Sistemim:
R5 2600
GTX 1060 6G
16 GB RAM
Son düzenleyen: Moderatör:
Çözüldü SYSTEM_SERVICE_EXPCETION mavi ekran hatası
- Konuyu başlatan ZuZu
- Başlangıç Tarihi
- Mesaj 2
- Görüntüleme 449
Bu konu çözüldü olarak işaretlenmiştir. Çözülmediğini düşünüyorsanız konuyu rapor edebilirsiniz.
Sistemim:
R5 2600
GTX 1060 6G
16 GB RAM
Çözüm
Bu aralar sıklıkla mavi ekran almaya başladım. Özellikle C sürücüsü (Windows burada yüklü) dolmaya yakın oluyor.
Sistemim:
R5 2600
GTX 1060 6G
16 GB RAM
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000d70, Actual security check cookie from the stack
Arg2: 0000e9c9a5f3db43, Expected security check cookie
Arg3: ffff16365a0c24bc, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 11153
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3295
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-6156-01.dmp
BUGCHECK_CODE: f7
BUGCHECK_P1: d70
BUGCHECK_P2: e9c9a5f3db43
BUGCHECK_P3: ffff16365a0c24bc
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000e9c9a5f3db43 found 0000000000000d70
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9987`c2386528 fffff802`49eb1415 : 00000000`000000f7 00000000`00000d70 0000e9c9`a5f3db43 ffff1636`5a0c24bc : nt!KeBugCheckEx
ffff9987`c2386530 fffff802`49dd269e : ffff9987`c2386b40 fffff802`49ce6fef fffff802`49acfc18 ffff9987`00000000 : nt!_report_gsfailure+0x25
ffff9987`c2386570 fffff802`49dd2633 : ffff9987`c2386640 00000000`00000000 ffff9987`c2386b78 ffff9987`c2386b50 : nt!_GSHandlerCheckCommon+0x5a
ffff9987`c23865a0 fffff802`49e00072 : fffff802`49dd2620 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffff9987`c23865d0 fffff802`49ce6dd7 : ffff9987`c2386b40 00000000`00000000 ffff9987`c23877a0 fffff802`49c93529 : nt!RtlpExecuteHandlerForException+0x12
ffff9987`c2386600 fffff802`49ce59d6 : ffff9987`c2387518 ffff9987`c2387250 ffff9987`c2387518 00000000`00000000 : nt!RtlDispatchException+0x297
ffff9987`c2386d20 fffff802`49e092ac : 00000000`00001000 ffff9987`c23875c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9987`c23873e0 fffff802`49e05443 : ffff9987`c2387700 fffff802`50a5cc69 00000000`00000000 ffffd80f`5b9b4000 : nt!KiExceptionDispatch+0x12c
ffff9987`c23875c0 fffff802`50a32aba : fffff802`50a2c6b8 fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 : nt!KiPageFault+0x443
ffff9987`c2387750 fffff802`50a2c6b8 : fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 : nvlddmkm+0x792aba
ffff9987`c2387758 fffff802`50a35909 : 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 : nvlddmkm+0x78c6b8
ffff9987`c2387760 00000000`00000001 : ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 : nvlddmkm+0x795909
ffff9987`c2387768 ffffd80f`5b9b4000 : ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 00000000`00000000 : 0x1
ffff9987`c2387770 ffffd80f`5b9b4000 : 00000000`00000000 ffff9987`c23877b4 00000000`00000000 00000000`00000006 : 0xffffd80f`5b9b4000
ffff9987`c2387778 00000000`00000000 : ffff9987`c23877b4 00000000`00000000 00000000`00000006 fffff802`49c93529 : 0xffffd80f`5b9b4000
SYMBOL_NAME: nvlddmkm+792aba
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 792aba
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Followup: MachineOwner
---------
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000d70, Actual security check cookie from the stack
Arg2: 0000e9c9a5f3db43, Expected security check cookie
Arg3: ffff16365a0c24bc, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 11153
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3295
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-6156-01.dmp
BUGCHECK_CODE: f7
BUGCHECK_P1: d70
BUGCHECK_P2: e9c9a5f3db43
BUGCHECK_P3: ffff16365a0c24bc
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000e9c9a5f3db43 found 0000000000000d70
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9987`c2386528 fffff802`49eb1415 : 00000000`000000f7 00000000`00000d70 0000e9c9`a5f3db43 ffff1636`5a0c24bc : nt!KeBugCheckEx
ffff9987`c2386530 fffff802`49dd269e : ffff9987`c2386b40 fffff802`49ce6fef fffff802`49acfc18 ffff9987`00000000 : nt!_report_gsfailure+0x25
ffff9987`c2386570 fffff802`49dd2633 : ffff9987`c2386640 00000000`00000000 ffff9987`c2386b78 ffff9987`c2386b50 : nt!_GSHandlerCheckCommon+0x5a
ffff9987`c23865a0 fffff802`49e00072 : fffff802`49dd2620 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffff9987`c23865d0 fffff802`49ce6dd7 : ffff9987`c2386b40 00000000`00000000 ffff9987`c23877a0 fffff802`49c93529 : nt!RtlpExecuteHandlerForException+0x12
ffff9987`c2386600 fffff802`49ce59d6 : ffff9987`c2387518 ffff9987`c2387250 ffff9987`c2387518 00000000`00000000 : nt!RtlDispatchException+0x297
ffff9987`c2386d20 fffff802`49e092ac : 00000000`00001000 ffff9987`c23875c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9987`c23873e0 fffff802`49e05443 : ffff9987`c2387700 fffff802`50a5cc69 00000000`00000000 ffffd80f`5b9b4000 : nt!KiExceptionDispatch+0x12c
ffff9987`c23875c0 fffff802`50a32aba : fffff802`50a2c6b8 fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 : nt!KiPageFault+0x443
ffff9987`c2387750 fffff802`50a2c6b8 : fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 : nvlddmkm+0x792aba
ffff9987`c2387758 fffff802`50a35909 : 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 : nvlddmkm+0x78c6b8
ffff9987`c2387760 00000000`00000001 : ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 : nvlddmkm+0x795909
ffff9987`c2387768 ffffd80f`5b9b4000 : ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 00000000`00000000 : 0x1
ffff9987`c2387770 ffffd80f`5b9b4000 : 00000000`00000000 ffff9987`c23877b4 00000000`00000000 00000000`00000006 : 0xffffd80f`5b9b4000
ffff9987`c2387778 00000000`00000000 : ffff9987`c23877b4 00000000`00000000 00000000`00000006 fffff802`49c93529 : 0xffffd80f`5b9b4000
SYMBOL_NAME: nvlddmkm+792aba
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 792aba
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff804476896bc, Address of the instruction which caused the BugCheck
Arg3: fffff68fec5cce80, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
*** WARNING: Unable to verify checksum for win32kbase.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2765
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 7490
Key : Analysis.Init.CPU.mSec
Value: 218
Key : Analysis.Init.Elapsed.mSec
Value: 1604
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 111021-5546-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff804476896bc
BUGCHECK_P3: fffff68fec5cce80
BUGCHECK_P4: 0
CONTEXT: fffff68fec5cce80 -- (.cxr 0xfffff68fec5cce80)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000016
rdx=0000000000000000 rsi=0000000000000000 rdi=a2e64eada2e64ead
rip=fffff804476896bc rsp=fffff68fec5cd880 rbp=fffff68fec5cdb80
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff68fec5cd928 r12=0000000000000000 r13=0000000000000222
r14=00000046874ff930 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExFreeHeapPool+0x76c:
fffff804`476896bc 488b18 mov rbx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: SearchProtocolHost.exe
STACK_TEXT:
fffff68f`ec5cd880 fffff804`47db1149 : ffffbc85`9b584500 00000000`00000000 00000000`00000000 00000046`874ff930 : nt!ExFreeHeapPool+0x76c
fffff68f`ec5cd960 fffff804`47ae8197 : 00000000`00000001 00000046`874ff930 00000000`00000001 00000000`00000222 : nt!ExFreePool+0x9
fffff68f`ec5cd990 fffff804`47a8edad : ffffbc85`96770a70 00000000`00000000 ffffbc85`9b584500 fffff68f`ec5cdb80 : nt!IopSynchronousApiServiceTail+0x4b
fffff68f`ec5cd9d0 fffff804`47808bb8 : 00000000`00000644 ffffbc85`922d2080 00000046`874ff908 ffffbc85`00000218 : nt!NtQueryVolumeInformationFile+0x3cd
fffff68f`ec5cda90 00007ffd`4bb6d694 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000046`874ff8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`4bb6d694
CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32kbase
ffffa0c2a8240040-ffffa0c2a8240052 19 bytes - win32kbase!ResetOrg+9b0
[ 39 00 00 01 00 0f 87 96:48 8b 02 49 3b 00 77 09 ]
ffffa0c2a8240054-ffffa0c2a8240070 29 bytes - win32kbase!ResetOrg+9c4 (+0x14)
[ 48 8b 56 10 0f b7 42 02:00 00 c3 cc cc cc cc cc ]
ffffa0c2a8240072-ffffa0c2a8240091 32 bytes - win32kbase!ResetOrg+9e2 (+0x1e)
[ 9e bf 0a 00 8b cb 41 2b:ea 01 74 7c 83 ea 02 74 ]
ffffa0c2a8240093-ffffa0c2a824009b 9 bytes - win32kbase!ResetOrg+a03 (+0x21)
[ 41 3b 59 14 0f 83 77 bf:00 8d 4a 58 eb 08 b8 40 ]
ffffa0c2a824009d-ffffa0c2a82400c2 38 bytes - win32kbase!ResetOrg+a0d (+0x0a)
[ 49 8b 41 18 8b d3 48 c1:00 8d 48 10 49 8d 14 0a ]
ffffa0c2a82400c4 - win32kbase!ResetOrg+a34 (+0x27)
[ ff:b8 ]
ffffa0c2a82400c6-ffffa0c2a82400d4 15 bytes - win32kbase!ResetOrg+a36 (+0x02)
[ 0f b7 c0 0b d8 81 fb 00:08 00 00 8d 4a 5b eb d3 ]
ffffa0c2a82400d7-ffffa0c2a82400e1 11 bytes - win32kbase!ResetOrg+a47 (+0x11)
[ 01 00 44 0f b7 f3 0f 87:00 eb c7 b8 00 01 00 00 ]
ffffa0c2a82400e3-ffffa0c2a82400f2 16 bytes - win32kbase!ResetOrg+a53 (+0x0c)
[ 41 8b de 48 8b 56 10 0f:00 eb bb b8 00 04 00 00 ]
ffffa0c2a82400f4-ffffa0c2a82400f8 5 bytes - win32kbase!ResetOrg+a64 (+0x11)
[ 00 05 ff ff 00:20 00 00 b9 6c ]
ffffa0c2a82400fa-ffffa0c2a824013f 70 bytes - win32kbase!ResetOrg+a6a (+0x06)
[ c1 e0 10 41 03 c0 3b d8:00 00 eb a3 b8 00 02 00 ]
ffffa0c2a8249d80-ffffa0c2a8249da3 36 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+a0 (+0x9c86)
[ 00 00 00 48 89 44 24 28:48 83 ec 28 48 8b ca e8 ]
ffffa0c2a8249da5-ffffa0c2a8249db4 16 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+c5 (+0x25)
[ f8 85 db 0f 88 e2 01 00:d1 4d 85 c9 0f 95 c2 41 ]
ffffa0c2a8249db6 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d6 (+0x11)
[ 00:41 ]
ffffa0c2a8249db8-ffffa0c2a8249dcd 22 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d8 (+0x02)
[ 65 e0 00 4c 8d 4d f0 ba:e8 01 0f 84 d2 3d 0a 00 ]
ffffa0c2a8249dda-ffffa0c2a8249df8 31 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+fa (+0x22)
[ 8b d8 85 c0 0f 88 ac 01:0f 84 5e 3d 0a 00 41 83 ]
ffffa0c2a8249dfa-ffffa0c2a8249dfb 2 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11a (+0x20)
[ 48 89:00 74 ]
ffffa0c2a8249dfd-ffffa0c2a8249e02 6 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11d (+0x03)
[ 24 20 41 8d 51 19:48 8b 44 24 28 44 ]
ffffa0c2a8249e0f-ffffa0c2a8249e16 8 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+12f (+0x12)
[ 83 7d e0 00 0f 84 a3 00:10 09 eb 2e 8a 89 4c 01 ]
ffffa0c2a8249e19-ffffa0c2a8249e35 29 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+139 (+0x0a)
[ 48 8b 4d f0 48 8d 45 50:8a c1 c0 e8 03 24 01 3a ]
ffffa0c2a8249e43-ffffa0c2a8249e6f 45 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+163 (+0x2a)
[ 4d 50 ba 55 73 73 65 e8:c3 c3 cc 8a 89 4c 01 00 ]
ffffa0c2a8249e72 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+192 (+0x2f)
[ 44:5c ]
ffffa0c2a8249e74 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+194 (+0x02)
[ 20:08 ]
443 errors : !win32kbase (ffffa0c2a8240040-ffffa0c2a8249e74)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xfffff68fec5cce80 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
8: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132810175517108619
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : STORAGE\Volume\{51533bea-3368-11ec-93fe-6045cb9ef909}#0000000000004000
VetoString :
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff804476896bc, Address of the instruction which caused the BugCheck
Arg3: fffff68fec5cce80, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
*** WARNING: Unable to verify checksum for win32kbase.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2765
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 7490
Key : Analysis.Init.CPU.mSec
Value: 218
Key : Analysis.Init.Elapsed.mSec
Value: 1604
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 111021-5546-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff804476896bc
BUGCHECK_P3: fffff68fec5cce80
BUGCHECK_P4: 0
CONTEXT: fffff68fec5cce80 -- (.cxr 0xfffff68fec5cce80)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000016
rdx=0000000000000000 rsi=0000000000000000 rdi=a2e64eada2e64ead
rip=fffff804476896bc rsp=fffff68fec5cd880 rbp=fffff68fec5cdb80
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff68fec5cd928 r12=0000000000000000 r13=0000000000000222
r14=00000046874ff930 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExFreeHeapPool+0x76c:
fffff804`476896bc 488b18 mov rbx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: SearchProtocolHost.exe
STACK_TEXT:
fffff68f`ec5cd880 fffff804`47db1149 : ffffbc85`9b584500 00000000`00000000 00000000`00000000 00000046`874ff930 : nt!ExFreeHeapPool+0x76c
fffff68f`ec5cd960 fffff804`47ae8197 : 00000000`00000001 00000046`874ff930 00000000`00000001 00000000`00000222 : nt!ExFreePool+0x9
fffff68f`ec5cd990 fffff804`47a8edad : ffffbc85`96770a70 00000000`00000000 ffffbc85`9b584500 fffff68f`ec5cdb80 : nt!IopSynchronousApiServiceTail+0x4b
fffff68f`ec5cd9d0 fffff804`47808bb8 : 00000000`00000644 ffffbc85`922d2080 00000046`874ff908 ffffbc85`00000218 : nt!NtQueryVolumeInformationFile+0x3cd
fffff68f`ec5cda90 00007ffd`4bb6d694 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000046`874ff8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`4bb6d694
CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32kbase
ffffa0c2a8240040-ffffa0c2a8240052 19 bytes - win32kbase!ResetOrg+9b0
[ 39 00 00 01 00 0f 87 96:48 8b 02 49 3b 00 77 09 ]
ffffa0c2a8240054-ffffa0c2a8240070 29 bytes - win32kbase!ResetOrg+9c4 (+0x14)
[ 48 8b 56 10 0f b7 42 02:00 00 c3 cc cc cc cc cc ]
ffffa0c2a8240072-ffffa0c2a8240091 32 bytes - win32kbase!ResetOrg+9e2 (+0x1e)
[ 9e bf 0a 00 8b cb 41 2b:ea 01 74 7c 83 ea 02 74 ]
ffffa0c2a8240093-ffffa0c2a824009b 9 bytes - win32kbase!ResetOrg+a03 (+0x21)
[ 41 3b 59 14 0f 83 77 bf:00 8d 4a 58 eb 08 b8 40 ]
ffffa0c2a824009d-ffffa0c2a82400c2 38 bytes - win32kbase!ResetOrg+a0d (+0x0a)
[ 49 8b 41 18 8b d3 48 c1:00 8d 48 10 49 8d 14 0a ]
ffffa0c2a82400c4 - win32kbase!ResetOrg+a34 (+0x27)
[ ff:b8 ]
ffffa0c2a82400c6-ffffa0c2a82400d4 15 bytes - win32kbase!ResetOrg+a36 (+0x02)
[ 0f b7 c0 0b d8 81 fb 00:08 00 00 8d 4a 5b eb d3 ]
ffffa0c2a82400d7-ffffa0c2a82400e1 11 bytes - win32kbase!ResetOrg+a47 (+0x11)
[ 01 00 44 0f b7 f3 0f 87:00 eb c7 b8 00 01 00 00 ]
ffffa0c2a82400e3-ffffa0c2a82400f2 16 bytes - win32kbase!ResetOrg+a53 (+0x0c)
[ 41 8b de 48 8b 56 10 0f:00 eb bb b8 00 04 00 00 ]
ffffa0c2a82400f4-ffffa0c2a82400f8 5 bytes - win32kbase!ResetOrg+a64 (+0x11)
[ 00 05 ff ff 00:20 00 00 b9 6c ]
ffffa0c2a82400fa-ffffa0c2a824013f 70 bytes - win32kbase!ResetOrg+a6a (+0x06)
[ c1 e0 10 41 03 c0 3b d8:00 00 eb a3 b8 00 02 00 ]
ffffa0c2a8249d80-ffffa0c2a8249da3 36 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+a0 (+0x9c86)
[ 00 00 00 48 89 44 24 28:48 83 ec 28 48 8b ca e8 ]
ffffa0c2a8249da5-ffffa0c2a8249db4 16 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+c5 (+0x25)
[ f8 85 db 0f 88 e2 01 00:d1 4d 85 c9 0f 95 c2 41 ]
ffffa0c2a8249db6 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d6 (+0x11)
[ 00:41 ]
ffffa0c2a8249db8-ffffa0c2a8249dcd 22 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d8 (+0x02)
[ 65 e0 00 4c 8d 4d f0 ba:e8 01 0f 84 d2 3d 0a 00 ]
ffffa0c2a8249dda-ffffa0c2a8249df8 31 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+fa (+0x22)
[ 8b d8 85 c0 0f 88 ac 01:0f 84 5e 3d 0a 00 41 83 ]
ffffa0c2a8249dfa-ffffa0c2a8249dfb 2 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11a (+0x20)
[ 48 89:00 74 ]
ffffa0c2a8249dfd-ffffa0c2a8249e02 6 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11d (+0x03)
[ 24 20 41 8d 51 19:48 8b 44 24 28 44 ]
ffffa0c2a8249e0f-ffffa0c2a8249e16 8 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+12f (+0x12)
[ 83 7d e0 00 0f 84 a3 00:10 09 eb 2e 8a 89 4c 01 ]
ffffa0c2a8249e19-ffffa0c2a8249e35 29 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+139 (+0x0a)
[ 48 8b 4d f0 48 8d 45 50:8a c1 c0 e8 03 24 01 3a ]
ffffa0c2a8249e43-ffffa0c2a8249e6f 45 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+163 (+0x2a)
[ 4d 50 ba 55 73 73 65 e8:c3 c3 cc 8a 89 4c 01 00 ]
ffffa0c2a8249e72 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+192 (+0x2f)
[ 44:5c ]
ffffa0c2a8249e74 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+194 (+0x02)
[ 20:08 ]
443 errors : !win32kbase (ffffa0c2a8240040-ffffa0c2a8249e74)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xfffff68fec5cce80 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
8: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132810175517108619
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : STORAGE\Volume\{51533bea-3368-11ec-93fe-6045cb9ef909}#0000000000004000
VetoString :
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80620600928, Address of the instruction which caused the BugCheck
Arg3: fffffa0c65ebb8d0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2031
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 6782
Key : Analysis.Init.CPU.mSec
Value: 234
Key : Analysis.Init.Elapsed.mSec
Value: 6738
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-5125-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80620600928
BUGCHECK_P3: fffffa0c65ebb8d0
BUGCHECK_P4: 0
CONTEXT: fffffa0c65ebb8d0 -- (.cxr 0xfffffa0c65ebb8d0)
rax=0000000000000000 rbx=ffffc200f94c00f0 rcx=ffffa309f2612630
rdx=0000000000000001 rsi=ffffa309f2612630 rdi=fffea309f3224cc0
rip=fffff80620600928 rsp=fffffa0c65ebc2d0 rbp=ffffa309f2f4b0c0
r8=00000000ffffffff r9=7fffa309f2612748 r10=7ffffffffffffffc
r11=fffffa0c65ebc210 r12=ffffa309ecab3cb0 r13=ffffc200f94c0000
r14=ffffa309f1177080 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nt!MmEnumerateAddressSpaceAndReferenceImages+0x128:
fffff806`20600928 48390f cmp qword ptr [rdi],rcx ds:002b:fffea309`f3224cc0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RDR2.exe
STACK_TEXT:
fffffa0c`65ebc2d0 fffff806`20603ac3 : 00000000`00000000 00000000`00000000 fffffa0c`65ebc610 00000000`00000001 : nt!MmEnumerateAddressSpaceAndReferenceImages+0x128
fffffa0c`65ebc360 fffff806`2065e8a2 : ffffd30e`05debb40 ffffd340`46919bc1 ffffa309`f1177001 00000000`00000302 : nt!EtwpEnumerateAddressSpace+0x15f
fffffa0c`65ebc510 fffff806`2061d642 : ffffa309`f1177080 ffffa309`f1177080 00000000`00000001 00000000`00000000 : nt!EtwTraceProcess+0x1be
fffffa0c`65ebc7a0 fffff806`206b0a72 : ffffa309`f2f4b4f8 00000000`00000000 fffffa0c`65ebc990 00000000`00000000 : nt!PspExitProcess+0x4e
fffffa0c`65ebc7d0 fffff806`206f53c8 : ffffa309`c0000005 00000000`00000001 fffffa0c`65ebc9e0 0000005a`f0f8d000 : nt!PspExitThread+0x5b2
fffffa0c`65ebc8d0 fffff806`2020ef67 : 00000000`40920088 00000000`00000000 00000000`00000000 00000000`00000400 : nt!KiSchedulerApcTerminate+0x38
fffffa0c`65ebc910 fffff806`203fb750 : 0000005a`f770f638 fffffa0c`65ebc9c0 fffffa0c`65ebcb80 00000000`00000000 : nt!KiDeliverApc+0x487
fffffa0c`65ebc9c0 fffff806`20408c5f : 0000005a`f770ecd0 fffffa0c`65ebcb80 fffffa0c`65ebcb18 ffffffff`fff85ee0 : nt!KiInitiateUserApc+0x70
fffffa0c`65ebcb00 00007ffa`8f3ecdf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
0000005a`f770f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`8f3ecdf4
SYMBOL_NAME: nt!MmEnumerateAddressSpaceAndReferenceImages+128
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.1288
STACK_COMMAND: .cxr 0xfffffa0c65ebb8d0 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 128
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!MmEnumerateAddressSpaceAndReferenceImages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {36e4410a-4584-8213-16e3-4f27f5fc983e}
Followup: MachineOwner
---------
10: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132809289865406961
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80620600928, Address of the instruction which caused the BugCheck
Arg3: fffffa0c65ebb8d0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2031
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 6782
Key : Analysis.Init.CPU.mSec
Value: 234
Key : Analysis.Init.Elapsed.mSec
Value: 6738
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-5125-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80620600928
BUGCHECK_P3: fffffa0c65ebb8d0
BUGCHECK_P4: 0
CONTEXT: fffffa0c65ebb8d0 -- (.cxr 0xfffffa0c65ebb8d0)
rax=0000000000000000 rbx=ffffc200f94c00f0 rcx=ffffa309f2612630
rdx=0000000000000001 rsi=ffffa309f2612630 rdi=fffea309f3224cc0
rip=fffff80620600928 rsp=fffffa0c65ebc2d0 rbp=ffffa309f2f4b0c0
r8=00000000ffffffff r9=7fffa309f2612748 r10=7ffffffffffffffc
r11=fffffa0c65ebc210 r12=ffffa309ecab3cb0 r13=ffffc200f94c0000
r14=ffffa309f1177080 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nt!MmEnumerateAddressSpaceAndReferenceImages+0x128:
fffff806`20600928 48390f cmp qword ptr [rdi],rcx ds:002b:fffea309`f3224cc0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RDR2.exe
STACK_TEXT:
fffffa0c`65ebc2d0 fffff806`20603ac3 : 00000000`00000000 00000000`00000000 fffffa0c`65ebc610 00000000`00000001 : nt!MmEnumerateAddressSpaceAndReferenceImages+0x128
fffffa0c`65ebc360 fffff806`2065e8a2 : ffffd30e`05debb40 ffffd340`46919bc1 ffffa309`f1177001 00000000`00000302 : nt!EtwpEnumerateAddressSpace+0x15f
fffffa0c`65ebc510 fffff806`2061d642 : ffffa309`f1177080 ffffa309`f1177080 00000000`00000001 00000000`00000000 : nt!EtwTraceProcess+0x1be
fffffa0c`65ebc7a0 fffff806`206b0a72 : ffffa309`f2f4b4f8 00000000`00000000 fffffa0c`65ebc990 00000000`00000000 : nt!PspExitProcess+0x4e
fffffa0c`65ebc7d0 fffff806`206f53c8 : ffffa309`c0000005 00000000`00000001 fffffa0c`65ebc9e0 0000005a`f0f8d000 : nt!PspExitThread+0x5b2
fffffa0c`65ebc8d0 fffff806`2020ef67 : 00000000`40920088 00000000`00000000 00000000`00000000 00000000`00000400 : nt!KiSchedulerApcTerminate+0x38
fffffa0c`65ebc910 fffff806`203fb750 : 0000005a`f770f638 fffffa0c`65ebc9c0 fffffa0c`65ebcb80 00000000`00000000 : nt!KiDeliverApc+0x487
fffffa0c`65ebc9c0 fffff806`20408c5f : 0000005a`f770ecd0 fffffa0c`65ebcb80 fffffa0c`65ebcb18 ffffffff`fff85ee0 : nt!KiInitiateUserApc+0x70
fffffa0c`65ebcb00 00007ffa`8f3ecdf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
0000005a`f770f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`8f3ecdf4
SYMBOL_NAME: nt!MmEnumerateAddressSpaceAndReferenceImages+128
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.1288
STACK_COMMAND: .cxr 0xfffffa0c65ebb8d0 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 128
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!MmEnumerateAddressSpaceAndReferenceImages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {36e4410a-4584-8213-16e3-4f27f5fc983e}
Followup: MachineOwner
---------
10: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132809289865406961
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: ffff9081453567b8, Address of the IRP
Arg2: 0000000000001232
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3889
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8706
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3630
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110221-5515-01.dmp
BUGCHECK_CODE: 44
BUGCHECK_P1: ffff9081453567b8
BUGCHECK_P2: 1232
BUGCHECK_P3: 0
BUGCHECK_P4: 0
IRP_ADDRESS: ffff9081453567b8
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Launcher.exe
STACK_TEXT:
ffff9081`453566e8 fffff807`1983c23e : 00000000`00000044 ffff9081`453567b8 00000000`00001232 00000000`00000000 : nt!KeBugCheckEx
ffff9081`453566f0 fffff807`19684de7 : 00000000`00001000 ffff9081`45356a02 ffffe68d`3940c4b8 ffff940d`faebc800 : nt!IopfCompleteRequest+0x1b743e
ffff9081`453567e0 fffff807`1f72a7d8 : 00000000`00000001 ffffe68d`00000001 fffff807`00000000 ffff940e`0f905890 : nt!IofCompleteRequest+0x17
ffff9081`45356810 fffff807`1821738b : ffff940d`faebc800 ffff940d`faeba060 ffff9081`45356930 fffff807`17238180 : Npfs!NpFastRead+0x1f8
ffff9081`453568a0 fffff807`1824bb2d : ffff940e`0f905890 ffff9081`45356970 ffff9081`45356a10 ffff9081`45356a38 : FLTMGR!FltpPerformFastIoCall+0x16b
ffff9081`45356900 fffff807`19a8c49f : ffff940e`0f905890 00000000`00000000 00000000`00000000 ffff940e`00000000 : FLTMGR!FltpFastIoRead+0x1dd
ffff9081`453569b0 fffff807`19808bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x37f
ffff9081`45356a90 00007ffd`9f58ce34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000b9`ea2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`9f58ce34
SYMBOL_NAME: Npfs!NpFastRead+1f8
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
IMAGE_VERSION: 10.0.19041.1030
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f8
FAILURE_BUCKET_ID: 0x44_Npfs!NpFastRead
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {86b7726c-e1a8-7fbc-1f00-18525c488171}
Followup: MachineOwner
---------
2: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132803455833860250
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: ffff9081453567b8, Address of the IRP
Arg2: 0000000000001232
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3889
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8706
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3630
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110221-5515-01.dmp
BUGCHECK_CODE: 44
BUGCHECK_P1: ffff9081453567b8
BUGCHECK_P2: 1232
BUGCHECK_P3: 0
BUGCHECK_P4: 0
IRP_ADDRESS: ffff9081453567b8
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Launcher.exe
STACK_TEXT:
ffff9081`453566e8 fffff807`1983c23e : 00000000`00000044 ffff9081`453567b8 00000000`00001232 00000000`00000000 : nt!KeBugCheckEx
ffff9081`453566f0 fffff807`19684de7 : 00000000`00001000 ffff9081`45356a02 ffffe68d`3940c4b8 ffff940d`faebc800 : nt!IopfCompleteRequest+0x1b743e
ffff9081`453567e0 fffff807`1f72a7d8 : 00000000`00000001 ffffe68d`00000001 fffff807`00000000 ffff940e`0f905890 : nt!IofCompleteRequest+0x17
ffff9081`45356810 fffff807`1821738b : ffff940d`faebc800 ffff940d`faeba060 ffff9081`45356930 fffff807`17238180 : Npfs!NpFastRead+0x1f8
ffff9081`453568a0 fffff807`1824bb2d : ffff940e`0f905890 ffff9081`45356970 ffff9081`45356a10 ffff9081`45356a38 : FLTMGR!FltpPerformFastIoCall+0x16b
ffff9081`45356900 fffff807`19a8c49f : ffff940e`0f905890 00000000`00000000 00000000`00000000 ffff940e`00000000 : FLTMGR!FltpFastIoRead+0x1dd
ffff9081`453569b0 fffff807`19808bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x37f
ffff9081`45356a90 00007ffd`9f58ce34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000b9`ea2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`9f58ce34
SYMBOL_NAME: Npfs!NpFastRead+1f8
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
IMAGE_VERSION: 10.0.19041.1030
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f8
FAILURE_BUCKET_ID: 0x44_Npfs!NpFastRead
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {86b7726c-e1a8-7fbc-1f00-18525c488171}
Followup: MachineOwner
---------
2: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132803455833860250
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
Ekran kartı sürücüsü nedeniyle de ekstra bir mavi ekran almışsın. Diğer hatalar RAM'lerini ve Depolama diskini işaret ediyor. XMP/DOCP profillerini kullanıyor musun?
HD Tune ile Error scan sekmesinde Quick Scan kapalı bir şekilde disklerini tarat sonuçlarının ekran görüntüsünü buraya atabilirsin. Sonra MemTest86 ile RAM'lerini kontrol et. Testler bitene kadar beklemek zorundasın. Her iki sonuçları da bekliyorum.
Memtest86 USB'den Çalışan RAM Test Programı
RAM'lerinizi test etmek için kullanabileceğiniz en kapsamlı yazılım Memtest86'dır. Aracı USB belleğe yazmak için: Bu video rehberde Memtest86 ile belleklerinizi nasıl test edeceğinizi öğrenebilirsiniz: Adım adım: Öncelikle yazılımı buradan indirin. UEFI desteği olmayan eski sistemler...
Alp Bereket
Megapat
Daha fazla
- Cinsiyet
- Erkek
- Meslek
- Bilgisayar Mühendisi
Bu aralar sıklıkla mavi ekran almaya başladım. Özellikle C sürücüsü (Windows burada yüklü) dolmaya yakın oluyor.
Sistemim:
R5 2600
GTX 1060 6G
16 GB RAM
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000d70, Actual security check cookie from the stack
Arg2: 0000e9c9a5f3db43, Expected security check cookie
Arg3: ffff16365a0c24bc, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 11153
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3295
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-6156-01.dmp
BUGCHECK_CODE: f7
BUGCHECK_P1: d70
BUGCHECK_P2: e9c9a5f3db43
BUGCHECK_P3: ffff16365a0c24bc
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000e9c9a5f3db43 found 0000000000000d70
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9987`c2386528 fffff802`49eb1415 : 00000000`000000f7 00000000`00000d70 0000e9c9`a5f3db43 ffff1636`5a0c24bc : nt!KeBugCheckEx
ffff9987`c2386530 fffff802`49dd269e : ffff9987`c2386b40 fffff802`49ce6fef fffff802`49acfc18 ffff9987`00000000 : nt!_report_gsfailure+0x25
ffff9987`c2386570 fffff802`49dd2633 : ffff9987`c2386640 00000000`00000000 ffff9987`c2386b78 ffff9987`c2386b50 : nt!_GSHandlerCheckCommon+0x5a
ffff9987`c23865a0 fffff802`49e00072 : fffff802`49dd2620 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffff9987`c23865d0 fffff802`49ce6dd7 : ffff9987`c2386b40 00000000`00000000 ffff9987`c23877a0 fffff802`49c93529 : nt!RtlpExecuteHandlerForException+0x12
ffff9987`c2386600 fffff802`49ce59d6 : ffff9987`c2387518 ffff9987`c2387250 ffff9987`c2387518 00000000`00000000 : nt!RtlDispatchException+0x297
ffff9987`c2386d20 fffff802`49e092ac : 00000000`00001000 ffff9987`c23875c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9987`c23873e0 fffff802`49e05443 : ffff9987`c2387700 fffff802`50a5cc69 00000000`00000000 ffffd80f`5b9b4000 : nt!KiExceptionDispatch+0x12c
ffff9987`c23875c0 fffff802`50a32aba : fffff802`50a2c6b8 fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 : nt!KiPageFault+0x443
ffff9987`c2387750 fffff802`50a2c6b8 : fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 : nvlddmkm+0x792aba
ffff9987`c2387758 fffff802`50a35909 : 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 : nvlddmkm+0x78c6b8
ffff9987`c2387760 00000000`00000001 : ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 : nvlddmkm+0x795909
ffff9987`c2387768 ffffd80f`5b9b4000 : ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 00000000`00000000 : 0x1
ffff9987`c2387770 ffffd80f`5b9b4000 : 00000000`00000000 ffff9987`c23877b4 00000000`00000000 00000000`00000006 : 0xffffd80f`5b9b4000
ffff9987`c2387778 00000000`00000000 : ffff9987`c23877b4 00000000`00000000 00000000`00000006 fffff802`49c93529 : 0xffffd80f`5b9b4000
SYMBOL_NAME: nvlddmkm+792aba
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 792aba
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Followup: MachineOwner
---------
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000d70, Actual security check cookie from the stack
Arg2: 0000e9c9a5f3db43, Expected security check cookie
Arg3: ffff16365a0c24bc, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 11153
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3295
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-6156-01.dmp
BUGCHECK_CODE: f7
BUGCHECK_P1: d70
BUGCHECK_P2: e9c9a5f3db43
BUGCHECK_P3: ffff16365a0c24bc
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000e9c9a5f3db43 found 0000000000000d70
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9987`c2386528 fffff802`49eb1415 : 00000000`000000f7 00000000`00000d70 0000e9c9`a5f3db43 ffff1636`5a0c24bc : nt!KeBugCheckEx
ffff9987`c2386530 fffff802`49dd269e : ffff9987`c2386b40 fffff802`49ce6fef fffff802`49acfc18 ffff9987`00000000 : nt!_report_gsfailure+0x25
ffff9987`c2386570 fffff802`49dd2633 : ffff9987`c2386640 00000000`00000000 ffff9987`c2386b78 ffff9987`c2386b50 : nt!_GSHandlerCheckCommon+0x5a
ffff9987`c23865a0 fffff802`49e00072 : fffff802`49dd2620 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffff9987`c23865d0 fffff802`49ce6dd7 : ffff9987`c2386b40 00000000`00000000 ffff9987`c23877a0 fffff802`49c93529 : nt!RtlpExecuteHandlerForException+0x12
ffff9987`c2386600 fffff802`49ce59d6 : ffff9987`c2387518 ffff9987`c2387250 ffff9987`c2387518 00000000`00000000 : nt!RtlDispatchException+0x297
ffff9987`c2386d20 fffff802`49e092ac : 00000000`00001000 ffff9987`c23875c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9987`c23873e0 fffff802`49e05443 : ffff9987`c2387700 fffff802`50a5cc69 00000000`00000000 ffffd80f`5b9b4000 : nt!KiExceptionDispatch+0x12c
ffff9987`c23875c0 fffff802`50a32aba : fffff802`50a2c6b8 fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 : nt!KiPageFault+0x443
ffff9987`c2387750 fffff802`50a2c6b8 : fffff802`50a35909 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 : nvlddmkm+0x792aba
ffff9987`c2387758 fffff802`50a35909 : 00000000`00000001 ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 : nvlddmkm+0x78c6b8
ffff9987`c2387760 00000000`00000001 : ffffd80f`5b9b4000 ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 : nvlddmkm+0x795909
ffff9987`c2387768 ffffd80f`5b9b4000 : ffffd80f`5b9b4000 00000000`00000000 ffff9987`c23877b4 00000000`00000000 : 0x1
ffff9987`c2387770 ffffd80f`5b9b4000 : 00000000`00000000 ffff9987`c23877b4 00000000`00000000 00000000`00000006 : 0xffffd80f`5b9b4000
ffff9987`c2387778 00000000`00000000 : ffff9987`c23877b4 00000000`00000000 00000000`00000006 fffff802`49c93529 : 0xffffd80f`5b9b4000
SYMBOL_NAME: nvlddmkm+792aba
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 792aba
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff804476896bc, Address of the instruction which caused the BugCheck
Arg3: fffff68fec5cce80, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
*** WARNING: Unable to verify checksum for win32kbase.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2765
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 7490
Key : Analysis.Init.CPU.mSec
Value: 218
Key : Analysis.Init.Elapsed.mSec
Value: 1604
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 111021-5546-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff804476896bc
BUGCHECK_P3: fffff68fec5cce80
BUGCHECK_P4: 0
CONTEXT: fffff68fec5cce80 -- (.cxr 0xfffff68fec5cce80)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000016
rdx=0000000000000000 rsi=0000000000000000 rdi=a2e64eada2e64ead
rip=fffff804476896bc rsp=fffff68fec5cd880 rbp=fffff68fec5cdb80
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff68fec5cd928 r12=0000000000000000 r13=0000000000000222
r14=00000046874ff930 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExFreeHeapPool+0x76c:
fffff804`476896bc 488b18 mov rbx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: SearchProtocolHost.exe
STACK_TEXT:
fffff68f`ec5cd880 fffff804`47db1149 : ffffbc85`9b584500 00000000`00000000 00000000`00000000 00000046`874ff930 : nt!ExFreeHeapPool+0x76c
fffff68f`ec5cd960 fffff804`47ae8197 : 00000000`00000001 00000046`874ff930 00000000`00000001 00000000`00000222 : nt!ExFreePool+0x9
fffff68f`ec5cd990 fffff804`47a8edad : ffffbc85`96770a70 00000000`00000000 ffffbc85`9b584500 fffff68f`ec5cdb80 : nt!IopSynchronousApiServiceTail+0x4b
fffff68f`ec5cd9d0 fffff804`47808bb8 : 00000000`00000644 ffffbc85`922d2080 00000046`874ff908 ffffbc85`00000218 : nt!NtQueryVolumeInformationFile+0x3cd
fffff68f`ec5cda90 00007ffd`4bb6d694 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000046`874ff8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`4bb6d694
CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32kbase
ffffa0c2a8240040-ffffa0c2a8240052 19 bytes - win32kbase!ResetOrg+9b0
[ 39 00 00 01 00 0f 87 96:48 8b 02 49 3b 00 77 09 ]
ffffa0c2a8240054-ffffa0c2a8240070 29 bytes - win32kbase!ResetOrg+9c4 (+0x14)
[ 48 8b 56 10 0f b7 42 02:00 00 c3 cc cc cc cc cc ]
ffffa0c2a8240072-ffffa0c2a8240091 32 bytes - win32kbase!ResetOrg+9e2 (+0x1e)
[ 9e bf 0a 00 8b cb 41 2b:ea 01 74 7c 83 ea 02 74 ]
ffffa0c2a8240093-ffffa0c2a824009b 9 bytes - win32kbase!ResetOrg+a03 (+0x21)
[ 41 3b 59 14 0f 83 77 bf:00 8d 4a 58 eb 08 b8 40 ]
ffffa0c2a824009d-ffffa0c2a82400c2 38 bytes - win32kbase!ResetOrg+a0d (+0x0a)
[ 49 8b 41 18 8b d3 48 c1:00 8d 48 10 49 8d 14 0a ]
ffffa0c2a82400c4 - win32kbase!ResetOrg+a34 (+0x27)
[ ff:b8 ]
ffffa0c2a82400c6-ffffa0c2a82400d4 15 bytes - win32kbase!ResetOrg+a36 (+0x02)
[ 0f b7 c0 0b d8 81 fb 00:08 00 00 8d 4a 5b eb d3 ]
ffffa0c2a82400d7-ffffa0c2a82400e1 11 bytes - win32kbase!ResetOrg+a47 (+0x11)
[ 01 00 44 0f b7 f3 0f 87:00 eb c7 b8 00 01 00 00 ]
ffffa0c2a82400e3-ffffa0c2a82400f2 16 bytes - win32kbase!ResetOrg+a53 (+0x0c)
[ 41 8b de 48 8b 56 10 0f:00 eb bb b8 00 04 00 00 ]
ffffa0c2a82400f4-ffffa0c2a82400f8 5 bytes - win32kbase!ResetOrg+a64 (+0x11)
[ 00 05 ff ff 00:20 00 00 b9 6c ]
ffffa0c2a82400fa-ffffa0c2a824013f 70 bytes - win32kbase!ResetOrg+a6a (+0x06)
[ c1 e0 10 41 03 c0 3b d8:00 00 eb a3 b8 00 02 00 ]
ffffa0c2a8249d80-ffffa0c2a8249da3 36 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+a0 (+0x9c86)
[ 00 00 00 48 89 44 24 28:48 83 ec 28 48 8b ca e8 ]
ffffa0c2a8249da5-ffffa0c2a8249db4 16 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+c5 (+0x25)
[ f8 85 db 0f 88 e2 01 00:d1 4d 85 c9 0f 95 c2 41 ]
ffffa0c2a8249db6 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d6 (+0x11)
[ 00:41 ]
ffffa0c2a8249db8-ffffa0c2a8249dcd 22 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d8 (+0x02)
[ 65 e0 00 4c 8d 4d f0 ba:e8 01 0f 84 d2 3d 0a 00 ]
ffffa0c2a8249dda-ffffa0c2a8249df8 31 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+fa (+0x22)
[ 8b d8 85 c0 0f 88 ac 01:0f 84 5e 3d 0a 00 41 83 ]
ffffa0c2a8249dfa-ffffa0c2a8249dfb 2 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11a (+0x20)
[ 48 89:00 74 ]
ffffa0c2a8249dfd-ffffa0c2a8249e02 6 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11d (+0x03)
[ 24 20 41 8d 51 19:48 8b 44 24 28 44 ]
ffffa0c2a8249e0f-ffffa0c2a8249e16 8 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+12f (+0x12)
[ 83 7d e0 00 0f 84 a3 00:10 09 eb 2e 8a 89 4c 01 ]
ffffa0c2a8249e19-ffffa0c2a8249e35 29 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+139 (+0x0a)
[ 48 8b 4d f0 48 8d 45 50:8a c1 c0 e8 03 24 01 3a ]
ffffa0c2a8249e43-ffffa0c2a8249e6f 45 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+163 (+0x2a)
[ 4d 50 ba 55 73 73 65 e8:c3 c3 cc 8a 89 4c 01 00 ]
ffffa0c2a8249e72 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+192 (+0x2f)
[ 44:5c ]
ffffa0c2a8249e74 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+194 (+0x02)
[ 20:08 ]
443 errors : !win32kbase (ffffa0c2a8240040-ffffa0c2a8249e74)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xfffff68fec5cce80 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
8: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132810175517108619
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : STORAGE\Volume\{51533bea-3368-11ec-93fe-6045cb9ef909}#0000000000004000
VetoString :
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff804476896bc, Address of the instruction which caused the BugCheck
Arg3: fffff68fec5cce80, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
*** WARNING: Unable to verify checksum for win32kbase.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2765
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 7490
Key : Analysis.Init.CPU.mSec
Value: 218
Key : Analysis.Init.Elapsed.mSec
Value: 1604
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 111021-5546-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff804476896bc
BUGCHECK_P3: fffff68fec5cce80
BUGCHECK_P4: 0
CONTEXT: fffff68fec5cce80 -- (.cxr 0xfffff68fec5cce80)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000016
rdx=0000000000000000 rsi=0000000000000000 rdi=a2e64eada2e64ead
rip=fffff804476896bc rsp=fffff68fec5cd880 rbp=fffff68fec5cdb80
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff68fec5cd928 r12=0000000000000000 r13=0000000000000222
r14=00000046874ff930 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExFreeHeapPool+0x76c:
fffff804`476896bc 488b18 mov rbx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: SearchProtocolHost.exe
STACK_TEXT:
fffff68f`ec5cd880 fffff804`47db1149 : ffffbc85`9b584500 00000000`00000000 00000000`00000000 00000046`874ff930 : nt!ExFreeHeapPool+0x76c
fffff68f`ec5cd960 fffff804`47ae8197 : 00000000`00000001 00000046`874ff930 00000000`00000001 00000000`00000222 : nt!ExFreePool+0x9
fffff68f`ec5cd990 fffff804`47a8edad : ffffbc85`96770a70 00000000`00000000 ffffbc85`9b584500 fffff68f`ec5cdb80 : nt!IopSynchronousApiServiceTail+0x4b
fffff68f`ec5cd9d0 fffff804`47808bb8 : 00000000`00000644 ffffbc85`922d2080 00000046`874ff908 ffffbc85`00000218 : nt!NtQueryVolumeInformationFile+0x3cd
fffff68f`ec5cda90 00007ffd`4bb6d694 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000046`874ff8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`4bb6d694
CHKIMG_EXTENSION: !chkimg -lo 50 -d !win32kbase
ffffa0c2a8240040-ffffa0c2a8240052 19 bytes - win32kbase!ResetOrg+9b0
[ 39 00 00 01 00 0f 87 96:48 8b 02 49 3b 00 77 09 ]
ffffa0c2a8240054-ffffa0c2a8240070 29 bytes - win32kbase!ResetOrg+9c4 (+0x14)
[ 48 8b 56 10 0f b7 42 02:00 00 c3 cc cc cc cc cc ]
ffffa0c2a8240072-ffffa0c2a8240091 32 bytes - win32kbase!ResetOrg+9e2 (+0x1e)
[ 9e bf 0a 00 8b cb 41 2b:ea 01 74 7c 83 ea 02 74 ]
ffffa0c2a8240093-ffffa0c2a824009b 9 bytes - win32kbase!ResetOrg+a03 (+0x21)
[ 41 3b 59 14 0f 83 77 bf:00 8d 4a 58 eb 08 b8 40 ]
ffffa0c2a824009d-ffffa0c2a82400c2 38 bytes - win32kbase!ResetOrg+a0d (+0x0a)
[ 49 8b 41 18 8b d3 48 c1:00 8d 48 10 49 8d 14 0a ]
ffffa0c2a82400c4 - win32kbase!ResetOrg+a34 (+0x27)
[ ff:b8 ]
ffffa0c2a82400c6-ffffa0c2a82400d4 15 bytes - win32kbase!ResetOrg+a36 (+0x02)
[ 0f b7 c0 0b d8 81 fb 00:08 00 00 8d 4a 5b eb d3 ]
ffffa0c2a82400d7-ffffa0c2a82400e1 11 bytes - win32kbase!ResetOrg+a47 (+0x11)
[ 01 00 44 0f b7 f3 0f 87:00 eb c7 b8 00 01 00 00 ]
ffffa0c2a82400e3-ffffa0c2a82400f2 16 bytes - win32kbase!ResetOrg+a53 (+0x0c)
[ 41 8b de 48 8b 56 10 0f:00 eb bb b8 00 04 00 00 ]
ffffa0c2a82400f4-ffffa0c2a82400f8 5 bytes - win32kbase!ResetOrg+a64 (+0x11)
[ 00 05 ff ff 00:20 00 00 b9 6c ]
ffffa0c2a82400fa-ffffa0c2a824013f 70 bytes - win32kbase!ResetOrg+a6a (+0x06)
[ c1 e0 10 41 03 c0 3b d8:00 00 eb a3 b8 00 02 00 ]
ffffa0c2a8249d80-ffffa0c2a8249da3 36 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+a0 (+0x9c86)
[ 00 00 00 48 89 44 24 28:48 83 ec 28 48 8b ca e8 ]
ffffa0c2a8249da5-ffffa0c2a8249db4 16 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+c5 (+0x25)
[ f8 85 db 0f 88 e2 01 00:d1 4d 85 c9 0f 95 c2 41 ]
ffffa0c2a8249db6 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d6 (+0x11)
[ 00:41 ]
ffffa0c2a8249db8-ffffa0c2a8249dcd 22 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+d8 (+0x02)
[ 65 e0 00 4c 8d 4d f0 ba:e8 01 0f 84 d2 3d 0a 00 ]
ffffa0c2a8249dda-ffffa0c2a8249df8 31 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+fa (+0x22)
[ 8b d8 85 c0 0f 88 ac 01:0f 84 5e 3d 0a 00 41 83 ]
ffffa0c2a8249dfa-ffffa0c2a8249dfb 2 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11a (+0x20)
[ 48 89:00 74 ]
ffffa0c2a8249dfd-ffffa0c2a8249e02 6 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+11d (+0x03)
[ 24 20 41 8d 51 19:48 8b 44 24 28 44 ]
ffffa0c2a8249e0f-ffffa0c2a8249e16 8 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+12f (+0x12)
[ 83 7d e0 00 0f 84 a3 00:10 09 eb 2e 8a 89 4c 01 ]
ffffa0c2a8249e19-ffffa0c2a8249e35 29 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+139 (+0x0a)
[ 48 8b 4d f0 48 8d 45 50:8a c1 c0 e8 03 24 01 3a ]
ffffa0c2a8249e43-ffffa0c2a8249e6f 45 bytes - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+163 (+0x2a)
[ 4d 50 ba 55 73 73 65 e8:c3 c3 cc 8a 89 4c 01 00 ]
ffffa0c2a8249e72 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+192 (+0x2f)
[ 44:5c ]
ffffa0c2a8249e74 - win32kbase!UserAllocDefaultCompositionSecurityDescriptor+194 (+0x02)
[ 20:08 ]
443 errors : !win32kbase (ffffa0c2a8240040-ffffa0c2a8249e74)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: LARGE
STACK_COMMAND: .cxr 0xfffff68fec5cce80 ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
8: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132810175517108619
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : STORAGE\Volume\{51533bea-3368-11ec-93fe-6045cb9ef909}#0000000000004000
VetoString :
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80620600928, Address of the instruction which caused the BugCheck
Arg3: fffffa0c65ebb8d0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2031
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 6782
Key : Analysis.Init.CPU.mSec
Value: 234
Key : Analysis.Init.Elapsed.mSec
Value: 6738
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-5125-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80620600928
BUGCHECK_P3: fffffa0c65ebb8d0
BUGCHECK_P4: 0
CONTEXT: fffffa0c65ebb8d0 -- (.cxr 0xfffffa0c65ebb8d0)
rax=0000000000000000 rbx=ffffc200f94c00f0 rcx=ffffa309f2612630
rdx=0000000000000001 rsi=ffffa309f2612630 rdi=fffea309f3224cc0
rip=fffff80620600928 rsp=fffffa0c65ebc2d0 rbp=ffffa309f2f4b0c0
r8=00000000ffffffff r9=7fffa309f2612748 r10=7ffffffffffffffc
r11=fffffa0c65ebc210 r12=ffffa309ecab3cb0 r13=ffffc200f94c0000
r14=ffffa309f1177080 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nt!MmEnumerateAddressSpaceAndReferenceImages+0x128:
fffff806`20600928 48390f cmp qword ptr [rdi],rcx ds:002b:fffea309`f3224cc0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RDR2.exe
STACK_TEXT:
fffffa0c`65ebc2d0 fffff806`20603ac3 : 00000000`00000000 00000000`00000000 fffffa0c`65ebc610 00000000`00000001 : nt!MmEnumerateAddressSpaceAndReferenceImages+0x128
fffffa0c`65ebc360 fffff806`2065e8a2 : ffffd30e`05debb40 ffffd340`46919bc1 ffffa309`f1177001 00000000`00000302 : nt!EtwpEnumerateAddressSpace+0x15f
fffffa0c`65ebc510 fffff806`2061d642 : ffffa309`f1177080 ffffa309`f1177080 00000000`00000001 00000000`00000000 : nt!EtwTraceProcess+0x1be
fffffa0c`65ebc7a0 fffff806`206b0a72 : ffffa309`f2f4b4f8 00000000`00000000 fffffa0c`65ebc990 00000000`00000000 : nt!PspExitProcess+0x4e
fffffa0c`65ebc7d0 fffff806`206f53c8 : ffffa309`c0000005 00000000`00000001 fffffa0c`65ebc9e0 0000005a`f0f8d000 : nt!PspExitThread+0x5b2
fffffa0c`65ebc8d0 fffff806`2020ef67 : 00000000`40920088 00000000`00000000 00000000`00000000 00000000`00000400 : nt!KiSchedulerApcTerminate+0x38
fffffa0c`65ebc910 fffff806`203fb750 : 0000005a`f770f638 fffffa0c`65ebc9c0 fffffa0c`65ebcb80 00000000`00000000 : nt!KiDeliverApc+0x487
fffffa0c`65ebc9c0 fffff806`20408c5f : 0000005a`f770ecd0 fffffa0c`65ebcb80 fffffa0c`65ebcb18 ffffffff`fff85ee0 : nt!KiInitiateUserApc+0x70
fffffa0c`65ebcb00 00007ffa`8f3ecdf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
0000005a`f770f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`8f3ecdf4
SYMBOL_NAME: nt!MmEnumerateAddressSpaceAndReferenceImages+128
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.1288
STACK_COMMAND: .cxr 0xfffffa0c65ebb8d0 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 128
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!MmEnumerateAddressSpaceAndReferenceImages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {36e4410a-4584-8213-16e3-4f27f5fc983e}
Followup: MachineOwner
---------
10: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132809289865406961
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80620600928, Address of the instruction which caused the BugCheck
Arg3: fffffa0c65ebb8d0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2031
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 6782
Key : Analysis.Init.CPU.mSec
Value: 234
Key : Analysis.Init.Elapsed.mSec
Value: 6738
Key : Analysis.Memory.CommitPeak.Mb
Value: 74
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110921-5125-01.dmp
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80620600928
BUGCHECK_P3: fffffa0c65ebb8d0
BUGCHECK_P4: 0
CONTEXT: fffffa0c65ebb8d0 -- (.cxr 0xfffffa0c65ebb8d0)
rax=0000000000000000 rbx=ffffc200f94c00f0 rcx=ffffa309f2612630
rdx=0000000000000001 rsi=ffffa309f2612630 rdi=fffea309f3224cc0
rip=fffff80620600928 rsp=fffffa0c65ebc2d0 rbp=ffffa309f2f4b0c0
r8=00000000ffffffff r9=7fffa309f2612748 r10=7ffffffffffffffc
r11=fffffa0c65ebc210 r12=ffffa309ecab3cb0 r13=ffffc200f94c0000
r14=ffffa309f1177080 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050286
nt!MmEnumerateAddressSpaceAndReferenceImages+0x128:
fffff806`20600928 48390f cmp qword ptr [rdi],rcx ds:002b:fffea309`f3224cc0=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: RDR2.exe
STACK_TEXT:
fffffa0c`65ebc2d0 fffff806`20603ac3 : 00000000`00000000 00000000`00000000 fffffa0c`65ebc610 00000000`00000001 : nt!MmEnumerateAddressSpaceAndReferenceImages+0x128
fffffa0c`65ebc360 fffff806`2065e8a2 : ffffd30e`05debb40 ffffd340`46919bc1 ffffa309`f1177001 00000000`00000302 : nt!EtwpEnumerateAddressSpace+0x15f
fffffa0c`65ebc510 fffff806`2061d642 : ffffa309`f1177080 ffffa309`f1177080 00000000`00000001 00000000`00000000 : nt!EtwTraceProcess+0x1be
fffffa0c`65ebc7a0 fffff806`206b0a72 : ffffa309`f2f4b4f8 00000000`00000000 fffffa0c`65ebc990 00000000`00000000 : nt!PspExitProcess+0x4e
fffffa0c`65ebc7d0 fffff806`206f53c8 : ffffa309`c0000005 00000000`00000001 fffffa0c`65ebc9e0 0000005a`f0f8d000 : nt!PspExitThread+0x5b2
fffffa0c`65ebc8d0 fffff806`2020ef67 : 00000000`40920088 00000000`00000000 00000000`00000000 00000000`00000400 : nt!KiSchedulerApcTerminate+0x38
fffffa0c`65ebc910 fffff806`203fb750 : 0000005a`f770f638 fffffa0c`65ebc9c0 fffffa0c`65ebcb80 00000000`00000000 : nt!KiDeliverApc+0x487
fffffa0c`65ebc9c0 fffff806`20408c5f : 0000005a`f770ecd0 fffffa0c`65ebcb80 fffffa0c`65ebcb18 ffffffff`fff85ee0 : nt!KiInitiateUserApc+0x70
fffffa0c`65ebcb00 00007ffa`8f3ecdf4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
0000005a`f770f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`8f3ecdf4
SYMBOL_NAME: nt!MmEnumerateAddressSpaceAndReferenceImages+128
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.1288
STACK_COMMAND: .cxr 0xfffffa0c65ebb8d0 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 128
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!MmEnumerateAddressSpaceAndReferenceImages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {36e4410a-4584-8213-16e3-4f27f5fc983e}
Followup: MachineOwner
---------
10: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132809289865406961
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: ffff9081453567b8, Address of the IRP
Arg2: 0000000000001232
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3889
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8706
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3630
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110221-5515-01.dmp
BUGCHECK_CODE: 44
BUGCHECK_P1: ffff9081453567b8
BUGCHECK_P2: 1232
BUGCHECK_P3: 0
BUGCHECK_P4: 0
IRP_ADDRESS: ffff9081453567b8
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Launcher.exe
STACK_TEXT:
ffff9081`453566e8 fffff807`1983c23e : 00000000`00000044 ffff9081`453567b8 00000000`00001232 00000000`00000000 : nt!KeBugCheckEx
ffff9081`453566f0 fffff807`19684de7 : 00000000`00001000 ffff9081`45356a02 ffffe68d`3940c4b8 ffff940d`faebc800 : nt!IopfCompleteRequest+0x1b743e
ffff9081`453567e0 fffff807`1f72a7d8 : 00000000`00000001 ffffe68d`00000001 fffff807`00000000 ffff940e`0f905890 : nt!IofCompleteRequest+0x17
ffff9081`45356810 fffff807`1821738b : ffff940d`faebc800 ffff940d`faeba060 ffff9081`45356930 fffff807`17238180 : Npfs!NpFastRead+0x1f8
ffff9081`453568a0 fffff807`1824bb2d : ffff940e`0f905890 ffff9081`45356970 ffff9081`45356a10 ffff9081`45356a38 : FLTMGR!FltpPerformFastIoCall+0x16b
ffff9081`45356900 fffff807`19a8c49f : ffff940e`0f905890 00000000`00000000 00000000`00000000 ffff940e`00000000 : FLTMGR!FltpFastIoRead+0x1dd
ffff9081`453569b0 fffff807`19808bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x37f
ffff9081`45356a90 00007ffd`9f58ce34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000b9`ea2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`9f58ce34
SYMBOL_NAME: Npfs!NpFastRead+1f8
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
IMAGE_VERSION: 10.0.19041.1030
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f8
FAILURE_BUCKET_ID: 0x44_Npfs!NpFastRead
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {86b7726c-e1a8-7fbc-1f00-18525c488171}
Followup: MachineOwner
---------
2: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132803455833860250
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: ffff9081453567b8, Address of the IRP
Arg2: 0000000000001232
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3889
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 8706
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 3630
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 110221-5515-01.dmp
BUGCHECK_CODE: 44
BUGCHECK_P1: ffff9081453567b8
BUGCHECK_P2: 1232
BUGCHECK_P3: 0
BUGCHECK_P4: 0
IRP_ADDRESS: ffff9081453567b8
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Launcher.exe
STACK_TEXT:
ffff9081`453566e8 fffff807`1983c23e : 00000000`00000044 ffff9081`453567b8 00000000`00001232 00000000`00000000 : nt!KeBugCheckEx
ffff9081`453566f0 fffff807`19684de7 : 00000000`00001000 ffff9081`45356a02 ffffe68d`3940c4b8 ffff940d`faebc800 : nt!IopfCompleteRequest+0x1b743e
ffff9081`453567e0 fffff807`1f72a7d8 : 00000000`00000001 ffffe68d`00000001 fffff807`00000000 ffff940e`0f905890 : nt!IofCompleteRequest+0x17
ffff9081`45356810 fffff807`1821738b : ffff940d`faebc800 ffff940d`faeba060 ffff9081`45356930 fffff807`17238180 : Npfs!NpFastRead+0x1f8
ffff9081`453568a0 fffff807`1824bb2d : ffff940e`0f905890 ffff9081`45356970 ffff9081`45356a10 ffff9081`45356a38 : FLTMGR!FltpPerformFastIoCall+0x16b
ffff9081`45356900 fffff807`19a8c49f : ffff940e`0f905890 00000000`00000000 00000000`00000000 ffff940e`00000000 : FLTMGR!FltpFastIoRead+0x1dd
ffff9081`453569b0 fffff807`19808bb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x37f
ffff9081`45356a90 00007ffd`9f58ce34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000b9`ea2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`9f58ce34
SYMBOL_NAME: Npfs!NpFastRead+1f8
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
IMAGE_VERSION: 10.0.19041.1030
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f8
FAILURE_BUCKET_ID: 0x44_Npfs!NpFastRead
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {86b7726c-e1a8-7fbc-1f00-18525c488171}
Followup: MachineOwner
---------
2: kd> !blackboxpnp
PnpActivityId : {00000000-0000-0000-0000-000000000000}
PnpActivityTime : 132803455833860250
PnpEventInformation: 3
PnpEventInProgress : 0
PnpProblemCode : 24
PnpVetoType : 0
DeviceId : SWD\MMDEVAPI\{0.0.0.00000000}.{24815350-f88e-4e66-9fb4-eb6f69ab34df}
VetoString :
Ekran kartı sürücüsü nedeniyle de ekstra bir mavi ekran almışsın. Diğer hatalar RAM'lerini ve Depolama diskini işaret ediyor. XMP/DOCP profillerini kullanıyor musun?
HD Tune ile Error scan sekmesinde Quick Scan kapalı bir şekilde disklerini tarat sonuçlarının ekran görüntüsünü buraya atabilirsin. Sonra MemTest86 ile RAM'lerini kontrol et. Testler bitene kadar beklemek zorundasın. Her iki sonuçları da bekliyorum.
Memtest86 USB'den Çalışan RAM Test Programı
RAM'lerinizi test etmek için kullanabileceğiniz en kapsamlı yazılım Memtest86'dır. Aracı USB belleğe yazmak için: Bu video rehberde Memtest86 ile belleklerinizi nasıl test edeceğinizi öğrenebilirsiniz: Adım adım: Öncelikle yazılımı buradan indirin. UEFI desteği olmayan eski sistemler...
Son düzenleme:
KS
KS
ZuZu
Kilopat
Daha fazla
- Cinsiyet
- Erkek
İki testi de ikinci mavi ekranı hatasını aldığımda yapmıştım, ikisi de temiz çıktı. DDU ile driverları silip, temiz kurulum yaptım. Ayrıca sfc /scannow komutunu da kullandım. O zamandan beri bir herhangi bir sorun ile karşılaşmadım. Yine de teşekkür ederim.
Benzer konular
Bu konuyu görüntüleyen kullanıcılar
Technopat Haberler
Yeni konular
-
-
-
-
-
-
-
-
Çözüldü Project Zomboid virüs kapıldığı nasıl anlaşılır?
- wherwismymnd
- Mesaj: 7
-
-
-
-
-
-
