Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSOD on win10 #2300

Closed
eaglesharkmayonnaise opened this issue Nov 29, 2024 · 11 comments
Closed

BSOD on win10 #2300

eaglesharkmayonnaise opened this issue Nov 29, 2024 · 11 comments
Assignees
@jxy-s
Labels
bug needs more information

Comments

@eaglesharkmayonnaise
Copy link

Brief description of your issue

8: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff801bb4f2700, Address of the instruction which caused the BugCheck
Arg3: ffff8087b460e0c0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

SYMSRV:  BYINDEX: 0x1F5
         d:\Symbols*https://msdl.microsoft.com/download/symbols
         SystemInformer.sys
         34BA8EA044000
SYMSRV:  BYINDEX: 0x1F5
         d:\Symbols*https://msdl.microsoft.com/download/symbols
         SystemInformer.sys
         34BA8EA044000
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\SystemInformer.sys - path not found
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\SystemInformer.sys - path not found
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\SystemInformer.sy_ - path not found
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\SystemInformer.sy_ - path not found
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\file.ptr - path not found
SYMSRV:  UNC: d:\Symbols\SystemInformer.sys\34BA8EA044000\file.ptr - path not found
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/SystemInformer.sys
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/SystemInformer.sys
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/SystemInformer.sy_
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/SystemInformer.sy_
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/file.ptr
SYMSRV:  HTTPGET: /download/symbols/SystemInformer.sys/34BA8EA044000/file.ptr
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  HttpQueryInfo: 800C0194
SYMSRV:  RESULT: 0x80190194
SYMSRV:  RESULT: 0x80190194

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1125

    Key  : Analysis.Elapsed.mSec
    Value: 3367

    Key  : Analysis.IO.Other.Mb
    Value: 54

    Key  : Analysis.IO.Read.Mb
    Value: 18

    Key  : Analysis.IO.Write.Mb
    Value: 70

    Key  : Analysis.Init.CPU.mSec
    Value: 10796

    Key  : Analysis.Init.Elapsed.mSec
    Value: 53927371

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 315

    Key  : Analysis.Version.DbgEng
    Value: 10.0.27725.1000

    Key  : Analysis.Version.Description
    Value: 10.2408.27.01 amd64fre

    Key  : Analysis.Version.Ext
    Value: 1.2408.27.1

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x3b

    Key  : Bugcheck.Code.TargetModel
    Value: 0x3b

    Key  : Dump.Attributes.AsUlong
    Value: 8

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Failure.Bucket
    Value: AV_SystemInformer!unknown_function

    Key  : Failure.Hash
    Value: {6f58ee4d-5f32-1513-3343-451d8a32cb68}


BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff801bb4f2700

BUGCHECK_P3: ffff8087b460e0c0

BUGCHECK_P4: 0

FILE_IN_CAB:  112824-8671-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

FAULTING_THREAD:  ffffbe073e462080

CONTEXT:  ffff8087b460e0c0 -- (.cxr 0xffff8087b460e0c0)
rax=000000000000005c rbx=ffffbe0747a32110 rcx=0063007300650044
rdx=00000000746c6644 rsi=000000000000002e rdi=00000000c0000023
rip=fffff801bb4f2700 rsp=ffff8087b460eac0 rbp=ffff8483c70f65cc
 r8=00000000ffffffff  r9=7fff8483aae505b0 r10=7ffffffffffffffc
r11=0069007600650044 r12=0000000000000210 r13=0000000000000068
r14=0000000000000000 r15=ffff8483c70f65a0
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
SystemInformer+0x32700:
fffff801`bb4f2700 f7415000400000  test    dword ptr [rcx+50h],4000h ds:002b:00630073`00650094=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  SystemInformer

STACK_TEXT:  
ffff8087`b460eac0 ffffbe07`47a32110     : 00000000`304f704b 00000000`00000001 00000000`00000000 ffff8087`b460edb8 : SystemInformer+0x32700
ffff8087`b460eac8 00000000`304f704b     : 00000000`00000001 00000000`00000000 ffff8087`b460edb8 00000000`00000000 : 0xffffbe07`47a32110
ffff8087`b460ead0 00000000`00000001     : 00000000`00000000 ffff8087`b460edb8 00000000`00000000 00000000`0000002e : 0x304f704b
ffff8087`b460ead8 00000000`00000000     : ffff8087`b460edb8 00000000`00000000 00000000`0000002e ffff9bf1`3622f567 : 0x1


SYMBOL_NAME:  SystemInformer+32700

MODULE_NAME: SystemInformer

IMAGE_NAME:  SystemInformer.sys

STACK_COMMAND:  .cxr 0xffff8087b460e0c0 ; kb

BUCKET_ID_FUNC_OFFSET:  32700

FAILURE_BUCKET_ID:  AV_SystemInformer!unknown_function

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {6f58ee4d-5f32-1513-3343-451d8a32cb68}

Followup:     MachineOwner
---------

image

Steps to reproduce (optional)

No response

Expected behavior (optional)

No response

Actual behavior (optional)

No response

Environment (optional)

No response
@jxy-s jxy-s self-assigned this Nov 29, 2024
@jxy-s jxy-s added bug and removed needs-triage labels Nov 29, 2024
@jxy-s
Copy link
Member

jxy-s commented Nov 29, 2024
edited
Loading

The crash is occurring here:

systeminformer/KSystemInformer/object.c

Lines 787 to 798 in c5e25ca

do
{
if (FlagOn(relatedFileObject->Flags, FO_CLEANUP_COMPLETE))
{
break;
}
subNameLength += relatedFileObject->FileName.Length;
relatedFileObject = relatedFileObject->RelatedFileObject;
} while (relatedFileObject);

Specifically, trying to de-reference the RelatedFileObject to check the Flags at 0x0063007300650094. That address is completely nonsensical for a file object. We've encountered issues with this logic in the past. Technically this field shouldn't be accessed in this context. This logic should probably be removed at this point, it's a carryover fallback routine from the old driver.

That said, I would like to understand the full chain of file objects in this context. If you have the dump file could you please email it to me?

@eaglesharkmayonnaise
Copy link
Author

The crash file has 11G size and I can't upload it

@jxy-s
Copy link
Member

jxy-s commented Nov 29, 2024

Understood. If willing, start an email thread with me and we can work out logistics or I can provide you with some commands to run in the debugger to get me the information. Otherwise, no worries I'll make a decision on what to do here without the additional information.

Keep in mind the dump file contains sensitive information from your system. Please don't upload it somewhere insecure.

@eaglesharkmayonnaise
Copy link
Author

What information do you need to see? I can run the command and send it here

@jxy-s
Copy link
Member

jxy-s commented Nov 29, 2024
edited
Loading

The register rbx holds the original input file object here. I would like the following commands run. You should see similar output. First let's confirm rbx is what it should be:

!object @rbx
Object: ffff8c045499e3f0  Type: (ffff8c044c5cf380) File
    ObjectHeader: ffff8c045499e3c0 (new version)
    HandleCount: 1  PointerCount: 32769
    Directory Object: 00000000  Name: TxfLog {clfs}

Then let's inspect each file object in the chain of related file object. Starting with the first one at rbx. You can use -r# in the command to get to the eventual ending bad pointer file object. That's probably the simplest for you here. Keep incrementing the # (below I use -r3) until you see the value 0x0063007300650094 in the RelatedFileObject.

dx -r3 (nt!_FILE_OBJECT*)@rbx,!
(nt!_FILE_OBJECT*)@rbx,!                 : 0xffff8c045499e3f0 : "TxfLog" - Device for "\Driver\CLFS" [Type: _FILE_OBJECT *]
    [+0x000] Type             : 5 [Type: short]
    [+0x002] Size             : 216 [Type: short]
    [+0x008] DeviceObject     : 0xffff8c04502e4d40 : Device for "\Driver\CLFS" [Type: _DEVICE_OBJECT *]
        [+0x000] Type             : 3 [Type: short]
<CUT>
    [+0x030] PrivateCacheMap  : 0xffff8c045278c9b0 [Type: void *]
    [+0x038] FinalStatus      : 0 [Type: long]
    [+0x040] RelatedFileObject : 0xffff8c045499c450 : "\Device\HarddiskVolume4\$Extend\$RmMetadata\$TxfLog\$TxfLog" - Device for "\Driver\CLFS" [Type: _FILE_OBJECT *]
        [+0x000] Type             : 5 [Type: short]
        [+0x002] Size             : 216 [Type: short]
        [+0x008] DeviceObject     : 0xffff8c04502e4d40 : Device for "\Driver\CLFS" [Type: _DEVICE_OBJECT *]
            [+0x000] Type             : 3 [Type: short]
<CUT>

@eaglesharkmayonnaise
Copy link
Author

executing the !object @rbx command produces no output

8: kd> .cxr 0xffff8087b460e0c0
rax=000000000000005c rbx=ffffbe0747a32110 rcx=0063007300650044
rdx=00000000746c6644 rsi=000000000000002e rdi=00000000c0000023
rip=fffff801bb4f2700 rsp=ffff8087b460eac0 rbp=ffff8483c70f65cc
 r8=00000000ffffffff  r9=7fff8483aae505b0 r10=7ffffffffffffffc
r11=0069007600650044 r12=0000000000000210 r13=0000000000000068
r14=0000000000000000 r15=ffff8483c70f65a0
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
SystemInformer+0x32700:
fffff801`bb4f2700 f7415000400000  test    dword ptr [rcx+50h],4000h ds:002b:00630073`00650094=????????
8: kd> !object @rbx

8: kd> !object @rbx

@jxy-s
Copy link
Member

jxy-s commented Dec 3, 2024

executing the !object @rbx command produces no output

8: kd> .cxr 0xffff8087b460e0c0
rax=000000000000005c rbx=ffffbe0747a32110 rcx=0063007300650044
rdx=00000000746c6644 rsi=000000000000002e rdi=00000000c0000023
rip=fffff801bb4f2700 rsp=ffff8087b460eac0 rbp=ffff8483c70f65cc
 r8=00000000ffffffff  r9=7fff8483aae505b0 r10=7ffffffffffffffc
r11=0069007600650044 r12=0000000000000210 r13=0000000000000068
r14=0000000000000000 r15=ffff8483c70f65a0
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
SystemInformer+0x32700:
fffff801`bb4f2700 f7415000400000  test    dword ptr [rcx+50h],4000h ds:002b:00630073`00650094=????????
8: kd> !object @rbx

8: kd> !object @rbx

Hm... Try .reload. Or just replace @rbx with its value (ffffbe0747a32110).

@eaglesharkmayonnaise
Copy link
Author

Still no output

8: kd> .reload
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
................................................................
....................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000001`7c429018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
8: kd> !object ffffbe0747a32110 

8: kd>  .cxr 0xffff8087b460e0c0
rax=000000000000005c rbx=ffffbe0747a32110 rcx=0063007300650044
rdx=00000000746c6644 rsi=000000000000002e rdi=00000000c0000023
rip=fffff801bb4f2700 rsp=ffff8087b460eac0 rbp=ffff8483c70f65cc
 r8=00000000ffffffff  r9=7fff8483aae505b0 r10=7ffffffffffffffc
r11=0069007600650044 r12=0000000000000210 r13=0000000000000068
r14=0000000000000000 r15=ffff8483c70f65a0
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
SystemInformer+0x32700:
fffff801`bb4f2700 f7415000400000  test    dword ptr [rcx+50h],4000h ds:002b:00630073`00650094=????????
8: kd>  !object ffffbe0747a32110

@jxy-s
Copy link
Member

jxy-s commented Dec 5, 2024

What does dx -r3 (nt!_FILE_OBJECT*)0xffffbe0747a32110,! have to say?

@eaglesharkmayonnaise
Copy link
Author

eaglesharkmayonnaise commented Dec 5, 2024
edited
Loading

show/hide 
8: kd> dx -r3 (nt!_FILE_OBJECT*)0xffffbe0747a32110,!
(nt!_FILE_OBJECT*)0xffffbe0747a32110,!                 : 0xffffbe0747a32110 [Type: _FILE_OBJECT *]
    [+0x000] Type             : Unable to read memory at Address 0xffffbe0747a32110
    [+0x002] Size             : Unable to read memory at Address 0xffffbe0747a32112
    [+0x008] DeviceObject     : Unable to read memory at Address 0xffffbe0747a32118
    [+0x010] Vpb              : Unable to read memory at Address 0xffffbe0747a32120
    [+0x018] FsContext        : Unable to read memory at Address 0xffffbe0747a32128
    [+0x020] FsContext2       : Unable to read memory at Address 0xffffbe0747a32130
    [+0x028] SectionObjectPointer : Unable to read memory at Address 0xffffbe0747a32138
    [+0x030] PrivateCacheMap  : Unable to read memory at Address 0xffffbe0747a32140
    [+0x038] FinalStatus      : Unable to read memory at Address 0xffffbe0747a32148
    [+0x040] RelatedFileObject : Unable to read memory at Address 0xffffbe0747a32150
    [+0x048] LockOperation    : Unable to read memory at Address 0xffffbe0747a32158
    [+0x049] DeletePending    : Unable to read memory at Address 0xffffbe0747a32159
    [+0x04a] ReadAccess       : Unable to read memory at Address 0xffffbe0747a3215a
    [+0x04b] WriteAccess      : Unable to read memory at Address 0xffffbe0747a3215b
    [+0x04c] DeleteAccess     : Unable to read memory at Address 0xffffbe0747a3215c
    [+0x04d] SharedRead       : Unable to read memory at Address 0xffffbe0747a3215d
    [+0x04e] SharedWrite      : Unable to read memory at Address 0xffffbe0747a3215e
    [+0x04f] SharedDelete     : Unable to read memory at Address 0xffffbe0747a3215f
    [+0x050] Flags            : Unable to read memory at Address 0xffffbe0747a32160
    [+0x058] FileName         [Type: _UNICODE_STRING]
        [+0x000] Length           : Unable to read memory at Address 0xffffbe0747a32168
        [+0x002] MaximumLength    : Unable to read memory at Address 0xffffbe0747a3216a
        [+0x008] Buffer           : Unable to read memory at Address 0xffffbe0747a32170
    [+0x068] CurrentByteOffset [Type: _LARGE_INTEGER]
        [+0x000] LowPart          : Unable to read memory at Address 0xffffbe0747a32178
        [+0x004] HighPart         : Unable to read memory at Address 0xffffbe0747a3217c
        [+0x000] u                [Type: <anonymous-tag>]
            [+0x000] LowPart          : Unable to read memory at Address 0xffffbe0747a32178
            [+0x004] HighPart         : Unable to read memory at Address 0xffffbe0747a3217c
        [+0x000] QuadPart         : Unable to read memory at Address 0xffffbe0747a32178
    [+0x070] Waiters          : Unable to read memory at Address 0xffffbe0747a32180
    [+0x074] Busy             : Unable to read memory at Address 0xffffbe0747a32184
    [+0x078] LastLock         : Unable to read memory at Address 0xffffbe0747a32188
    [+0x080] Lock             [Type: _KEVENT]
        [+0x000] Header           [Type: _DISPATCHER_HEADER]
            [+0x000] Lock             : Unable to read memory at Address 0xffffbe0747a32190
            [+0x000] LockNV           : Unable to read memory at Address 0xffffbe0747a32190
            [+0x000] Type             : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] Signalling       : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] Size             : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] Reserved1        : Unable to read memory at Address 0xffffbe0747a32193
            [+0x000] TimerType        : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] TimerControlFlags : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 0: 0)] Absolute         : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 1: 1)] Wake             : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 7: 2)] EncodedTolerableDelay : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] Hand             : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] TimerMiscFlags   : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 5: 0)] Index            : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 6: 6)] Inserted         : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 7: 7)] Expired          : Unable to read memory at Address 0xffffbe0747a32193
            [+0x000] Timer2Type       : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] Timer2Flags      : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 0: 0)] Timer2Inserted   : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 1: 1)] Timer2Expiring   : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 2: 2)] Timer2CancelPending : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 3: 3)] Timer2SetPending : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 4: 4)] Timer2Running    : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 5: 5)] Timer2Disabled   : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 7: 6)] Timer2ReservedFlags : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] Timer2ComponentId : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] Timer2RelativeId : Unable to read memory at Address 0xffffbe0747a32193
            [+0x000] QueueType        : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] QueueControlFlags : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 0: 0)] Abandoned        : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 1: 1)] DisableIncrement : Unable to read memory at Address 0xffffbe0747a32191
            [+0x001 ( 7: 2)] QueueReservedControlFlags : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] QueueSize        : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] QueueReserved    : Unable to read memory at Address 0xffffbe0747a32193
            [+0x000] ThreadType       : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] ThreadReserved   : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] ThreadControlFlags : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 0: 0)] CycleProfiling   : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 1: 1)] CounterProfiling : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 2: 2)] GroupScheduling  : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 3: 3)] AffinitySet      : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 4: 4)] Tagged           : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 5: 5)] EnergyProfiling  : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 6: 6)] SchedulerAssist  : Unable to read memory at Address 0xffffbe0747a32192
            [+0x002 ( 7: 7)] ThreadReservedControlFlags : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] DebugActive      : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 0: 0)] ActiveDR7        : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 1: 1)] Instrumented     : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 2: 2)] Minimal          : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 4: 3)] Reserved4        : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 5: 5)] AltSyscall       : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 6: 6)] UmsScheduled     : Unable to read memory at Address 0xffffbe0747a32193
            [+0x003 ( 7: 7)] UmsPrimary       : Unable to read memory at Address 0xffffbe0747a32193
            [+0x000] MutantType       : Unable to read memory at Address 0xffffbe0747a32190
            [+0x001] MutantSize       : Unable to read memory at Address 0xffffbe0747a32191
            [+0x002] DpcActive        : Unable to read memory at Address 0xffffbe0747a32192
            [+0x003] MutantReserved   : Unable to read memory at Address 0xffffbe0747a32193
            [+0x004] SignalState      : Unable to read memory at Address 0xffffbe0747a32194
            [+0x008] WaitListHead     [Type: _LIST_ENTRY]
    [+0x098] Event            [Type: _KEVENT]
        [+0x000] Header           [Type: _DISPATCHER_HEADER]
            [+0x000] Lock             : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x000] LockNV           : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x000] Type             : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] Signalling       : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] Size             : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] Reserved1        : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x000] TimerType        : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] TimerControlFlags : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 0: 0)] Absolute         : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 1: 1)] Wake             : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 7: 2)] EncodedTolerableDelay : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] Hand             : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] TimerMiscFlags   : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 5: 0)] Index            : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 6: 6)] Inserted         : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 7: 7)] Expired          : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x000] Timer2Type       : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] Timer2Flags      : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 0: 0)] Timer2Inserted   : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 1: 1)] Timer2Expiring   : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 2: 2)] Timer2CancelPending : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 3: 3)] Timer2SetPending : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 4: 4)] Timer2Running    : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 5: 5)] Timer2Disabled   : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 7: 6)] Timer2ReservedFlags : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] Timer2ComponentId : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] Timer2RelativeId : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x000] QueueType        : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] QueueControlFlags : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 0: 0)] Abandoned        : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 1: 1)] DisableIncrement : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x001 ( 7: 2)] QueueReservedControlFlags : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] QueueSize        : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] QueueReserved    : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x000] ThreadType       : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] ThreadReserved   : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] ThreadControlFlags : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 0: 0)] CycleProfiling   : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 1: 1)] CounterProfiling : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 2: 2)] GroupScheduling  : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 3: 3)] AffinitySet      : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 4: 4)] Tagged           : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 5: 5)] EnergyProfiling  : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 6: 6)] SchedulerAssist  : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x002 ( 7: 7)] ThreadReservedControlFlags : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] DebugActive      : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 0: 0)] ActiveDR7        : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 1: 1)] Instrumented     : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 2: 2)] Minimal          : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 4: 3)] Reserved4        : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 5: 5)] AltSyscall       : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 6: 6)] UmsScheduled     : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x003 ( 7: 7)] UmsPrimary       : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x000] MutantType       : Unable to read memory at Address 0xffffbe0747a321a8
            [+0x001] MutantSize       : Unable to read memory at Address 0xffffbe0747a321a9
            [+0x002] DpcActive        : Unable to read memory at Address 0xffffbe0747a321aa
            [+0x003] MutantReserved   : Unable to read memory at Address 0xffffbe0747a321ab
            [+0x004] SignalState      : Unable to read memory at Address 0xffffbe0747a321ac
            [+0x008] WaitListHead     [Type: _LIST_ENTRY]
    [+0x0b0] CompletionContext : Unable to read memory at Address 0xffffbe0747a321c0
    [+0x0b8] IrpListLock      : Unable to read memory at Address 0xffffbe0747a321c8
    [+0x0c0] IrpList          [Type: _LIST_ENTRY]
        [+0x000] Flink            : Unable to read memory at Address 0xffffbe0747a321d0
        [+0x008] Blink            : Unable to read memory at Address 0xffffbe0747a321d8
    [+0x0d0] FileObjectExtension : Unable to read memory at Address 0xffffbe0747a321e0

@jxy-s
Copy link
Member

jxy-s commented Dec 10, 2024

Thanks @eaglesharkmayonnaise, there is not sufficient information here to justify changing the code. If it happens again (or continues to happen) let me know and we can continue to investigate.

@jxy-s jxy-s closed this as completed Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jxy-s jxy-s

Labels
bug needs more information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jxy-s @eaglesharkmayonnaise