Hi guys i have problem with one machine. It runned 4 months without problem recently it started having issues with bsod usually on 100% cpu use previously without installing any updates or anything. After those errors i reinstalled all drivers, installed all updates. Runned driver verifier with log on botom of the page.
OS Windows server 2016 Ryzen 2700x 64gb ram setup at 2400 mhz
With sfc scan it detected issue with termsrv.dll sfc fix crash on start. Server is used for local users to connect to it via rdp.
thanks for help
sfc scan
Driver verifier
OS Windows server 2016 Ryzen 2700x 64gb ram setup at 2400 mhz
With sfc scan it detected issue with termsrv.dll sfc fix crash on start. Server is used for local users to connect to it via rdp.
thanks for help
sfc scan
Code:
2019-04-05 13:58:45, Info CSI 00006e15@2019/4/5:11:58:45.148 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e16@2019/4/5:11:58:45.155 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e17@2019/4/5:11:58:45.169 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e18@2019/4/5:11:58:45.177 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e19@2019/4/5:11:58:45.184 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e1a [SR] Verify complete
2019-04-05 13:58:45, Info CSI 00006e1b [SR] Repairing 1 components
2019-04-05 13:58:45, Info CSI 00006e1c [SR] Beginning Verify and Repair transaction
2019-04-05 13:58:45, Info CSI 00006e1d Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.14393.0_none_bc13ad436af6bbc9\termsrv.dll do not match actual file [l:11]'termsrv.dll' :
Found: {l:32 kRwLQZrGjsU14L760WEqhAqiJ0UhWDTfQh8QBBtK2ic=} Expected: {l:32 rDHYQf6li3dhJ+E42yD41I4m/YwAzi+paV6hTr8Vmgo=}
2019-04-05 13:58:45, Info CSI 00006e1e [SR] Cannot repair member file [l:11]'termsrv.dll' of Microsoft-Windows-TerminalServices-RemoteConnectionManager, version 10.0.14393.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-04-05 13:58:45, Info CSI 00006e1f@2019/4/5:11:58:45.198 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e20 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.14393.0_none_bc13ad436af6bbc9\termsrv.dll do not match actual file [l:11]'termsrv.dll' :
Found: {l:32 kRwLQZrGjsU14L760WEqhAqiJ0UhWDTfQh8QBBtK2ic=} Expected: {l:32 rDHYQf6li3dhJ+E42yD41I4m/YwAzi+paV6hTr8Vmgo=}
2019-04-05 13:58:45, Info CSI 00006e21 [SR] Cannot repair member file [l:11]'termsrv.dll' of Microsoft-Windows-TerminalServices-RemoteConnectionManager, version 10.0.14393.0, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2019-04-05 13:58:45, Info CSI 00006e22 [SR] This component was referenced by [l:129]'Microsoft-Windows-Server-Features-Remainder-termsrv-Package~31bf3856ad364e35~amd64~~10.0.14393.0.241c8d7eec805723b67b8d29e1755dca'
2019-04-05 13:58:45, Info CSI 00006e23 [SR] This component was referenced by [l:129]'Microsoft-Windows-ServerCore-SKU-Foundation-termsrv-Package~31bf3856ad364e35~amd64~~10.0.14393.0.88ba03d966adfa5b689c0042a4cd98b3'
2019-04-05 13:58:45, Info CSI 00006e24 [SR] This component was referenced by [l:169]'Microsoft-Windows-Server-Features-Package-AutoMerged-termsrv~31bf3856ad364e35~amd64~~10.0.14393.0.Microsoft-Windows-Server-Features-Package-AutoMerged-termsrv-Deployment'
2019-04-05 13:58:45, Info CSI 00006e25 [SR] This component was referenced by [l:106]'Microsoft-Windows-TS-termsrv-Package~31bf3856ad364e35~amd64~~10.0.14393.0.f0d406315b6d7c71a135b8c6def8e62f'
2019-04-05 13:58:45, Info CSI 00006e26 Hashes for file member \??\C:\Windows\System32\termsrv.dll do not match actual file [l:11]'termsrv.dll' :
Found: {l:32 kRwLQZrGjsU14L760WEqhAqiJ0UhWDTfQh8QBBtK2ic=} Expected: {l:32 rDHYQf6li3dhJ+E42yD41I4m/YwAzi+paV6hTr8Vmgo=}
2019-04-05 13:58:45, Info CSI 00006e27 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.14393.0_none_bc13ad436af6bbc9\termsrv.dll do not match actual file [l:11]'termsrv.dll' :
Found: {l:32 kRwLQZrGjsU14L760WEqhAqiJ0UhWDTfQh8QBBtK2ic=} Expected: {l:32 rDHYQf6li3dhJ+E42yD41I4m/YwAzi+paV6hTr8Vmgo=}
2019-04-05 13:58:45, Info CSI 00006e28 [SR] Could not reproject corrupted file \??\C:\Windows\System32\termsrv.dll; source file in store is also corrupted
2019-04-05 13:58:45, Info CSI 00006e29@2019/4/5:11:58:45.215 Primitive installers committed for repair
2019-04-05 13:58:45, Info CSI 00006e2a [SR] Repair complete
2019-04-05 13:58:45, Info CSI 00006e2b [SR] Committing transaction
2019-04-05 13:58:45, Info CSI 00006e2c Creating NT transaction (seq 1), objectname '(null)'
2019-04-05 13:58:45, Info CSI 00006e2d Created NT transaction (seq 1) result 0x00000000, handle @0x6dc
2019-04-05 13:58:45, Info CSI 00006e2e@2019/4/5:11:58:45.220 Beginning NT transaction commit...
2019-04-05 13:58:45, Info CSI 00006e2f@2019/4/5:11:58:45.225 CSI perf trace:
CSIPERF:TXCOMMIT;5300
2019-04-05 13:58:45, Info CSI 00006e30 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2019-04-05 14:00:45, Info CBS Trusted Installer is shutting down because: SHUTDOWN_REASON_AUTOSTOP
2019-04-05 14:00:45, Info CBS TiWorker signaled for shutdown, going to exit.
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: ExecutionEngineFinalize
2019-04-05 14:00:45, Info CBS Ending the TiWorker main loop.
2019-04-05 14:00:45, Info CBS Starting TiWorker finalization.
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: ManifestCacheFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: ExecutionEngineFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: ComponentAnalyzerFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: PackageTrackerFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CoreResourcesUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: SessionManagerFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CapabilityManagerFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: PublicObjectMonitorFinalize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: Enter vCoreInitializeLock
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: WcpUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: DrupUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CfgMgr32Unload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: DpxUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CbsEsdUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CbsTraceInfoUninitialize
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: CbsEventUnregister
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: AppContainerUnload
2019-04-05 14:00:45, Info CBS CbsCoreFinalize: WdsUnload, logging from cbscore will end.
2019-04-05 14:00:45, Info CBS Ending TiWorker finalization.
2019-04-05 14:00:45, Info CBS Ending the TrustedInstaller main loop.
2019-04-05 14:00:45, Info CBS Starting TrustedInstaller finalization.
2019-04-05 14:00:45, Info CBS Ending TrustedInstaller finalization.
Code:
On Tue 2.4.2019 14:17:02 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\040219-7734-01.dmp
This was probably caused by the following module: verifierext.sys (VerifierExt+0x87A9)
Bugcheck code: 0xC4 (0xB2, 0xFFFF8282C47ECFC0, 0x4, 0x4)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
file path: C:\Windows\system32\drivers\verifierext.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Driver Verifier Extension
Bug check description: This is the general bug check code for fatal errors found by Driver Verifier. The driver called MmMapLockedPages for an MDL with incorrect flags. For example, the driver passed an MDL that is already mapped to a system address or that was not locked to MmMapLockedPages.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
On Tue 2.4.2019 11:54:55 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\040219-8093-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0xF7 (0x4E0E0535E644, 0x4E510535E644, 0xFFFFB1AEFACA19BB, 0x0)
Error: DRIVER_OVERRAN_STACK_BUFFER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a driver has overrun a stack-based buffer.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Tue 2.4.2019 9:51:39 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\040219-8078-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0xA (0xFFFFAC8F8F508D50, 0x2, 0x0, 0xFFFFF80218CFB0D8)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This is a software bug.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Mon 1.4.2019 11:35:43 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\040119-16156-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0x1A (0x41201, 0xFFFF94BFFFF938C8, 0x2E5000C7D035D025, 0xFFFFBC08C2CB5B50)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Fri 22.3.2019 14:28:09 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032519-7890-01.dmp
This was probably caused by the following module: envirtahci.sys (envirtahci+0x13853)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0x885757BF9, 0xFFFFD5819BD29868, 0xFFFFD5819BD290B0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\envirtahci.sys
product: AHCI Virtual Storage Miniport Driver
company: AMD
description: AHCI Virtual Storage Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a storage driver or controller driver. Since there is no other responsible driver detected, this could be pointing to a malfunctioning drive or corrupted disk. It's suggested that you run CHKDSK.
On Fri 22.3.2019 8:55:26 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032219-14078-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0xF7 (0x7A8E1F3BB902, 0x7A011F3BB902, 0xFFFF85FEE0C446FD, 0x0)
Error: DRIVER_OVERRAN_STACK_BUFFER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a driver has overrun a stack-based buffer.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Fri 22.3.2019 8:45:05 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032219-10484-01.dmp
This was probably caused by the following module: win32kfull.sys (0xFFFFF18BF8CAB128)
Bugcheck code: 0x50 (0xFFFFF18FF90B19B8, 0x0, 0xFFFFF18BF8CAB128, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\win32kfull.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Full/Desktop Win32k Kernel Driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
On Thu 21.3.2019 11:34:24 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032119-13156-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0x50 (0xFFFFFFFFFFFFFFFD, 0x0, 0xFFFFF800DF7EA9C8, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 21.3.2019 10:34:51 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032119-8421-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x15C950)
Bugcheck code: 0x50 (0xFFFFF88F4BAFBB0F, 0x10, 0xFFFFF88F4BAFBB0F, 0x2)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 21.3.2019 9:01:32 your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\032119-8890-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x95D05)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF800082A4D05, 0xFFFFAE8067A62878, 0xFFFFAE8067A620C0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.Driver verifier
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\040219-7734-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (16 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 14393.2879.amd64fre.rs1_release_inmarket.190313-1855
Machine Name:
Kernel base = 0xfffff803\cb675000 PsLoadedModuleList = 0xfffff803`cb977180`
Debug session time: Tue Apr 2 14:17:02.669 2019 (UTC + 2:00)
System Uptime: 0 days 0:00:05.457
Loading Kernel Symbols
...............................................................
......................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {b2, ffff8282c47ecfc0, 4, 4}
*** WARNING: Unable to verify timestamp for cphost.sys
*** ERROR: Module load completed but symbols could not be loaded for cphost.sys
Probably caused by : cphost.sys ( cphost+7a70 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000b2, MmMapLockedPages called on an MDL having incorrect flags.
`For example, calling MmMapLockedPages for an MDL`
`that is already mapped to a system address is incorrect.`
Arg2: ffff8282c47ecfc0, MDL address.
Arg3: 0000000000000004, MDL flags.
Arg4: 0000000000000004, Incorrect MDL flags.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.2879.amd64fre.rs1_release_inmarket.190313-1855
DUMP_TYPE: 2
BUGCHECK_P1: b2
BUGCHECK_P2: ffff8282c47ecfc0
BUGCHECK_P3: 4
BUGCHECK_P4: 4
BUGCHECK_STR: 0xc4_b2
CPU_COUNT: 10
CPU_MHZ: e74
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: ZS-PREDMIER
ANALYSIS_SESSION_TIME: 04-02-2019 14:36:51.0596
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff803cbd7d360 to fffff803cb7d1950
STACK_TEXT:
ffffac80\36fc5f78 fffff803`cbd7d360 : 00000000`000000c4 00000000`000000b2 ffff8282`c47ecfc0 00000000`00000004 : nt!KeBugCheckEx`
ffffac80\36fc5f80 fffff803`cbd8d8df : 00000000`00000008
0250000f`c08c6025 ffff87c3`dffe8828 ffff87c3`e1efff40 :
nt!VerifierBugCheckIfAppropriate+0x48`
ffffac80\36fc5fc0 fffff803`cbd8d0cf : ffff8282`c47ecfc0
ffff6ea3`6ae4d420 00007ffa`20ac1000 00000000`00010212 :
nt!ViMmMapLockedPagesSanityChecks+0xab`
ffffac80\36fc6000 fffff80b`18d17a70 : 00000000`00000008
00007ffa`20ac1000 00007ffa`20ac1000 ffff8282`c47ecfc0 :
nt!VerifierMmMapLockedPagesSpecifyCache+0x33`
ffffac80\36fc6050 00000000`00000008 : 00007ffa`20ac1000 00007ffa`20ac1000 ffff8282`c47ecfc0 00000000`00000000 : cphost+0x7a70`
ffffac80\36fc6058 00007ffa`20ac1000 : 00007ffa`20ac1000 ffff8282`c47ecfc0 00000000`00000000 00007ffa`00000020 : 0x8`
ffffac80\36fc6060 00007ffa`20ac1000 : ffff8282`c47ecfc0 00000000`00000000 00007ffa`00000020 ffff8282`c47ecfc0 : 0x00007ffa`20ac1000`
ffffac80\36fc6068 ffff8282`c47ecfc0 : 00000000`00000000 00007ffa`00000020 ffff8282`c47ecfc0 fffff80b`18d17ccd : 0x00007ffa`20ac1000`
ffffac80\36fc6070 00000000`00000000 : 00007ffa`00000020 ffff8282`c47ecfc0 fffff80b`18d17ccd 00000000`00000030 : 0xffff8282`c47ecfc0`
THREAD_SHA1_HASH_MOD_FUNC: a98ab46015b55bdd5ccdb48dd9e250f2ee52e1bb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0b4edc7900c84fb46fe817e5f82cc6a5878c573b
THREAD_SHA1_HASH_MOD: 4933b03edc3270fc59d6bf97c7a42d9607fbddb5
FOLLOWUP_IP:
cphost+7a70
fffff80b\18d17a70 488bd8 mov rbx,rax`
FAULT_INSTR_CODE: bad88b48
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: cphost+7a70
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cphost
IMAGE_NAME: cphost.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c872cd9
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 7a70
FAILURE_BUCKET_ID: 0xc4_b2_VRF_cphost!unknown_function
BUCKET_ID: 0xc4_b2_VRF_cphost!unknown_function
PRIMARY_PROBLEM_CLASS: 0xc4_b2_VRF_cphost!unknown_function
TARGET_TIME: 2019-04-02T12:17:02.000Z
OSBUILD: 14393
OSSERVICEPACK: 2879
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-03-14 06:46:51
BUILDDATESTAMP_STR: 190313-1855
BUILDLAB_STR: rs1_release_inmarket
BUILDOSVER_STR: 10.0.14393.2879.amd64fre.rs1_release_inmarket.190313-1855
ANALYSIS_SESSION_ELAPSED_TIME: 27f2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc4_b2_vrf_cphost!unknown_function
FAILURE_ID_HASH: {e3a58ba2-951d-0482-448d-2ebe7273483d}
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000b2, MmMapLockedPages called on an MDL having incorrect flags.
`For example, calling MmMapLockedPages for an MDL`
`that is already mapped to a system address is incorrect.`
Arg2: ffff8282c47ecfc0, MDL address.
Arg3: 0000000000000004, MDL flags.
Arg4: 0000000000000004, Incorrect MDL flags.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.2879.amd64fre.rs1_release_inmarket.190313-1855
DUMP_TYPE: 2
BUGCHECK_P1: b2
BUGCHECK_P2: ffff8282c47ecfc0
BUGCHECK_P3: 4
BUGCHECK_P4: 4
BUGCHECK_STR: 0xc4_b2
CPU_COUNT: 10
CPU_MHZ: e74
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: ZS-PREDMIER
ANALYSIS_SESSION_TIME: 04-02-2019 14:37:01.0824
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff803cbd7d360 to fffff803cb7d1950
STACK_TEXT:
ffffac80\36fc5f78 fffff803`cbd7d360 : 00000000`000000c4 00000000`000000b2 ffff8282`c47ecfc0 00000000`00000004 : nt!KeBugCheckEx`
ffffac80\36fc5f80 fffff803`cbd8d8df : 00000000`00000008 0250000f`c08c6025 ffff87c3`dffe8828 ffff87c3`e1efff40 : nt!VerifierBugCheckIfAppropriate+0x48`
ffffac80\36fc5fc0 fffff803`cbd8d0cf : ffff8282`c47ecfc0 ffff6ea3`6ae4d420 00007ffa`20ac1000 00000000`00010212 : nt!ViMmMapLockedPagesSanityChecks+0xab`
ffffac80\36fc6000 fffff80b`18d17a70 : 00000000`00000008 00007ffa`20ac1000 00007ffa`20ac1000 ffff8282`c47ecfc0 : nt!VerifierMmMapLockedPagesSpecifyCache+0x33`
ffffac80\36fc6050 00000000`00000008 : 00007ffa`20ac1000 00007ffa`20ac1000 ffff8282`c47ecfc0 00000000`00000000 : cphost+0x7a70`
ffffac80\36fc6058 00007ffa`20ac1000 : 00007ffa`20ac1000 ffff8282`c47ecfc0 00000000`00000000 00007ffa`00000020 : 0x8`
ffffac80\36fc6060 00007ffa`20ac1000 : ffff8282`c47ecfc0 00000000`00000000 00007ffa`00000020 ffff8282`c47ecfc0 : 0x00007ffa`20ac1000`
ffffac80\36fc6068 ffff8282`c47ecfc0 : 00000000`00000000 00007ffa`00000020 ffff8282`c47ecfc0 fffff80b`18d17ccd : 0x00007ffa`20ac1000`
ffffac80\36fc6070 00000000`00000000 : 00007ffa`00000020 ffff8282`c47ecfc0 fffff80b`18d17ccd 00000000`00000030 : 0xffff8282`c47ecfc0`
THREAD_SHA1_HASH_MOD_FUNC: a98ab46015b55bdd5ccdb48dd9e250f2ee52e1bb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0b4edc7900c84fb46fe817e5f82cc6a5878c573b
THREAD_SHA1_HASH_MOD: 4933b03edc3270fc59d6bf97c7a42d9607fbddb5
FOLLOWUP_IP:
cphost+7a70
fffff80b\18d17a70 488bd8 mov rbx,rax`
FAULT_INSTR_CODE: bad88b48
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: cphost+7a70
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cphost
IMAGE_NAME: cphost.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c872cd9
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 7a70
FAILURE_BUCKET_ID: 0xc4_b2_VRF_cphost!unknown_function
BUCKET_ID: 0xc4_b2_VRF_cphost!unknown_function
PRIMARY_PROBLEM_CLASS: 0xc4_b2_VRF_cphost!unknown_function
TARGET_TIME: 2019-04-02T12:17:02.000Z
OSBUILD: 14393
OSSERVICEPACK: 2879
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-03-14 06:46:51
BUILDDATESTAMP_STR: 190313-1855
BUILDLAB_STR: rs1_release_inmarket
BUILDOSVER_STR: 10.0.14393.2879.amd64fre.rs1_release_inmarket.190313-1855
ANALYSIS_SESSION_ELAPSED_TIME: 262d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc4_b2_vrf_cphost!unknown_function
FAILURE_ID_HASH: {e3a58ba2-951d-0482-448d-2ebe7273483d}
Followup: MachineOwner
---------
Last edited:
