A
ahmedsaf
Guest
I just left my laptop locked (Win+L thing) and came back and found that it shut down and restarted while I wasn't there.
Here's the minidump:
*******************************************************************************
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\030221-15031-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`47c00000 PsLoadedModuleList = 0xfffff807`4882a390
Debug session time: Tue Mar 2 23:00:27.751 2021 (UTC + 4:00)
System Uptime: 3 days 0:25:24.393
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`47ff5a80 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc707`7a26e1f0=000000000000007e
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80748349c5c, The address that the exception occurred at
Arg3: ffffc7077a26f1e8, Exception Record Address
Arg4: ffffc7077a26ea20, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 6436
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-LLVOKPP
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 27569
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80748349c5c
BUGCHECK_P3: ffffc7077a26f1e8
BUGCHECK_P4: ffffc7077a26ea20
EXCEPTION_RECORD: ffffc7077a26f1e8 -- (.exr 0xffffc7077a26f1e8)
ExceptionAddress: fffff80748349c5c (nt!RtlpCopyRangeListEntry+0x000000000000002c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000100bffffdb
Attempt to read from address 000000100bffffdb
CONTEXT: ffffc7077a26ea20 -- (.cxr 0xffffc7077a26ea20)
rax=ffffe10a00364ae0 rbx=ffffe10a00364ae0 rcx=0000000000000028
rdx=0000000000000000 rsi=000000100bffffdb rdi=ffffe109f159fed0
rip=fffff80748349c5c rsp=ffffc7077a26f420 rbp=ffffc7077a26f560
r8=0000000000000fff r9=00000000000006d0 r10=00000000656c5252
r11=0000000000001001 r12=0000000000000001 r13=0000000000000005
r14=ffffc7077a26f540 r15=ffffe109f18e6390
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!RtlpCopyRangeListEntry+0x2c:
fffff807`48349c5c 0f1006 movups xmm0,xmmword ptr [rsi] ds:002b:00000010`0bffffdb=????????????????????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff807488fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8074880f330: Unable to get Flags value from nt!KdVersionBlock
fffff8074880f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
000000100bffffdb
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000100bffffdb
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffffc707`7a26f420 fffff807`48349be1 : ffffe109`f159fc30 00000010`0bffffdb ffffe109`f159fed0 fffff807`4c5a1620 : nt!RtlpCopyRangeListEntry+0x2c
ffffc707`7a26f450 fffff807`483498f8 : fffff807`48844360 00000000`00000000 ffffe10a`22587844 00000000`00000005 : nt!RtlCopyRangeList+0x41
ffffc707`7a26f480 fffff807`4835c848 : fffff807`48844360 ffffc707`7a26f560 00000000`00000000 fffff807`4c5a1600 : nt!ArbTestAllocation+0x38
ffffc707`7a26f4d0 fffff807`4833ad8e : ffffe109`f18daa10 00000000`00000000 ffffe109`f0c00100 00000000`00000002 : nt!ArbArbiterHandler+0x68
ffffc707`7a26f510 fffff807`48339a96 : ffffb50e`f9fdd7f0 ffffb50f`10f03750 ffffe10a`22587840 00000000`00000000 : nt!IopCallArbiter+0xca
ffffc707`7a26f570 fffff807`4833bdba : 00000000`00000000 ffffb50f`00000001 ffffb50e`00000000 ffffb50f`10f03750 : nt!PnpReleaseResourcesInternal+0x122
ffffc707`7a26f640 fffff807`4833bf0a : fffff807`48844b00 00000000`00000004 00000000`00000000 ffffb50f`0a9f3200 : nt!IopReleaseResources+0xe
ffffc707`7a26f670 fffff807`4833405c : ffffe10a`ffffffff ffffb50e`f9e78e10 ffffb50f`10f03750 00000000`00000000 : nt!IopLegacyResourceAllocation+0xb6
ffffc707`7a26f730 fffff807`48336e55 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000308 : nt!IopReleaseDeviceResources+0xa4
ffffc707`7a26f7c0 fffff807`48333e6c : ffffb50f`10f03750 00000000`00000000 00000000`00000000 fffff807`48333db3 : nt!PnpSurpriseRemoveLockedDeviceNode+0xc9
ffffc707`7a26f820 fffff807`48333b67 : ffffb50f`10f03750 ffffc707`7a26f8a0 00000000`00000000 fffff807`483338a0 : nt!PnpDeleteLockedDeviceNode+0x88
ffffc707`7a26f860 fffff807`483329a6 : ffffb50f`2546c320 00000004`00000002 00000000`00000000 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xf7
ffffc707`7a26f8e0 fffff807`48330b27 : ffffc707`7a26fa20 ffffb50f`10f03700 ffffc707`7a26fa00 ffffe10a`00000002 : nt!PnpProcessQueryRemoveAndEject+0x1da
ffffc707`7a26f9c0 fffff807`4830a41e : ffffe109`fdc7c120 ffffe10a`032c3d80 ffffb50e`f9ea0a00 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0xeb
ffffc707`7a26f9f0 fffff807`47e25975 : ffffb50f`1a27b040 ffffb50f`1a27b040 ffffb50e`f9ea0a20 ffffb50f`22c9aa60 : nt!PnpDeviceEventWorker+0x2ce
ffffc707`7a26fa70 fffff807`47f17e25 : ffffb50f`1a27b040 00000000`00000080 ffffb50e`f9eb60c0 00000000`00000001 : nt!ExpWorkerThread+0x105
ffffc707`7a26fb10 fffff807`47ffd0d8 : ffff8b00`caad5180 ffffb50f`1a27b040 fffff807`47f17dd0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffc707`7a26fb60 00000000`00000000 : ffffc707`7a270000 ffffc707`7a269000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!RtlpCopyRangeListEntry+2c
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.804
STACK_COMMAND: .cxr 0xffffc7077a26ea20 ; kb
BUCKET_ID_FUNC_OFFSET: 2c
FAILURE_BUCKET_ID: AV_nt!RtlpCopyRangeListEntry
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {85eeb152-7b61-2f76-d730-13cf3c82e111}
Followup: MachineOwner
---------
*******************************************************************************
Yes I already did MemTest for multiple runs and sfc /scannnow and all that stuff and found no issues and I'm sure the actual culprit can't be ACPI.sys since it's a system driver but I don't know what is actually causing the BSOD.
Continue reading...
Here's the minidump:
*******************************************************************************
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\030221-15031-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`47c00000 PsLoadedModuleList = 0xfffff807`4882a390
Debug session time: Tue Mar 2 23:00:27.751 2021 (UTC + 4:00)
System Uptime: 3 days 0:25:24.393
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`47ff5a80 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc707`7a26e1f0=000000000000007e
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80748349c5c, The address that the exception occurred at
Arg3: ffffc7077a26f1e8, Exception Record Address
Arg4: ffffc7077a26ea20, Context Record Address
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : AV.Fault
Value: Read
Key : Analysis.CPU.mSec
Value: 6436
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-LLVOKPP
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 27569
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 7e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80748349c5c
BUGCHECK_P3: ffffc7077a26f1e8
BUGCHECK_P4: ffffc7077a26ea20
EXCEPTION_RECORD: ffffc7077a26f1e8 -- (.exr 0xffffc7077a26f1e8)
ExceptionAddress: fffff80748349c5c (nt!RtlpCopyRangeListEntry+0x000000000000002c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000100bffffdb
Attempt to read from address 000000100bffffdb
CONTEXT: ffffc7077a26ea20 -- (.cxr 0xffffc7077a26ea20)
rax=ffffe10a00364ae0 rbx=ffffe10a00364ae0 rcx=0000000000000028
rdx=0000000000000000 rsi=000000100bffffdb rdi=ffffe109f159fed0
rip=fffff80748349c5c rsp=ffffc7077a26f420 rbp=ffffc7077a26f560
r8=0000000000000fff r9=00000000000006d0 r10=00000000656c5252
r11=0000000000001001 r12=0000000000000001 r13=0000000000000005
r14=ffffc7077a26f540 r15=ffffe109f18e6390
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!RtlpCopyRangeListEntry+0x2c:
fffff807`48349c5c 0f1006 movups xmm0,xmmword ptr [rsi] ds:002b:00000010`0bffffdb=????????????????????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
READ_ADDRESS: fffff807488fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8074880f330: Unable to get Flags value from nt!KdVersionBlock
fffff8074880f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
000000100bffffdb
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000100bffffdb
EXCEPTION_STR: 0xc0000005
STACK_TEXT:
ffffc707`7a26f420 fffff807`48349be1 : ffffe109`f159fc30 00000010`0bffffdb ffffe109`f159fed0 fffff807`4c5a1620 : nt!RtlpCopyRangeListEntry+0x2c
ffffc707`7a26f450 fffff807`483498f8 : fffff807`48844360 00000000`00000000 ffffe10a`22587844 00000000`00000005 : nt!RtlCopyRangeList+0x41
ffffc707`7a26f480 fffff807`4835c848 : fffff807`48844360 ffffc707`7a26f560 00000000`00000000 fffff807`4c5a1600 : nt!ArbTestAllocation+0x38
ffffc707`7a26f4d0 fffff807`4833ad8e : ffffe109`f18daa10 00000000`00000000 ffffe109`f0c00100 00000000`00000002 : nt!ArbArbiterHandler+0x68
ffffc707`7a26f510 fffff807`48339a96 : ffffb50e`f9fdd7f0 ffffb50f`10f03750 ffffe10a`22587840 00000000`00000000 : nt!IopCallArbiter+0xca
ffffc707`7a26f570 fffff807`4833bdba : 00000000`00000000 ffffb50f`00000001 ffffb50e`00000000 ffffb50f`10f03750 : nt!PnpReleaseResourcesInternal+0x122
ffffc707`7a26f640 fffff807`4833bf0a : fffff807`48844b00 00000000`00000004 00000000`00000000 ffffb50f`0a9f3200 : nt!IopReleaseResources+0xe
ffffc707`7a26f670 fffff807`4833405c : ffffe10a`ffffffff ffffb50e`f9e78e10 ffffb50f`10f03750 00000000`00000000 : nt!IopLegacyResourceAllocation+0xb6
ffffc707`7a26f730 fffff807`48336e55 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000308 : nt!IopReleaseDeviceResources+0xa4
ffffc707`7a26f7c0 fffff807`48333e6c : ffffb50f`10f03750 00000000`00000000 00000000`00000000 fffff807`48333db3 : nt!PnpSurpriseRemoveLockedDeviceNode+0xc9
ffffc707`7a26f820 fffff807`48333b67 : ffffb50f`10f03750 ffffc707`7a26f8a0 00000000`00000000 fffff807`483338a0 : nt!PnpDeleteLockedDeviceNode+0x88
ffffc707`7a26f860 fffff807`483329a6 : ffffb50f`2546c320 00000004`00000002 00000000`00000000 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xf7
ffffc707`7a26f8e0 fffff807`48330b27 : ffffc707`7a26fa20 ffffb50f`10f03700 ffffc707`7a26fa00 ffffe10a`00000002 : nt!PnpProcessQueryRemoveAndEject+0x1da
ffffc707`7a26f9c0 fffff807`4830a41e : ffffe109`fdc7c120 ffffe10a`032c3d80 ffffb50e`f9ea0a00 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0xeb
ffffc707`7a26f9f0 fffff807`47e25975 : ffffb50f`1a27b040 ffffb50f`1a27b040 ffffb50e`f9ea0a20 ffffb50f`22c9aa60 : nt!PnpDeviceEventWorker+0x2ce
ffffc707`7a26fa70 fffff807`47f17e25 : ffffb50f`1a27b040 00000000`00000080 ffffb50e`f9eb60c0 00000000`00000001 : nt!ExpWorkerThread+0x105
ffffc707`7a26fb10 fffff807`47ffd0d8 : ffff8b00`caad5180 ffffb50f`1a27b040 fffff807`47f17dd0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffc707`7a26fb60 00000000`00000000 : ffffc707`7a270000 ffffc707`7a269000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!RtlpCopyRangeListEntry+2c
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.804
STACK_COMMAND: .cxr 0xffffc7077a26ea20 ; kb
BUCKET_ID_FUNC_OFFSET: 2c
FAILURE_BUCKET_ID: AV_nt!RtlpCopyRangeListEntry
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {85eeb152-7b61-2f76-d730-13cf3c82e111}
Followup: MachineOwner
---------
*******************************************************************************
Yes I already did MemTest for multiple runs and sfc /scannnow and all that stuff and found no issues and I'm sure the actual culprit can't be ACPI.sys since it's a system driver but I don't know what is actually causing the BSOD.
Continue reading...