New
#1
BSOD in W10 2004
I need help to find out the root cause. Windbg Output is attached.
For analysis of this file, run !analyze -v
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffffffffffffc, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8073a83e8c5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3218
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 33655
Key : Analysis.Init.CPU.mSec
Value: 1030
Key : Analysis.Init.Elapsed.mSec
Value: 8674
Key : Analysis.Memory.CommitPeak.Mb
Value: 105
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 50
BUGCHECK_P1: fffffffffffffffc
BUGCHECK_P2: 0
BUGCHECK_P3: fffff8073a83e8c5
BUGCHECK_P4: 2
READ_ADDRESS: fffff8073aefb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
fffffffffffffffc
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Registry
TRAP_FRAME: ffffb809b8a06b70 -- (.trap 0xffffb809b8a06b70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffff850447e7c99c rsi=0000000000000000 rdi=0000000000000000
rip=fffff8073a83e8c5 rsp=ffffb809b8a06d00 rbp=0000000000000530
r8=00000000ffff8c04 r9=ffffb809b8a06d80 r10=0000000080472870
r11=0000000000000870 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!CmpFindMatchingDescriptorCell+0x5d:
fffff807`3a83e8c5 44397b04 cmp dword ptr [rbx+4],r15d ds:00000000`00000004=????????
Resetting default scope
STACK_TEXT:
ffffb809`b8a068c8 fffff807`3a64a56f : 00000000`00000050 ffffffff`fffffffc 00000000`00000000 ffffb809`b8a06b70 : nt!KeBugCheckEx
ffffb809`b8a068d0 fffff807`3a49f390 : 00000000`0000000c 00000000`00000000 ffffb809`b8a06bf0 00000000`00000000 : nt!MiSystemFault+0x18d1bf
ffffb809`b8a069d0 fffff807`3a60545e : ffff8504`3823e9f0 00000000`00000000 00000000`00000000 ffff8504`4d14f9b0 : nt!MmAccessFault+0x400
ffffb809`b8a06b70 fffff807`3a83e8c5 : ffff8504`47e7c8c0 ffff8504`45567874 ffffb809`b8a06da0 fffff807`3aa7888c : nt!KiPageFault+0x35e
ffffb809`b8a06d00 fffff807`3a83e737 : ffff8504`38e27000 ffffb809`b8a06da0 ffff8504`00000001 00000000`80472870 : nt!CmpFindMatchingDescriptorCell+0x5d
ffffb809`b8a06d50 fffff807`3aa6e432 : 00000000`00000001 00000000`00000000 ffff8504`45567874 ffffb809`b8a077a0 : nt!CmpGetSecurityDescriptorNode+0x73
ffffb809`b8a06db0 fffff807`3a89d47a : ffffbc06`d3af4380 00000000`00000000 00000000`00000000 fffff807`00000000 : nt!CmpAssignSecurityDescriptor+0x1a
ffffb809`b8a06df0 fffff807`3a7f00df : ffffb809`b8a07080 ffff8504`4c0f7901 ffffbc07`09057a30 ffffb809`b8a07120 : nt!CmpCreateChild+0x482
ffffb809`b8a06f20 fffff807`3a7ee323 : 00000001`0000001a ffffb809`b8a07270 ffffb809`b8a07228 ffffbc07`09057a30 : nt!CmpDoParseKey+0xeef
ffffb809`b8a071c0 fffff807`3a7f23ee : fffff807`3a7ee001 00000000`00000000 ffffbc07`09057a30 00000000`00000001 : nt!CmpParseKey+0x2c3
ffffb809`b8a07360 fffff807`3a8948aa : ffffbc07`09057a00 ffffb809`b8a075c8 ffffbc07`00000040 ffffbc06`d3af4380 : nt!ObpLookupObjectName+0x3fe
ffffb809`b8a07530 fffff807`3a89468c : ffffbc07`00000000 00000000`00000000 0000005b`164fcff8 ffffbc06`d3af4380 : nt!ObOpenObjectByNameEx+0x1fa
ffffb809`b8a07660 fffff807`3a8523f9 : 00000000`00000000 ffffb809`b8a07a80 0000005b`164fcc08 fffff807`3a7f5f00 : nt!ObOpenObjectByName+0x5c
ffffb809`b8a076b0 fffff807`3a851f9e : ffffe7f9`379fea79 00000000`00000000 00000000`00000000 0000005b`164fcbf8 : nt!CmCreateKey+0x449
ffffb809`b8a07940 fffff807`3a608cb5 : 00000000`00000000 00007ffc`99730000 00000000`00000000 0000005b`164fd008 : nt!NtCreateKey+0x2e
ffffb809`b8a07990 00007ffc`9bd0d114 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000005b`164fcb98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`9bd0d114
SYMBOL_NAME: nt!CmpFindMatchingDescriptorCell+5d
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.1348
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5d
FAILURE_BUCKET_ID: AV_R_INVALID_nt!CmpFindMatchingDescriptorCell
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {b79bba7b-0721-75dc-5e27-364764c5c333}
Followup: MachineOwner