DUMP FILES
1.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
the PTE. Parameters 3/4 contain the low/high parts of the PTE.
Arg2: fffff8bffc430fd0
Arg3: c0213b00bc320000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 671
Key : Analysis.Elapsed.mSec
Value: 3798
Key : Analysis.IO.Other.Mb
Value: 21
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 25
Key : Analysis.Init.CPU.mSec
Value: 718
Key : Analysis.Init.Elapsed.mSec
Value: 179408
Key : Analysis.Memory.CommitPeak.Mb
Value: 92
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1a
Key : Bugcheck.Code.TargetModel
Value: 0x1a
Key : Failure.Bucket
Value: 0x1a_41792_nt!MiDeleteVa
Key : Failure.Hash
Value: {ad6dfca3-101b-35a8-d6e1-12de9ecbc1f5}
Key : MemoryManagement.PFN
Value: 3b00bc320
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 1a
BUGCHECK_P1: 41792
BUGCHECK_P2: fffff8bffc430fd0
BUGCHECK_P3: c0213b00bc320000
BUGCHECK_P4: 0
FILE_IN_CAB: 010725-5765-01.dmp
FAULTING_THREAD: ffffa903b871e480
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: msedge.exe
STACK_TEXT:
fffffa05`5f9ae728 fffff801`7808b7ba : 00000000`0000001a 00000000`00041792 fffff8bf`fc430fd0 c0213b00`bc320000 : nt!KeBugCheckEx
fffffa05`5f9ae730 fffff801`780236e6 : 00000000`00000000 00000000`00000000 00000000`0000023c fffff8bf`fc430fd0 : nt!MiDeleteVa+0x153a
fffffa05`5f9ae830 fffff801`780237fb : fffff8fc`00000000 ffffa903`b8a8c700 fffffa05`00000000 fffffa05`5f9aeca0 : nt!MiWalkPageTablesRecursively+0x776
fffffa05`5f9ae8d0 fffff801`780237fb : fffff8fc`7e2fff10 ffffa903`b8a8c700 fffffa05`00000001 fffffa05`5f9aecb0 : nt!MiWalkPageTablesRecursively+0x88b
fffffa05`5f9ae970 fffff801`780237fb : fffff8fc`7e2ff000 ffffa903`b8a8c700 fffffa05`00000002 fffffa05`5f9aecc0 : nt!MiWalkPageTablesRecursively+0x88b
fffffa05`5f9aea10 fffff801`780207fb : 00000000`00000000 ffffa903`b8a8c700 00000000`00000003 fffffa05`5f9aecd0 : nt!MiWalkPageTablesRecursively+0x88b
fffffa05`5f9aeab0 fffff801`7808a051 : fffffa05`5f9aec50 ffffa903`00000000 fffff8be`00000002 00000000`00000000 : nt!MiWalkPageTables+0x36b
fffffa05`5f9aebb0 fffff801`78033920 : 00000000`00000001 fffffa05`00000000 ffffa903`b8a8c550 ffffa903`b871e480 : nt!MiDeletePagablePteRange+0x4f1
fffffa05`5f9aeec0 fffff801`78490149 : ffffa903`b8b9cbc0 00000000`00000000 ffffa903`00000000 ffffa903`00000000 : nt!MiDeleteVad+0x360
fffffa05`5f9aefd0 fffff801`7845d828 : ffffa903`b8b9cbc0 ffffa903`b8a8cd20 ffffa903`b871e480 00000000`00000000 : nt!MiUnmapVad+0x49
fffffa05`5f9af000 fffff801`7845bc9f : ffffa903`b7342360 ffffa903`b7342360 ffffa903`b8b9cbc0 ffffa903`b8a8c080 : nt!MiCleanVad+0x30
fffffa05`5f9af030 fffff801`784859b8 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffffa903`b8a8c080 : nt!MmCleanProcessAddressSpace+0x137
fffffa05`5f9af0b0 fffff801`7848d52e : ffffa903`b8a8c080 ffffce88`22cd67f0 fffffa05`5f9af2d9 00000000`00000000 : nt!PspRundownSingleProcess+0x20c
fffffa05`5f9af140 fffff801`785077d8 : ffffa903`00000000 fffff801`78040801 ffffa903`00000002 000000b5`c5dc6000 : nt!PspExitThread+0x5f6
fffffa05`5f9af240 fffff801`780c874d : ffffa903`00000000 00000000`31ed9c10 00000000`407b0088 00000000`00000000 : nt!KiSchedulerApcTerminate+0x38
fffffa05`5f9af280 fffff801`78202c60 : 000000b5`ce5ff478 fffffa05`5f9af340 fffffa05`5f9af480 000000b5`ce5ff530 : nt!KiDeliverApc+0x60d
fffffa05`5f9af340 fffff801`782112df : ffffa903`b871e480 00000000`00000000 fffffa05`5f9af498 ffffffff`dc15f820 : nt!KiInitiateUserApc+0x70
fffffa05`5f9af480 00007ff8`c582d064 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
000000b5`ce5ff448 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`c582d064
SYMBOL_NAME: nt!MiDeleteVa+153a
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.3803
STACK_COMMAND: .process /r /p 0xffffa903b8a8c080; .thread 0xffffa903b871e480 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 153a
FAILURE_BUCKET_ID: 0x1a_41792_nt!MiDeleteVa
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {ad6dfca3-101b-35a8-d6e1-12de9ecbc1f5}
Followup: MachineOwner
---------
2.
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
buffer overrun.
Arg2: ffffbc8254998530, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffbc8254998488, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 718
Key : Analysis.Elapsed.mSec
Value: 733
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 171
Key : Analysis.Init.Elapsed.mSec
Value: 16247
Key : Analysis.Memory.CommitPeak.Mb
Value: 96
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Bugcheck.Code.TargetModel
Value: 0x139
Key : FailFast.Name
Value: STACK_COOKIE_CHECK_FAILURE
Key : FailFast.Type
Value: 2
Key : Failure.Bucket
Value: 0x139_MISSING_GSFRAME_dxgkrnl!_report_gsfailure
Key : Failure.Hash
Value: {1685fa82-f4b9-d129-b6b1-78c3bba339a9}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 2
BUGCHECK_P2: ffffbc8254998530
BUGCHECK_P3: ffffbc8254998488
BUGCHECK_P4: 0
FILE_IN_CAB: 010725-6281-01.dmp
FAULTING_THREAD: ffff9989d8f090c0
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
3. PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff807a9551e64, memory referenced.
Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE.
bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the processor decided the fault was due to a corrupted PTE.
bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: fffff80799139307, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Type
Value: Read
Key : Analysis.CPU.mSec
Value: 875
Key : Analysis.Elapsed.mSec
Value: 984
Key : Analysis.IO.Other.Mb
Value: 16
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 19
Key : Analysis.Init.CPU.mSec
Value: 296
Key : Analysis.Init.Elapsed.mSec
Value: 72834
Key : Analysis.Memory.CommitPeak.Mb
Value: 92
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x50
Key : Bugcheck.Code.TargetModel
Value: 0x50
Key : Failure.Bucket
Value: AV_R_(null)_bindflt!BfPreCreate
Key : Failure.Hash
Value: {850dd6b0-967c-d150-0119-f727e4394c58}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 50
BUGCHECK_P1: fffff807a9551e64
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80799139307
BUGCHECK_P4: 0
FILE_IN_CAB: 010725-7109-01.dmp
FAULTING_THREAD: ffff9302b12ea040
READ_ADDRESS: fffff807240fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
fffff807a9551e64
MM_INTERNAL_CODE: 0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: ffff8b0ef163e600 -- (.trap 0xffff8b0ef163e600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff807991392d0 rbx=0000000000000000 rcx=ffff9302c0dc58f8
rdx=fffff807a9551e4c rsi=0000000000000000 rdi=0000000000000000
rip=fffff80799139307 rsp=ffff8b0ef163e790 rbp=ffff8b0ef163e859
r8=ffff8b0ef163e810 r9=000000000000003e r10=0000fffff8079913
r11=ffff99fc66800000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
bindflt!BfPreCreate+0x37:
fffff807`99139307 488b5a18 mov rbx,qword ptr [rdx+18h] ds:fffff807`a9551e64=????????????????
Resetting default scope
STACK_TEXT:
ffff8b0e`f163e358 fffff807`23846095 : 00000000`00000050 fffff807`a9551e64 00000000`00000000 ffff8b0e`f163e600 : nt!KeBugCheckEx
ffff8b0e`f163e360 fffff807`23638cd0 : ffff8b0e`f163ebd0 00000000`00000000 ffff8b0e`f163e680 00000000`00000000 : nt!MiSystemFault+0x1ce5f5
ffff8b0e`f163e460 fffff807`2380ea6d : ffffce02`ba3d8010 00000000`00000170 ffff9302`dc043000 fffff807`2364bd39 : nt!MmAccessFault+0x400
ffff8b0e`f163e600 fffff807`99139307 : ffffffff`c38b0000 fffff807`1ff264cb 00000000`00000000 ffff9302`00000000 : nt!KiPageFault+0x36d
ffff8b0e`f163e790 ffff9302`bc043ea0 : 00000000`00000000 00000000`000a0008 fffff807`23bdb410 00000000`00000000 : bindflt!BfPreCreate+0x37
ffff8b0e`f163eb30 00000000`00000000 : 00000000`000a0008 fffff807`23bdb410 00000000`00000000 00000000`00000000 : 0xffff9302`bc043ea0
SYMBOL_NAME: bindflt!BfPreCreate+37
MODULE_NAME: bindflt
IMAGE_NAME: bindflt.sys
IMAGE_VERSION: 10.0.19041.5125
STACK_COMMAND: .process /r /p 0xffff9302aa311200; .thread 0xffff9302b12ea040 ; kb
BUCKET_ID_FUNC_OFFSET: 37
FAILURE_BUCKET_ID: AV_R_(null)_bindflt!BfPreCreate
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {850dd6b0-967c-d150-0119-f727e4394c58}
Followup: MachineOwner
---------
4. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80641053148, The address that the exception occurred at
Arg3: ffffa2073018e3f8, Exception Record Address
Arg4: ffffa2073018dc30, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 750
Key : Analysis.Elapsed.mSec
Value: 28803
Key : Analysis.IO.Other.Mb
Value: 13
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 16
Key : Analysis.Init.CPU.mSec
Value: 218
Key : Analysis.Init.Elapsed.mSec
Value: 17136
Key : Analysis.Memory.CommitPeak.Mb
Value: 101
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1000007e
Key : Bugcheck.Code.TargetModel
Value: 0x1000007e
Key : Failure.Bucket
Value: AV_nt!MmEnumerateAddressSpaceAndReferenceImages
Key : Failure.Hash
Value: {3158f380-acfe-21f7-ef14-eca155652c23}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80641053148
BUGCHECK_P3: ffffa2073018e3f8
BUGCHECK_P4: ffffa2073018dc30
FILE_IN_CAB: 010725-7281-01.dmp
FAULTING_THREAD: ffffd585e23e3080
EXCEPTION_RECORD: ffffa2073018e3f8 -- (.exr 0xffffa2073018e3f8)
ExceptionAddress: fffff80641053148 (nt!MmEnumerateAddressSpaceAndReferenceImages+0x0000000000000128)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffa2073018dc30 -- (.cxr 0xffffa2073018dc30)
rax=0000000000000000 rbx=ffffbe08f7ec8000 rcx=ffffd585e9c188e0
rdx=0000000000000003 rsi=ffffd585e9c188e0 rdi=20206f490a030000
rip=fffff80641053148 rsp=ffffa2073018e630 rbp=ffffd585e23e3080
r8=00000000ffffffff r9=7fffd585e9c152f8 r10=7ffffffffffffffc
r11=ffffd585e0650000 r12=0000000000000000 r13=ffffbe08f7ec8000
r14=ffffd585cfee9140 r15=0000000000000001
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nt!MmEnumerateAddressSpaceAndReferenceImages+0x128:
fffff806`41053148 48390f cmp qword ptr [rdi],rcx ds:002b:20206f49`0a030000=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MsMpEng.exe
READ_ADDRESS: fffff806416fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instrukce na adrese 0x%p odkazovala na adresu pam ti 0x%p. S pam t nelze prov st operaci: %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffffa207`3018e630 fffff806`41056ccb : ffffd585`d7041601 00000000`00000000 fffff806`41193201 00000000`00000001 : nt!MmEnumerateAddressSpaceAndReferenceImages+0x128
ffffa207`3018e6c0 fffff806`411934a9 : ffffd585`cfee9140 fffff806`41193201 ffffd585`cfee9140 ffffa207`3018e960 : nt!EtwpEnumerateAddressSpace+0x15f
ffffa207`3018e870 fffff806`40fe51c7 : ffffd585`cfeed140 fffff806`411932b0 ffffd585`cfee9140 ffffa207`3018ea98 : nt!EtwpProcessEnumCallback+0x1f9
ffffa207`3018e910 fffff806`41193260 : 00000000`00002000 ffffa207`3018e9b0 ffffa207`3018ea98 ffffd585`00000000 : nt!PsEnumProcesses+0x37
ffffa207`3018e940 fffff806`4119304c : 00000000`00000000 ffffa207`3018ea98 00000000`00000001 ffffd585`d70416c0 : nt!EtwpProcessThreadImageRundown+0xc0
ffffa207`3018e9d0 fffff806`41192e95 : ffffa207`3018eb20 00000000`00000000 00000000`00000017 ffffd585`d7041980 : nt!EtwpKernelTraceRundown+0x98
ffffa207`3018ea40 fffff806`41193bb3 : 27a408e6`449f6c82 44e68b61`fcf23a83 ffffd585`d70416c0 00000000`00000005 : nt!EtwpUpdateGroupMasks+0x22d
ffffa207`3018eb00 fffff806`410da3b1 : 00000000`00000017 ffffd585`00000000 ffffbe08`b9d46d00 00000000`00000017 : nt!EtwpUpdateLoggerGroupMasks+0x73
ffffa207`3018eb60 fffff806`411972b9 : ffffbe08`f25ee570 ffffbe08`f25ee624 ffffbe08`f25ee570 00000000`00000000 : nt!EtwpStartLogger+0xad9
ffffa207`3018ecd0 fffff806`41196621 : fffff806`411e3b40 ffffbe08`f5f16970 00000000`000000c0 fffff806`411e3b40 : nt!EtwStartAutoLogger+0x9f5
ffffa207`3018f480 fffff806`41197674 : 00000000`00000007 fffff806`41197550 ffffd585`bfd0a010 ffffd585`bfd0a010 : nt!PerfDiagpStartPerfDiagLogger+0xdd
ffffa207`3018f4b0 fffff806`40c171c5 : ffffd585`00000000 ffffd585`e23e3080 ffffd585`bfd0a010 ffffd585`00000000 : nt!PerfDiagpProxyWorker+0x124
ffffa207`3018f4f0 fffff806`40d5a165 : ffffd585`e23e3080 00000000`00000080 ffffd585`bfd58200 00000000`00000000 : nt!ExpWorkerThread+0x105
ffffa207`3018f590 fffff806`40e078f8 : ffff9101`4f7dc180 ffffd585`e23e3080 fffff806`40d5a110 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffa207`3018f5e0 00000000`00000000 : ffffa207`30190000 ffffa207`30189000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!MmEnumerateAddressSpaceAndReferenceImages+128
MODULE_NAME: nt
IMAGE_VERSION: 10.0.19041.5247
STACK_COMMAND: .cxr 0xffffa2073018dc30 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 128
FAILURE_BUCKET_ID: AV_nt!MmEnumerateAddressSpaceAndReferenceImages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3158f380-acfe-21f7-ef14-eca155652c23}
Followup: MachineOwner
---------
5. KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff305068f66e0, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff305068f6638, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 750
Key : Analysis.Elapsed.mSec
Value: 4272
Key : Analysis.IO.Other.Mb
Value: 4
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 5
Key : Analysis.Init.CPU.mSec
Value: 203
Key : Analysis.Init.Elapsed.mSec
Value: 26833
Key : Analysis.Memory.CommitPeak.Mb
Value: 99
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Bugcheck.Code.TargetModel
Value: 0x139
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
Key : Failure.Hash
Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffff305068f66e0
BUGCHECK_P3: fffff305068f6638
BUGCHECK_P4: 0
FILE_IN_CAB: 010725-7937-01.dmp
FAULTING_THREAD: ffffc78e13f9b0c0
TRAP_FRAME: fffff305068f66e0 -- (.trap 0xfffff305068f66e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc78e10aa69e0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffc78e2cc0d698 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80121045c47 rsp=fffff305068f6870 rbp=ffffc78e2cc0d630
r8=fffff305068f6880 r9=ffffc78e2d45d590 r10=ffffc78e2cc0d6b0
r11=fffff305068f68a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiManageSubsectionView+0x1ce4a7:
fffff801`21045c47 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff305068f6638 -- (.exr 0xfffff305068f6638)
ExceptionAddress: fffff80121045c47 (nt!MiManageSubsectionView+0x00000000001ce4a7)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - Syst m zjistil p ete en vyrovn vac pam ti zalo en na z sobn ku v t to aplikaci. Toto p ete en by mohlo umo nit kyberzlo inci z skat kontrolu nad aplikac .
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff305`068f63b8 fffff801`210131a9 : 00000000`00000139 00000000`00000003 fffff305`068f66e0 fffff305`068f6638 : nt!KeBugCheckEx
fffff305`068f63c0 fffff801`21013750 : ffffd88b`b7499000 fffff801`20e4bd39 ffffffff`ffffffff fffff305`00000034 : nt!KiBugCheckDispatch+0x69
fffff305`068f6500 fffff801`210115f2 : 00000000`00000000 ffffd88b`aac00000 00000000`00000401 ffffd88b`aac00340 : nt!KiFastFailDispatch+0xd0
fffff305`068f66e0 fffff801`21045c47 : ffffc78e`2d45d590 00000000`00000001 00000000`00000000 ffffc78e`2cc0d698 : nt!KiRaiseSecurityCheckFailure+0x332
fffff305`068f6870 fffff801`20e77730 : 0a000002`3d216863 00000000`00000000 fffff305`068f6a80 00000000`00000000 : nt!MiManageSubsectionView+0x1ce4a7
fffff305`068f68d0 fffff801`20e7712e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmMapViewInSystemCache+0x2b0
fffff305`068f6a50 fffff801`20e87f0a : 00000000`00000000 fffff801`00000000 ffffc78e`00000000 fffff305`00000000 : nt!CcGetVacbMiss+0xce
fffff305`068f6ae0 fffff801`2124ae30 : ffffc78e`00000000 00000000`00000000 fffff305`068f6c20 fffff305`068f6c30 : nt!CcGetVirtualAddress+0x33a
fffff305`068f6b80 fffff801`20e87519 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff801`20f45201 : nt!CcMapAndCopyFromCache+0x80
fffff305`068f6c20 fffff801`23210eb1 : ffffd88b`00000000 ffffd88b`00000000 ffffd88b`00000004 ffffd88b`00000000 : nt!CcCopyReadEx+0x139
fffff305`068f6cd0 fffff801`232089e7 : 00000000`0000019c fffff305`068f6f80 00000000`00000005 ffffd88b`b5bf0700 : Ntfs!NtfsCachedRead+0x17d
fffff305`068f6d40 fffff801`2320926c : ffffc78e`1c879cb8 ffffc78e`19550810 00000000`0000019c 00000000`00000000 : Ntfs!NtfsCommonRead+0x1fc7
fffff305`068f6f50 fffff801`20e4a295 : ffffc78e`15bbda60 ffffc78e`19550810 ffffc78e`19550810 ffffc78e`0757fd60 : Ntfs!NtfsFsdRead+0x1fc
fffff305`068f7020 fffff801`1d1d710f : fffff305`00000006 00000000`00000000 ffffd88b`b5bf05a0 00000000`00000000 : nt!IofCallDriver+0x55
fffff305`068f7060 fffff801`1d1d4a43 : fffff305`068f70f0 ffffc78e`0757fd60 ffffc78e`15bbdbe8 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
fffff305`068f70d0 fffff801`20e4a295 : 00000000`00000000 ffffc78e`2fc2fa00 00000000`00000000 00000000`00000000 : FLTMGR!FltpDispatch+0xa3
fffff305`068f7130 fffff801`2123260c : 00000000`00000001 ffffc78e`19550810 ffffc78e`2fc2fa00 00000000`00000001 : nt!IofCallDriver+0x55
fffff305`068f7170 fffff801`211d0bac : 00000000`00000000 fffff305`068f7500 00000000`00000000 00000000`00000000 : nt!IopSynchronousServiceTail+0x34c
fffff305`068f7210 fffff801`211f8dc8 : ffffc78e`2fc2fa00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopReadFile+0x7cc
fffff305`068f7300 fffff801`21012908 : 00000000`00000278 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x8a8
fffff305`068f7410 00007ffa`c322d5b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000ed`5b97f4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`c322d5b4
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.5247
STACK_COMMAND: .process /r /p 0xffffc78e1215d140; .thread 0xffffc78e13f9b0c0 ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
---------