7)
- [ 80 f6:00 fa ]
- fffff801794ad865-fffff801794ad866 2 bytes - nt!MmUnlockPages+8c5 (+0x51)
- [ 80 f6:00 fa ]
- fffff801794ad99f - nt!MmUnlockPages+9ff (+0x13a)
- [ fa:99 ]
- fffff801794ada6b-fffff801794ada6c 2 bytes - nt!MmUnlockPages+acb (+0xcc)
- [ ff f6:7f fa ]
- fffff801794adaa0-fffff801794adaa1 2 bytes - nt!MmUnlockPages+b00 (+0x35)
- [ ff f6:7f fa ]
- fffff801794adac6 - nt!MmUnlockPages+b26 (+0x26)
- [ fa:99 ]
- fffff801794adb05-fffff801794adb06 2 bytes - nt!MmUnlockPages+b65 (+0x3f)
- [ 80 f6:00 fa ]
- fffff801794adc58 - nt!MmUnlockPages+cb8 (+0x153)
- [ fa:99 ]
- fffff801794adda8-fffff801794adda9 2 bytes - nt!MmUnlockPages+e08 (+0x150)
- [ 80 f6:00 fa ]
- fffff801794ade7e-fffff801794ade7f 2 bytes - nt!MiInsertCachedPte+3e (+0xd6)
- [ 80 f6:00 fa ]
- fffff801794adfd8-fffff801794adfd9 2 bytes - nt!MiInsertCachedPte+198 (+0x15a)
- [ ff f6:7f fa ]
- 34 errors : !nt (fffff801794ad03b-fffff801794adfd9)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-21T06:55:49.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 1198
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
- BUILDDATESTAMP_STR: 170427-1353
- BUILDLAB_STR: rs1_release_sec
- BUILDOSVER_STR: 10.0.14393.1198
- ANALYSIS_SESSION_ELAPSED_TIME: 191a
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052017-5734-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff801`44076000 PsLoadedModuleList = 0xfffff801`44375000
- Debug session time: Sun May 21 00:19:49.394 2017 (UTC - 4:00)
- System Uptime: 0 days 1:12:15.053
- BugCheck 3B, {c0000005, fffff80bff3fabef, ffffcc81cf0693a0, 0}
- Probably caused by : dxgkrnl.sys ( dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb )
- Followup: MachineOwner
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff80bff3fabef, Address of the instruction which caused the bugcheck
- Arg3: ffffcc81cf0693a0, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: c0000005
- BUGCHECK_P2: fffff80bff3fabef
- BUGCHECK_P3: ffffcc81cf0693a0
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
- fffff80b`ff3fabef c3 ret
- CONTEXT: ffffcc81cf0693a0 -- (.cxr 0xffffcc81cf0693a0)
- rax=0000000040005d00 rbx=0000000000000000 rcx=00000000fffffffc
- rdx=0000000000000002 rsi=ffffdf0648bc7000 rdi=ffffdf064b2f8a00
- rip=fffff80bff3fabef rsp=ffffcc81cf069db8 rbp=00000000c01e0104
- r8=ffffa70431af0f48 r9=0000000000000003 r10=7fffa70431af0f48
- r11=7ffffffffffffffc r12=0000000000000001 r13=ffffcc81cf06a9e0
- r14=ffffcc81cf06a068 r15=ffffa7042fced330
- iopl=0 nv up ei ng nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210282
- dxgkrnl!DXGPROCESS::UpdateHandleInstance+0xeb:
- fffff80b`ff3fabef c3 ret
- Resetting default scope
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: Battle.net.exe
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:12:12.0602
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff80bff499381 to fffff80bff3fabef
- THREAD_SHA1_HASH_MOD_FUNC: 270a5070c5aa99eb3fd91d60fad48fa669db12f1
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 20d6d650f8ee37e927294cd5075125d2b7e4281e
- THREAD_SHA1_HASH_MOD: ff08c251ebf754aea31a7bc85deef3f57ecf5f61
- FOLLOWUP_IP:
- dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
- fffff80b`ff3fabef c3 ret
- FAULT_INSTR_CODE: 5c8948c3
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: dxgkrnl!DXGPROCESS::UpdateHandleInstance+eb
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: dxgkrnl
- IMAGE_NAME: dxgkrnl.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 590280ba
- IMAGE_VERSION: 10.0.14393.1198
- STACK_COMMAND: .cxr 0xffffcc81cf0693a0 ; kb
- BUCKET_ID_FUNC_OFFSET: eb
- FAILURE_BUCKET_ID: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
- BUCKET_ID: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
- PRIMARY_PROBLEM_CLASS: 0x3B_dxgkrnl!DXGPROCESS::UpdateHandleInstance
- TARGET_TIME: 2017-05-21T04:19:49.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 1198
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
- BUILDDATESTAMP_STR: 170427-1353
- BUILDLAB_STR: rs1_release_sec
- BUILDOSVER_STR: 10.0.14393.1198
- ANALYSIS_SESSION_ELAPSED_TIME: afb
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x3b_dxgkrnl!dxgprocess::updatehandleinstance
- FAILURE_ID_HASH: {134ffa56-dbd0-f3f3-7f29-900975d0f0d0}
- Followup: MachineOwner
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052117-5437-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 14393 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
- Machine Name:
- Kernel base = 0xfffff802`27e7c000 PsLoadedModuleList = 0xfffff802`2817b000
- Debug session time: Sun May 21 07:47:13.884 2017 (UTC - 4:00)
- System Uptime: 0 days 4:15:02.543
- BugCheck 1E, {ffffffffc0000005, fffff801b001159d, 0, ffffffffffffffff}
- Probably caused by : NETIO.SYS ( NETIO!RtlGetNextExpiredTimerWheelEntry+fd )
- Followup: MachineOwner
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc0000005, The exception code that was not handled
- Arg2: fffff801b001159d, The address that the exception occurred at
- Arg3: 0000000000000000, Parameter 0 of the exception
- Arg4: ffffffffffffffff, Parameter 1 of the exception
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.14393.1198 (rs1_release_sec.170427-1353)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: ffffffffc0000005
- BUGCHECK_P2: fffff801b001159d
- BUGCHECK_P3: 0
- BUGCHECK_P4: ffffffffffffffff
- READ_ADDRESS: ffffffffffffffff
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- NETIO!RtlGetNextExpiredTimerWheelEntry+fd
- fffff801`b001159d 418b4010 mov eax,dword ptr [r8+10h]
- EXCEPTION_PARAMETER2: ffffffffffffffff
- BUGCHECK_STR: 0x1E_c0000005_R
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:19:09.0701
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: ffffb88d9f412090 -- (.trap 0xffffb88d9f412090)
- Unable to read trap frame at ffffb88d`9f412090
- LAST_CONTROL_TRANSFER: from fffff80228049be2 to fffff80227fcac00
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 4434700246d0c8bdb2162d225b663ff737d97853
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c34bdddd4b678b94bb394ac09f45f317dbdbbe90
- THREAD_SHA1_HASH_MOD: 3f7952046da93f8cea99c4d89e5b05fa6b80aafe
- FOLLOWUP_IP:
- NETIO!RtlGetNextExpiredTimerWheelEntry+fd
- fffff801`b001159d 418b4010 mov eax,dword ptr [r8+10h]
- FAULT_INSTR_CODE: 10408b41
- SYMBOL_STACK_INDEX: 7
- SYMBOL_NAME: NETIO!RtlGetNextExpiredTimerWheelEntry+fd
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: NETIO
- IMAGE_NAME: NETIO.SYS
- DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40
- IMAGE_VERSION: 10.0.14393.0
- BUCKET_ID_FUNC_OFFSET: fd
- FAILURE_BUCKET_ID: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
- BUCKET_ID: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
- PRIMARY_PROBLEM_CLASS: 0x1E_c0000005_R_NETIO!RtlGetNextExpiredTimerWheelEntry
- TARGET_TIME: 2017-05-21T11:47:13.000Z
- OSBUILD: 14393
- OSSERVICEPACK: 1198
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:39:04
- BUILDDATESTAMP_STR: 170427-1353
- BUILDLAB_STR: rs1_release_sec
- BUILDOSVER_STR: 10.0.14393.1198
- ANALYSIS_SESSION_ELAPSED_TIME: 28685
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x1e_c0000005_r_netio!rtlgetnextexpiredtimerwheelentry
- FAILURE_ID_HASH: {cfebd0ed-af9f-f49e-6fae-731930002c7a}
- Followup: MachineOwner
- GardenMan: I ran "!errrec fffff801b001159d" and got 10+ pages of errors like this:
- ===============================================================================
- Section 19467 : {20006500-7700-6900-006e-0064006f0077}
- -------------------------------------------------------------------------------
- Descriptor @ fffff801b0167935
- Section @ fffff801d001879d
- Offset : 536900096
- Length : 1694528000
- Flags : 0x76006900
- Severity : Invalid
- *** Unknown section format ***
- ===============================================================================
- Section 19468 : {6c006200-7900-2000-0063-006f006e0066}
- -------------------------------------------------------------------------------
- Descriptor @ fffff801b016797d
- Section @ fffff8020201159d
- Offset : 1375731712
- Length : 1627415808
- Flags : 0x6d006500
- Severity : Invalid
- *** Unknown section format ***
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052717-5906-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff802`8ea82000 PsLoadedModuleList = 0xfffff802`8edce5a0
- Debug session time: Sat May 27 06:56:25.823 2017 (UTC - 4:00)
- System Uptime: 1 days 12:58:31.447
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- BugCheck 50, {ffffffffffffff03, 0, ffffbb5ceca5a270, 0}
- Could not read faulting driver name
- Probably caused by : memory_corruption
- Followup: memory_corruption
- PAGE_FAULT_IN_NONPAGED_AREA (50)
- Invalid system memory was referenced. This cannot be protected by try-except.
- Typically the address is just plain bad or it is pointing at freed memory.
- Arguments:
- Arg1: ffffffffffffff03, memory referenced.
- Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
- Arg3: ffffbb5ceca5a270, If non-zero, the instruction address which referenced the bad memory
- address.
- Arg4: 0000000000000000, (reserved)
- Debugging Details:
- Could not read faulting driver name
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: ffffffffffffff03
- BUGCHECK_P2: 0
- BUGCHECK_P3: ffffbb5ceca5a270
- BUGCHECK_P4: 0
- READ_ADDRESS: ffffffffffffff03
- FAULTING_IP:
- win32kfull!RawInputThread+14a0
- ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h]
- MM_INTERNAL_CODE: 0
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: csrss.exe
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:27:12.0235
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: ffffbe811c2cd600 -- (.trap 0xffffbe811c2cd600)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000004
- rdx=ffffbb5ced1fe120 rsi=0000000000000000 rdi=0000000000000000
- rip=ffffbb5ceca5a270 rsp=ffffbe811c2cd790 rbp=ffffbe811c2cd890
- r8=00000000ffffffff r9=0000000000000004 r10=0000000000000000
- r11=fffff8028ebfa80f r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na pe nc
- win32kfull!RawInputThread+0x14a0:
- ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h] ds:ffffffff`ffffff03=????????????
- Resetting default scope
- MISALIGNED_IP:
- win32kfull!RawInputThread+14a0
- ffffbb5c`eca5a270 ffa9fffeffff jmp fword ptr [rcx-101h]
- LAST_CONTROL_TRANSFER: from fffff8028ec1d05c to fffff8028ebee310
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8028eaf0840 - nt!MmAccessFault+bc0
- [ f6:ce ]
- 1 error : !nt (fffff8028eaf0840)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: ONE_BYTE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
- BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BYTE
- TARGET_TIME: 2017-05-27T10:56:25.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 1607
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_one_byte
- FAILURE_ID_HASH: {ad110d6a-3b33-2c0a-c931-570eae1ba92d}
- Followup: memory_corruption
- GardenMan: More errors with errrec, nothing useful.
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5640-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff800`45498000 PsLoadedModuleList = 0xfffff800`457e45a0
- Debug session time: Mon May 29 02:05:33.060 2017 (UTC - 4:00)
- System Uptime: 0 days 3:55:53.685
- BugCheck D1, {ffffffffffffff8d, 9, 1, fffff80e64839673}
- *** WARNING: Unable to verify timestamp for atikmdag.sys
- *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
- Probably caused by : hardware ( atikmdag+179673 )
- Followup: MachineOwner
- DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If kernel debugger is available get stack backtrace.
- Arguments:
- Arg1: ffffffffffffff8d, memory referenced
- Arg2: 0000000000000009, IRQL
- Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
- Arg4: fffff80e64839673, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: ffffffffffffff8d
- BUGCHECK_P2: 9
- BUGCHECK_P3: 1
- BUGCHECK_P4: fffff80e64839673
- WRITE_ADDRESS: ffffffffffffff8d
- CURRENT_IRQL: 9
- FAULTING_IP:
- atikmdag+179673
- fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:33:44.0569
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: fffff800477c72a0 -- (.trap 0xfffff800477c72a0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff800477c88f8 rbx=0000000000000000 rcx=0000000000000000
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80e64839673 rsp=fffff800477c7430 rbp=ffffe68670f01010
- r8=0000000000000003 r9=ffffe68677cf2328 r10=0000000000000010
- r11=fffff80e6494d593 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl zr na po nc
- atikmdag+0x179673:
- fffff80e`64839673 00498d add byte ptr [rcx-73h],cl ds:ffffffff`ffffff8d=??
- Resetting default scope
- MISALIGNED_IP:
- atikmdag+179673
- fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
- LAST_CONTROL_TRANSFER: from fffff8004560f6a9 to fffff80045604310
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 27490373ec73fc45b554e0788b0424eecf249889
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 59bd0b0b523e365068eb9a3747fd5d7cabdee296
- THREAD_SHA1_HASH_MOD: 1c00ea3ebc09108ed707b096697d00af46def685
- FOLLOWUP_IP:
- atikmdag+179673
- fffff80e`64839673 00498d add byte ptr [rcx-73h],cl
- FAULT_INSTR_CODE: 4e8d4900
- SYMBOL_STACK_INDEX: 3
- SYMBOL_NAME: atikmdag+179673
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware
- IMAGE_NAME: hardware
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAILURE_BUCKET_ID: IP_MISALIGNED_atikmdag.sys
- BUCKET_ID: IP_MISALIGNED_atikmdag.sys
- PRIMARY_PROBLEM_CLASS: IP_MISALIGNED_atikmdag.sys
- TARGET_TIME: 2017-05-29T06:05:33.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 17165
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:ip_misaligned_atikmdag.sys
- FAILURE_ID_HASH: {3ce26958-be6d-9cae-16e3-b57ff51098bd}
- Followup: MachineOwner
- GardenMan: Nothing useful from errrec
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5656-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff801`b7e8d000 PsLoadedModuleList = 0xfffff801`b81d95a0
- Debug session time: Sun May 28 22:09:10.488 2017 (UTC - 4:00)
- System Uptime: 0 days 3:06:45.114
- BugCheck A, {fe083c6, b, 1, fffff801b7ee1528}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 000000000fe083c6, memory referenced
- Arg2: 000000000000000b, IRQL
- Arg3: 0000000000000001, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff801b7ee1528, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: fe083c6
- BUGCHECK_P2: b
- BUGCHECK_P3: 1
- BUGCHECK_P4: fffff801b7ee1528
- WRITE_ADDRESS: 000000000fe083c6
- CURRENT_IRQL: b
- FAULTING_IP:
- nt!EtwpLogKernelEvent+268
- fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:38:05.0473
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: fffff801ba1d7ca0 -- (.trap 0xfffff801ba1d7ca0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffa5046afef00f rbx=0000000000000000 rcx=fffff801b7ee1850
- rdx=0000000000000028 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff801b7ee1528 rsp=fffff801ba1d7e30 rbp=fffff801ba1d7eb9
- r8=ffffa504627f7010 r9=0000000000000002 r10=0000000000000002
- r11=0000000000001000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na po nc
- nt!EtwpLogKernelEvent+0x268:
- fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl ds:00000000`0fe083c6=??
- Resetting default scope
- MISALIGNED_IP:
- nt!EtwpLogKernelEvent+268
- fffff801`b7ee1528 008bc683e00f add byte ptr [rbx+0FE083C6h],cl
- LAST_CONTROL_TRANSFER: from fffff801b80046a9 to fffff801b7ff9310
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff801b7ee1d6e-fffff801b7ee1d6f 2 bytes - nt!MmMapLockedPagesSpecifyCache+fe
- [ 80 f6:00 a1 ]
- fffff801b7ee1e13-fffff801b7ee1e14 2 bytes - nt!MmMapLockedPagesSpecifyCache+1a3 (+0xa5)
- [ ff f6:7f a1 ]
- fffff801b7ee1e24-fffff801b7ee1e26 3 bytes - nt!MmMapLockedPagesSpecifyCache+1b4 (+0x11)
- [ 40 fb f6:80 50 a1 ]
- fffff801b7ee1ede-fffff801b7ee1edf 2 bytes - nt!MmMapLockedPagesSpecifyCache+26e (+0xba)
- [ 80 fa:00 c7 ]
- fffff801b7ee1f3a-fffff801b7ee1f3b 2 bytes - nt!MmMapLockedPagesSpecifyCache+2ca (+0x5c)
- [ 80 fa:00 c7 ]
- fffff801b7ee1fc7-fffff801b7ee1fc8 2 bytes - nt!MmMapLockedPagesSpecifyCache+357 (+0x8d)
- [ 80 fa:00 c7 ]
- 13 errors : !nt (fffff801b7ee1d6e-fffff801b7ee1fc8)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-29T02:09:10.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 18d9
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- GardenMan: errrec on Param 4 returned many many pages of stuff that looked like this:
- (2 sections repeated over and over)
- ===============================================================================
- Section 49280 : {004bff3c-ff4b-004b-7c6c-330054ff4b00}
- -------------------------------------------------------------------------------
- Descriptor @ fffff801b82439a8
- Section @ fffff801b81b9654
- Offset : 2982188
- Length : 4980464
- Flags : 0x002ef84c Reset ThresholdExceeded
- Severity : Invalid
- FRU Id : {004bffa2-66b8-002c-b0ff-4b0046044c00}
- FRU Text : LL
- *** Unknown section format ***
- ===============================================================================
- Section 49281 : {004c06a4-06fe-004c-d8f8-2e0004074c00}
- -------------------------------------------------------------------------------
- Descriptor @ fffff801b82439f0
- Section @ fffff801b81a7be0
- Offset : 2909880
- Length : 4982388
- Flags : 0x002ef8bc Reset ThresholdExceeded ResourceNotAvailable LatentError
- Severity : Invalid
- *** Unknown section format ***
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-5765-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff802`04e0f000 PsLoadedModuleList = 0xfffff802`0515b5a0
- Debug session time: Sun May 28 05:59:48.614 2017 (UTC - 4:00)
- System Uptime: 0 days 23:02:45.239
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- BugCheck 1E, {ffffffffc000001d, fffff80204e64473, ffffc20114a2fc80, 0}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc000001d, The exception code that was not handled
- Arg2: fffff80204e64473, The address that the exception occurred at
- Arg3: ffffc20114a2fc80, Parameter 0 of the exception
- Arg4: 0000000000000000, Parameter 1 of the exception
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: ffffffffc000001d
- BUGCHECK_P2: fffff80204e64473
- BUGCHECK_P3: ffffc20114a2fc80
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.
- FAULTING_IP:
- nt!PpmCheckSnapAllDeliveredPerformance+1e3
- fffff802`04e64473 440fb7542440 movzx r10d,word ptr [rsp+40h]
- EXCEPTION_PARAMETER1: ffffc20114a2fc80
- BUGCHECK_STR: 0x1E_c000001d
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:41:56.0552
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- EXCEPTION_RECORD: 0000001600000008 -- (.exr 0x1600000008)
- Cannot read Exception record @ 0000001600000008
- TRAP_FRAME: ffffb20c2aa39250 -- (.trap 0xffffb20c2aa39250)
- Unable to read trap frame at ffffb20c`2aa39250
- LAST_CONTROL_TRANSFER: from fffff8020500a1a6 to fffff80204f7b310
- FAILED_INSTRUCTION_ADDRESS:
- nt!PpmCheckSnapAllDeliveredPerformance+1e3
- fffff802`04e64473 440fb7542440 movzx r10d,word ptr [rsp+40h]
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
- 6 errors : !nt (fffff80204e6406f-fffff80204f17ab8)
- fffff80204e64060 82 2a fe ff ff e9 2a fe ff ff 48 b8 ff ff ff *bf .*....*...H.....
- fffff80204e64070 *78 *f1 ff ff 4c 3b f0 0f 87 b5 fd ff ff e9 ae eb x...L;..........
- fffff80204f17a80 8b e9 48 ba 00 00 00 00 80 *ea ff ff 4b 8d 2c 76 ..H.........K.,v
- fffff80204f17ab0 c1 48 b9 00 00 00 00 *00 *f1 ff ff 48 8b 0c 08 48 .H.........H...H
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: STRIDE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
- BUCKET_ID: MEMORY_CORRUPTION_STRIDE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_STRIDE
- TARGET_TIME: 2017-05-28T09:59:48.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 18f7
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_stride
- FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
- Followup: memory_corruption
- GardenMan: errrec returned same results as above, first param was nothing.
- 2nd param was many pages like this:
- ===============================================================================
- Section 64164 : {b42cd835-4cff-ac8b-24f8-0000004c8bbc}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc313
- Section @ fffff80250e7cd73
- Offset : 1275169024
- Length : 753087885
- Flags : 0x8d4cff33 Primary ContainmentWarning ResourceNotAvailable LatentError
- Severity : Invalid
- FRU Id : {0000f024-4800-b48b-2490-000000488b4c}
- FRU Text : ÉtèÑ}¸ÿ?|$A
- *** Unknown section format ***
- ===============================================================================
- Section 64165 : {803084b6-34bf-4800-8bde-482bd8e923f9}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc35b
- Section @ fffff802ee2a68ef
- Offset : 3913557116
- Length : 4294965644
- Flags : 0x0f4203e0 LatentError
- Severity : Invalid
- *** Unknown section format ***
- ===============================================================================
- Section 64166 : {9c820f10-14b3-4100-c745-000000000049}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc3a3
- Section @ fffff8020ed14473
- Offset : 166395904
- Length : 1143227529
- Flags : 0xfc8341ff Primary ContainmentWarning Reset ThresholdExceeded ResourceNotAvailable LatentError
- Severity : Invalid
- FRU Id : {eb087d89-8992-2444-44e9-1ef9ffffcccc}
- *** Unknown section format ***
- ===============================================================================
- Section 64167 : {45c88b4d-c033-1ae8-0000-004883c448c3}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc3eb
- Section @ fffff80249718ca3
- Offset : 1149978672
- Length : 2303225892
- Flags : 0x20244c89 Primary ThresholdExceeded
- Severity : Invalid
- *** Unknown section format ***
- ===============================================================================
- Section 64168 : {d8b60f41-8b4c-33c1-d248-895424588894}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc433
- Section @ fffff8025b2799b4
- Offset : 1447122241
- Length : 2169001793
- Flags : 0xf18b4d00
- Severity : Invalid
- *** Unknown section format ***
- ===============================================================================
- Section 64169 : {f98b4900-8b49-0848-84db-0f8589030000}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc47b
- Section @ fffff802e06a5374
- Offset : 3682864897
- Length : 1090519043
- Flags : 0x00043082 ContainmentWarning
- Severity : Invalid
- *** Unknown section format ***
- ===============================================================================
- Section 64170 : {b60f105e-248c-00d0-0000-84c90f858602}
- -------------------------------------------------------------------------------
- Descriptor @ fffff802052cc4c3
- Section @ fffff8020f5c28f7
- Offset : 175498372
- Length : 4162406
- Flags : 0x8d490014 Reset ResourceNotAvailable
- Severity : Invalid
- FRU Text : À
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-6015-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff802`d7e80000 PsLoadedModuleList = 0xfffff802`d81cc5a0
- Debug session time: Sun May 28 19:01:56.802 2017 (UTC - 4:00)
- System Uptime: 0 days 8:41:15.426
- BugCheck 3B, {c0000005, fffff802d7ecca89, ffff8780f511fdc0, 0}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff802d7ecca89, Address of the instruction which caused the bugcheck
- Arg3: ffff8780f511fdc0, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: c0000005
- BUGCHECK_P2: fffff802d7ecca89
- BUGCHECK_P3: ffff8780f511fdc0
- BUGCHECK_P4: 0
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- nt!IopCompleteRequest+509
- fffff802`d7ecca89 41f6067f test byte ptr [r14],7Fh
- CONTEXT: ffff8780f511fdc0 -- (.cxr 0xffff8780f511fdc0)
- rax=0000000000000000 rbx=ffffd286e14a7d60 rcx=000002385fe64a58
- rdx=ffffd286df2e5410 rsi=0000000000000000 rdi=ffffd286e1535600
- rip=fffff802d7ecca89 rsp=ffff8780f51207c0 rbp=ffff8780f5120b80
- r8=ffffd286df2e5410 r9=000000000000000d r10=ffff8780f1fa0f00
- r11=ffffd286df55b780 r12=ffffd286e14a7dd8 r13=ffffd286e0114300
- r14=0004000000000000 r15=ffffd286df248980
- iopl=0 nv up ei pl nz na po nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
- nt!IopCompleteRequest+0x509:
- fffff802`d7ecca89 41f6067f test byte ptr [r14],7Fh ds:002b:00040000`00000000=??
- Resetting default scope
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: chrome.exe
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:45:47.0026
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- IRP_ADDRESS: ffffd286e14a7d60
- DEVICE_OBJECT: ffffd286dc326880
- DRIVER_OBJECT: ffffd286dc2c8060
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAULTING_MODULE: fffff80b29790000 Npfs
- LAST_CONTROL_TRANSFER: from fffff802d7e934a5 to fffff802d7ecca89
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff802d7ef9463 - nt!MiDeletePteList+593
- [ fa:99 ]
- 1 error : !nt (fffff802d7ef9463)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- MEMORY_CORRUPTOR: ONE_BYTE
- STACK_COMMAND: .cxr 0xffff8780f511fdc0 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
- BUCKET_ID: MEMORY_CORRUPTION_ONE_BYTE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BYTE
- TARGET_TIME: 2017-05-28T23:01:56.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 192e
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_one_byte
- FAILURE_ID_HASH: {ad110d6a-3b33-2c0a-c931-570eae1ba92d}
- Followup: memory_corruption
- GardenMan: !errrec returned same results as above.
- ==================================================================
- ==================================================================
- ==================================================================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\UserName\Desktop\dmp files\052817-6640-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Machine Name:
- Kernel base = 0xfffff801`9868e000 PsLoadedModuleList = 0xfffff801`989da5a0
- Debug session time: Sun May 28 10:20:08.341 2017 (UTC - 4:00)
- System Uptime: 0 days 4:19:49.969
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- BugCheck A, {4, 2, 1, fffff801986a9a74}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000004, memory referenced
- Arg2: 0000000000000002, IRQL
- Arg3: 0000000000000001, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff801986a9a74, address which referenced memory
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.296 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: MSI
- SYSTEM_PRODUCT_NAME: MS-7850
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: V4.11
- BIOS_DATE: 02/16/2016
- BASEBOARD_MANUFACTURER: MSI
- BASEBOARD_PRODUCT: Z97 PC Mate(MS-7850)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 2
- BUGCHECK_P1: 4
- BUGCHECK_P2: 2
- BUGCHECK_P3: 1
- BUGCHECK_P4: fffff801986a9a74
- WRITE_ADDRESS: 0000000000000004
- CURRENT_IRQL: 2
- FAULTING_IP:
- nt!PpmParkDistributeUtility+114
- fffff801`986a9a74 410fb7c0 movzx eax,r8w
- CPU_COUNT: 4
- CPU_MHZ: dac
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: System
- ANALYSIS_SESSION_HOST: UserName-PC
- ANALYSIS_SESSION_TIME: 05-29-2017 12:48:40.0983
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- TRAP_FRAME: fffff8019a9c95d0 -- (.trap 0xfffff8019a9c95d0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000574 rbx=0000000000000000 rcx=0000000000000000
- rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff801986a9a74 rsp=fffff8019a9c9760 rbp=fffff8019a9c97b8
- r8=0000000000000001 r9=0000000000000000 r10=0000000000000000
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na pe nc
- nt!PpmParkDistributeUtility+0x114:
- fffff801`986a9a74 410fb7c0 movzx eax,r8w
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff801988056a9 to fffff801987fa310
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80198799335-fffff80198799336 2 bytes - nt!MiMakeProtoLeafValid+4d
- [ 80 f6:00 f5 ]
- 2 errors : !nt (fffff80198799335-fffff80198799336)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-05-28T14:20:08.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 296
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-04-27 19:52:30
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.296
- ANALYSIS_SESSION_ELAPSED_TIME: 18c6
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ==================================================================
- ==================================================================
- ==================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement