API tools faq
paste
Advertisement
Guest User

G752VS_BSOD_Win10_RS1

a guest
May 27th, 2017
224
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 43.24 KB | None | 0 0
raw download clone embed print report
  1. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  2. Online Crash Dump Analysis Service
  3. See http://www.osronline.com for more information
  4. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  5. Product: WinNt, suite: TerminalServer SingleUserTS
  6. Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
  7. Machine Name:
  8. Kernel base = 0xfffff800`4e403000 PsLoadedModuleList = 0xfffff800`4e702000
  9. Debug session time: Fri May 26 11:58:08.003 2017 (UTC - 4:00)
  10. System Uptime: 0 days 2:35:00.489
  11. *******************************************************************************
  12. * *
  13. * Bugcheck Analysis *
  14. * *
  15. *******************************************************************************
  16.  
  17. KMODE_EXCEPTION_NOT_HANDLED (1e)
  18. This is a very common bugcheck. Usually the exception address pinpoints
  19. the driver/function that caused the problem. Always note this address
  20. as well as the link date of the driver/image that contains this address.
  21. Arguments:
  22. Arg1: ffffffffc0000005, The exception code that was not handled
  23. Arg2: fffff80bdc0ce25f, The address that the exception occurred at
  24. Arg3: ffffe600cefb1e58, Parameter 0 of the exception
  25. Arg4: ffffe600cefb1680, Parameter 1 of the exception
  26.  
  27. Debugging Details:
  28. ------------------
  29.  
  30. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  31.  
  32. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  33.  
  34. FAULTING_IP:
  35. NTFS!NtfsAcquirePagingResourceExclusive+f
  36. fffff80b`dc0ce25f 488b4968 mov rcx,qword ptr [rcx+68h]
  37.  
  38. EXCEPTION_PARAMETER1: ffffe600cefb1e58
  39.  
  40. EXCEPTION_PARAMETER2: ffffe600cefb1680
  41.  
  42. WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
  43. unable to get nt!MmSpecialPoolEnd
  44. unable to get nt!MmPagedPoolEnd
  45. unable to get nt!MmNonPagedPoolStart
  46. unable to get nt!MmSizeOfNonPagedPoolInBytes
  47. ffffe600cefb1680
  48.  
  49. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  50.  
  51. BUGCHECK_STR: 0x1e_c0000005
  52.  
  53. CUSTOMER_CRASH_COUNT: 1
  54.  
  55. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  56.  
  57. PROCESS_NAME: System
  58.  
  59. CURRENT_IRQL: 0
  60.  
  61. EXCEPTION_RECORD: ffff948f6aed3180 -- (.exr 0xffff948f6aed3180)
  62. ExceptionAddress: fffff80bdc138df8 (NTFS!NtfsData+0x0000000000000018)
  63. ExceptionCode: 24f80701
  64. ExceptionFlags: 102b1001
  65. NumberParameters: 2130084
  66. Parameter[0]: ffffa88aa83359a0
  67. Parameter[1]: ffffa88aa83c5150
  68. Parameter[2]: ffff948f6a79dd60
  69. Parameter[3]: ffff948f6aed5bc0
  70. Parameter[4]: ffff948f6a7f4980
  71. Parameter[5]: ffff948f6a80e9d0
  72. Parameter[6]: ffff948f6a84d7d0
  73. Parameter[7]: ffff948f6a811930
  74. Parameter[8]: ffffa88aa8285b40
  75. Parameter[9]: ffffa88aa8546b40
  76. Parameter[10]: ffffa88aa83fd010
  77. Parameter[11]: ffffa88aa8446920
  78. Parameter[12]: 0000000000000000
  79. Parameter[13]: ffffa88aa83a3b40
  80. Parameter[14]: ffffa88aa841c640
  81.  
  82. LAST_CONTROL_TRANSFER: from fffff8004e5d0f73 to fffff8004e5517c0
  83.  
  84. CONTEXT: 39480007ff3b25ff -- (.cxr 0x39480007ff3b25ff)
  85. Unable to read context, Win32 error 0n30
  86.  
  87. STACK_TEXT:
  88. ffffe600`cefb0e28 fffff800`4e5d0f73 : 00000000`0000001e ffffffff`c0000005 fffff80b`dc0ce25f ffffe600`cefb1e58 : nt!KeBugCheckEx
  89. ffffe600`cefb0e30 fffff800`4e561ce6 : ffffe600`cefb2340 fffff80b`dc207c4d ffffa88a`b15c4a01 ffffe600`cefb1000 : nt!KiFatalFilter+0x1f
  90. ffffe600`cefb0e70 fffff800`4e540dff : ffffe600`cefb1e58 ffffe600`cefb1680 fffff80b`dc1d404a ffffe600`cefb1680 : nt! ?? ::FNODOBFM::`string'+0x1056
  91. ffffe600`cefb0eb0 fffff800`4e557bbd : ffffe600`cefb3000 ffffe600`cefb1050 00000000`00000000 ffffe600`cefac000 : nt!_C_specific_handler+0x9f
  92. ffffe600`cefb0f20 fffff800`4e4ab671 : ffffe600`cefb3000 00000000`00000000 ffffe600`cefac000 00000000`00000000 : nt!RtlpExecuteHandlerForException+0xd
  93. ffffe600`cefb0f50 fffff800`4e4aa424 : ffffe600`cefb1680 ffffe600`cefb1b80 ffffe600`cefb1680 ffffe600`cefb1e58 : nt!RtlDispatchException+0x421
  94. ffffe600`cefb1650 fffff800`4e55ca02 : ffff948f`6aed3180 ffffe600`cefb1eb0 ffffa88a`b503d578 ffffa88a`b503d570 : nt!KiDispatchException+0x144
  95. ffffe600`cefb1d20 fffff800`4e55acbd : 00000000`00000000 fffff80b`dc191358 ffffa88a`00000000 ffffa88a`b503d6b0 : nt!KiExceptionDispatch+0xc2
  96. ffffe600`cefb1f00 fffff80b`dc0ce25f : fffff80b`dc1d404a ffff948f`7652cb98 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0xfd
  97. ffffe600`cefb2098 fffff80b`dc1d404a : ffff948f`7652cb98 00000000`00000000 00000000`00000000 ffffa88a`b503d61a : NTFS!NtfsAcquirePagingResourceExclusive+0xf
  98. ffffe600`cefb20a0 fffff80b`dc18388e : 00000000`00000000 00000000`00000000 00000000`00000000 ffff948f`6aed3180 : NTFS!NtfsFlushVolume+0x26e
  99. ffffe600`cefb2220 fffff80b`dc184339 : ffff948f`7652cb98 ffff948f`7682c010 ffffe600`cefb2401 fffff80b`dc184300 : NTFS!NtfsCommonFlushBuffers+0x6b6
  100. ffffe600`cefb2340 fffff800`4e49e2d5 : ffffe600`cefb23f0 ffffe600`cefb23f0 00000000`00000000 ffff948f`6a7e87e0 : NTFS!NtfsCommonFlushBuffersCallout+0x19
  101. ffffe600`cefb2370 fffff80b`dc1ccb2e : 00000000`00000000 ffff948f`7682c010 ffff948f`7652cb98 ffffe600`cefb2458 : nt!KeExpandKernelStackAndCalloutInternal+0x85
  102. ffffe600`cefb23c0 fffff80b`dc1cca7b : 00000000`00000000 ffff948f`7682c010 ffff948f`7682c001 ffff948f`6a7cd6a0 : NTFS!NtfsCommonFlushBuffersOnNewStack+0x52
  103. ffffe600`cefb2430 fffff80b`db955206 : ffff948f`76bec010 ffff948f`7682c010 ffff948f`7652cb98 ffffe600`cefb2458 : NTFS!NtfsFsdFlushBuffers+0xcb
  104. ffffe600`cefb24a0 fffff80b`db953146 : ffff948f`6a1e7a80 00000000`00000000 00000000`00000001 ffff948f`6a1aee40 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a6
  105. ffffe600`cefb2530 fffff800`4e81a180 : ffff948f`68800d80 ffffe600`cefb27a0 00000000`00000001 fffff800`4e7c7bf4 : FLTMGR!FltpDispatch+0xb6
  106. ffffe600`cefb2590 fffff800`4e8ab39f : ffff948f`00000001 00000000`00000004 ffff948f`724f1080 ffffe600`cefb27a0 : nt!IopSynchronousServiceTail+0x1a0
  107. ffffe600`cefb2650 fffff800`4e8ab1e6 : ffff948f`724f1080 fffff800`4e7c7bf4 ffff948f`6a7cd6a0 00000000`00000000 : nt!NtFlushBuffersFileEx+0x1b3
  108. ffffe600`cefb26e0 fffff800`4e55c493 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtFlushBuffersFile+0x16
  109. ffffe600`cefb2720 fffff800`4e554980 : fffff800`4e7c7d51 ffffe600`00000000 ffffe600`c91f2570 ffffe600`cefb29c0 : nt!KiSystemServiceCopyEnd+0x13
  110. ffffe600`cefb28b8 fffff800`4e7c7d51 : ffffe600`00000000 ffffe600`c91f2570 ffffe600`cefb29c0 fffff800`4e7c7bf4 : nt!KiServiceLinkage
  111. ffffe600`cefb28c0 fffff800`4e4b92d5 : 00000000`00000000 ffff948f`724f1080 ffffe600`c91f2570 00000000`000000a9 : nt!PopFlushVolumeWorker+0x15d
  112. ffffe600`cefb2b90 fffff800`4e556c86 : ffffe600`c8f40180 ffff948f`724f1080 fffff800`4e4b9294 00000000`00000000 : nt!PspSystemThreadStartup+0x41
  113. ffffe600`cefb2be0 00000000`00000000 : ffffe600`cefb3000 ffffe600`cefac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  114.  
  115.  
  116. MODULE_NAME: memory_corruption
  117.  
  118. IMAGE_NAME: memory_corruption
  119.  
  120. FOLLOWUP_NAME: memory_corruption
  121.  
  122. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  123.  
  124. MEMORY_CORRUPTOR: LARGE
  125.  
  126. STACK_COMMAND: .cxr 0x39480007ff3b25ff ; kb
  127.  
  128. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  129.  
  130. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  131.  
  132. Followup: memory_corruption
  133. ---------
  134.  
  135.  
  136.  
  137.  
  138.  
  139. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  140. Online Crash Dump Analysis Service
  141. See http://www.osronline.com for more information
  142. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  143. Product: WinNt, suite: TerminalServer SingleUserTS
  144. Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
  145. Machine Name:
  146. Kernel base = 0xfffff802`a1c05000 PsLoadedModuleList = 0xfffff802`a1f04000
  147. Debug session time: Fri May 26 15:29:18.210 2017 (UTC - 4:00)
  148. System Uptime: 0 days 3:30:35.352
  149. *******************************************************************************
  150. * *
  151. * Bugcheck Analysis *
  152. * *
  153. *******************************************************************************
  154.  
  155. IRQL_NOT_LESS_OR_EQUAL (a)
  156. An attempt was made to access a pageable (or completely invalid) address at an
  157. interrupt request level (IRQL) that is too high. This is usually
  158. caused by drivers using improper addresses.
  159. If a kernel debugger is available get the stack backtrace.
  160. Arguments:
  161. Arg1: fffffffffffff010, memory referenced
  162. Arg2: 0000000000000002, IRQL
  163. Arg3: 0000000000000000, bitfield :
  164. bit 0 : value 0 = read operation, 1 = write operation
  165. bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
  166. Arg4: fffff802a1df68b4, address which referenced memory
  167.  
  168. Debugging Details:
  169. ------------------
  170.  
  171. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  172.  
  173. READ_ADDRESS: unable to get nt!MmSpecialPoolStart
  174. unable to get nt!MmSpecialPoolEnd
  175. unable to get nt!MmPagedPoolEnd
  176. unable to get nt!MmNonPagedPoolStart
  177. unable to get nt!MmSizeOfNonPagedPoolInBytes
  178. fffffffffffff010
  179.  
  180. CURRENT_IRQL: 2
  181.  
  182. FAULTING_IP:
  183. nt!MiDecrementCombinedPte+20
  184. fffff802`a1df68b4 488b4810 mov rcx,qword ptr [rax+10h]
  185.  
  186. CUSTOMER_CRASH_COUNT: 1
  187.  
  188. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  189.  
  190. BUGCHECK_STR: AV
  191.  
  192. PROCESS_NAME: LockApp.exe
  193.  
  194. TRAP_FRAME: ffffbb00b75d90d0 -- (.trap 0xffffbb00b75d90d0)
  195. NOTE: The trap frame does not contain all registers.
  196. Some register values may be zeroed or incorrect.
  197. rax=fffffffffffff000 rbx=0000000000000000 rcx=0000000000000000
  198. rdx=ffffffffffffffff rsi=0000000000000000 rdi=0000000000000000
  199. rip=fffff802a1df68b4 rsp=ffffbb00b75d9260 rbp=ffffbb00b75d9390
  200. r8=00000000ffffffff r9=ffff8d0000000000 r10=0000000000000000
  201. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  202. r14=0000000000000000 r15=0000000000000000
  203. iopl=0 nv up ei ng nz na po nc
  204. nt!MiDecrementCombinedPte+0x20:
  205. fffff802`a1df68b4 488b4810 mov rcx,qword ptr [rax+10h] ds:ffffffff`fffff010=????????????????
  206. Resetting default scope
  207.  
  208. LAST_CONTROL_TRANSFER: from fffff802a1d5e929 to fffff802a1d537c0
  209.  
  210. STACK_TEXT:
  211. ffffbb00`b75d8f88 fffff802`a1d5e929 : 00000000`0000000a ffffffff`fffff010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
  212. ffffbb00`b75d8f90 fffff802`a1d5cf07 : ffffbb00`b1140180 00000000`00000000 ffffcc80`5a31e080 fffff802`a1c3df0f : nt!KiBugCheckDispatch+0x69
  213. ffffbb00`b75d90d0 fffff802`a1df68b4 : 00000000`00000000 00000000`000003ff ffff8900`00000000 00000000`00000000 : nt!KiPageFault+0x247
  214. ffffbb00`b75d9260 fffff802`a1c619cf : ffff8900`71871000 00000000`00000008 000000e3`0e227000 00000000`00000000 : nt!MiDecrementCombinedPte+0x20
  215. ffffbb00`b75d9290 fffff802`a1c49497 : ffffcc80`5a31e080 ffffbb00`b0d4e180 00000000`00000000 fffff802`a1c05000 : nt!MiDeleteVirtualAddresses+0xc1f
  216. ffffbb00`b75d9490 fffff802`a1c47c69 : 000000e3`0e2fffff 000000e3`0e2fffff 000000e3`0e200000 ffffcc80`5f6a20d0 : nt!MiDeleteVad+0x277
  217. ffffbb00`b75d95c0 fffff802`a201ee3d : 00000000`00000000 000000e3`0e200000 00000000`00000000 fffff802`00000000 : nt!MiFreeVadRange+0x4d
  218. ffffbb00`b75d9600 fffff802`a1d5e493 : ffffbb00`b75d9900 fffff802`a20326aa 00000000`00010002 ffffcc80`5a31e080 : nt!NtFreeVirtualMemory+0x2dd
  219. ffffbb00`b75d9720 fffff802`a1d56980 : fffff802`a2073484 ffffcc80`5a31e080 ffffbb00`b75d9900 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  220. ffffbb00`b75d98b8 fffff802`a2073484 : ffffcc80`5a31e080 ffffbb00`b75d9900 00000000`00000000 ffffcc80`5a31e080 : nt!KiServiceLinkage
  221. ffffbb00`b75d98c0 fffff802`a2089862 : 00000000`00000000 ffffcc80`5a31e080 00000000`00000000 ffffcc80`5e8a3400 : nt!PspExitThread+0x360
  222. ffffbb00`b75d9a00 fffff802`a2089760 : ffffcc80`5a31e080 00000000`00000000 ffffcc80`5a31e080 00000000`00000000 : nt!PspTerminateThreadByPointer+0x96
  223. ffffbb00`b75d9a40 fffff802`a1d5e493 : ffffcc80`5a31e080 ffffbb00`b75d9b00 00000000`00000010 ffffcc80`5f561c20 : nt!NtTerminateThread+0x44
  224. ffffbb00`b75d9a80 00007ffa`7cb16b34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  225. 000000e3`0e2ff4f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffa`7cb16b34
  226.  
  227.  
  228. STACK_COMMAND: kb
  229.  
  230. MODULE_NAME: memory_corruption
  231.  
  232. IMAGE_NAME: memory_corruption
  233.  
  234. FOLLOWUP_NAME: memory_corruption
  235.  
  236. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  237.  
  238. MEMORY_CORRUPTOR: LARGE
  239.  
  240. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  241.  
  242. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  243.  
  244. Followup: memory_corruption
  245. ---------
  246.  
  247.  
  248.  
  249.  
  250.  
  251. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  252. Online Crash Dump Analysis Service
  253. See http://www.osronline.com for more information
  254. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  255. Product: WinNt, suite: TerminalServer SingleUserTS
  256. Built by: 14393.953.amd64fre.rs1_release_inmarket.170303-1614
  257. Machine Name:
  258. Kernel base = 0xfffff802`a5405000 PsLoadedModuleList = 0xfffff802`a5704000
  259. Debug session time: Fri May 26 18:41:29.355 2017 (UTC - 4:00)
  260. System Uptime: 0 days 0:33:04.499
  261. *******************************************************************************
  262. * *
  263. * Bugcheck Analysis *
  264. * *
  265. *******************************************************************************
  266.  
  267. SYSTEM_SERVICE_EXCEPTION (3b)
  268. An exception happened while executing a system service routine.
  269. Arguments:
  270. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  271. Arg2: fffff802a582de81, Address of the instruction which caused the bugcheck
  272. Arg3: ffffde812200e560, Address of the context record for the exception that caused the bugcheck
  273. Arg4: 0000000000000000, zero.
  274.  
  275. Debugging Details:
  276. ------------------
  277.  
  278. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  279.  
  280. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  281.  
  282. FAULTING_IP:
  283. nt!CmpDoParseKey+5c1
  284. fffff802`a582de81 41391e cmp dword ptr [r14],ebx
  285.  
  286. CONTEXT: ffffde812200e560 -- (.cxr 0xffffde812200e560)
  287. rax=ffffb500ffadc000 rbx=00000000022a8067 rcx=0000000000000981
  288. rdx=000000000000032b rsi=ffff91093f436d20 rdi=0000000000000000
  289. rip=fffff802a582de81 rsp=ffffde812200ef70 rbp=ffffde812200f070
  290. r8=0000000000000000 r9=0000000000000000 r10=7fffb500ffae0cf8
  291. r11=7ffffffffffffffc r12=ffffde812200f2c0 r13=ffffb500ff8d4000
  292. r14=0000000003caf168 r15=ffffb500ffae0c08
  293. iopl=0 nv up ei pl nz na pe nc
  294. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
  295. nt!CmpDoParseKey+0x5c1:
  296. fffff802`a582de81 41391e cmp dword ptr [r14],ebx ds:002b:00000000`03caf168=????????
  297. Resetting default scope
  298.  
  299. CUSTOMER_CRASH_COUNT: 1
  300.  
  301. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  302.  
  303. BUGCHECK_STR: 0x3B
  304.  
  305. PROCESS_NAME: poqexec.exe
  306.  
  307. CURRENT_IRQL: 0
  308.  
  309. LAST_CONTROL_TRANSFER: from fffff802a5802592 to fffff802a582de81
  310.  
  311. STACK_TEXT:
  312. ffffde81`2200ef70 fffff802`a5802592 : ffffde81`2200f484 ffffb501`1cb6a580 00000000`00000001 00000000`00000000 : nt!CmpDoParseKey+0x5c1
  313. ffffde81`2200f340 fffff802`a5829cb1 : fffff802`a5802290 ffffb500`fee33c01 ffffde81`2200f5e0 ffffb500`fee1b001 : nt!CmpParseKey+0x302
  314. ffffde81`2200f4e0 fffff802`a580b2dd : ffff9109`40b2eb01 ffffde81`2200f740 fffff802`00000040 ffff9109`390c7f20 : nt!ObpLookupObjectName+0xb71
  315. ffffde81`2200f6b0 fffff802`a580afbd : 00000000`00000001 0000007c`474fefa0 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByNameEx+0x1dd
  316. ffffde81`2200f7f0 fffff802`a5886eb9 : 00000000`0000000b 00000000`00000332 00000000`00000001 fffff802`a55c47c0 : nt!CmOpenKey+0x29d
  317. ffffde81`2200f9b0 fffff802`a555e493 : ffff9109`3ea717c0 ffffde81`2200fb00 0000007c`474fed48 ffffde81`2200fb00 : nt!NtOpenKeyTransactedEx+0xed
  318. ffffde81`2200fa10 00007ffd`9d6b8324 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  319. 0000007c`474fed28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffd`9d6b8324
  320.  
  321.  
  322. MODULE_NAME: memory_corruption
  323.  
  324. IMAGE_NAME: memory_corruption
  325.  
  326. FOLLOWUP_NAME: memory_corruption
  327.  
  328. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  329.  
  330. MEMORY_CORRUPTOR: LARGE
  331.  
  332. STACK_COMMAND: .cxr 0xffffde812200e560 ; kb
  333.  
  334. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  335.  
  336. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  337.  
  338. Followup: memory_corruption
  339. ---------
  340.  
  341.  
  342.  
  343.  
  344.  
  345. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  346. Online Crash Dump Analysis Service
  347. See http://www.osronline.com for more information
  348. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  349. Product: WinNt, suite: TerminalServer SingleUserTS
  350. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  351. Machine Name:
  352. Kernel base = 0xfffff802`56c0f000 PsLoadedModuleList = 0xfffff802`56f0e000
  353. Debug session time: Fri May 26 19:02:30.733 2017 (UTC - 4:00)
  354. System Uptime: 0 days 0:06:20.874
  355. *******************************************************************************
  356. * *
  357. * Bugcheck Analysis *
  358. * *
  359. *******************************************************************************
  360.  
  361. SYSTEM_SERVICE_EXCEPTION (3b)
  362. An exception happened while executing a system service routine.
  363. Arguments:
  364. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  365. Arg2: fffff80256c83b77, Address of the instruction which caused the bugcheck
  366. Arg3: ffffc500a406ed40, Address of the context record for the exception that caused the bugcheck
  367. Arg4: 0000000000000000, zero.
  368.  
  369. Debugging Details:
  370. ------------------
  371.  
  372. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  373.  
  374. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  375.  
  376. FAULTING_IP:
  377. nt!MiObtainReferencedSecureVad+87
  378. fffff802`56c83b77 498b7610 mov rsi,qword ptr [r14+10h]
  379.  
  380. CONTEXT: ffffc500a406ed40 -- (.cxr 0xffffc500a406ed40)
  381. rax=00000000144d0c01 rbx=ffff8e06d33963a0 rcx=0000000000000011
  382. rdx=0000000000000000 rsi=fffff5414451a330 rdi=ffff8e06d3396080
  383. rip=fffff80256c83b77 rsp=ffffc500a406f750 rbp=ffff8e06ca94e780
  384. r8=0000000000000000 r9=0000000000000000 r10=fffff80257429c40
  385. r11=fffff80256c0f000 r12=0000000000000000 r13=0000000000000000
  386. r14=0000000000001000 r15=ffffc500a406f7d0
  387. iopl=0 nv up ei pl zr na po nc
  388. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
  389. nt!MiObtainReferencedSecureVad+0x87:
  390. fffff802`56c83b77 498b7610 mov rsi,qword ptr [r14+10h] ds:002b:00000000`00001010=????????????????
  391. Resetting default scope
  392.  
  393. CUSTOMER_CRASH_COUNT: 1
  394.  
  395. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  396.  
  397. BUGCHECK_STR: 0x3B
  398.  
  399. PROCESS_NAME: GoogleUpdate.e
  400.  
  401. CURRENT_IRQL: 0
  402.  
  403. LAST_CONTROL_TRANSFER: from fffff80257042aff to fffff80256c83b77
  404.  
  405. STACK_TEXT:
  406. ffffc500`a406f750 fffff802`57042aff : 00000000`00001000 fffff541`40000f20 ffffc500`a406f8d0 fffff541`4451a330 : nt!MiObtainReferencedSecureVad+0x87
  407. ffffc500`a406f7a0 fffff51a`ec9c5f10 : fffff541`00000000 00000000`00001000 ffffc500`00000001 ffff8e06`00000000 : nt!MmUnsecureVirtualMemory+0x17
  408. ffffc500`a406f7d0 fffff51a`ec9c77dd : 00000000`00000000 fffff541`4451a330 fffff541`00000000 00000000`00000000 : win32kbase!SURFACE::bDeleteSurface+0x520
  409. ffffc500`a406f990 fffff51a`ec6292e3 : fffff541`42820600 00000000`00000000 00000000`00000001 fffff802`56c7ea8b : win32kbase!bDeleteSurface+0x2d
  410. ffffc500`a406f9c0 fffff51a`ec629169 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff51a`ec9f6d8f : win32kfull!CleanupCursorObject+0x5f
  411. ffffc500`a406f9f0 fffff51a`ec6293ac : 00000000`012c00a7 ffffc500`00000001 00000000`00000001 fffff541`44644c20 : win32kfull!DestroyCursor+0xf9
  412. ffffc500`a406fa50 fffff802`56d68893 : ffff8e06`d3396080 00000000`04bf2660 00000000`00000000 00000000`00a6e1d8 : win32kfull!NtUserDestroyCursor+0x5c
  413. ffffc500`a406fa80 00000000`54e1222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  414. 00000000`00a6eb88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x54e1222c
  415.  
  416.  
  417. MODULE_NAME: memory_corruption
  418.  
  419. IMAGE_NAME: memory_corruption
  420.  
  421. FOLLOWUP_NAME: memory_corruption
  422.  
  423. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  424.  
  425. MEMORY_CORRUPTOR: ONE_BYTE
  426.  
  427. STACK_COMMAND: .cxr 0xffffc500a406ed40 ; kb
  428.  
  429. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BYTE
  430.  
  431. BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BYTE
  432.  
  433. Followup: memory_corruption
  434. ---------
  435.  
  436.  
  437.  
  438.  
  439.  
  440. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  441. Online Crash Dump Analysis Service
  442. See http://www.osronline.com for more information
  443. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  444. Product: WinNt, suite: TerminalServer SingleUserTS
  445. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  446. Machine Name:
  447. Kernel base = 0xfffff800`10e1d000 PsLoadedModuleList = 0xfffff800`1111c000
  448. Debug session time: Sat May 27 03:45:15.127 2017 (UTC - 4:00)
  449. System Uptime: 0 days 2:52:08.268
  450. *******************************************************************************
  451. * *
  452. * Bugcheck Analysis *
  453. * *
  454. *******************************************************************************
  455.  
  456. KERNEL_SECURITY_CHECK_FAILURE (139)
  457. A kernel component has corrupted a critical data structure. The corruption
  458. could potentially allow a malicious user to gain control of this machine.
  459. Arguments:
  460. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  461. Arg2: ffffbb812cf51550, Address of the trap frame for the exception that caused the bugcheck
  462. Arg3: ffffbb812cf514a8, Address of the exception record for the exception that caused the bugcheck
  463. Arg4: 0000000000000000, Reserved
  464.  
  465. Debugging Details:
  466. ------------------
  467.  
  468. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  469.  
  470. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  471.  
  472. BUGCHECK_STR: 0x139
  473.  
  474. PROCESS_NAME: MsMpEng.exe
  475.  
  476. CURRENT_IRQL: 1
  477.  
  478. LAST_CONTROL_TRANSFER: from fffff80010f76d29 to fffff80010f6bc00
  479.  
  480. STACK_TEXT:
  481. ffffbb81`2cf51228 fffff800`10f76d29 : 00000000`00000139 00000000`00000003 ffffbb81`2cf51550 ffffbb81`2cf514a8 : nt!KeBugCheckEx
  482. ffffbb81`2cf51230 fffff800`10f77090 : 00000000`00000000 ffffbb81`2cf513e9 ffff9302`95580001 ffff9302`95550780 : nt!KiBugCheckDispatch+0x69
  483. ffffbb81`2cf51370 fffff800`10f76073 : 00000004`00000008 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
  484. ffffbb81`2cf51550 fffff800`11067801 : ffff9302`8d23c140 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3
  485. ffffbb81`2cf516e0 fffff800`1106586d : ffffdf87`10060470 ffff9302`8d23c140 ffff9302`8d23c140 00000000`00000000 : nt!ExFreePool+0xce1
  486. ffffbb81`2cf51760 fffff800`11225300 : ffffdf87`10f8e980 00000000`00000001 00000000`00000000 fffff800`00000069 : nt!ExFreePoolWithTag+0x86d
  487. ffffbb81`2cf51840 fffff800`10e8fba6 : 00000000`00000000 00000000`00000000 ffffdf87`10f8e9a0 ffffdf87`10f8e9d0 : nt!ObpRemoveObjectRoutine+0x80
  488. ffffbb81`2cf518a0 fffff800`1124054b : 00000000`00000000 00000000`00000000 ffffdf87`10f8e9a0 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0xc6
  489. ffffbb81`2cf518e0 fffff800`1128a7cb : 00000017`748fba18 00000000`00000002 00000017`748fba90 fffff800`11231475 : nt!ObCloseHandleTableEntry+0x28b
  490. ffffbb81`2cf51a20 fffff800`10f76893 : ffff9302`955817c0 00000000`00000002 00000000`00000000 00000000`00000002 : nt!NtClose+0xcb
  491. ffffbb81`2cf51a80 00007ffa`9ef762b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  492. 00000017`748fba08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffa`9ef762b4
  493.  
  494.  
  495. STACK_COMMAND: kb
  496.  
  497. MODULE_NAME: memory_corruption
  498.  
  499. IMAGE_NAME: memory_corruption
  500.  
  501. FOLLOWUP_NAME: memory_corruption
  502.  
  503. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  504.  
  505. MEMORY_CORRUPTOR: LARGE
  506.  
  507. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  508.  
  509. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  510.  
  511. Followup: memory_corruption
  512. ---------
  513.  
  514.  
  515.  
  516.  
  517.  
  518. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  519. Online Crash Dump Analysis Service
  520. See http://www.osronline.com for more information
  521. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  522. Product: WinNt, suite: TerminalServer SingleUserTS
  523. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  524. Machine Name:
  525. Kernel base = 0xfffff802`dd603000 PsLoadedModuleList = 0xfffff802`dd902000
  526. Debug session time: Sat May 27 08:20:57.499 2017 (UTC - 4:00)
  527. System Uptime: 0 days 4:14:28.639
  528. *******************************************************************************
  529. * *
  530. * Bugcheck Analysis *
  531. * *
  532. *******************************************************************************
  533.  
  534. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
  535. This is a very common bugcheck. Usually the exception address pinpoints
  536. the driver/function that caused the problem. Always note this address
  537. as well as the link date of the driver/image that contains this address.
  538. Some common problems are exception code 0x80000003. This means a hard
  539. coded breakpoint or assertion was hit, but this system was booted
  540. /NODEBUG. This is not supposed to happen as developers should never have
  541. hardcoded breakpoints in retail code, but ...
  542. If this happens, make sure a debugger gets connected, and the
  543. system is booted /DEBUG. This will let us see why this breakpoint is
  544. happening.
  545. Arguments:
  546. Arg1: ffffffffc0000005, The exception code that was not handled
  547. Arg2: fffff802dd7f45e8, The address that the exception occurred at
  548. Arg3: ffff8981c60592e8, Exception Record Address
  549. Arg4: ffff8981c6058b10, Context Record Address
  550.  
  551. Debugging Details:
  552. ------------------
  553.  
  554. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  555.  
  556. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  557.  
  558. FAULTING_IP:
  559. nt!MiDemoteCombinedPte+40
  560. fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax
  561.  
  562. EXCEPTION_RECORD: ffff8981c60592e8 -- (.exr 0xffff8981c60592e8)
  563. ExceptionAddress: fffff802dd7f45e8 (nt!MiDemoteCombinedPte+0x0000000000000040)
  564. ExceptionCode: c0000005 (Access violation)
  565. ExceptionFlags: 00000000
  566. NumberParameters: 2
  567. Parameter[0]: 0000000000000000
  568. Parameter[1]: ffffffffffffffff
  569. Attempt to read from address ffffffffffffffff
  570.  
  571. CONTEXT: ffff8981c6058b10 -- (.cxr 0xffff8981c6058b10)
  572. rax=0000000000000001 rbx=0001510f00002084 rcx=ffff9e0fc72fac80
  573. rdx=ffffd30000665798 rsi=ffffaf8010d0c0f0 rdi=ffffd30000665798
  574. rip=fffff802dd7f45e8 rsp=ffff8981c6059520 rbp=ffffeb732d000060
  575. r8=8000000000000000 r9=0000007ffffffff8 r10=0000000fffffffff
  576. r11=0000ffffffffffff r12=7fffffffffffffd0 r13=ffff9e0fc72fac80
  577. r14=ffff9e0fc72fac80 r15=ffffd30000665798
  578. iopl=0 nv up ei ng nz na po nc
  579. cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010286
  580. nt!MiDemoteCombinedPte+0x40:
  581. fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax ds:002b:7fffffff`fffffff0=????????????????
  582. Resetting default scope
  583.  
  584. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  585.  
  586. PROCESS_NAME: linpack_xeon64
  587.  
  588. CURRENT_IRQL: 2
  589.  
  590. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  591.  
  592. EXCEPTION_PARAMETER1: 0000000000000000
  593.  
  594. EXCEPTION_PARAMETER2: ffffffffffffffff
  595.  
  596. READ_ADDRESS: unable to get nt!MmSpecialPoolStart
  597. unable to get nt!MmSpecialPoolEnd
  598. unable to get nt!MmPagedPoolEnd
  599. unable to get nt!MmNonPagedPoolStart
  600. unable to get nt!MmSizeOfNonPagedPoolInBytes
  601. ffffffffffffffff
  602.  
  603. FOLLOWUP_IP:
  604. nt!MiDemoteCombinedPte+40
  605. fffff802`dd7f45e8 4939442420 cmp qword ptr [r12+20h],rax
  606.  
  607. BUGCHECK_STR: AV
  608.  
  609. EXCEPTION_STR: 0x0
  610.  
  611. LAST_CONTROL_TRANSFER: from fffff802dd7a2540 to fffff802dd7f45e8
  612.  
  613. STACK_TEXT:
  614. ffff8981`c6059520 fffff802`dd7a2540 : ffffea80`03619830 00000000`00000001 ffffaf80`10840eb0 0001510f`00002084 : nt!MiDemoteCombinedPte+0x40
  615. ffff8981`c6059600 fffff802`dd6a78be : 00000000`001cad34 00000000`00000000 00000000`00000000 ffff9e0f`c72fac80 : nt! ?? ::FNODOBFM::`string'+0x414b0
  616. ffff8981`c6059740 fffff802`dd6a6e9e : ffff8981`00000000 ffff8981`c6059a00 00000000`00000000 00000000`00000000 : nt!MiTrimOrAgeWorkingSet+0x5ae
  617. ffff8981`c6059810 fffff802`dd68efab : fffff802`dd921040 00000000`00000001 fffff802`dd921040 ffff9e0f`be41a2a0 : nt!MiProcessWorkingSets+0x1ee
  618. ffff8981`c60599e0 fffff802`dd732709 : 00000000`00000002 00000000`00000007 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa7
  619. ffff8981`c6059aa0 fffff802`dd6b9695 : ffff9e0f`be4c7040 00000000`00000080 fffff802`dd7324bc cccccccc`cccccccc : nt!KeBalanceSetManager+0x24d
  620. ffff8981`c6059b90 fffff802`dd7570c6 : ffff8981`c5e40180 ffff9e0f`be4c7040 fffff802`dd6b9654 cccccccc`ffffff14 : nt!PspSystemThreadStartup+0x41
  621. ffff8981`c6059be0 00000000`00000000 : ffff8981`c605a000 ffff8981`c6053000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  622.  
  623.  
  624. MODULE_NAME: memory_corruption
  625.  
  626. IMAGE_NAME: memory_corruption
  627.  
  628. FOLLOWUP_NAME: memory_corruption
  629.  
  630. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  631.  
  632. MEMORY_CORRUPTOR: LARGE
  633.  
  634. STACK_COMMAND: .cxr 0xffff8981c6058b10 ; kb
  635.  
  636. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  637.  
  638. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  639.  
  640. Followup: memory_corruption
  641. ---------
  642.  
  643.  
  644.  
  645.  
  646.  
  647. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  648. Online Crash Dump Analysis Service
  649. See http://www.osronline.com for more information
  650. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  651. Product: WinNt, suite: TerminalServer SingleUserTS
  652. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  653. Machine Name:
  654. Kernel base = 0xfffff803`b2a0a000 PsLoadedModuleList = 0xfffff803`b2d09000
  655. Debug session time: Sat May 27 15:39:54.544 2017 (UTC - 4:00)
  656. System Uptime: 0 days 7:17:54.694
  657. *******************************************************************************
  658. * *
  659. * Bugcheck Analysis *
  660. * *
  661. *******************************************************************************
  662.  
  663. KMODE_EXCEPTION_NOT_HANDLED (1e)
  664. This is a very common bugcheck. Usually the exception address pinpoints
  665. the driver/function that caused the problem. Always note this address
  666. as well as the link date of the driver/image that contains this address.
  667. Arguments:
  668. Arg1: ffffffffc0000005, The exception code that was not handled
  669. Arg2: fffff80dfe354b4d, The address that the exception occurred at
  670. Arg3: 0000000000000000, Parameter 0 of the exception
  671. Arg4: ffffffffffffffff, Parameter 1 of the exception
  672.  
  673. Debugging Details:
  674. ------------------
  675.  
  676. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  677.  
  678. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  679.  
  680. FAULTING_IP:
  681. NTFS!NtfsFcbTableCompare+d
  682. fffff80d`fe354b4d 498b08 mov rcx,qword ptr [r8]
  683.  
  684. EXCEPTION_PARAMETER1: 0000000000000000
  685.  
  686. EXCEPTION_PARAMETER2: ffffffffffffffff
  687.  
  688. READ_ADDRESS: unable to get nt!MmSpecialPoolStart
  689. unable to get nt!MmSpecialPoolEnd
  690. unable to get nt!MmPagedPoolEnd
  691. unable to get nt!MmNonPagedPoolStart
  692. unable to get nt!MmSizeOfNonPagedPoolInBytes
  693. ffffffffffffffff
  694.  
  695. ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  696.  
  697. BUGCHECK_STR: 0x1e_c0000005
  698.  
  699. CUSTOMER_CRASH_COUNT: 1
  700.  
  701. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  702.  
  703. PROCESS_NAME: TiWorker.exe
  704.  
  705. CURRENT_IRQL: 1
  706.  
  707. LAST_CONTROL_TRANSFER: from fffff803b2b8d76c to fffff803b2b58c00
  708.  
  709. CONTEXT: 49c1234dd12349c1 -- (.cxr 0x49c1234dd12349c1)
  710. Unable to read context, Win32 error 0n30
  711.  
  712. STACK_TEXT:
  713. ffffdb80`af57af58 fffff803`b2b8d76c : 00000000`0000001e ffffffff`c0000005 fffff80d`fe354b4d 00000000`00000000 : nt!KeBugCheckEx
  714. ffffdb80`af57af60 fffff803`b2b63e02 : ffffc886`00000000 fffff803`00000000 00000000`00000002 ffffa00c`7b490860 : nt! ?? ::FNODOBFM::`string'+0x256dc
  715. ffffdb80`af57b630 fffff803`b2b620bd : 00000000`00001000 00000000`00000001 ffffa00c`828c3080 00000000`0000001c : nt!KiExceptionDispatch+0xc2
  716. ffffdb80`af57b810 fffff80d`fe354b4d : fffff803`b2aa9acd ffffc886`18d85250 fffff803`b2a7a4da 00000000`00000000 : nt!KiGeneralProtectionFault+0xfd
  717. ffffdb80`af57b9a8 fffff803`b2aa9acd : ffffc886`18d85250 fffff803`b2a7a4da 00000000`00000000 fffff80d`fe330c38 : NTFS!NtfsFcbTableCompare+0xd
  718. ffffdb80`af57b9b0 fffff80d`fe305c1c : ffffa00c`7b480180 00000000`00000000 ffffdb80`af57bb5c 00000000`00000000 : nt!RtlLookupElementGenericTableFullAvl+0x3d
  719. ffffdb80`af57b9e0 fffff80d`fe32f2ac : ffffa00c`8995c018 ffffa00c`7b480180 00000000`00000000 00010000`0001ae57 : NTFS!NtfsCreateFcb+0x8c
  720. ffffdb80`af57bad0 fffff80d`fe349311 : ffff8904`411030e0 00000000`00000012 ffffc886`18d85240 ffffdb80`af57bdf0 : NTFS!NtfsOpenFile+0x21c
  721. ffffdb80`af57bd10 fffff80d`fe347fbd : ffffa00c`8995c018 ffffa00c`899da510 ffffdb80`ad2e8170 00000000`00000000 : NTFS!NtfsCommonCreate+0x1071
  722. ffffdb80`af57bf50 fffff803`b2b5ba97 : ffffdb80`ad2e8100 00000000`0009e648 00000000`0031a000 00000000`0019ff14 : NTFS!NtfsCommonCreateCallout+0x1d
  723. ffffdb80`af57bf80 fffff803`b2b5ba5d : 00000000`00006000 ffffdb80`af57c000 ffffa00c`828c3080 fffff803`b2aa5a04 : nt!KxSwitchKernelStackCallout+0x27
  724. ffffdb80`ad2e7f40 fffff803`b2aa5a04 : ffffc886`00000012 00000000`00006000 ffffa00c`828c3080 00000000`00000007 : nt!KiSwitchKernelStackContinue
  725. ffffdb80`ad2e7f60 fffff803`b2aa5776 : ffffdb80`ad2e2000 00000000`00006000 00000000`00000000 ffffdb80`ad2e7fe0 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x134
  726. ffffdb80`ad2e7fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6
  727.  
  728.  
  729. FOLLOWUP_IP:
  730. NTFS!NtfsFcbTableCompare+d
  731. fffff80d`fe354b4d 498b08 mov rcx,qword ptr [r8]
  732.  
  733. SYMBOL_STACK_INDEX: 4
  734.  
  735. SYMBOL_NAME: NTFS!NtfsFcbTableCompare+d
  736.  
  737. FOLLOWUP_NAME: MachineOwner
  738.  
  739. MODULE_NAME: NTFS
  740.  
  741. IMAGE_NAME: NTFS.sys
  742.  
  743. DEBUG_FLR_IMAGE_TIMESTAMP: 59028054
  744.  
  745. STACK_COMMAND: .cxr 0x49c1234dd12349c1 ; kb
  746.  
  747. FAILURE_BUCKET_ID: X64_0x1e_c0000005_NTFS!NtfsFcbTableCompare+d
  748.  
  749. BUCKET_ID: X64_0x1e_c0000005_NTFS!NtfsFcbTableCompare+d
  750.  
  751. Followup: MachineOwner
  752. ---------
  753.  
  754.  
  755.  
  756.  
  757.  
  758. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  759. Online Crash Dump Analysis Service
  760. See http://www.osronline.com for more information
  761. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  762. Product: WinNt, suite: TerminalServer SingleUserTS
  763. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  764. Machine Name:
  765. Kernel base = 0xfffff800`b7405000 PsLoadedModuleList = 0xfffff800`b7704000
  766. Debug session time: Sat May 27 18:51:06.312 2017 (UTC - 4:00)
  767. System Uptime: 0 days 3:10:35.454
  768. *******************************************************************************
  769. * *
  770. * Bugcheck Analysis *
  771. * *
  772. *******************************************************************************
  773.  
  774. BAD_POOL_HEADER (19)
  775. The pool is already corrupt at the time of the current request.
  776. This may or may not be due to the caller.
  777. The internal pool links must be walked to figure out a possible cause of
  778. the problem, and then special pool applied to the suspect tags or the driver
  779. verifier to a suspect driver.
  780. Arguments:
  781. Arg1: 0000000000000003, the pool freelist is corrupt.
  782. Arg2: ffffbc16c48e7a00, the pool entry being checked.
  783. Arg3: ffffbc16c48ed300, the read back flink freelist value (should be the same as 2).
  784. Arg4: ffffbc16c48e7a00, the read back blink freelist value (should be the same as 2).
  785.  
  786. Debugging Details:
  787. ------------------
  788.  
  789. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  790.  
  791. BUGCHECK_STR: 0x19_3
  792.  
  793. CUSTOMER_CRASH_COUNT: 1
  794.  
  795. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  796.  
  797. PROCESS_NAME: BlueScreenView
  798.  
  799. CURRENT_IRQL: 1
  800.  
  801. LAST_CONTROL_TRANSFER: from fffff800b764f6e4 to fffff800b7553c00
  802.  
  803. STACK_TEXT:
  804. ffffe780`0bceb6a8 fffff800`b764f6e4 : 00000000`00000019 00000000`00000003 ffffbc16`c48e7a00 ffffbc16`c48ed300 : nt!KeBugCheckEx
  805. ffffe780`0bceb6b0 fffff800`b7416849 : ffff920d`00000029 00000000`00001000 00000000`00000029 ffff920d`671b9a00 : nt!ExFreePool+0xbc4
  806. ffffe780`0bceb7a0 ffffbc59`c76a1b71 : 00000000`00000000 00000000`059bf590 00000000`69747355 fffff800`00000000 : nt!ExAllocatePoolWithQuotaTag+0x69
  807. ffffe780`0bceb830 ffffbc59`c6841f18 : 00000000`69747355 ffff920d`61743850 00000000`00000029 ffff920d`671b97c0 : win32kfull!Win32AllocPoolWithQuotaImpl+0x31
  808. ffffe780`0bceb900 ffffbc59`c76af7c9 : ffff920d`669ce590 00000000`00000018 ffffe780`0bceba30 ffffe780`00000000 : win32kbase!Win32AllocPoolWithQuota+0x28
  809. ffffe780`0bceb930 ffffbc59`c76af6fd : ffffe780`0bceba30 ffff920d`671b97c0 00000000`00000000 00000000`00000000 : win32kfull!AllocateW32Thread+0x51
  810. ffffe780`0bceb960 ffffbc59`c683a4c7 : ffffe780`0bceba30 fffff800`b76fe260 fffff800`b76fe260 00000000`00000000 : win32kfull!W32pThreadCallout+0x1d
  811. ffffe780`0bceb990 fffff800`b783cd87 : ffffe780`0bceba30 fffff800`b76fe260 00000000`00000000 00000000`00000000 : win32kbase!W32CalloutDispatch+0x147
  812. ffffe780`0bceb9d0 fffff800`b77ee74f : ffff920d`671b97c0 ffffe780`0bcebb00 00000000`00000001 fffff800`b74a87cc : nt!ExCallCallBack+0x37
  813. ffffe780`0bceba00 fffff800`b7556da9 : 00000000`00000000 ffff920d`671b97c0 00000000`00000000 00000000`00000000 : nt!PsConvertToGuiThread+0xcf
  814. ffffe780`0bceba50 fffff800`b755ebaa : ffff920d`00000045 00000000`0000104e 00000000`00000000 00000000`067eff68 : nt!KiConvertToGuiThread+0x9
  815. ffffe780`0bceba80 00007ff8`573b18e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x113
  816. 00000000`067efc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff8`573b18e4
  817.  
  818.  
  819. STACK_COMMAND: kb
  820.  
  821. FOLLOWUP_IP:
  822. nt!ExFreePool+bc4
  823. fffff800`b764f6e4 cc int 3
  824.  
  825. SYMBOL_STACK_INDEX: 1
  826.  
  827. SYMBOL_NAME: nt!ExFreePool+bc4
  828.  
  829. FOLLOWUP_NAME: Pool_corruption
  830.  
  831. IMAGE_NAME: Pool_Corruption
  832.  
  833. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  834.  
  835. MODULE_NAME: Pool_Corruption
  836.  
  837. FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+bc4
  838.  
  839. BUCKET_ID: X64_0x19_3_nt!ExFreePool+bc4
  840.  
  841. Followup: Pool_corruption
  842. ---------
  843.  
  844.  
  845.  
  846.  
  847.  
  848. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  849. Online Crash Dump Analysis Service
  850. See http://www.osronline.com for more information
  851. Windows 8 Kernel Version 14393 MP (8 procs) Free x64
  852. Product: WinNt, suite: TerminalServer SingleUserTS
  853. Built by: 14393.1198.amd64fre.rs1_release_sec.170427-1353
  854. Machine Name:
  855. Kernel base = 0xfffff802`6e290000 PsLoadedModuleList = 0xfffff802`6e58f000
  856. Debug session time: Sat May 27 19:04:26.646 2017 (UTC - 4:00)
  857. System Uptime: 0 days 0:12:48.789
  858. *******************************************************************************
  859. * *
  860. * Bugcheck Analysis *
  861. * *
  862. *******************************************************************************
  863.  
  864. SYSTEM_SERVICE_EXCEPTION (3b)
  865. An exception happened while executing a system service routine.
  866. Arguments:
  867. Arg1: 00000000c0000005, Exception code that caused the bugcheck
  868. Arg2: fffff8026e4784bb, Address of the instruction which caused the bugcheck
  869. Arg3: ffffc58174ee9ca0, Address of the context record for the exception that caused the bugcheck
  870. Arg4: 0000000000000000, zero.
  871.  
  872. Debugging Details:
  873. ------------------
  874.  
  875. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  876.  
  877. OVERLAPPED_MODULE: Address regions for 'ibtusb' and 'dump_storpor' overlap
  878.  
  879. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  880.  
  881. FAULTING_IP:
  882. nt!MiCaptureProtectionFromProto+f
  883. fffff802`6e4784bb 488b01 mov rax,qword ptr [rcx]
  884.  
  885. CONTEXT: ffffc58174ee9ca0 -- (.cxr 0xffffc58174ee9ca0)
  886. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
  887. rdx=0000000000000000 rsi=fffff33ffbb95288 rdi=ffff8c036ebf6b00
  888. rip=fffff8026e4784bb rsp=ffffc58174eea6b0 rbp=ffff8c0366c718c0
  889. r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
  890. r11=000000000000f500 r12=00007ff772a51000 r13=ffff8c036ebf6b00
  891. r14=0000000000000000 r15=ffff8c0366c718c0
  892. iopl=0 nv up ei ng nz na pe nc
  893. cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
  894. nt!MiCaptureProtectionFromProto+0xf:
  895. fffff802`6e4784bb 488b01 mov rax,qword ptr [rcx] ds:002b:00000000`00000000=0000000000000000
  896. Resetting default scope
  897.  
  898. CUSTOMER_CRASH_COUNT: 1
  899.  
  900. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  901.  
  902. BUGCHECK_STR: 0x3B
  903.  
  904. PROCESS_NAME: WerFault.exe
  905.  
  906. CURRENT_IRQL: 0
  907.  
  908. LAST_CONTROL_TRANSFER: from fffff8026e31b98f to fffff8026e4784bb
  909.  
  910. STACK_TEXT:
  911. ffffc581`74eea6b0 fffff802`6e31b98f : 00000000`00000000 fffff33f`fbb95288 ffff8c03`66c718c0 00000000`00000001 : nt!MiCaptureProtectionFromProto+0xf
  912. ffffc581`74eea6e0 fffff802`6e2e8bf8 : fffff33f`fbb95410 fffff33f`faf20300 00000000`0000f500 00000000`00004008 : nt!MiGetPageProtection+0x34f
  913. ffffc581`74eea730 fffff802`6e2e87c3 : 00000000`00000000 ffffc581`74eea900 00000000`00000000 ffff8c03`65f7b030 : nt!MiQueryAddressState+0x258
  914. ffffc581`74eea7c0 fffff802`6e6ae48b : 00000000`00000008 00000007`ff772a50 00007ff7`72a51000 ffff8c03`6ebf6600 : nt!MiQueryAddressSpan+0x153
  915. ffffc581`74eea860 fffff802`6e6adf39 : ffff1465`b1a23e4c ffff8c03`681c4660 00000000`1c000000 000000a8`be1bd7b0 : nt!MmQueryVirtualMemory+0x54b
  916. ffffc581`74eea9c0 fffff802`6e3e9893 : 00000000`fc0019ff ffffffff`ffffffff 00000000`00000000 00000000`fc0019ff : nt!NtQueryVirtualMemory+0x25
  917. ffffc581`74eeaa10 00007ff9`347c6534 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  918. 000000a8`be1bd4f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff9`347c6534
  919.  
  920.  
  921. MODULE_NAME: memory_corruption
  922.  
  923. IMAGE_NAME: memory_corruption
  924.  
  925. FOLLOWUP_NAME: memory_corruption
  926.  
  927. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  928.  
  929. MEMORY_CORRUPTOR: LARGE
  930.  
  931. STACK_COMMAND: .cxr 0xffffc58174ee9ca0 ; kb
  932.  
  933. FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  934.  
  935. BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE
  936.  
  937. Followup: memory_corruption
  938. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!