Hi guys, my problem is basically described in the headline. I think I am already aware pretty much what bug causes this, its some bug called ntkrnlmp.exe, probably linked to some problematic driver or something. I can copy you text from WinDbg diagnostics if someone will be able to tell me what exact driver probably causes that and what should I do. thanks for help
Microsoft (R) Windows Debugger Version 10.0.25111.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
[*]
[*]
[/LIST]
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80527071dad, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
[HEADING=1]Debugging Details:[/HEADING]
*** Either you specified an unqualified symbol, or your debugger ***
*** doesnβt have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing β.symopt- 100β. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: ExceptionRecord ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesnβt have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing β.symopt- 100β. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: ContextRecord ***
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
FILE_IN_CAB: 061222-6343-02.dmp
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80527071dad
BUGCHECK_P3: 0
BUGCHECK_P4: 0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: fffff805276fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 2
PROCESS_NAME: System
TRAP_FRAME: ffff800000000000 β (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffffb70c[ICODE]632a7058 fffff805[/ICODE]26e58647 : 00000000[ICODE]0000001e ffffffff[/ICODE]c0000005 fffff805[ICODE]27071dad 00000000[/ICODE]00000000 : nt!KeBugCheckEx
ffffb70c[ICODE]632a7060 fffff805[/ICODE]26e09dac : 00000000[ICODE]00001000 ffffb70c[/ICODE]632a7900 ffff8000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiDispatchException+0x17c417
ffffb70c[ICODE]632a7720 fffff805[/ICODE]26e05f43 : 00000000[ICODE]00000000 00000000[/ICODE]00000000 00000000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiExceptionDispatch+0x12c
ffffb70c[ICODE]632a7900 fffff805[/ICODE]27071dad : ffff9289[ICODE]66652040 00000000[/ICODE]00000000 00000000[ICODE]00000000 ffffa30b[/ICODE]7b500128 : nt!KiPageFault+0x443
ffffb70c[ICODE]632a7a90 fffff805[/ICODE]26fe2f52 : ffff9289[ICODE]66652040 00000000[/ICODE]00000000 ffff9289[ICODE]66652040 fffff805[/ICODE]26cbfed7 : nt!PspClearProcessThreadCidRefs+0x35
ffffb70c[ICODE]632a7ad0 fffff805[/ICODE]26fe0b83 : ffffba81[ICODE]00000000 ffffb70c[/ICODE]633b48c0 00000000[ICODE]000016c8 ffff9289[/ICODE]53746a60 : nt!PspExitThread+0x6a
ffffb70c[ICODE]632a7bd0 fffff805[/ICODE]26ceea8f : ffff9289[ICODE]66652040 00000000[/ICODE]00000080 fffff805[ICODE]26cbf9e0 000f8067[/ICODE]b4bbbdff : nt!PspTerminateThreadByPointer+0x53
ffffb70c[ICODE]632a7c10 fffff805[/ICODE]26dff3b8 : ffffba81[ICODE]ff940180 ffff9289[/ICODE]66652040 fffff805[ICODE]26ceea20 00000000[/ICODE]00000000 : nt!PspSystemThreadStartup+0x6f
ffffb70c[ICODE]632a7c60 00000000[/ICODE]00000000 : ffffb70c[ICODE]632a8000 ffffb70c[/ICODE]632a2000 00000000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!PspClearProcessThreadCidRefs+35
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.1706
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 35
FAILURE_BUCKET_ID: AV_R_nt!PspClearProcessThreadCidRefs
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d534b912-1607-e98a-2541-5d26c353249c}
Followup: MachineOwner[/code]
Microsoft (R) Windows Debugger Version 10.0.25111.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Code:
Loading Dump File [C:\Windows\Minidump\061222-6343-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (12 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff805[ICODE]26a00000 PsLoadedModuleList = 0xfffff805[/ICODE]2762a2b0 Debug session time: Sun Jun 12 03:05:04.463 2022 (UTC + 2:00) System Uptime: 0 days 1:25:55.098 Loading Kernel Symbols β¦ β¦ β¦ Loading User Symbols Loading unloaded module list β¦ For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff805[ICODE]26df7d60 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb70c[/ICODE]632a7060=000000000000001e 1: kd> !analyze -v [HR][/HR][LIST][*][CODE] *
Code:
Bugcheck Analysis *
Code:
*
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80527071dad, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
[HEADING=1]Debugging Details:[/HEADING]
*** Either you specified an unqualified symbol, or your debugger ***
*** doesnβt have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing β.symopt- 100β. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: ExceptionRecord ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesnβt have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing β.symopt- 100β. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: ContextRecord ***
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Code:
Key : Analysis.CPU.mSec Value: 3983 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 34849 Key : Analysis.Init.CPU.mSec Value: 342 Key : Analysis.Init.Elapsed.mSec Value: 2747 Key : Analysis.Memory.CommitPeak.Mb Value: 96 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff80527071dad
BUGCHECK_P3: 0
BUGCHECK_P4: 0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: fffff805276fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 2
PROCESS_NAME: System
TRAP_FRAME: ffff800000000000 β (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffffb70c[ICODE]632a7058 fffff805[/ICODE]26e58647 : 00000000[ICODE]0000001e ffffffff[/ICODE]c0000005 fffff805[ICODE]27071dad 00000000[/ICODE]00000000 : nt!KeBugCheckEx
ffffb70c[ICODE]632a7060 fffff805[/ICODE]26e09dac : 00000000[ICODE]00001000 ffffb70c[/ICODE]632a7900 ffff8000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiDispatchException+0x17c417
ffffb70c[ICODE]632a7720 fffff805[/ICODE]26e05f43 : 00000000[ICODE]00000000 00000000[/ICODE]00000000 00000000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiExceptionDispatch+0x12c
ffffb70c[ICODE]632a7900 fffff805[/ICODE]27071dad : ffff9289[ICODE]66652040 00000000[/ICODE]00000000 00000000[ICODE]00000000 ffffa30b[/ICODE]7b500128 : nt!KiPageFault+0x443
ffffb70c[ICODE]632a7a90 fffff805[/ICODE]26fe2f52 : ffff9289[ICODE]66652040 00000000[/ICODE]00000000 ffff9289[ICODE]66652040 fffff805[/ICODE]26cbfed7 : nt!PspClearProcessThreadCidRefs+0x35
ffffb70c[ICODE]632a7ad0 fffff805[/ICODE]26fe0b83 : ffffba81[ICODE]00000000 ffffb70c[/ICODE]633b48c0 00000000[ICODE]000016c8 ffff9289[/ICODE]53746a60 : nt!PspExitThread+0x6a
ffffb70c[ICODE]632a7bd0 fffff805[/ICODE]26ceea8f : ffff9289[ICODE]66652040 00000000[/ICODE]00000080 fffff805[ICODE]26cbf9e0 000f8067[/ICODE]b4bbbdff : nt!PspTerminateThreadByPointer+0x53
ffffb70c[ICODE]632a7c10 fffff805[/ICODE]26dff3b8 : ffffba81[ICODE]ff940180 ffff9289[/ICODE]66652040 fffff805[ICODE]26ceea20 00000000[/ICODE]00000000 : nt!PspSystemThreadStartup+0x6f
ffffb70c[ICODE]632a7c60 00000000[/ICODE]00000000 : ffffb70c[ICODE]632a8000 ffffb70c[/ICODE]632a2000 00000000[ICODE]00000000 00000000[/ICODE]00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!PspClearProcessThreadCidRefs+35
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.1706
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 35
FAILURE_BUCKET_ID: AV_R_nt!PspClearProcessThreadCidRefs
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d534b912-1607-e98a-2541-5d26c353249c}
Followup: MachineOwner[/code]
Comment