| 1 |
|
|---|
| 2 | Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
|
|---|
| 3 | Copyright (c) Microsoft Corporation. All rights reserved.
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 | Loading Dump File [D:\DavidS\Downloads\MEMORY.DMP]
|
|---|
| 7 | Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
|
|---|
| 8 |
|
|---|
| 9 | Symbol search path is: srv*
|
|---|
| 10 | Executable search path is:
|
|---|
| 11 | Windows 8.1 Kernel Version 9600 MP (2 procs) Free x64
|
|---|
| 12 | Product: Server, suite: TerminalServer SingleUserTS
|
|---|
| 13 | Edition build lab: 9600.19846.amd64fre.winblue_ltsb_escrow.200923-1735
|
|---|
| 14 | Machine Name:
|
|---|
| 15 | Kernel base = 0xfffff802`5aa81000 PsLoadedModuleList = 0xfffff802`5ad465d0
|
|---|
| 16 | Debug session time: Tue Oct 27 11:05:53.834 2020 (UTC - 7:00)
|
|---|
| 17 | System Uptime: 0 days 0:08:24.639
|
|---|
| 18 | Loading Kernel Symbols
|
|---|
| 19 | ...............................................................
|
|---|
| 20 | .................................................Page 1e3e81 not present in the dump file. Type ".hh dbgerr004" for details
|
|---|
| 21 | ...............
|
|---|
| 22 | ...
|
|---|
| 23 | Loading User Symbols
|
|---|
| 24 | PEB is paged out (Peb.Ldr = 00007ff7`f13b7018). Type ".hh dbgerr001" for details
|
|---|
| 25 | Loading unloaded module list
|
|---|
| 26 | ....
|
|---|
| 27 | For analysis of this file, run !analyze -v
|
|---|
| 28 | nt!KeBugCheckEx:
|
|---|
| 29 | fffff802`5abc14c0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffd000`b4e9fe90=000000000000000a
|
|---|
| 30 | 0: kd> !analyze -v
|
|---|
| 31 | *******************************************************************************
|
|---|
| 32 | * *
|
|---|
| 33 | * Bugcheck Analysis *
|
|---|
| 34 | * *
|
|---|
| 35 | *******************************************************************************
|
|---|
| 36 |
|
|---|
| 37 | IRQL_NOT_LESS_OR_EQUAL (a)
|
|---|
| 38 | An attempt was made to access a pageable (or completely invalid) address at an
|
|---|
| 39 | interrupt request level (IRQL) that is too high. This is usually
|
|---|
| 40 | caused by drivers using improper addresses.
|
|---|
| 41 | If a kernel debugger is available get the stack backtrace.
|
|---|
| 42 | Arguments:
|
|---|
| 43 | Arg1: 0000000000000016, memory referenced
|
|---|
| 44 | Arg2: 0000000000000002, IRQL
|
|---|
| 45 | Arg3: 0000000000000001, bitfield :
|
|---|
| 46 | bit 0 : value 0 = read operation, 1 = write operation
|
|---|
| 47 | bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
|
|---|
| 48 | Arg4: fffff8025ab0405e, address which referenced memory
|
|---|
| 49 |
|
|---|
| 50 | Debugging Details:
|
|---|
| 51 | ------------------
|
|---|
| 52 |
|
|---|
| 53 |
|
|---|
| 54 | KEY_VALUES_STRING: 1
|
|---|
| 55 |
|
|---|
| 56 | Key : Analysis.CPU.mSec
|
|---|
| 57 | Value: 2421
|
|---|
| 58 |
|
|---|
| 59 | Key : Analysis.DebugAnalysisProvider.CPP
|
|---|
| 60 | Value: Create: 8007007e on MRWU
|
|---|
| 61 |
|
|---|
| 62 | Key : Analysis.DebugData
|
|---|
| 63 | Value: CreateObject
|
|---|
| 64 |
|
|---|
| 65 | Key : Analysis.DebugModel
|
|---|
| 66 | Value: CreateObject
|
|---|
| 67 |
|
|---|
| 68 | Key : Analysis.Elapsed.mSec
|
|---|
| 69 | Value: 2424
|
|---|
| 70 |
|
|---|
| 71 | Key : Analysis.Memory.CommitPeak.Mb
|
|---|
| 72 | Value: 77
|
|---|
| 73 |
|
|---|
| 74 | Key : Analysis.System
|
|---|
| 75 | Value: CreateObject
|
|---|
| 76 |
|
|---|
| 77 | Key : WER.OS.Branch
|
|---|
| 78 | Value: winblue_ltsb_escrow
|
|---|
| 79 |
|
|---|
| 80 | Key : WER.OS.Timestamp
|
|---|
| 81 | Value: 2020-09-23T17:35:00Z
|
|---|
| 82 |
|
|---|
| 83 | Key : WER.OS.Version
|
|---|
| 84 | Value: 8.1.9600.19846
|
|---|
| 85 |
|
|---|
| 86 |
|
|---|
| 87 | ADDITIONAL_XML: 1
|
|---|
| 88 |
|
|---|
| 89 | OS_BUILD_LAYERS: 1
|
|---|
| 90 |
|
|---|
| 91 | VIRTUAL_MACHINE: VirtualBox
|
|---|
| 92 |
|
|---|
| 93 | BUGCHECK_CODE: a
|
|---|
| 94 |
|
|---|
| 95 | BUGCHECK_P1: 16
|
|---|
| 96 |
|
|---|
| 97 | BUGCHECK_P2: 2
|
|---|
| 98 |
|
|---|
| 99 | BUGCHECK_P3: 1
|
|---|
| 100 |
|
|---|
| 101 | BUGCHECK_P4: fffff8025ab0405e
|
|---|
| 102 |
|
|---|
| 103 | WRITE_ADDRESS: 0000000000000016
|
|---|
| 104 |
|
|---|
| 105 | PROCESS_NAME: java.exe
|
|---|
| 106 |
|
|---|
| 107 | TRAP_FRAME: ffffd000b4e9ffd0 -- (.trap 0xffffd000b4e9ffd0)
|
|---|
| 108 | NOTE: The trap frame does not contain all registers.
|
|---|
| 109 | Some register values may be zeroed or incorrect.
|
|---|
| 110 | rax=fffffa80120f9000 rbx=0000000000000000 rcx=ffffd000b4ea0228
|
|---|
| 111 | rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
|
|---|
| 112 | rip=fffff8025ab0405e rsp=ffffd000b4ea0160 rbp=ffffd000b4ea0200
|
|---|
| 113 | r8=0000000000000000 r9=0000000000000000 r10=240c8b4000000000
|
|---|
| 114 | r11=fffffa8012100430 r12=0000000000000000 r13=0000000000000000
|
|---|
| 115 | r14=0000000000000000 r15=0000000000000000
|
|---|
| 116 | iopl=0 nv up ei ng nz na po nc
|
|---|
| 117 | nt!KxWaitForLockOwnerShip+0x12:
|
|---|
| 118 | fffff802`5ab0405e 48890a mov qword ptr [rdx],rcx ds:00000000`00000016=????????????????
|
|---|
| 119 | Resetting default scope
|
|---|
| 120 |
|
|---|
| 121 | STACK_TEXT:
|
|---|
| 122 | ffffd000`b4e9fe88 fffff802`5abd1769 : 00000000`0000000a 00000000`00000016 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
|
|---|
| 123 | ffffd000`b4e9fe90 fffff802`5abceca8 : 00000000`00000000 fffffa80`09dfdcd0 00000904`c0000000 fffff802`5ab688f6 : nt!KiBugCheckDispatch+0x69
|
|---|
| 124 | ffffd000`b4e9ffd0 fffff802`5ab0405e : 00000000`00001000 ffffc000`bec3e000 ffffe001`db08c880 00000000`00000000 : nt!KiPageFault+0x428
|
|---|
| 125 | ffffd000`b4ea0160 fffff802`5aae3480 : fffffa80`09dfffe0 fffff802`5aacbfb9 00000000`00000000 ffffc000`bec3e000 : nt!KxWaitForLockOwnerShip+0x12
|
|---|
| 126 | ffffd000`b4ea0190 fffff802`5ab22077 : 00000000`0034aaaa fffffa80`09dffff0 00000000`00000000 00000000`00000000 : nt!MiInsertPageInFreeOrZeroedList+0x7e0
|
|---|
| 127 | ffffd000`b4ea02d0 fffff802`5aae6c6e : ffffffff`ffffffff ffffd000`b4ea0380 00000000`00000000 ffffffff`ffffffff : nt!MiInsertLargePageInFreeOrZeroList+0xdb
|
|---|
| 128 | ffffd000`b4ea0320 fffff802`5ab718d5 : fffffa80`00000077 00000000`00000000 00000000`00000077 00000000`00000000 : nt!MiGetFreeOrZeroPage+0x45e
|
|---|
| 129 | ffffd000`b4ea03c0 fffff802`5ab5ed38 : 0000ffff`00000000 e001db65`718004c0 fffffa80`09dfc620 00000000`00000000 : nt!MiGetPage+0x135
|
|---|
| 130 | ffffd000`b4ea0430 fffff802`5aabf7c7 : ffffb001`48607000 00000000`2acb1c2e ffffd000`00000000 00000000`00000212 : nt!MmCopyToCachedPage+0x4b8
|
|---|
| 131 | ffffd000`b4ea0550 fffff802`5aabf4f4 : ffffe001`dbc09520 00000000`2acb1c2e ffffd000`b4ea06a8 ffffe001`00000000 : nt!CcMapAndCopyInToCache+0x21f
|
|---|
| 132 | ffffd000`b4ea0640 fffff800`9b959bcd : 00000000`1e907212 ffffe001`d90b9040 ffffe001`dba49970 ffffe001`d90b9040 : nt!CcCopyWriteEx+0x260
|
|---|
| 133 | ffffd000`b4ea06e0 fffff800`9b7401f1 : 00000000`00000000 00000000`000002b0 fffff800`9b766801 00000000`00010000 : Ntfs!NtfsCopyWriteA+0x2ed
|
|---|
| 134 | ffffd000`b4ea0960 fffff800`9b7408e6 : ffffd000`b4ea0a50 ffffe001`dba49900 ffffe001`dbc4bbc0 ffffe001`dbc4bad0 : fltmgr!FltpPerformFastIoCall+0x1c1
|
|---|
| 135 | ffffd000`b4ea09c0 fffff800`9b766a3f : 00000000`00000001 fffff802`5ae0eda8 ffffe001`dba49970 ffffd000`b4ea0b20 : fltmgr!FltpPassThroughFastIo+0x165
|
|---|
| 136 | ffffd000`b4ea0a20 fffff802`5ae0e8ca : ffffe001`dba49970 00000000`00000000 ffffd000`b4ea0b18 ffffd000`b4ea0b80 : fltmgr!FltpFastIoWrite+0x14f
|
|---|
| 137 | ffffd000`b4ea0ad0 fffff802`5abd13e3 : 00000000`08490000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWriteFile+0x422
|
|---|
| 138 | ffffd000`b4ea0bd0 00007ffb`27df078a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
|
|---|
| 139 | 00000000`182893c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`27df078a
|
|---|
| 140 |
|
|---|
| 141 |
|
|---|
| 142 | SYMBOL_NAME: nt!KxWaitForLockOwnerShip+12
|
|---|
| 143 |
|
|---|
| 144 | MODULE_NAME: nt
|
|---|
| 145 |
|
|---|
| 146 | IMAGE_NAME: ntkrnlmp.exe
|
|---|
| 147 |
|
|---|
| 148 | STACK_COMMAND: .thread ; .cxr ; kb
|
|---|
| 149 |
|
|---|
| 150 | BUCKET_ID_FUNC_OFFSET: 12
|
|---|
| 151 |
|
|---|
| 152 | FAILURE_BUCKET_ID: AV_nt!KxWaitForLockOwnerShip
|
|---|
| 153 |
|
|---|
| 154 | OS_VERSION: 8.1.9600.19846
|
|---|
| 155 |
|
|---|
| 156 | BUILDLAB_STR: winblue_ltsb_escrow
|
|---|
| 157 |
|
|---|
| 158 | OSPLATFORM_TYPE: x64
|
|---|
| 159 |
|
|---|
| 160 | OSNAME: Windows 8.1
|
|---|
| 161 |
|
|---|
| 162 | FAILURE_ID_HASH: {724b07b1-4226-85fe-f372-16d33b9a3b93}
|
|---|
| 163 |
|
|---|
| 164 | Followup: MachineOwner
|
|---|
| 165 | ---------
|
|---|
| 166 |
|
|---|