E
ElThaylaur
I installed Windows Debugger in order to diagnostic the problem but I couldn't handle what's wrong.
I did a fresh new install of windows and the problem keep happening several time.
Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\SymbolsSrvCache*Symbol information
Symbol search path is: srv*c:\SymbolsSrvCache*Symbol information
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`73800000 PsLoadedModuleList = 0xfffff807`7442a2b0
Debug session time: Wed Dec 9 19:59:33.856 2020 (UTC + 1:00)
System Uptime: 0 days 0:09:57.507
Loading Kernel Symbols
...............................................................
..Page 403beb not present in the dump file. Type ".hh dbgerr004" for details
..............................................................
.............................Page 1fd2e7 not present in the dump file. Type ".hh dbgerr004" for details
..................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000ca`726d0018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ffffc98c00000004, 10, ffffc98c00000004, 2}
Probably caused by : memory_corruption ( nt!MiSystemFault+1f40ab )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffc98c00000004, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: ffffc98c00000004, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P3.60
BIOS_DATE: 07/22/2020
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: A320M-DVS R3.0
BASEBOARD_VERSION:
DUMP_TYPE: 1
BUGCHECK_P1: ffffc98c00000004
BUGCHECK_P2: 10
BUGCHECK_P3: ffffc98c00000004
BUGCHECK_P4: 2
READ_ADDRESS: Unable to get offset of nt!_MI_VISIBLE_STATE.SpecialPool
Unable to get value of nt!_MI_VISIBLE_STATE.SessionSpecialPool
ffffc98c00000004
FAULTING_IP:
+0
ffffc98c`00000004 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: 6
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-LO81LT0
ANALYSIS_SESSION_TIME: 12-09-2020 20:12:18.0003
ANALYSIS_VERSION: 10.0.15063.468 amd64fre
TRAP_FRAME: ffffc98c7bd10840 -- (.trap 0xffffc98c7bd10840)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000101 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000ca rsi=0000000000000000 rdi=0000000000000000
rip=ffffc98c00000004 rsp=ffffc98c7bd109d0 rbp=ffffe681516c0180
r8=0000000000000000 r9=0000000000000009 r10=0000000000000028
r11=ffffd67840400001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
ffffc98c`00000004 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80773c1e8bb to fffff80773bf5780
FAILED_INSTRUCTION_ADDRESS:
+0
ffffc98c`00000004 ?? ???
STACK_TEXT:
ffffc98c`7bd10598 fffff807`73c1e8bb : 00000000`00000050 ffffc98c`00000004 00000000`00000010 ffffc98c`7bd10840 : nt!KeBugCheckEx
ffffc98c`7bd105a0 fffff807`73a0c960 : 00000000`00000000 00000000`00000010 ffffc98c`7bd108c0 00000000`00000000 : nt!MiSystemFault+0x1f40ab
ffffc98c`7bd106a0 fffff807`73c0395e : 3feccccc`cccccccd 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x400
ffffc98c`7bd10840 ffffc98c`00000004 : 00000000`00000004 ffffb708`00000000 00000000`00000000 000002d8`00000000 : nt!KiPageFault+0x35e
ffffc98c`7bd109d0 00000000`00000004 : ffffb708`00000000 00000000`00000000 000002d8`00000000 ffffb708`00000000 : 0xffffc98c`00000004
ffffc98c`7bd109d8 ffffb708`00000000 : 00000000`00000000 000002d8`00000000 ffffb708`00000000 00000000`0000f000 : 0x4
ffffc98c`7bd109e0 00000000`00000000 : 000002d8`00000000 ffffb708`00000000 00000000`0000f000 000000ca`00000000 : 0xffffb708`00000000
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 35852f70c1fb96d682b5bd0e931cc10c7b9fe1fe
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b85021cc878d307c6d7da19c56e40a4270ec9430
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!MiSystemFault+1f40ab
fffff807`73c1e8bb cc int 3
FAULT_INSTR_CODE: 4c8d48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSystemFault+1f40ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 1f40ab
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_nt!MiSystemFault
TARGET_TIME: 2020-12-09T18:59:33.000Z
OSBUILD: 19041
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 191206-1406
BUILDLAB_STR: vb_release
BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
ANALYSIS_SESSION_ELAPSED_TIME: e28
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_nt!misystemfault
FAILURE_ID_HASH: {48ad9531-e3f8-1044-fc5f-d917677674c7}
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffc98c00000004, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: ffffc98c00000004, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P3.60
BIOS_DATE: 07/22/2020
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: A320M-DVS R3.0
BASEBOARD_VERSION:
DUMP_TYPE: 1
BUGCHECK_P1: ffffc98c00000004
BUGCHECK_P2: 10
BUGCHECK_P3: ffffc98c00000004
BUGCHECK_P4: 2
READ_ADDRESS: ffffc98c00000004
FAULTING_IP:
+0
ffffc98c`00000004 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: 6
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-LO81LT0
ANALYSIS_SESSION_TIME: 12-09-2020 20:14:57.0963
ANALYSIS_VERSION: 10.0.15063.468 amd64fre
TRAP_FRAME: ffffc98c7bd10840 -- (.trap 0xffffc98c7bd10840)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000101 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000ca rsi=0000000000000000 rdi=0000000000000000
rip=ffffc98c00000004 rsp=ffffc98c7bd109d0 rbp=ffffe681516c0180
r8=0000000000000000 r9=0000000000000009 r10=0000000000000028
r11=ffffd67840400001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
ffffc98c`00000004 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80773c1e8bb to fffff80773bf5780
FAILED_INSTRUCTION_ADDRESS:
+0
ffffc98c`00000004 ?? ???
STACK_TEXT:
ffffc98c`7bd10598 fffff807`73c1e8bb : 00000000`00000050 ffffc98c`00000004 00000000`00000010 ffffc98c`7bd10840 : nt!KeBugCheckEx
ffffc98c`7bd105a0 fffff807`73a0c960 : 00000000`00000000 00000000`00000010 ffffc98c`7bd108c0 00000000`00000000 : nt!MiSystemFault+0x1f40ab
ffffc98c`7bd106a0 fffff807`73c0395e : 3feccccc`cccccccd 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x400
ffffc98c`7bd10840 ffffc98c`00000004 : 00000000`00000004 ffffb708`00000000 00000000`00000000 000002d8`00000000 : nt!KiPageFault+0x35e
ffffc98c`7bd109d0 00000000`00000004 : ffffb708`00000000 00000000`00000000 000002d8`00000000 ffffb708`00000000 : 0xffffc98c`00000004
ffffc98c`7bd109d8 ffffb708`00000000 : 00000000`00000000 000002d8`00000000 ffffb708`00000000 00000000`0000f000 : 0x4
ffffc98c`7bd109e0 00000000`00000000 : 000002d8`00000000 ffffb708`00000000 00000000`0000f000 000000ca`00000000 : 0xffffb708`00000000
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 35852f70c1fb96d682b5bd0e931cc10c7b9fe1fe
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b85021cc878d307c6d7da19c56e40a4270ec9430
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!MiSystemFault+1f40ab
fffff807`73c1e8bb cc int 3
FAULT_INSTR_CODE: 4c8d48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSystemFault+1f40ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 1f40ab
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_nt!MiSystemFault
TARGET_TIME: 2020-12-09T18:59:33.000Z
OSBUILD: 19041
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 191206-1406
BUILDLAB_STR: vb_release
BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
ANALYSIS_SESSION_ELAPSED_TIME: e61
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_nt!misystemfault
FAILURE_ID_HASH: {48ad9531-e3f8-1044-fc5f-d917677674c7}
Followup: MachineOwner
---------
4: kd> lmvm nt
Browse full module list
start end module name
fffff807`73800000 fffff807`74846000 nt (pdb symbols) c:\symbolssrvcache\ntkrnlmp.pdb\4EF9A5375F61FE84B7EAEF54BF025C0E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: ***** Invalid (C129B808)
CheckSum: 00A5C808
ImageSize: 01046000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Continue reading...
I did a fresh new install of windows and the problem keep happening several time.
Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\SymbolsSrvCache*Symbol information
Symbol search path is: srv*c:\SymbolsSrvCache*Symbol information
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`73800000 PsLoadedModuleList = 0xfffff807`7442a2b0
Debug session time: Wed Dec 9 19:59:33.856 2020 (UTC + 1:00)
System Uptime: 0 days 0:09:57.507
Loading Kernel Symbols
...............................................................
..Page 403beb not present in the dump file. Type ".hh dbgerr004" for details
..............................................................
.............................Page 1fd2e7 not present in the dump file. Type ".hh dbgerr004" for details
..................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000ca`726d0018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ffffc98c00000004, 10, ffffc98c00000004, 2}
Probably caused by : memory_corruption ( nt!MiSystemFault+1f40ab )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffc98c00000004, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: ffffc98c00000004, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P3.60
BIOS_DATE: 07/22/2020
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: A320M-DVS R3.0
BASEBOARD_VERSION:
DUMP_TYPE: 1
BUGCHECK_P1: ffffc98c00000004
BUGCHECK_P2: 10
BUGCHECK_P3: ffffc98c00000004
BUGCHECK_P4: 2
READ_ADDRESS: Unable to get offset of nt!_MI_VISIBLE_STATE.SpecialPool
Unable to get value of nt!_MI_VISIBLE_STATE.SessionSpecialPool
ffffc98c00000004
FAULTING_IP:
+0
ffffc98c`00000004 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: 6
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-LO81LT0
ANALYSIS_SESSION_TIME: 12-09-2020 20:12:18.0003
ANALYSIS_VERSION: 10.0.15063.468 amd64fre
TRAP_FRAME: ffffc98c7bd10840 -- (.trap 0xffffc98c7bd10840)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000101 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000ca rsi=0000000000000000 rdi=0000000000000000
rip=ffffc98c00000004 rsp=ffffc98c7bd109d0 rbp=ffffe681516c0180
r8=0000000000000000 r9=0000000000000009 r10=0000000000000028
r11=ffffd67840400001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
ffffc98c`00000004 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80773c1e8bb to fffff80773bf5780
FAILED_INSTRUCTION_ADDRESS:
+0
ffffc98c`00000004 ?? ???
STACK_TEXT:
ffffc98c`7bd10598 fffff807`73c1e8bb : 00000000`00000050 ffffc98c`00000004 00000000`00000010 ffffc98c`7bd10840 : nt!KeBugCheckEx
ffffc98c`7bd105a0 fffff807`73a0c960 : 00000000`00000000 00000000`00000010 ffffc98c`7bd108c0 00000000`00000000 : nt!MiSystemFault+0x1f40ab
ffffc98c`7bd106a0 fffff807`73c0395e : 3feccccc`cccccccd 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x400
ffffc98c`7bd10840 ffffc98c`00000004 : 00000000`00000004 ffffb708`00000000 00000000`00000000 000002d8`00000000 : nt!KiPageFault+0x35e
ffffc98c`7bd109d0 00000000`00000004 : ffffb708`00000000 00000000`00000000 000002d8`00000000 ffffb708`00000000 : 0xffffc98c`00000004
ffffc98c`7bd109d8 ffffb708`00000000 : 00000000`00000000 000002d8`00000000 ffffb708`00000000 00000000`0000f000 : 0x4
ffffc98c`7bd109e0 00000000`00000000 : 000002d8`00000000 ffffb708`00000000 00000000`0000f000 000000ca`00000000 : 0xffffb708`00000000
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 35852f70c1fb96d682b5bd0e931cc10c7b9fe1fe
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b85021cc878d307c6d7da19c56e40a4270ec9430
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!MiSystemFault+1f40ab
fffff807`73c1e8bb cc int 3
FAULT_INSTR_CODE: 4c8d48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSystemFault+1f40ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 1f40ab
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_nt!MiSystemFault
TARGET_TIME: 2020-12-09T18:59:33.000Z
OSBUILD: 19041
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 191206-1406
BUILDLAB_STR: vb_release
BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
ANALYSIS_SESSION_ELAPSED_TIME: e28
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_nt!misystemfault
FAILURE_ID_HASH: {48ad9531-e3f8-1044-fc5f-d917677674c7}
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffc98c00000004, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: ffffc98c00000004, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P3.60
BIOS_DATE: 07/22/2020
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: A320M-DVS R3.0
BASEBOARD_VERSION:
DUMP_TYPE: 1
BUGCHECK_P1: ffffc98c00000004
BUGCHECK_P2: 10
BUGCHECK_P3: ffffc98c00000004
BUGCHECK_P4: 2
READ_ADDRESS: ffffc98c00000004
FAULTING_IP:
+0
ffffc98c`00000004 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: 6
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-LO81LT0
ANALYSIS_SESSION_TIME: 12-09-2020 20:14:57.0963
ANALYSIS_VERSION: 10.0.15063.468 amd64fre
TRAP_FRAME: ffffc98c7bd10840 -- (.trap 0xffffc98c7bd10840)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000101 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000000ca rsi=0000000000000000 rdi=0000000000000000
rip=ffffc98c00000004 rsp=ffffc98c7bd109d0 rbp=ffffe681516c0180
r8=0000000000000000 r9=0000000000000009 r10=0000000000000028
r11=ffffd67840400001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
ffffc98c`00000004 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80773c1e8bb to fffff80773bf5780
FAILED_INSTRUCTION_ADDRESS:
+0
ffffc98c`00000004 ?? ???
STACK_TEXT:
ffffc98c`7bd10598 fffff807`73c1e8bb : 00000000`00000050 ffffc98c`00000004 00000000`00000010 ffffc98c`7bd10840 : nt!KeBugCheckEx
ffffc98c`7bd105a0 fffff807`73a0c960 : 00000000`00000000 00000000`00000010 ffffc98c`7bd108c0 00000000`00000000 : nt!MiSystemFault+0x1f40ab
ffffc98c`7bd106a0 fffff807`73c0395e : 3feccccc`cccccccd 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x400
ffffc98c`7bd10840 ffffc98c`00000004 : 00000000`00000004 ffffb708`00000000 00000000`00000000 000002d8`00000000 : nt!KiPageFault+0x35e
ffffc98c`7bd109d0 00000000`00000004 : ffffb708`00000000 00000000`00000000 000002d8`00000000 ffffb708`00000000 : 0xffffc98c`00000004
ffffc98c`7bd109d8 ffffb708`00000000 : 00000000`00000000 000002d8`00000000 ffffb708`00000000 00000000`0000f000 : 0x4
ffffc98c`7bd109e0 00000000`00000000 : 000002d8`00000000 ffffb708`00000000 00000000`0000f000 000000ca`00000000 : 0xffffb708`00000000
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: 35852f70c1fb96d682b5bd0e931cc10c7b9fe1fe
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b85021cc878d307c6d7da19c56e40a4270ec9430
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!MiSystemFault+1f40ab
fffff807`73c1e8bb cc int 3
FAULT_INSTR_CODE: 4c8d48cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSystemFault+1f40ab
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 1f40ab
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
BUCKET_ID: AV_INVALID_BAD_IP_nt!MiSystemFault
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_nt!MiSystemFault
TARGET_TIME: 2020-12-09T18:59:33.000Z
OSBUILD: 19041
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 191206-1406
BUILDLAB_STR: vb_release
BUILDOSVER_STR: 10.0.19041.1.amd64fre.vb_release.191206-1406
ANALYSIS_SESSION_ELAPSED_TIME: e61
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_nt!misystemfault
FAILURE_ID_HASH: {48ad9531-e3f8-1044-fc5f-d917677674c7}
Followup: MachineOwner
---------
4: kd> lmvm nt
Browse full module list
start end module name
fffff807`73800000 fffff807`74846000 nt (pdb symbols) c:\symbolssrvcache\ntkrnlmp.pdb\4EF9A5375F61FE84B7EAEF54BF025C0E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: ***** Invalid (C129B808)
CheckSum: 00A5C808
ImageSize: 01046000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Continue reading...