Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Full address space is available
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- 18362.1.amd64fre.19h1_release.190318-1202
- Machine Name:
- Kernel base = 0xfffff801`44600000 PsLoadedModuleList = 0xfffff801`44a48150
- Debug session time: Fri Jan 17 23:55:11.684 2020 (UTC + 1:00)
- System Uptime: 0 days 0:03:54.379
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ....................................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000092`d2ee5018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- ...........
- For analysis of this file, run !analyze -v
- nt!KeBugCheckEx:
- fffff801`447c14e0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff801`486e4d10=000000000000007f
- 0: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- UNEXPECTED_KERNEL_MODE_TRAP (7f)
- This means a trap occurred in kernel mode, and it's a trap of a kind
- that the kernel isn't allowed to have/catch (bound trap) or that
- is always instant death (double fault). The first number in the
- bugcheck params is the number of the trap (8 = double fault, etc)
- Consult an Intel x86 family manual to learn more about what these
- traps are. Here is a *portion* of those codes:
- If kv shows a taskGate
- use .tss on the part before the colon, then kv.
- Else if kv shows a trapframe
- use .trap on that value
- Else
- .trap on the appropriate frame will show where the trap was taken
- (on x86, this will be the ebp that goes with the procedure KiTrap)
- Endif
- kb will then show the corrected stack.
- Arguments:
- Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
- Arg2: fffff801486e4e50
- Arg3: fffffa028f750ff0
- Arg4: fffff801448d302b
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- Key : Analysis.CPU.Sec
- Value: 3
- Key : Analysis.DebugAnalysisProvider.CPP
- Value: Create: 8007007e on DESKTOP-BFIN3BM
- Key : Analysis.DebugData
- Value: CreateObject
- Key : Analysis.DebugModel
- Value: CreateObject
- Key : Analysis.Elapsed.Sec
- Value: 19
- Key : Analysis.Memory.CommitPeak.Mb
- Value: 79
- Key : Analysis.System
- Value: CreateObject
- ADDITIONAL_XML: 1
- BUGCHECK_CODE: 7f
- BUGCHECK_P1: 8
- BUGCHECK_P2: fffff801486e4e50
- BUGCHECK_P3: fffffa028f750ff0
- BUGCHECK_P4: fffff801448d302b
- TRAP_FRAME: fffff801486e4e50 -- (.trap 0xfffff801486e4e50)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffffa028f751018 rbx=0000000000000000 rcx=fffffa028f750000
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff801448d302b rsp=fffffa028f750ff0 rbp=fffffa028f7510b9
- r8=000000000000000e r9=0000000000000000 r10=fffffa028f750000
- r11=fffffa028f750000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt!MiGenerateAccessViolation+0x1f:
- fffff801`448d302b e800f8d6ff call nt!MiDeterminePoolType (fffff801`44642830)
- Resetting default scope
- PROCESS_NAME: conhost.exe
- STACK_OVERFLOW: Stack Limit: fffffa028f751000. Use (kF) and (!stackusage) to investigate stack usage.
- STACKUSAGE_FUNCTION: The function at address 0xfffff80151659430 was blamed for the stack overflow. It is using 8400 bytes of stack.
- STACK_TEXT:
- fffffa02`8f750ff0 fffff801`447e35b2 : fffffa02`8f750000 fffffa02`8f7510b9 00000000`00000000 fffffa02`8f7511e0 : nt!MiGenerateAccessViolation+0x1f
- fffffa02`8f751020 fffff801`44672eef : fefefefe`fefefefe 00000000`00000000 00000000`00000000 fffffa02`8f750000 : nt!MiSystemFault+0x1d6842
- fffffa02`8f751120 fffff801`447cf520 : fefefefe`fefefefe fefefefe`fefefefe fffffa02`8f7528b0 fefefefe`fefefefe : nt!MmAccessFault+0x34f
- fffffa02`8f7512c0 fffff801`447c9f16 : 00000000`00000000 00000000`0010000b fffff801`446c505a fffffa02`8f752678 : nt!KiPageFault+0x360
- fffffa02`8f751458 fffff801`446c505a : fffffa02`8f752678 00000000`00000000 fefefefe`00000003 fefefefe`000004d0 : nt!_chkstk+0x36
- fffffa02`8f751470 fffff801`4479c59f : fffff801`449e7e70 fffffa02`00000001 fffffa02`8f7528b0 fffffa02`8f757000 : nt!RtlUnwindEx+0xfa
- fffffa02`8f7516a0 fffff801`447ca312 : fffffa02`8f7528b0 fffffa02`8f751c80 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xef
- fffffa02`8f751710 fffff801`446c2fa5 : fffffa02`8f752678 00000000`00000000 fffffa02`8f751c80 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0x12
- fffffa02`8f751740 fffff801`446c753e : fffffa02`8f752678 fffffa02`8f7523c0 fffffa02`8f752678 00000000`00000000 : nt!RtlDispatchException+0x4a5
- fffffa02`8f751e90 fffff801`447d341d : ffffab8b`8e288640 fffff801`44674ef6 ffffd269`349a4000 00007ff5`aca53000 : nt!KiDispatchException+0x16e
- fffffa02`8f752540 fffff801`447cf605 : ffffab8b`8e288580 00000000`000000ff 80000000`00000000 ffffe280`551deb10 : nt!KiExceptionDispatch+0x11d
- fffffa02`8f752720 fffff801`4471fadb : ffffd23f`fad65298 ffffab8b`8e288580 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x445
- fffffa02`8f7528b0 fffff801`446aa1e5 : ffffd23f`fad65298 ffffffff`00000018 00000000`00000000 ffffffff`00000420 : nt!MiMakeProtoLeafValid+0xaf
- fffffa02`8f752940 fffff801`44c5780b : 00007ff5`aca53000 ffffab8b`8fd71b60 ffff8481`00000f00 00000000`00000000 : nt!MiSplitPrivatePage+0x365
- fffffa02`8f752a20 fffff801`44c5732c : ffffab8b`8fd71b88 00007ff5`aca52c00 00000000`00000440 00007ff5`aca52c00 : nt!MiCopyToCfgBitMap+0x48b
- fffffa02`8f752b00 fffff801`44c56718 : ffffd23f`ff3ac578 00000000`00000000 00007ffe`758c1000 fffff801`446a578f : nt!MiPopulateCfgBitMap+0xbc
- fffffa02`8f752bb0 fffff801`44c22670 : ffffab8b`8e288580 00000000`00000000 ffffab8b`8e288640 fffff801`4462c700 : nt!MiMarkPrivateOpenCfgBits+0x30
- fffffa02`8f752bf0 fffff801`44c22547 : ffffab8b`8fe26400 fffff801`44639c1d 00000000`00000000 fffff801`4468d2c6 : nt!MiMarkProcessCfgBits+0x44
- fffffa02`8f752c20 fffff801`44bd784f : 00000000`00000002 fffffa02`8f752d21 ffffab8b`8f5ddde0 fffffa02`00000000 : nt!MiCommitVadCfgBits+0x16f
- fffffa02`8f752ca0 fffff801`44c57d26 : fffffa02`8f752f98 00000000`00000000 fffffa02`00000006 fefefefe`00000001 : nt!MiReserveUserMemory+0x42f
- fffffa02`8f752d80 fffff801`44c50c66 : 00007ffe`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiAllocateVirtualMemory+0x316
- fffffa02`8f752f10 fffff801`447d2d18 : ffffffff`8000376c ffffab8b`8fe26080 00000000`00000000 fffffa02`8f7532d8 : nt!NtAllocateVirtualMemory+0x196
- fffffa02`8f7530b0 fffff801`447c5320 : fffff801`51657b76 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- fffffa02`8f7532b8 fffff801`51657b76 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
- fffffa02`8f7532c0 fffff801`51659430 : ffffffff`8000376c 00000000`00002000 00007ffe`7575f7e0 00000000`00000000 : networktunnelx64+0x7b76
- fffffa02`8f753340 fffff801`51659a1e : ffffffff`8000376c ffffe280`57360db8 00000000`00000002 ffffab8b`8e288080 : networktunnelx64+0x9430
- fffffa02`8f755410 fffff801`5165b5ea : ffffffff`8000376c ffffe280`57360db8 00000000`00000010 00000000`00000082 : networktunnelx64+0x9a1e
- fffffa02`8f755440 fffff801`5165b6ad : ffffffff`8000376c fffff801`52228601 00000000`00002a90 ffffab8b`8e288080 : networktunnelx64+0xb5ea
- fffffa02`8f7554d0 fffff801`516512d6 : 00000000`00002a90 00000000`0000000a 00000000`00000000 00000000`00000001 : networktunnelx64+0xb6ad
- fffffa02`8f755510 fffff801`44bcd9d8 : 00000000`00002a88 00000000`00002a90 ffffab8b`8e6d6f01 ffffab8b`8e288080 : networktunnelx64+0x12d6
- fffffa02`8f755540 fffff801`44c5da9c : ffffffff`00000000 fffffa02`8f756330 fffffa02`8f755c01 ffffab8b`8e962b70 : nt!PspCallProcessNotifyRoutines+0x254
- fffffa02`8f755610 fffff801`44c2fba4 : ffffab8b`8fe29080 ffffab8b`8e288080 fffffa02`8f755dd0 fffffa02`8f755c90 : nt!PspInsertThread+0x5e8
- fffffa02`8f755700 fffff801`447d2d18 : 00000000`00000000 ffffab8b`872a87a0 ffffe280`52e09d40 00000001`8f7564e0 : nt!NtCreateUserProcess+0x964
- fffffa02`8f7563b0 fffff801`447c5320 : fffff801`5377ad4f 00000000`00000000 00000000`00002a88 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- fffffa02`8f7565b8 fffff801`5377ad4f : 00000000`00000000 00000000`00002a88 00000000`00000000 fffffa02`8f756630 : nt!KiServiceLinkage
- fffffa02`8f7565c0 fffff801`5377a921 : 00000000`00000001 00000000`00000000 fffffa02`8f756b80 00007ffe`00000000 : condrv!CdpCreateProcess+0x14f
- fffffa02`8f756770 fffff801`53778ad7 : ffffab8b`8e28a080 00000000`00000730 ffffab8b`872f14e0 00000000`007039e0 : condrv!CdpLaunchServerProcess+0x171
- fffffa02`8f756870 fffff801`5377ae0d : 00000000`007039e0 fffff801`5377adb0 ffffab8b`8e964ab0 00000000`00000000 : condrv!CdpServerFastIoctl+0x167
- fffffa02`8f7568b0 fffff801`44be8efb : 00000000`00000088 fffffa02`8f756b00 ffffab8b`8e28a580 ffffab8b`8e964ab0 : condrv!CdpFastIoDeviceControl+0x5d
- fffffa02`8f756900 fffff801`44be87c6 : 00007ffe`7571bc00 00000000`00000000 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x71b
- fffffa02`8f756a20 fffff801`447d2d18 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0012019f : nt!NtDeviceIoControlFile+0x56
- fffffa02`8f756a90 00007ffe`7575c1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- 00000000`001ee098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`7575c1a4
- STACK_COMMAND: .trap 0xfffff801486e4e50 ; kb
- SYMBOL_NAME: networktunnelx64+9430
- IMAGE_NAME: networktunnelx64.sys
- MODULE_NAME: networktunnelx64
- BUCKET_ID_FUNC_OFFSET: 9430
- FAILURE_BUCKET_ID: 0x7f_8_STACK_USAGE_networktunnelx64!unknown_function
- OS_VERSION: 10.0.18362.1
- BUILDLAB_STR: 19h1_release
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- FAILURE_ID_HASH: {40c7ef30-43b9-8995-cd28-4273c4c8586d}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement