*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 000000b500190645
Arg2: ffffd0005cda6738
Arg3: ffffd0005cda5f40
Arg4: fffff803186824d5
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.17415.amd64fre.winblue_r4.141028-1500
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: PA65-UD3-B3
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: F12
BIOS_DATE: 03/27/2012
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: PA65-UD3-B3
DUMP_TYPE: 2
BUGCHECK_P1: b500190645
BUGCHECK_P2: ffffd0005cda6738
BUGCHECK_P3: ffffd0005cda5f40
BUGCHECK_P4: fffff803186824d5
EXCEPTION_RECORD: ffffd0005cda6738 -- (.exr 0xffffd0005cda6738)
ExceptionAddress: fffff803186824d5 (nt!ExpApplyPriorityBoost+0x00000000000001d1)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000158074b
Attempt to read from address 000000000158074b
CONTEXT: ffffd0005cda5f40 -- (.cxr 0xffffd0005cda5f40)
rax=0000000000060004 rbx=0000000000000002 rcx=0000000000000000
rdx=0000000000000008 rsi=0000000000000000 rdi=ffffe001e1af3890
rip=fffff803186824d5 rsp=ffffd0005cda6970 rbp=0000000000000000
r8=0000000000000004 r9=ffffd0005cda6990 r10=0000000000000801
r11=fffff8008462e843 r12=0000000000000002 r13=000000000000ff01
r14=0000000001580743 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010002
nt!ExpApplyPriorityBoost+0x1d1:
fffff803`186824d5 458b7e08 mov r15d,dword ptr [r14+8] ds:002b:00000000`0158074b=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2a
CPU_STEPPING: 7
CPU_MICROCODE: 6,2a,7,0 (F,M,S,R) SIG: 28'00000000 (cache) 28'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: MsMpEng.exe
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!ExpApplyPriorityBoost+1d1
fffff803`186824d5 458b7e08 mov r15d,dword ptr [r14+8]
FAULTING_IP:
nt!ExpApplyPriorityBoost+1d1
fffff803`186824d5 458b7e08 mov r15d,dword ptr [r14+8]
BUGCHECK_STR: 0x24
READ_ADDRESS: GetUlongPtrFromAddress: unable to read from fffff8031897d298
GetUlongPtrFromAddress: unable to read from fffff8031897d520
000000000158074b
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000158074b
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-04-2019 22:36:29.0330
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff803186827d2 to fffff803186824d5
STACK_TEXT:
ffffd000`5cda6970 fffff803`186827d2 : ffffc001`def17301 ffffe001`e1af3890 00000000`00000001 ffffe001`e35bb080 : nt!ExpApplyPriorityBoost+0x1d1
ffffd000`5cda69e0 fffff803`1867ebba : ffffe001`e1af3890 ffffe001`e2545120 ffffe001`e11aec70 00000000`00000000 : nt!ExpWaitForResource+0xd2
ffffd000`5cda6ab0 fffff800`846ee49a : 00000000`00000002 ffffc001`def17010 ffffd000`7164d8a0 00000000`00000000 : nt!ExAcquireResourceExclusiveLite+0x1da
ffffd000`5cda6b20 fffff800`847054c5 : ffffe001`e11aec38 ffffe001`e38eac10 ffffd000`7164d588 ffffe001`e35bb080 : Ntfs!NtfsCommonCleanup+0x26a
ffffd000`5cda6f50 fffff803`1876e2f7 : ffffd000`7164d588 00000000`0008b458 00000000`7ffdb000 00000000`0018f148 : Ntfs!NtfsCommonCleanupCallout+0x19
ffffd000`5cda6f80 fffff803`1876e2bd : ffffd000`7164d600 00000000`00000000 00000000`00000002 fffff803`18658a7d : nt!KxSwitchKernelStackCallout+0x27
ffffd000`7164d430 fffff803`18658a7d : ffffe001`00000006 ffffd000`7164d600 00000000`00000006 00000000`00000000 : nt!KiSwitchKernelStackContinue
ffffd000`7164d450 fffff800`847000c5 : fffff800`847054ac ffffd000`7164d588 ffffe001`e38ee000 ffffe001`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x2fd
ffffd000`7164d540 fffff800`8453ab1e : ffffe001`e1b55760 00000000`00000000 00000000`00000001 ffffe001`e38ee010 : Ntfs!NtfsFsdCleanup+0x185
ffffd000`7164d850 fffff800`845390c2 : ffffd000`7164d910 ffffe001`e2122860 00000000`00000000 ffffe001`e38ee010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2ce
ffffd000`7164d8f0 fffff803`18a59349 : ffffe001`e38ee010 ffffe001`e308c900 00000000`00000000 ffffe001`e1b99ec0 : fltmgr!FltpDispatch+0xb2
ffffd000`7164d950 fffff803`18a583a3 : ffffe001`e0aed840 ffffd000`7164da99 00000000`00000000 00000000`00000000 : nt!IopCloseFile+0x12d
ffffd000`7164d9e0 fffff803`187761b3 : 00000026`76c4b9a8 00000026`13a17eb0 00007ffb`44085318 ffffffff`ffffffff : nt!NtClose+0x1c3
ffffd000`7164db00 00007ffb`4e290d3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000026`02bcf448 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`4e290d3a
THREAD_SHA1_HASH_MOD_FUNC: 129231f1b1cc703b0130aec99852b59b73b991a4
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d560792df1c525cdaa8e331882fa02fc2f420b8d
THREAD_SHA1_HASH_MOD: b9263cf62c04c61f6b26d98d85a0167498bdc026
FAULT_INSTR_CODE: 87e8b45
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExpApplyPriorityBoost+1d1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 54503718
IMAGE_VERSION: 6.3.9600.17415
STACK_COMMAND: .cxr 0xffffd0005cda5f40 ; kb
BUCKET_ID_FUNC_OFFSET: 1d1
FAILURE_BUCKET_ID: 0x24_nt!ExpApplyPriorityBoost
BUCKET_ID: 0x24_nt!ExpApplyPriorityBoost
PRIMARY_PROBLEM_CLASS: 0x24_nt!ExpApplyPriorityBoost
TARGET_TIME: 2019-11-02T21:52:45.000Z
OSBUILD: 9600
OSSERVICEPACK: 17415
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-10-29 03:38:48
BUILDDATESTAMP_STR: 141028-1500
BUILDLAB_STR: winblue_r4
BUILDOSVER_STR: 6.3.9600.17415.amd64fre.winblue_r4.141028-1500
ANALYSIS_SESSION_ELAPSED_TIME: 77c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x24_nt!expapplypriorityboost
FAILURE_ID_HASH: {99788c13-fb0a-47cc-42e3-cbe4a318052c}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffe001fb7577c0, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
ETW minidump data unavailable
GetUlongPtrFromAddress: unable to read from fffff800de1d0308
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.19478.amd64fre.winblue_ltsb.190831-0600
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: PA65-UD3-B3
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: F12
BIOS_DATE: 03/27/2012
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: PA65-UD3-B3
DUMP_TYPE: 2
BUGCHECK_P1: ffffe001fb7577c0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2a
CPU_STEPPING: 7
CPU_MICROCODE: 6,2a,7,0 (F,M,S,R) SIG: 28'00000000 (cache) 28'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-04-2019 22:39:23.0711
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff800de47ebfc to fffff800ddfc23a0
STACK_TEXT:
ffffd001`f25b9948 fffff800`de47ebfc : 00000000`000000ef ffffe001`fb7577c0 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffd001`f25b9950 fffff800`de3c5d82 : ffffe001`fb7577c0 ffffe001`fb693460 00000000`00000000 00000000`c0000374 : nt!PspCatchCriticalBreak+0xa4
ffffd001`f25b9990 fffff800`de2e9717 : ffffe001`fb7577c0 ffffe001`fb693460 ffffe001`fb7577c0 ffffe001`fb7577c0 : nt! ?? ::NNGAKEGL::`string'+0x2fd82
ffffd001`f25b99f0 fffff800`de47e5bc : ffffffff`ffffffff ffffd001`f25b9a99 ffffe001`fb7577c0 ffffe001`fb693080 : nt!PspTerminateProcess+0x67
ffffd001`f25b9a30 fffff800`ddfd22e3 : ffffe001`fb693080 00000000`00000000 ffffe001`fb693080 ffffffff`ffffffff : nt!NtTerminateProcess+0xe0
ffffd001`f25b9b00 00007ffc`42700a1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000da`9660d948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`42700a1a
THREAD_SHA1_HASH_MOD_FUNC: 87c4a57b08db2499156fb80767122c5fe8c2351e
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2c5cadcb70328120c3e353284e781f8f00da282d
THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
FOLLOWUP_NAME: MachineOwner
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xEF_csrss.exe_IMAGE_csrss.exe
BUCKET_ID: 0xEF_csrss.exe_IMAGE_csrss.exe
PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_IMAGE_csrss.exe
TARGET_TIME: 2019-11-03T18:01:44.000Z
OSBUILD: 9600
OSSERVICEPACK: 19478
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-08-31 18:06:47
BUILDDATESTAMP_STR: 190831-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19478.amd64fre.winblue_ltsb.190831-0600
ANALYSIS_SESSION_ELAPSED_TIME: c02
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_image_csrss.exe
FAILURE_ID_HASH: {52d21f5d-7423-c024-462c-4ca2f538aeeb}
Followup: MachineOwner
---------
2: kd> lmvm csrss
Browse full module list
start end module name
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8023c0b1001, Address of the instruction which caused the bugcheck
Arg3: ffffd001938d4e50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff8023bfbf308
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.19478.amd64fre.winblue_ltsb.190831-0600
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: PA65-UD3-B3
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: F12
BIOS_DATE: 03/27/2012
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: PA65-UD3-B3
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8023c0b1001
BUGCHECK_P3: ffffd001938d4e50
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!CmpNotifyChangeKey+115
fffff802`3c0b1001 48394108 cmp qword ptr [rcx+8],rax
CONTEXT: ffffd001938d4e50 -- (.cxr 0xffffd001938d4e50)
rax=ffffc00105884900 rbx=ffffc001058848f0 rcx=0000000300000002
rdx=ffffc0010bdde948 rsi=ffffc0010567e060 rdi=ffffc0010690c960
rip=fffff8023c0b1001 rsp=ffffd001938d5870 rbp=000000000000000f
r8=000000000000000f r9=0000000000000001 r10=0000000000000801
r11=7ffffffffffffffc r12=0000000000000001 r13=0000000000000001
r14=ffffc001047ed000 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!CmpNotifyChangeKey+0x115:
fffff802`3c0b1001 48394108 cmp qword ptr [rcx+8],rax ds:002b:00000003`0000000a=????????????????
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2a
CPU_STEPPING: 7
CPU_MICROCODE: 6,2a,7,0 (F,M,S,R) SIG: 28'00000000 (cache) 28'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: steamwebhelper
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-04-2019 22:40:09.0661
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8023c0b09b0 to fffff8023c0b1001
STACK_TEXT:
ffffd001`938d5870 fffff802`3c0b09b0 : 00000000`00000000 ffffd001`938d5b80 ffffc001`0690c960 ffffe001`5888bc00 : nt!CmpNotifyChangeKey+0x115
ffffd001`938d58d0 fffff802`3c0b0538 : ffffe001`5888b880 00000000`00000000 00000000`00000000 00000000`00e9e0c8 : nt!NtNotifyChangeMultipleKeys+0x470
ffffd001`938d5a20 fffff802`3bdc12e3 : ffffe001`5888b880 ffffd001`938d5b80 00000000`00000040 fffff802`3c02a22c : nt!NtNotifyChangeKey+0x60
ffffd001`938d5a90 00007fff`cce1176a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00e9e0a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`cce1176a
THREAD_SHA1_HASH_MOD_FUNC: f4a1ebb62142f4b4f6bbad64c6028d8395bcebac
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b8785c4f1e3af5b3fa1a2fa9484613512da51af6
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!CmpNotifyChangeKey+115
fffff802`3c0b1001 48394108 cmp qword ptr [rcx+8],rax
FAULT_INSTR_CODE: 8413948
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpNotifyChangeKey+115
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5d6a8d07
IMAGE_VERSION: 6.3.9600.19478
STACK_COMMAND: .cxr 0xffffd001938d4e50 ; kb
BUCKET_ID_FUNC_OFFSET: 115
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!CmpNotifyChangeKey
BUCKET_ID: 0x3B_c0000005_nt!CmpNotifyChangeKey
PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_nt!CmpNotifyChangeKey
TARGET_TIME: 2019-11-03T15:31:10.000Z
OSBUILD: 9600
OSSERVICEPACK: 19478
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-08-31 18:06:47
BUILDDATESTAMP_STR: 190831-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19478.amd64fre.winblue_ltsb.190831-0600
ANALYSIS_SESSION_ELAPSED_TIME: 821
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_c0000005_nt!cmpnotifychangekey
FAILURE_ID_HASH: {52772d46-f7c5-1283-1d01-700d2f26b844}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffd0018f9fe6e8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: ffffd0018f9fe6e8, address which referenced memory
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff801e77bf308
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.19478.amd64fre.winblue_ltsb.190831-0600
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: PA65-UD3-B3
BIOS_VENDOR: Award Software International, Inc.
BIOS_VERSION: F12
BIOS_DATE: 03/27/2012
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: PA65-UD3-B3
DUMP_TYPE: 2
BUGCHECK_P1: ffffd0018f9fe6e8
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: ffffd0018f9fe6e8
READ_ADDRESS: GetUlongPtrFromAddress: unable to read from fffff801e77bf2a8
GetUlongPtrFromAddress: unable to read from fffff801e77bf530
ffffd0018f9fe6e8
CURRENT_IRQL: 2
FAULTING_IP:
+0
ffffd001`8f9fe6e8 ?? ???
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2a
CPU_STEPPING: 7
CPU_MICROCODE: 6,2a,7,0 (F,M,S,R) SIG: 28'00000000 (cache) 28'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: csrss.exe
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-04-2019 22:40:13.0241
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffd00191555ef0 -- (.trap 0xffffd00191555ef0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000080040031 rbx=0000000000000000 rcx=fffff6fb7dbedf80
rdx=ffffd00191556450 rsi=0000000000000000 rdi=0000000000000000
rip=ffffd0018f9fe6e8 rsp=ffffd00191556088 rbp=ffffd00191556100
r8=0000000000000000 r9=0000000000000000 r10=7010008004002001
r11=0000000080050031 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
ffffd001`8f9fe6e8 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff801e75c1669 to fffff801e75b13a0
FAILED_INSTRUCTION_ADDRESS:
+0
ffffd001`8f9fe6e8 ?? ???
STACK_TEXT:
ffffd001`91555da8 fffff801`e75c1669 : 00000000`0000000a ffffd001`8f9fe6e8 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
ffffd001`91555db0 fffff801`e75beba8 : 00000000`00000010 00000000`00000000 00000000`00000000 fffff801`e74d9417 : nt!KiBugCheckDispatch+0x69
ffffd001`91555ef0 ffffd001`8f9fe6e8 : ffffd001`8fee1eff ffffe001`5f8678c0 ffffd001`91556100 ffffd001`8fed728d : nt!KiPageFault+0x428
ffffd001`91556088 ffffd001`8fee1eff : ffffe001`5f8678c0 ffffd001`91556100 ffffd001`8fed728d fffff801`4690739b : 0xffffd001`8f9fe6e8
ffffd001`91556090 ffffe001`5f8678c0 : ffffd001`91556100 ffffd001`8fed728d fffff801`4690739b ffffe001`00000000 : 0xffffd001`8fee1eff
ffffd001`91556098 ffffd001`91556100 : ffffd001`8fed728d fffff801`4690739b ffffe001`00000000 00000000`00000000 : 0xffffe001`5f8678c0
ffffd001`915560a0 ffffd001`8fed728d : fffff801`4690739b ffffe001`00000000 00000000`00000000 ffffe001`5f534b02 : 0xffffd001`91556100
ffffd001`915560a8 fffff801`4690739b : ffffe001`00000000 00000000`00000000 ffffe001`5f534b02 ffffd001`915562c0 : 0xffffd001`8fed728d
ffffd001`915560b0 fffff801`4699e3c8 : 00000000`00000000 ffffd001`915562c0 ffffe001`00000000 ffffd001`8fed7945 : Ntfs!NtfsReleaseFcb+0x4b
ffffd001`915560f0 fffff801`4699d7f1 : 00000000`00000000 00000000`00000001 ffffd001`91556302 00000000`00604c00 : Ntfs!NtfsFreeRecentlyDeallocated+0x8bc
ffffd001`91556230 00000000`00000070 : ffffe001`5f33d340 00000000`00000000 00000000`00000001 fffff801`e770e480 : Ntfs!NtfsCheckpointVolume+0x1b40
ffffd001`91556790 ffffe001`5f33d340 : 00000000`00000000 00000000`00000001 fffff801`e770e480 ffffd001`91556890 : 0x70
ffffd001`91556798 00000000`00000000 : 00000000`00000001 fffff801`e770e480 ffffd001`91556890 00000000`0000034f : 0xffffe001`5f33d340
THREAD_SHA1_HASH_MOD_FUNC: f84da58bf9f55f8e4d9df64fb2c10067bf4579e0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: da1245aeba3b514bf219a9cf188a98842cc245a6
THREAD_SHA1_HASH_MOD: 35f81a1d73b94e028864fffeb7585e3b00f95bae
FOLLOWUP_IP:
nt!KiPageFault+428
fffff801`e75beba8 440f20c0 mov rax,cr8
FAULT_INSTR_CODE: c0200f44
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+428
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5d6a8d07
IMAGE_VERSION: 6.3.9600.19478
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 428
FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
PRIMARY_PROBLEM_CLASS: AV_CODE_AV_BAD_IP_nt!KiPageFault
TARGET_TIME: 2019-11-03T17:51:00.000Z
OSBUILD: 9600
OSSERVICEPACK: 19478
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-08-31 18:06:47
BUILDDATESTAMP_STR: 190831-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19478.amd64fre.winblue_ltsb.190831-0600
ANALYSIS_SESSION_ELAPSED_TIME: 41ed
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_code_av_bad_ip_nt!kipagefault
FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}
Followup: MachineOwner
---------