M
Mishealgo
Guest
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\$RCB0DG1.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`4b200000 PsLoadedModuleList = 0xfffff807`4be2a490
Debug session time: Mon Mar 15 10:13:45.411 2021 (UTC - 4:00)
System Uptime: 0 days 0:08:57.130
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.................
For analysis of this file, run !analyze -v
12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8074b9deb0c, The address that the exception occurred at
Arg3: ffff8885707472c8, Exception Record Address
Arg4: ffff888570746b00, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-V613QOL
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 4
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8074b9deb0c
BUGCHECK_P3: ffff8885707472c8
BUGCHECK_P4: ffff888570746b00
EXCEPTION_RECORD: ffff8885707472c8 -- (.exr 0xffff8885707472c8)
ExceptionAddress: fffff8074b9deb0c (nt!FsRtlAcquireFileForCcFlushEx+0x00000000001f0720)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008
CONTEXT: ffff888570746b00 -- (.cxr 0xffff888570746b00)
rax=ffffcc07cc747200 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8074b9deb0c rsp=ffff888570747500 rbp=ffff888570747600
r8=0000000000000008 r9=0000000000000000 r10=7ffffffffffffffc
r11=0000000000000000 r12=ffffffffffffff00 r13=ffffcc07cd2c2ce0
r14=ffffcc07cc6e35b0 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
nt!FsRtlAcquireFileForCcFlushEx+0x1f0720:
fffff807`4b9deb0c 488b4b08 mov rcx,qword ptr [rbx+8] ds:002b:00000000`00000008=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8074befb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8074be0f330: Unable to get Flags value from nt!KdVersionBlock
fffff8074be0f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000008
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000008
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffff8885`70747500 fffff807`4b723b64 : ffffcc07`cd8dc230 ffffcc07`cd2bb070 00000000`00000000 00000000`00000000 : nt!FsRtlAcquireFileForCcFlushEx+0x1f0720
ffff8885`707477c0 fffff807`4b723040 : 00000000`00000001 ffffcc07`cd2bb078 ffff8885`707478e0 ffff8885`707478e8 : nt!MiFlushControlArea+0xf0
ffff8885`70747890 fffff807`4b6a7925 : 00000000`00000000 00000000`00000000 fffff807`4be513e8 fffff807`4be51450 : nt!MiDeleteCachedSegment+0x1a8
ffff8885`707478e0 fffff807`4b517e85 : ffffcc07`cc747200 ffffcc07`cc747200 00000000`00000080 fffff807`4b5b9120 : nt!MiDereferenceSegmentThread+0xee805
ffff8885`70747b10 fffff807`4b5fd2a8 : ffffdd01`c6ed9180 ffffcc07`cc747200 fffff807`4b517e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff8885`70747b60 00000000`00000000 : ffff8885`70748000 ffff8885`70741000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!FsRtlAcquireFileForCcFlushEx+1f0720
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.867
STACK_COMMAND: .cxr 0xffff888570746b00 ; kb
BUCKET_ID_FUNC_OFFSET: 1f0720
FAILURE_BUCKET_ID: AV_nt!FsRtlAcquireFileForCcFlushEx
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6f5021e6-ddbb-4be7-5bae-fcfd522b8cd9}
Followup: MachineOwner
---------
Continue reading...
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\$RCB0DG1.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`4b200000 PsLoadedModuleList = 0xfffff807`4be2a490
Debug session time: Mon Mar 15 10:13:45.411 2021 (UTC - 4:00)
System Uptime: 0 days 0:08:57.130
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.................
For analysis of this file, run !analyze -v
12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8074b9deb0c, The address that the exception occurred at
Arg3: ffff8885707472c8, Exception Record Address
Arg4: ffff888570746b00, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-V613QOL
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 4
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8074b9deb0c
BUGCHECK_P3: ffff8885707472c8
BUGCHECK_P4: ffff888570746b00
EXCEPTION_RECORD: ffff8885707472c8 -- (.exr 0xffff8885707472c8)
ExceptionAddress: fffff8074b9deb0c (nt!FsRtlAcquireFileForCcFlushEx+0x00000000001f0720)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008
CONTEXT: ffff888570746b00 -- (.cxr 0xffff888570746b00)
rax=ffffcc07cc747200 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8074b9deb0c rsp=ffff888570747500 rbp=ffff888570747600
r8=0000000000000008 r9=0000000000000000 r10=7ffffffffffffffc
r11=0000000000000000 r12=ffffffffffffff00 r13=ffffcc07cd2c2ce0
r14=ffffcc07cc6e35b0 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
nt!FsRtlAcquireFileForCcFlushEx+0x1f0720:
fffff807`4b9deb0c 488b4b08 mov rcx,qword ptr [rbx+8] ds:002b:00000000`00000008=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8074befb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8074be0f330: Unable to get Flags value from nt!KdVersionBlock
fffff8074be0f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000008
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000008
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffff8885`70747500 fffff807`4b723b64 : ffffcc07`cd8dc230 ffffcc07`cd2bb070 00000000`00000000 00000000`00000000 : nt!FsRtlAcquireFileForCcFlushEx+0x1f0720
ffff8885`707477c0 fffff807`4b723040 : 00000000`00000001 ffffcc07`cd2bb078 ffff8885`707478e0 ffff8885`707478e8 : nt!MiFlushControlArea+0xf0
ffff8885`70747890 fffff807`4b6a7925 : 00000000`00000000 00000000`00000000 fffff807`4be513e8 fffff807`4be51450 : nt!MiDeleteCachedSegment+0x1a8
ffff8885`707478e0 fffff807`4b517e85 : ffffcc07`cc747200 ffffcc07`cc747200 00000000`00000080 fffff807`4b5b9120 : nt!MiDereferenceSegmentThread+0xee805
ffff8885`70747b10 fffff807`4b5fd2a8 : ffffdd01`c6ed9180 ffffcc07`cc747200 fffff807`4b517e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff8885`70747b60 00000000`00000000 : ffff8885`70748000 ffff8885`70741000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!FsRtlAcquireFileForCcFlushEx+1f0720
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.867
STACK_COMMAND: .cxr 0xffff888570746b00 ; kb
BUCKET_ID_FUNC_OFFSET: 1f0720
FAILURE_BUCKET_ID: AV_nt!FsRtlAcquireFileForCcFlushEx
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6f5021e6-ddbb-4be7-5bae-fcfd522b8cd9}
Followup: MachineOwner
---------
Continue reading...