*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff9b0bf01b7650, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80248d2dbfc, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.864 (WinBuild.160101.0800)
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffff9b0bf01b7650
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80248d2dbfc
BUGCHECK_P4: 2
READ_ADDRESS: GetUlongFromAddress: unable to read from fffff80248b7d540
fffff80248bf8390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffff9b0bf01b7650
FAULTING_IP:
nt!SepDuplicateToken+3bc
fffff802`48d2dbfc 833900 cmp dword ptr [rcx],0
MM_INTERNAL_CODE: 2
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 12-07-2019 16:55:10.0869
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffde8cae46f620 -- (.trap 0xffffde8cae46f620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9b0b8f25d950 rbx=0000000000000000 rcx=ffff9b0bf01b7650
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80248d2dbfc rsp=ffffde8cae46f7b0 rbp=ffff9b0ba9866060
r8=0000000000000008 r9=0000000000000000 r10=0000000000000000
r11=ffffde8cae46f740 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!SepDuplicateToken+0x3bc:
fffff802`48d2dbfc 833900 cmp dword ptr [rcx],0 ds:ffff9b0b`f01b7650=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff802488af641 to fffff8024886e9c0
STACK_TEXT:
ffffde8c`ae46f338 fffff802`488af641 : 00000000`00000050 ffff9b0b`f01b7650 00000000`00000000 ffffde8c`ae46f620 : nt!KeBugCheckEx
ffffde8c`ae46f340 fffff802`4874db36 : 00000000`00000001 ffff8000`00000000 ffff9b0b`a988a750 ffff9b0b`f01b7650 : nt!MiSystemFault+0x193891
ffffde8c`ae46f480 fffff802`4887c4c9 : 00000000`000000c9 ffffffff`00000002 ffff9b0b`a988a750 00000000`00000fff : nt!MmAccessFault+0x1a6
ffffde8c`ae46f620 fffff802`48d2dbfc : ffff9b0b`904106f0 ffff9b0b`904106f0 ffff9b0b`904106f0 ffffe486`b13c5b10 : nt!KiPageFault+0x349
ffffde8c`ae46f7b0 fffff802`48d2d299 : ffffde8c`ae46fa00 00000000`00000000 00000000`00000000 ffff9b0b`a9c070f0 : nt!SepDuplicateToken+0x3bc
ffffde8c`ae46f890 fffff802`48d1b745 : ffff9b0b`a9c070f0 ffffde8c`ae46fab8 ffffe486`a566b040 ffffde8c`ae46fb80 : nt!SeCopyClientToken+0x5d
ffffde8c`ae46f920 fffff802`48d2d634 : ffff9b0b`a9c070f0 00000000`00000000 ffffde8c`ae46fab8 ffffde8c`ae46fa10 : nt!SepCreateClientSecurityEx+0x135
ffffde8c`ae46f990 fffff802`48c4b31c : ffff9b0b`a9c070d0 ffffe486`ae0bc070 ffffe486`99927080 00000000`00000001 : nt!SeCreateClientSecurity+0xa4
ffffde8c`ae46fa20 fffff802`48c4a8ac : 00000204`ed9c50f0 ffffde8c`ae46fb80 00000204`ed9c50d0 00000000`fffffffd : nt!AlpcpCreateSecurityContext+0x90
ffffde8c`ae46fa80 fffff802`4887fc08 : ffffe486`a566b040 00000204`ed9c50c0 00000000`00000002 ffffe486`ae0bc070 : nt!NtAlpcCreateSecurityContext+0x11c
ffffde8c`ae46fb00 00007ff9`c1b506f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
0000009a`bd97e0a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`c1b506f4
THREAD_SHA1_HASH_MOD_FUNC: b90880f1ede71824ccd1780ffe78871869f3058b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2ebe0a26c1774641e5b22ebdb16ed9b09747cd29
THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c
FOLLOWUP_IP:
nt!SepDuplicateToken+3bc
fffff802`48d2dbfc 833900 cmp dword ptr [rcx],0
FAULT_INSTR_CODE: 74003983
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!SepDuplicateToken+3bc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.864
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 3bc
FAILURE_BUCKET_ID: AV_R_INVALID_nt!SepDuplicateToken
BUCKET_ID: AV_R_INVALID_nt!SepDuplicateToken
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_nt!SepDuplicateToken
TARGET_TIME: 2019-12-06T19:47:07.000Z
OSBUILD: 17763
OSSERVICEPACK: 864
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.864
ANALYSIS_SESSION_ELAPSED_TIME: b4e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_nt!sepduplicatetoken
FAILURE_ID_HASH: {c8575ea4-c5d4-5c14-2762-d9828d4243db}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffd0f71ba09938, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80758470feb, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.864 (WinBuild.160101.0800)
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffffd0f71ba09938
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80758470feb
BUGCHECK_P4: 2
READ_ADDRESS: GetUlongFromAddress: unable to read from fffff807582cd540
fffff80758348390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffd0f71ba09938
FAULTING_IP:
nt!PsQueryProcessEnergyValues+6b
fffff807`58470feb 498b4640 mov rax,qword ptr [r14+40h]
MM_INTERNAL_CODE: 2
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: VideoCardMonit
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 12-07-2019 16:55:16.0122
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffffd83501250a0 -- (.trap 0xfffffd83501250a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffd8350125501 rbx=0000000000000000 rcx=fffff78000000004
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80758470feb rsp=fffffd8350125230 rbp=fffffd8350125b80
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=fffffd8350125200 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!PsQueryProcessEnergyValues+0x6b:
fffff807`58470feb 498b4640 mov rax,qword ptr [r14+40h] ds:00000000`00000040=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80757fff641 to fffff80757fbe9c0
STACK_TEXT:
fffffd83`50124db8 fffff807`57fff641 : 00000000`00000050 ffffd0f7`1ba09938 00000000`00000000 fffffd83`501250a0 : nt!KeBugCheckEx
fffffd83`50124dc0 fffff807`57e9db36 : ffffd007`1fff8072 ffff8000`00000000 ffffd007`1ba093d8 ffffd0f7`1ba09938 : nt!MiSystemFault+0x193891
fffffd83`50124f00 fffff807`57fcc4c9 : 00000000`00000090 ffffd007`1fff8000 ffffd007`1ba093d8 fffff807`57ef851b : nt!MmAccessFault+0x1a6
fffffd83`501250a0 fffff807`58470feb : fffffd83`50125b01 ffffd007`1b7f9402 00000000`00000000 ffffaa8e`b4140100 : nt!KiPageFault+0x349
fffffd83`50125230 fffff807`58458bc1 : ffffd007`1ba09080 fffffd83`50125b80 00000000`00000000 ffffd007`1ba09080 : nt!PsQueryProcessEnergyValues+0x6b
fffffd83`50125290 fffff807`5845c34a : 00000001`00000000 00000008`0006dc28 00000001`00000000 00000000`00000000 : nt!ExpGetProcessInformation+0x2a1
fffffd83`501258b0 fffff807`5845baab : 00000000`00000020 ffffeed5`e1bf7552 ffffd007`1e990080 00000008`00000000 : nt!ExpQuerySystemInformation+0x77a
fffffd83`50125ac0 fffff807`57fcfc08 : ffffd007`1e990080 ffffee93`00620010 00000000`00000000 ffffd007`1e990080 : nt!NtQuerySystemInformation+0x2b
fffffd83`50125b00 00007ffc`35c6fe24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`06dfe328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`35c6fe24
THREAD_SHA1_HASH_MOD_FUNC: e95b5c66a5cd9b84e637e645ffba79ce9d34be06
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e0be262901617ea85918ae3fc8b607e7b9b79c69
THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
FOLLOWUP_IP:
nt!PsQueryProcessEnergyValues+6b
fffff807`58470feb 498b4640 mov rax,qword ptr [r14+40h]
FAULT_INSTR_CODE: 40468b49
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!PsQueryProcessEnergyValues+6b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.864
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 6b
FAILURE_BUCKET_ID: AV_R_INVALID_nt!PsQueryProcessEnergyValues
BUCKET_ID: AV_R_INVALID_nt!PsQueryProcessEnergyValues
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_nt!PsQueryProcessEnergyValues
TARGET_TIME: 2019-12-07T09:40:08.000Z
OSBUILD: 17763
OSSERVICEPACK: 864
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.864
ANALYSIS_SESSION_ELAPSED_TIME: b7a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_nt!psqueryprocessenergyvalues
FAILURE_ID_HASH: {68b7b962-1698-61e5-007e-cd385ddb3015}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffff96ad03c22a88, Virtual address for the attempted write.
Arg2: 8a00000000200121, PTE contents.
Arg3: ffff910c2153a460, (reserved)
Arg4: 000000000000000a, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.864 (WinBuild.160101.0800)
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffff96ad03c22a88
BUGCHECK_P2: 8a00000000200121
BUGCHECK_P3: ffff910c2153a460
BUGCHECK_P4: a
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 12-07-2019 16:55:19.0744
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffff910c2153a460 -- (.trap 0xffff910c2153a460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=00000000f0140b8d
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80212eb0734 rsp=ffff910c2153a5f0 rbp=ffff910c2153a669
r8=000000000014bb89 r9=0000000000000000 r10=000000000000f506
r11=8000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt!MiIdentifyPfn+0x494:
fffff802`12eb0734 f0490fba6e183f lock bts qword ptr [r14+18h],3Fh ds:00000000`00000018=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80212ff048d to fffff80212fb99c0
STACK_TEXT:
ffff910c`2153a278 fffff802`12ff048d : 00000000`000000be ffff96ad`03c22a88 8a000000`00200121 ffff910c`2153a460 : nt!KeBugCheckEx
ffff910c`2153a280 fffff802`12e98af8 : 8a000000`00200121 00000000`00000003 ffff910c`2153a3c0 0000014f`14851000 : nt!MiRaisedIrqlFault+0x19d385
ffff910c`2153a2c0 fffff802`12fc74c9 : ffff9f05`0000018e 00010067`018e0001 ffff910c`2153a488 ffff910c`2153a480 : nt!MmAccessFault+0x168
ffff910c`2153a460 fffff802`12eb0734 : 00000000`00000000 ffff9f05`82f66890 ffff910c`2153a669 fffff802`1335d100 : nt!KiPageFault+0x349
ffff910c`2153a5f0 fffff802`12eb023c : ffff9f05`82f650c0 00000000`00000000 ffff9f05`82f651f8 ffff910c`2153a7c8 : nt!MiIdentifyPfn+0x494
ffff910c`2153a6d0 fffff802`134591fa : 00000000`00000000 ffff9f05`82f651f8 ffff910c`2153a7c8 ffff910c`42506650 : nt!MiIdentifyPfnWrapper+0x4c
ffff910c`2153a700 fffff802`13458ca4 : 00000000`00000001 ffff8006`00215630 ffff910c`2153a8e0 ffff9f05`82f65000 : nt!PfpPfnPrioRequest+0xda
ffff910c`2153a780 fffff802`13456d41 : 000000d6`a95fa2a8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfQuerySuperfetchInformation+0x2d4
ffff910c`2153a8b0 fffff802`13456aab : 000000d6`a95fa300 00000000`00000000 00000000`00000007 00000000`00000000 : nt!ExpQuerySystemInformation+0x171
ffff910c`2153aac0 fffff802`12fcac08 : 000000d6`a95fb6e0 ffff910c`2153ab80 ffff9f05`76cb4a00 000000d6`a95fd6b8 : nt!NtQuerySystemInformation+0x2b
ffff910c`2153ab00 00007ffb`afbbfe24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000d6`a95fa1a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`afbbfe24
THREAD_SHA1_HASH_MOD_FUNC: 9395ad867c043b64a9b3fcc3cf587af48e902acb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 9b6b1888d35b12f319e73c60e5dcd80e5d52c261
THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c
FOLLOWUP_IP:
nt!MiRaisedIrqlFault+19d385
fffff802`12ff048d cc int 3
FAULT_INSTR_CODE: cf8b48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiRaisedIrqlFault+19d385
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.864
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 19d385
FAILURE_BUCKET_ID: 0xBE_nt!MiRaisedIrqlFault
BUCKET_ID: 0xBE_nt!MiRaisedIrqlFault
PRIMARY_PROBLEM_CLASS: 0xBE_nt!MiRaisedIrqlFault
TARGET_TIME: 2019-12-07T09:52:44.000Z
OSBUILD: 17763
OSSERVICEPACK: 864
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.864
ANALYSIS_SESSION_ELAPSED_TIME: aa4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xbe_nt!miraisedirqlfault
FAILURE_ID_HASH: {1c5b4d11-09e0-def3-d2d0-70a11d69b92d}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80323d05187, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.864 (WinBuild.160101.0800)
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80323d05187
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffffffffffff
READ_ADDRESS: GetUlongFromAddress: unable to read from fffff80318f63540
fffff80318fde390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffff
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
afd!AfdTLSuperConnectComplete+37
fffff803`23d05187 4d8b7218 mov r14,qword ptr [r10+18h]
EXCEPTION_PARAMETER2: ffffffffffffffff
BUGCHECK_STR: 0x1E_c0000005_R
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 12-07-2019 16:55:25.0254
ANALYSIS_VERSION: 10.0.18362.1 x86fre
EXCEPTION_RECORD: ffff950a00004000 -- (.exr 0xffff950a00004000)
Cannot read Exception record @ ffff950a00004000
TRAP_FRAME: ffff950a160e4160 -- (.trap 0xffff950a160e4160)
Unable to read trap frame at ffff950a`160e4160
LAST_CONTROL_TRANSFER: from fffff80318c853b9 to fffff80318c549c0
STACK_TEXT:
ffffdd84`f7594338 fffff803`18c853b9 : 00000000`0000001e ffffffff`c0000005 fffff803`23d05187 00000000`00000000 : nt!KeBugCheckEx
ffffdd84`f7594340 fffff803`18c662c2 : ffff950a`00004000 00000000`0000ffff ffff950a`160e4160 ffff950a`1a1d5f68 : nt!KiDispatchException+0x1a71b9
ffffdd84`f75949f0 fffff803`18c6214b : ffffdd84`f7594d00 fffff803`233aca7a ffffbb00`5791c180 ffff950a`1d502b00 : nt!KiExceptionDispatch+0xc2
ffffdd84`f7594bd0 fffff803`23d05187 : ffff950a`1a0e4890 ffff950a`18599010 ffff950a`1822ece0 ffff950a`18599010 : nt!KiGeneralProtectionFault+0x30b
ffffdd84`f7594d60 fffff803`23380b98 : 00000000`c0000236 ffffdd84`f7594ee0 00000000`00000000 00000000`00000000 : afd!AfdTLSuperConnectComplete+0x37
ffffdd84`f7594de0 fffff803`2337fac2 : ffff950a`108eac40 fffff803`2363169e ffff950a`108eac40 ffff950a`1ab5aca0 : tcpip!TcpCreateAndConnectTcbComplete+0x394
ffffdd84`f7595020 fffff803`2337f46b : 00000000`00000000 00000000`ffffffff 00000000`00000000 ffff8c6e`6b2bc6d9 : tcpip!TcpShutdownTcb+0x612
ffffdd84`f7595410 fffff803`2339e255 : 00000000`00000001 ffffdd84`f7595620 ffff950a`168dc040 00000000`00000000 : tcpip!TcpAbortTcbDelivery+0x2b
ffffdd84`f7595440 fffff803`2339292d : 00000000`00000000 ffffdd84`f7595890 00000000`00000001 00000000`00000000 : tcpip!TcpTcbCarefulDatagram+0xf25
ffffdd84`f75955c0 fffff803`233918f5 : ffff950a`168dc040 00000000`00000000 00000000`00000000 ffff950a`0e9f6590 : tcpip!TcpTcbReceive+0x2dd
ffffdd84`f7595810 fffff803`233909a4 : ffff950a`0e9f6590 00000000`00000000 00000000`a15258a1 00000001`5cea046c : tcpip!TcpMatchReceive+0x215
ffffdd84`f7595ae0 fffff803`233d2c32 : ffff950a`0e9f6590 fffff803`233b75c4 ffff950a`00000001 fffff803`22cd1501 : tcpip!TcpReceive+0x304
ffffdd84`f7595be0 fffff803`2336e5e1 : ffff950a`19a97360 00000000`00000000 00000000`00000000 00000000`00000002 : tcpip!TcpNlClientReceiveDatagrams+0x22
ffffdd84`f7595c20 fffff803`2336e192 : 00000000`00000000 ffff950a`19a97360 00000000`00000000 00000000`00000002 : tcpip!IppDeliverListToProtocol+0x61
ffffdd84`f7595cf0 fffff803`2336d48a : ffffdd84`f7595df9 00000000`00000000 ffffdd84`f7595df9 00000000`00000000 : tcpip!IppProcessDeliverList+0x62
ffffdd84`f7595d60 fffff803`23366fcc : 00000000`00000000 00000000`00000001 ffffdd84`f7595f40 ffffdd84`f7595f10 : tcpip!IppReceiveHeaderBatch+0x22a
ffffdd84`f7595e60 fffff803`23366c23 : ffff950a`10a713e0 00000000`00000000 ffff950a`1068e380 00000000`00000000 : tcpip!IppLbIndicatePackets+0x1dc
ffffdd84`f7595f10 fffff803`18c5819e : 00000000`00000000 ffffdd84`f7595fd0 00000000`00000002 ffffbb00`56fd8400 : tcpip!IppLbTransmitStackCallout+0x113
ffffdd84`f7595f80 fffff803`18c5815c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x2e
ffffdd84`f7027900 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
THREAD_SHA1_HASH_MOD_FUNC: 361ee234a51ab816100a96e3404afdd5bdf2f952
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5f97e48544b9c9d53348e23688dbfbfcbd090eb9
THREAD_SHA1_HASH_MOD: 9cf7091b684c9d255bf2a25067991d02863b1607
FOLLOWUP_IP:
afd!AfdTLSuperConnectComplete+37
fffff803`23d05187 4d8b7218 mov r14,qword ptr [r10+18h]
FAULT_INSTR_CODE: 18728b4d
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: afd!AfdTLSuperConnectComplete+37
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.379
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 37
FAILURE_BUCKET_ID: 0x1E_c0000005_R_afd!AfdTLSuperConnectComplete
BUCKET_ID: 0x1E_c0000005_R_afd!AfdTLSuperConnectComplete
PRIMARY_PROBLEM_CLASS: 0x1E_c0000005_R_afd!AfdTLSuperConnectComplete
TARGET_TIME: 2019-12-07T11:35:07.000Z
OSBUILD: 17763
OSSERVICEPACK: 864
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.864
ANALYSIS_SESSION_ELAPSED_TIME: 3bd4
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1e_c0000005_r_afd!afdtlsuperconnectcomplete
FAILURE_ID_HASH: {132fa2e2-804d-8bb5-7b91-86f267df7272}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 00007ffb8d67fe24, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: ffff830f87948b80, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.864 (WinBuild.160101.0800)
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: 7ffb8d67fe24
BUGCHECK_P2: 0
BUGCHECK_P3: ffff
BUGCHECK_P4: ffff830f87948b80
FAULTING_IP:
+0
00007ffb`8d67fe24 c3 ret
CPU_COUNT: 10
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: ApCent.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 12-07-2019 16:55:29.0366
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff800327dd1e9 to fffff800327cb9c0
STACK_TEXT:
ffff830f`879489b8 fffff800`327dd1e9 : 00000000`00000001 00007ffb`8d67fe24 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
ffff830f`879489c0 fffff800`327dd083 : ffffac8f`55ed1080 00000000`00000000 ffffffff`feced300 ffffac8f`55c49ae0 : nt!KiBugCheckDispatch+0x69
ffff830f`87948b00 00007ffb`8d67fe24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x1fe
00000000`0557dff8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`8d67fe24
THREAD_SHA1_HASH_MOD_FUNC: 1b1fd012b2a510c586295e696f84a9476c8f91e5
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6a054393ae1713fef08345a54701ed3a92fa10c6
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!KiSystemServiceExitPico+1fe
fffff800`327dd083 4883ec50 sub rsp,50h
FAULT_INSTR_CODE: 50ec8348
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceExitPico+1fe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.864
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1fe
FAILURE_BUCKET_ID: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
BUCKET_ID: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
PRIMARY_PROBLEM_CLASS: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
TARGET_TIME: 2019-12-07T11:54:07.000Z
OSBUILD: 17763
OSSERVICEPACK: 864
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.864
ANALYSIS_SESSION_ELAPSED_TIME: a7f
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1_syscallnum_36_nt!kisystemserviceexitpico
FAILURE_ID_HASH: {90837ed7-51d1-84e3-21f5-1a89def7df0c}
Followup: MachineOwner
---------