3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff9a0153ea0327, memory referenced.
Arg2: 0000000000000002, X64: bit 0 set if the fault was due to a not-present PTE.
bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the processor decided the fault was due to a corrupted PTE.
bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: fffff8079a52e985, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Type
Value: Write
Key : Analysis.CPU.mSec
Value: 4656
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 34538
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 327
Key : Analysis.Init.Elapsed.mSec
Value: 3308
Key : Analysis.Memory.CommitPeak.Mb
Value: 92
Key : Bugcheck.Code.DumpHeader
Value: 0x50
Key : Bugcheck.Code.Register
Value: 0x50
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: 041723-8500-01.dmp
BUGCHECK_CODE: 50
BUGCHECK_P1: ffff9a0153ea0327
BUGCHECK_P2: 2
BUGCHECK_P3: fffff8079a52e985
BUGCHECK_P4: 2
READ_ADDRESS: fffff80773efb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffff9a0153ea0327
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: TslGame.exe
TRAP_FRAME: ffff9a0153ea6e40 -- (.trap 0xffff9a0153ea6e40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8079a0edc00 rbx=0000000000000000 rcx=ffffd8077b2f3010
rdx=ffff9a0153ea7620 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8079a52e985 rsp=ffff9a0153ea6fd8 rbp=ffffd8076e722000
r8=0000000000000006 r9=0000000000000000 r10=0000000000000000
r11=ffff79fec2600000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nvlddmkm+0xfce985:
fffff807`9a52e985 48896c2410 mov qword ptr [rsp+10h],rbp ss:0018:ffff9a01`53ea6fe8=0000000000000000
Resetting default scope
STACK_TEXT:
ffff9a01`53ea6b98 fffff807`7364ab53 : 00000000`00000050 ffff9a01`53ea0327 00000000`00000002 ffff9a01`53ea6e40 : nt!KeBugCheckEx
ffff9a01`53ea6ba0 fffff807`7346e7b0 : 00000000`00000000 00000000`00000002 ffff9a01`53ea6ec0 00000000`00000000 : nt!MiSystemFault+0x1b2173
ffff9a01`53ea6ca0 fffff807`7360b6d8 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000001 : nt!MmAccessFault+0x400
ffff9a01`53ea6e40 fffff807`9a52e985 : fffff807`9a52ecc5 00000000`00000000 00000000`00000000 00000000`00000006 : nt!KiPageFault+0x358
ffff9a01`53ea6fd8 fffff807`9a52ecc5 : 00000000`00000000 00000000`00000000 00000000`00000006 ffffd807`6e724e58 : nvlddmkm+0xfce985
ffff9a01`53ea6fe0 00000000`00000000 : 00000000`00000000 00000000`00000006 ffffd807`6e724e58 ffff9a01`53ea7620 : nvlddmkm+0xfcecc5
SYMBOL_NAME: nvlddmkm+fce985
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: fce985
FAILURE_BUCKET_ID: AV_W_(null)_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {838100fa-f28b-2ef7-d702-e31713cb338c}
Followup: MachineOwner
---------
3: kd> kb ffff9a0153ea6e40
Requested number of stack frames (0xfff9a0153ea6e40) is too large! The maximum number is 0xffff.
^ Range error in 'kb ffff9a0153ea6e40'
3: kd> kb
# RetAddr : Args to Child : Call Site
00 fffff807`7364ab53 : 00000000`00000050 ffff9a01`53ea0327 00000000`00000002 ffff9a01`53ea6e40 : nt!KeBugCheckEx
01 fffff807`7346e7b0 : 00000000`00000000 00000000`00000002 ffff9a01`53ea6ec0 00000000`00000000 : nt!MiSystemFault+0x1b2173
02 fffff807`7360b6d8 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000001 : nt!MmAccessFault+0x400
03 fffff807`9a52e985 : fffff807`9a52ecc5 00000000`00000000 00000000`00000000 00000000`00000006 : nt!KiPageFault+0x358
04 fffff807`9a52ecc5 : 00000000`00000000 00000000`00000000 00000000`00000006 ffffd807`6e724e58 : nvlddmkm+0xfce985
05 00000000`00000000 : 00000000`00000000 00000000`00000006 ffffd807`6e724e58 ffff9a01`53ea7620 : nvlddmkm+0xfcecc5
3: kd> db ffff9a0153ea0327
ffff9a01`53ea0327 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0337 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0347 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0357 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0367 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0377 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0387 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
ffff9a01`53ea0397 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
3: kd> db fffff8079a52e985
fffff807`9a52e985 48 89 6c 24 10 48 89 74-24 18 57 48 83 ec 20 48 H.l$.H.t$.WH.. H
fffff807`9a52e995 8b fa 48 8b d9 48 85 d2-75 05 e8 c8 c6 99 ff 48 ..H..H..u......H
fffff807`9a52e9a5 8b 03 48 8b cb 48 8b 80-88 02 00 00 ff 15 91 b0 ..H..H..........
fffff807`9a52e9b5 9d ff 8b 48 08 89 4f 08-48 8b cb 48 8b 03 48 8b ...H..O.H..H..H.
fffff807`9a52e9c5 40 68 ff 15 7b b0 9d ff-84 c0 75 3e 48 8b 83 10 @h..{.....u>H...
fffff807`9a52e9d5 01 00 00 48 c1 e8 34 a8-01 75 2f 48 8b 03 48 8b ...H..4..u/H..H.
fffff807`9a52e9e5 cb 48 8b 80 40 01 00 00-ff 15 55 b0 9d ff 84 c0 [email protected].....
fffff807`9a52e9f5 75 18 48 8b 03 48 8b cb-48 8b 80 88 02 00 00 ff u.H..H..H.......
3: kd> !address fffff8079a52e985
Mapping user range ...
ERROR: !address: extension exception 0x80004005.
"ExtRemoteTyped::Set from type and offset"
3: kd> ub
nt!KiBugCheckReturn+0x6:
fffff807`735fbbfa c3 ret
fffff807`735fbbfb cc int 3
fffff807`735fbbfc cc int 3
fffff807`735fbbfd cc int 3
fffff807`735fbbfe cc int 3
fffff807`735fbbff cc int 3
fffff807`735fbc00 cc int 3
fffff807`735fbc01 666666666666660f1f840000000000 nop word ptr [rax+rax]
3: kd> r
rax=0000000000000000 rbx=ffff9a0153ea0327 rcx=0000000000000050
rdx=ffff9a0153ea0327 rsi=0000000000000000 rdi=ffff9a0153ea6d60
rip=fffff807735fbc10 rsp=ffff9a0153ea6b98 rbp=ffffd80778fdb080
r8=0000000000000002 r9=ffff9a0153ea6e40 r10=0000000000000000
r11=ffff9a0153ea6e40 r12=0000000000000000 r13=ffff800000000000
r14=ffff9a0153ea0327 r15=0000000000001000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00040246
nt!KeBugCheckEx:
fffff807`735fbc10 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9a01`53ea6ba0=0000000000000050
3: kd> db fffff807735fbc10
fffff807`735fbc10 48 89 4c 24 08 48 89 54-24 10 4c 89 44 24 18 4c H.L$.H.T$.L.D$.L
fffff807`735fbc20 89 4c 24 20 9c 48 83 ec-30 fa 65 48 8b 0c 25 20 .L$ .H..0.eH..%
fffff807`735fbc30 00 00 00 48 8b 89 c0 85-00 00 e8 11 97 00 00 65 ...H...........e
fffff807`735fbc40 48 8b 0c 25 20 00 00 00-48 81 c1 00 01 00 00 e8 H..% ...H.......
fffff807`735fbc50 0c 03 00 00 65 4c 8b 14-25 20 00 00 00 4d 8b 92 ....eL..% ...M..
fffff807`735fbc60 c0 85 00 00 48 8b 44 24-40 49 89 82 80 00 00 00 ....H.D$@I......
fffff807`735fbc70 48 8b 44 24 30 49 89 42-44 48 8d 05 79 ff ff ff H.D$0I.BDH..y...
fffff807`735fbc80 48 3b 44 24 38 75 0e 4c-8d 44 24 68 4c 8d 0d 5d H;D$8u.L.D$hL..]
3: kd> !pte fffff807735fbc10
VA fffff807735fbc10
PXE at FFFFC562B158AF80 PPE at FFFFC562B15F00E8 PDE at FFFFC562BE01DCD0 PTE at FFFFC57C03B9AFD8
contains 000000000430A063 contains 000000000440B063 contains 0A000000026001A1 contains 0000000000000000
pfn 430a ---DA--KWEV pfn 440b ---DA--KWEV pfn 2600 -GL-A--KREV LARGE PAGE pfn 27fb
3: kd> !pool fffff807735fbc10
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
HeapDbgInitExtension Failed