cancel
Showing results for 
Search instead for 
Did you mean: 

VSE 8.8 P13 BSOD mfeavfk.sys

This week we started experiencing issues on our HP Elitebook 840 G5 systems where they blue screen upon being scanned by our Tenable scanner.  We never experienced the issue before.  We're not certain if the issue is related to the November cumulative updates which were just applied to our Windows 10 1809 systems or if the issue is related to a Tenable or McAfee issue.  The issue does not happen on all 840 systems that get scanned, but a good number of them have experienced the problem.  We can't find any commonality in software, firmware, etc among the systems.  Debug analysis is below.  Any insight you might be able to provide is appreciated.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffdb0f75aa2ffa, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8072e1350b6, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER: HP

SYSTEM_PRODUCT_NAME: HP EliteBook 840 G5

SYSTEM_SKU: 2WJ55AV

BIOS_VENDOR: HP

BIOS_VERSION: Q78 Ver. 01.03.00

BIOS_DATE: 07/18/2018

BASEBOARD_MANUFACTURER: HP

BASEBOARD_PRODUCT: 83B2

BASEBOARD_VERSION: KBC Version 04.53.00

DUMP_TYPE: 1

BUGCHECK_P1: ffffdb0f75aa2ffa

BUGCHECK_P2: 0

BUGCHECK_P3: fffff8072e1350b6

BUGCHECK_P4: 0

READ_ADDRESS: ffffdb0f75aa2ffa Paged pool

FAULTING_IP:
mfeavfk+450b6
fffff807`2e1350b6 488b440a08 mov rax,qword ptr [rdx+rcx+8]

MM_INTERNAL_CODE: 0

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAULTING_MODULE: fffff8072e0f0000 mfeavfk

CPU_COUNT: 8

CPU_MHZ: 768

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 8e

CPU_STEPPING: a

CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: AV

PROCESS_NAME: System

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: PN0000045040

ANALYSIS_SESSION_TIME: 11-20-2019 09:33:58.0502

ANALYSIS_VERSION: 10.0.16299.91 x86fre

TRAP_FRAME: ffff8287e6985640 -- (.trap 0xffff8287e6985640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff000000000003 rbx=0000000000000000 rcx=ffffdb0f76445790
rdx=ffffffffff65d862 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8072e1350b6 rsp=ffff8287e69857d8 rbp=ffffdb0f76444000
r8=000000000000a002 r9=00000000000000a7 r10=1000000000000001
r11=ffffdb0f764442ce r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
mfeavfk+0x450b6:
fffff807`2e1350b6 488b440a08 mov rax,qword ptr [rdx+rcx+8] ds:ffffdb0f`75aa2ffa=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff807301fe51c to fffff807301bd9c0

STACK_TEXT:
ffff8287`e6985358 fffff807`301fe51c : 00000000`00000050 ffffdb0f`75aa2ffa 00000000`00000000 ffff8287`e6985640 : nt!KeBugCheckEx
ffff8287`e6985360 fffff807`3009cb36 : ffffebf5`f6c3dd90 ffff8000`00000000 ffffb502`dcbdf700 ffffdb0f`75aa2ffa : nt!MiSystemFault+0x19376c
ffff8287`e69854a0 fffff807`301cb4c9 : ffff8287`e69856c0 ffffb502`d9a36348 ffffb502`dcbdf700 00000000`00000fff : nt!MmAccessFault+0x1a6
ffff8287`e6985640 fffff807`2e1350b6 : fffff807`2e104324 00000000`0000a2d2 ffffb502`dcbdf700 ffffb502`d007b060 : nt!KiPageFault+0x349
ffff8287`e69857d8 fffff807`2e104324 : 00000000`0000a2d2 ffffb502`dcbdf700 ffffb502`d007b060 00000000`00000000 : mfeavfk+0x450b6
ffff8287`e69857e0 fffff807`2e104c01 : fffff807`2e13f000 00000000`ffffffff 00000000`00000000 fffff807`00000000 : mfeavfk+0x14324
ffff8287`e69859a0 fffff807`2e104ed4 : fffff807`2e104f20 ffffb502`d9a36348 ffffb502`d5318d40 00000000`00000000 : mfeavfk+0x14c01
ffff8287`e6985ac0 fffff807`3005f9d5 : 00000000`00000080 ffffb502`d6431080 fffff807`2e104f20 000024ed`bd9bbfff : mfeavfk+0x14ed4
ffff8287`e6985b10 fffff807`301c4e3c : ffffc801`5a843180 ffffb502`d6431080 fffff807`3005f980 0000006e`6f697372 : nt!PspSystemThreadStartup+0x55
ffff8287`e6985b60 00000000`00000000 : ffff8287`e6986000 ffff8287`e697f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c


CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8073000ada7-fffff8073000ada9 3 bytes - nt!ST_STORE<SM_TRAITS>::StDmInitialize+26b
[ 1f 44 00:25 c8 a6 ]
fffff8073000afae-fffff8073000afb0 3 bytes - nt!StLcInitialize+2a (+0x207)
[ 1f 44 00:1e c6 a6 ]
fffff8073000c546-fffff8073000c548 3 bytes - nt!StEtaStart+36 (+0x1598)
[ 1f 44 00:86 b0 a6 ]
fffff8073001040c-fffff8073001040e 3 bytes - nt!KiUnstackDetachProcess+1bc (+0x3ec6)
[ 1f 44 00:d0 80 a6 ]
fffff80730014628-fffff8073001462a 3 bytes - nt!PopGetIdleTimesCallback+88 (+0x421c)
[ 1f 44 00:a4 2f a6 ]
fffff80730014e83-fffff80730014e85 3 bytes - nt!KiIntRedirectQueueRequestOnProcessor+5b (+0x85b)
[ 1f 44 00:d9 3f a6 ]
fffff8073001a635-fffff8073001a637 3 bytes - nt!MiAllocateContiguousMemory+59 (+0x57b2)
[ 1f 44 00:97 cf a5 ]
fffff8073001dfd0-fffff8073001dfd2 3 bytes - nt!KeQueryUnbiasedInterruptTimePrecise+70 (+0x399b)
[ 1f 44 00:fc 95 a5 ]
fffff8073001fc54-fffff8073001fc56 3 bytes - nt!KeQuerySchedulingGroupHistory+70 (+0x1c84)
[ 1f 44 00:78 79 a5 ]
fffff80730020c41-fffff80730020c43 3 bytes - nt!KiCheckForKernelApcDelivery+61 (+0xfed)
[ 1f 44 00:9b 78 a5 ]
fffff80730020cea-fffff80730020cec 3 bytes - nt!KiRequestSoftwareInterrupt+22 (+0xa9)
[ 1f 44 00:f2 77 a5 ]
fffff8073003c4aa-fffff8073003c4ac 3 bytes - nt!KeQueryInterruptTimePrecise+5a (+0x1b7c0)
[ 1f 44 00:22 b1 a3 ]
fffff8073003fe9e-fffff8073003fea0 3 bytes - nt!EtwpGetSystemTime+6e (+0x39f4)
[ 1f 44 00:2e 77 a3 ]
fffff80730042574-fffff80730042576 3 bytes - nt!PpmPerfApplyDomainState+674 (+0x26d6)
[ 1f 44 00:58 50 a3 ]
fffff80730044ff7-fffff80730044ff9 3 bytes - nt!KeInsertSchedulingGroup+4b (+0x2a83)
[ 1f 44 00:d5 25 a3 ]
fffff8073004569d-fffff8073004569f 3 bytes - nt!KiUpdateCpuTargetByWeight+17d (+0x6a6)
[ 1f 44 00:2f 1f a3 ]
fffff80730045986-fffff80730045988 3 bytes - nt!KiUpdateCpuTargetByRate+182 (+0x2e9)
[ 1f 44 00:46 1c a3 ]
fffff80730046ddb-fffff80730046ddd 3 bytes - nt!KiUpdateTimeAssist+43 (+0x1455)
[ 1f 44 00:f1 07 a3 ]
fffff807300470cb-fffff807300470cd 3 bytes - nt!KiSendSoftwareInterrupt+1b (+0x2f0)
[ 1f 44 00:d1 07 a3 ]
fffff8073004bcaa-fffff8073004bcac 3 bytes - nt!KiSendClockInterruptToClockOwner+52 (+0x4bdf)
[ 1f 44 00:e2 c2 a2 ]
fffff8073004c095-fffff8073004c097 3 bytes - nt!KiSetClockTickRate+105 (+0x3eb)
[ 1f 44 00:37 b5 a2 ]
fffff8073004f37e-fffff8073004f380 3 bytes - nt!EtwpGetPerfCounter+e (+0x32e9)
[ 1f 44 00:4e 82 a2 ]
fffff807300645a1-fffff807300645a3 3 bytes - nt!RtlGetMultiTimePrecise+109 (+0x15223)
[ 1f 44 00:2b 30 a1 ]
fffff8073006966c-fffff8073006966e 3 bytes - nt!CmpLoadKeyCommon+270 (+0x50cb)
[ 1f 44 00:90 ca e4 ]
fffff80730072723-fffff80730072725 3 bytes - nt!KiSignalThreadForApc+14f (+0x90b7)
[ 1f 44 00:b9 5d a0 ]
fffff807300b7966-fffff807300b7968 3 bytes - nt!KiInsertQueueDpc+366 (+0x45243)
[ 1f 44 00:36 ff 9b ]
fffff807300b7979-fffff807300b797b 3 bytes - nt!KiInsertQueueDpc+379 (+0x13)
[ 1f 44 00:63 0b 9c ]
fffff807300b8d32-fffff807300b8d34 3 bytes - nt!KiForwardTick+372 (+0x13b9)
[ 1f 44 00:5a f2 9b ]
fffff807300b937f-fffff807300b9381 3 bytes - nt!PpmSnapPerformanceAccumulation+5f (+0x64d)
[ 1f 44 00:4d e2 9b ]
fffff807300b9557-fffff807300b9559 3 bytes - nt!PpmSnapPerformanceAccumulation+237 (+0x1d8)
[ 1f 44 00:75 e0 9b ]
fffff807300ba02e-fffff807300ba030 3 bytes - nt!KeClockInterruptNotify+23e (+0xad7)
[ 1f 44 00:9e d5 9b ]
fffff807300bba3e-fffff807300bba40 3 bytes - nt!PoIdle+40e (+0x1a10)
[ 1f 44 00:8e cb 9b ]
fffff807300bbabf-fffff807300bbac1 3 bytes - nt!PoIdle+48f (+0x81)
[ 1f 44 00:fd 3e 9d ]
fffff807300bc272-fffff807300bc274 3 bytes - nt!PpmIdleExecuteTransition+772 (+0x7b3)
[ 1f 44 00:5a b3 9b ]
fffff807300bc7ef-fffff807300bc7f1 3 bytes - nt!PpmIdlePrepare+ef (+0x57d)
[ 1f 44 00:dd ad 9b ]
fffff807300bdba2-fffff807300bdba4 3 bytes - nt!KiCheckForTimerExpiration+272 (+0x13b3)
[ 1f 44 00:3a a9 9b ]
fffff807300bee56-fffff807300bee58 3 bytes - nt!PpmParkSteerInterrupts+446 (+0x12b4)
[ 1f 44 00:c6 e0 9b ]
fffff807300c011a-fffff807300c011c 3 bytes - nt!PpmIdleSnapConcurrency+2a (+0x12c4)
[ 1f 44 00:b2 74 9b ]
fffff807300f487d-fffff807300f487f 3 bytes - nt!KiRetireDpcList+3dd (+0x34763)
[ 1f 44 00:4f 2d 98 ]
fffff807300f691e-fffff807300f6920 3 bytes - nt!KiDetachProcess+28e (+0x20a1)
[ 1f 44 00:be 1b 98 ]
fffff807300fefc5-fffff807300fefc7 3 bytes - nt!IopfCompleteRequest+1805 (+0x86a7)
[ 1f 44 00:d7 88 97 ]
fffff807301005b0-fffff807301005b2 3 bytes - nt!KiDeferredReadyThread+b50 (+0x15eb)
[ 1f 44 00:ec 72 97 ]
fffff807301009a7-fffff807301009a9 3 bytes - nt!KiDeferredReadyThread+f47 (+0x3f7)
[ 1f 44 00:f5 6e 97 ]
fffff80730101e56-fffff80730101e58 3 bytes - nt!KiDirectSwitchThread+556 (+0x14af)
[ 1f 44 00:86 66 97 ]
fffff80730104200-fffff80730104202 3 bytes - nt!KiStartThreadCycleAccumulation+110 (+0x23aa)
[ 1f 44 00:dc 42 97 ]
fffff80730130200-fffff80730130202 3 bytes - nt!RtlGetSystemTimePrecise+70 (+0x2c000)
[ 1f 44 00:cc 73 94 ]
fffff80730141176-fffff80730141178 3 bytes - nt!MiAllocatePagesForMdl+5e (+0x10f76)
[ 1f 44 00:56 64 93 ]
fffff80730149006-fffff80730149008 3 bytes - nt!KeRebaselineInterruptTime+e (+0x7e90)
[ 1f 44 00:c6 e5 92 ]
fffff80730155d6a-fffff80730155d6c 3 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8a (+0xcd64)
[ 1f 44 00:62 18 92 ]
fffff80730155d8e-fffff80730155d90 3 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+ae (+0x24)
[ 1f 44 00:3e 18 92 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
fffff80730544788-fffff8073054478a 3 bytes - nt!_guard_check_icall_fptr
[ 30 b1 17:70 61 1c ]
fffff80730544790-fffff80730544792 3 bytes - nt!_guard_dispatch_icall_fptr (+0x08)
[ b0 9c 1b:c0 61 1c ]
fffff8073056cba7-fffff8073056cba9 3 bytes - nt!ExUpdateSystemTimeFromCmos+3b
[ 1f 44 00:b5 37 51 ]
fffff8073056d8de-fffff8073056d8e0 3 bytes - nt!PopTransitionSystemPowerStateEx+b6a (+0xd37)
[ 1f 44 00:ee 9c 50 ]
fffff8073056db0b-fffff8073056db0d 3 bytes - nt!PopTransitionSystemPowerStateEx+d97 (+0x22d)
[ 1f 44 00:c1 9a 50 ]
fffff8073056db8f-fffff8073056db91 3 bytes - nt!PopTransitionSystemPowerStateEx+e1b (+0x84)
[ 1f 44 00:3d 9a 50 ]
fffff8073056e5a7-fffff8073056e5a9 3 bytes - nt!PoBroadcastSystemState+3eb (+0xa18)
[ 1f 44 00:25 90 50 ]
fffff8073056e5eb-fffff8073056e5ed 3 bytes - nt!PoBroadcastSystemState+42f (+0x44)
[ 1f 44 00:e1 8f 50 ]
fffff8073056e729-fffff8073056e72b 3 bytes - nt!PoBroadcastSystemState+56d (+0x13e)
[ 1f 44 00:a3 8e 50 ]
fffff8073056ef58-fffff8073056ef5a 3 bytes - nt!PopInvokeSystemStateHandler+1c4 (+0x82f)
[ 1f 44 00:74 86 50 ]
fffff8073056f242-fffff8073056f244 3 bytes - nt!PopInvokeSystemStateHandler+4ae (+0x2ea)
[ 1f 44 00:8a 83 50 ]
fffff8073056ff35-fffff8073056ff37 3 bytes - nt!PopDecompressHiberBlocks+105 (+0xcf3)
[ 1f 44 00:97 76 50 ]
fffff80730570109-fffff8073057010b 3 bytes - nt!PopSaveHiberContext+d9 (+0x1d4)
[ 1f 44 00:23 57 9c ]
fffff80730571001-fffff80730571003 3 bytes - nt!PopHiberCheckForDebugBreak+39 (+0xef8)
[ 1f 44 00:cb 65 50 ]
fffff807305710b2-fffff807305710b4 3 bytes - nt!KiCalibrateTimeAdjustment+a2 (+0xb1)
[ 1f 44 00:8a a6 50 ]
fffff80730571149-fffff8073057114b 3 bytes - nt!KiCalibrateTimeAdjustment+139 (+0x97)
[ 1f 44 00:83 64 50 ]
fffff807305713ef-fffff807305713f1 3 bytes - nt!PopHiberCheckResume+ff (+0x2a6)
[ 1f 44 00:fd ab 50 ]
fffff80730571ee0-fffff80730571ee2 3 bytes - nt!PopGetHwConfigurationSignature+dc (+0xaf1)
[ 1f 44 00:ac e3 50 ]
fffff80730575f05-fffff80730575f07 3 bytes - nt!KiInitializeBootStructures+245 (+0x4025)
[ 1f 44 00:b7 56 51 ]
fffff80730575f9d-fffff80730575f9f 3 bytes - nt!KiInitializeBootStructures+2dd (+0x98)
[ 1f 44 00:9f 5e 51 ]
fffff80730576c7b-fffff80730576c7d 3 bytes - nt!KiSetFeatureBits+5d7 (+0xcde)
[ 1f 44 00:e1 70 51 ]
fffff8073057771e-fffff80730577720 3 bytes - nt!KiInitializeKernel+4fe (+0xaa3)
[ 1f 44 00:6e 2a 58 ]
fffff8073057a419-fffff8073057a41b 3 bytes - nt!ExpSetSystemTime+dbd5 (+0x2cfb)
[ 1f 44 00:c3 d1 52 ]
fffff8073057a87e-fffff8073057a880 3 bytes - nt!PopInvokeSystemStateHandler+baea (+0x465)
[ 1f 44 00:9e bf 52 ]
fffff8073057bcf1-fffff8073057bcf3 3 bytes - nt!KiCalibrateTimeAdjustment+ace1 (+0x1473)
[ 1f 44 00:db b8 4f ]
fffff8073057f741-fffff8073057f743 3 bytes - nt!PnprGetMillisecondCounter+15 (+0x3a50)
[ 1f 44 00:8b 7e 4f ]
fffff80730580421-fffff80730580423 3 bytes - nt!PnprQuiesceProcessorDpc+161 (+0xce0)
[ 1f 44 00:eb f2 4f ]
fffff80730580de4-fffff80730580de6 3 bytes - nt!KdMarkHiberPhase+3c (+0x9c3)
[ 1f 44 00:b8 02 68 ]
fffff807305828d7-fffff807305828d9 3 bytes - nt!PopSetMemoryOverwriteRequestAction+6b (+0x1af3)
[ 1f 44 00:95 fe 4f ]
fffff8073058290d-fffff8073058290f 3 bytes - nt!PopSetMemoryOverwriteRequestAction+a1 (+0x36)
[ 1f 44 00:cf f8 51 ]
fffff80730582a6f-fffff80730582a71 3 bytes - nt!PopGracefulShutdown+13f (+0x162)
[ 1f 44 00:bd ff 91 ]
fffff8073058372a-fffff8073058372c 3 bytes - nt!PopWriteImageHeader+7a (+0xcbb)
[ 1f 44 00:a2 3e 4f ]
fffff8073058401d-fffff8073058401f 3 bytes - nt!PopShutdownSystem+99 (+0x8f3)
[ 1f 44 00:ff 27 52 ]
fffff8073058402e-fffff80730584030 3 bytes - nt!PopShutdownSystem+aa (+0x11)
[ 1f 44 00:ee 27 52 ]
fffff807305840a9-fffff807305840ab 3 bytes - nt!PopCheckpointSystemSleepUnsafe+55 (+0x7b)
[ 1f 44 00:33 e1 51 ]
fffff80730591245-fffff80730591248 4 bytes - nt!SeQuerySigningPolicy+a5
[ 1f 44 00 00:57 18 bb ff ]
fffff807305bb0c9-fffff807305bb0cb 3 bytes - nt!PiDqIrpQueryCreate+11d (+0x29e84)
[ 1f 44 00:c3 fd 8a ]
fffff807305bb104-fffff807305bb106 3 bytes - nt!PiDqIrpQueryCreate+158 (+0x3b)
[ 1f 44 00:e8 5f 8a ]
fffff807305bb51f-fffff807305bb521 3 bytes - nt!PiDqQuerySerializeActionQueue+cb (+0x41b)
[ 1f 44 00:ad f6 8a ]
fffff807305bb558-fffff807305bb55a 3 bytes - nt!PiDqQuerySerializeActionQueue+104 (+0x39)
[ 1f 44 00:f4 f7 8a ]
fffff807305bb605-fffff807305bb607 3 bytes - nt!PiDqQuerySerializeActionQueue+1b1 (+0xad)
[ 1f 44 00:97 e9 89 ]
fffff807305bb751-fffff807305bb753 3 bytes - nt!PiDqQuerySerializeActionQueue+2fd (+0x14c)
[ 1f 44 00:1b 0a 8b ]
fffff807305bbfce-fffff807305bbfd0 3 bytes - nt!PiDqQueryRelease+52 (+0x87d)
[ 1f 44 00:9e 01 8b ]
fffff807305bdfd2-fffff807305bdfd4 3 bytes - nt!NtPowerInformation+462 (+0x2004)
[ 1f 44 00:fa 95 4b ]
fffff807305db0e3-fffff807305db0e5 3 bytes - nt!EtwpAddLogHeader+187 (+0x1d111)
[ 1f 44 00:e9 c4 49 ]
fffff807305e2213-fffff807305e2216 4 bytes - nt!SPCallServerHandleIsAppLicensed+245f (+0x7130)
[ 1f 44 00 00:89 08 b6 ff ]
fffff807305ea043-fffff807305ea045 3 bytes - nt!CmpTransReferenceTransaction+47 (+0x7e30)
[ 1f 44 00:39 9d 8c ]
fffff807305eb170-fffff807305eb172 3 bytes - nt!CmKtmNotification+230 (+0x112d)
[ 1f 44 00:6c 66 8c ]
fffff807305eb1a0-fffff807305eb1a2 3 bytes - nt!CmKtmNotification+260 (+0x30)
[ 1f 44 00:5c 68 8c ]
fffff807305eb219-fffff807305eb21b 3 bytes - nt!CmKtmNotification+2d9 (+0x79)
[ 1f 44 00:f3 62 8c ]
fffff807305eb247-fffff807305eb249 3 bytes - nt!CmKtmNotification+307 (+0x2e)
[ 1f 44 00:75 69 8c ]
fffff807305eb6a2-fffff807305eb6a4 3 bytes - nt!CmpStopRMLog+76 (+0x45b)
[ 1f 44 00:2a 98 90 ]
fffff807305eb6c9-fffff807305eb6cb 3 bytes - nt!CmpStopRMLog+9d (+0x27)
[ 1f 44 00:23 6c 90 ]
fffff807305eb6d9-fffff807305eb6db 3 bytes - nt!CmpStopRMLog+ad (+0x10)
[ 1f 44 00:83 cb 91 ]
fffff807305eec98-fffff807305eec9a 3 bytes - nt!NtQueryPerformanceCounter+58 (+0x35bf)
[ 1f 44 00:34 89 48 ]
fffff8073060ef33-fffff8073060ef35 3 bytes - nt!CmAddLogForAction+2d7 (+0x2029b)
[ 1f 44 00:39 4c 8c ]
fffff8073060ef72-fffff8073060ef74 3 bytes - nt!CmAddLogForAction+316 (+0x3f)
[ 1f 44 00:fa 4b 8c ]
fffff8073060efaf-fffff8073060efb1 3 bytes - nt!CmAddLogForAction+353 (+0x3d)
[ 1f 44 00:fd c1 8e ]
fffff8073062f71e-fffff8073062f721 4 bytes - nt!ExpWnfGetNameStoreRegistryRoot+132 (+0x2076f)
[ 1f 44 00 00:7e 33 b1 ff ]
fffff807306370a1-fffff807306370a3 3 bytes - nt!CmCheckNoTxContext+11 (+0x7983)
[ 1f 44 00:6b 4f 87 ]
fffff8073063fc27-fffff8073063fc29 3 bytes - nt!NtQueryInformationProcess+f57 (+0x8b86)
[ 1f 44 00:a5 79 43 ]
fffff8073067e362-fffff8073067e364 3 bytes - nt!IopRetrieveTransactionParameters+42 (+0x3e73b)
[ 1f 44 00:aa dc 82 ]
fffff8073068f11a-fffff8073068f11c 3 bytes - nt!PspUserThreadStartup+18a (+0x10db8)
[ 1f 44 00:b2 84 3e ]
fffff807306b7e5f-fffff807306b7e61 3 bytes - nt!CmpInitCmRM+333 (+0x28d45)
[ 1f 44 00:dd 26 84 ]
fffff807306b7ea5-fffff807306b7ea7 3 bytes - nt!CmpInitCmRM+379 (+0x46)
[ 1f 44 00:f7 e0 84 ]
fffff807306b7f35-fffff807306b7f37 3 bytes - nt!CmpInitCmRM+409 (+0x90)
[ 1f 44 00:f7 21 84 ]
fffff807306b7ff8-fffff807306b7ffa 3 bytes - nt!CmpInitCmRM+4cc (+0xc3)
[ 1f 44 00:64 02 85 ]
fffff807306b8013-fffff807306b8014 2 bytes - nt!CmpInitCmRM+4e7 (+0x1b)
[ 44 00:0a 85 ]
fffff807306c6447-fffff807306c6449 3 bytes - nt!PiDqIrpPropertySet+5b (+0xe434)
[ 1f 44 00:45 4a 7a ]
fffff807306c648c-fffff807306c648e 3 bytes - nt!PiDqIrpPropertySet+a0 (+0x45)
[ 1f 44 00:60 ac 79 ]
fffff807306c667b-fffff807306c667d 3 bytes - nt!PiDqIrpPropertySet+28f (+0x1ef)
[ 1f 44 00:f1 5a 7a ]
fffff807306c8d5f-fffff807306c8d61 3 bytes - nt!PiSwIrpStartCreate+53 (+0x26e4)
[ 1f 44 00:2d 21 7a ]
fffff807306c8d9a-fffff807306c8d9c 3 bytes - nt!PiSwIrpStartCreate+8e (+0x3b)
[ 1f 44 00:52 83 79 ]
fffff807306c8df6-fffff807306c8df8 3 bytes - nt!PiSwIrpStartCreate+ea (+0x5c)
[ 1f 44 00:76 33 7a ]
fffff807306c925a-fffff807306c925c 3 bytes - nt!PiSwIrpInterfacePropertySet+4e (+0x464)
[ 1f 44 00:32 1c 7a ]
fffff807306c929c-fffff807306c929e 3 bytes - nt!PiSwIrpInterfacePropertySet+90 (+0x42)
[ 1f 44 00:50 7e 79 ]
fffff807306c93bd-fffff807306c93bf 3 bytes - nt!PiSwIrpInterfacePropertySet+1b1 (+0x121)
[ 1f 44 00:af 2d 7a ]
fffff807306ccb77-fffff807306ccb79 3 bytes - nt!FsRtlIsMobileOS+17 (+0x37ba)
[ 1f 44 00:95 f4 7d ]
fffff807306cf480-fffff807306cf482 3 bytes - nt!PopIssueActionRequest+120 (+0x2909)
[ 1f 44 00:4c 81 3a ]
fffff807306cf65d-fffff807306cf65f 3 bytes - nt!PopIssueActionRequest+2fd (+0x1dd)
[ 1f 44 00:6f 7f 3a ]
fffff807306cf7df-fffff807306cf7e1 3 bytes - nt!PopResumeApps+27 (+0x182)
[ 1f 44 00:ed 7d 3a ]
fffff807306cf818-fffff807306cf81a 3 bytes - nt!PopResumeApps+60 (+0x39)
[ 1f 44 00:b4 7d 3a ]
fffff807306cf875-fffff807306cf877 3 bytes - nt!PopResumeServices+25 (+0x5d)
[ 1f 44 00:57 7d 3a ]
fffff807306cf8b1-fffff807306cf8b3 3 bytes - nt!PopResumeServices+61 (+0x3c)
[ 1f 44 00:1b 7d 3a ]
fffff807306e82b4-fffff807306e82b6 3 bytes - nt!CmLogTmRmAction+90 (+0x18a03)
[ 1f 44 00:88 cf 80 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
fffff8073091b195-fffff8073091b197 3 bytes - nt!KdInitSystem+55
[ 1f 44 00:37 c4 15 ]
fffff8073091ba4c-fffff8073091ba4e 3 bytes - nt!KdInitSystem+90c (+0x8b7)
[ 1f 44 00:d0 55 2e ]
fffff8073091c0aa-fffff8073091c0ac 3 bytes - nt!KdSendTraceData+f6 (+0x65e)
[ 1f 44 00:b2 4f 2e ]
fffff8073091c202-fffff8073091c204 3 bytes - nt!KdpFillMemory+102 (+0x158)
[ 1f 44 00:5a 4e 2e ]
fffff8073091c2c9-fffff8073091c2cb 3 bytes - nt!KdpGetBusData+a5 (+0xc7)
[ 1f 44 00:93 4d 2e ]
fffff8073091c446-fffff8073091c448 3 bytes - nt!KdpQueryMemory+7a (+0x17d)
[ 1f 44 00:16 4c 2e ]
fffff8073091c4f5-fffff8073091c4f7 3 bytes - nt!KdpReadControlSpace+99 (+0xaf)
[ 1f 44 00:67 4b 2e ]
fffff8073091c638-fffff8073091c63a 3 bytes - nt!KdpReadPhysicalMemory+128 (+0x143)
[ 1f 44 00:24 4a 2e ]
fffff8073091c7bd-fffff8073091c7bf 3 bytes - nt!KdpReadVirtualMemory+a1 (+0x185)
[ 1f 44 00:9f 48 2e ]
fffff8073091cc10 - nt!KdpRestoreBreakPointEx+d4 (+0x453)
[ 1f:4c ]
fffff8073091cc12 - nt!KdpRestoreBreakPointEx+d6 (+0x02)
[ 00:2e ]
fffff8073091ce12-fffff8073091ce14 3 bytes - nt!KdpSearchMemory+1d2 (+0x200)
[ 1f 44 00:4a 42 2e ]
fffff8073091d19c-fffff8073091d19e 3 bytes - nt!KdpSendWaitContinue+9c (+0x38a)
[ 1f 44 00:c0 3e 2e ]
fffff8073091d1c6-fffff8073091d1c8 3 bytes - nt!KdpSendWaitContinue+c6 (+0x2a)
[ 1f 44 00:06 a4 15 ]
fffff8073091d1e8-fffff8073091d1ea 3 bytes - nt!KdpSendWaitContinue+e8 (+0x22)
[ 1f 44 00:84 3e 2e ]
fffff8073091d73b-fffff8073091d73d 3 bytes - nt!KdpSendWaitContinue+63b (+0x553)
[ 1f 44 00:e1 90 18 ]
fffff8073091d85d-fffff8073091d85f 3 bytes - nt!KdpSendWaitContinue+75d (+0x122)
[ 1f 44 00:ff 37 2e ]
fffff8073091d87c-fffff8073091d87e 3 bytes - nt!KdpSendWaitContinue+77c (+0x1f)
[ 1f 44 00:e0 37 2e ]
fffff8073091da9a-fffff8073091da9c 3 bytes - nt!KdpSetContext+aa (+0x21e)
[ 1f 44 00:c2 35 2e ]
fffff8073091db44-fffff8073091db46 3 bytes - nt!KdpSysReadBusData+48 (+0xaa)
[ 1f 44 00:18 00 16 ]
fffff8073091dbb0-fffff8073091dbb2 3 bytes - nt!KdpSysWriteBusData+48 (+0x6c)
[ 1f 44 00:8c fe 15 ]
fffff8073091de19-fffff8073091de1b 3 bytes - nt!KdpWriteBreakPointEx+149 (+0x269)
[ 1f 44 00:43 32 2e ]
fffff8073091de4e-fffff8073091de50 3 bytes - nt!KdpWriteBreakPointEx+17e (+0x35)
[ 1f 44 00:0e 32 2e ]
fffff8073091df0d-fffff8073091df0f 3 bytes - nt!KdpWritePhysicalMemory+85 (+0xbf)
[ 1f 44 00:4f 31 2e ]
fffff8073091f37c-fffff8073091f37e 3 bytes - nt!KdpPrintString+b8 (+0x146f)
[ 1f 44 00:e0 1c 2e ]
fffff8073091f473-fffff8073091f475 3 bytes - nt!KdpPromptString+cb (+0xf7)
[ 1f 44 00:e9 1b 2e ]
fffff8073091f4a2-fffff8073091f4a4 3 bytes - nt!KdpPromptString+fa (+0x2f)
[ 1f 44 00:ca 1b 2e ]
fffff8073091f9b8-fffff8073091f9ba 3 bytes - nt!KdpCloseRemoteFile+a4 (+0x516)
[ 1f 44 00:b4 16 2e ]
fffff8073091f9fc-fffff8073091f9fe 3 bytes - nt!KdpCloseRemoteFile+e8 (+0x44)
[ 1f 44 00:60 16 2e ]
fffff8073091fb9d-fffff8073091fb9f 3 bytes - nt!KdpCreateRemoteFile+13d (+0x1a1)
[ 1f 44 00:bf 14 2e ]
fffff8073091fbdf-fffff8073091fbe1 3 bytes - nt!KdpCreateRemoteFile+17f (+0x42)
[ 1f 44 00:8d 14 2e ]
fffff8073091fd41-fffff8073091fd43 3 bytes - nt!KdpReadRemoteFile+d9 (+0x162)
[ 1f 44 00:1b 13 2e ]
fffff8073091fd7f-fffff8073091fd81 3 bytes - nt!KdpReadRemoteFile+117 (+0x3e)
[ 1f 44 00:ed 12 2e ]
fffff80730951dbb-fffff80730951dbd 3 bytes - nt!HdlspBugCheckProcessing+9f
[ 1f 44 00:81 56 12 ]
fffff80730951dd0-fffff80730951dd2 3 bytes - nt!HdlspBugCheckProcessing+b4 (+0x15)
[ 1f 44 00:4c 4a 15 ]
1679 errors : !nt (fffff8073000ada7-fffff80730951dd2)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

MEMORY_CORRUPTOR: LARGE

STACK_COMMAND: .thread ; .cxr ; kb

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE

BUCKET_ID: MEMORY_CORRUPTION_LARGE

PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE

TARGET_TIME: 2019-11-18T18:43:00.000Z

OSBUILD: 17763

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: 249c

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:memory_corruption_large

FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}

Followup: memory_corruption
---------

 

5 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: VSE 8.8 P13 BSOD mfeavfk.sys

Hi @joshbilsky 

Thanks for sharing the extract here. It would be great for us to be able to analyse this dump in more detail. Would you be able to share the full memory dump & MER with our Technical Support Team?

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: VSE 8.8 P13 BSOD mfeavfk.sys

Hi we actually have a case open for this issue 4-20475123237. We uploaded the MER and dump to the case.
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: VSE 8.8 P13 BSOD mfeavfk.sys

Thanks for letting me know! I just checked the status and actually the owner of the case is sending it to our Engineering Team for a deeper review. I can confirm we've seen a few instances of this BSOD  and for the ones we've confirmed, they will be addressed in patch 14.

The owner of your case will confirm the same with you, once your data has been analysed by Engineering.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: VSE 8.8 P13 BSOD mfeavfk.sys

Hi @joshbilsky,

Thank you for sharing the information. Our general recommendation is not to share Service Request information on public forum.

Having said that, I would like to add to the update cascaded by my colleague. We may have a POC  package available to try on your environment. Can you kindly confirm if the issue can be reproduced by running tenable's scan again on these machines. Since the POC was not exactly designed for this issue, it is very important that we confirm if the issue is reproducible to confirm the fix.

Based on your confirmation, I shall update the assigned Engineer to assist you with the POC if required.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: VSE 8.8 P13 BSOD mfeavfk.sys

Hi,

Do we know when the POC patch will become available?  The last update from the support technician was that we would receive the POC by close of business 11/22.  When we tried to follow back up with the technician on Friday, he was unavailable.  We need to get this issue escalated as it's preventing us from vulnerability scanning our systems which is a contractual requirement with our customer.

Thanks

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community