Could You Debug my Crash Dump?

[The Riddler]

I got a BSOD today, and i'm dealing with it. It was Kernel_Security_Check_Failure. I debugged it with WinDbg but i did it with analyze-v! command because i'm not expert on debugging and i don't know how to use advanced commands. Its result:

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\042916-16843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10586 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10586.212.amd64fre.th2_release_sec.160328-1908
Machine Name:
Kernel base = 0xfffff800`de08f000 PsLoadedModuleList = 0xfffff800`de36dcd0
Debug session time: Fri Apr 29 10:29:52.813 2016 (UTC + 3:00)
System Uptime: 1 days 1:36:46.534
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.................................................. ............
.................................................. ..............
.............................
Loading User Symbols
Loading unloaded module list
......................
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {e, ffffd0018b37d650, ffffd0018b37d5a8, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )

Followup: MachineOwner
---------

1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000000e, Type of memory safety violation
Arg2: ffffd0018b37d650, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0018b37d5a8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10586.212.amd64fre.th2_release_sec.160328-1908

SYSTEM_MANUFACTURER: To be filled by O.E.M.

SYSTEM_PRODUCT_NAME: To be filled by O.E.M.

SYSTEM_SKU: SKU

SYSTEM_VERSION: To be filled by O.E.M.

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 2501

BIOS_DATE: 04/07/2014

BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT: M5A97 R2.0

BASEBOARD_VERSION: Rev 1.xx

DUMP_TYPE: 2

BUGCHECK_P1: e

BUGCHECK_P2: ffffd0018b37d650

BUGCHECK_P3: ffffd0018b37d5a8

BUGCHECK_P4: 0

TRAP_FRAME: ffffd0018b37d650 -- (.trap 0xffffd0018b37d650)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffecf3f9ffecf3fa rbx=0000000000000000 rcx=000000000000000e
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800de5f89e2 rsp=ffffd0018b37d7e0 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000006 r10=0000000000000000
r11=fffff800de1dd397 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt! ?? ::NNGAKEGL::`string'+0x12c92:
fffff800`de5f89e2 cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffffd0018b37d5a8 -- (.exr 0xffffd0018b37d5a8)
ExceptionAddress: fffff800de5f89e2 (nt! ?? ::NNGAKEGL::`string'+0x0000000000012c92)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000000e
Subcode: 0xe FAST_FAIL_INVALID_REFERENCE_COUNT

CPU_COUNT: 6

CPU_MHZ: db8

CPU_VENDOR: AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 2

CPU_STEPPING: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: INVALID_REFERENCE_COUNT

BUGCHECK_STR: 0x139

PROCESS_NAME: uTorrent.exe

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 000000000000000e

ANALYSIS_SESSION_HOST: DESKTOP-HH247R6

ANALYSIS_SESSION_TIME: 04-29-2016 17:35:07.0076

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff800de1dc2e9 to fffff800de1d1760

STACK_TEXT:
ffffd001`8b37d328 fffff800`de1dc2e9 : 00000000`00000139 00000000`0000000e ffffd001`8b37d650 ffffd001`8b37d5a8 : nt!KeBugCheckEx
ffffd001`8b37d330 fffff800`de1dc610 : ffffe000`00000000 ffffe000`613576b0 00000020`000003a0 000000f4`00000008 : nt!KiBugCheckDispatch+0x69
ffffd001`8b37d470 fffff800`de1db7f3 : ffffd001`8a827000 00000000`00000801 00000000`000006c0 ffffd001`00000001 : nt!KiFastFailDispatch+0xd0
ffffd001`8b37d650 fffff800`de5f89e2 : ffffd001`00000002 ffffc001`b0b93520 00000000`00000002 ffffc001`b1e51060 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffd001`8b37d7e0 fffff800`de481e91 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd001`8b37db18 : nt! ?? ::NNGAKEGL::`string'+0x12c92
ffffd001`8b37d8b0 fffff800`de481083 : ffffd001`8b37dac8 ffffd001`8b37dac8 ffffc001`b33d8200 00000000`000007ff : nt!SeCopyClientToken+0x5d
ffffd001`8b37d940 fffff800`de481440 : ffffd001`8b37dac8 00000000`00000000 ffffc001`b33d8260 ffffc001`b1e51060 : nt!SepCreateClientSecurityEx+0x133
ffffd001`8b37d9a0 fffff800`de481bf6 : ffffc001`b33d8240 ffffe000`60f33080 00000000`00000001 ffffe000`6192e840 : nt!SeCreateClientSecurity+0xb0
ffffd001`8b37da30 fffff800`de4e6d5b : 00000000`003c3000 00000000`062b0730 ffffd001`8b37db80 00000000`003c3000 : nt!AlpcpCreateSecurityContext+0x96
ffffd001`8b37da90 fffff800`de1dbfa3 : ffffe000`60f33080 00000000`6f0426d0 00000000`00000000 ffffd001`8b37db80 : nt!NtAlpcCreateSecurityContext+0x10f
ffffd001`8b37db00 00007fff`46a96024 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02b0eaa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`46a96024


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: b149bcbda74b2222ba6ac073ad6478f560342d69

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 61d0ee007850ac82400889acb935ee5f81493f91

THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c

FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff800`de1dc610 c644242000 mov byte ptr [rsp+20h],0

FAULT_INSTR_CODE: 202444c6

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiFastFailDispatch+d0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 56fa1e56

IMAGE_VERSION: 10.0.10586.212

BUCKET_ID_FUNC_OFFSET: d0

FAILURE_BUCKET_ID: 0x139_e_nt!KiFastFailDispatch

BUCKET_ID: 0x139_e_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS: 0x139_e_nt!KiFastFailDispatch

TARGET_TIME: 2016-04-29T07:29:52.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-03-29 09:19:02

BUILDDATESTAMP_STR: 160328-1908

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.212.amd64fre.th2_release_sec.160328-1908

ANALYSIS_SESSION_ELAPSED_TIME: b20

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x139_e_nt!kifastfaildispatch

FAILURE_ID_HASH: {1faaac6f-d0dd-5c78-ac77-c09952b72e7d}

Followup: MachineOwner

So, what is the exact cause of this problem and what do i have to do? I tried all known classic solutions, memtest86, stress tests, bad sector scan, sfc/ scannow command, virus scan etc etc... And none of them reports any problem. What should i do to detect and solve the problem? Would you help me?

 

[Drone]

W10 doesn't like torrents and might bsod because of them. Uninstall all torrent clients and check if it still bsods

 

[The Riddler]

W10 doesn't like torrents and might bsod because of them. Uninstall all torrent clients and check if it still bsods

I never heard of it, most people use torrent programs and i thought they cause problems as the other softwares do. I checked with Bitdefender and it never detected any malware or trojan.

 

[NdMk2o1o]

List your system specs, do you have an OC perhaps it's not quite 100% stable? can't see uTorrent causing a BSOD on it's own (and never had any issues with torrent clients on Win10 or heard that it "doesn't like them"...) do you change the settings for disk buffer/seeds, number of connected peers etc manually out of interest? looks like a kernel crash could be something to do with TCIP if you have manually changed the uTorrent settings

 

[Drone]

I never heard of it, most people use torrent programs and i thought they cause problems as the other softwares do. I checked with Bitdefender and it never detected any malware or trojan.

On some machines W10+torrent caused bsod because of network drivers.

 

[NdMk2o1o]

On some machines W10+torrent caused bsod because of network drivers.

So that's a driver issue nothing related to torrents & Windows 10 even if that is what sets it off

 

[Dethroy]

Looks like a driver issue to me.
I'd suggest running sfc.exe /scannow via command prompt and updating all your drivers and see if the problem still persists.

 

[The Riddler]

List your system specs, do you have an OC perhaps it's not quite 100% stable? can't see uTorrent causing a BSOD on it's own (and never had any issues with torrent clients on Win10 or heard that it "doesn't like them"...) do you change the settings for disk buffer/seeds, number of connected peers etc manually out of interest? looks like a kernel crash could be something to do with TCIP if you have manually changed the uTorrent settings

I have no OC on CPU and GPU. r9 380 4 gb asus, asus m5a97 r2.0, corsair 2x4 gb cl9 1600 mhz, fx-6300, crimson 15.12, windows 10, samsung 850 evo 250 gb. I didn't change any disk/buffer seeds/peers etc. all utorrent settings are on default.

I had some troubles with graphics drivers and driver BSODs when gaming and i reinstalled Windows two weeks ago. Reinstalling Windows 10 helped a bit, because clean install/uninstall amd drivers are not enough as far as my personel experiences are concerned. Then i got a crash Arkham Knight, witness and black ops 3. Witness update solved my problem, arkham knight issue never resolved and black ops 3 issues has gone after disabling all shadows(yeah, maybe this was coincidence because i didn't tested for hours(i played 1-2 hours) but i often got crashes before disabling shadows. Black Ops 3 never lasted than half an hour without black screen/video tdr BSODs before this change. Why i did this? Because witness update notes told AMD drivers had trouble with shadow depth formats and they say they solved this with the update) I am suspicious about the graphics drivers. The new drivers are worse for my machine (16.3 and 16.4) and i don't want to try them.

 

[NdMk2o1o]

When you reinstalled Windows, did you install the latest chipset and motherboard drivers from Asus or AMD or just let Windows install them/used ones from CD/DVD? am thinking it's definitely something driver related, either those or your GPU drivers, have you tried the latest GPU drivers since you reinstalled Windows?

 

[The Riddler]

When you reinstalled Windows, did you install the latest chipset and motherboard drivers from Asus or AMD or just let Windows install them/used ones from CD/DVD? am thinking it's definitely something driver related, either those or your GPU drivers, have you tried the latest GPU drivers since you reinstalled Windows?

Latest GPU drivers are worse for general stability. (All Crimson 16.xx drivers cause bigger problems on my system) I used same chipset and mobo drivers that i use since i built my rig(they didn't have any problems until this time)

Can modem settings cause this kind of issues? (some sort of security vulnerabilities?)

 

[RejZoR]

Something is causing buffer overflow. Try using Transmission QT bittorent client. It's better than uTorrent anyway and you'll see if it happens again. If it does, something is wrong with your network stack. Either some security software is causing it or it's the lack of it and you may have something nasty on your system. You could also try updating LAN/WLAN drivers...

 

[The Riddler]

I got my second BSOD today. It looks like my RAM is bad. memtest reported no problems but this tool says OK to my faulty memory stick years ago.

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C:\Windows\Minidump\043016-17296-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 10586 MP (6 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 10586.212.amd64fre.th2_release_sec.160328-1908

Machine Name:

Kernel base = 0xfffff802`c0a02000 PsLoadedModuleList = 0xfffff802`c0ce0cd0

Debug session time: Sat Apr 30 19:32:03.169 2016 (UTC + 3:00)

System Uptime: 1 days 9:01:13.891

Loading Kernel Symbols

.


Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.

Run !sym noisy before .reload to track down problems loading symbols.


..............................................................

................................................................

...............................

Loading User Symbols

Loading unloaded module list

............................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000007E, {ffffffffc0000005, fffff802c0b1973d, ffffd001f24e9198, ffffd001f24e89b0}


Probably caused by : memory_corruption ( nt!MiDemoteCombinedPte+39 )


Followup: MachineOwner

---------


1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff802c0b1973d, The address that the exception occurred at

Arg3: ffffd001f24e9198, Exception Record Address

Arg4: ffffd001f24e89b0, Context Record Address


Debugging Details:

------------------



DUMP_CLASS: 1


DUMP_QUALIFIER: 400


BUILD_VERSION_STRING: 10586.212.amd64fre.th2_release_sec.160328-1908


SYSTEM_MANUFACTURER: To be filled by O.E.M.


SYSTEM_PRODUCT_NAME: To be filled by O.E.M.


SYSTEM_SKU: SKU


SYSTEM_VERSION: To be filled by O.E.M.


BIOS_VENDOR: American Megatrends Inc.


BIOS_VERSION: 2501


BIOS_DATE: 04/07/2014


BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.


BASEBOARD_PRODUCT: M5A97 R2.0


BASEBOARD_VERSION: Rev 1.xx


DUMP_TYPE: 2


BUGCHECK_P1: ffffffffc0000005


BUGCHECK_P2: fffff802c0b1973d


BUGCHECK_P3: ffffd001f24e9198


BUGCHECK_P4: ffffd001f24e89b0


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.


FAULTING_IP:

nt!MiDemoteCombinedPte+39

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx


EXCEPTION_RECORD: ffffd001f24e9198 -- (.exr 0xffffd001f24e9198)

ExceptionAddress: fffff802c0b1973d (nt!MiDemoteCombinedPte+0x0000000000000039)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: ffffffffffffffff

Attempt to read from address ffffffffffffffff


CONTEXT: ffffd001f24e89b0 -- (.cxr 0xffffd001f24e89b0)

rax=fffff0a8dc0b07db rbx=fffdfdfdfffdfdfd rcx=0000000000000001

rdx=8000000000000000 rsi=ffffe0017e617388 rdi=fffff58010810a30

rip=fffff802c0b1973d rsp=ffffd001f24e93d0 rbp=ffffd001f24e95b0

r8=8000000000000000 r9=0000007ffffffff8 r10=0000098000000000

r11=0000058000000000 r12=0000000000000009 r13=fffff6bffefe0618

r14=fffff6bffefe0618 r15=fffffd79f9fff9d0

iopl=0 nv up ei ng nz na po nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286

nt!MiDemoteCombinedPte+0x39:

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx ds:002b:7fffffff`fffffff0=????????????????

Resetting default scope


CPU_COUNT: 6


CPU_MHZ: db8


CPU_VENDOR: AuthenticAMD


CPU_FAMILY: 15


CPU_MODEL: 2


CPU_STEPPING: 0


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT


PROCESS_NAME: svchost.exe


CURRENT_IRQL: 2


ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.


EXCEPTION_CODE_STR: c0000005


EXCEPTION_PARAMETER1: 0000000000000000


EXCEPTION_PARAMETER2: ffffffffffffffff


READ_ADDRESS: fffff802c0d80520: Unable to get MiVisibleState

ffffffffffffffff


FOLLOWUP_IP:

nt!MiDemoteCombinedPte+39

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx


BUGCHECK_STR: AV


ANALYSIS_SESSION_HOST: DESKTOP-HH247R6


ANALYSIS_SESSION_TIME: 04-30-2016 19:35:50.0067


ANALYSIS_VERSION: 10.0.10586.567 amd64fre


LAST_CONTROL_TRANSFER: from fffff802c0a4f339 to fffff802c0b1973d


STACK_TEXT:

ffffd001`f24e93d0 fffff802`c0a4f339 : ffffd001`f69af180 ffffe001`814c6580 fffdfdfd`fffdfdfd 00000000`00000d20 : nt!MiDemoteCombinedPte+0x39

ffffd001`f24e94b0 fffff802`c0a3365a : ffffe001`81429d40 ffffe001`7e617300 ffffe001`81429d40 00000000`00000000 : nt!MiAgeWorkingSet+0x1079

ffffd001`f24e9800 fffff802`c0a330ab : fffff802`00000000 ffffd001`f24e9a80 ffffd001`f24e99b0 00000000`00000000 : nt!MiTrimOrAgeWorkingSet+0x15a

ffffd001`f24e98b0 fffff802`c0aa7e0b : fffff802`00000000 00000000`00000000 00000000`00000150 00000000`00000002 : nt!MiProcessWorkingSets+0x1fb

ffffd001`f24e9a60 fffff802`c0b2819d : 00000000`ffffffff 00000000`00000005 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa7

ffffd001`f24e9b20 fffff802`c0ae5895 : ffffe001`7e73d040 00000000`00000080 fffff802`c0b2804c 00000000`00000000 : nt!KeBalanceSetManager+0x151

ffffd001`f24e9c10 fffff802`c0b49906 : fffff802`c0d1f180 ffffe001`7e73d040 fffff802`c0ae5854 00000000`00000000 : nt!PspSystemThreadStartup+0x41

ffffd001`f24e9c60 00000000`00000000 : ffffd001`f24ea000 ffffd001`f24e4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16



THREAD_SHA1_HASH_MOD_FUNC: 1b3c43f13d684d4e8c5fa1d2d299b51901f5cbc1


THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ddd6257a2cb150d296f5cb69575f67265b7795c5


THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8


FAULT_INSTR_CODE: f04a3948


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: nt!MiDemoteCombinedPte+39


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: nt


DEBUG_FLR_IMAGE_TIMESTAMP: 56fa1e56


IMAGE_VERSION: 10.0.10586.212


STACK_COMMAND: .cxr 0xffffd001f24e89b0 ; kb


IMAGE_NAME: memory_corruption


BUCKET_ID_FUNC_OFFSET: 39


FAILURE_BUCKET_ID: AV_nt!MiDemoteCombinedPte


BUCKET_ID: AV_nt!MiDemoteCombinedPte


PRIMARY_PROBLEM_CLASS: AV_nt!MiDemoteCombinedPte


TARGET_TIME: 2016-04-30T16:32:03.000Z


OSBUILD: 10586


OSSERVICEPACK: 0


SERVICEPACK_NUMBER: 0


OS_REVISION: 0


SUITE_MASK: 272


PRODUCT_TYPE: 1


OSPLATFORM_TYPE: x64


OSNAME: Windows 10


OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS


OS_LOCALE:


USER_LCID: 0


OSBUILD_TIMESTAMP: 2016-03-29 09:19:02


BUILDDATESTAMP_STR: 160328-1908


BUILDLAB_STR: th2_release_sec


BUILDOSVER_STR: 10.0.10586.212.amd64fre.th2_release_sec.160328-1908


ANALYSIS_SESSION_ELAPSED_TIME: 127d


ANALYSIS_SOURCE: KM


FAILURE_ID_HASH_STRING: km:av_nt!midemotecombinedpte


FAILURE_ID_HASH: {c577c73b-79a7-0c44-6c62-58e1d697b6d8}


Followup: MachineOwner

---------


1: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff802c0b1973d, The address that the exception occurred at

Arg3: ffffd001f24e9198, Exception Record Address

Arg4: ffffd001f24e89b0, Context Record Address


Debugging Details:

------------------



DUMP_CLASS: 1


DUMP_QUALIFIER: 400


BUILD_VERSION_STRING: 10586.212.amd64fre.th2_release_sec.160328-1908


SYSTEM_MANUFACTURER: To be filled by O.E.M.


SYSTEM_PRODUCT_NAME: To be filled by O.E.M.


SYSTEM_SKU: SKU


SYSTEM_VERSION: To be filled by O.E.M.


BIOS_VENDOR: American Megatrends Inc.


BIOS_VERSION: 2501


BIOS_DATE: 04/07/2014


BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.


BASEBOARD_PRODUCT: M5A97 R2.0


BASEBOARD_VERSION: Rev 1.xx


DUMP_TYPE: 2


BUGCHECK_P1: ffffffffc0000005


BUGCHECK_P2: fffff802c0b1973d


BUGCHECK_P3: ffffd001f24e9198


BUGCHECK_P4: ffffd001f24e89b0


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.


FAULTING_IP:

nt!MiDemoteCombinedPte+39

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx


EXCEPTION_RECORD: ffffd001f24e9198 -- (.exr 0xffffd001f24e9198)

ExceptionAddress: fffff802c0b1973d (nt!MiDemoteCombinedPte+0x0000000000000039)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: ffffffffffffffff

Attempt to read from address ffffffffffffffff


CONTEXT: ffffd001f24e89b0 -- (.cxr 0xffffd001f24e89b0)

rax=fffff0a8dc0b07db rbx=fffdfdfdfffdfdfd rcx=0000000000000001

rdx=8000000000000000 rsi=ffffe0017e617388 rdi=fffff58010810a30

rip=fffff802c0b1973d rsp=ffffd001f24e93d0 rbp=ffffd001f24e95b0

r8=8000000000000000 r9=0000007ffffffff8 r10=0000098000000000

r11=0000058000000000 r12=0000000000000009 r13=fffff6bffefe0618

r14=fffff6bffefe0618 r15=fffffd79f9fff9d0

iopl=0 nv up ei ng nz na po nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286

nt!MiDemoteCombinedPte+0x39:

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx ds:002b:7fffffff`fffffff0=????????????????

Resetting default scope


CPU_COUNT: 6


CPU_MHZ: db8


CPU_VENDOR: AuthenticAMD


CPU_FAMILY: 15


CPU_MODEL: 2


CPU_STEPPING: 0


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT


PROCESS_NAME: svchost.exe


CURRENT_IRQL: 2


ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.


EXCEPTION_CODE_STR: c0000005


EXCEPTION_PARAMETER1: 0000000000000000


EXCEPTION_PARAMETER2: ffffffffffffffff


READ_ADDRESS: fffff802c0d80520: Unable to get MiVisibleState

ffffffffffffffff


FOLLOWUP_IP:

nt!MiDemoteCombinedPte+39

fffff802`c0b1973d 48394af0 cmp qword ptr [rdx-10h],rcx


BUGCHECK_STR: AV


ANALYSIS_SESSION_HOST: DESKTOP-HH247R6


ANALYSIS_SESSION_TIME: 04-30-2016 19:35:54.0933


ANALYSIS_VERSION: 10.0.10586.567 amd64fre


LAST_CONTROL_TRANSFER: from fffff802c0a4f339 to fffff802c0b1973d


STACK_TEXT:

ffffd001`f24e93d0 fffff802`c0a4f339 : ffffd001`f69af180 ffffe001`814c6580 fffdfdfd`fffdfdfd 00000000`00000d20 : nt!MiDemoteCombinedPte+0x39

ffffd001`f24e94b0 fffff802`c0a3365a : ffffe001`81429d40 ffffe001`7e617300 ffffe001`81429d40 00000000`00000000 : nt!MiAgeWorkingSet+0x1079

ffffd001`f24e9800 fffff802`c0a330ab : fffff802`00000000 ffffd001`f24e9a80 ffffd001`f24e99b0 00000000`00000000 : nt!MiTrimOrAgeWorkingSet+0x15a

ffffd001`f24e98b0 fffff802`c0aa7e0b : fffff802`00000000 00000000`00000000 00000000`00000150 00000000`00000002 : nt!MiProcessWorkingSets+0x1fb

ffffd001`f24e9a60 fffff802`c0b2819d : 00000000`ffffffff 00000000`00000005 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa7

ffffd001`f24e9b20 fffff802`c0ae5895 : ffffe001`7e73d040 00000000`00000080 fffff802`c0b2804c 00000000`00000000 : nt!KeBalanceSetManager+0x151

ffffd001`f24e9c10 fffff802`c0b49906 : fffff802`c0d1f180 ffffe001`7e73d040 fffff802`c0ae5854 00000000`00000000 : nt!PspSystemThreadStartup+0x41

ffffd001`f24e9c60 00000000`00000000 : ffffd001`f24ea000 ffffd001`f24e4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16



THREAD_SHA1_HASH_MOD_FUNC: 1b3c43f13d684d4e8c5fa1d2d299b51901f5cbc1


THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ddd6257a2cb150d296f5cb69575f67265b7795c5


THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8


FAULT_INSTR_CODE: f04a3948


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: nt!MiDemoteCombinedPte+39


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: nt


DEBUG_FLR_IMAGE_TIMESTAMP: 56fa1e56


IMAGE_VERSION: 10.0.10586.212


STACK_COMMAND: .cxr 0xffffd001f24e89b0 ; kb


IMAGE_NAME: memory_corruption


BUCKET_ID_FUNC_OFFSET: 39


FAILURE_BUCKET_ID: AV_nt!MiDemoteCombinedPte


BUCKET_ID: AV_nt!MiDemoteCombinedPte


PRIMARY_PROBLEM_CLASS: AV_nt!MiDemoteCombinedPte


TARGET_TIME: 2016-04-30T16:32:03.000Z


OSBUILD: 10586


OSSERVICEPACK: 0


SERVICEPACK_NUMBER: 0


OS_REVISION: 0


SUITE_MASK: 272


PRODUCT_TYPE: 1


OSPLATFORM_TYPE: x64


OSNAME: Windows 10


OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS


OS_LOCALE:


USER_LCID: 0


OSBUILD_TIMESTAMP: 2016-03-29 09:19:02


BUILDDATESTAMP_STR: 160328-1908


BUILDLAB_STR: th2_release_sec


BUILDOSVER_STR: 10.0.10586.212.amd64fre.th2_release_sec.160328-1908


ANALYSIS_SESSION_ELAPSED_TIME: 13bf


ANALYSIS_SOURCE: KM


FAILURE_ID_HASH_STRING: km:av_nt!midemotecombinedpte


FAILURE_ID_HASH: {c577c73b-79a7-0c44-6c62-58e1d697b6d8}


Followup: MachineOwner

---------

 

[The Riddler]

Anyone here to help me?

 

[P4-630]

Anyone here to help me?

Did you try what the TPU members said to you?

 

[The Riddler]

Did you try what the TPU members said to you?

Yes.