Microsoft (R) Windows Debugger Version 10.0.17074.1002 AMD64Copyright (c) Mi

1.  
2. Microsoft (R) Windows Debugger Version 10.0.17074.1002 AMD64
3. Copyright (c) Microsoft Corporation. All rights reserved.
4.  
5.  
6. Loading Dump File [C:\Windows\MEMORY.DMP]
7. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
8.  
9. Symbol search path is: srv*
10. Executable search path is:
11. Windows 10 Kernel Version 16299 MP (16 procs) Free x64
12. Product: WinNt, suite: TerminalServer SingleUserTS Personal
13. Built by: 16299.15.amd64fre.rs3_release.170928-1534
14. Machine Name:
15. Kernel base = 0xfffff802`fa00c000 PsLoadedModuleList = 0xfffff802`fa373110
16. Debug session time: Wed Mar 7 21:46:15.007 2018 (UTC + 0:00)
17. System Uptime: 4 days 20:40:18.472
18. Loading Kernel Symbols
19. ...............................................................
20. ................................................................
21. ..........................................................
22. Loading User Symbols
23. PEB is paged out (Peb.Ldr = 000000d4`e9f06018). Type ".hh dbgerr001" for details
24. Loading unloaded module list
25. .................................
26. *******************************************************************************
27. * *
28. * Bugcheck Analysis *
29. * *
30. *******************************************************************************
31.  
32. Use !analyze -v to get detailed debugging information.
33.  
34. BugCheck A, {ffffcf089df669a8, 2, 0, fffff802fa00fe0f}
35.  
36. Probably caused by : memory_corruption ( nt!MiEmptyPageAccessLog+23f )
37.  
38. Followup: MachineOwner
39. ---------
40.  
41. nt!KeBugCheckEx:
42. fffff802`fa181430 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9c83`bb192a90=000000000000000a
43. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis'
44. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis'
45. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis'
46. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis'
47. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis'
48. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis'
49. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis'
50. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis'
51. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis'
52. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis'
53. NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.1801.31001.0_x86__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis'
54.  
55. Microsoft (R) Windows Debugger Version 10.0.17074.1002 AMD64
56. Copyright (c) Microsoft Corporation. All rights reserved.
57.  
58.  
59. Loading Dump File [C:\Windows\Minidump\030718-25328-01.dmp]
60. Mini Kernel Dump File: Only registers and stack trace are available
61.  
62. Symbol search path is: srv*
63. Executable search path is:
64. Windows 10 Kernel Version 16299 MP (16 procs) Free x64
65. Product: WinNt, suite: TerminalServer SingleUserTS Personal
66. Built by: 16299.15.amd64fre.rs3_release.170928-1534
67. Machine Name:
68. Kernel base = 0xfffff802`fa00c000 PsLoadedModuleList = 0xfffff802`fa373110
69. Debug session time: Wed Mar 7 21:46:15.007 2018 (UTC + 0:00)
70. System Uptime: 4 days 20:40:18.472
71. Loading Kernel Symbols
72. ...............................................................
73. ................................................................
74. ..........................................................
75. Loading User Symbols
76. Loading unloaded module list
77. .................................
78. *******************************************************************************
79. * *
80. * Bugcheck Analysis *
81. * *
82. *******************************************************************************
83.  
84. Use !analyze -v to get detailed debugging information.
85.  
86. BugCheck A, {ffffcf089df669a8, 2, 0, fffff802fa00fe0f}
87.  
88. Probably caused by : memory_corruption ( nt!MiEmptyPageAccessLog+23f )
89.  
90. Followup: MachineOwner
91. ---------
92.  
93. nt!KeBugCheckEx:
94. fffff802`fa181430 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9c83`bb192a90=000000000000000a
95.  
96. ************* Path validation summary **************
97. Response Time (ms) Location
98. Deferred srv*
99. 12: kd> !analyze -v
100. *******************************************************************************
101. * *
102. * Bugcheck Analysis *
103. * *
104. *******************************************************************************
105.  
106. IRQL_NOT_LESS_OR_EQUAL (a)
107. An attempt was made to access a pageable (or completely invalid) address at an
108. interrupt request level (IRQL) that is too high. This is usually
109. caused by drivers using improper addresses.
110. If a kernel debugger is available get the stack backtrace.
111. Arguments:
112. Arg1: ffffcf089df669a8, memory referenced
113. Arg2: 0000000000000002, IRQL
114. Arg3: 0000000000000000, bitfield :
115. bit 0 : value 0 = read operation, 1 = write operation
116. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
117. Arg4: fffff802fa00fe0f, address which referenced memory
118.  
119. Debugging Details:
120. ------------------
121.  
122.  
123. KEY_VALUES_STRING: 1
124.  
125.  
126. TIMELINE_ANALYSIS: 1
127.  
128.  
129. DUMP_CLASS: 1
130.  
131. DUMP_QUALIFIER: 400
132.  
133. BUILD_VERSION_STRING: 10.0.16299.248 (WinBuild.160101.0800)
134.  
135. SYSTEM_MANUFACTURER: Micro-Star International Co., Ltd.
136.  
137. SYSTEM_PRODUCT_NAME: MS-7A32
138.  
139. SYSTEM_SKU: To be filled by O.E.M.
140.  
141. SYSTEM_VERSION: 1.0
142.  
143. BIOS_VENDOR: American Megatrends Inc.
144.  
145. BIOS_VERSION: 1.90
146.  
147. BIOS_DATE: 09/20/2017
148.  
149. BASEBOARD_MANUFACTURER: Micro-Star International Co., Ltd.
150.  
151. BASEBOARD_PRODUCT: X370 GAMING PRO CARBON (MS-7A32)
152.  
153. BASEBOARD_VERSION: 1.0
154.  
155. DUMP_TYPE: 2
156.  
157. BUGCHECK_P1: ffffcf089df669a8
158.  
159. BUGCHECK_P2: 2
160.  
161. BUGCHECK_P3: 0
162.  
163. BUGCHECK_P4: fffff802fa00fe0f
164.  
165. READ_ADDRESS: fffff802fa409380: Unable to get MiVisibleState
166. Unable to get NonPagedPoolStart
167. Unable to get NonPagedPoolEnd
168. Unable to get PagedPoolStart
169. Unable to get PagedPoolEnd
170. ffffcf089df669a8
171.  
172. CURRENT_IRQL: 2
173.  
174. FAULTING_IP:
175. nt!MiEmptyPageAccessLog+23f
176. fffff802`fa00fe0f 488b01 mov rax,qword ptr [rcx]
177.  
178. CPU_COUNT: 10
179.  
180. CPU_MHZ: bb8
181.  
182. CPU_VENDOR: AuthenticAMD
183.  
184. CPU_FAMILY: 17
185.  
186. CPU_MODEL: 1
187.  
188. CPU_STEPPING: 1
189.  
190. BLACKBOXBSD: 1 (!blackboxbsd)
191.  
192.  
193. BLACKBOXPNP: 1 (!blackboxpnp)
194.  
195.  
196. CUSTOMER_CRASH_COUNT: 1
197.  
198. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
199.  
200. BUGCHECK_STR: AV
201.  
202. PROCESS_NAME: MsMpEng.exe
203.  
204. ANALYSIS_SESSION_HOST: DESKTOP-69RG4KQ
205.  
206. ANALYSIS_SESSION_TIME: 03-09-2018 15:25:32.0482
207.  
208. ANALYSIS_VERSION: 10.0.17074.1002 amd64fre
209.  
210. TRAP_FRAME: ffff9c83bb192bd0 -- (.trap 0xffff9c83bb192bd0)
211. NOTE: The trap frame does not contain all registers.
212. Some register values may be zeroed or incorrect.
213. rax=ffffcf088cf9efe8 rbx=0000000000000000 rcx=ffffcf089df669a8
214. rdx=ffffa78b2d706840 rsi=0000000000000000 rdi=0000000000000000
215. rip=fffff802fa00fe0f rsp=ffff9c83bb192d60 rbp=0057c596b8341400
216. r8=0000000000000000 r9=0000000000000000 r10=00000000000001ff
217. r11=ffff838000000000 r12=0000000000000000 r13=0000000000000000
218. r14=0000000000000000 r15=0000000000000000
219. iopl=0 nv up ei ng nz na po nc
220. nt!MiEmptyPageAccessLog+0x23f:
221. fffff802`fa00fe0f 488b01 mov rax,qword ptr [rcx] ds:ffffcf08`9df669a8=????????????????
222. Resetting default scope
223.  
224. LAST_CONTROL_TRANSFER: from fffff802fa194529 to fffff802fa181430
225.  
226. STACK_TEXT:
227. ffff9c83`bb192a88 fffff802`fa194529 : 00000000`0000000a ffffcf08`9df669a8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
228. ffff9c83`bb192a90 fffff802`fa190659 : 00000000`00000000 00000000`63416d4d 00000000`00000200 00000000`00001000 : nt!KiBugCheckDispatch+0x69
229. ffff9c83`bb192bd0 fffff802`fa00fe0f : 00000000`04455403 fffff802`00000002 00000000`00000000 fffff802`fa232b0c : nt!KiPageFault+0x519
230. ffff9c83`bb192d60 fffff802`fa00faf4 : ffffcf08`8cf9e000 ffffcf08`00000000 00000003`00000000 00000000`043e2401 : nt!MiEmptyPageAccessLog+0x23f
231. ffff9c83`bb192df0 fffff802`fa00f7d2 : ffff8380`edc297b0 ffff83ff`ffffffff ffffcf08`8bde1000 00000000`00000000 : nt!MiAllocateAccessLog+0xf4
232. ffff9c83`bb192e20 fffff802`fa0700b1 : 00000003`00000000 ffff83ff`ffffffff 80000001`349d2847 ffff8380`00000000 : nt!MiLogPageAccess+0x52
233. ffff9c83`bb192e90 fffff802`fa06f76e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiAgePte+0x771
234. ffff9c83`bb192f50 fffff802`fa06f670 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x75e
235. ffff9c83`bb193010 fffff802`fa06f670 : 00000000`00000000 ffff9c83`bb193110 ffffba80`e6079180 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x660
236. ffff9c83`bb1930d0 fffff802`fa06f670 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWalkPageTablesRecursively+0x660
237. ffff9c83`bb193190 fffff802`fa06ef4f : ffff9c83`bb193480 00000000`00000c60 ffff9c83`bb193270 ffff9c83`bb193270 : nt!MiWalkPageTablesRecursively+0x660
238. ffff9c83`bb193250 fffff802`fa06eb91 : 00000000`00000000 fffff802`fa070bd0 ffffcf08`8aa62010 fffff802`73576d4d : nt!MiWalkPageTables+0x20f
239. ffff9c83`bb1932f0 fffff802`fa06e5b5 : ffffcf08`937a2a80 00000000`00000002 00000000`00000000 ffffcf08`92c0f580 : nt!MiAgeWorkingSet+0x2b1
240. ffff9c83`bb1937f0 fffff802`fa06dd29 : ffffcf08`00000000 ffff9c83`bb193a80 ffff9c83`bb1939b0 00000000`00000000 : nt!MiTrimOrAgeWorkingSet+0x175
241. ffff9c83`bb1938b0 fffff802`fa0a80c2 : fffff802`fa3930c0 fffff802`fa3930c0 00000000`00000078 00000000`00000078 : nt!MiProcessWorkingSets+0x219
242. ffff9c83`bb193a60 fffff802`fa14d260 : 00000000`ffffffff 00000000`00000002 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa2
243. ffff9c83`bb193b20 fffff802`fa122b87 : ffffcf08`8ab65040 00000000`00000080 fffff802`fa14d110 00000000`00000000 : nt!KeBalanceSetManager+0x150
244. ffff9c83`bb193c10 fffff802`fa188be6 : ffffba80`e5f0f180 ffffcf08`8ab65040 fffff802`fa122b40 00000000`00000000 : nt!PspSystemThreadStartup+0x47
245. ffff9c83`bb193c60 00000000`00000000 : ffff9c83`bb194000 ffff9c83`bb18e000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
246.  
247.  
248. THREAD_SHA1_HASH_MOD_FUNC: 34b8500d32060e7bf947feb8c8ed53f6feb183c1
249.  
250. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 7a33da1f2b06944e493cbee53e359cac83eb2da5
251.  
252. THREAD_SHA1_HASH_MOD: a9ca63faa9e43cc61ef524ad38163e6a9ae5c358
253.  
254. FOLLOWUP_IP:
255. nt!MiEmptyPageAccessLog+23f
256. fffff802`fa00fe0f 488b01 mov rax,qword ptr [rcx]
257.  
258. FAULT_INSTR_CODE: 8b018b48
259.  
260. SYMBOL_STACK_INDEX: 3
261.  
262. SYMBOL_NAME: nt!MiEmptyPageAccessLog+23f
263.  
264. FOLLOWUP_NAME: MachineOwner
265.  
266. MODULE_NAME: nt
267.  
268. DEBUG_FLR_IMAGE_TIMESTAMP: 5a7e7659
269.  
270. IMAGE_VERSION: 10.0.16299.248
271.  
272. STACK_COMMAND: .thread ; .cxr ; kb
273.  
274. IMAGE_NAME: memory_corruption
275.  
276. BUCKET_ID_FUNC_OFFSET: 23f
277.  
278. FAILURE_BUCKET_ID: AV_nt!MiEmptyPageAccessLog
279.  
280. BUCKET_ID: AV_nt!MiEmptyPageAccessLog
281.  
282. PRIMARY_PROBLEM_CLASS: AV_nt!MiEmptyPageAccessLog
283.  
284. TARGET_TIME: 2018-03-07T21:46:15.000Z
285.  
286. OSBUILD: 16299
287.  
288. OSSERVICEPACK: 248
289.  
290. SERVICEPACK_NUMBER: 0
291.  
292. OS_REVISION: 0
293.  
294. SUITE_MASK: 784
295.  
296. PRODUCT_TYPE: 1
297.  
298. OSPLATFORM_TYPE: x64
299.  
300. OSNAME: Windows 10
301.  
302. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
303.  
304. OS_LOCALE:
305.  
306. USER_LCID: 0
307.  
308. OSBUILD_TIMESTAMP: 2018-02-10 04:34:33
309.  
310. BUILDDATESTAMP_STR: 160101.0800
311.  
312. BUILDLAB_STR: WinBuild
313.  
314. BUILDOSVER_STR: 10.0.16299.248
315.  
316. ANALYSIS_SESSION_ELAPSED_TIME: cf7
317.  
318. ANALYSIS_SOURCE: KM
319.  
320. FAILURE_ID_HASH_STRING: km:av_nt!miemptypageaccesslog
321.  
322. FAILURE_ID_HASH: {18874cb9-02c8-297c-e41f-9e712e158c7d}
323.  
324. Followup: MachineOwner
325. ---------