K
Kevin_tgch
Hello all, I have experienced a BSOD in the above Titled environment a couple of times now. It's referencing a memory error in the DUMP file --> FAILURE_BUCKET_ID: 0x1a_4477_rdpdr!memcpy. Below is the full output from the WINDBGR tool. Is this the failing of one of the DIMMs in the server (32 GB - standard server edition max)? Any direction would be greatly appreciated.
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 14393.2848.amd64fre.rs1_release.190305-1856
Machine Name:
Kernel base = 0xfffff801`86877000 PsLoadedModuleList = 0xfffff801`86b79180
Debug session time: Thu Mar 26 08:36:05.234 2020 (UTC - 5:00)
System Uptime: 1 days 1:35:43.809
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
...........................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {4477, 92ce290, 0, 0}
Probably caused by : rdpdr.sys ( rdpdr!memcpy+2b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000004477, A driver tried to write to an unallocated address in the
user space of the system process. Parameter 2 contains the
address of the attempted write.
Arg2: 00000000092ce290
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 14393.2848.amd64fre.rs1_release.190305-1856
SYSTEM_MANUFACTURER: Microsoft Corporation
VIRTUAL_MACHINE: HyperV
SYSTEM_PRODUCT_NAME: Virtual Machine
SYSTEM_SKU: None
SYSTEM_VERSION: Hyper-V UEFI Release v1.0
BIOS_VENDOR: Microsoft Corporation
BIOS_VERSION: Hyper-V UEFI Release v1.0
BIOS_DATE: 11/26/2012
BASEBOARD_MANUFACTURER: Microsoft Corporation
BASEBOARD_PRODUCT: Virtual Machine
BASEBOARD_VERSION: Hyper-V UEFI Release v1.0
DUMP_TYPE: 1
BUGCHECK_P1: 4477
BUGCHECK_P2: 92ce290
BUGCHECK_P3: 0
BUGCHECK_P4: 0
BUGCHECK_STR: 0x1a_4477
CPU_COUNT: 4
CPU_MHZ: bb8
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: FS1
ANALYSIS_SESSION_TIME: 03-26-2020 09:37:00.0384
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
TRAP_FRAME: ffff99003976c4c0 -- (.trap 0xffff99003976c4c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=00000000092ce298
rdx=ffffba06e5f69d94 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80e5e07332b rsp=ffff99003976c658 rbp=ffff99003976c720
r8=0000000000000020 r9=0000000000000003 r10=ffffcd08ec9ed420
r11=00000000092ce290 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
rdpdr!memcpy+0x2b:
fffff80e`5e07332b 488941f8 mov qword ptr [rcx-8],rax ds:00000000`092ce290=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8018692ae94 to fffff801869d3940
STACK_TEXT:
ffff9900`3976c1f8 fffff801`8692ae94 : 00000000`0000001a 00000000`00004477 00000000`092ce290 00000000`00000000 : nt!KeBugCheckEx
ffff9900`3976c200 fffff801`8692990f : 00000000`00000002 ffffcd08`e4a73cc0 ffff9900`3976c428 00000000`00000000 : nt!MiResolvePageTablePage+0x684
ffff9900`3976c2c0 fffff801`869e095b : ffffcd08`e774b1c0 00000000`0000000f ffffcd08`f0ecf080 ffffcd08`e6894398 : nt!MmAccessFault+0x61f
ffff9900`3976c4c0 fffff80e`5e07332b : fffff80e`5e09aeee fffff80e`5e07c000 fffff80e`5e09b868 ffffcd08`ece22d10 : nt!KiPageFault+0x31b
ffff9900`3976c658 fffff80e`5e09aeee : fffff80e`5e07c000 fffff80e`5e09b868 ffffcd08`ece22d10 00000000`00000000 : rdpdr!memcpy+0x2b
ffff9900`3976c660 fffff80e`5e09b432 : ffffcd08`e65c80e0 fffff801`00000020 00000000`00000020 ffff9900`3976c850 : rdpdr!DrDevice::OnDeviceControlCompletion+0x1ee
ffff9900`3976c6e0 fffff80e`5e098ded : 00000000`00000034 00000000`00000003 ffff9900`3976c850 ffff9900`3976c850 : rdpdr!DrDevice::OnDeviceIoCompletion+0x3e2
ffff9900`3976c750 fffff80e`5e098d2b : ffffcd08`ee593430 ffffcd08`e4da0b70 fffff80e`5e07c000 ffffcd08`ea140f2b : rdpdr!DrExchangeManager::OnDeviceIoCompletion+0xbd
ffff9900`3976c7a0 fffff80e`5e0893a9 : ffffcd08`e918c602 ffffcd08`ee593430 ffffcd08`ee593430 fffff801`86943600 : rdpdr!DrExchangeManager::HandlePacket+0x2b
ffff9900`3976c7d0 fffff80e`5e088b96 : 00000000`00000001 ffffcd08`ea140e10 ffff9900`3976c939 ffffcd08`ee593430 : rdpdr!DrSession::ReadCompletion+0x159
ffff9900`3976c850 fffff801`868e5af2 : ffffcd08`ea140e10 00000000`00000000 00000000`7246704e 00000000`00000080 : rdpdr!DrSession::ReadCompletionRoutine+0x46
ffff9900`3976c880 fffff80e`5b39b042 : ffffba06`ecbfee30 ffffba06`ecbfeed8 00000000`00000000 fffff801`86d1d100 : nt!IopfCompleteRequest+0x112
ffff9900`3976c9a0 fffff80e`59203172 : ffffcd08`e6108b70 fffff801`00000c80 00000000`00000034 ffffba06`ef238010 : Npfs!NpFsdRead+0x202
ffff9900`3976ca50 fffff80e`5e085c0b : 00000000`00000000 00000000`00000003 ffffcd08`e8282102 00000000`00000206 : FLTMGR!FltpDispatch+0xe2
ffff9900`3976cab0 fffff80e`5e07227a : ffffcd08`e82821a0 ffffcd08`00000c80 00000000`00000000 fffff801`00000000 : rdpdr!VirtualChannel::IoWorker+0x15b
ffff9900`3976cb40 fffff801`8689c005 : ffffcd08`e774d080 00000000`00000080 fffff80e`5e0721b0 ffffcd08`e6894310 : rdpdr!TSQueueWorker+0xca
ffff9900`3976cb90 fffff801`869dac26 : ffff9900`37380180 ffffcd08`e774d080 fffff801`8689bfc4 00000000`00000246 : nt!PspSystemThreadStartup+0x41
ffff9900`3976cbe0 00000000`00000000 : ffff9900`3976d000 ffff9900`39766000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
THREAD_SHA1_HASH_MOD_FUNC: 5bb8a3257aa81982edaa8f9fbc6390cfaeb5a931
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a37d6e71762aa80d33ad122d720fdd43d8f32dee
THREAD_SHA1_HASH_MOD: 61ca5f7c894ee3132d3a09ae550718ca25de5fc5
FOLLOWUP_IP:
rdpdr!memcpy+2b
fffff80e`5e07332b 488941f8 mov qword ptr [rcx-8],rax
FAULT_INSTR_CODE: f8418948
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: rdpdr!memcpy+2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdpdr
IMAGE_NAME: rdpdr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c68be66
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2b
FAILURE_BUCKET_ID: 0x1a_4477_rdpdr!memcpy
BUCKET_ID: 0x1a_4477_rdpdr!memcpy
PRIMARY_PROBLEM_CLASS: 0x1a_4477_rdpdr!memcpy
TARGET_TIME: 2020-03-26T13:36:05.000Z
OSBUILD: 14393
OSSERVICEPACK: 2848
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-03-06 00:04:59
BUILDDATESTAMP_STR: 190305-1856
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.2848.amd64fre.rs1_release.190305-1856
ANALYSIS_SESSION_ELAPSED_TIME: b0c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1a_4477_rdpdr!memcpy
FAILURE_ID_HASH: {281c3f98-2555-bdaf-be48-82d57d1931c7}
Followup: MachineOwner
---------
Continue reading...
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 14393.2848.amd64fre.rs1_release.190305-1856
Machine Name:
Kernel base = 0xfffff801`86877000 PsLoadedModuleList = 0xfffff801`86b79180
Debug session time: Thu Mar 26 08:36:05.234 2020 (UTC - 5:00)
System Uptime: 1 days 1:35:43.809
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
...........................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {4477, 92ce290, 0, 0}
Probably caused by : rdpdr.sys ( rdpdr!memcpy+2b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000004477, A driver tried to write to an unallocated address in the
user space of the system process. Parameter 2 contains the
address of the attempted write.
Arg2: 00000000092ce290
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 14393.2848.amd64fre.rs1_release.190305-1856
SYSTEM_MANUFACTURER: Microsoft Corporation
VIRTUAL_MACHINE: HyperV
SYSTEM_PRODUCT_NAME: Virtual Machine
SYSTEM_SKU: None
SYSTEM_VERSION: Hyper-V UEFI Release v1.0
BIOS_VENDOR: Microsoft Corporation
BIOS_VERSION: Hyper-V UEFI Release v1.0
BIOS_DATE: 11/26/2012
BASEBOARD_MANUFACTURER: Microsoft Corporation
BASEBOARD_PRODUCT: Virtual Machine
BASEBOARD_VERSION: Hyper-V UEFI Release v1.0
DUMP_TYPE: 1
BUGCHECK_P1: 4477
BUGCHECK_P2: 92ce290
BUGCHECK_P3: 0
BUGCHECK_P4: 0
BUGCHECK_STR: 0x1a_4477
CPU_COUNT: 4
CPU_MHZ: bb8
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: FS1
ANALYSIS_SESSION_TIME: 03-26-2020 09:37:00.0384
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
TRAP_FRAME: ffff99003976c4c0 -- (.trap 0xffff99003976c4c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=00000000092ce298
rdx=ffffba06e5f69d94 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80e5e07332b rsp=ffff99003976c658 rbp=ffff99003976c720
r8=0000000000000020 r9=0000000000000003 r10=ffffcd08ec9ed420
r11=00000000092ce290 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
rdpdr!memcpy+0x2b:
fffff80e`5e07332b 488941f8 mov qword ptr [rcx-8],rax ds:00000000`092ce290=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8018692ae94 to fffff801869d3940
STACK_TEXT:
ffff9900`3976c1f8 fffff801`8692ae94 : 00000000`0000001a 00000000`00004477 00000000`092ce290 00000000`00000000 : nt!KeBugCheckEx
ffff9900`3976c200 fffff801`8692990f : 00000000`00000002 ffffcd08`e4a73cc0 ffff9900`3976c428 00000000`00000000 : nt!MiResolvePageTablePage+0x684
ffff9900`3976c2c0 fffff801`869e095b : ffffcd08`e774b1c0 00000000`0000000f ffffcd08`f0ecf080 ffffcd08`e6894398 : nt!MmAccessFault+0x61f
ffff9900`3976c4c0 fffff80e`5e07332b : fffff80e`5e09aeee fffff80e`5e07c000 fffff80e`5e09b868 ffffcd08`ece22d10 : nt!KiPageFault+0x31b
ffff9900`3976c658 fffff80e`5e09aeee : fffff80e`5e07c000 fffff80e`5e09b868 ffffcd08`ece22d10 00000000`00000000 : rdpdr!memcpy+0x2b
ffff9900`3976c660 fffff80e`5e09b432 : ffffcd08`e65c80e0 fffff801`00000020 00000000`00000020 ffff9900`3976c850 : rdpdr!DrDevice::OnDeviceControlCompletion+0x1ee
ffff9900`3976c6e0 fffff80e`5e098ded : 00000000`00000034 00000000`00000003 ffff9900`3976c850 ffff9900`3976c850 : rdpdr!DrDevice::OnDeviceIoCompletion+0x3e2
ffff9900`3976c750 fffff80e`5e098d2b : ffffcd08`ee593430 ffffcd08`e4da0b70 fffff80e`5e07c000 ffffcd08`ea140f2b : rdpdr!DrExchangeManager::OnDeviceIoCompletion+0xbd
ffff9900`3976c7a0 fffff80e`5e0893a9 : ffffcd08`e918c602 ffffcd08`ee593430 ffffcd08`ee593430 fffff801`86943600 : rdpdr!DrExchangeManager::HandlePacket+0x2b
ffff9900`3976c7d0 fffff80e`5e088b96 : 00000000`00000001 ffffcd08`ea140e10 ffff9900`3976c939 ffffcd08`ee593430 : rdpdr!DrSession::ReadCompletion+0x159
ffff9900`3976c850 fffff801`868e5af2 : ffffcd08`ea140e10 00000000`00000000 00000000`7246704e 00000000`00000080 : rdpdr!DrSession::ReadCompletionRoutine+0x46
ffff9900`3976c880 fffff80e`5b39b042 : ffffba06`ecbfee30 ffffba06`ecbfeed8 00000000`00000000 fffff801`86d1d100 : nt!IopfCompleteRequest+0x112
ffff9900`3976c9a0 fffff80e`59203172 : ffffcd08`e6108b70 fffff801`00000c80 00000000`00000034 ffffba06`ef238010 : Npfs!NpFsdRead+0x202
ffff9900`3976ca50 fffff80e`5e085c0b : 00000000`00000000 00000000`00000003 ffffcd08`e8282102 00000000`00000206 : FLTMGR!FltpDispatch+0xe2
ffff9900`3976cab0 fffff80e`5e07227a : ffffcd08`e82821a0 ffffcd08`00000c80 00000000`00000000 fffff801`00000000 : rdpdr!VirtualChannel::IoWorker+0x15b
ffff9900`3976cb40 fffff801`8689c005 : ffffcd08`e774d080 00000000`00000080 fffff80e`5e0721b0 ffffcd08`e6894310 : rdpdr!TSQueueWorker+0xca
ffff9900`3976cb90 fffff801`869dac26 : ffff9900`37380180 ffffcd08`e774d080 fffff801`8689bfc4 00000000`00000246 : nt!PspSystemThreadStartup+0x41
ffff9900`3976cbe0 00000000`00000000 : ffff9900`3976d000 ffff9900`39766000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
THREAD_SHA1_HASH_MOD_FUNC: 5bb8a3257aa81982edaa8f9fbc6390cfaeb5a931
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a37d6e71762aa80d33ad122d720fdd43d8f32dee
THREAD_SHA1_HASH_MOD: 61ca5f7c894ee3132d3a09ae550718ca25de5fc5
FOLLOWUP_IP:
rdpdr!memcpy+2b
fffff80e`5e07332b 488941f8 mov qword ptr [rcx-8],rax
FAULT_INSTR_CODE: f8418948
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: rdpdr!memcpy+2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdpdr
IMAGE_NAME: rdpdr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c68be66
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2b
FAILURE_BUCKET_ID: 0x1a_4477_rdpdr!memcpy
BUCKET_ID: 0x1a_4477_rdpdr!memcpy
PRIMARY_PROBLEM_CLASS: 0x1a_4477_rdpdr!memcpy
TARGET_TIME: 2020-03-26T13:36:05.000Z
OSBUILD: 14393
OSSERVICEPACK: 2848
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-03-06 00:04:59
BUILDDATESTAMP_STR: 190305-1856
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.2848.amd64fre.rs1_release.190305-1856
ANALYSIS_SESSION_ELAPSED_TIME: b0c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1a_4477_rdpdr!memcpy
FAILURE_ID_HASH: {281c3f98-2555-bdaf-be48-82d57d1931c7}
Followup: MachineOwner
---------
Continue reading...