F
Frostices
Guest
Hi Everyone,
My PC has been crashing a lot lately, and I am on my wits end in figuring out what's wrong here. I am able to WinDbg the dump file, but I am not too sure what I am looking at here. It would be great if I can have advice on what needs to be fixed.
---
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\122620-6671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`52a00000 PsLoadedModuleList = 0xfffff802`5362a2b0
Debug session time: Sat Dec 26 04:44:36.959 2020 (UTC + 8:00)
System Uptime: 0 days 13:26:18.598
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`52df5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9a01`fb347630=000000000000000a
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffff9a0222c7ea8d, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: ffff9a01feacb03b, address which referenced memory
Debugging Details:
------------------
DBGHELP: Timeout to store: C:\ProgramData\Dbg\sym*Symbol information
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2827
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-JK65TUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 101882
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: d1
BUGCHECK_P1: ffff9a0222c7ea8d
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: ffff9a01feacb03b
READ_ADDRESS: fffff802536fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffff9a0222c7ea8d
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: ffff9a01fb347770 -- (.trap 0xffff9a01fb347770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9a01feacb037 rbx=0000000000000000 rcx=ffff9a01feacb037
rdx=320781cc444a1553 rsi=0000000000000000 rdi=0000000000000000
rip=ffff9a01feacb03b rsp=ffff9a01fb347908 rbp=ffff8009f968f670
r8=0000000000000000 r9=0000000000000000 r10=ffff9a01feacb037
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
ffff9a01`feacb03b 48315108 xor qword ptr [rcx+8],rdx ds:ffff9a01`feacb03f=2a56b084541b241b
Resetting default scope
BAD_STACK_POINTER: ffff9a01fb347628
STACK_TEXT:
ffff9a01`fb347628 fffff802`52e07769 : 00000000`0000000a ffff9a02`22c7ea8d 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff9a01`fb347630 fffff802`52e03a69 : ffff22c5`a7a6871e fffff802`52e035e0 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff9a01`fb347770 ffff9a01`feacb03b : fffff802`52e10bd9 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 : nt!KiPageFault+0x469
ffff9a01`fb347908 fffff802`52e10bd9 : 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 ffff9a01`fb347fd0 : 0xffff9a01`feacb03b
ffff9a01`fb347910 fffff802`52dcc031 : fffff802`00000003 ffff8009`f968f600 ffff8009`f9689000 ffff8009`f9690000 : nt!ExpCenturyDpcRoutine$fin$0+0x151
ffff9a01`fb347970 fffff802`52dfe6bf : ffff8009`f968f600 ffff9a01`fb347f60 ffff8009`f968f670 ffff8009`f968f670 : nt!_C_specific_handler+0x1a1
ffff9a01`fb3479e0 fffff802`52d2c484 : ffff9a01`fb3487c0 ffff8009`00000000 ffff9a01`fb3487c0 fffff802`52ad6d40 : nt!RtlpExecuteHandlerForUnwind+0xf
ffff9a01`fb347a10 fffff802`52dcbf75 : fffff802`52a980f0 fffff802`00000001 ffff8009`f968f670 ffff8009`f9690000 : nt!RtlUnwindEx+0x2c4
ffff9a01`fb348130 fffff802`52dfe63f : fffff802`52ad6d40 ffff9a01`fb348710 fffff802`52dcbe90 00000000`00000000 : nt!_C_specific_handler+0xe5
ffff9a01`fb3481a0 fffff802`52d2bf97 : ffff9a01`fb348710 00000000`00000000 ffff8009`f968f670 fffff802`52d23ccf : nt!RtlpExecuteHandlerForException+0xf
ffff9a01`fb3481d0 fffff802`52d2ab86 : ffff8009`f968f348 ffff9a01`fb348e20 ffff8009`f968f348 ffffc10c`47174c4a : nt!RtlDispatchException+0x297
ffff9a01`fb3488f0 fffff802`52df6612 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9a01`fb348fb0 fffff802`52df65e0 : fffff802`52e078a5 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffff8009`f968f208 fffff802`52e078a5 : 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffff8009`f968f210 fffff802`52e035e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x125
ffff8009`f968f3f0 fffff802`52dff9cd : ffffc10c`505680c0 fffff802`52c72230 ffff8009`f968f500 00000000`00000000 : nt!KiGeneralProtectionFault+0x320
ffff8009`f968f580 fffff802`52dff90d : ffff9a01`fb2ef180 ffff38cd`00000000 00000000`00000000 00000000`000000ff : nt!KiCustomRecurseRoutine2+0xd
ffff8009`f968f5b0 fffff802`52dffe4d : 00000000`00000003 fffff802`52c71dab ffffc10c`5b3a0ef8 ffff9a01`fb2ef180 : nt!KiCustomRecurseRoutine1+0xd
ffff8009`f968f5e0 fffff802`52dffd8d : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCustomRecurseRoutine0+0xd
ffff8009`f968f610 fffff802`52dffdc2 : 00000000`00000000 ffff9a01`fb2ef180 00000002`00001000 00000000`00000007 : nt!KiCustomRecurseRoutine9+0xd
ffff8009`f968f640 fffff802`52d23ccf : 00000000`0000000c 00000000`00000001 00000000`00000010 ffffc10c`47132040 : nt!KiCustomAccessRoutine9+0x22
ffff8009`f968f670 fffff802`52c44f12 : 00000000`00000004 e7502ec0`5ef4340f ffff9a01`fb2ef180 00000000`00000080 : nt!ExpCenturyDpcRoutine+0x9f
ffff8009`f968f7e0 fffff802`52c06eed : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c2911 : nt!KiProcessExpiredTimerList+0x172
ffff8009`f968f8d0 fffff802`52df92ee : 00000000`00000000 ffff9a01`fb2ef180 ffff9a01`fb2fa240 ffffc10c`5c99e100 : nt!KiRetireDpcList+0x5dd
ffff8009`f968fb60 00000000`00000000 : ffff8009`f9690000 ffff8009`f9689000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: nt!KiPageFault+469
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 469
FAILURE_BUCKET_ID: AV_STACKPTR_ERROR_nt!KiPageFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {5d494751-006f-69fb-e1b2-f4186279d450}
Followup: MachineOwner
---------
7: kd> lmvm nt
Browse full module list
start end module name
fffff802`52a00000 fffff802`53a46000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\4EF9A5375F61FE84B7EAEF54BF025C0E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\C129B8081046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: C129B808 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5C808
ImageSize: 01046000
File version: 10.0.19041.685
Product version: 10.0.19041.685
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.685
FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
---
Merry Christmas!
Thanks,
Ices
Continue reading...
My PC has been crashing a lot lately, and I am on my wits end in figuring out what's wrong here. I am able to WinDbg the dump file, but I am not too sure what I am looking at here. It would be great if I can have advice on what needs to be fixed.
---
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\122620-6671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`52a00000 PsLoadedModuleList = 0xfffff802`5362a2b0
Debug session time: Sat Dec 26 04:44:36.959 2020 (UTC + 8:00)
System Uptime: 0 days 13:26:18.598
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`52df5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9a01`fb347630=000000000000000a
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffff9a0222c7ea8d, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: ffff9a01feacb03b, address which referenced memory
Debugging Details:
------------------
DBGHELP: Timeout to store: C:\ProgramData\Dbg\sym*Symbol information
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2827
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-JK65TUI
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 101882
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: d1
BUGCHECK_P1: ffff9a0222c7ea8d
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: ffff9a01feacb03b
READ_ADDRESS: fffff802536fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffff9a0222c7ea8d
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: ffff9a01fb347770 -- (.trap 0xffff9a01fb347770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9a01feacb037 rbx=0000000000000000 rcx=ffff9a01feacb037
rdx=320781cc444a1553 rsi=0000000000000000 rdi=0000000000000000
rip=ffff9a01feacb03b rsp=ffff9a01fb347908 rbp=ffff8009f968f670
r8=0000000000000000 r9=0000000000000000 r10=ffff9a01feacb037
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
ffff9a01`feacb03b 48315108 xor qword ptr [rcx+8],rdx ds:ffff9a01`feacb03f=2a56b084541b241b
Resetting default scope
BAD_STACK_POINTER: ffff9a01fb347628
STACK_TEXT:
ffff9a01`fb347628 fffff802`52e07769 : 00000000`0000000a ffff9a02`22c7ea8d 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff9a01`fb347630 fffff802`52e03a69 : ffff22c5`a7a6871e fffff802`52e035e0 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff9a01`fb347770 ffff9a01`feacb03b : fffff802`52e10bd9 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 : nt!KiPageFault+0x469
ffff9a01`fb347908 fffff802`52e10bd9 : 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 ffff9a01`fb347fd0 : 0xffff9a01`feacb03b
ffff9a01`fb347910 fffff802`52dcc031 : fffff802`00000003 ffff8009`f968f600 ffff8009`f9689000 ffff8009`f9690000 : nt!ExpCenturyDpcRoutine$fin$0+0x151
ffff9a01`fb347970 fffff802`52dfe6bf : ffff8009`f968f600 ffff9a01`fb347f60 ffff8009`f968f670 ffff8009`f968f670 : nt!_C_specific_handler+0x1a1
ffff9a01`fb3479e0 fffff802`52d2c484 : ffff9a01`fb3487c0 ffff8009`00000000 ffff9a01`fb3487c0 fffff802`52ad6d40 : nt!RtlpExecuteHandlerForUnwind+0xf
ffff9a01`fb347a10 fffff802`52dcbf75 : fffff802`52a980f0 fffff802`00000001 ffff8009`f968f670 ffff8009`f9690000 : nt!RtlUnwindEx+0x2c4
ffff9a01`fb348130 fffff802`52dfe63f : fffff802`52ad6d40 ffff9a01`fb348710 fffff802`52dcbe90 00000000`00000000 : nt!_C_specific_handler+0xe5
ffff9a01`fb3481a0 fffff802`52d2bf97 : ffff9a01`fb348710 00000000`00000000 ffff8009`f968f670 fffff802`52d23ccf : nt!RtlpExecuteHandlerForException+0xf
ffff9a01`fb3481d0 fffff802`52d2ab86 : ffff8009`f968f348 ffff9a01`fb348e20 ffff8009`f968f348 ffffc10c`47174c4a : nt!RtlDispatchException+0x297
ffff9a01`fb3488f0 fffff802`52df6612 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9a01`fb348fb0 fffff802`52df65e0 : fffff802`52e078a5 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffff8009`f968f208 fffff802`52e078a5 : 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffff8009`f968f210 fffff802`52e035e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x125
ffff8009`f968f3f0 fffff802`52dff9cd : ffffc10c`505680c0 fffff802`52c72230 ffff8009`f968f500 00000000`00000000 : nt!KiGeneralProtectionFault+0x320
ffff8009`f968f580 fffff802`52dff90d : ffff9a01`fb2ef180 ffff38cd`00000000 00000000`00000000 00000000`000000ff : nt!KiCustomRecurseRoutine2+0xd
ffff8009`f968f5b0 fffff802`52dffe4d : 00000000`00000003 fffff802`52c71dab ffffc10c`5b3a0ef8 ffff9a01`fb2ef180 : nt!KiCustomRecurseRoutine1+0xd
ffff8009`f968f5e0 fffff802`52dffd8d : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCustomRecurseRoutine0+0xd
ffff8009`f968f610 fffff802`52dffdc2 : 00000000`00000000 ffff9a01`fb2ef180 00000002`00001000 00000000`00000007 : nt!KiCustomRecurseRoutine9+0xd
ffff8009`f968f640 fffff802`52d23ccf : 00000000`0000000c 00000000`00000001 00000000`00000010 ffffc10c`47132040 : nt!KiCustomAccessRoutine9+0x22
ffff8009`f968f670 fffff802`52c44f12 : 00000000`00000004 e7502ec0`5ef4340f ffff9a01`fb2ef180 00000000`00000080 : nt!ExpCenturyDpcRoutine+0x9f
ffff8009`f968f7e0 fffff802`52c06eed : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c2911 : nt!KiProcessExpiredTimerList+0x172
ffff8009`f968f8d0 fffff802`52df92ee : 00000000`00000000 ffff9a01`fb2ef180 ffff9a01`fb2fa240 ffffc10c`5c99e100 : nt!KiRetireDpcList+0x5dd
ffff8009`f968fb60 00000000`00000000 : ffff8009`f9690000 ffff8009`f9689000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: nt!KiPageFault+469
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 469
FAILURE_BUCKET_ID: AV_STACKPTR_ERROR_nt!KiPageFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {5d494751-006f-69fb-e1b2-f4186279d450}
Followup: MachineOwner
---------
7: kd> lmvm nt
Browse full module list
start end module name
fffff802`52a00000 fffff802`53a46000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\4EF9A5375F61FE84B7EAEF54BF025C0E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\C129B8081046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: C129B808 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5C808
ImageSize: 01046000
File version: 10.0.19041.685
Product version: 10.0.19041.685
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.685
FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
---
Merry Christmas!
Thanks,
Ices
Continue reading...