UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: fffff80642a7ee70
Arg3: fffff80642a62020
Arg4: fffff8063f50e407
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 8
BUGCHECK_P2: fffff80642a7ee70
BUGCHECK_P3: fffff80642a62020
BUGCHECK_P4: fffff8063f50e407
BUGCHECK_STR: 0x7f_8
TRAP_FRAME: fffff80642a62970 -- (.trap 0xfffff80642a62970)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80642a62d10 rbx=0000000000000000 rcx=fffff80642a62d10
rdx=fffff80642a62d10 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8063f50e407 rsp=fffff80642a62b00 rbp=0000000000000001
r8=0000007ffffffff8 r9=0000000000000000 r10=fffff80642a62d10
r11=fffff80642a67778 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!KeInvalidAccessAllowed+0x7:
fffff806`3f50e407 4885c9 test rcx,rcx
Resetting default scope
CPU_COUNT: c
CPU_MHZ: 1004
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-04-2020 19:06:14.0533
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8063f5d30e9 to fffff8063f5c1220
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
THREAD_SHA1_HASH_MOD_FUNC: 5d283ea1c2056ffc16557c636c5f7fee690b8ce0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2e622785ecb0a3a0da242a534d663cc355298f3e
THREAD_SHA1_HASH_MOD: 91603cfc5c4cc3898e692d807cc3b228da6ba955
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+2c5
fffff806`3f5cdf45 90 nop
FAULT_INSTR_CODE: 6666c390
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+2c5
IMAGE_VERSION: 10.0.18362.418
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: TRAP_FRAME_RECURSION
BUCKET_ID: TRAP_FRAME_RECURSION
PRIMARY_PROBLEM_CLASS: TRAP_FRAME_RECURSION
TARGET_TIME: 2020-02-04T09:28:41.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 4e2a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:trap_frame_recursion
FAILURE_ID_HASH: {6fb26652-9c01-a5d2-4176-0141cc9056d6}
Followup: MachineOwner
---------
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffffa0e6752f560, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff8037ec24e02, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: fffffa0e6752f560
BUGCHECK_P2: 2
BUGCHECK_P3: fffff8037ec24e02
BUGCHECK_P4: 2
READ_ADDRESS: fffff8037f1733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffffa0e6752f560
FAULTING_IP:
nt!NtTraceEvent+92
fffff803`7ec24e02 4c89ac24209c0000 mov qword ptr [rsp+9C20h],r13
MM_INTERNAL_CODE: 2
CPU_COUNT: c
CPU_MHZ: 1004
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: AV
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-04-2020 19:06:23.0262
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffffa0e675257b0 -- (.trap 0xfffffa0e675257b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000005209fe670 rbx=0000000000000000 rcx=00000000000002a4
rdx=00007fffffff0000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8037ec24e02 rsp=fffffa0e67525940 rbp=fffffa0e67525b80
r8=0000000000000078 r9=00000005209fe5f8 r10=0000fffff8037ec2
r11=ffff89f885c00000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
nt!NtTraceEvent+0x92:
fffff803`7ec24e02 4c89ac24209c0000 mov qword ptr [rsp+9C20h],r13 ss:0018:fffffa0e`6752f560=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8037ede35d6 to fffff8037edc14e0
STACK_TEXT:
fffffa0e`67525508 fffff803`7ede35d6 : 00000000`00000050 fffffa0e`6752f560 00000000`00000002 fffffa0e`675257b0 : nt!KeBugCheckEx
fffffa0e`67525510 fffff803`7ec72eef : ffffb10e`8439b040 00000000`00000002 00000000`00000000 fffffa0e`6752f560 : nt!MiSystemFault+0x1d6866
fffffa0e`67525610 fffff803`7edcf520 : 00000000`00000001 ffffb10e`00000000 00000000`00000003 ffffb10e`8800ea00 : nt!MmAccessFault+0x34f
fffffa0e`675257b0 fffff803`7ec24e02 : 0001007c`00020000 00000000`00010000 00000000`00000001 00000000`00000000 : nt!KiPageFault+0x360
fffffa0e`67525940 fffff803`7edd2d18 : ffffb10e`8439b040 00000000`00000000 00000000`00000001 00000000`00000000 : nt!NtTraceEvent+0x92
fffffa0e`67525b00 00007ffa`9f9bcc74 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000005`209fe588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`9f9bcc74
CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
32 errors : !nt (fffff8037ec24e07-fffff8037ec24eff)
fffff8037ec24e00 69 58 4c 89 ac 24 20 *9c 00 00 41 8b 41 54 89 *b8 iXL..$ ...A.AT..
fffff8037ec24e10 24 88 00 00 00 89 84 *74 e4 00 00 00 41 0f b7 *d4 $......t....A...
fffff8037ec24e20 52 48 89 84 24 c8 00 *80 00 41 8b 41 70 89 84 *a9 RH..$....A.Ap...
fffff8037ec24e30 9c 00 00 00 89 84 24 *06 00 00 00 49 8b 41 30 *64 ......$....I.A0d
fffff8037ec24e40 89 84 24 a8 00 00 00 *7a 89 84 24 28 01 00 00 *9c ..$....z..$(....
fffff8037ec24e50 0f b6 41 2c 88 84 24 *11 00 00 00 88 84 24 96 *9d ..A,..$......$..
fffff8037ec24e60 00 00 45 33 f6 45 8b *c1 4c 89 b4 24 00 01 00 *c1 ..E3.E..L..$....
fffff8037ec24e70 45 38 61 50 74 23 4d *c1 61 60 4c 89 a4 24 00 *c1 E8aPt#M.a`L..$..
fffff8037ec24e80 00 00 eb 15 e8 17 03 *d0 00 33 c0 a2 00 00 ff *b8 .........3......
fffff8037ec24e90 ff 7f 00 00 e9 65 ff *b8 ff eb 05 e9 c8 01 00 *9c .....e..........
fffff8037ec24ea0 4c 8b 05 e9 f6 54 00 *52 89 74 24 28 48 8d 84 *97 L....T.R.t$(H...
fffff8037ec24eb0 b8 00 00 00 48 89 44 *9e 20 41 b1 01 ba 00 08 *97 ....H.D. A......
fffff8037ec24ec0 00 e8 ea c0 5c 00 44 *18 f8 85 c0 0f 88 94 01 *db ....\.D.........
fffff8037ec24ed0 00 4c 89 b4 24 c0 00 *9c 00 48 8b bc 24 b8 00 *11 .L..$....H..$...
fffff8037ec24ee0 00 48 8b 47 20 48 89 *0b 24 a0 00 00 00 48 8b *c6 .H.G H..$....H..
fffff8037ec24ef0 28 48 89 84 24 d0 00 *05 00 c1 ee 1f 33 d2 44 *c5 (H..$.......3.D.
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: STRIDE
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
BUCKET_ID: MEMORY_CORRUPTION_STRIDE
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_STRIDE
TARGET_TIME: 2020-02-03T09:17:56.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 3607
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_stride
FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
Followup: memory_corruption
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000030, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80735202ba5, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 30
BUGCHECK_P2: d
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80735202ba5
READ_ADDRESS: fffff807357733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000000000030
CURRENT_IRQL: d
FAULTING_IP:
nt!KiCallInterruptServiceRoutine+225
fffff807`35202ba5 41807e3000 cmp byte ptr [r14+30h],0
CPU_COUNT: c
CPU_MHZ: e10
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: cpuz.exe
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-04-2020 19:06:19.0965
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffb380fc27fdd0 -- (.trap 0xffffb380fc27fdd0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000534 rbx=0000000000000000 rcx=0000000000000534
rdx=0000008900000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80735202ba5 rsp=ffffb380fc27ff60 rbp=0000000000000001
r8=0000000000000000 r9=ffffb380fc27fbc0 r10=0000000000000100
r11=ffffb380fc27ff00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KiCallInterruptServiceRoutine+0x225:
fffff807`35202ba5 41807e3000 cmp byte ptr [r14+30h],0 ds:00000000`00000030=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff807353d32e9 to fffff807353c14e0
STACK_TEXT:
ffffb380`fc27fc88 fffff807`353d32e9 : 00000000`0000000a 00000000`00000030 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
ffffb380`fc27fc90 fffff807`353cf62b : 00000000`00000083 ffff8902`fbd95b80 00000000`00000246 fffff807`3515ed97 : nt!KiBugCheckDispatch+0x69
ffffb380`fc27fdd0 fffff807`35202ba5 : ffffa30f`a82c9100 00000000`0000000c ffff26f7`e8c736cb 00000000`0230afe0 : nt!KiPageFault+0x46b
ffffb380`fc27ff60 fffff807`353c2f7a : ffff8902`fbd95b80 ffffa30f`a82c9100 00000000`000000b2 ffffa30f`a82c9100 : nt!KiCallInterruptServiceRoutine+0x225
ffffb380`fc27ffb0 fffff807`353c34e7 : 00000000`00000002 ffff8902`fbd95b80 ffffb380`fc5d43c0 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
ffff8902`fbd95b00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
THREAD_SHA1_HASH_MOD_FUNC: 6727dbacf5d52303467364adf8410297e4a50cef
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b304845fe606bdc7c5ade40408fc80d832709589
THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
FOLLOWUP_IP:
nt!KiCallInterruptServiceRoutine+225
fffff807`35202ba5 41807e3000 cmp byte ptr [r14+30h],0
FAULT_INSTR_CODE: 307e8041
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiCallInterruptServiceRoutine+225
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4f6eba0
IMAGE_VERSION: 10.0.18362.592
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 225
FAILURE_BUCKET_ID: AV_nt!KiCallInterruptServiceRoutine
BUCKET_ID: AV_nt!KiCallInterruptServiceRoutine
PRIMARY_PROBLEM_CLASS: AV_nt!KiCallInterruptServiceRoutine
TARGET_TIME: 2020-02-03T12:44:27.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 4dca
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!kicallinterruptserviceroutine
FAILURE_ID_HASH: {49ead8ee-52e2-d680-57c5-6664c364ad42}
Followup: MachineOwner
---------
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8066563e667, The address that the exception occurred at
Arg3: ffff918b9015d838, Exception Record Address
Arg4: ffff918b9015d080, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8066563e667
BUGCHECK_P3: ffff918b9015d838
BUGCHECK_P4: ffff918b9015d080
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!ExAcquireRundownProtection+7
fffff806`6563e667 488b01 mov rax,qword ptr [rcx]
EXCEPTION_RECORD: ffff918b9015d838 -- (.exr 0xffff918b9015d838)
ExceptionAddress: fffff8066563e667 (nt!ExAcquireRundownProtection+0x0000000000000007)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffff918b9015d080 -- (.cxr 0xffff918b9015d080)
rax=ffff918b9015dae8 rbx=ffffda8f778e0b20 rcx=65ffda8f773bb380
rdx=0000000000000000 rsi=ffff80822d924000 rdi=ffffda8f76dd0040
rip=fffff8066563e667 rsp=ffff918b9015da70 rbp=ffffda8f76dd0300
r8=0000000000000000 r9=0000000000000000 r10=0000000000000090
r11=ffff80822d9244d4 r12=0000000000000004 r13=ffffda8f76dd0440
r14=000000000000a0a0 r15=ffffda8f76dd0198
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExAcquireRundownProtection+0x7:
fffff806`6563e667 488b01 mov rax,qword ptr [rcx] ds:002b:65ffda8f`773bb380=????????????????
Resetting default scope
CPU_COUNT: c
CPU_MHZ: 1004
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 71
CPU_STEPPING: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!ExAcquireRundownProtection+7
fffff806`6563e667 488b01 mov rax,qword ptr [rcx]
BUGCHECK_STR: AV
READ_ADDRESS: fffff80665b733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 02-04-2020 19:06:16.0786
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff80665c14b5f to fffff8066563e667
STACK_TEXT:
ffff918b`9015da70 fffff806`65c14b5f : ffff8082`2cd5f0a0 fffff806`65efbea5 00000000`00000020 ffffda8f`76dd0230 : nt!ExAcquireRundownProtection+0x7
ffff918b`9015daa0 fffff806`65df61bd : ffffda8f`76dd0040 ffff8082`2d9244c4 ffffffff`00000090 ffffda8f`778e0b20 : nt!EtwpRealtimeInjectEtwBuffer+0x63
ffff918b`9015db30 fffff806`65c14575 : ffffda8f`76dd0040 00000000`00000000 ffffffff`fffffffd ffffffff`fffffffd : nt!EtwpRealtimeNotifyConsumers+0x11352d
ffff918b`9015db90 fffff806`6572a7a5 : ffffffff`fffffffd ffffda8f`77aed080 00000000`00000080 fffff806`65c14290 : nt!EtwpLogger+0x2e5
ffff918b`9015dc10 fffff806`657c8b2a : ffff9700`86b1b180 ffffda8f`77aed080 fffff806`6572a750 00000002`00000110 : nt!PspSystemThreadStartup+0x55
ffff918b`9015dc60 00000000`00000000 : ffff918b`9015e000 ffff918b`90158000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x2a
THREAD_SHA1_HASH_MOD_FUNC: c09019bfcf288e99f67fbf3b5578eee27f11e084
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f368a2ceb9aab95ba3bfac4cf89ceb8b6dcb0985
THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
FAULT_INSTR_CODE: 48018b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExAcquireRundownProtection+7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4f6eba0
IMAGE_VERSION: 10.0.18362.592
STACK_COMMAND: .cxr 0xffff918b9015d080 ; kb
BUCKET_ID_FUNC_OFFSET: 7
FAILURE_BUCKET_ID: AV_nt!ExAcquireRundownProtection
BUCKET_ID: AV_nt!ExAcquireRundownProtection
PRIMARY_PROBLEM_CLASS: AV_nt!ExAcquireRundownProtection
TARGET_TIME: 2020-02-03T14:15:48.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 5a59
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!exacquirerundownprotection
FAILURE_ID_HASH: {6dbabe73-5f6b-f149-f66d-0b0f47240c28}
Followup: MachineOwner
---------