1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002021b81, The address that the exception occurred at
Arg3: fffffa60015dc798, Exception Record Address
Arg4: fffffa60015dc170, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!IopFreeRelationList+21
fffff800`02021b81 488b3e mov rdi,qword ptr [rsi]
EXCEPTION_RECORD: fffffa60015dc798 -- (.exr 0xfffffa60015dc798)
ExceptionAddress: fffff80002021b81 (nt!IopFreeRelationList+0x0000000000000021)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010
CONTEXT: fffffa60015dc170 -- (.cxr 0xfffffa60015dc170)
rax=fffffa800249e701 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800249e701 rsi=0000000000000010 rdi=0000000000000000
rip=fffff80002021b81 rsp=fffffa60015dc9d0 rbp=0000000000000000
r8=fffffa8002f60a40 r9=50005d9ad2000000 r10=0000000000000000
r11=00000000000007ff r12=fffff80001e53b20 r13=fffffa8002f0a6b0
r14=0000000000000000 r15=0000000000000005
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!IopFreeRelationList+0x21:
fffff800`02021b81 488b3e mov rdi,qword ptr [rsi] ds:002b:00000000`00000010=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 2
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000010
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001e80080
0000000000000010
FOLLOWUP_IP:
nt!IopFreeRelationList+21
fffff800`02021b81 488b3e mov rdi,qword ptr [rsi]
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff8000208b417 to fffff80002021b81
STACK_TEXT:
fffffa60`015dc9d0 fffff800`0208b417 : fffffa80`02f60a40 00000000`00000001 fffffa80`02e994a0 fffff800`01ebf38c : nt!IopFreeRelationList+0x21
fffffa60`015dca10 fffff800`0208b555 : fffffa80`02f60a40 fffffa80`02f0a6d0 fffffa80`02f0a6b0 00000000`00000004 : nt!PnpDelayedRemoveWorker+0x97
fffffa60`015dca60 fffff800`01d86c69 : 00000000`00000004 00000000`00000001 00000000`00000000 fffffa80`0497ade0 : nt!PnpChainDereferenceComplete+0x115
fffffa60`015dcaa0 fffff800`0208fd79 : 00000000`00000000 fffffa80`02e99400 fffffa80`02fa5400 00000000`00000001 : nt!PnpIsChainDereferenced+0xc9
fffffa60`015dcb20 fffff800`0208fffc : fffffa60`015dccf8 fffffa80`044f7900 fffffa80`0249e700 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xf99
fffffa60`015dcc70 fffff800`01f906c7 : 00000000`00000001 fffffa80`044f79b0 fffff880`0ce544f0 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffffa60`015dcca0 fffff800`01cb4e4a : fffff800`01ebc494 fffff880`0cc27c10 fffff800`01dea8f8 fffffa80`0249e720 : nt! ?? ::NNGAKEGL::`string'+0x4a314
fffffa60`015dccf0 fffff800`01ecc573 : fffffa80`044f79b0 00000000`00000000 fffffa80`0249e720 00000000`00000080 : nt!ExpWorkerThread+0x11a
fffffa60`015dcd50 fffff800`01ce3ff6 : fffffa60`005ec180 fffffa80`0249e720 fffffa60`005f5d40 00000000`00000001 : nt!PspSystemThreadStartup+0x57
fffffa60`015dcd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!IopFreeRelationList+21
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a67e1a0
STACK_COMMAND: .cxr 0xfffffa60015dc170 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!IopFreeRelationList+21
BUCKET_ID: X64_0x7E_nt!IopFreeRelationList+21
Followup: MachineOwner
---------
1: kd> vertarget
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.22477.amd64fre.vistasp1_ldr.090722-0700
Machine Name:
Kernel base = 0xfffff800`01c5b000 PsLoadedModuleList = 0xfffff800`01e1ddb0
Debug session time: Thu Sep 3 02:38:06.196 2009 (GMT+10)
System Uptime: 0 days 1:22:47.913
Install SP2 too. Then run a memory diagnostic. This was a memory violation as evidenced by the bigcheck strike of 07xE.