Since I didn't get much details of my previous post as nobody replied. I will be adding some minidump details below in this post.
Report 1
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2046
Key : Analysis.Elapsed.mSec
Value: 3742
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 359
Key : Analysis.Init.Elapsed.mSec
Value: 4376
Key : Analysis.Memory.CommitPeak.Mb
Value: 98
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1e
Key : Bugcheck.Code.TargetModel
Value: 0x1e
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_nt!KiDispatchException
Key : Failure.Hash
Value: {00781d15-b897-afab-75cd-f83221cbf387}
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: 0
BUGCHECK_P3: 8
BUGCHECK_P4: 0
FILE_IN_CAB: 111024-41531-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffff8001ca195540
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Plex Transcode
STACK_TEXT:
fffff303`56f40fa8 fffff804`366b82b5 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
fffff303`56f40fb0 fffff804`3662ae7c : 00000000`00001000 ffff8001`d1d35800 00000000`00000000 fffff303`56f41790 : nt!KiDispatchException+0x1a0325
fffff303`56f41690 fffff804`36626163 : fffff303`00000020 fffff303`56010088 000000f6`b90fbab8 ffff8001`d18e6940 : nt!KiExceptionDispatch+0x13c
fffff303`56f41870 00000000`00000000 : 00000000`00000010 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x463
SYMBOL_NAME: nt!KiDispatchException+1a0325
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.4317
STACK_COMMAND: .process /r /p 0xffff8001d1d350c0; .thread 0xffff8001ca195540 ; kb
BUCKET_ID_FUNC_OFFSET: 1a0325
FAILURE_BUCKET_ID: AV_nt!KiDispatchException
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {00781d15-b897-afab-75cd-f83221cbf387}
Followup: MachineOwner
Report 2
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000c89515c49, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: 0000000c89515c49, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1500
Key : Analysis.Elapsed.mSec
Value: 2936
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 312
Key : Analysis.Init.Elapsed.mSec
Value: 27512
Key : Analysis.Memory.CommitPeak.Mb
Value: 97
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0xd1
Key : Bugcheck.Code.TargetModel
Value: 0xd1
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_CODE_AV_BAD_IP_nt!KiPageFault
Key : Failure.Hash
Value: {73cd60cc-83fa-6b76-df08-1961c31d7403}
BUGCHECK_CODE: d1
BUGCHECK_P1: c89515c49
BUGCHECK_P2: ff
BUGCHECK_P3: 0
BUGCHECK_P4: c89515c49
FILE_IN_CAB: 111024-47734-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffff870570b82080
READ_ADDRESS: fffff8027191d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000c89515c49
PROCESS_NAME: System
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
TRAP_FRAME: ffffc389976d18f0 -- (.trap 0xffffc389976d18f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80271010d10 rbx=0000000000000000 rcx=fffff7e8c000e000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000c89515c49 rsp=ffffc389976d1a80 rbp=ffffc389976d1b30
r8=0000000000000000 r9=ffffc389976d1990 r10=0000fffff8027101
r11=ffff997abe200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz ac pe cy
0000000c`89515c49 ?? ???
Resetting default scope
FAILED_INSTRUCTION_ADDRESS:
+0
0000000c`89515c49 ?? ???
STACK_TEXT:
ffffc389`976d17a8 fffff802`7102ad29 : 00000000`0000000a 0000000c`89515c49 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
ffffc389`976d17b0 fffff802`71026189 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffc389`976d18f0 0000000c`89515c49 : 0000000c`892a5649 00000000`00000000 00000000`00000000 00000000`82000000 : nt!KiPageFault+0x489
ffffc389`976d1a80 0000000c`892a5649 : 00000000`00000000 00000000`00000000 00000000`82000000 ffffa981`a0787180 : 0x0000000c`89515c49
ffffc389`976d1a88 00000000`00000000 : 00000000`00000000 00000000`82000000 ffffa981`a0787180 fffff802`7101d9fc : 0x0000000c`892a5649
SYMBOL_NAME: nt!KiPageFault+489
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.4317
STACK_COMMAND: .process /r /p 0xfffff80271949f40; .thread 0xffff870570b82080 ; kb
BUCKET_ID_FUNC_OFFSET: 489
FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}
Followup: MachineOwner
Report 3
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80721ea2c2f, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1671
Key : Analysis.Elapsed.mSec
Value: 3860
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 406
Key : Analysis.Init.Elapsed.mSec
Value: 12003
Key : Analysis.Memory.CommitPeak.Mb
Value: 120
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0xd1
Key : Bugcheck.Code.TargetModel
Value: 0xd1
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_mouclass!memcpy
Key : Failure.Hash
Value: {e505c467-bacc-0eca-ac29-b45b7c4bd7f1}
BUGCHECK_CODE: d1
BUGCHECK_P1: 0
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff80721ea2c2f
FILE_IN_CAB: 111324-59468-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: fffff8071094d700
WRITE_ADDRESS: fffff8071091d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: fffff80712c76940 -- (.trap 0xfffff80712c76940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffce87eff91ed0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80721ea2c2f rsp=fffff80712c76ad8 rbp=fffff80712c76b50
r8=0000000000000018 r9=0000000000000038 r10=ffffce87efff2000
r11=fffff80712c76ad0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
mouclass!memcpy+0x2f:
fffff807`21ea2c2f 0f1101 movups xmmword ptr [rcx],xmm0 ds:00000000`00000000=????????????????????????????????
Resetting default scope
STACK_TEXT:
fffff807`12c767f8 fffff807`1002ad29 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff807`12c76800 fffff807`10026189 : 00000000`00000000 fffff807`0b812180 ffffe280`00037320 00141422`000664da : nt!KiBugCheckDispatch+0x69
fffff807`12c76940 fffff807`21ea2c2f : fffff807`21ea52fd 00000000`00000018 fffff807`12c76b50 ffffce87`f189a010 : nt!KiPageFault+0x489
fffff807`12c76ad8 fffff807`21ea52fd : 00000000`00000018 fffff807`12c76b50 ffffce87`f189a010 fffff807`115ce7d0 : mouclass!memcpy+0x2f
fffff807`12c76ae0 fffff807`21e83888 : 00000000`00000002 ffffce87`eff04210 ffffce87`eff91d70 fffff807`12c76bc0 : mouclass!MouseClassServiceCallback+0x16d
fffff807`12c76b80 fffff807`0fe3c4e4 : 00000000`00000000 ffffce87`00000001 00000000`00000000 ffffce87`00000001 : mouhid!MouHid_ReadComplete+0x7b8
fffff807`12c76c20 fffff807`0fe3c397 : ffffce87`effe2010 ffffce87`e743c506 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x134
fffff807`12c76d00 fffff807`226ccb25 : ffffce87`e743c5a0 ffffce87`eca31302 00000000`00000000 00000000`00000009 : nt!IofCompleteRequest+0x17
fffff807`12c76d30 fffff807`226cc14d : ffffce87`efee21d0 ffffce87`efee2102 ffffce87`efee21d0 00000000`00000009 : HIDCLASS!HidpDistributeInterruptReport+0x3d5
fffff807`12c76e30 fffff807`0fe3c4e4 : 00000000`00000000 ffffce87`eca31330 fffff807`12c76f01 ffffce87`efaadd00 : HIDCLASS!HidpInterruptReadComplete+0x44d
fffff807`12c76ee0 fffff807`0fe3c397 : ffffce87`eca31330 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x134
fffff807`12c76fc0 fffff807`11593cc6 : 00000000`00000002 00000000`00000000 00000000`00000000 fffff807`115d267d : nt!IofCompleteRequest+0x17
fffff807`12c76ff0 fffff807`11592031 : ffffce87`eca31330 00000000`00000001 ffffce87`ec859c40 ffffce87`f7ce4020 : Wdf01000!FxRequest::CompleteInternal+0x246 [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869]
fffff807`12c77080 fffff807`11591fbf : 00000000`00000000 ffffce87`efe16440 ffffce87`f7ce41c0 fffff807`12c77198 : Wdf01000!FxRequest::Complete+0x4d [minkernel\wdf\framework\shared\inc\private\common\FxRequest.hpp @ 806]
fffff807`12c770e0 fffff807`1fdb2ff8 : ffffce87`f7ce4020 00000000`ffffffff 00000000`00000004 fffff807`12c771b0 : Wdf01000!imp_WdfRequestComplete+0x3f [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 437]
fffff807`12c77110 fffff807`1fdb1787 : ffffce87`f7ce41c0 00000000`00000008 ffffce87`f7ce4250 fffff807`12c77328 : USBXHCI!Bulk_Transfer_CompleteCancelable+0xc8
fffff807`12c77170 fffff807`1fdb1310 : 00000000`00000004 fffff807`12c772e0 00000000`00000000 ffffce87`efea6090 : USBXHCI!Bulk_ProcessTransferEventWithED1+0x463
fffff807`12c77220 fffff807`1fda9ca8 : 00000000`00000004 fffff807`12c772f8 00000000`00000008 fffff807`12c77300 : USBXHCI!Bulk_EP_TransferEventHandler+0x10
fffff807`12c77250 fffff807`1fda9318 : ffffce87`ec866f10 ffffce87`e7ffa200 ffffce87`ef1fe2d0 ffffce87`ec866f10 : USBXHCI!Endpoint_TransferEventHandler+0x108
fffff807`12c772b0 fffff807`1fda8bcc : 00000000`00000000 00000000`00001388 ffffce87`ec866d10 fffff807`0fe35027 : USBXHCI!Interrupter_DeferredWorkProcessor+0x738
fffff807`12c773b0 fffff807`11596d2d : fffff807`12c774d0 00000000`00000006 00000001`00000002 fffff807`000000e1 : USBXHCI!Interrupter_WdfEvtInterruptDpc+0xc
fffff807`12c773e0 fffff807`11596cd5 : 000000e2`97abdd22 00000000`00000000 ffffce87`ec866d10 fffff807`0ff38cf9 : Wdf01000!FxInterrupt:
pcHandler+0x49 [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 75]
fffff807`12c77410 fffff807`0fe1358c : 00000000`00000000 ffffa801`3f2335b0 fffff780`00000000 000000e2`9784ad4b : Wdf01000!FxInterrupt::_InterruptDpcThunk+0x35 [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 410]
fffff807`12c77450 fffff807`0fe12594 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExecuteAllDpcs+0x42c
fffff807`12c77990 fffff807`10019dfe : 00000000`00001710 fffff807`0b812180 fffff807`1094d700 ffffce87`feece080 : nt!KiRetireDpcList+0x1b4
fffff807`12c77c40 00000000`00000000 : fffff807`12c78000 fffff807`12c72000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: mouclass!memcpy+2f
MODULE_NAME: mouclass
IMAGE_NAME: mouclass.sys
IMAGE_VERSION: 10.0.22621.1774
STACK_COMMAND: .process /r /p 0xfffff80710949f40; .thread 0xfffff8071094d700 ; kb
BUCKET_ID_FUNC_OFFSET: 2f
FAILURE_BUCKET_ID: AV_mouclass!memcpy
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e505c467-bacc-0eca-ac29-b45b7c4bd7f1}
Followup: MachineOwner
Report 4
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8003076e1ab, The address that the exception occurred at
Arg3: fffff90f162e65c8, Exception Record Address
Arg4: fffff90f162e5de0, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 1718
Key : Analysis.Elapsed.mSec
Value: 2390
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 421
Key : Analysis.Init.Elapsed.mSec
Value: 4756
Key : Analysis.Memory.CommitPeak.Mb
Value: 107
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1000007e
Key : Bugcheck.Code.TargetModel
Value: 0x1000007e
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_Wof!FileProvCompressWorkItem
Key : Failure.Hash
Value: {338de1a7-22ee-9aa6-796c-0520688fc10d}
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8003076e1ab
BUGCHECK_P3: fffff90f162e65c8
BUGCHECK_P4: fffff90f162e5de0
FILE_IN_CAB: 111424-59078-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffffbb8e36771040
EXCEPTION_RECORD: fffff90f162e65c8 -- (.exr 0xfffff90f162e65c8)
ExceptionAddress: fffff8003076e1ab (nt!RtlCompressBufferXpressHuffStandard+0x000000000000018b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000063d19b04d
Attempt to read from address 000000063d19b04d
CONTEXT: fffff90f162e5de0 -- (.cxr 0xfffff90f162e5de0)
rax=00000000000001ba rbx=ffffd20a3e46fb33 rcx=00000000000000ad
rdx=ffffd20a3e458568 rsi=0000000000000020 rdi=ffffd20a3d19bf12
rip=fffff8003076e1ab rsp=fffff90f162e6800 rbp=000000000000001b
r8=00000000000000dd r9=000000063d19b04d r10=ffffd20a3d19bf13
r11=ffffd20a3d19bf12 r12=ffffd20a3e46fb2a r13=ffffd20a3d19b362
r14=ffffd20a3e458000 r15=ffffd20a3d19cfd8
iopl=0 nv up ei pl nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050212
nt!RtlCompressBufferXpressHuffStandard+0x18b:
fffff800`3076e1ab 413809 cmp byte ptr [r9],cl ds:002b:00000006`3d19b04d=??
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff8003111d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
000000063d19b04d
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000063d19b04d
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
fffff90f`162e6800 fffff800`3076e011 : ffffd20a`3d19b000 00000000`000000b9 ffffd20a`3e480a5f ffffbb8e`348d0e2b : nt!RtlCompressBufferXpressHuffStandard+0x18b
fffff90f`162e68f0 fffff800`30756aff : ffffbb8e`36771040 fffff800`306b81bf fffff800`00000000 00000000`00000001 : nt!RtlCompressBufferXpressHuff+0x61
fffff90f`162e6950 fffff800`35398324 : fffff800`00000000 ffffbb8e`348d0e28 00000000`00000000 ffffbb8e`348d0e28 : nt!RtlCompressBuffer+0x6f
fffff90f`162e69b0 fffff800`306b7bf5 : ffffbb8e`200b9c50 ffffbb8e`36771040 fffff90f`162e6b00 ffffbb8e`00000000 : Wof!FileProvCompressWorkItem+0x74
fffff90f`162e6a00 fffff800`3074d487 : ffffbb8e`36771040 00000000`0000033c ffffbb8e`36771040 fffff800`306b7aa0 : nt!ExpWorkerThread+0x155
fffff90f`162e6bf0 fffff800`30819f64 : ffffe600`5db54180 ffffbb8e`36771040 fffff800`3074d430 00000000`00000000 : nt!PspSystemThreadStartup+0x57
fffff90f`162e6c40 00000000`00000000 : fffff90f`162e7000 fffff90f`162e1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: Wof!FileProvCompressWorkItem+74
MODULE_NAME: Wof
IMAGE_NAME: Wof.sys
IMAGE_VERSION: 10.0.22621.4034
STACK_COMMAND: .cxr 0xfffff90f162e5de0 ; kb
BUCKET_ID_FUNC_OFFSET: 74
FAILURE_BUCKET_ID: AV_Wof!FileProvCompressWorkItem
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {338de1a7-22ee-9aa6-796c-0520688fc10d}
Followup: MachineOwner
Report 5
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8021ad2b746, The address that the exception occurred at
Arg3: ffffab8d814b5538, Exception Record Address
Arg4: ffffab8d814b4d50, Context Record Address
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : AV.Dereference
Value: NullClassPtr
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 1703
Key : Analysis.Elapsed.mSec
Value: 1703
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 312
Key : Analysis.Init.Elapsed.mSec
Value: 3017
Key : Analysis.Memory.CommitPeak.Mb
Value: 99
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1000007e
Key : Bugcheck.Code.TargetModel
Value: 0x1000007e
Key : Dump.Attributes.AsUlong
Value: 8
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Failure.Bucket
Value: AV_nt!PfSnGetSectionObject
Key : Failure.Hash
Value: {e23ea2df-a915-d574-daa1-e257e931d113}
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8021ad2b746
BUGCHECK_P3: ffffab8d814b5538
BUGCHECK_P4: ffffab8d814b4d50
FILE_IN_CAB: 111424-72593-01.dmp
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
FAULTING_THREAD: ffffbf88a78b8040
EXCEPTION_RECORD: ffffab8d814b5538 -- (.exr 0xffffab8d814b5538)
ExceptionAddress: fffff8021ad2b746 (nt!PfSnGetSectionObject+0x0000000000000156)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000078
Attempt to read from address 0000000000000078
CONTEXT: ffffab8d814b4d50 -- (.cxr 0xffffab8d814b4d50)
rax=0000000000000000 rbx=ffff9b0571ff95f8 rcx=14b7cfbffc450000
rdx=0000000000000001 rsi=ffff9b0572214488 rdi=0000000000000000
rip=fffff8021ad2b746 rsp=ffffab8d814b5770 rbp=ffffab8d814b5851
r8=00000000ffffff7f r9=0000000000000000 r10=0000000000000000
r11=ffffbf88a78b8180 r12=ffffab8d814b58f0 r13=0000000200000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
nt!PfSnGetSectionObject+0x156:
fffff802`1ad2b746 418b4678 mov eax,dword ptr [r14+78h] ds:002b:00000000`00000078=????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: sppsvc.exe
READ_ADDRESS: fffff8021b31d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000078
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000078
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffffab8d`814b5770 fffff802`1ad2b2a9 : 00000000`0000006c ffffab8d`814b59a0 ffff9b05`72214488 ffff9b05`722146c8 : nt!PfSnGetSectionObject+0x156
ffffab8d`814b58a0 fffff802`1a8b7bf5 : ffffbf88`a629cc70 ffffbf88`a78b8040 ffffbf88`a629cc70 fffff802`1b34aac0 : nt!PfSnPopulateReadList+0x2d9
ffffab8d`814b5a00 fffff802`1a94d487 : ffffbf88`a78b8040 00000000`0000006c ffffbf88`a78b8040 fffff802`1a8b7aa0 : nt!ExpWorkerThread+0x155
ffffab8d`814b5bf0 fffff802`1aa19f64 : fffff802`187fe180 ffffbf88`a78b8040 fffff802`1a94d430 00000000`00000000 : nt!PspSystemThreadStartup+0x57
ffffab8d`814b5c40 00000000`00000000 : ffffab8d`814b6000 ffffab8d`814b0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: nt!PfSnGetSectionObject+156
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.4317
STACK_COMMAND: .cxr 0xffffab8d814b4d50 ; kb
BUCKET_ID_FUNC_OFFSET: 156
FAILURE_BUCKET_ID: AV_nt!PfSnGetSectionObject
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e23ea2df-a915-d574-daa1-e257e931d113}
Followup: MachineOwner
Can anyone help me with the minidumps?
Facebook
Twitter
Instagram