10/22/2019

1.  
2. Microsoft (R) Windows Debugger Version 10.0.19494.1001 AMD64
3. Copyright (c) Microsoft Corporation. All rights reserved.
4.  
5.  
6. Loading Dump File [C:\WINDOWS\Minidump\102219-7593-01.dmp]
7. Mini Kernel Dump File: Only registers and stack trace are available
8.  
9.  
10. ************* Path validation summary **************
11. Response Time (ms) Location
12. Deferred srv*
13. Symbol search path is: srv*
14. Executable search path is:
15. Windows 10 Kernel Version 18362 MP (12 procs) Free x64
16. Product: WinNt, suite: TerminalServer SingleUserTS
17. Machine Name:
18. Kernel base = 0xfffff804`37800000 PsLoadedModuleList = 0xfffff804`37c48210
19. Debug session time: Tue Oct 22 20:56:50.041 2019 (UTC - 6:00)
20. System Uptime: 0 days 5:41:56.787
21. Loading Kernel Symbols
22. ...............................................................
23. ................................................................
24. ................................................................
25. ..................
26. Loading User Symbols
27. Loading unloaded module list
28. ..........
29. For analysis of this file, run !analyze -v
30. nt!KeBugCheckEx:
31. fffff804`379c1220 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffa0e`931ee4b0=00000000000000be
32. 9: kd> !analyze -v
33. *******************************************************************************
34. * *
35. * Bugcheck Analysis *
36. * *
37. *******************************************************************************
38.  
39. ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
40. An attempt was made to write to readonly memory. The guilty driver is on the
41. stack trace (and is typically the current instruction pointer).
42. When possible, the guilty driver's name (Unicode string) is printed on
43. the bugcheck screen and saved in KiBugCheckDriver.
44. Arguments:
45. Arg1: ffffe7802b98b208, Virtual address for the attempted write.
46. Arg2: 8a00000000200021, PTE contents.
47. Arg3: fffffa0e931ee690, (reserved)
48. Arg4: 000000000000000a, (reserved)
49.  
50. Debugging Details:
51. ------------------
52.  
53.  
54. KEY_VALUES_STRING: 1
55.  
56. Key : Analysis.CPU.Sec
57. Value: 1
58.  
59. Key : Analysis.DebugAnalysisProvider.CPP
60. Value: Create: 8007007e on DESKTOP-1CBU1CD
61.  
62. Key : Analysis.DebugData
63. Value: CreateObject
64.  
65. Key : Analysis.DebugModel
66. Value: CreateObject
67.  
68. Key : Analysis.Elapsed.Sec
69. Value: 1
70.  
71. Key : Analysis.Memory.CommitPeak.Mb
72. Value: 78
73.  
74. Key : Analysis.System
75. Value: CreateObject
76.  
77.  
78. DUMP_FILE_ATTRIBUTES: 0x8
79. Kernel Generated Triage Dump
80.  
81. BUGCHECK_CODE: be
82.  
83. BUGCHECK_P1: ffffe7802b98b208
84.  
85. BUGCHECK_P2: 8a00000000200021
86.  
87. BUGCHECK_P3: fffffa0e931ee690
88.  
89. BUGCHECK_P4: a
90.  
91. CUSTOMER_CRASH_COUNT: 1
92.  
93. PROCESS_NAME: MsMpEng.exe
94.  
95. TRAP_FRAME: fffffa0e931ee690 -- (.trap 0xfffffa0e931ee690)
96. NOTE: The trap frame does not contain all registers.
97. Some register values may be zeroed or incorrect.
98. rax=ffffe78000000000 rbx=0000000000000000 rcx=0000000fffffffff
99. rdx=ffffeb75badd6000 rsi=0000000000000000 rdi=0000000000000000
100. rip=fffff8043780ef03 rsp=fffffa0e931ee820 rbp=0000000000000040
101. r8=cfffffffffffffff r9=0000000000000000 r10=fffff80437c6c480
102. r11=ffffeb75badd6fff r12=0000000000000000 r13=0000000000000000
103. r14=0000000000000000 r15=0000000000000000
104. iopl=0 nv up ei ng nz na po nc
105. nt!MmUnmapViewInSystemCache+0x6a3:
106. fffff804`3780ef03 f0480fba6e183f lock bts qword ptr [rsi+18h],3Fh ds:00000000`00000018=????????????????
107. Resetting default scope
108.  
109. STACK_TEXT:
110. fffffa0e`931ee4a8 fffff804`37a4edbd : 00000000`000000be ffffe780`2b98b208 8a000000`00200021 fffffa0e`931ee690 : nt!KeBugCheckEx
111. fffffa0e`931ee4b0 fffff804`3787301a : 8a000000`00200021 00000000`00000003 fffffa0e`931ee5f0 00000000`00000000 : nt!MiRaisedIrqlFault+0x12e99d
112. fffffa0e`931ee4f0 fffff804`379cf320 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x48a
113. fffffa0e`931ee690 fffff804`3780ef03 : fffff804`37c6c480 ffffc202`7291d038 ffffc202`7291e038 1a000001`f6b36863 : nt!KiPageFault+0x360
114. fffffa0e`931ee820 fffff804`37dd5a7f : ffff858c`560c0000 ffffb10f`575dc2c0 00000000`00000000 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x6a3
115. fffffa0e`931ee930 fffff804`3780b672 : 00000000`1a680000 ffffc202`7d042c40 ffffc202`72be0a40 00000000`00000001 : nt!CcUnmapVacb+0x63
116. fffffa0e`931ee970 fffff804`3787e95c : 00000000`1a700001 ffffc202`7290aa80 00000000`1a600000 00000000`00000001 : nt!CcUnmapVacbArray+0x202
117. fffffa0e`931ee9e0 fffff804`37e1e6e5 : ffffc202`00000000 ffffc202`00000001 fffffa0e`931eeaf0 fffffa0e`931eeb08 : nt!CcGetVirtualAddress+0x39c
118. fffffa0e`931eea80 fffff804`3de89778 : fffffa0e`931eeb58 ffffc202`8708b9a8 ffffc202`7d26f180 fffff804`3dbfc47a : nt!CcMapData+0x75
119. fffffa0e`931eeaf0 fffff804`3ddbe8c0 : 00000000`00000000 fffff804`3ddb3644 ffffc202`87fc0010 ffffc202`7a1d8020 : Ntfs!NtfsReadMftRecord+0xf8
120. fffffa0e`931eec00 fffff804`3dec8a6a : 00000000`00000000 fffffa0e`931ef2c0 ffffc202`8708b9a8 00000000`00000000 : Ntfs!NtfsQueryMftRecord+0x30
121. fffffa0e`931eec60 fffff804`3de99f23 : ffffc202`8708b9a8 ffffc202`82c81010 00000000`00000000 00010000`00069c4f : Ntfs!NtfsOpenFcbById+0x122
122. fffffa0e`931eed60 fffff804`3de9bcde : ffffc202`8708b9a8 fffffa0e`931ef020 ffffc202`8708b9a8 ffffc202`82c81010 : Ntfs!NtfsCommonCreate+0x1a93
123. fffffa0e`931eef50 fffff804`37831f39 : ffffc202`7d26f030 ffffc202`82c81010 ffffc202`7a10e700 ffffc202`7d253090 : Ntfs!NtfsFsdCreate+0x1fe
124. fffffa0e`931ef180 fffff804`3c6c55de : ffffc202`82c81010 ffffc202`82c81400 ffffc202`82c81010 ffffc202`88404120 : nt!IofCallDriver+0x59
125. fffffa0e`931ef1c0 fffff804`3c6fcd27 : fffffa0e`931ef280 00000000`00000050 00000000`00000001 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15e
126. fffffa0e`931ef240 fffff804`37831f39 : 00000000`00000000 ffffc202`81ae6304 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x307
127. fffffa0e`931ef2f0 fffff804`37830fe4 : 00000000`00000003 00000000`00000000 00000000`00000000 fffff804`378317a3 : nt!IofCallDriver+0x59
128. fffffa0e`931ef330 fffff804`37de5ffb : fffffa0e`931ef601 ffffc202`81ae6304 fffffa0e`931ef5d0 ffffc202`81ae63d0 : nt!IoCallDriverWithTracing+0x34
129. fffffa0e`931ef380 fffff804`37ebccc7 : ffffc202`7d061d60 00000000`00000004 ffffc202`85de7a70 00000000`00120001 : nt!IopParseDevice+0x62b
130. fffffa0e`931ef4f0 fffff804`37decfcf : fffff804`37ebcc00 fffffa0e`931ef660 ffffc202`8092f520 00000000`000000f5 : nt!IopParseFile+0xc7
131. fffffa0e`931ef560 fffff804`37deb431 : ffffc202`85de7a00 fffffa0e`931ef7a8 00000000`00000040 ffffc202`728fdc40 : nt!ObpLookupObjectName+0x78f
132. fffffa0e`931ef720 fffff804`37e30300 : ffffc202`00000001 0000009f`cd97f1c8 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x201
133. fffffa0e`931ef860 fffff804`37e2fac9 : 0000009f`cd97f1a0 00000000`00100080 0000009f`cd97f1c8 0000009f`cd97f1b8 : nt!IopCreateFile+0x820
134. fffffa0e`931ef900 fffff804`379d2b15 : 00000000`00001038 00000000`00000001 00007ffc`a025cb50 fffffa0e`931efa80 : nt!NtCreateFile+0x79
135. fffffa0e`931ef990 00007ffc`a025cb64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
136. 0000009f`cd97f138 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`a025cb64
137.  
138.  
139. SYMBOL_NAME: nt!MiRaisedIrqlFault+12e99d
140.  
141. MODULE_NAME: nt
142.  
143. IMAGE_VERSION: 10.0.18362.418
144.  
145. STACK_COMMAND: .thread ; .cxr ; kb
146.  
147. IMAGE_NAME: memory_corruption
148.  
149. BUCKET_ID_FUNC_OFFSET: 12e99d
150.  
151. FAILURE_BUCKET_ID: 0xBE_nt!MiRaisedIrqlFault
152.  
153. OSPLATFORM_TYPE: x64
154.  
155. OSNAME: Windows 10
156.  
157. FAILURE_ID_HASH: {1c5b4d11-09e0-def3-d2d0-70a11d69b92d}
158.  
159. Followup: MachineOwner
160. ---------