Rmap entry inserted twice

MmInsertRmap tries to add a second rmap entry for address 0000000000630000

    current caller FFFFF80000512316

    previous caller FFFFF80000512316

*** Fatal System Error: 0x0000001a

                       (0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.

Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows Server 2003 3790 x64 target at (Mon Apr 15 21:43:18.303 2019 (UTC + 2:00)), ptr64 TRUE

Loading Kernel Symbols

..............................................

Loading User Symbols

............................

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {0, 0, 0, 0}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll - 

Probably caused by : memory_corruption ( nt!MmInsertRmap+2be )

Followup:     MachineOwner

---------

nt!RtlpBreakWithStatusInstruction:

fffff800`0057f416 cc              int     3

kd> .reload

Connected to Windows Server 2003 3790 x64 target at (Mon Apr 15 21:43:51.176 2019 (UTC + 2:00)), ptr64 TRUE

Loading Kernel Symbols

..............................................

Loading User Symbols

............................

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll - 

kd> !pte 0x00000000`00630002

                                           VA 0000000000630002

PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000018    PTE at FFFFF68000003180

contains 000000001FB49067  contains 000000001FB4C067  contains 000000001E5B5067  contains 0000000037449025

pfn 1fb49     ---DA--UWEV  pfn 1fb4c     ---DA--UWEV  pfn 1e5b5     ---DA--UWEV  pfn 37449     ----A--UREV

kd> kp

 # Child-SP          RetAddr           Call Site

00 fffff880`04ba1518 fffff800`004aac42 nt!RtlpBreakWithStatusInstruction

01 fffff880`04ba1520 fffff800`004a9df2 nt!KiBugCheckDebugBreak(unsigned long StatusCode = 3)+0x12 [E:\ReactOS\reactos\ntoskrnl\ke\bug.c @ 538] 

02 fffff880`04ba1550 fffff800`004a950b nt!KeBugCheckWithTf(unsigned long BugCheckCode = 0x1a, unsigned int64 BugCheckParameter1 = 0, unsigned int64 BugCheckParameter2 = 0, unsigned int64 BugCheckParameter3 = 0, unsigned int64 BugCheckParameter4 = 0, struct _KTRAP_FRAME * TrapFrame = 0x00000000`00000000)+0x7c2 [E:\ReactOS\reactos\ntoskrnl\ke\bug.c @ 1101] 

03 fffff880`04ba1b60 fffff800`0050a73e nt!KeBugCheck(unsigned long BugCheckCode = 0x1a)+0x2b [E:\ReactOS\reactos\ntoskrnl\ke\bug.c @ 1473] 

04 fffff880`04ba1ba0 fffff800`00512316 nt!MmInsertRmap(unsigned int64 Page = 0x37449, struct _EPROCESS * Process = 0xfffffa80`32c2cb10, void * Address = 0x00000000`00630000)+0x2be [E:\ReactOS\reactos\ntoskrnl\mm\rmap.c @ 319] 

05 fffff880`04ba1c30 fffff800`005079dd nt!MmNotPresentFaultSectionView(struct _MMSUPPORT * AddressSpace = 0xfffffa80`32c2ce28, struct _MEMORY_AREA * MemoryArea = 0xfffffa80`32aaf010, void * Address = 0x00000000`00630002, unsigned char Locked = 0x00 '')+0x1226 [E:\ReactOS\reactos\ntoskrnl\mm\section.c @ 1783] 

06 fffff880`04ba1da0 fffff800`0050773c nt!MmNotPresentFault(char Mode = 0n1 '', unsigned int64 Address = 0x630002, unsigned char FromMdl = 0x00 '')+0x28d [E:\ReactOS\reactos\ntoskrnl\mm\mmfault.c @ 169] 

07 fffff880`04ba1e20 fffff800`0040441c nt!MmAccessFault(unsigned long FaultCode = 4, void * Address = 0x00000000`00630002, char Mode = 0n1 '', void * TrapInformation = 0xfffff880`04ba1e70)+0x17c [E:\ReactOS\reactos\ntoskrnl\mm\mmfault.c @ 265] 

08 fffff880`04ba1e70 000007ff`b7545543 nt!KiPageFault+0xde

09 00000000`0012d950 000007ff`b656d870 ntdll!RtlInitCodePageTable(wchar_t * TableBase = 0x00000000`00630000 ".ζ???", struct _CPTABLEINFO * CodePageTable = 0x00000000`00145c58)+0x33 [E:\ReactOS\reactos\sdk\lib\rtl\nls.c @ 167] 

0a 00000000`0012d990 00000000`00630000 kernel32!GetOEMCP+0x400

0b 00000000`0012d998 00000000`00145c58 0x630000

0c 00000000`0012d9a0 00000000`00000068 0x145c58

0d 00000000`0012d9a8 000007ff`00000000 0x68

0e 00000000`0012d9b0 00000000`00000000 0x000007ff`00000000