Windows 10 Need help with BSOD

  • Thread starter Thread starter JohnnyMX
  • Start date Start date
J

JohnnyMX

After running into the BSOD I checked the memory dump and got these results, unsure on what exactly is going on with it however and would appreciate some help!


nt!KeBugCheckEx:
fffff807`4f7f5210 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8281`ee7ff0f0=000000000000007e
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8074f6c959a, The address that the exception occurred at
Arg3: ffff980d30016e18, Exception Record Address
Arg4: ffff8281ee7ff920, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : AV.Fault
Value: Read

Key : Analysis.CPU.mSec
Value: 2202

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-GH95ABH

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 3798

Key : Analysis.Memory.CommitPeak.Mb
Value: 80

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8074f6c959a

BUGCHECK_P3: ffff980d30016e18

BUGCHECK_P4: ffff8281ee7ff920

EXCEPTION_RECORD: ffff980d30016e18 -- (.exr 0xffff980d30016e18)
ExceptionAddress: fffff8074f6c959a (nt!RtlRbRemoveNode+0x000000000000035a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT: ffff8281ee7ff920 -- (.cxr 0xffff8281ee7ff920)
rax=0000000000000001 rbx=ffffc18634002290 rcx=efffc186406d6f58
rdx=ffffc1863ba71978 rsi=0000000000000001 rdi=ffffc186406c5f58
rip=fffff8074f6c959a rsp=ffff980d30017058 rbp=ffffc1863ba71978
r8=ffffc186406c5f00 r9=efffc186406d6f58 r10=0000000000000000
r11=ffffc186406c5f58 r12=ffffc1863ba66030 r13=ffffc1863ba66000
r14=0000000000000000 r15=ffffc18645c35f60
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!RtlRbRemoveNode+0x35a:
fffff807`4f6c959a 498b4110 mov rax,qword ptr [r9+10h] ds:002b:efffc186`406d6f68=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME: System

READ_ADDRESS: ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

EXCEPTION_STR: 0xc0000005

BAD_STACK_POINTER: ffff8281ee7ff0e8

STACK_TEXT:
ffff980d`30017058 fffff807`4f6c90d3 : 00000000`0000002b ffffc186`3ba716c0 00000000`00000000 ffffc186`3ba71970 : nt!RtlRbRemoveNode+0x35a
ffff980d`30017070 fffff807`4f6c8a48 : ffffc186`34002280 ffffc186`3ba66000 ffffc186`34002280 ffff980d`30017178 : nt!RtlpHpVsChunkCoalesce+0x183
ffff980d`300170d0 fffff807`4f6c73d4 : ffff980d`00000000 fffff807`00000000 00000000`00000000 00000000`00000000 : nt!RtlpHpVsContextFree+0x188
ffff980d`30017170 fffff807`4fdb1019 : ffffc186`000007c0 fffff807`4fa317a7 00000000`00000001 01000000`00100000 : nt!ExFreeHeapPool+0x4d4
ffff980d`30017250 fffff807`4f6cea86 : 00000000`00000040 ffff980d`30017558 ffff980d`300173a0 00000000`00000001 : nt!ExFreePool+0x9
ffff980d`30017280 fffff807`4f6ce933 : 00000000`00000040 ffff980d`30017558 ffff980d`300173a0 00000000`00000001 : nt!IopFreeIrp+0x136
ffff980d`300172c0 fffff807`4fb2cb62 : ffffc186`3fa99800 00000000`00000108 ffff980d`30017540 00000000`00000001 : nt!IoFreeIrp+0x13
ffff980d`300172f0 fffff807`4fb2c950 : 00000000`c0000296 ffff980d`30017431 ffff980d`300173b0 ffff980d`30017518 : nt!WmipSendWmiIrp+0xb6
ffff980d`30017350 fffff807`4fb2c77e : 00310066`0032002d 00320066`00330034 ffff980d`30017540 00000000`00000030 : nt!WmipQuerySetExecuteSI+0x150
ffff980d`30017480 fffff807`65ec3d1b : ffffc186`3d2db800 00000000`00000088 ffff980d`300175f0 ffffc186`3d2db800 : nt!IoWMIQuerySingleInstance+0xae
ffff980d`300174f0 fffff807`65ec3bfb : ffffc186`0000000b ffffc186`3d2db800 ffffc186`3d2db800 00000000`00000000 : srvnet!SrvNetQueryInterfaceBoolCapability+0x9b
ffff980d`30017670 fffff807`65ef880e : ffffc186`408d4470 ffff980d`300177c0 00000000`00000000 00000000`00000004 : srvnet!SrvNetQueryInterfaceCapabilities+0xaf
ffff980d`300176c0 fffff807`65ec38fd : fffff807`00000000 00000000`00000000 ffffc186`34698040 00000000`00000000 : srvnet!SrvNetBuildNetname+0x19a
ffff980d`30017980 fffff807`4f61aa33 : ffffc186`46360ba0 ffffc186`3a935870 ffffc186`3a935870 ffffc186`402ba040 : srvnet!SrvNetUpdateNetNameWorkerRoutine+0x8d
ffff980d`30017a00 fffff807`4f7034b5 : ffffc186`3be4e2c0 ffffc186`3be4e2c0 fffff807`4f61a9a0 ffffc186`00000000 : nt!IopProcessWorkItem+0x93
ffff980d`30017a70 fffff807`4f6a29a5 : ffffc186`3be4e2c0 00000000`00000080 ffffc186`34698040 00000000`00000001 : nt!ExpWorkerThread+0x105
ffff980d`30017b10 fffff807`4f7fc868 : ffff8281`ee1e6180 ffffc186`3be4e2c0 fffff807`4f6a2950 ffff980d`3119f740 : nt!PspSystemThreadStartup+0x55
ffff980d`30017b60 00000000`00000000 : ffff980d`30018000 ffff980d`30011000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME: nt!ExFreePool+9

IMAGE_NAME: Pool_Corruption

MODULE_NAME: Pool_Corruption

STACK_COMMAND: .cxr 0xffff8281ee7ff920 ; kb

BUCKET_ID_FUNC_OFFSET: 9

FAILURE_BUCKET_ID: AV_STACKPTR_ERROR_nt!ExFreePool

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {919f7ad7-7d58-1f73-a4f5-b922adf1cbe9}

Followup: Pool_corruption
---------

Continue reading...
 
You must log in or register to reply here.

Similar threads

S
Windows 11 Can Someone Please Help With This BSOD Error
Replies
0
Views
20
SadiqKasumi
S
E
Windows 10 I have a BSOD problem related with module name NT_ CLOCK_WATCHDOG_TIMEOUT
Replies
0
Views
2
Eslam Hamed1
E
A
Windows 10 used windbg to analyze my whea bsod and need official help with reading the result
Replies
0
Views
16
ali ab1
A
T
Windows 10 Anyone can help me with BOSD? WHEA_UNCORRECTABLE_ERROR (124)
Replies
0
Views
19
Tsogbat Manj
T
J
Windows 10 BSOD SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
Replies
0
Views
54
JieWWWW
J
Back
Top