pastebin - collaborative debugging tool
nrubsig.kpaste.net RSS


crash with Defender and global mount
Posted by Anonymous on Mon 16th Mar 2026 16:38
raw | new post

  1. # crash with Defender and global mount
  2. ************* Preparing the environment for Debugger Extensions Gallery repositories **************
  3.    ExtensionRepository : Implicit
  4.    UseExperimentalFeatureForNugetShare : true
  5.    AllowNugetExeUpdate : true
  6.    NonInteractiveNuget : true
  7.    AllowNugetMSCredentialProviderInstall : true
  8.    AllowParallelInitializationOfLocalRepositories : true
  9.  
  10.    EnableRedirectToV8JsProvider : false
  11.  
  12.    -- Configuring repositories
  13.       ----> Repository : LocalInstalled, Enabled: true
  14.       ----> Repository : UserExtensions, Enabled: true
  15.  
  16. >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.062 seconds
  17.  
  18. ************* Waiting for Debugger Extensions Gallery to Initialize **************
  19.  
  20. >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.047 seconds
  21.    ----> Repository : UserExtensions, Enabled: true, Packages count: 0
  22.    ----> Repository : LocalInstalled, Enabled: true, Packages count: 29
  23.  
  24. Microsoft (R) Windows Debugger Version 10.0.26100.1591 AMD64
  25. Copyright (c) Microsoft Corporation. All rights reserved.
  26.  
  27.  
  28. Loading Dump File [C:\Windows\MEMORY.DMP]
  29. Kernel Bitmap Dump File: Active memory is available
  30.  
  31. Primary dump contents written successfully
  32.  
  33. Symbol search path is: srv*
  34. Executable search path is:
  35. Windows 10 Kernel Version 26100 MP (6 procs) Free x64
  36. Product: WinNt, suite: TerminalServer SingleUserTS
  37. Edition build lab: 26100.1.amd64fre.ge_release.240331-1435
  38. Kernel base = 0xfffff800`82400000 PsLoadedModuleList = 0xfffff800`832f4fc0
  39. Debug session time: Mon Mar 16 17:30:14.694 2026 (UTC + 1:00)
  40. System Uptime: 0 days 0:11:00.127
  41. Loading Kernel Symbols
  42. ...............................................................
  43. ................................................................
  44. ................................................................
  45. ..............
  46. Loading User Symbols
  47. ................................................................
  48. ...........................................
  49. Loading unloaded module list
  50. ........................................................................
  51. For analysis of this file, run !analyze -v
  52. 4: kd> !analyze -v
  53. *******************************************************************************
  54. *                                                                             *
  55. *                        Bugcheck Analysis                                    *
  56. *                                                                             *
  57. *******************************************************************************
  58.  
  59. MEMORY_MANAGEMENT (1a)
  60.     # Any other values for parameter 1 must be individually examined.
  61. Arguments:
  62. Arg1: 0000000000041791, The subtype of the BugCheck.
  63. Arg2: ffffbf0003601260
  64. Arg3: ffff8080abe6d708
  65. Arg4: 200000000020d2c7
  66.  
  67. Debugging Details:
  68. ------------------
  69.  
  70.  
  71. KEY_VALUES_STRING: 1
  72.  
  73.     Key  : Analysis.CPU.mSec
  74.     Value: 7139
  75.  
  76.     Key  : Analysis.Elapsed.mSec
  77.     Value: 37292
  78.  
  79.     Key  : Analysis.IO.Other.Mb
  80.     Value: 26
  81.  
  82.     Key  : Analysis.IO.Read.Mb
  83.     Value: 0
  84.  
  85.     Key  : Analysis.IO.Write.Mb
  86.     Value: 111
  87.  
  88.     Key  : Analysis.Init.CPU.mSec
  89.     Value: 3046
  90.  
  91.     Key  : Analysis.Init.Elapsed.mSec
  92.     Value: 25645
  93.  
  94.     Key  : Analysis.Memory.CommitPeak.Mb
  95.     Value: 201
  96.  
  97.     Key  : Bugcheck.Code.KiBugCheckData
  98.     Value: 0x1a
  99.  
  100.     Key  : Bugcheck.Code.LegacyAPI
  101.     Value: 0x1a
  102.  
  103.     Key  : Dump.Attributes.AsUlong
  104.     Value: 21040
  105.  
  106.     Key  : Dump.Attributes.DiagDataWrittenToHeader
  107.     Value: 1
  108.  
  109.     Key  : Dump.Attributes.ErrorCode
  110.     Value: 0
  111.  
  112.     Key  : Dump.Attributes.FilterDumpFile
  113.     Value: 1
  114.  
  115.     Key  : Dump.Attributes.LastLine
  116.     Value: Dump completed successfully.
  117.  
  118.     Key  : Dump.Attributes.ProgressPercentage
  119.     Value: 100
  120.  
  121.     Key  : Failure.Bucket
  122.     Value: 0x1a_41791_ntdll!NtReadVirtualMemoryEx
  123.  
  124.     Key  : Failure.Hash
  125.     Value: {abc0be70-0937-b2c3-2815-bc87094da565}
  126.  
  127.     Key  : Hypervisor.Enlightenments.Value
  128.     Value: 12576
  129.  
  130.     Key  : Hypervisor.Enlightenments.ValueHex
  131.     Value: 3120
  132.  
  133.     Key  : Hypervisor.Flags.AnyHypervisorPresent
  134.     Value: 1
  135.  
  136.     Key  : Hypervisor.Flags.ApicEnlightened
  137.     Value: 0
  138.  
  139.     Key  : Hypervisor.Flags.ApicVirtualizationAvailable
  140.     Value: 0
  141.  
  142.     Key  : Hypervisor.Flags.AsyncMemoryHint
  143.     Value: 0
  144.  
  145.     Key  : Hypervisor.Flags.CoreSchedulerRequested
  146.     Value: 0
  147.  
  148.     Key  : Hypervisor.Flags.CpuManager
  149.     Value: 0
  150.  
  151.     Key  : Hypervisor.Flags.DeprecateAutoEoi
  152.     Value: 1
  153.  
  154.     Key  : Hypervisor.Flags.DynamicCpuDisabled
  155.     Value: 0
  156.  
  157.     Key  : Hypervisor.Flags.Epf
  158.     Value: 0
  159.  
  160.     Key  : Hypervisor.Flags.ExtendedProcessorMasks
  161.     Value: 0
  162.  
  163.     Key  : Hypervisor.Flags.HardwareMbecAvailable
  164.     Value: 0
  165.  
  166.     Key  : Hypervisor.Flags.MaxBankNumber
  167.     Value: 0
  168.  
  169.     Key  : Hypervisor.Flags.MemoryZeroingControl
  170.     Value: 0
  171.  
  172.     Key  : Hypervisor.Flags.NoExtendedRangeFlush
  173.     Value: 1
  174.  
  175.     Key  : Hypervisor.Flags.NoNonArchCoreSharing
  176.     Value: 0
  177.  
  178.     Key  : Hypervisor.Flags.Phase0InitDone
  179.     Value: 1
  180.  
  181.     Key  : Hypervisor.Flags.PowerSchedulerQos
  182.     Value: 0
  183.  
  184.     Key  : Hypervisor.Flags.RootScheduler
  185.     Value: 0
  186.  
  187.     Key  : Hypervisor.Flags.SynicAvailable
  188.     Value: 1
  189.  
  190.     Key  : Hypervisor.Flags.UseQpcBias
  191.     Value: 0
  192.  
  193.     Key  : Hypervisor.Flags.Value
  194.     Value: 536632
  195.  
  196.     Key  : Hypervisor.Flags.ValueHex
  197.     Value: 83038
  198.  
  199.     Key  : Hypervisor.Flags.VpAssistPage
  200.     Value: 1
  201.  
  202.     Key  : Hypervisor.Flags.VsmAvailable
  203.     Value: 0
  204.  
  205.     Key  : Hypervisor.RootFlags.AccessStats
  206.     Value: 0
  207.  
  208.     Key  : Hypervisor.RootFlags.CrashdumpEnlightened
  209.     Value: 0
  210.  
  211.     Key  : Hypervisor.RootFlags.CreateVirtualProcessor
  212.     Value: 0
  213.  
  214.     Key  : Hypervisor.RootFlags.DisableHyperthreading
  215.     Value: 0
  216.  
  217.     Key  : Hypervisor.RootFlags.HostTimelineSync
  218.     Value: 0
  219.  
  220.     Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
  221.     Value: 0
  222.  
  223.     Key  : Hypervisor.RootFlags.IsHyperV
  224.     Value: 0
  225.  
  226.     Key  : Hypervisor.RootFlags.LivedumpEnlightened
  227.     Value: 0
  228.  
  229.     Key  : Hypervisor.RootFlags.MapDeviceInterrupt
  230.     Value: 0
  231.  
  232.     Key  : Hypervisor.RootFlags.MceEnlightened
  233.     Value: 0
  234.  
  235.     Key  : Hypervisor.RootFlags.Nested
  236.     Value: 0
  237.  
  238.     Key  : Hypervisor.RootFlags.StartLogicalProcessor
  239.     Value: 0
  240.  
  241.     Key  : Hypervisor.RootFlags.Value
  242.     Value: 0
  243.  
  244.     Key  : Hypervisor.RootFlags.ValueHex
  245.     Value: 0
  246.  
  247.     Key  : SecureKernel.HalpHvciEnabled
  248.     Value: 0
  249.  
  250.     Key  : WER.OS.Branch
  251.     Value: ge_release
  252.  
  253.     Key  : WER.OS.Version
  254.     Value: 10.0.26100.1
  255.  
  256.  
  257. BUGCHECK_CODE:  1a
  258.  
  259. BUGCHECK_P1: 41791
  260.  
  261. BUGCHECK_P2: ffffbf0003601260
  262.  
  263. BUGCHECK_P3: ffff8080abe6d708
  264.  
  265. BUGCHECK_P4: 200000000020d2c7
  266.  
  267. FILE_IN_CAB:  MEMORY.DMP
  268.  
  269. DUMP_FILE_ATTRIBUTES: 0x21040
  270.   Filter Dump
  271.  
  272. BLACKBOXBSD: 1 (!blackboxbsd)
  273.  
  274.  
  275. BLACKBOXNTFS: 1 (!blackboxntfs)
  276.  
  277.  
  278. BLACKBOXPNP: 1 (!blackboxpnp)
  279.  
  280.  
  281. BLACKBOXWINLOGON: 1
  282.  
  283. PROCESS_NAME:  MsMpEng.exe
  284.  
  285. STACK_TEXT:  
  286. ffff9903`71179478 fffff800`827a8932     : 00000000`0000001a 00000000`00041791 ffffbf00`03601260 ffff8080`abe6d708 : nt!KeBugCheckEx
  287. ffff9903`71179480 fffff800`8261b738     : 00000000`00000013 ffff9903`71179b60 00000000`00000001 00000000`00000000 : nt!MiUnlockPageTableCharges+0xf2
  288. ffff9903`711794e0 fffff800`82da9f53     : ffff9903`71179690 00000000`00000002 ffff9903`71179b60 00000000`00120062 : nt!MmUnlockPages+0x378
  289. ffff9903`71179570 fffff800`82da93c0     : 00000000`000014d4 0000001f`00000010 ffffe383`cc690600 00000000`00000001 : nt!MiCopyVirtualMemory+0x6f3
  290. ffff9903`71179990 fffff800`8286ffd3     : ffffe383`d7bec080 00000195`d6590000 00000158`1a776040 0000001f`ed9fd518 : nt!MiReadWriteVirtualMemory+0x1d0
  291. ffff9903`71179a20 fffff800`82ab5755     : ffff9903`71179b60 00000158`19e9bc00 ffff9903`71179b60 00000000`00000002 : nt!NtReadVirtualMemoryEx+0x23
  292. ffff9903`71179a70 00007ffa`9b464a94     : 00007ffa`2c4216a5 00000158`19e9bc00 00000000`7ffe9000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  293. 0000001f`ed9fd4f8 00007ffa`2c4216a5     : 00000158`19e9bc00 00000000`7ffe9000 00000000`00000000 00000000`0000100c : ntdll!NtReadVirtualMemoryEx+0x14
  294. 0000001f`ed9fd500 00007ffa`2c091a7d     : 00000158`1a777040 00000158`19e9bc00 00000158`19e9bc00 00000000`00000001 : mpengine!ReadProcessMemoryInternal+0xb5
  295. 0000001f`ed9fd590 00007ffa`2c090995     : 00000158`19e0ed80 00000000`00000000 00000158`19e9bc00 00000000`00000100 : mpengine!CSMSProcess::ScanRange+0x11d
  296. 0000001f`ed9fd660 00007ffa`2c1ca6e4     : 00000000`00000008 00000000`00000008 00000000`00000000 00000158`19e9bc00 : mpengine!CSMSProcess::Scan1Worker+0x2e5
  297. 0000001f`ed9fd720 00007ffa`2c1c92d0     : 00000158`19e9bc00 00000000`00000000 0000001f`00000000 00000000`000018ac : mpengine!CSMSProcess::Scan+0x460
  298. 0000001f`ed9fd830 00007ffa`2c6b6614     : 00000158`0d8cf480 00000158`1a429890 00007ffa`2cadf498 00000000`000014d4 : mpengine!CEMSContext::EmsScan+0x350
  299. 0000001f`ed9fd930 00007ffa`2c6b6cca     : 00000000`00000000 00000157`d580a830 00000157`d580a8d0 00000000`00000000 : mpengine!RunEMS+0x460
  300. 0000001f`ed9fdac0 00007ffa`2c6b6707     : 00000000`00000170 00007ffa`2c1229fc 00000000`00000000 00000157`951d16fe : mpengine!CResmgrems::ScanImpl+0x23e
  301. 0000001f`ed9fdba0 00007ffa`2c11822c     : 00000000`00000000 00000000`00000000 00000000`0000008e 00000000`00000000 : mpengine!CResmgrems::Scan+0x17
  302. 0000001f`ed9fdcf0 00007ffa`2c125183     : 00000158`174b3b90 0000001f`ed9fdfe0 00000000`00000000 00000158`0d8cf480 : mpengine!ResmgrProcessResource+0x230
  303. 0000001f`ed9fdea0 00007ffa`2c1103be     : 00000158`1a6fe130 00000000`00000000 00000000`00000000 00000158`1a6fe130 : mpengine!ResScan+0xa17
  304. 0000001f`ed9fe2f0 00007ffa`2c10c7f9     : 00000157`e0fd6de0 00000000`00000000 00000158`1a6fe130 00007ffa`2cd45200 : mpengine!ScanOpenWithContext+0x74a
  305. 0000001f`ed9fe700 00007ffa`2c1c0080     : 00000000`00000000 00000000`00000078 00000157`e0fd6de0 00000000`0000800c : mpengine!UberScanOpen+0x1c9
  306. 0000001f`ed9fe820 00007ffa`2c1be2d5     : 00007ffa`9b47944c 00000000`00000000 00000000`00000000 00007ffa`9b478058 : mpengine!ksignal+0xdd0
  307. 0000001f`ed9feac0 00007ffa`86237fe1     : 00000000`00000000 00000000`00000078 00000157`e0ff9b80 00007ffa`86370ea7 : mpengine!DispatchSignalOnHandle+0xdd
  308. 0000001f`ed9ff2c0 00007ffa`86260eee     : 00000000`ffffffff 00007ffa`863161d8 00000000`00001174 00000000`ffffffff : mpsvc!rsignal_wrapper+0x1f1
  309. 0000001f`ed9ff380 00007ffa`862814ce     : 00000158`0eb0eb00 00000158`0eb0eb00 00000157`b81cb240 00007ffa`8664a8f8 : mpsvc!OnDemandScanWorker+0x5de
  310. 0000001f`ed9ff410 00007ffa`863220b3     : 00000000`00000000 00000158`0eb0eb00 00000157`b81c4d60 00007ffa`9b35b785 : mpsvc!MpService::CMpSvcScanWorkItem::Run+0xca
  311. 0000001f`ed9ff480 00007ffa`86324a6d     : 00000000`00000001 00007ffa`9b3d9110 00000158`0eb0eb00 00000158`0eb0eb10 : mpsvc!MpService::CMpSvcScansQueue::Dispatch+0x33
  312. 0000001f`ed9ff4c0 00007ffa`85baed48     : 00000000`00000000 0000001f`ed9ff8a8 00000000`00000006 0000001f`ed9ff508 : mpsvc!MpService::CMpSvcScanWorkItem::OnAction+0x1d
  313. 0000001f`ed9ff4f0 00007ffa`85baec33     : 00000157`b81cb240 00000157`b81cb250 0000001f`ed9ff548 00000157`b81cb240 : MpClient!CommonUtil::CMpSimpleThreadPool::Call+0x5c
  314. 0000001f`ed9ff540 00007ffa`9b375370     : 0000001f`ed9ff8a8 0000001f`ed9ff6b0 00000000`7ffe0386 00007ffa`9b31cc64 : MpClient!CommonUtil::CMpSimpleThreadPool::AsyncDequeue+0xdf
  315. 0000001f`ed9ff5b0 00007ffa`9b3763c1     : 00000000`00000000 00000000`00000001 00007ffa`9b3d8280 00000000`00000000 : ntdll!TppWorkpExecuteCallback+0x4d0
  316. 0000001f`ed9ff710 00007ffa`9ab8e8d7     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x801
  317. 0000001f`ed9ffa70 00007ffa`9b38c53c     : 00000000`00000000 00000000`00000000 000004f0`fffffb30 000004d0`fffffb30 : KERNEL32!BaseThreadInitThunk+0x17
  318. 0000001f`ed9ffaa0 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x2c
  319.  
  320.  
  321. SYMBOL_NAME:  ntdll!NtReadVirtualMemoryEx+14
  322.  
  323. MODULE_NAME: ntdll
  324.  
  325. IMAGE_NAME:  ntdll.dll
  326.  
  327. IMAGE_VERSION:  10.0.26100.7623
  328.  
  329. STACK_COMMAND:  .cxr; .ecxr ; kb
  330.  
  331. BUCKET_ID_FUNC_OFFSET:  14
  332.  
  333. FAILURE_BUCKET_ID:  0x1a_41791_ntdll!NtReadVirtualMemoryEx
  334.  
  335. OS_VERSION:  10.0.26100.1
  336.  
  337. BUILDLAB_STR:  ge_release
  338.  
  339. OSPLATFORM_TYPE:  x64
  340.  
  341. OSNAME:  Windows 10
  342.  
  343. FAILURE_ID_HASH:  {abc0be70-0937-b2c3-2815-bc87094da565}
  344.  
  345. Followup:     MachineOwner
  346. ---------

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at