Hi,
I have query regarding crash dumps observed, system shows BSOD with BugCheck “INVALID_KERNEL_HANDLE (93)”,
Checked stacks for my driver threads but didn’t found any suspicious thread. observed crashes on different systems with same bugcheck but for different processes.
INVALID_KERNEL_HANDLE (93)
This message occurs if kernel code attempts to close or reference a handle
that is not a valid handle. Only invalid or protected handles passed to NtClose
will cause this bugcheck, unless bad handle detection is enabled.
Arguments:
Arg1: 00000000000004fc, The handle that was referenced
Arg2: fffff8a0000017f0,
Arg3: fffff8a001ff73f0
Arg4: 0000000000000001, The error occurred referencing an invalid kernel handle and
bad handle detection was enabled.
.
.
.
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x93
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: PUNE-DT-3001
ANALYSIS_SESSION_TIME: 01-05-2017 12:30:11.0449
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
LAST_CONTROL_TRANSFER: from fffff800082d6a33 to fffff8000807cbc0
STACK_TEXT:
fffff8800ca85378 fffff800
082d6a33 : 0000000000000093 00000000
000004fc fffff8a0000017f0 fffff8a0
01ff73f0 : nt!KeBugCheckEx
fffff8800ca85380 fffff800
083559c5 : 0000000000000000 fffff800
00000000 0000000000000000 fffff980
31986700 : nt! ?? ::NNGAKEGL::string'+0x20431 fffff880
0ca85450 fffff88008e4a6a6 : 00000000
00000002 0000000000000002 fffff980
00000440 0000000000000000 : nt!ObReferenceObjectByHandle+0x25 fffff880
0ca854a0 fffff88008e49d8d : 00000000
00000000 fffffa8003153480 fffffa80
035d17c0 fffff800080a090f : PROCEXP152+0x26a6 fffff880
0ca855f0 fffff88008e4a07f : 00000000
00000000 fffffa80099c6210 00000000
00000001 0000000000000001 : PROCEXP152+0x1d8d fffff880
0ca857c0 fffff80008525d26 : fffff980
04e2aee0 0000000000000002 fffffa80
051473e0 fffffa80038dc118 : PROCEXP152+0x207f fffff880
0ca85870 fffff800083993a7 : fffffa80
051473e0 fffff8800ca85b60 fffffa80
051473e0 fffffa80048c9010 : nt!IovCallDriver+0x566 fffff880
0ca858d0 fffff80008399c06 : fffffa80
04ffd060 0000000000000000 00000000
00000000 0000000000000000 : nt!IopXxxControlFile+0x607 fffff880
0ca85a00 fffff8000807be53 : fffffa80
0491eb50 fffff8800ca85b60 00000000
04b7c418 fffff80008373ce4 : nt!NtDeviceIoControlFile+0x56 fffff880
0ca85a70 000000007703132a : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 00000000
04b7b258 0000000000000000 : 00000000
00000000 0000000000000000 00000000
00000000 00000000`00000000 : 0x7703132a
Checked handle information,
1: kd> !handle 00000000000004fc
PROCESS fffffa80036e30d0
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001aa000 ObjectTable: fffff8a0000017f0 HandleCount: 3236.
Image: System
Kernel handle table at fffff8a0000017f0 with 3236 entries in use
04fc: free handle, Entry address fffff8a001ff73f0, Next Entry 0000000000000cb8
Any pointers will be really helpful.
Thanks,
Sachin