***
***
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {ffffffffc0000005, fffff8020f0cc84a, ffffee87ee6ebf78, ffffee87ee6eb7c0}
Probably caused by : ntkrnlmp.exe ( nt!CmpPerformCompleteKcbCacheLookup+15a )
Followup: MachineOwner
---------
8: kd> !analyze -v
***
***
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8020f0cc84a, The address that the exception occurred at
Arg3: ffffee87ee6ebf78, Exception Record Address
Arg4: ffffee87ee6eb7c0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8020f0cc84a
BUGCHECK_P3: ffffee87ee6ebf78
BUGCHECK_P4: ffffee87ee6eb7c0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
FAULTING_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
EXCEPTION_RECORD: ffffee87ee6ebf78 -- (.exr 0xffffee87ee6ebf78)
ExceptionAddress: fffff8020f0cc84a (nt!CmpPerformCompleteKcbCacheLookup+0x000000000000015a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffee87ee6eb7c0 -- (.cxr 0xffffee87ee6eb7c0)
rax=ffffda054a877000 rbx=00000000cad682b5 rcx=00000000000005a9
rdx=ffffda054a879d48 rsi=ffffee87ee6ec440 rdi=00000000f6e431e3
rip=fffff8020f0cc84a rsp=ffffee87ee6ec1b0 rbp=ffffda054a84c000
r8=ffffee87ee6ec1b8 r9=0000000000000000 r10=7ffffffffffffffc
r11=000000000000fffe r12=ffffee87ee6ec400 r13=9658279d81b60337
r14=00000000cab3e9f4 r15=ffffda054ae2dbe8
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!CmpPerformCompleteKcbCacheLookup+0x15a:
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx ds:002b:9658279d
81b60337=????????
Resetting default scope
CPU_COUNT: c
CPU_MHZ: ce4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 2
CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 3D'00000000 (cache) 3D'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
BUGCHECK_STR: AV
READ_ADDRESS: ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-P5ALTM5
ANALYSIS_SESSION_TIME: 04-19-2019 12:12:24.0982
ANALYSIS_VERSION: 10.0.17763.1 x86fre
LOCK_ADDRESS: fffff8020eee5f00 -- (!locks fffff8020eee5f00)
Resource @ nt!PiEngineLock (0xfffff8020eee5f00) Exclusively owned
Contention Count = 1
NumberOfExclusiveWaiters = 1
Threads: ffff8f86e81cd080-01<*>
Threads Waiting On Exclusive Access:
ffff8f86e3e66080
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8020eee5f00
Thread Count : 1
Thread address: 0xffff8f86e81cd080
Thread wait : 0x1ec
LAST_CONTROL_TRANSFER: from fffff8020ec7b1b1 to fffff8020ec63730
STACK_TEXT:
ffffee87
ee6ec1b0 fffff802
0f0aa277 : ffffda05
4a8a6008 00000000
00000000 00000000
00000004 ffffee87
ee6ec400 : nt!CmpPerformCompleteKcbCacheLookup+0x15a
ffffee87
ee6ec290 fffff802
0f0a999a : ffffda05
0000001c ffffee87
ee6ec5b0 ffffee87
ee6ec580 00000000
00000000 : nt!CmpDoParseKey+0x2a7
ffffee87
ee6ec500 fffff802
0f0cb9c9 : fffff802
0f0a9730 ffffda05
00000000 ffff8f86
e3ebe9e0 ffffda05
4d1f9a00 : nt!CmpParseKey+0x26a
ffffee87
ee6ec690 fffff802
0f0c9fcf : ffff8f86
e3ebe900 ffffee87
ee6ec8f8 00000000
00000240 ffff8f86
e3ef6d20 : nt!ObpLookupObjectName+0x719
ffffee87
ee6ec860 fffff802
0f0c8658 : 00000000
00000001 ffff8f86
e3ef6d20 00000000
00000000 00000000
00000000 : nt!ObOpenObjectByNameEx+0x1df
ffffee87
ee6ec9a0 fffff802
0f0c7ba2 : ffff8f86
e3802d80 00000000
00000000 00000000
000000d0 ffff8f86
00000000 : nt!CmOpenKey+0x298
ffffee87
ee6ecbf0 fffff802
0ec74885 : ffffda05
4a200980 00000000
000000f9 00000000
00000001 ffffda05
4d10ec10 : nt!NtOpenKey+0x12
ffffee87
ee6ecc30 fffff802
0ec67430 : fffff802
0f099e3e fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 : nt!KiSystemServiceCopyEnd+0x25
ffffee87
ee6ecdc8 fffff802
0f099e3e : fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 fffff802
0ebdb913 : nt!KiServiceLinkage
ffffee87
ee6ecdd0 fffff802
0f099c18 : ffffee87
ee6eced0 ffffee87
ee6ecfc0 ffffda05
4ad67010 00000000
0000e000 : nt!KsepRegistryOpenKey+0x9e
ffffee87
ee6ece60 fffff802
0f09a042 : ffffee87
ee6ecfc0 ffffee87
ee6eced0 00000000
00000000 ffffee87
ee6ed008 : nt!KsepRegistryQueryDriverShims+0x3c
ffffee87
ee6ecea0 fffff802
0f097b69 : fffff802
00000000 fffff802
13980000 ffffee87
ee6ecf48 00000000
00000000 : nt!KsepEngineGetShimsFromRegistry+0x5a
ffffee87
ee6ecf10 fffff802
0f099f36 : 00000000
00000000 00000000
00000000 fffff802
13980000 ffff8f86
e8761190 : nt!KsepGetShimsForDriver+0x7d
ffffee87
ee6ecf90 fffff802
0f09c3e7 : 00000000
00000000 00000000
00000000 00000000
00000000 00000000
00000000 : nt!KseDriverLoadImage+0xae
ffffee87
ee6ed000 fffff802
0f1b3712 : ffffee87
ee6ed280 00000000
00000000 00000000
00000000 fffff802
0f1b5201 : nt!MmLoadSystemImageEx+0x807
ffffee87
ee6ed1b0 fffff802
0f129e7b : 00000000
00000000 00000000
00000000 fffff802
0eecb790 ffffda05
4d1b5560 : nt!MiLoadImportDll+0x3a
ffffee87
ee6ed200 fffff802
0f09c255 : fffff802
138f0000 ffffee87
ee6ed3a0 ffffee87
ee6ed3d0 00000000
00000000 : nt!MiResolveImageReferences+0x20b
ffffee87
ee6ed310 fffff802
0f09652b : ffffee87
ee6ed518 00000000
00000000 00000000
00000000 00000000
00000001 : nt!MmLoadSystemImageEx+0x675
ffffee87
ee6ed4c0 fffff802
0f1a191b : 00000000
00000000 00000000
00000000 00000000
00000004 ffffda05
00000004 : nt!IopLoadDriver+0x21b
ffffee87
ee6ed6a0 fffff802
0f183d9e : fffff802
0ee07201 00000000
00000000 ffff8f86
e8728a30 ffffffff
800002b4 : nt!PipCallDriverAddDeviceQueryRoutine+0x1b7
ffffee87
ee6ed740 fffff802
0f1837b3 : 00000000
00000000 ffffee87
ee6ed850 ffff8f86
e8ee6010 fffff802
0000000e : nt!PnpCallDriverQueryServiceHelper+0xda
ffffee87
ee6ed7f0 fffff802
0f182e7b : ffff8f86
e8ee6010 ffffee87
ee6eda18 ffff8f86
e8ee6010 00000000
00000000 : nt!PipCallDriverAddDevice+0x3f7
ffffee87
ee6ed9a0 fffff802
0f1f9701 : ffff8f86
e82f6800 ffffee87
ee6edb01 ffffee87
ee6edab0 ffff8f86
00000000 : nt!PipProcessDevNodeTree+0x1af
ffffee87
ee6eda60 fffff802
0ec0a688 : ffff8f01
00000003 ffff8f86
e82f6800 ffffb501
00000000 00000000
00000000 : nt!PiProcessStartSystemDevices+0x59
ffffee87
ee6edab0 fffff802
0eb24afa : ffff8f86
e81cd080 fffff802
0eee47a0 ffff8f86
e3e7e9a0 ffff8f86
00000000 : nt!PnpDeviceActionWorker+0x448
ffffee87
ee6edb70 fffff802
0eaeda45 : ffff8f86
e81cd080 ffff8f86
e3e7c040 ffff8f86
e81cd080 00002425
b59bbfff : nt!ExpWorkerThread+0x16a
ffffee87
ee6edc10 fffff802
0ec6ab8c : ffffb501
fb480180 ffff8f86
e81cd080 fffff802
0eaed9f0 00000000
00000000 : nt!PspSystemThreadStartup+0x55
ffffee87
ee6edc60 00000000
00000000 : ffffee87
ee6ee000 ffffee87
ee6e8000 00000000
00000000 00000000
00000000 : nt!KiStartSystemThread+0x1c
THREAD_SHA1_HASH_MOD_FUNC: 216ba0d432a57bfdb2fa2ddd795f81dfa8a0718b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 3822aeb18cdc1f5c2008374a32f1e5f4a57ae839
THREAD_SHA1_HASH_MOD: ccaff2e89443f4e219b81594bac599515608a708
FAULT_INSTR_CODE: 5d3941
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpPerformCompleteKcbCacheLookup+15a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 438ffec3
IMAGE_VERSION: 10.0.17763.437
STACK_COMMAND: .cxr 0xffffee87ee6eb7c0 ; kb
BUCKET_ID_FUNC_OFFSET: 15a
FAILURE_BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
PRIMARY_PROBLEM_CLASS: AV_nt!CmpPerformCompleteKcbCacheLookup
TARGET_TIME: 2019-04-19T16:09:03.000Z
OSBUILD: 17763
OSSERVICEPACK: 437
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2005-12-02 02:58:59
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 1349
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!cmpperformcompletekcbcachelookup
FAILURE_ID_HASH: {0efeb559-0c54-ab30-3181-16de14daa9cf}
Followup: MachineOwner
---------
8: kd> !analyze -v
***
***
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8020f0cc84a, The address that the exception occurred at
Arg3: ffffee87ee6ebf78, Exception Record Address
Arg4: ffffee87ee6eb7c0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8020f0cc84a
BUGCHECK_P3: ffffee87ee6ebf78
BUGCHECK_P4: ffffee87ee6eb7c0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
FAULTING_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
EXCEPTION_RECORD: ffffee87ee6ebf78 -- (.exr 0xffffee87ee6ebf78)
ExceptionAddress: fffff8020f0cc84a (nt!CmpPerformCompleteKcbCacheLookup+0x000000000000015a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffee87ee6eb7c0 -- (.cxr 0xffffee87ee6eb7c0)
rax=ffffda054a877000 rbx=00000000cad682b5 rcx=00000000000005a9
rdx=ffffda054a879d48 rsi=ffffee87ee6ec440 rdi=00000000f6e431e3
rip=fffff8020f0cc84a rsp=ffffee87ee6ec1b0 rbp=ffffda054a84c000
r8=ffffee87ee6ec1b8 r9=0000000000000000 r10=7ffffffffffffffc
r11=000000000000fffe r12=ffffee87ee6ec400 r13=9658279d81b60337
r14=00000000cab3e9f4 r15=ffffda054ae2dbe8
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!CmpPerformCompleteKcbCacheLookup+0x15a:
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx ds:002b:9658279d
81b60337=????????
Resetting default scope
CPU_COUNT: c
CPU_MHZ: ce4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 2
CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 3D'00000000 (cache) 3D'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
BUGCHECK_STR: AV
READ_ADDRESS: ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-P5ALTM5
ANALYSIS_SESSION_TIME: 04-19-2019 12:12:31.0420
ANALYSIS_VERSION: 10.0.17763.1 x86fre
LOCK_ADDRESS: fffff8020eee5f00 -- (!locks fffff8020eee5f00)
Resource @ nt!PiEngineLock (0xfffff8020eee5f00) Exclusively owned
Contention Count = 1
NumberOfExclusiveWaiters = 1
Threads: ffff8f86e81cd080-01<*>
Threads Waiting On Exclusive Access:
ffff8f86e3e66080
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8020eee5f00
Thread Count : 1
Thread address: 0xffff8f86e81cd080
Thread wait : 0x1ec
LAST_CONTROL_TRANSFER: from fffff8020ec7b1b1 to fffff8020ec63730
STACK_TEXT:
ffffee87
ee6ec1b0 fffff802
0f0aa277 : ffffda05
4a8a6008 00000000
00000000 00000000
00000004 ffffee87
ee6ec400 : nt!CmpPerformCompleteKcbCacheLookup+0x15a
ffffee87
ee6ec290 fffff802
0f0a999a : ffffda05
0000001c ffffee87
ee6ec5b0 ffffee87
ee6ec580 00000000
00000000 : nt!CmpDoParseKey+0x2a7
ffffee87
ee6ec500 fffff802
0f0cb9c9 : fffff802
0f0a9730 ffffda05
00000000 ffff8f86
e3ebe9e0 ffffda05
4d1f9a00 : nt!CmpParseKey+0x26a
ffffee87
ee6ec690 fffff802
0f0c9fcf : ffff8f86
e3ebe900 ffffee87
ee6ec8f8 00000000
00000240 ffff8f86
e3ef6d20 : nt!ObpLookupObjectName+0x719
ffffee87
ee6ec860 fffff802
0f0c8658 : 00000000
00000001 ffff8f86
e3ef6d20 00000000
00000000 00000000
00000000 : nt!ObOpenObjectByNameEx+0x1df
ffffee87
ee6ec9a0 fffff802
0f0c7ba2 : ffff8f86
e3802d80 00000000
00000000 00000000
000000d0 ffff8f86
00000000 : nt!CmOpenKey+0x298
ffffee87
ee6ecbf0 fffff802
0ec74885 : ffffda05
4a200980 00000000
000000f9 00000000
00000001 ffffda05
4d10ec10 : nt!NtOpenKey+0x12
ffffee87
ee6ecc30 fffff802
0ec67430 : fffff802
0f099e3e fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 : nt!KiSystemServiceCopyEnd+0x25
ffffee87
ee6ecdc8 fffff802
0f099e3e : fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 fffff802
0ebdb913 : nt!KiServiceLinkage
ffffee87
ee6ecdd0 fffff802
0f099c18 : ffffee87
ee6eced0 ffffee87
ee6ecfc0 ffffda05
4ad67010 00000000
0000e000 : nt!KsepRegistryOpenKey+0x9e
ffffee87
ee6ece60 fffff802
0f09a042 : ffffee87
ee6ecfc0 ffffee87
ee6eced0 00000000
00000000 ffffee87
ee6ed008 : nt!KsepRegistryQueryDriverShims+0x3c
ffffee87
ee6ecea0 fffff802
0f097b69 : fffff802
00000000 fffff802
13980000 ffffee87
ee6ecf48 00000000
00000000 : nt!KsepEngineGetShimsFromRegistry+0x5a
ffffee87
ee6ecf10 fffff802
0f099f36 : 00000000
00000000 00000000
00000000 fffff802
13980000 ffff8f86
e8761190 : nt!KsepGetShimsForDriver+0x7d
ffffee87
ee6ecf90 fffff802
0f09c3e7 : 00000000
00000000 00000000
00000000 00000000
00000000 00000000
00000000 : nt!KseDriverLoadImage+0xae
ffffee87
ee6ed000 fffff802
0f1b3712 : ffffee87
ee6ed280 00000000
00000000 00000000
00000000 fffff802
0f1b5201 : nt!MmLoadSystemImageEx+0x807
ffffee87
ee6ed1b0 fffff802
0f129e7b : 00000000
00000000 00000000
00000000 fffff802
0eecb790 ffffda05
4d1b5560 : nt!MiLoadImportDll+0x3a
ffffee87
ee6ed200 fffff802
0f09c255 : fffff802
138f0000 ffffee87
ee6ed3a0 ffffee87
ee6ed3d0 00000000
00000000 : nt!MiResolveImageReferences+0x20b
ffffee87
ee6ed310 fffff802
0f09652b : ffffee87
ee6ed518 00000000
00000000 00000000
00000000 00000000
00000001 : nt!MmLoadSystemImageEx+0x675
ffffee87
ee6ed4c0 fffff802
0f1a191b : 00000000
00000000 00000000
00000000 00000000
00000004 ffffda05
00000004 : nt!IopLoadDriver+0x21b
ffffee87
ee6ed6a0 fffff802
0f183d9e : fffff802
0ee07201 00000000
00000000 ffff8f86
e8728a30 ffffffff
800002b4 : nt!PipCallDriverAddDeviceQueryRoutine+0x1b7
ffffee87
ee6ed740 fffff802
0f1837b3 : 00000000
00000000 ffffee87
ee6ed850 ffff8f86
e8ee6010 fffff802
0000000e : nt!PnpCallDriverQueryServiceHelper+0xda
ffffee87
ee6ed7f0 fffff802
0f182e7b : ffff8f86
e8ee6010 ffffee87
ee6eda18 ffff8f86
e8ee6010 00000000
00000000 : nt!PipCallDriverAddDevice+0x3f7
ffffee87
ee6ed9a0 fffff802
0f1f9701 : ffff8f86
e82f6800 ffffee87
ee6edb01 ffffee87
ee6edab0 ffff8f86
00000000 : nt!PipProcessDevNodeTree+0x1af
ffffee87
ee6eda60 fffff802
0ec0a688 : ffff8f01
00000003 ffff8f86
e82f6800 ffffb501
00000000 00000000
00000000 : nt!PiProcessStartSystemDevices+0x59
ffffee87
ee6edab0 fffff802
0eb24afa : ffff8f86
e81cd080 fffff802
0eee47a0 ffff8f86
e3e7e9a0 ffff8f86
00000000 : nt!PnpDeviceActionWorker+0x448
ffffee87
ee6edb70 fffff802
0eaeda45 : ffff8f86
e81cd080 ffff8f86
e3e7c040 ffff8f86
e81cd080 00002425
b59bbfff : nt!ExpWorkerThread+0x16a
ffffee87
ee6edc10 fffff802
0ec6ab8c : ffffb501
fb480180 ffff8f86
e81cd080 fffff802
0eaed9f0 00000000
00000000 : nt!PspSystemThreadStartup+0x55
ffffee87
ee6edc60 00000000
00000000 : ffffee87
ee6ee000 ffffee87
ee6e8000 00000000
00000000 00000000
00000000 : nt!KiStartSystemThread+0x1c
THREAD_SHA1_HASH_MOD_FUNC: 216ba0d432a57bfdb2fa2ddd795f81dfa8a0718b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 3822aeb18cdc1f5c2008374a32f1e5f4a57ae839
THREAD_SHA1_HASH_MOD: ccaff2e89443f4e219b81594bac599515608a708
FAULT_INSTR_CODE: 5d3941
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpPerformCompleteKcbCacheLookup+15a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 438ffec3
IMAGE_VERSION: 10.0.17763.437
STACK_COMMAND: .cxr 0xffffee87ee6eb7c0 ; kb
BUCKET_ID_FUNC_OFFSET: 15a
FAILURE_BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
PRIMARY_PROBLEM_CLASS: AV_nt!CmpPerformCompleteKcbCacheLookup
TARGET_TIME: 2019-04-19T16:09:03.000Z
OSBUILD: 17763
OSSERVICEPACK: 437
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2005-12-02 02:58:59
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 131a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!cmpperformcompletekcbcachelookup
FAILURE_ID_HASH: {0efeb559-0c54-ab30-3181-16de14daa9cf}
Followup: MachineOwner
---------
8: kd> !analyze -v
***
***
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8020f0cc84a, The address that the exception occurred at
Arg3: ffffee87ee6ebf78, Exception Record Address
Arg4: ffffee87ee6eb7c0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8020f0cc84a
BUGCHECK_P3: ffffee87ee6ebf78
BUGCHECK_P4: ffffee87ee6eb7c0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
FAULTING_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
EXCEPTION_RECORD: ffffee87ee6ebf78 -- (.exr 0xffffee87ee6ebf78)
ExceptionAddress: fffff8020f0cc84a (nt!CmpPerformCompleteKcbCacheLookup+0x000000000000015a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffee87ee6eb7c0 -- (.cxr 0xffffee87ee6eb7c0)
rax=ffffda054a877000 rbx=00000000cad682b5 rcx=00000000000005a9
rdx=ffffda054a879d48 rsi=ffffee87ee6ec440 rdi=00000000f6e431e3
rip=fffff8020f0cc84a rsp=ffffee87ee6ec1b0 rbp=ffffda054a84c000
r8=ffffee87ee6ec1b8 r9=0000000000000000 r10=7ffffffffffffffc
r11=000000000000fffe r12=ffffee87ee6ec400 r13=9658279d81b60337
r14=00000000cab3e9f4 r15=ffffda054ae2dbe8
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!CmpPerformCompleteKcbCacheLookup+0x15a:
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx ds:002b:9658279d
81b60337=????????
Resetting default scope
CPU_COUNT: c
CPU_MHZ: ce4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 2
CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 3D'00000000 (cache) 3D'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_IP:
nt!CmpPerformCompleteKcbCacheLookup+15a
fffff802
0f0cc84a 41395d00 cmp dword ptr [r13],ebx
BUGCHECK_STR: AV
READ_ADDRESS: ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - L'instruction 0x%p emploie l'adresse m moire 0x%p. L' tat de la m moire ne peut pas tre %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
ANALYSIS_SESSION_HOST: DESKTOP-P5ALTM5
ANALYSIS_SESSION_TIME: 04-19-2019 12:12:36.0326
ANALYSIS_VERSION: 10.0.17763.1 x86fre
LOCK_ADDRESS: fffff8020eee5f00 -- (!locks fffff8020eee5f00)
Resource @ nt!PiEngineLock (0xfffff8020eee5f00) Exclusively owned
Contention Count = 1
NumberOfExclusiveWaiters = 1
Threads: ffff8f86e81cd080-01<*>
Threads Waiting On Exclusive Access:
ffff8f86e3e66080
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8020eee5f00
Thread Count : 1
Thread address: 0xffff8f86e81cd080
Thread wait : 0x1ec
LAST_CONTROL_TRANSFER: from fffff8020ec7b1b1 to fffff8020ec63730
STACK_TEXT:
ffffee87
ee6ec1b0 fffff802
0f0aa277 : ffffda05
4a8a6008 00000000
00000000 00000000
00000004 ffffee87
ee6ec400 : nt!CmpPerformCompleteKcbCacheLookup+0x15a
ffffee87
ee6ec290 fffff802
0f0a999a : ffffda05
0000001c ffffee87
ee6ec5b0 ffffee87
ee6ec580 00000000
00000000 : nt!CmpDoParseKey+0x2a7
ffffee87
ee6ec500 fffff802
0f0cb9c9 : fffff802
0f0a9730 ffffda05
00000000 ffff8f86
e3ebe9e0 ffffda05
4d1f9a00 : nt!CmpParseKey+0x26a
ffffee87
ee6ec690 fffff802
0f0c9fcf : ffff8f86
e3ebe900 ffffee87
ee6ec8f8 00000000
00000240 ffff8f86
e3ef6d20 : nt!ObpLookupObjectName+0x719
ffffee87
ee6ec860 fffff802
0f0c8658 : 00000000
00000001 ffff8f86
e3ef6d20 00000000
00000000 00000000
00000000 : nt!ObOpenObjectByNameEx+0x1df
ffffee87
ee6ec9a0 fffff802
0f0c7ba2 : ffff8f86
e3802d80 00000000
00000000 00000000
000000d0 ffff8f86
00000000 : nt!CmOpenKey+0x298
ffffee87
ee6ecbf0 fffff802
0ec74885 : ffffda05
4a200980 00000000
000000f9 00000000
00000001 ffffda05
4d10ec10 : nt!NtOpenKey+0x12
ffffee87
ee6ecc30 fffff802
0ec67430 : fffff802
0f099e3e fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 : nt!KiSystemServiceCopyEnd+0x25
ffffee87
ee6ecdc8 fffff802
0f099e3e : fffff802
0f2002d0 ffffee87
ee6ece30 ffffee87
ee6eceb0 fffff802
0ebdb913 : nt!KiServiceLinkage
ffffee87
ee6ecdd0 fffff802
0f099c18 : ffffee87
ee6eced0 ffffee87
ee6ecfc0 ffffda05
4ad67010 00000000
0000e000 : nt!KsepRegistryOpenKey+0x9e
ffffee87
ee6ece60 fffff802
0f09a042 : ffffee87
ee6ecfc0 ffffee87
ee6eced0 00000000
00000000 ffffee87
ee6ed008 : nt!KsepRegistryQueryDriverShims+0x3c
ffffee87
ee6ecea0 fffff802
0f097b69 : fffff802
00000000 fffff802
13980000 ffffee87
ee6ecf48 00000000
00000000 : nt!KsepEngineGetShimsFromRegistry+0x5a
ffffee87
ee6ecf10 fffff802
0f099f36 : 00000000
00000000 00000000
00000000 fffff802
13980000 ffff8f86
e8761190 : nt!KsepGetShimsForDriver+0x7d
ffffee87
ee6ecf90 fffff802
0f09c3e7 : 00000000
00000000 00000000
00000000 00000000
00000000 00000000
00000000 : nt!KseDriverLoadImage+0xae
ffffee87
ee6ed000 fffff802
0f1b3712 : ffffee87
ee6ed280 00000000
00000000 00000000
00000000 fffff802
0f1b5201 : nt!MmLoadSystemImageEx+0x807
ffffee87
ee6ed1b0 fffff802
0f129e7b : 00000000
00000000 00000000
00000000 fffff802
0eecb790 ffffda05
4d1b5560 : nt!MiLoadImportDll+0x3a
ffffee87
ee6ed200 fffff802
0f09c255 : fffff802
138f0000 ffffee87
ee6ed3a0 ffffee87
ee6ed3d0 00000000
00000000 : nt!MiResolveImageReferences+0x20b
ffffee87
ee6ed310 fffff802
0f09652b : ffffee87
ee6ed518 00000000
00000000 00000000
00000000 00000000
00000001 : nt!MmLoadSystemImageEx+0x675
ffffee87
ee6ed4c0 fffff802
0f1a191b : 00000000
00000000 00000000
00000000 00000000
00000004 ffffda05
00000004 : nt!IopLoadDriver+0x21b
ffffee87
ee6ed6a0 fffff802
0f183d9e : fffff802
0ee07201 00000000
00000000 ffff8f86
e8728a30 ffffffff
800002b4 : nt!PipCallDriverAddDeviceQueryRoutine+0x1b7
ffffee87
ee6ed740 fffff802
0f1837b3 : 00000000
00000000 ffffee87
ee6ed850 ffff8f86
e8ee6010 fffff802
0000000e : nt!PnpCallDriverQueryServiceHelper+0xda
ffffee87
ee6ed7f0 fffff802
0f182e7b : ffff8f86
e8ee6010 ffffee87
ee6eda18 ffff8f86
e8ee6010 00000000
00000000 : nt!PipCallDriverAddDevice+0x3f7
ffffee87
ee6ed9a0 fffff802
0f1f9701 : ffff8f86
e82f6800 ffffee87
ee6edb01 ffffee87
ee6edab0 ffff8f86
00000000 : nt!PipProcessDevNodeTree+0x1af
ffffee87
ee6eda60 fffff802
0ec0a688 : ffff8f01
00000003 ffff8f86
e82f6800 ffffb501
00000000 00000000
00000000 : nt!PiProcessStartSystemDevices+0x59
ffffee87
ee6edab0 fffff802
0eb24afa : ffff8f86
e81cd080 fffff802
0eee47a0 ffff8f86
e3e7e9a0 ffff8f86
00000000 : nt!PnpDeviceActionWorker+0x448
ffffee87
ee6edb70 fffff802
0eaeda45 : ffff8f86
e81cd080 ffff8f86
e3e7c040 ffff8f86
e81cd080 00002425
b59bbfff : nt!ExpWorkerThread+0x16a
ffffee87
ee6edc10 fffff802
0ec6ab8c : ffffb501
fb480180 ffff8f86
e81cd080 fffff802
0eaed9f0 00000000
00000000 : nt!PspSystemThreadStartup+0x55
ffffee87
ee6edc60 00000000
00000000 : ffffee87
ee6ee000 ffffee87
ee6e8000 00000000
00000000 00000000
00000000 : nt!KiStartSystemThread+0x1c
THREAD_SHA1_HASH_MOD_FUNC: 216ba0d432a57bfdb2fa2ddd795f81dfa8a0718b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 3822aeb18cdc1f5c2008374a32f1e5f4a57ae839
THREAD_SHA1_HASH_MOD: ccaff2e89443f4e219b81594bac599515608a708
FAULT_INSTR_CODE: 5d3941
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpPerformCompleteKcbCacheLookup+15a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 438ffec3
IMAGE_VERSION: 10.0.17763.437
STACK_COMMAND: .cxr 0xffffee87ee6eb7c0 ; kb
BUCKET_ID_FUNC_OFFSET: 15a
FAILURE_BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
BUCKET_ID: AV_nt!CmpPerformCompleteKcbCacheLookup
PRIMARY_PROBLEM_CLASS: AV_nt!CmpPerformCompleteKcbCacheLookup
TARGET_TIME: 2019-04-19T16:09:03.000Z
OSBUILD: 17763
OSSERVICEPACK: 437
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2005-12-02 02:58:59
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 1359
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!cmpperformcompletekcbcachelookup
FAILURE_ID_HASH: {0efeb559-0c54-ab30-3181-16de14daa9cf}
Followup: MachineOwner