*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff9d03113f06f0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff9d03113f0648, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffff9d03113f06f0
BUGCHECK_P3: ffff9d03113f0648
BUGCHECK_P4: 0
TRAP_FRAME: ffff9d03113f06f0 -- (.trap 0xffff9d03113f06f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd95944771aa8 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd95944ce6d58 rsi=0000000000000000 rdi=0000000000000000
rip=ffffd90a1021b659 rsp=ffff9d03113f0880 rbp=ffff9d03113f0b80
r8=0000000000000108 r9=0000000000000060 r10=0000000000000001
r11=ffff9d03113f0850 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
win32kfull!xxxRealInternalGetMessage+0x1ac9:
ffffd90a`1021b659 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff9d03113f0648 -- (.exr 0xffff9d03113f0648)
ExceptionAddress: ffffd90a1021b659 (win32kfull!xxxRealInternalGetMessage+0x0000000000001ac9)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 4
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 30
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: uTorrent.exe
CURRENT_IRQL: 0
DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-12-2019 21:25:52.0122
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff804305d30e9 to fffff804305c1220
STACK_TEXT:
ffff9d03`113f03c8 fffff804`305d30e9 : 00000000`00000139 00000000`00000003 ffff9d03`113f06f0 ffff9d03`113f0648 : nt!KeBugCheckEx
ffff9d03`113f03d0 fffff804`305d3510 : 00000000`00000001 00000000`00000000 00000000`00000001 fffff804`30aae3c3 : nt!KiBugCheckDispatch+0x69
ffff9d03`113f0510 fffff804`305d18a5 : 00000000`00000000 ffffd90a`0f815d9a 00000000`00000438 ffffd959`44ce6801 : nt!KiFastFailDispatch+0xd0
ffff9d03`113f06f0 ffffd90a`1021b659 : ffff9d03`113f0b80 00000000`00000000 ffffd959`44ce68a0 ffff9d03`113f0b80 : nt!KiRaiseSecurityCheckFailure+0x325
ffff9d03`113f0880 ffffd90a`102197e2 : ffff9d03`113f0aa8 ffffb70e`fceca500 00000000`00000000 00000000`00000000 : win32kfull!xxxRealInternalGetMessage+0x1ac9
ffff9d03`113f0a60 fffff804`305d2b15 : ffffb70e`fceca5c0 00007ff9`4b0d5930 00000000`00000020 00007ff9`4b0d4a40 : win32kfull!NtUserGetMessage+0x92
ffff9d03`113f0b00 00007ff9`4b0dfd74 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`0009e5a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`4b0dfd74
THREAD_SHA1_HASH_MOD_FUNC: 45f0cb0334a1005030785d7bdf84582ff4b3a920
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 40bb7eb19d0524d7ac1ee4e19af0da4612de6881
THREAD_SHA1_HASH_MOD: 633760a2ca02edd8955c8ca7f5ac9a03794f2cfc
FOLLOWUP_IP:
win32kfull!xxxRealInternalGetMessage+1ac9
ffffd90a`1021b659 cd29 int 29h
FAULT_INSTR_CODE: 3b929cd
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32kfull!xxxRealInternalGetMessage+1ac9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32kfull
IMAGE_NAME: win32kfull.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 6d47ba62
IMAGE_VERSION: 10.0.18362.387
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1ac9
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_win32kfull!xxxRealInternalGetMessage
BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_win32kfull!xxxRealInternalGetMessage
PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_win32kfull!xxxRealInternalGetMessage
TARGET_TIME: 2019-11-08T19:20:44.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: b0c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_win32kfull!xxxrealinternalgetmessage
FAILURE_ID_HASH: {c6529162-fcac-9474-52e5-0ad7ac14122b}
Followup: MachineOwner
---------
0: kd> lmvm win32kfull
Browse full module list
start end module name
ffffd90a`101c0000 ffffd90a`10560000 win32kfull (pdb symbols) C:\ProgramData\dbg\sym\win32kfull.pdb\B94601074AC52D85ECC73426FE19A3A81\win32kfull.pdb
Loaded symbol image file: win32kfull.sys
Mapped memory image file: C:\ProgramData\dbg\sym\win32kfull.sys\6D47BA623a0000\win32kfull.sys
Image path: \SystemRoot\System32\win32kfull.sys
Image name: win32kfull.sys
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 6D47BA62 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00398534
ImageSize: 003A0000
File version: 10.0.18362.387
Product version: 10.0.18362.387
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32kfull.sys
OriginalFilename: win32kfull.sys
ProductVersion: 10.0.18362.387
FileVersion: 10.0.18362.387 (WinBuild.160101.0800)
FileDescription: Full/Desktop Win32k Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8043c889b1f, Address of the instruction which caused the bugcheck
Arg3: ffff9a0b555c2eb0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8043c889b1f
BUGCHECK_P3: ffff9a0b555c2eb0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
dxgmms2!VidSchiAllocateQueuePacket+1f
fffff804`3c889b1f 488b7018 mov rsi,qword ptr [rax+18h]
CONTEXT: ffff9a0b555c2eb0 -- (.cxr 0xffff9a0b555c2eb0)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe005b7ec0bf0
rdx=0000000000000001 rsi=0000000000000000 rdi=ffffe005b7ec0bf0
rip=fffff8043c889b1f rsp=ffff9a0b555c38a0 rbp=ffff9a0b555c3a90
r8=0000000000000000 r9=0000000000000000 r10=7ffffffffffffffc
r11=ffff9a0b555c3b50 r12=0000000000000001 r13=0000000000000001
r14=ffff9a0b555c3a78 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
dxgmms2!VidSchiAllocateQueuePacket+0x1f:
fffff804`3c889b1f 488b7018 mov rsi,qword ptr [rax+18h] ds:002b:00000000`00000018=????????????????
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 4
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 30
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-12-2019 21:25:56.0491
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8043c814f01 to fffff8043c889b1f
STACK_TEXT:
ffff9a0b`555c38a0 fffff804`3c814f01 : ffff9a0b`555c3a78 00000000`00000001 00000000`00000001 ffff9a0b`555c3a90 : dxgmms2!VidSchiAllocateQueuePacket+0x1f
ffff9a0b`555c3990 fffff80e`6543dcb1 : ffffe005`00000000 00000000`00000000 00000000`00000000 ffff9a0b`555c3a18 : dxgmms2!VidSchSignalSyncObjectsFromGpu+0x2a1
ffff9a0b`555c3bc0 fffff80e`6543dbba : ffff9a0b`555c3db8 00000000`00000000 ffff9a0b`555c3dc0 00000000`00000004 : dxgkrnl!DXGADAPTERSYNCOBJECT::AdapterObjectSignalFence+0xd5
ffff9a0b`555c3cf0 fffff80e`6543db48 : 00000000`00000000 ffffa088`ee6cdcf0 00000000`c00000bb ffffa088`e3d075f0 : dxgkrnl!DXGSYNCOBJECT::SignalFence+0x52
ffff9a0b`555c3d40 fffff80e`653182c7 : 00000000`00000000 00000000`00000008 ffffd1cd`d83ad2b6 ffffdd1a`6a8148ae : dxgkrnl!DxgkImmediateSignalSynchronizationObjectByReference+0x1c
ffff9a0b`555c3d70 fffff80e`6532c5de : 00000000`00000000 00000000`00000006 00000000`00000005 fffff804`00000001 : dxgkrnl!CFlipExBuffer::SignalGpuFence+0x137
ffff9a0b`555c3dd0 fffff80e`6532069a : ffffa088`ee6cdcf0 00000000`00000000 00000000`00000001 ffffa088`e619c330 : dxgkrnl!CompositionSurfaceObject::SignalGpuFence+0x62
ffff9a0b`555c3e10 fffff80e`6531a978 : ffffa088`e619c330 ffff9a0b`555c3f39 00000000`00000fd0 00000000`00000005 : dxgkrnl!CFlipToken::Discard+0x11a
ffff9a0b`555c3e90 fffff80e`6532c042 : ffffdd1a`6a8c35b0 00000000`00000fd0 ffff9a0b`555c3f39 00000000`00000fd0 : dxgkrnl!CFlipToken::`vector deleting destructor'+0x88
ffff9a0b`555c3ec0 fffff80e`6531b9d4 : ffffa088`e0cd3ae0 00000000`00000000 ffffa088`e1882770 ffffa088`e1882770 : dxgkrnl!CTokenManager::CompleteIndendentFlipToken+0x15a
ffff9a0b`555c3fa0 fffff80e`6531afea : ffffa088`e0cd3ae0 ffffa088`00000000 ffffa088`e0cd3ae0 00000000`00000000 : dxgkrnl!CTokenManager::ProcessDxgkAdapterTokens+0x944
ffff9a0b`555c48d0 fffff80e`6532a429 : 00000000`00000000 ffffe005`b6837ee0 ffffa088`e1882770 fffff80e`6531ffe4 : dxgkrnl!CTokenManager::ProcessTokens+0x18a
ffff9a0b`555c4990 fffff80e`6531ff1d : 00000000`00000000 ffff9a0b`555c4b80 ffffa088`e1882770 fffff804`3f6177d6 : dxgkrnl!CTokenManager::TokenThread+0x79
ffff9a0b`555c49e0 fffff804`3f1d2b15 : ffffe005`bac86080 00000000`00000000 00000000`00000020 00000000`00000000 : dxgkrnl!NtTokenManagerThread+0x1cd
ffff9a0b`555c4b00 00007ff8`1b5a7de4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000ae`3d52f888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`1b5a7de4
THREAD_SHA1_HASH_MOD_FUNC: dfd4c38585a8f564df36b8e7214ae36e43e855b0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e357100a3f9afb39006518628382c457b3e3f0f7
THREAD_SHA1_HASH_MOD: ca69077250e62f5a3d362498cf16ca73b35c47e8
FOLLOWUP_IP:
dxgmms2!VidSchiAllocateQueuePacket+1f
fffff804`3c889b1f 488b7018 mov rsi,qword ptr [rax+18h]
FAULT_INSTR_CODE: 18708b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgmms2!VidSchiAllocateQueuePacket+1f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgmms2
IMAGE_NAME: dxgmms2.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.449
STACK_COMMAND: .cxr 0xffff9a0b555c2eb0 ; kb
BUCKET_ID_FUNC_OFFSET: 1f
FAILURE_BUCKET_ID: 0x3B_c0000005_dxgmms2!VidSchiAllocateQueuePacket
BUCKET_ID: 0x3B_c0000005_dxgmms2!VidSchiAllocateQueuePacket
PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_dxgmms2!VidSchiAllocateQueuePacket
TARGET_TIME: 2019-11-10T13:25:50.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: b0e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_c0000005_dxgmms2!vidschiallocatequeuepacket
FAILURE_ID_HASH: {5b487c61-1fe6-92fd-d303-66fce6aeef2b}
Followup: MachineOwner
---------
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CACHE_MANAGER (34)
See the comment for FAT_FILE_SYSTEM (0x23)
Arguments:
Arg1: 0000000000051359
Arg2: ffff948df5ec33d8
Arg3: ffff948df5ec2c20
Arg4: fffff803790e5b6a
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 51359
BUGCHECK_P2: ffff948df5ec33d8
BUGCHECK_P3: ffff948df5ec2c20
BUGCHECK_P4: fffff803790e5b6a
EXCEPTION_RECORD: ffff948df5ec33d8 -- (.exr 0xffff948df5ec33d8)
ExceptionAddress: fffff803790e5b6a (nt!RtlpHpLfhSubsegmentFreeBlock+0x000000000000008a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000049
Attempt to read from address 0000000000000049
CONTEXT: ffff948df5ec2c20 -- (.cxr 0xffff948df5ec2c20)
rax=0000000000000061 rbx=0000000000001050 rcx=0000000000000001
rdx=00000000000064f0 rsi=ffffa80d2f5db000 rdi=ffffffffffffffff
rip=fffff803790e5b6a rsp=ffff948df5ec3610 rbp=0000000000000000
r8=0000000000000210 r9=0000000000000000 r10=ffffa80d2f5e1700
r11=0000000000000fff r12=0000000000000001 r13=00000000ffffffff
r14=ffffa80d19a00340 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010217
nt!RtlpHpLfhSubsegmentFreeBlock+0x8a:
fffff803`790e5b6a 8b4148 mov eax,dword ptr [rcx+48h] ds:002b:00000000`00000049=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 30
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!ExFreePool+9
fffff803`7936f0a9 4883c428 add rsp,28h
FAULTING_IP:
nt!RtlpHpLfhSubsegmentFreeBlock+8a
fffff803`790e5b6a 8b4148 mov eax,dword ptr [rcx+48h]
BUGCHECK_STR: 0x34
READ_ADDRESS: fffff803795733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000000000049
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000049
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-12-2019 21:26:00.0981
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff80379045e97 to fffff803790e5b6a
STACK_TEXT:
ffff948d`f5ec3610 fffff803`79045e97 : ffffa80d`19a00340 fffff803`790541ff 00000000`00000000 ffff9806`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x8a
ffff948d`f5ec36d0 fffff803`7936f0a9 : 00000000`00000040 00000000`00000004 ffff9806`9cbc7748 01000000`00100000 : nt!ExFreeHeapPool+0x357
ffff948d`f5ec37f0 fffff803`795f9de7 : ffffa80d`2f5e1710 00000000`00000001 00000000`00000000 ffff9806`a9e29cc8 : nt!ExFreePool+0x9
ffff948d`f5ec3820 fffff803`79053f8c : 00000000`00000000 00000000`00000000 00000000`00018000 00000000`00018000 : nt!MiReleaseReadListResources+0x7f
ffff948d`f5ec3850 fffff803`790a50b5 : ffff9806`a4b0f040 fffff803`7908c220 00000000`00000000 00000000`00000005 : nt!MmWaitForCacheManagerPrefetch+0x3c
ffff948d`f5ec3880 fffff803`7908c4a5 : 01d598ae`3076e6f9 ffff9806`00000000 00000000`00000000 ffff9806`9caf09b0 : nt!CcPerformReadAhead+0x351
ffff948d`f5ec3a50 fffff803`790bd465 : ffff9806`9cae29e0 ffff9806`a4b0f040 ffff9806`9cae29e0 ffff9806`00000200 : nt!CcWorkerThread+0x285
ffff948d`f5ec3b70 fffff803`7912a725 : ffff9806`a4b0f040 00000000`00000080 ffff9806`9ca69200 ffffdb90`cbfeac71 : nt!ExpWorkerThread+0x105
ffff948d`f5ec3c10 fffff803`791c886a : ffff8180`55220180 ffff9806`a4b0f040 fffff803`7912a6d0 00000000`00000064 : nt!PspSystemThreadStartup+0x55
ffff948d`f5ec3c60 00000000`00000000 : ffff948d`f5ec4000 ffff948d`f5ebe000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x2a
THREAD_SHA1_HASH_MOD_FUNC: a566fb3f35aaedce9307f4c690ff8d7216eb2330
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ed925172ba441450d3978c28aa9a29020de8166f
THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406
FAULT_INSTR_CODE: 28c48348
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!ExFreePool+9
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.418
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xffff948df5ec2c20 ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: 0x34_nt!ExFreePool
BUCKET_ID: 0x34_nt!ExFreePool
PRIMARY_PROBLEM_CLASS: 0x34_nt!ExFreePool
TARGET_TIME: 2019-11-11T16:36:38.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 2349
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x34_nt!exfreepool
FAILURE_ID_HASH: {bef2d914-8af1-1fb2-0b41-3dfb43df10c9}
Followup: Pool_corruption
---------
0: kd> lmvm Pool_Corruption
Browse full module list
start end module name
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8027269f8fe, Address of the instruction which caused the bugcheck
Arg3: ffff868a8b604dd0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8027269f8fe
BUGCHECK_P3: ffff868a8b604dd0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!ObpCaptureHandleInformation+ae
fffff802`7269f8fe 8a4028 mov al,byte ptr [rax+28h]
CONTEXT: ffff868a8b604dd0 -- (.cxr 0xffff868a8b604dd0)
rax=0000000000000000 rbx=ffffa482f6497db0 rcx=ffffcf015e137ea8
rdx=ffffa482fe359270 rsi=ffffa482f6497db0 rdi=0000000000000b6c
rip=fffff8027269f8fe rsp=ffff868a8b6057c8 rbp=ffffa482fa0c5e80
r8=0000000000000000 r9=ffffa482fe359240 r10=0000000000137e70
r11=ffff868a8b605810 r12=ffffcf015e000050 r13=ffff868a8b6058c0
r14=fffff8027269f850 r15=000000000017fffc
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ObpCaptureHandleInformation+0xae:
fffff802`7269f8fe 8a4028 mov al,byte ptr [rax+28h] ds:002b:00000000`00000028=??
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 4
CPU_MHZ: e6d
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 15
CPU_MODEL: 30
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: Steam.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-12-2019 21:26:06.0204
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8027270cf39 to fffff8027269f8fe
STACK_TEXT:
ffff868a`8b6057c8 fffff802`7270cf39 : 00000000`00000b6c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpCaptureHandleInformation+0xae
ffff868a`8b6057d0 fffff802`7270a7c5 : fffff802`7269f850 ffffa482`fa0c5e98 ffff868a`0017fffc 00000000`0017fffc : nt!ExpSnapShotHandleTables+0x131
ffff868a`8b605860 fffff802`725a8998 : 00000000`0185c050 00000000`00020000 00000000`00137e70 ffffcf01`5e000050 : nt!ExpGetHandleInformation+0x71
ffff868a`8b6058b0 fffff802`723e131b : 00000000`00000004 ffff868a`8b605b80 00000000`00000002 fffff802`71fcf459 : nt!ExpQuerySystemInformation+0x1c7558
ffff868a`8b605ac0 fffff802`71fd2b15 : 00000000`01430000 ffff868a`8b605b80 00000000`00000004 ffffffff`ff676980 : nt!NtQuerySystemInformation+0x2b
ffff868a`8b605b00 00007ff8`6185c784 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`09fde278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`6185c784
THREAD_SHA1_HASH_MOD_FUNC: 20654208cc7e34b6bf534b6083db1b7ca9d50f43
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e724b771f0a56c0b525565a9431cd3e0a138a121
THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
FOLLOWUP_IP:
nt!ObpCaptureHandleInformation+ae
fffff802`7269f8fe 8a4028 mov al,byte ptr [rax+28h]
FAULT_INSTR_CODE: 8828408a
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpCaptureHandleInformation+ae
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.418
STACK_COMMAND: .cxr 0xffff868a8b604dd0 ; kb
BUCKET_ID_FUNC_OFFSET: ae
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!ObpCaptureHandleInformation
BUCKET_ID: 0x3B_c0000005_nt!ObpCaptureHandleInformation
PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_nt!ObpCaptureHandleInformation
TARGET_TIME: 2019-11-12T17:55:47.000Z
OSBUILD: 18362
OSSERVICEPACK: 418
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 1777
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_c0000005_nt!obpcapturehandleinformation
FAILURE_ID_HASH: {744cd2bf-a795-9cd1-d425-97880ad655c5}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8027269f8fe, Address of the instruction which caused the bugcheck
Arg3: ffff868a8b604dd0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 6
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-R1MKTM3
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 7
Key : Analysis.Memory.CommitPeak.Mb
Value: 68
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8027269f8fe
BUGCHECK_P3: ffff868a8b604dd0
BUGCHECK_P4: 0
CONTEXT: ffff868a8b604dd0 -- (.cxr 0xffff868a8b604dd0)
rax=0000000000000000 rbx=ffffa482f6497db0 rcx=ffffcf015e137ea8
rdx=ffffa482fe359270 rsi=ffffa482f6497db0 rdi=0000000000000b6c
rip=fffff8027269f8fe rsp=ffff868a8b6057c8 rbp=ffffa482fa0c5e80
r8=0000000000000000 r9=ffffa482fe359240 r10=0000000000137e70
r11=ffff868a8b605810 r12=ffffcf015e000050 r13=ffff868a8b6058c0
r14=fffff8027269f850 r15=000000000017fffc
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!ObpCaptureHandleInformation+0xae:
fffff802`7269f8fe 8a4028 mov al,byte ptr [rax+28h] ds:002b:00000000`00000028=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Steam.exe
STACK_TEXT:
ffff868a`8b6057c8 fffff802`7270cf39 : 00000000`00000b6c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpCaptureHandleInformation+0xae
ffff868a`8b6057d0 fffff802`7270a7c5 : fffff802`7269f850 ffffa482`fa0c5e98 ffff868a`0017fffc 00000000`0017fffc : nt!ExpSnapShotHandleTables+0x131
ffff868a`8b605860 fffff802`725a8998 : 00000000`0185c050 00000000`00020000 00000000`00137e70 ffffcf01`5e000050 : nt!ExpGetHandleInformation+0x71
ffff868a`8b6058b0 fffff802`723e131b : 00000000`00000004 ffff868a`8b605b80 00000000`00000002 fffff802`71fcf459 : nt!ExpQuerySystemInformation+0x1c7558
ffff868a`8b605ac0 fffff802`71fd2b15 : 00000000`01430000 ffff868a`8b605b80 00000000`00000004 ffffffff`ff676980 : nt!NtQuerySystemInformation+0x2b
ffff868a`8b605b00 00007ff8`6185c784 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`09fde278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`6185c784
SYMBOL_NAME: nt!ObpCaptureHandleInformation+ae
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.418
STACK_COMMAND: .cxr 0xffff868a8b604dd0 ; kb
BUCKET_ID_FUNC_OFFSET: ae
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!ObpCaptureHandleInformation
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {744cd2bf-a795-9cd1-d425-97880ad655c5}
Followup: MachineOwner
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.