Upon waking from hibernation, my system BSOD. Before putting it into hibernation I unloaded the minifilter I was testing. It fully unloaded. My driver is not in the stack trace (obviously because it was unloaded) but I’m pretty positive it has something to do with it because my system has never BSOD coming out of hibernation before. Here is the complete !analyze -v
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002cc1e9a, The address that the exception occurred at
Arg3: fffff88003124618, Exception Record Address
Arg4: fffff88003123e70, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!FsRtlLookupPerStreamContextInternal+7a
fffff800`02cc1e9a 48397010 cmp qword ptr [rax+10h],rsi
EXCEPTION_RECORD: fffff88003124618 – (.exr 0xfffff88003124618)
ExceptionAddress: fffff80002cc1e9a (nt!FsRtlLookupPerStreamContextInternal+0x000000000000007a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010
CONTEXT: fffff88003123e70 – (.cxr 0xfffff88003123e70)
rax=0000000000000000 rbx=fffffa8009b8a810 rcx=0000000000000000
rdx=fffffa8009b8a848 rsi=fffffa80074be1f0 rdi=0000000000000000
rip=fffff80002cc1e9a rsp=fffff88003124850 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8007f960b0 r10=0000000000000000
r11=fffff88003124840 r12=0000000000000000 r13=0000000000000001
r14=fffffa8008c1b5e0 r15=fffff88003124a90
iopl=0 nv up ei pl nz ac po cy
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010217
nt!FsRtlLookupPerStreamContextInternal+0x7a:
fffff80002cc1e9a 48397010 cmp qword ptr [rax+10h],rsi ds:002b:0000000000000010=???
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000010
READ_ADDRESS: 0000000000000010
FOLLOWUP_IP:
nt!FsRtlLookupPerStreamContextInternal+7a
fffff800`02cc1e9a 48397010 cmp qword ptr [rax+10h],rsi
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff880010e8aae to fffff80002cc1e9a
STACK_TEXT:
fffff88003124850 fffff880010e8aae : fffffa8008c1b860 fffffa80074be1f0 fffffa80085ae980 fffff88001209f33 : nt!FsRtlLookupPerStreamContextInternal+0x7a
fffff88003124890 fffff880010e62a2 : fffffa80074be1f0 0000000000000000 fffffa8000000001 0000000000001000 : fltmgr!FltpGetStreamListCtrl+0x8e
fffff880031248f0 fffff880010e7329 : fffff88003124a00 0000000000000002 fffffa800a50f300 fffff8a003610400 : fltmgr!FltpPerformPreCallbacks+0x532
fffff880031249f0 fffff880010e56c7 : fffffa80074bdb40 fffffa800a50f300 fffffa80050e3e40 0000000000000000 : fltmgr!FltpPassThrough+0x2d9
fffff88003124a70 fffff80002f773ce : fffffa8009615790 fffffa8009a22160 fffff8a00361ba00 fffffa800a50f300 : fltmgr!FltpDispatch+0xb7
fffff88003124ad0 fffff80002c82e54 : 0000000000000001 0000000000000000 fffffa8004ec5c90 0000000000000000 : nt!IopDeleteFile+0x11e
fffff88003124b60 fffff80002f19a01 : 0000000000000000 0000000000084081 fffffa8006ec8010 fffffa8007d38a70 : nt!ObfDereferenceObject+0xd4
fffff88003124bc0 fffff80002cc6311 : fffffa8006ec8018 0000000000000001 0000000000000000 0000000000000631 : nt!MiSegmentDelete+0xa1
fffff88003124c00 fffff80002cc61d5 : 0000000000000000 0000000000000080 fffffa8004eb6450 0000000000000012 : nt!MiProcessDereferenceList+0x131
fffff88003124cc0 fffff80002f1573a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!MiDereferenceSegmentThread+0x10d
fffff88003124d40 fffff80002c6a8e6 : fffff80002df4e80 fffffa8004ed9040 fffff80002e02cc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a
fffff88003124d80 0000000000000000 : fffff88003125000 fffff8800311f000 fffff88003124500 0000000000000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!FsRtlLookupPerStreamContextInternal+7a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 53b9f073
STACK_COMMAND: .cxr 0xfffff88003123e70 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!FsRtlLookupPerStreamContextInternal+7a
BUCKET_ID: X64_0x7E_nt!FsRtlLookupPerStreamContextInternal+7a
Followup: MachineOwner
0: kd> .cxr 0xfffff88003123e70 ; kb
rax=0000000000000000 rbx=fffffa8009b8a810 rcx=0000000000000000
rdx=fffffa8009b8a848 rsi=fffffa80074be1f0 rdi=0000000000000000
rip=fffff80002cc1e9a rsp=fffff88003124850 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8007f960b0 r10=0000000000000000
r11=fffff88003124840 r12=0000000000000000 r13=0000000000000001
r14=fffffa8008c1b5e0 r15=fffff88003124a90
iopl=0 nv up ei pl nz ac po cy
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010217
nt!FsRtlLookupPerStreamContextInternal+0x7a:
fffff80002cc1e9a 48397010 cmp qword ptr [rax+10h],rsi ds:002b:0000000000000010=???
*** Stack trace for last set context - .thread/.cxr resets it
RetAddr : Args to Child : Call Site
fffff880010e8aae : fffffa8008c1b860 fffffa80074be1f0 fffffa80085ae980 fffff88001209f33 : nt!FsRtlLookupPerStreamContextInternal+0x7a fffff880010e62a2 : fffffa80074be1f0 0000000000000000 fffffa8000000001 0000000000001000 : fltmgr!FltpGetStreamListCtrl+0x8e
fffff880010e7329 : fffff88003124a00 0000000000000002 fffffa800a50f300 fffff8a003610400 : fltmgr!FltpPerformPreCallbacks+0x532 fffff880010e56c7 : fffffa80074bdb40 fffffa800a50f300 fffffa80050e3e40 0000000000000000 : fltmgr!FltpPassThrough+0x2d9
fffff80002f773ce : fffffa8009615790 fffffa8009a22160 fffff8a00361ba00 fffffa800a50f300 : fltmgr!FltpDispatch+0xb7 fffff80002c82e54 : 0000000000000001 0000000000000000 fffffa8004ec5c90 0000000000000000 : nt!IopDeleteFile+0x11e
fffff80002f19a01 : 0000000000000000 0000000000084081 fffffa8006ec8010 fffffa8007d38a70 : nt!ObfDereferenceObject+0xd4 fffff80002cc6311 : fffffa8006ec8018 0000000000000001 0000000000000000 0000000000000631 : nt!MiSegmentDelete+0xa1
fffff80002cc61d5 : 0000000000000000 0000000000000080 fffffa8004eb6450 0000000000000012 : nt!MiProcessDereferenceList+0x131 fffff80002f1573a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!MiDereferenceSegmentThread+0x10d
fffff80002c6a8e6 : fffff80002df4e80 fffffa8004ed9040 fffff80002e02cc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a 0000000000000000 : fffff88003125000 fffff8800311f000 fffff88003124500 0000000000000000 : nt!KxStartSystemThread+0x16