Hello all :)
Sorry for it being so long. An update. Basically, the BSODs continue. There were ~4 separate patterns. I have, after much effort, finally pinned each onto specific drivers, and am now left with one final pattern which I seem unable to solve. I have, however, really enjoyed working it, but would love a little bit more assistance.
I have basically tried all that you have suggested thus far, and I will re-read the thread, just to be sure. Hardware diagnostics came back good, although that was a little while ago, and I will re-run them, just to be sure.
However, I have a personal belief that this is a driver. The call stacks, memory address patterns, always an access violation, etc. etc. are absolutely identical in every dump. No variations whatsoever.
Most times it crashes without creating a minidump, and ~1 in 6 it creates a kernel memory dump.
I have two separate patterns 0x1E_C0000005, and 0x3B_C0000005. However, I strongly suspect that they have the same cause, once again due to huge similarities in the call stack and memory address patterns.
However, I have now noticed something even more odd, which you experts might tell me is not odd at all.
Relevant parts:
Any idea why the Virtual Address in these two completely different dumps is exactly the same? Any idea what it means? Is it normal? I assume it is just some system thing which will of course be the same in each dump, or something mundane and useless like that.
Thanks a lot.
Sorry for it being so long. An update. Basically, the BSODs continue. There were ~4 separate patterns. I have, after much effort, finally pinned each onto specific drivers, and am now left with one final pattern which I seem unable to solve. I have, however, really enjoyed working it, but would love a little bit more assistance.
I have basically tried all that you have suggested thus far, and I will re-read the thread, just to be sure. Hardware diagnostics came back good, although that was a little while ago, and I will re-run them, just to be sure.
However, I have a personal belief that this is a driver. The call stacks, memory address patterns, always an access violation, etc. etc. are absolutely identical in every dump. No variations whatsoever.
Most times it crashes without creating a minidump, and ~1 in 6 it creates a kernel memory dump.
I have two separate patterns 0x1E_C0000005, and 0x3B_C0000005. However, I strongly suspect that they have the same cause, once again due to huge similarities in the call stack and memory address patterns.
However, I have now noticed something even more odd, which you experts might tell me is not odd at all.
Code:
Microsoft (R) Windows Debugger Version 6.2.8229.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Users\Richard\Desktop\MEMORY (16).DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0325b000 PsLoadedModuleList = 0xfffff800`0349f670
Debug session time: Sat Jul 7 19:29:27.427 2012 (UTC + 1:00)
System Uptime: 0 days 0:19:58.239
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff800032ff830, 0, ffffffffffffffff}
Probably caused by : memory_corruption ( nt!MiReplenishPageSlist+c0 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800032ff830, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiReplenishPageSlist+c0
fffff800`032ff830 f00fba6b1000 lock bts dword ptr [rbx+10h],0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1e_c0000005
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003324d88 to fffff800032da1c0
CONTEXT: 480100161b0505f6 -- (.cxr 0x480100161b0505f6)
Unable to read context, NTSTATUS 0xC0000141
STACK_TEXT:
fffff880`0c344dd8 fffff800`03324d88 : 00000000`0000001e ffffffff`c0000005 fffff800`032ff830 00000000`00000000 : nt!KeBugCheckEx
fffff880`0c344de0 fffff800`032d9842 : fffff880`0c3455b8 bffffa80`0888bf10 fffff880`0c345660 00000000`00000006 : nt! ?? ::FNODOBFM::`string'+0x48d3d
fffff880`0c345480 fffff800`032d814a : fffffa80`0fe7bbb0 fffff8a0`006a6650 fffffa80`0d9b1430 fffffa80`0deb4180 : nt!KiExceptionDispatch+0xc2
fffff880`0c345660 fffff800`032ff830 : ffffffff`ffffffff fffffa80`0f2dfb50 00000000`18030000 fffff800`03302106 : nt!KiGeneralProtectionFault+0x10a
fffff880`0c3457f0 fffff800`032fdfef : fffffa80`0cbfb338 00000000`0000007b fffffa80`0889c710 00000000`0000007b : nt!MiReplenishPageSlist+0xc0
fffff880`0c345860 fffff800`032e7614 : 00000000`00000000 00000000`00000002 00000000`00000000 ffffffff`ffffffff : nt!MiRemoveAnyPage+0x24f
fffff880`0c345980 fffff800`032d82ee : 00000000`00000001 00000000`18037000 00000000`16822101 00000000`000000b0 : nt!MmAccessFault+0x1224
fffff880`0c345ae0 00000000`6ec06af7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`1f05d000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6ec06af7
FOLLOWUP_IP:
nt!MiReplenishPageSlist+c0
fffff800`032ff830 f00fba6b1000 lock bts dword ptr [rbx+10h],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiReplenishPageSlist+c0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa390f3
STACK_COMMAND: .cxr 0x480100161b0505f6 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1e_c0000005_VRF_nt!MiReplenishPageSlist+c0
BUCKET_ID: X64_0x1e_c0000005_VRF_nt!MiReplenishPageSlist+c0
Followup: MachineOwner
---------
4: kd> !pfn fffff800`032ff830
PFN 5554D5558854D85 at address FFFE7A8098FE8900
flink 00000000 blink / share count 00000000 pteaddress 00000000
reference count 0000 used entry count 0000 NonCached color 0 Priority 0
restore pte 00000000 containing page 000000 Zeroed
4: kd> dt nt!_MMPFN fffff800`032ff830
+0x000 u1 : <unnamed-tag>
+0x008 u2 : <unnamed-tag>
+0x010 PteAddress : 0xfff5d8d3`850feb8b _MMPTE
+0x010 VolatilePteAddress : 0xfff5d8d3`850feb8b Void
+0x010 Lock : 0n-2062554229
+0x010 PteLong : 0xfff5d8d3`850feb8b
+0x018 u3 : <unnamed-tag>
+0x01c UsedPageTableEntries : 0x20
+0x01e VaType : 0x1 ''
+0x01f ViewCount : 0xf ''
+0x020 OriginalPte : _MMPTE
+0x020 AweReferenceCount : 0n-170333820
+0x028 u4 : <unnamed-tag>
4: kd> !pte 0xfff5d8d3`850feb8b
VA fff5d8d3850feb8b
PXE at FFFFF6FB7DBEDD88 PPE at FFFFF6FB7DBB1A70 PDE at FFFFF6FB7634E140 PTE at FFFFF6EC69C287F0
contains 0000000000000000
not valid
WARNING: noncanonical VA, accesses will fault !
Code:
Microsoft (R) Windows Debugger Version 6.2.8229.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Users\Richard\Desktop\MEMORY (15).DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0324c000 PsLoadedModuleList = 0xfffff800`03490670
Debug session time: Wed Jul 4 17:19:25.042 2012 (UTC + 1:00)
System Uptime: 0 days 0:02:25.854
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800032f0830, fffff8800c5dca10, 0}
Page 3d3b3f not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : win32k.sys ( win32k!memset+80 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800032f0830, Address of the instruction which caused the bugcheck
Arg3: fffff8800c5dca10, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiReplenishPageSlist+c0
fffff800`032f0830 f00fba6b1000 lock bts dword ptr [rbx+10h],0
CONTEXT: fffff8800c5dca10 -- (.cxr 0xfffff8800c5dca10)
rax=04000000002d83fb rbx=bffffa800888bf10 rcx=0000058000000000
rdx=0000000000000050 rsi=0000000000000008 rdi=0000000000000008
rip=fffff800032f0830 rsp=fffff8800c5dd3f0 rbp=fffffa800888d710
r8=fffff800034fd500 r9=fffffa800cbfa000 r10=fffffa800cbfb358
r11=fffff88003565180 r12=fffff800034fd500 r13=2aaaaaaaaaaaaaab
r14=fdffffffffffffff r15=0000058000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!MiReplenishPageSlist+0xc0:
fffff800`032f0830 f00fba6b1000 lock bts dword ptr [rbx+10h],0 ds:002b:bffffa80`0888bf20=????????
Resetting default scope
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 2
TRAP_FRAME: fffff8800c5dd8e0 -- (.trap 0xfffff8800c5dd8e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c23c6000 rbx=0000000000000000 rcx=fffff900c23d4000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960000c5090 rsp=fffff8800c5dda78 rbp=fffff80003383a26
r8=0000000000000020 r9=00000000000002e8 r10=0000000000000034
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
win32k!memset+0x80:
fffff960`000c5090 488911 mov qword ptr [rcx],rdx ds:fffff900`c23d4000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032eefef to fffff800032f0830
STACK_TEXT:
fffff880`0c5dd3f0 fffff800`032eefef : fffffa80`0cbfb338 00000000`0000007b fffffa80`08899710 00000000`0000007b : nt!MiReplenishPageSlist+0xc0
fffff880`0c5dd460 fffff800`032db06f : 00000000`00000002 fffff880`00000002 fffff880`02791c00 00000000`00000000 : nt!MiRemoveAnyPage+0x24f
fffff880`0c5dd580 fffff800`032e81ae : 00000000`00000001 fffff900`c23d4000 fffff880`0c5dd8e0 fffff6fc`80611ea0 : nt!MiResolveDemandZeroFault+0x54f
fffff880`0c5dd670 fffff800`032d820b : fffff880`0c5dd4b0 00000000`00000064 00000000`00000064 00000000`00000000 : nt!MiDispatchFault+0x8ce
fffff880`0c5dd780 fffff800`032c92ee : 00000000`00000001 fffff900`c23d4000 00000001`00000000 fffff900`c23c6000 : nt!MmAccessFault+0xe1b
fffff880`0c5dd8e0 fffff960`000c5090 : fffff960`000b3f4e 00000202`0018002b 00000000`00000000 00000000`80000000 : nt!KiPageFault+0x16e
fffff880`0c5dda78 fffff960`000b3f4e : 00000202`0018002b 00000000`00000000 00000000`80000000 fffff880`0c5ddc80 : win32k!memset+0x80
fffff880`0c5dda80 fffff960`000b5458 : fffff800`032ca453 fffff880`0c5dded8 fffff800`03383a26 fffff880`0c5ddc80 : win32k!AllocateObject+0xf2
fffff880`0c5ddac0 fffff960`000076fb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`0c5ddbb0 fffff960`00015c46 : fffff900`c23584e0 fffff900`c0000790 fffff880`0c5dde90 fffff900`c063cbe0 : win32k!psSetupTransparentSrcSurface+0x1a3
fffff880`0c5dde30 fffff960`001926f7 : fffff900`c012b010 00000000`00000000 fffff900`c063cbe0 fffff900`c063cbe0 : win32k!EngAlphaBlend+0x1de
fffff880`0c5de0f0 fffff800`032ca453 : ffffffff`9c010c51 00000000`00000014 00000000`00000000 fffff900`00000618 : win32k!NtGdiAlphaBlend+0x15ff
fffff880`0c5de4f0 00000000`7322059a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0022c2a8 fffff800`032c2810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7322059a
fffff880`0c5de740 fffff900`c084bfe0 : 00000000`000000a0 fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 : nt!KiCallUserMode
fffff880`0c5de748 00000000`000000a0 : fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 : 0xfffff900`c084bfe0
fffff880`0c5de750 fffffa80`0e2b07e0 : fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 : 0xa0
fffff880`0c5de758 fffff960`000c60ce : 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 00460051`00630046 : 0xfffffa80`0e2b07e0
fffff880`0c5de760 003d006c`00720075 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!FreeObject+0x4e
fffff880`0c5de790 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x3d006c`00720075
FOLLOWUP_IP:
win32k!memset+80
fffff960`000c5090 488911 mov qword ptr [rcx],rdx
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: win32k!memset+80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4fb1b20d
STACK_COMMAND: .cxr 0xfffff8800c5dca10 ; kb
FAILURE_BUCKET_ID: X64_0x3B_VRF_win32k!memset+80
BUCKET_ID: X64_0x3B_VRF_win32k!memset+80
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800032f0830, Address of the instruction which caused the bugcheck
Arg3: fffff8800c5dca10, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiReplenishPageSlist+c0
fffff800`032f0830 f00fba6b1000 lock bts dword ptr [rbx+10h],0
CONTEXT: fffff8800c5dca10 -- (.cxr 0xfffff8800c5dca10)
rax=04000000002d83fb rbx=bffffa800888bf10 rcx=0000058000000000
rdx=0000000000000050 rsi=0000000000000008 rdi=0000000000000008
rip=fffff800032f0830 rsp=fffff8800c5dd3f0 rbp=fffffa800888d710
r8=fffff800034fd500 r9=fffffa800cbfa000 r10=fffffa800cbfb358
r11=fffff88003565180 r12=fffff800034fd500 r13=2aaaaaaaaaaaaaab
r14=fdffffffffffffff r15=0000058000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!MiReplenishPageSlist+0xc0:
fffff800`032f0830 f00fba6b1000 lock bts dword ptr [rbx+10h],0 ds:002b:bffffa80`0888bf20=????????
Resetting default scope
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 2
TRAP_FRAME: fffff8800c5dd8e0 -- (.trap 0xfffff8800c5dd8e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c23c6000 rbx=0000000000000000 rcx=fffff900c23d4000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960000c5090 rsp=fffff8800c5dda78 rbp=fffff80003383a26
r8=0000000000000020 r9=00000000000002e8 r10=0000000000000034
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
win32k!memset+0x80:
fffff960`000c5090 488911 mov qword ptr [rcx],rdx ds:fffff900`c23d4000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032eefef to fffff800032f0830
STACK_TEXT:
fffff880`0c5dd3f0 fffff800`032eefef : fffffa80`0cbfb338 00000000`0000007b fffffa80`08899710 00000000`0000007b : nt!MiReplenishPageSlist+0xc0
fffff880`0c5dd460 fffff800`032db06f : 00000000`00000002 fffff880`00000002 fffff880`02791c00 00000000`00000000 : nt!MiRemoveAnyPage+0x24f
fffff880`0c5dd580 fffff800`032e81ae : 00000000`00000001 fffff900`c23d4000 fffff880`0c5dd8e0 fffff6fc`80611ea0 : nt!MiResolveDemandZeroFault+0x54f
fffff880`0c5dd670 fffff800`032d820b : fffff880`0c5dd4b0 00000000`00000064 00000000`00000064 00000000`00000000 : nt!MiDispatchFault+0x8ce
fffff880`0c5dd780 fffff800`032c92ee : 00000000`00000001 fffff900`c23d4000 00000001`00000000 fffff900`c23c6000 : nt!MmAccessFault+0xe1b
fffff880`0c5dd8e0 fffff960`000c5090 : fffff960`000b3f4e 00000202`0018002b 00000000`00000000 00000000`80000000 : nt!KiPageFault+0x16e
fffff880`0c5dda78 fffff960`000b3f4e : 00000202`0018002b 00000000`00000000 00000000`80000000 fffff880`0c5ddc80 : win32k!memset+0x80
fffff880`0c5dda80 fffff960`000b5458 : fffff800`032ca453 fffff880`0c5dded8 fffff800`03383a26 fffff880`0c5ddc80 : win32k!AllocateObject+0xf2
fffff880`0c5ddac0 fffff960`000076fb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`0c5ddbb0 fffff960`00015c46 : fffff900`c23584e0 fffff900`c0000790 fffff880`0c5dde90 fffff900`c063cbe0 : win32k!psSetupTransparentSrcSurface+0x1a3
fffff880`0c5dde30 fffff960`001926f7 : fffff900`c012b010 00000000`00000000 fffff900`c063cbe0 fffff900`c063cbe0 : win32k!EngAlphaBlend+0x1de
fffff880`0c5de0f0 fffff800`032ca453 : ffffffff`9c010c51 00000000`00000014 00000000`00000000 fffff900`00000618 : win32k!NtGdiAlphaBlend+0x15ff
fffff880`0c5de4f0 00000000`7322059a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0022c2a8 fffff800`032c2810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7322059a
fffff880`0c5de740 fffff900`c084bfe0 : 00000000`000000a0 fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 : nt!KiCallUserMode
fffff880`0c5de748 00000000`000000a0 : fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 : 0xfffff900`c084bfe0
fffff880`0c5de750 fffffa80`0e2b07e0 : fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 : 0xa0
fffff880`0c5de758 fffff960`000c60ce : 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 00460051`00630046 : 0xfffffa80`0e2b07e0
fffff880`0c5de760 003d006c`00720075 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!FreeObject+0x4e
fffff880`0c5de790 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x3d006c`00720075
FOLLOWUP_IP:
win32k!memset+80
fffff960`000c5090 488911 mov qword ptr [rcx],rdx
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: win32k!memset+80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4fb1b20d
STACK_COMMAND: .cxr 0xfffff8800c5dca10 ; kb
FAILURE_BUCKET_ID: X64_0x3B_VRF_win32k!memset+80
BUCKET_ID: X64_0x3B_VRF_win32k!memset+80
Followup: MachineOwner
---------
2: kd> !pte 3d3b3f
VA 00000000003d3b3f
PXE at FFFFF6FB7DBED000 PPE at FFFFF6FB7DA00000 PDE at FFFFF6FB40000008 PTE at FFFFF68000001E98
contains 00700002E6D5B867 contains 02F00002E3B5F867 contains 01800002E5869867 contains CDE00003BAA94025
pfn 2e6d5b ---DA--UWEV pfn 2e3b5f ---DA--UWEV pfn 2e5869 ---DA--UWEV pfn 3baa94 ----A--UR-V
2: kd> !cmkd.stack
Call Stack : 28 frames
## Stack-Pointer Return-Address Call-Site
00 fffff8800c5dc148 fffff800032ca769 nt!KeBugCheckEx+0
01 fffff8800c5dc150 fffff800032ca0bc nt!KiBugCheckDispatch+69
02 fffff8800c5dc290 fffff800032f5e2d nt!KiSystemServiceHandler+7c
03 fffff8800c5dc2d0 fffff800032f4c05 nt!RtlpExecuteHandlerForException+d
04 fffff8800c5dc300 fffff80003305b81 nt!RtlDispatchException+415
05 fffff8800c5dc9e0 fffff800032ca842 nt!KiDispatchException+135
06 fffff8800c5dd080 fffff800032c914a nt!KiExceptionDispatch+c2
07 fffff8800c5dd260 fffff800032f0830 nt!KiGeneralProtectionFault+10a
08 fffff8800c5dd3f0 fffff800032eefef nt!MiReplenishPageSlist+c0 (perf)
09 fffff8800c5dd460 fffff800032db06f nt!MiRemoveAnyPage+24f
0a fffff8800c5dd580 fffff800032e81ae nt!MiResolveDemandZeroFault+54f
0b fffff8800c5dd670 fffff800032d820b nt!MiDispatchFault+8ce
0c fffff8800c5dd780 fffff800032c92ee nt!MmAccessFault+e1b
0d fffff8800c5dd8e0 fffff960000c5090 nt!KiPageFault+16e
0e fffff8800c5dda78 fffff960000b3f4e win32k!memset+80
0f fffff8800c5dda80 fffff960000b5458 win32k!AllocateObject+f2
10 fffff8800c5ddac0 fffff960000076fb win32k!SURFMEM::bCreateDIB+1f8
11 fffff8800c5ddbb0 fffff96000015c46 win32k!psSetupTransparentSrcSurface+1a3
12 fffff8800c5dde30 fffff960001926f7 win32k!EngAlphaBlend+1de
13 fffff8800c5de0f0 fffff800032ca453 win32k!NtGdiAlphaBlend+15ff
14 fffff8800c5de4f0 000000007322059a nt!KiSystemServiceCopyEnd+13
2: kd> !vtop 3baa94 00000000003d3b3f
Amd64VtoP: Virt 00000000`003d3b3f, pagedir 3baa94
Amd64VtoP: PML4E 3baa94
Amd64VtoP: PML4E read error 0x80004002
Virtual address 3d3b3f translation fails, error 0x80004002.
2: kd> !thread
THREAD fffffa80101ed6d0 Cid 1d0c.1d10 Teb: 000000007efdb000 Win32Thread: fffff900c2d1cc20 RUNNING on processor 2
Not impersonating
DeviceMap fffff8a002fdeae0
Owning Process fffffa800fdffb30 Image: iexplore.exe
Attached Process N/A Image: N/A
Wait Start TickCount 9349 Ticks: 0
Context Switch Count 2899 IdealProcessor: 1 LargeStack
UserTime 00:00:00.124
KernelTime 00:00:00.218
Win32 Start Address 0x0000000000ba28a0
Stack Init fffff8800c5de6f0 Current fffff8800c5dde80
Base fffff8800c5df000 Limit fffff8800c5d6000 Call fffff8800c5de740
Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880`0c5dc148 fffff800`032ca769 : 00000000`0000003b 00000000`c0000005 fffff800`032f0830 fffff880`0c5dca10 : nt!KeBugCheckEx
fffff880`0c5dc150 fffff800`032ca0bc : fffff880`0c5dd1b8 fffff880`0c5dca10 00000000`00000000 fffff960`002a2490 : nt!KiBugCheckDispatch+0x69
fffff880`0c5dc290 fffff800`032f5e2d : fffff960`002f0ba0 fffff960`002c01a4 fffff960`00000000 fffff880`0c5dd1b8 : nt!KiSystemServiceHandler+0x7c
fffff880`0c5dc2d0 fffff800`032f4c05 : fffff800`03412638 fffff880`0c5dc348 fffff880`0c5dd1b8 fffff800`0324c000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0c5dc300 fffff800`03305b81 : fffff880`0c5dd1b8 fffff880`0c5dca10 fffff880`00000000 00000000`00000008 : nt!RtlDispatchException+0x415
fffff880`0c5dc9e0 fffff800`032ca842 : fffff880`0c5dd1b8 bffffa80`0888bf10 fffff880`0c5dd260 00000000`00000008 : nt!KiDispatchException+0x135
fffff880`0c5dd080 fffff800`032c914a : 00000000`00000001 fffff960`00749f85 00000000`00000001 fffff880`0c5dd480 : nt!KiExceptionDispatch+0xc2
fffff880`0c5dd260 fffff800`032f0830 : 00000000`00000001 00000000`0000001a fffff880`03565180 00000000`00000001 : nt!KiGeneralProtectionFault+0x10a (TrapFrame @ fffff880`0c5dd260)
fffff880`0c5dd3f0 fffff800`032eefef : fffffa80`0cbfb338 00000000`0000007b fffffa80`08899710 00000000`0000007b : nt!MiReplenishPageSlist+0xc0
fffff880`0c5dd460 fffff800`032db06f : 00000000`00000002 fffff880`00000002 fffff880`02791c00 00000000`00000000 : nt!MiRemoveAnyPage+0x24f
fffff880`0c5dd580 fffff800`032e81ae : 00000000`00000001 fffff900`c23d4000 fffff880`0c5dd8e0 fffff6fc`80611ea0 : nt!MiResolveDemandZeroFault+0x54f
fffff880`0c5dd670 fffff800`032d820b : fffff880`0c5dd4b0 00000000`00000064 00000000`00000064 00000000`00000000 : nt!MiDispatchFault+0x8ce
fffff880`0c5dd780 fffff800`032c92ee : 00000000`00000001 fffff900`c23d4000 00000001`00000000 fffff900`c23c6000 : nt!MmAccessFault+0xe1b
fffff880`0c5dd8e0 fffff960`000c5090 : fffff960`000b3f4e 00000202`0018002b 00000000`00000000 00000000`80000000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`0c5dd8e0)
fffff880`0c5dda78 fffff960`000b3f4e : 00000202`0018002b 00000000`00000000 00000000`80000000 fffff880`0c5ddc80 : win32k!memset+0x80
fffff880`0c5dda80 fffff960`000b5458 : fffff800`032ca453 fffff880`0c5dded8 fffff800`03383a26 fffff880`0c5ddc80 : win32k!AllocateObject+0xf2
fffff880`0c5ddac0 fffff960`000076fb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1f8
fffff880`0c5ddbb0 fffff960`00015c46 : fffff900`c23584e0 fffff900`c0000790 fffff880`0c5dde90 fffff900`c063cbe0 : win32k!psSetupTransparentSrcSurface+0x1a3
fffff880`0c5dde30 fffff960`001926f7 : fffff900`c012b010 00000000`00000000 fffff900`c063cbe0 fffff900`c063cbe0 : win32k!EngAlphaBlend+0x1de
fffff880`0c5de0f0 fffff800`032ca453 : ffffffff`9c010c51 00000000`00000014 00000000`00000000 fffff900`00000618 : win32k!NtGdiAlphaBlend+0x15ff
fffff880`0c5de4f0 00000000`7322059a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0c5de560)
00000000`0022c2a8 fffff800`032c2810 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7322059a
fffff880`0c5de740 fffff900`c084bfe0 : 00000000`000000a0 fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 : nt!KiCallUserMode
fffff880`0c5de748 00000000`000000a0 : fffffa80`0e2b07e0 fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 : 0xfffff900`c084bfe0
fffff880`0c5de750 fffffa80`0e2b07e0 : fffff960`000c60ce 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 : 0xa0
fffff880`0c5de758 fffff960`000c60ce : 00000000`00000000 fffff880`0c5dec70 00430030`003d0064 00460051`00630046 : 0xfffffa80`0e2b07e0
fffff880`0c5de760 003d006c`00720075 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!FreeObject+0x4e
fffff880`0c5de790 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x3d006c`00720075
2: kd> dt nt!_MMPFN fffff800`032f0830
+0x000 u1 : <unnamed-tag>
+0x008 u2 : <unnamed-tag>
+0x010 PteAddress : 0xfff5d8d3`850feb8b _MMPTE
+0x010 VolatilePteAddress : 0xfff5d8d3`850feb8b Void
+0x010 Lock : 0n-2062554229
+0x010 PteLong : 0xfff5d8d3`850feb8b
+0x018 u3 : <unnamed-tag>
+0x01c UsedPageTableEntries : 0x20
+0x01e VaType : 0x1 ''
+0x01f ViewCount : 0xf ''
+0x020 OriginalPte : _MMPTE
+0x020 AweReferenceCount : 0n-170333820
+0x028 u4 : <unnamed-tag>
2: kd> !pte 0xfff5d8d3`850feb8b
VA fff5d8d3850feb8b
PXE at FFFFF6FB7DBEDD88 PPE at FFFFF6FB7DBB1A70 PDE at FFFFF6FB7634E140 PTE at FFFFF6EC69C287F0
contains 0000000000000000
not valid
WARNING: noncanonical VA, accesses will fault !
Relevant parts:
Code:
4: kd> !pte 0xfff5d8d3`850feb8b
VA [COLOR=#ff0000][B]fff5d8d3850feb8b[/B][/COLOR]
PXE at FFFFF6FB7DBEDD88 PPE at FFFFF6FB7DBB1A70 PDE at FFFFF6FB7634E140 PTE at FFFFF6EC69C287F0
contains 0000000000000000
not valid
WARNING: noncanonical VA, accesses will fault !
Code:
2: kd> !pte 0xfff5d8d3`850feb8b
VA [COLOR=#ff0000][B]fff5d8d3850feb8b[/B][/COLOR]
PXE at FFFFF6FB7DBEDD88 PPE at FFFFF6FB7DBB1A70 PDE at FFFFF6FB7634E140 PTE at FFFFF6EC69C287F0
contains 0000000000000000
not valid
WARNING: noncanonical VA, accesses will fault !
Any idea why the Virtual Address in these two completely different dumps is exactly the same? Any idea what it means? Is it normal? I assume it is just some system thing which will of course be the same in each dump, or something mundane and useless like that.
Thanks a lot.