Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 17763 MP (6 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 17763.1.amd64fre.rs5_release.180914-1434
- Machine Name:
- Kernel base = 0xfffff806`15e00000 PsLoadedModuleList = 0xfffff806`1621f990
- Debug session time: Wed Nov 28 17:52:48.013 2018 (UTC + 0:00)
- System Uptime: 0 days 0:51:34.695
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ....................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000000`0030d018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- .........
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck A, {4, ff, 9e, fffff80615fc200c}
- Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceUser+21 )
- Followup: MachineOwner
- ---------
- 1: kd>
- Implicit thread is now ffffc183`e43ba080
- 1: kd>
- Implicit thread is now ffffc183`e43ba080
- 1: kd>
- Implicit thread is now ffffc183`e43ba080
- 1: kd>
- Implicit thread is now ffffc183`e43ba080
- 1: kd>
- Implicit thread is now ffffc183`e43ba080
- 1: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- IRQL_NOT_LESS_OR_EQUAL (a)
- An attempt was made to access a pageable (or completely invalid) address at an
- interrupt request level (IRQL) that is too high. This is usually
- caused by drivers using improper addresses.
- If a kernel debugger is available get the stack backtrace.
- Arguments:
- Arg1: 0000000000000004, memory referenced
- Arg2: 00000000000000ff, IRQL
- Arg3: 000000000000009e, bitfield :
- bit 0 : value 0 = read operation, 1 = write operation
- bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
- Arg4: fffff80615fc200c, address which referenced memory
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 0411
- BIOS_DATE: 09/21/2018
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: PRIME Z370-P II
- BASEBOARD_VERSION: Rev X.0x
- DUMP_TYPE: 1
- BUGCHECK_P1: 4
- BUGCHECK_P2: ff
- BUGCHECK_P3: 9e
- BUGCHECK_P4: fffff80615fc200c
- READ_ADDRESS: 0000000000000004
- CURRENT_IRQL: 0
- FAULTING_IP:
- nt!KiSystemServiceUser+21
- fffff806`15fc200c 807b0300 cmp byte ptr [rbx+3],0
- CPU_COUNT: 6
- CPU_MHZ: e70
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: c
- CPU_MICROCODE: 6,9e,c,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: AV
- PROCESS_NAME: bfv.exe
- ANALYSIS_SESSION_HOST: DESKTOP-3JS743D
- ANALYSIS_SESSION_TIME: 11-28-2018 18:57:00.0915
- ANALYSIS_VERSION: 10.0.17763.132 amd64fre
- TRAP_FRAME: fffff880e2fd2870 -- (.trap 0xfffff880e2fd2870)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000048
- rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80615fc200c rsp=fffff880e2fd2a00 rbp=fffff880e2fd2a80
- r8=0000000000000000 r9=00000000003ba290 r10=0000000000000000
- r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up di pl zr na po nc
- nt!KiSystemServiceUser+0x21:
- fffff806`15fc200c 807b0300 cmp byte ptr [rbx+3],0 ds:00000000`00000003=??
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80615fc2869 to fffff80615fb1040
- STACK_TEXT:
- fffff880`e2fd2728 fffff806`15fc2869 : 00000000`0000000a 00000000`00000004 00000000`000000ff 00000000`0000009e : nt!KeBugCheckEx
- fffff880`e2fd2730 fffff806`15fbec8e : 00000000`00000000 ffffc183`e94bf830 00000000`00000001 ffffc183`e94bf830 : nt!KiBugCheckDispatch+0x69
- fffff880`e2fd2870 fffff806`15fc200c : ffffc183`e43ba080 00000000`00000000 00000000`00000000 ffffc183`eaea3b01 : nt!KiPageFault+0x44e
- fffff880`e2fd2a00 00007fff`6ab1ec14 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceUser+0x21
- 00000000`656efd98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6ab1ec14
- THREAD_SHA1_HASH_MOD_FUNC: dc964d8577fe63fa761b5eb616fcc9e58528fa56
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ba9f5eb2fad8a2f97a8b0f57f691cf4c8c79aa7d
- THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
- FOLLOWUP_IP:
- nt!KiSystemServiceUser+21
- fffff806`15fc200c 807b0300 cmp byte ptr [rbx+3],0
- FAULT_INSTR_CODE: 37b80
- SYMBOL_STACK_INDEX: 3
- SYMBOL_NAME: nt!KiSystemServiceUser+21
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 3eeaaca9
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 21
- FAILURE_BUCKET_ID: AV_CODE_AV_nt!KiSystemServiceUser
- BUCKET_ID: AV_CODE_AV_nt!KiSystemServiceUser
- PRIMARY_PROBLEM_CLASS: AV_CODE_AV_nt!KiSystemServiceUser
- TARGET_TIME: 2018-11-28T17:52:48.000Z
- OSBUILD: 17763
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2003-06-14 06:03:37
- BUILDDATESTAMP_STR: 180914-1434
- BUILDLAB_STR: rs5_release
- BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
- ANALYSIS_SESSION_ELAPSED_TIME: 41d
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:av_code_av_nt!kisystemserviceuser
- FAILURE_ID_HASH: {f943ec43-48f7-f55f-6fa9-6438d2a6855c}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement