*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8025a245bf2, The address that the exception occurred at
Arg3: ffff80078863e568, Exception Record Address
Arg4: ffff80078863ddb0, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8025a245bf2
BUGCHECK_P3: ffff80078863e568
BUGCHECK_P4: ffff80078863ddb0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!ExFreeHeapPool+b2
fffff802`5a245bf2 488b5810 mov rbx,qword ptr [rax+10h]
EXCEPTION_RECORD: ffff80078863e568 -- (.exr 0xffff80078863e568)
ExceptionAddress: fffff8025a245bf2 (nt!ExFreeHeapPool+0x00000000000000b2)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffff80078863ddb0 -- (.cxr 0xffff80078863ddb0)
rax=01ffc1016a700000 rbx=ffff8c0e8ee041d0 rcx=0000000000000000
rdx=fffff8025a200000 rsi=01ffc1016a790420 rdi=a2e64eada2e64ead
rip=fffff8025a245bf2 rsp=ffff80078863e7a0 rbp=ffff8c0e8ee93a80
r8=ffff8c0e924fca30 r9=fffff80258122180 r10=ffff8c0e8e179a60
r11=ffff8c0e924fc520 r12=ffff800000000000 r13=0000000000000000
r14=0000000000000000 r15=ffff8c0e94e79400
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ExFreeHeapPool+0xb2:
fffff802`5a245bf2 488b5810 mov rbx,qword ptr [rax+10h] ds:002b:01ffc101`6a700010=????????????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: 95a
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 25
CPU_STEPPING: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!ExFreePool+9
fffff802`5a56f0a9 4883c428 add rsp,28h
BUGCHECK_STR: AV
READ_ADDRESS: fffff8025a7733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-21-2019 18:10:24.0112
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8025a56f0a9 to fffff8025a245bf2
STACK_TEXT:
ffff8007`8863e7a0 fffff802`5a56f0a9 : ffff8c0e`8ee52030 fffff802`5a23c77d fffff802`00000001 01000000`00100000 : nt!ExFreeHeapPool+0xb2
ffff8007`8863e8c0 fffff802`5a7e7327 : ffff8c0e`8ee93a80 ffff8c0e`8ee52030 00000000`00000000 ffff8c0e`8ee041d0 : nt!ExFreePool+0x9
ffff8007`8863e8f0 fffff802`5a7f94c0 : ffffc101`6a9aa690 00000000`00000000 ffff8c0e`8e0f8ae0 fffff802`5a30778f : nt!IopDeleteFile+0x177
ffff8007`8863e970 fffff802`5a239084 : 00000000`00000000 00000000`00000000 ffffc101`6a9aa690 ffff8c0e`8ee041d0 : nt!ObpRemoveObjectRoutine+0x80
ffff8007`8863e9d0 fffff802`5a7fb758 : 00000000`00000000 ffff8c0e`94e79460 ffffc101`6a9aa690 00000000`00000000 : nt!ObfDereferenceObject+0xa4
ffff8007`8863ea10 fffff802`5a3624e7 : fffff802`00000001 fffff802`5a66a480 ffff8007`8863eae0 ffff8c0e`94e79468 : nt!MiSegmentDelete+0x154
ffff8007`8863ea60 fffff802`5a38f169 : 00000000`00000000 fffff802`00000001 00000000`00000000 fffff802`5a66a480 : nt!MiProcessDereferenceList+0xc3
ffff8007`8863eb20 fffff802`5a32a725 : ffff8c0e`8edf6600 ffff8c0e`8edf6600 00000000`00000080 fffff802`5a38f040 : nt!MiDereferenceSegmentThread+0x129
ffff8007`8863ed50 fffff802`5a3c886a : ffff9e00`fc4c3180 ffff8c0e`8edf6600 fffff802`5a32a6d0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff8007`8863eda0 00000000`00000000 : ffff8007`8863f000 ffff8007`88639000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x2a
THREAD_SHA1_HASH_MOD_FUNC: b217590d159d025b17700ece115a092027c689a3
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0cacead8b243f787578ef278e4ca288f045fe0ae
THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406
FAULT_INSTR_CODE: 28c48348
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExFreePool+9
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.418
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xffff80078863ddb0 ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: AV_nt!ExFreePool
BUCKET_ID: AV_nt!ExFreePool
PRIMARY_PROBLEM_CLASS: AV_nt!ExFreePool
TARGET_TIME: 2019-11-21T13:58:52.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 545b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!exfreepool
FAILURE_ID_HASH: {2ae0a97e-dcd7-47ef-dbfb-430f2cbf58a1}
Followup: Pool_corruption
---------
0: kd> lmvm Pool_Corruption
Browse full module list
start end module name
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff80261076000, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8025afc3216, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: fffff80261076000
BUGCHECK_P2: ff
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8025afc3216
READ_ADDRESS: fffff8025b3733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80261076000
CURRENT_IRQL: 0
FAULTING_IP:
nt!KiInterruptDispatchNoLockNoEtw+26
fffff802`5afc3216 488be1 mov rsp,rcx
CPU_COUNT: 4
CPU_MHZ: 95a
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 25
CPU_STEPPING: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-21-2019 18:10:21.0863
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff80261067a80 -- (.trap 0xfffff80261067a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80261074300 rbx=0000000000000000 rcx=fffff80261076000
rdx=fffff80261067c10 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8025afc3216 rsp=fffff80261067c10 rbp=fffff80261067c90
r8=0000000000000008 r9=0000000000000000 r10=0000fffff8025afc
r11=ffffd0fc59600000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl zr na po nc
nt!KiInterruptDispatchNoLockNoEtw+0x26:
fffff802`5afc3216 488be1 mov rsp,rcx
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8025afd30e9 to fffff8025afc1220
STACK_TEXT:
fffff802`61067938 fffff802`5afd30e9 : 00000000`0000000a fffff802`61076000 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
fffff802`61067940 fffff802`5afcf42b : 00000000`59aa2100 00000002`2bf8b373 00000001`00000002 ffff800f`ad5a2250 : nt!KiBugCheckDispatch+0x69
fffff802`61067a80 fffff802`5afc3216 : 00000000`00000001 fffff802`59aa2180 fffff802`61067d40 00000000`00000001 : nt!KiPageFault+0x46b
fffff802`61067c10 fffff802`5afc4d2e : 00000000`00000000 fffff802`59aa2180 ffff800f`b09b7080 00000000`00000408 : nt!KiInterruptDispatchNoLockNoEtw+0x26
fffff802`61067da0 00000000`00000000 : fffff802`61068000 fffff802`61062000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x4e
THREAD_SHA1_HASH_MOD_FUNC: 3cf084d0abd135ef8342f0d5cbe9300cdd22acbd
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8e4d5b124de852e839a93edd90a0a4018446c9b6
THREAD_SHA1_HASH_MOD: f08ac56120cad14894587db086f77ce277bfae84
FOLLOWUP_IP:
nt!KiInterruptDispatchNoLockNoEtw+26
fffff802`5afc3216 488be1 mov rsp,rcx
FAULT_INSTR_CODE: 48e18b48
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiInterruptDispatchNoLockNoEtw+26
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.418
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 26
FAILURE_BUCKET_ID: AV_nt!KiInterruptDispatchNoLockNoEtw
BUCKET_ID: AV_nt!KiInterruptDispatchNoLockNoEtw
PRIMARY_PROBLEM_CLASS: AV_nt!KiInterruptDispatchNoLockNoEtw
TARGET_TIME: 2019-11-21T14:14:58.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 3c8e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!kiinterruptdispatchnolocknoetw
FAILURE_ID_HASH: {bcca90df-4502-e14c-7f58-c4a4248ee927}
Followup: MachineOwner
---------