Skip to content

Instantly share code, notes, and snippets.

@fantasticmao
Last active May 19, 2024 19:37
Show Gist options
  • Save fantasticmao/fc0f31574f952991e52aa4775486212e to your computer and use it in GitHub Desktop.
Save fantasticmao/fc0f31574f952991e52aa4775486212e to your computer and use it in GitHub Desktop.
Windows 10 蓝屏 WinDbg 分析
BugCheckCode Count Reference
KERNEL_DATA_INPAGE_ERROR 4 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0x7a--kernel-data-inpage-error
INTERNAL_POWER_ERROR 1 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0xa0--internal-power-error
SYSTEM_SERVICE_EXCEPTION 2 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception
CRITICAL_PROCESS_DIED 2 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0xef--critical-process-died
DRIVER_VERIFIER_DETECTED_VIOLATION 1 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0xc4--driver-verifier-detected-violation
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.016 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.234 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\Downloads\101523-16593-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff804`2b000000 PsLoadedModuleList = 0xfffff804`2bc2a360
Debug session time: Sun Oct 15 21:36:44.216 2023 (UTC + 8:00)
System Uptime: 3 days 18:49:35.563
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
.......................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00c50018). Type ".hh dbgerr001" for details
Loading unloaded module list
..............................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff804`2b3fd640 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef89`8a1df420=000000000000007a
13: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: ffffa901cb7e60f0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 000000049a41a860, current process (virtual address for lock type 3, or PTE)
Arg4: ffffbde3e775ea7c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1530
Key : Analysis.Elapsed.mSec
Value: 10197
Key : Analysis.IO.Other.Mb
Value: 2
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 8
Key : Analysis.Init.CPU.mSec
Value: 562
Key : Analysis.Init.Elapsed.mSec
Value: 14768
Key : Analysis.Memory.CommitPeak.Mb
Value: 94
Key : Bugcheck.Code.LegacyAPI
Value: 0x7a
Key : Bugcheck.Code.TargetModel
Value: 0x7a
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!xxxSysCommand
Key : Failure.Hash
Value: {cf051631-6699-7545-1a6d-26352adf133a}
BUGCHECK_CODE: 7a
BUGCHECK_P1: ffffa901cb7e60f0
BUGCHECK_P2: ffffffffc0000185
BUGCHECK_P3: 49a41a860
BUGCHECK_P4: ffffbde3e775ea7c
FILE_IN_CAB: 101523-16593-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
ERROR_CODE: (NTSTATUS) 0xc0000185 - I/O I/O
DISK_HARDWARE_ERROR: There was error with disk hardware
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXDISK: 1
DISKSEC_ORG_ID:
DISKSEC_MODEL:
DISKSEC_MANUFACTURING_ID:
DISKSEC_ISSUE_DESC_STR:
DISKSEC_TOTAL_SIZE: 0
DISKSEC_REASON: 0
DISKSEC_PUBLIC_TOTAL_SECTION_SIZE: 0
DISKSEC_PUBLIC_OFFSET: 0
DISKSEC_PUBLIC_DATA_SIZE: 0
DISKSEC_PRIVATE_TOTAL_SECTION_SIZE: 0
DISKSEC_PRIVATE_OFFSET: 0
DISKSEC_PRIVATE_DATA_SIZE: 0
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: explorer.exe
TRAP_FRAME: ffffef898a1df7c0 -- (.trap 0xffffef898a1df7c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000f090 rbx=0000000000000000 rcx=ffffbd95c0839d20
rdx=000000000000f100 rsi=0000000000000000 rdi=0000000000000000
rip=ffffbde3e775ea7c rsp=ffffef898a1df958 rbp=ffffef898a1dfa19
r8=0000000000000000 r9=0000000000000000 r10=0000000000000400
r11=ffffef898a1dfce0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32kfull!xxxMNStartMenuState:
ffffbde3`e775ea7c 48895c2408 mov qword ptr [rsp+8],rbx ss:0018:ffffef89`8a1df960=0000000000000fff
Resetting default scope
STACK_TEXT:
ffffef89`8a1df418 fffff804`2b2957c9 : 00000000`0000007a ffffa901`cb7e60f0 ffffffff`c0000185 00000004`9a41a860 : nt!KeBugCheckEx
ffffef89`8a1df420 fffff804`2b294c45 : ffffef89`00008000 ffffef89`8a1df500 ffffef89`8a1df5b0 fffff804`00000000 : nt!MiWaitForInPageComplete+0x7d9
ffffef89`8a1df510 fffff804`2b230798 : 00000000`c0033333 00000000`00000000 ffffbde3`e775ea7c 00000000`00000000 : nt!MiIssueHardFault+0x3c5
ffffef89`8a1df620 fffff804`2b40d1d8 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!MmAccessFault+0x468
ffffef89`8a1df7c0 ffffbde3`e775ea7c : ffffbde3`e766bcaa 00000000`00000fff ffffef89`8a1dfd90 00000000`8a1dfa70 : nt!KiPageFault+0x358
ffffef89`8a1df958 ffffbde3`e766bcaa : 00000000`00000fff ffffef89`8a1dfd90 00000000`8a1dfa70 fffff804`2b31d8e0 : win32kfull!xxxMNStartMenuState
ffffef89`8a1df960 ffffbde3`e756dd89 : ffffef89`8a1dfc50 00000000`00000000 00000000`00000000 00000000`00000000 : win32kfull!xxxSysCommand+0x756
ffffef89`8a1dfa80 ffffbde3`e756d346 : 00000000`00000000 ffff8003`00000000 00000000`00000002 00000000`00000003 : win32kfull!xxxRealDefWindowProc+0x931
ffffef89`8a1dfc50 ffffbde3`e76377bc : 00000000`00000112 ffffbd95`c0839d20 00000000`0000029e 00000000`00000000 : win32kfull!xxxWrapRealDefWindowProc+0x66
ffffef89`8a1dfcc0 ffffbde3`e762ee6d : 00000000`00000001 00000000`0001014c 00000000`0af8f1a8 00000000`00000112 : win32kfull!NtUserfnDWORD+0x2c
ffffef89`8a1dfd00 ffffbde3`e6cd6eb5 : ffff8003`8e3575c0 ffffef89`8a1dfec0 00000000`0af8f1a8 00000000`00000002 : win32kfull!NtUserMessageCall+0x11d
ffffef89`8a1dfd80 fffff804`2b410ef5 : 00000000`00000008 ffffbde3`e7570816 00000000`00000001 00000000`00000000 : win32k!NtUserMessageCall+0x3d
ffffef89`8a1dfdd0 00007ffd`4a281124 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`0af8f188 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`4a281124
SYMBOL_NAME: win32kfull!xxxSysCommand+756
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
IMAGE_VERSION: 10.0.19041.3570
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 756
FAILURE_BUCKET_ID: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!xxxSysCommand
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {cf051631-6699-7545-1a6d-26352adf133a}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.015 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\Downloads\102323-11343-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`38c00000 PsLoadedModuleList = 0xfffff800`3982a360
Debug session time: Mon Oct 23 22:48:33.428 2023 (UTC + 8:00)
System Uptime: 0 days 0:24:38.079
Loading Kernel Symbols
...............................................................
................................................................
......
Loading User Symbols
Loading unloaded module list
...
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`38ffd640 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb581`3c04f7e0=00000000000000a0
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 00000000000000f0, The system failed to complete(suspend) a power transition in a timely manner.
Arg2: 0000000000000000, The system power state in transition.
Arg3: 0000000000000009, The sleep checkpoint most recently reached.
Arg4: ffff8f07298ec040, A pointer to the thread currently processing the request.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1343
Key : Analysis.Elapsed.mSec
Value: 6831
Key : Analysis.IO.Other.Mb
Value: 1
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 4
Key : Analysis.Init.CPU.mSec
Value: 358
Key : Analysis.Init.Elapsed.mSec
Value: 21594
Key : Analysis.Memory.CommitPeak.Mb
Value: 86
Key : Bugcheck.Code.LegacyAPI
Value: 0xa0
Key : Bugcheck.Code.TargetModel
Value: 0xa0
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0xa0_f0_nt!KiSwapContext
Key : Failure.Hash
Value: {168f8d2f-e77e-7dcf-020c-035a9129b0ab}
BUGCHECK_CODE: a0
BUGCHECK_P1: f0
BUGCHECK_P2: 0
BUGCHECK_P3: 9
BUGCHECK_P4: ffff8f07298ec040
FILE_IN_CAB: 102323-11343-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffff8f07298ec040
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffb581`3c264390 fffff800`38e1bca0 : ffffa581`00000000 00000000`00000000 ffffb581`00000000 00000000`00000002 : nt!KiSwapContext+0x76
ffffb581`3c2644d0 fffff800`38e1b1cf : 3ffbfffd`00000008 00000000`00000001 ffffb581`3c264690 ffffb581`00000000 : nt!KiSwapThread+0x500
ffffb581`3c264580 fffff800`38e1aa73 : ffff8f07`00000000 fffff800`00000000 ffffb581`3c264800 ffff8f07`298ec180 : nt!KiCommitThreadWait+0x14f
ffffb581`3c264620 fffff800`3ba738b8 : ffffb581`3c264c38 00000000`00000000 ffff8f07`32383d00 00000000`00004000 : nt!KeWaitForSingleObject+0x233
ffffb581`3c264710 fffff800`3ba5ce2f : ffff8f07`ffffffff ffff8f07`32383d68 ffffb581`3c264860 ffffffff`fa0a1f00 : Ntfs!NtfsWaitOnIo+0x84
ffffb581`3c264760 fffff800`3ba6a5f8 : 00000000`00000028 ffff8f07`32383fc0 ffff8f07`317dc1a0 00000000`00000000 : Ntfs!NtfsNonCachedIo+0x9bf
ffffb581`3c2649f0 fffff800`3ba6ed02 : ffff8f07`32383d68 ffff8f07`34c19770 ffff8f07`3166ad30 00000000`00003000 : Ntfs!NtfsNonCachedUsaWrite+0x10c
ffffb581`3c264ab0 fffff800`3ba6b123 : ffff8f07`32383d68 ffff8f07`34c19770 ffffb581`3c266248 00000000`00000000 : Ntfs!NtfsCommonWrite+0x3772
ffffb581`3c264d00 fffff800`38e10665 : ffff8f07`327e38a0 ffff8f07`34c19770 ffff8f07`34c19770 ffff8f07`31652d60 : Ntfs!NtfsFsdWrite+0x1d3
ffffb581`3c264dd0 fffff800`3580710f : 00000000`00000005 00000000`00000000 00000000`00000508 fffff800`395b8074 : nt!IofCallDriver+0x55
ffffb581`3c264e10 fffff800`35804a43 : ffffb581`3c264ea0 00000001`337f0b6b 00000000`0000000f 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffffb581`3c264e80 fffff800`38e10665 : ffff8f07`34c19770 fffff800`38e106a7 00000000`0000000f ffffcb86`46a75200 : FLTMGR!FltpDispatch+0xa3
ffffb581`3c264ee0 fffff800`38eea533 : ffff8f07`316d1a30 ffff8f07`34c19770 ffff8f07`315ed7a0 ffffb581`3c2651b0 : nt!IofCallDriver+0x55
ffffb581`3c264f20 fffff800`38ee8c6e : ffffcb86`4593cd20 00000000`0000000c ffffb581`3c265170 fffff800`3bb5c2d1 : nt!IoSynchronousPageWriteEx+0x13b
ffffb581`3c264f60 fffff800`3ba65f88 : ffffcb86`46a752c8 fffff800`3ba65f2f 00000000`00000000 00000000`00000000 : nt!IoSynchronousPageWrite+0x1e
ffffb581`3c264fb0 fffff800`3ba65195 : 00000001`337f0b6b 00000000`00003000 00000000`00000000 00000000`00000000 : Ntfs!LfsFlushHeadOfTheLog+0x4c
ffffb581`3c264ff0 fffff800`3ba649a5 : ffffcb86`4593cd20 00000001`337f0b6b ffff8f07`317ebd00 ffffb581`3c265301 : Ntfs!LfsFlushLfcb+0x7d5
ffffb581`3c265210 fffff800`38e72228 : ffffb581`3c265320 ffffcb86`4593cd20 00000000`00000000 00000000`00000001 : Ntfs!LfsFlushLfcbCallout+0x25
ffffb581`3c265240 fffff800`38e7219d : fffff800`3ba64980 ffffb581`3c265320 00000000`00000000 00000000`00000010 : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffb581`3c2652b0 fffff800`3ba647e0 : 00000000`00000001 00000000`00000000 ffffcb86`4593cd20 00000000`0000000c : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffb581`3c2652f0 fffff800`3bb6d8d2 : 00000001`00000000 00000000`00000000 00000000`00000000 ffffcb86`46cec1b8 : Ntfs!LfsFlushLfcbOnNewStack+0x58
ffffb581`3c265350 fffff800`3bb6d72d : 00000001`337f0b6b ffffb581`3c2656c0 00000000`00001000 00000001`337f0b6b : Ntfs!LfsFlushToLsnPriv+0x14a
ffffb581`3c2653f0 fffff800`3ba6ee22 : ffffcb86`4698b9e0 00000001`337f0b6b ffff8f07`317ebd78 00000000`00001000 : Ntfs!LfsFlushToLsnWithoutDiskCacheFlush+0xa9
ffffb581`3c265440 fffff800`3ba6b123 : ffff8f07`317ebd78 ffff8f07`31755290 ffffb581`3c266248 00000000`00000000 : Ntfs!NtfsCommonWrite+0x3892
ffffb581`3c265690 fffff800`38e10665 : ffff8f07`327cbab0 ffff8f07`31755290 ffff8f07`31755290 ffff8f07`31652d60 : Ntfs!NtfsFsdWrite+0x1d3
ffffb581`3c265760 fffff800`3580710f : 00000000`00000005 00000000`00000000 00000000`00000508 fffff800`395b8074 : nt!IofCallDriver+0x55
ffffb581`3c2657a0 fffff800`35804a43 : ffffb581`3c265830 ffffb581`3c265aa0 00000000`0000000f ffffb581`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffffb581`3c265810 fffff800`38e10665 : ffff8f07`31755290 fffff800`38e106a7 00000000`0000000f 00000000`00000000 : FLTMGR!FltpDispatch+0xa3
ffffb581`3c265870 fffff800`38eea533 : ffffb581`3c265aa0 ffff8f07`31755290 ffff8f07`2b2a0bd0 ffffb581`3c265930 : nt!IofCallDriver+0x55
ffffb581`3c2658b0 fffff800`38f3b518 : 00000000`00000000 ffffb581`3c265950 ffff8f07`2b2a0bd0 fffff800`38e59045 : nt!IoSynchronousPageWriteEx+0x13b
ffffb581`3c2658f0 fffff800`38e3dd72 : 00000000`00000011 ffffcb86`45adb010 00000000`00000000 00000000`00000000 : nt!MiIssueSynchronousFlush+0x70
ffffb581`3c265970 fffff800`38efed45 : ffffb581`3c265cb0 ffffb581`3c265f18 ffff8f07`2b2a0bd0 00000000`00000000 : nt!MiFlushSectionInternal+0x862
ffffb581`3c265c40 fffff800`38e5895d : 00000000`00000000 ffff8f07`298ec040 00000000`00001000 00000000`00000000 : nt!MmFlushSection+0x155
ffffb581`3c265cf0 fffff800`38efe80f : ffff8f07`2b2a0398 00000000`00000000 ffff8f07`00000000 00000000`00000000 : nt!CcFlushCachePriv+0x6cd
ffffb581`3c265e40 fffff800`3bb5d7c5 : 00000000`00000005 00000000`00000000 00000000`00000000 ffffcb86`46cec170 : nt!CcCoherencyFlushAndPurgeCache+0x6f
ffffb581`3c265e90 fffff800`3bb5d4db : ffffcb86`46cec170 00000000`00000000 ffffcb86`46cec000 ffff8f07`31713d78 : Ntfs!NtfsCoherencyFlushAndPurgeCache+0x55
ffffb581`3c265ed0 fffff800`3bb5d8a5 : ffffcb86`46cec170 ffffcb86`46cec170 ffffcb86`46cec170 ffffcb86`46cec010 : Ntfs!NtfsFlushUserStream+0xdf
ffffb581`3c265f60 fffff800`3bb62356 : ffffcb86`46cec170 ffffcb86`46cec170 00000000`00000000 fffff800`38e16e94 : Ntfs!NtfsPerformOptimisticFlush+0xa1
ffffb581`3c265fb0 fffff800`3bb62ea9 : ffff8f07`31713d78 ffff8f07`34c41a20 ffff8f07`31713d01 ffffb581`3c2661e0 : Ntfs!NtfsCommonFlushBuffers+0x1c2
ffffb581`3c2660d0 fffff800`38e72228 : ffffb581`3c2661e0 ffff8f07`31713d78 00000000`00000000 ffff8f07`34c41a20 : Ntfs!NtfsCommonFlushBuffersCallout+0x19
ffffb581`3c266100 fffff800`38e7219d : fffff800`3bb62e90 ffffb581`3c2661e0 00000000`00000000 ffff8f07`317dc1a0 : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffb581`3c266170 fffff800`3bba454b : 00000000`00000000 ffff8f07`323fb0e0 ffffb581`3c268000 00000000`00000310 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffb581`3c2661b0 fffff800`3bba4475 : 00000000`00000000 ffff8f07`2c8fe880 ffffb581`3c266248 00000000`00000000 : Ntfs!NtfsCommonFlushBuffersOnNewStack+0x67
ffffb581`3c266220 fffff800`38e10665 : ffff8f07`327cbab0 ffff8f07`34c41a20 ffff8f07`31713d78 ffffb581`3c266248 : Ntfs!NtfsFsdFlushBuffers+0xe5
ffffb581`3c266290 fffff800`3580710f : 00000000`00000005 00000000`00000000 00000000`00000000 fffff800`398ed601 : nt!IofCallDriver+0x55
ffffb581`3c2662d0 fffff800`35804a43 : ffffb581`3c266360 ffff8f07`31652d60 00000000`00000001 ffff8f07`314cea40 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffffb581`3c266340 fffff800`38e10665 : 00000000`00000002 fffff800`398ed600 ffffb581`00000000 00000000`00000020 : FLTMGR!FltpDispatch+0xa3
ffffb581`3c2663a0 fffff800`3920142c : 00000000`00000000 ffff8f07`323fb0e0 ffff8f07`323fb0e0 ffffb581`00000000 : nt!IofCallDriver+0x55
ffffb581`3c2663e0 fffff800`392dc4e9 : ffff8f07`00000000 ffffb581`3c2665d0 00000000`00000000 ffff8f07`323fb0e0 : nt!IopSynchronousServiceTail+0x34c
ffffb581`3c266480 fffff800`392dc2d6 : ffff8f07`298ec040 ffffffff`8000040c ffff8f07`31652d60 ffffffff`00000000 : nt!NtFlushBuffersFileEx+0x1f9
ffffb581`3c266510 fffff800`39010ef5 : 00000000`00000000 ffffb581`3c266a00 00000000`00000000 ffffffff`ffffffff : nt!NtFlushBuffersFile+0x16
ffffb581`3c266550 fffff800`39002220 : fffff800`39388d12 00000000`00000000 ffffb581`3c2668c8 ffffb581`3c2668d8 : nt!KiSystemServiceCopyEnd+0x25
ffffb581`3c2666e8 fffff800`39388d12 : 00000000`00000000 ffffb581`3c2668c8 ffffb581`3c2668d8 00000000`000000c0 : nt!KiServiceLinkage
ffffb581`3c2666f0 fffff800`39388ac3 : 00000000`0000000f 00000000`00000007 fffff800`398ed630 ffffb581`3c266a00 : nt!RtlpGetSetBootStatusData+0x1b2
ffffb581`3c266790 fffff800`3937dc3d : ffffb581`3c266a9c ffffb581`3c266a9c ffffffff`8000040c fffff800`39015490 : nt!RtlGetSetBootStatusData+0xd3
ffffb581`3c2668c0 fffff800`3924dffc : ffffb581`3c2673d0 00000000`00000000 00000000`00000000 ffffcb86`4910a101 : nt!PopBootStatSet+0x1b5
ffffb581`3c266950 fffff800`3924b432 : 00000000`00000020 fffff800`38e1fe0e ffff8f07`298ec040 ffffcb86`4584c940 : nt!PopPowerInformationInternal+0x348
ffffb581`3c266a40 fffff800`39010ef5 : ffff8f07`29698180 ffff8f07`298ec040 ffffcb86`49160110 00000000`00000444 : nt!NtPowerInformation+0x632
ffffb581`3c267190 fffff800`39002220 : fffff800`3939662b ffff8f07`32432a50 00000000`00040086 ffffb581`3c267300 : nt!KiSystemServiceCopyEnd+0x25
ffffb581`3c267398 fffff800`3939662b : ffff8f07`32432a50 00000000`00040086 ffffb581`3c267300 ffff8f07`32432770 : nt!KiServiceLinkage
ffffb581`3c2673a0 fffff800`393965dd : ffff8f07`298ec690 fffff800`38e1fe0e ffff8f07`298ec040 fffff800`394e4d50 : nt!RtlpSystemBootStatusRequest+0x3f
ffffb581`3c267400 fffff800`38ff780d : fffff800`398250f0 fffff800`00000000 ffff8f07`00000000 ffffb581`3c267678 : nt!RtlSetSystemBootStatus+0x2d
ffffb581`3c267450 fffff800`39374ffc : 00000000`00000000 ffffb581`3c2676e8 00000000`00000001 fffff800`38f5807c : nt!PopBsdHandleRequest+0x25
ffffb581`3c267480 fffff800`395974b3 : 00000000`00000000 fffff800`38f3bcfc ffffb581`3c267600 ffffb581`3c2675a0 : nt!PopRecordSleepCheckpoint+0x24
ffffb581`3c2674b0 fffff800`39374ccf : ffffb581`3c267600 ffffb581`3c2674f8 ffffb581`3c2674f8 00000000`0000000d : nt!PopCheckpointSystemSleep+0x2f
ffffb581`3c2674f0 fffff800`39595318 : ffffb581`3c267600 00000000`00000000 fffff9bc`0085c388 00000000`00000000 : nt!PopNotifyCallbacksPreSleep+0x43
ffffb581`3c267520 fffff800`3959cf8c : 00000000`00000000 00000000`00000006 00000000`00000005 fffff800`00000000 : nt!PopTransitionSystemPowerStateEx+0x224
ffffb581`3c2675e0 fffff800`39010ef5 : ffffb581`3c2677d8 fffff9bc`0085c088 00000000`00000000 fffff800`39389dc5 : nt!NtSetSystemPowerState+0x4c
ffffb581`3c2677c0 fffff800`39002220 : fffff800`3943d9c3 00000000`00000014 ffffffff`ffffff00 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
ffffb581`3c267958 fffff800`3943d9c3 : 00000000`00000014 ffffffff`ffffff00 00000000`00000000 fffff800`398238a0 : nt!KiServiceLinkage
ffffb581`3c267960 fffff800`39373f39 : 00000000`00000000 ffff8f07`2969ea20 00000000`00000000 00000000`00000000 : nt!PopIssueActionRequest+0xc996b
ffffb581`3c267a00 fffff800`38f502d4 : 00000000`00000001 00000000`00000000 ffffffff`ffffffff fffff800`39823900 : nt!PopPolicyWorkerAction+0x79
ffffb581`3c267a70 fffff800`38e50545 : ffff8f07`00000001 ffff8f07`298ec040 fffff800`38f50240 ffff8f07`00000000 : nt!PopPolicyWorkerThread+0x94
ffffb581`3c267ab0 fffff800`38f0e6f5 : ffff8f07`298ec040 00000000`00000080 ffff8f07`29698180 00000000`00000000 : nt!ExpWorkerThread+0x105
ffffb581`3c267b50 fffff800`39006278 : ffffa581`6dbc0180 ffff8f07`298ec040 fffff800`38f0e6a0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffb581`3c267ba0 00000000`00000000 : ffffb581`3c268000 ffffb581`3c261000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!KiSwapContext+76
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3570
STACK_COMMAND: .process /r /p 0xffff8f0729698180; .thread 0xffff8f07298ec040 ; kb
BUCKET_ID_FUNC_OFFSET: 76
FAILURE_BUCKET_ID: 0xa0_f0_nt!KiSwapContext
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {168f8d2f-e77e-7dcf-020c-035a9129b0ab}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.015 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2023-11-18.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff800`20c00000 PsLoadedModuleList = 0xfffff800`2182a360
Debug session time: Sat Nov 18 22:38:02.060 2023 (UTC + 8:00)
System Uptime: 4 days 22:50:22.501
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
PEB address is NULL !
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`20ffd640 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffbd86`2494db90=000000000000003b
15: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000006, Exception code that caused the BugCheck
Arg2: fffff800212b6b91, Address of the instruction which caused the BugCheck
Arg3: ffffbd862494e490, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2827
Key : Analysis.Elapsed.mSec
Value: 3655
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 405
Key : Analysis.Init.Elapsed.mSec
Value: 3552
Key : Analysis.Memory.CommitPeak.Mb
Value: 93
Key : Bugcheck.Code.LegacyAPI
Value: 0x3b
Key : Bugcheck.Code.TargetModel
Value: 0x3b
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x3B_C0000006_nt!HvpGetCellPaged
Key : Failure.Hash
Value: {68f3db38-ae8e-4bae-c37a-85819946495f}
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000006
BUGCHECK_P2: fffff800212b6b91
BUGCHECK_P3: ffffbd862494e490
BUGCHECK_P4: 0
FILE_IN_CAB: 2023-11-18.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
CONTEXT: ffffbd862494e490 -- (.cxr 0xffffbd862494e490)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000007
rdx=000000000000001c rsi=ffffbd862494f210 rdi=ffffbd862494ef10
rip=fffff800212b6b91 rsp=ffffbd862494ee90 rbp=ffffbd862494efc9
r8=ffffa906b02cf5c0 r9=0000021293944870 r10=0000000000000870
r11=0000000003a03870 r12=00000000486e3443 r13=ffffbd862494f170
r14=00000000000001ad r15=0000021293968024
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202
nt!HvpGetCellPaged+0xc1:
fffff800`212b6b91 418b01 mov eax,dword ptr [r9] ds:002b:00000212`93944870=????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 18
PROCESS_NAME: Registry
STACK_TEXT:
ffffbd86`2494ee90 fffff800`212463ef : 00000000`00000000 00000000`c0000034 ffffbd86`2494f170 ffffbd86`2494f210 : nt!HvpGetCellPaged+0xc1
ffffbd86`2494eed0 fffff800`21215f60 : 00000001`ffffffff 00000000`ede15816 00000000`000001ad 00000000`ede15816 : nt!CmpDoCompareKeyName+0x3f
ffffbd86`2494ef10 fffff800`2120afc9 : ffff958e`ad3b9170 00000000`00000004 ffffbd86`2494f110 ffffbd86`2494f190 : nt!CmpWalkOneLevel+0x700
ffffbd86`2494f010 fffff800`2120a4e3 : ffffa906`0000001c ffffbd86`2494f360 ffffbd86`2494f318 ffffa906`b137eab0 : nt!CmpDoParseKey+0x849
ffffbd86`2494f2b0 fffff800`21206647 : fffff800`2120a201 ffff958e`00000000 ffffa906`b137eab0 00000000`00000001 : nt!CmpParseKey+0x2c3
ffffbd86`2494f450 fffff800`211fd5fa : ffffa906`b137ea01 ffffbd86`2494f6b8 00000000`00000040 ffffa906`9cb804e0 : nt!ObpLookupObjectName+0x1117
ffffbd86`2494f620 fffff800`211fd3dc : 00000000`00000000 00000000`00000000 00000000`00000000 ffffa906`9cb804e0 : nt!ObOpenObjectByNameEx+0x1fa
ffffbd86`2494f750 fffff800`211fcd21 : 00000000`0a70cd50 ffffbd86`2494fac0 00000000`00000001 fffff800`20e204de : nt!ObOpenObjectByName+0x5c
ffffbd86`2494f7a0 fffff800`211fca4f : 00000000`0000000f ffffa906`b54fa3e0 00000000`0989b970 00000000`1b4da840 : nt!CmOpenKey+0x2c1
ffffbd86`2494fa00 fffff800`21010ef5 : ffffa906`b02cf5c0 ffffa906`af3a66e0 ffffbd86`00000000 ffffa906`00000000 : nt!NtOpenKeyEx+0xf
ffffbd86`2494fa40 00007ff9`1e18f3f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`0a70cc08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`1e18f3f4
SYMBOL_NAME: nt!HvpGetCellPaged+c1
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3570
STACK_COMMAND: .cxr 0xffffbd862494e490 ; kb
BUCKET_ID_FUNC_OFFSET: c1
FAILURE_BUCKET_ID: 0x3B_C0000006_nt!HvpGetCellPaged
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {68f3db38-ae8e-4bae-c37a-85819946495f}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-04-14.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`2e200000 PsLoadedModuleList = 0xfffff802`2ee2a790
Debug session time: Sun Apr 14 22:22:16.455 2024 (UTC + 8:00)
System Uptime: 0 days 22:20:48.108
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......
Loading User Symbols
PEB address is NULL !
Loading unloaded module list
......................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`2e5fda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffe90d`1c255b80=000000000000003b
12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000006, Exception code that caused the BugCheck
Arg2: fffff8022e8b2701, Address of the instruction which caused the BugCheck
Arg3: ffffe90d1c256480, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2077
Key : Analysis.Elapsed.mSec
Value: 4505
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 327
Key : Analysis.Init.Elapsed.mSec
Value: 3885
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Bugcheck.Code.LegacyAPI
Value: 0x3b
Key : Bugcheck.Code.TargetModel
Value: 0x3b
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x3B_C0000006_nt!HvpGetCellPaged
Key : Failure.Hash
Value: {68f3db38-ae8e-4bae-c37a-85819946495f}
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000006
BUGCHECK_P2: fffff8022e8b2701
BUGCHECK_P3: ffffe90d1c256480
BUGCHECK_P4: 0
FILE_IN_CAB: 2024-04-14.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
CONTEXT: ffffe90d1c256480 -- (.cxr 0xffffe90d1c256480)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000007
rdx=000000000000001c rsi=ffffe90d1c257220 rdi=ffffe90d1c256f00
rip=fffff8022e8b2701 rsp=ffffe90d1c256e80 rbp=ffffe90d1c256fc1
r8=ffffd9072e962640 r9=000001954303e3b8 r10=00000000000003b8
r11=000000000290d3b8 r12=0000000000000000 r13=ffff9706c32dc000
r14=000000007cce0a66 r15=00000195413aca6c
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nt!HvpGetCellPaged+0xc1:
fffff802`2e8b2701 418b01 mov eax,dword ptr [r9] ds:002b:00000195`4303e3b8=????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 14
PROCESS_NAME: Registry
STACK_TEXT:
ffffe90d`1c256e80 fffff802`2e81af7f : 00000000`00000000 ffffe90d`1c257220 ffff9706`c93752d0 00000000`00000000 : nt!HvpGetCellPaged+0xc1
ffffe90d`1c256ec0 fffff802`2e824f7e : 00000001`ffffffff 00000000`9796f2de 00000000`00000000 ffff9706`00000000 : nt!CmpDoCompareKeyName+0x3f
ffffe90d`1c256f00 fffff802`2e838060 : ffff9706`c93752d0 ffffe90d`1c257170 ffffe90d`1c257110 ffffe90d`1c257190 : nt!CmpWalkOneLevel+0x61e
ffffe90d`1c257010 fffff802`2e8373c3 : 00000000`0000001c ffffe90d`1c257360 ffffe90d`1c257318 ffffd907`2dc0c010 : nt!CmpDoParseKey+0xa00
ffffe90d`1c2572b0 fffff802`2e833527 : fffff802`2e837101 ffff9706`00000000 ffffd907`2dc0c010 00000000`6d4e6201 : nt!CmpParseKey+0x2c3
ffffe90d`1c257450 fffff802`2e83baca : ffffd907`2dc0c001 ffffe90d`1c2576b8 ffffe90d`00000040 ffffd907`1bbd7da0 : nt!ObpLookupObjectName+0x1117
ffffe90d`1c257620 fffff802`2e83b8ac : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd907`1bbd7da0 : nt!ObOpenObjectByNameEx+0x1fa
ffffe90d`1c257750 fffff802`2e83b1f1 : 0000002e`df39cc48 ffffe90d`1c257ac0 00000000`00000001 fffff802`2e43d76e : nt!ObOpenObjectByName+0x5c
ffffe90d`1c2577a0 fffff802`2e83af1f : 10000000`00000041 0000002e`df39d3a8 00000000`01000006 00007ffa`260d5220 : nt!CmOpenKey+0x2c1
ffffe90d`1c257a00 fffff802`2e6119c5 : 00000220`f78c8a00 00000000`00000002 ffffe90d`1c257ac0 ffffd907`327cea10 : nt!NtOpenKeyEx+0xf
ffffe90d`1c257a40 00007ffa`4ae6f3f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000002e`df39cbe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`4ae6f3f4
SYMBOL_NAME: nt!HvpGetCellPaged+c1
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.4291
STACK_COMMAND: .cxr 0xffffe90d1c256480 ; kb
BUCKET_ID_FUNC_OFFSET: c1
FAILURE_BUCKET_ID: 0x3B_C0000006_nt!HvpGetCellPaged
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {68f3db38-ae8e-4bae-c37a-85819946495f}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-04-21-1.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff807`14000000 PsLoadedModuleList = 0xfffff807`14c2a790
Debug session time: Sun Apr 21 16:35:10.624 2024 (UTC + 8:00)
System Uptime: 6 days 16:00:55.274
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000c6`b82e4018). Type ".hh dbgerr001" for details
Loading unloaded module list
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`143fda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc181`18186920=000000000000007a
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: ffffe08f566210b0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 00000008582ad860, current process (virtual address for lock type 3, or PTE)
Arg4: ffffca0cf58e6238, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1499
Key : Analysis.Elapsed.mSec
Value: 2324
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 390
Key : Analysis.Init.Elapsed.mSec
Value: 3644
Key : Analysis.Memory.CommitPeak.Mb
Value: 102
Key : Bugcheck.Code.LegacyAPI
Value: 0x7a
Key : Bugcheck.Code.TargetModel
Value: 0x7a
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!EditionInitiateMouseEventProcessing
Key : Failure.Hash
Value: {3c916996-357d-dc6f-d3bd-651b97e4f923}
BUGCHECK_CODE: 7a
BUGCHECK_P1: ffffe08f566210b0
BUGCHECK_P2: ffffffffc0000185
BUGCHECK_P3: 8582ad860
BUGCHECK_P4: ffffca0cf58e6238
FILE_IN_CAB: 2024-04-21-1.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
ERROR_CODE: (NTSTATUS) 0xc0000185 - I/O I/O
DISK_HARDWARE_ERROR: There was error with disk hardware
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXDISK: 1
DISKSEC_ORG_ID:
DISKSEC_MODEL:
DISKSEC_MANUFACTURING_ID:
DISKSEC_ISSUE_DESC_STR:
DISKSEC_TOTAL_SIZE: 0
DISKSEC_REASON: 0
DISKSEC_PUBLIC_TOTAL_SECTION_SIZE: 0
DISKSEC_PUBLIC_OFFSET: 0
DISKSEC_PUBLIC_DATA_SIZE: 0
DISKSEC_PRIVATE_TOTAL_SECTION_SIZE: 0
DISKSEC_PRIVATE_OFFSET: 0
DISKSEC_PRIVATE_DATA_SIZE: 0
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffffc18118186cc0 -- (.trap 0xffffc18118186cc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=00000000000001b8
rdx=000000000000007d rsi=0000000000000000 rdi=0000000000000000
rip=ffffca0cf58e6238 rsp=ffffc18118186e58 rbp=ffffc18118186f51
r8=ffffc18118186ee0 r9=0000000000000002 r10=7ffffffffffffffc
r11=ffffca8583e0c000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
win32kfull!UserBeep:
ffffca0c`f58e6238 48895c2408 mov qword ptr [rsp+8],rbx ss:0018:ffffc181`18186e60=0000000000000000
Resetting default scope
STACK_TEXT:
ffffc181`18186918 fffff807`14265f29 : 00000000`0000007a ffffe08f`566210b0 ffffffff`c0000185 00000008`582ad860 : nt!KeBugCheckEx
ffffc181`18186920 fffff807`14266325 : ffffc181`00008000 ffffc181`18186a00 ffffc181`18186ab0 fffff807`00000000 : nt!MiWaitForInPageComplete+0x7d9
ffffc181`18186a10 fffff807`1421c308 : 00000000`c0033333 00000000`00000000 ffffca0c`f58e6238 00000000`00000000 : nt!MiIssueHardFault+0x3c5
ffffc181`18186b20 fffff807`1440db29 : 00000000`00000000 00000000`00000000 00000001`00000000 00000000`00000000 : nt!MmAccessFault+0x468
ffffc181`18186cc0 ffffca0c`f58e6238 : ffffca0c`f58802bf 00000000`00000000 fffff807`1423cee3 ffffca85`836a5080 : nt!KiPageFault+0x369
ffffc181`18186e58 ffffca0c`f58802bf : 00000000`00000000 fffff807`1423cee3 ffffca85`836a5080 ffffca23`c0675ad8 : win32kfull!UserBeep
ffffc181`18186e60 ffffca0c`f549790b : 00000000`00000001 ffffca0c`f5497a2c 00000000`00000000 00000000`00000000 : win32kfull!EditionInitiateMouseEventProcessing+0xa90af
ffffc181`18186e90 ffffca0c`f5507396 : 00000001`00000002 ffffc181`181871c0 00000000`00000000 0000053c`61bcae08 : win32kbase!ApiSetEditionInitiateMouseEventProcessing+0x6b
ffffc181`18186ed0 ffffca0c`f54972b1 : 00000396`00000bd4 ffffc181`18186ff0 00000396`00000bd4 ffffc181`181871c0 : win32kbase!CMouseProcessor::QueueMouseEvent+0x700ce
ffffc181`18186fb0 ffffca0c`f55b8a30 : 00000396`00000bd5 00000396`00000bd4 ffffca23`c06067e8 00000000`00000000 : win32kbase!CMouseProcessor::ProcessMouseInputData+0x185
ffffc181`18187030 ffffca0c`f55a9c9a : ffffca23`c06067d0 ffffca0c`f55a9d80 ffffca85`7f92d0c8 ffffca23`c06062d0 : win32kbase!CMouseProcessor::ProcessInput+0x524
ffffc181`18187270 ffffca0c`f55aa003 : ffffca23`c06062d0 0000053c`61bcae00 ffffca23`c06067d0 ffffca85`7f92d0c8 : win32kbase!CMouseSensor::FlushMouseReports+0x42
ffffc181`181872b0 ffffca0c`f55a9f34 : ffffca23`c9fdd8c0 00000000`00000018 ffffca23`c0606200 ffffca23`c06062d0 : win32kbase!CMouseSensor::ProcessInputWithRateLimitingIfEnabled+0xb3
ffffc181`18187300 ffffca0c`f559c1cb : ffffca0c`f56007c0 ffffc181`18187440 ffffca23`c06062d0 ffffca85`7f92d1c8 : win32kbase!CMouseSensor::ProcessInput+0x54
ffffc181`18187340 ffffca0c`f54ad07e : 00000000`00000040 ffffca0c`f56007c0 00000000`00000001 3518d77e`410f0000 : win32kbase!CBaseInput::OnReadNotification+0x52b
ffffc181`18187480 ffffca0c`f54acd52 : ffffca85`836a5080 ffffca23`c0673060 00000000`00000006 ffff2cce`f5cb79f3 : win32kbase!CBaseInput::OnDispatcherObjectSignaled+0x31e
ffffc181`181875c0 ffffca0c`f54a0a3f : ffffca0c`f5648330 ffffca23`c0673060 ffffca0c`f5641a70 00000000`00000000 : win32kbase!CBaseInput::_OnDispatcherObjectSignaled+0x12
ffffc181`181875f0 ffffca0c`f54a0790 : 00000000`00000006 ffffca0c`f5648330 00000000`00000006 ffffca23`00000000 : win32kbase!LegacyInputDispatcher::Dispatch+0x53
ffffc181`18187620 ffffca0c`f57a7813 : ffffca23`c064c420 ffffca23`c064c420 00000000`00000004 00000000`00000001 : win32kbase!LegacyInputDispatcher::WaitAndDispatch+0x100
ffffc181`18187750 ffffca0c`f57a73e4 : 00000000`00000004 00000000`00000004 00000000`0000000d ffffca0c`f5649b00 : win32kfull!xxxDesktopThreadWaiter+0x12b
ffffc181`181877d0 ffffca0c`f54124b4 : ffffca85`836a5080 ffffca85`836a5080 00000000`00000000 00000000`00000005 : win32kfull!xxxDesktopThread+0x544
ffffc181`181878b0 ffffca0c`f56fa611 : ffffca85`836a5080 00000000`00000000 00000000`00000005 00000000`00000005 : win32kbase!xxxCreateSystemThreads+0xc4
ffffc181`181879e0 ffffca0c`f5af474e : ffffca85`836a5080 ffffca85`836a5080 00000000`00000000 00000000`00000000 : win32kfull!NtUserCallNoParam+0x71
ffffc181`18187a10 fffff807`144119c5 : ffffca85`00000005 00000000`00000005 00000283`848040f0 00000000`00000710 : win32k!NtUserCallNoParam+0x16
ffffc181`18187a40 00007ffa`dc1a10e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000c6`b89bfae8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`dc1a10e4
SYMBOL_NAME: win32kfull!EditionInitiateMouseEventProcessing+a90af
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
IMAGE_VERSION: 10.0.19041.4291
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: a90af
FAILURE_BUCKET_ID: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!EditionInitiateMouseEventProcessing
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3c916996-357d-dc6f-d3bd-651b97e4f923}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-04-21-2.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff807`0d200000 PsLoadedModuleList = 0xfffff807`0de2a790
Debug session time: Sun Apr 21 23:56:38.479 2024 (UTC + 8:00)
System Uptime: 0 days 7:21:10.144
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000e9`e0a88018). Type ".hh dbgerr001" for details
Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`0d5fda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8f06`13c06660=000000000000007a
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: ffff82dec377b6e0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 0000000123c44880, current process (virtual address for lock type 3, or PTE)
Arg4: ffffbd86ef6dc2a8, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1593
Key : Analysis.Elapsed.mSec
Value: 1611
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 390
Key : Analysis.Init.Elapsed.mSec
Value: 9053
Key : Analysis.Memory.CommitPeak.Mb
Value: 94
Key : Bugcheck.Code.LegacyAPI
Value: 0x7a
Key : Bugcheck.Code.TargetModel
Value: 0x7a
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x7a_c0000185_DUMP_STORNVMEDUMP_STORPORT_WdFilter!unknown_function
Key : Failure.Hash
Value: {583a70be-e583-303f-b204-7f0ac69a89f4}
BUGCHECK_CODE: 7a
BUGCHECK_P1: ffff82dec377b6e0
BUGCHECK_P2: ffffffffc0000185
BUGCHECK_P3: 123c44880
BUGCHECK_P4: ffffbd86ef6dc2a8
FILE_IN_CAB: 2024-04-21-2.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
ERROR_CODE: (NTSTATUS) 0xc0000185 - I/O I/O
DISK_HARDWARE_ERROR: There was error with disk hardware
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXDISK: 1
DISKSEC_ORG_ID:
DISKSEC_MODEL:
DISKSEC_MANUFACTURING_ID:
DISKSEC_ISSUE_DESC_STR:
DISKSEC_TOTAL_SIZE: 0
DISKSEC_REASON: 0
DISKSEC_PUBLIC_TOTAL_SECTION_SIZE: 0
DISKSEC_PUBLIC_OFFSET: 0
DISKSEC_PUBLIC_DATA_SIZE: 0
DISKSEC_PRIVATE_TOTAL_SECTION_SIZE: 0
DISKSEC_PRIVATE_OFFSET: 0
DISKSEC_PRIVATE_DATA_SIZE: 0
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: chrome.exe
TRAP_FRAME: ffff8f0613c06a00 -- (.trap 0xffff8f0613c06a00)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffbd86ef6dc288 rbx=0000000000000000 rcx=ffffbd86ef6dc288
rdx=ffffce0feb2cbbb8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80709a12ba6 rsp=ffff8f0613c06b90 rbp=ffffce0fdd815b30
r8=ffffce0fee604a80 r9=ffffbd86ed339e88 r10=ffffce0fdd815b30
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
FLTMGR!SetContextIntoStreamList+0x246:
fffff807`09a12ba6 488b4020 mov rax,qword ptr [rax+20h] ds:ffffbd86`ef6dc2a8=????????????????
Resetting default scope
STACK_TEXT:
ffff8f06`13c06658 fffff807`0d465f29 : 00000000`0000007a ffff82de`c377b6e0 ffffffff`c0000185 00000001`23c44880 : nt!KeBugCheckEx
ffff8f06`13c06660 fffff807`0d466325 : ffff8f06`00003000 ffff8f06`13c06700 ffff8f06`13c067f0 fffff807`00000000 : nt!MiWaitForInPageComplete+0x7d9
ffff8f06`13c06750 fffff807`0d41c308 : 00000000`c0033333 00000000`00000000 ffffbd86`ef6dc2a8 00000000`00000000 : nt!MiIssueHardFault+0x3c5
ffff8f06`13c06860 fffff807`0d60db29 : ffffce0f`dd816180 ffffce0f`dd816180 ffffce0f`e64d9a20 ffffce0f`e6b13d78 : nt!MmAccessFault+0x468
ffff8f06`13c06a00 fffff807`09a12ba6 : ffffbd86`ed339e70 00000000`00000000 ffffce0f`00000000 00000000`00000000 : nt!KiPageFault+0x369
ffff8f06`13c06b90 fffff807`09a123b8 : ffffce0f`eb2cbb60 ffffce0f`ee604a80 ffff8f06`00000001 ffffbd86`ed339ed0 : FLTMGR!SetContextIntoStreamList+0x246
ffff8f06`13c06c30 fffff807`0fbf7e82 : ffff8f06`13c06d68 ffff8f06`13c07098 ffff8f06`13c06d20 ffffce0f`ee9904c0 : FLTMGR!FltSetStreamHandleContext+0x28
ffff8f06`13c06c80 ffff8f06`13c06d68 : ffff8f06`13c07098 ffff8f06`13c06d20 ffffce0f`ee9904c0 ffff8f06`13c06d08 : WdFilter+0x47e82
ffff8f06`13c06c88 ffff8f06`13c07098 : ffff8f06`13c06d20 ffffce0f`ee9904c0 ffff8f06`13c06d08 fffff807`0fbb2cdd : 0xffff8f06`13c06d68
ffff8f06`13c06c90 ffff8f06`13c06d20 : ffffce0f`ee9904c0 ffff8f06`13c06d08 fffff807`0fbb2cdd ffffce0f`00000000 : 0xffff8f06`13c07098
ffff8f06`13c06c98 ffffce0f`ee9904c0 : ffff8f06`13c06d08 fffff807`0fbb2cdd ffffce0f`00000000 ffffce0f`eb2cbba8 : 0xffff8f06`13c06d20
ffff8f06`13c06ca0 ffff8f06`13c06d08 : fffff807`0fbb2cdd ffffce0f`00000000 ffffce0f`eb2cbba8 ffffbd86`ebaa11f0 : 0xffffce0f`ee9904c0
ffff8f06`13c06ca8 fffff807`0fbb2cdd : ffffce0f`00000000 ffffce0f`eb2cbba8 ffffbd86`ebaa11f0 ffffce0f`ee990588 : 0xffff8f06`13c06d08
ffff8f06`13c06cb0 ffffce0f`00000000 : ffffce0f`eb2cbba8 ffffbd86`ebaa11f0 ffffce0f`ee990588 fffff807`0fbd3000 : WdFilter+0x2cdd
ffff8f06`13c06cb8 ffffce0f`eb2cbba8 : ffffbd86`ebaa11f0 ffffce0f`ee990588 fffff807`0fbd3000 ffff8f06`13c07098 : 0xffffce0f`00000000
ffff8f06`13c06cc0 ffffbd86`ebaa11f0 : ffffce0f`ee990588 fffff807`0fbd3000 ffff8f06`13c07098 ffff8f06`13c07000 : 0xffffce0f`eb2cbba8
ffff8f06`13c06cc8 ffffce0f`ee990588 : fffff807`0fbd3000 ffff8f06`13c07098 ffff8f06`13c07000 fffff807`0fbf7a34 : 0xffffbd86`ebaa11f0
ffff8f06`13c06cd0 fffff807`0fbd3000 : ffff8f06`13c07098 ffff8f06`13c07000 fffff807`0fbf7a34 ffff8f06`13c06e20 : 0xffffce0f`ee990588
ffff8f06`13c06cd8 ffff8f06`13c07098 : ffff8f06`13c07000 fffff807`0fbf7a34 ffff8f06`13c06e20 fffff807`09a13e71 : WdFilter+0x23000
ffff8f06`13c06ce0 ffff8f06`13c07000 : fffff807`0fbf7a34 ffff8f06`13c06e20 fffff807`09a13e71 ffffbd86`ed339ed0 : 0xffff8f06`13c07098
ffff8f06`13c06ce8 fffff807`0fbf7a34 : ffff8f06`13c06e20 fffff807`09a13e71 ffffbd86`ed339ed0 00000000`00000000 : 0xffff8f06`13c07000
ffff8f06`13c06cf0 ffff8f06`13c06e20 : fffff807`09a13e71 ffffbd86`ed339ed0 00000000`00000000 ffffbd86`ebaa1100 : WdFilter+0x47a34
ffff8f06`13c06cf8 fffff807`09a13e71 : ffffbd86`ed339ed0 00000000`00000000 ffffbd86`ebaa1100 ffff8f06`13c06ff0 : 0xffff8f06`13c06e20
ffff8f06`13c06d00 fffff807`0fbf5726 : ffffbd86`ebaa11f0 ffff8f06`13c07000 ffff8f06`13c07098 ffffbd86`ebaa1100 : FLTMGR!FltGetStreamContext+0xe1
ffff8f06`13c06d50 ffffbd86`ebaa11f0 : ffff8f06`13c07000 ffff8f06`13c07098 ffffbd86`ebaa1100 ffffbd86`ed924d10 : WdFilter+0x45726
ffff8f06`13c06d58 ffff8f06`13c07000 : ffff8f06`13c07098 ffffbd86`ebaa1100 ffffbd86`ed924d10 fffff807`0d43db00 : 0xffffbd86`ebaa11f0
ffff8f06`13c06d60 ffff8f06`13c07098 : ffffbd86`ebaa1100 ffffbd86`ed924d10 fffff807`0d43db00 ffffce0f`e33c66d0 : 0xffff8f06`13c07000
ffff8f06`13c06d68 ffffbd86`ebaa1100 : ffffbd86`ed924d10 fffff807`0d43db00 ffffce0f`e33c66d0 fffff807`0d43d25b : 0xffff8f06`13c07098
ffff8f06`13c06d70 ffffbd86`ed924d10 : fffff807`0d43db00 ffffce0f`e33c66d0 fffff807`0d43d25b 00000000`00000000 : 0xffffbd86`ebaa1100
ffff8f06`13c06d78 fffff807`0d43db00 : ffffce0f`e33c66d0 fffff807`0d43d25b 00000000`00000000 ffff8f06`13c06e71 : 0xffffbd86`ed924d10
ffff8f06`13c06d80 fffff807`00000020 : 00000000`00000000 ffff8f06`13c06e71 ffff8f06`13c06f00 00000000`00000000 : nt!ExReleaseResourceLite+0xd0
ffff8f06`13c06de0 00000000`00000000 : ffff8f06`13c06e71 ffff8f06`13c06f00 00000000`00000000 ffffbd86`f0d21d10 : 0xfffff807`00000020
SYMBOL_NAME: WdFilter+47e82
MODULE_NAME: WdFilter
IMAGE_NAME: WdFilter.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 47e82
FAILURE_BUCKET_ID: 0x7a_c0000185_DUMP_STORNVMEDUMP_STORPORT_WdFilter!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {583a70be-e583-303f-b204-7f0ac69a89f4}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-04-24.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff807`3c200000 PsLoadedModuleList = 0xfffff807`3ce2a790
Debug session time: Wed Apr 24 00:11:38.313 2024 (UTC + 8:00)
System Uptime: 2 days 0:12:50.971
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000c9`359b6018). Type ".hh dbgerr001" for details
Loading unloaded module list
...................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`3c5fda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffdb0b`70c3a880=00000000000000ef
12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff9584aee30080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2343
Key : Analysis.Elapsed.mSec
Value: 4856
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 342
Key : Analysis.Init.Elapsed.mSec
Value: 7249
Key : Analysis.Memory.CommitPeak.Mb
Value: 85
Key : Bugcheck.Code.LegacyAPI
Value: 0xef
Key : Bugcheck.Code.TargetModel
Value: 0xef
Key : CriticalProcessDied.ExceptionCode
Value: ab33f080
Key : CriticalProcessDied.Process
Value: csrss.exe
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_ab33f080_nt!PspCatchCriticalBreak
Key : Failure.Hash
Value: {e52e1a74-c4a7-6819-af1c-724789dc6f83}
BUGCHECK_CODE: ef
BUGCHECK_P1: ffff9584aee30080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
FILE_IN_CAB: 2024-04-24.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
ERROR_CODE: (NTSTATUS) 0xab33f080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 24
STACK_TEXT:
ffffdb0b`70c3a878 fffff807`3cb0dee2 : 00000000`000000ef ffff9584`aee30080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffdb0b`70c3a880 fffff807`3ca1ee69 : 00000000`00000000 fffff807`3c53d9fd 00000000`00000002 fffff807`3c50cc5b : nt!PspCatchCriticalBreak+0x10e
ffffdb0b`70c3a920 fffff807`3c8c7390 : ffff9584`00000000 00000000`00000000 ffff9584`aee30080 ffff9584`aee304b8 : nt!PspTerminateAllThreads+0x156edd
ffffdb0b`70c3a990 fffff807`3c8c718c : ffff9584`aee30080 00000000`00000000 00000000`00000000 ffff9584`a50f2080 : nt!PspTerminateProcess+0xe0
ffffdb0b`70c3a9d0 fffff807`3c6119c5 : ffff9584`aee30080 ffff9584`ab33f080 ffffdb0b`70c3aac0 ffffffff`ee1e5d00 : nt!NtTerminateProcess+0x9c
ffffdb0b`70c3aa40 00007ffc`68dcd564 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000c9`35a3da78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`68dcd564
SYMBOL_NAME: nt!PspCatchCriticalBreak+10e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.4291
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 10e
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_ab33f080_nt!PspCatchCriticalBreak
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e52e1a74-c4a7-6819-af1c-724789dc6f83}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.125 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-04-29.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff807`58800000 PsLoadedModuleList = 0xfffff807`5942a790
Debug session time: Mon Apr 29 23:26:02.853 2024 (UTC + 8:00)
System Uptime: 0 days 1:46:55.271
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000004b`62f4a018). Type ".hh dbgerr001" for details
Loading unloaded module list
.................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`58bfda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffec01`2c91f5e0=000000000000007a
15: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: ffff8009026402e0, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 00000002ee056860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff52769d2ce44, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1515
Key : Analysis.Elapsed.mSec
Value: 5980
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 327
Key : Analysis.Init.Elapsed.mSec
Value: 7517
Key : Analysis.Memory.CommitPeak.Mb
Value: 100
Key : Bugcheck.Code.LegacyAPI
Value: 0x7a
Key : Bugcheck.Code.TargetModel
Value: 0x7a
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!WerSubmitReportWorker
Key : Failure.Hash
Value: {a58f40d9-0b67-5c9d-dfde-83cd8abfea72}
BUGCHECK_CODE: 7a
BUGCHECK_P1: ffff8009026402e0
BUGCHECK_P2: ffffffffc0000185
BUGCHECK_P3: 2ee056860
BUGCHECK_P4: fffff52769d2ce44
FILE_IN_CAB: 2024-04-29.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
ERROR_CODE: (NTSTATUS) 0xc0000185 - I/O I/O
DISK_HARDWARE_ERROR: There was error with disk hardware
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXDISK: 1
DISKSEC_ORG_ID:
DISKSEC_MODEL:
DISKSEC_MANUFACTURING_ID:
DISKSEC_ISSUE_DESC_STR:
DISKSEC_TOTAL_SIZE: 0
DISKSEC_REASON: 0
DISKSEC_PUBLIC_TOTAL_SECTION_SIZE: 0
DISKSEC_PUBLIC_OFFSET: 0
DISKSEC_PUBLIC_DATA_SIZE: 0
DISKSEC_PRIVATE_TOTAL_SECTION_SIZE: 0
DISKSEC_PRIVATE_OFFSET: 0
DISKSEC_PRIVATE_DATA_SIZE: 0
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 29
PROCESS_NAME: csrss.exe
TRAP_FRAME: ffffec012c91f980 -- (.trap 0xffffec012c91f980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff52769d0d850 rbx=0000000000000000 rcx=00000000000028ac
rdx=000000000000201c rsi=0000000000000000 rdi=0000000000000000
rip=fffff52769d2ce44 rsp=ffffec012c91fb18 rbp=0000000000000080
r8=0000000000000400 r9=00140410008302ff r10=fffff52769d0d850
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
win32kfull!WerKernelSubmitReportForHungProcess:
fffff527`69d2ce44 48895c2408 mov qword ptr [rsp+8],rbx ss:0018:ffffec01`2c91fb20=0000000000000000
Resetting default scope
STACK_TEXT:
ffffec01`2c91f5d8 fffff807`58a65f29 : 00000000`0000007a ffff8009`026402e0 ffffffff`c0000185 00000002`ee056860 : nt!KeBugCheckEx
ffffec01`2c91f5e0 fffff807`58a66325 : ffffec01`00008000 ffffec01`2c91f700 ffffec01`2c91f770 fffff807`00000000 : nt!MiWaitForInPageComplete+0x7d9
ffffec01`2c91f6d0 fffff807`58a1c308 : 00000000`c0033333 00000000`00000000 fffff527`69d2ce44 00000000`00000000 : nt!MiIssueHardFault+0x3c5
ffffec01`2c91f7e0 fffff807`58c0db29 : 00000000`0d03fda0 00000000`0cec9000 ffff9a0c`c8748080 00000000`00000000 : nt!MmAccessFault+0x468
ffffec01`2c91f980 fffff527`69d2ce44 : fffff527`69d0d867 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x369
ffffec01`2c91fb18 fffff527`69d0d867 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffc780`6208d440 : win32kfull!WerKernelSubmitReportForHungProcess
ffffec01`2c91fb20 fffff807`58b4ef55 : ffff9a0c`c7fab080 fffff527`69d0d850 ffff9a0c`c54764b0 00000000`00000000 : win32kfull!WerSubmitReportWorker+0x17
ffffec01`2c91fb50 fffff807`58c06a48 : ffffc780`62082180 ffff9a0c`c7fab080 fffff807`58b4ef00 00000000`00000246 : nt!PspSystemThreadStartup+0x55
ffffec01`2c91fba0 00000000`00000000 : ffffec01`2c920000 ffffec01`2c919000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: win32kfull!WerSubmitReportWorker+17
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
IMAGE_VERSION: 10.0.19041.4291
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 17
FAILURE_BUCKET_ID: 0x7a_c0000185_DUMP_STORPORTDUMP_STORNVME_win32kfull!WerSubmitReportWorker
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {a58f40d9-0b67-5c9d-dfde-83cd8abfea72}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.063 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.515 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-05-10.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`20200000 PsLoadedModuleList = 0xfffff802`20e2a790
Debug session time: Fri May 10 22:54:20.415 2024 (UTC + 8:00)
System Uptime: 5 days 7:57:54.064
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000d3`3dca1018). Type ".hh dbgerr001" for details
Loading unloaded module list
......................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`205fda40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffe08`2c287880=00000000000000ef
12: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffa80404bb5080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2952
Key : Analysis.Elapsed.mSec
Value: 12081
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 484
Key : Analysis.Init.Elapsed.mSec
Value: 14893
Key : Analysis.Memory.CommitPeak.Mb
Value: 93
Key : Bugcheck.Code.LegacyAPI
Value: 0xef
Key : Bugcheck.Code.TargetModel
Value: 0xef
Key : CriticalProcessDied.ExceptionCode
Value: 5873080
Key : CriticalProcessDied.Process
Value: csrss.exe
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_5873080_nt!PspCatchCriticalBreak
Key : Failure.Hash
Value: {4e8f9687-9e2e-6360-f6b0-a154168e07df}
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffa80404bb5080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
FILE_IN_CAB: 2024-05-10.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
ERROR_CODE: (NTSTATUS) 0x5873080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 10
STACK_TEXT:
fffffe08`2c287878 fffff802`20b0dee2 : 00000000`000000ef ffffa804`04bb5080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffffe08`2c287880 fffff802`20a1ee69 : 00000000`00000000 fffff802`2053d9fd 00000000`00000002 fffff802`2050cc5b : nt!PspCatchCriticalBreak+0x10e
fffffe08`2c287920 fffff802`208c7390 : ffffa804`00000000 00000000`00000000 ffffa804`04bb5080 ffffa804`04bb54b8 : nt!PspTerminateAllThreads+0x156edd
fffffe08`2c287990 fffff802`208c718c : ffffa804`04bb5080 00000000`00000000 00000000`00000000 ffffa804`02ea0640 : nt!PspTerminateProcess+0xe0
fffffe08`2c2879d0 fffff802`206119c5 : ffffa804`04bb5080 ffffa804`05873080 fffffe08`2c287ac0 ffffffff`ee1e5d00 : nt!NtTerminateProcess+0x9c
fffffe08`2c287a40 00007ff9`9e6ad564 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000d3`3de7d4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`9e6ad564
SYMBOL_NAME: nt!PspCatchCriticalBreak+10e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.4291
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 10e
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_5873080_nt!PspCatchCriticalBreak
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4e8f9687-9e2e-6360-f6b0-a154168e07df}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.031 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.218 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 41
Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maomao\OneDrive\文档\2024-05-20.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff802`6500d000 PsLoadedModuleList = 0xfffff802`65c377c0
Debug session time: Mon May 20 01:38:37.920 2024 (UTC + 8:00)
System Uptime: 0 days 0:09:18.587
Loading Kernel Symbols
...............................................................
........................................
Loading User Symbols
Loading unloaded module list
..
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`6540aaf0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb88e`1e4075d0=00000000000000c4
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff806e93dd7c3, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000073466243, Pool Tag (if provided).
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for cbfs6.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1577
Key : Analysis.Elapsed.mSec
Value: 2069
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 327
Key : Analysis.Init.Elapsed.mSec
Value: 8690
Key : Analysis.Memory.CommitPeak.Mb
Value: 79
Key : Bugcheck.Code.LegacyAPI
Value: 0xc4
Key : Bugcheck.Code.TargetModel
Value: 0xc4
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: 0xc4_2000_cbfs6!unknown_function
Key : Failure.Hash
Value: {c5d06e26-b049-b4c4-2de8-99f17009214a}
BUGCHECK_CODE: c4
BUGCHECK_P1: 2000
BUGCHECK_P2: fffff806e93dd7c3
BUGCHECK_P3: 0
BUGCHECK_P4: 73466243
FILE_IN_CAB: 2024-05-20.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BLACKBOXNTFS: 1 (!blackboxntfs)
CUSTOMER_CRASH_COUNT: 20
PROCESS_NAME: System
STACK_TEXT:
ffffb88e`1e4075c8 fffff802`659e0e34 : 00000000`000000c4 00000000`00002000 fffff806`e93dd7c3 00000000`00000000 : nt!KeBugCheckEx
ffffb88e`1e4075d0 fffff802`655b0025 : fffff802`65c1fcf0 00000000`00002000 fffff806`e93dd7c3 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0xe0
ffffb88e`1e407610 fffff802`659d7df4 : 00000000`73466243 fffff802`65c1fcf0 fffff806`e93dd7c3 fffff806`00000003 : nt!VfReportIssueWithOptions+0x101
ffffb88e`1e407660 fffff802`659f134a : 00000000`00000000 00000000`00000001 00000000`00000050 fffff806`e9390888 : nt!VfCheckPoolType+0x90
ffffb88e`1e4076a0 fffff806`e93dd7c3 : 00000000`00000010 ffffe08f`e6d2be30 ffffe08f`e68f7000 00000000`00000000 : nt!VerifierExInitializeNPagedLookasideList+0x5a
ffffb88e`1e407720 00000000`00000010 : ffffe08f`e6d2be30 ffffe08f`e68f7000 00000000`00000000 00000000`00000050 : cbfs6+0x6d7c3
ffffb88e`1e407728 ffffe08f`e6d2be30 : ffffe08f`e68f7000 00000000`00000000 00000000`00000050 00000000`73466243 : 0x10
ffffb88e`1e407730 ffffe08f`e68f7000 : 00000000`00000000 00000000`00000050 00000000`73466243 fffff806`e9390010 : 0xffffe08f`e6d2be30
ffffb88e`1e407738 00000000`00000000 : 00000000`00000050 00000000`73466243 fffff806`e9390010 ffffffff`fa0a1f00 : 0xffffe08f`e68f7000
SYMBOL_NAME: cbfs6+6d7c3
MODULE_NAME: cbfs6
IMAGE_NAME: cbfs6.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 6d7c3
FAILURE_BUCKET_ID: 0xc4_2000_cbfs6!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {c5d06e26-b049-b4c4-2de8-99f17009214a}
Followup: MachineOwner
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment