BSOD on reboot. 0xc0000005 on nt!MmIsDriverVerifying

craniumrat · August 17, 2022, 6:12pm

Hi,

I am working on software RAID driver. I had my QA enable driver verifier for some annoying bugs that I don’t see in my tests. He gets this BSOD on reboot.

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80009186729, The address that the exception occurred at
Arg3: ffffc504869e7008, Exception Record Address
Arg4: ffffc504869e6840, Context Record Address

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 2312

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 2380

    Key  : Analysis.Init.CPU.mSec
    Value: 4656

    Key  : Analysis.Init.Elapsed.mSec
    Value: 14990

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 96

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x7e

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x7e

    Key  : Bugcheck.Code.Register
    Value: 0x7e

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

ORIGINAL_CAB_PATH:  C:\Users\mridu\Downloads\MEMORY.DMP (1).zip

FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80009186729

BUGCHECK_P3: ffffc504869e7008

BUGCHECK_P4: ffffc504869e6840

EXCEPTION_RECORD:  ffffc504869e7008 -- (.exr 0xffffc504869e7008)
ExceptionAddress: fffff80009186729 (nt!MmIsDriverVerifying+0x0000000000000009)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  ffffc504869e6840 -- (.cxr 0xffffc504869e6840)
rax=04ffffe088929f28 rbx=0000000000000010 rcx=ffffb506f93d9e01
rdx=0000000000000010 rsi=ffffb506f986adf0 rdi=ffffb506f93d9e01
rip=fffff80009186729 rsp=ffffc504869e7248 rbp=ffffb506fe87afb8
 r8=ffffb5070c424a30  r9=0000000000000000 r10=fffff80009b55a00
r11=ffffb506fe87aea0 r12=0000000000000200 r13=0000000000000000
r14=0000000000400000 r15=fffff80009b2f440
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
nt!MmIsDriverVerifying+0x9:
fffff800`09186729 8b4068          mov     eax,dword ptr [rax+68h] ds:002b:04ffffe0`88929f90=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  System

READ_ADDRESS:  ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

EXCEPTION_STR:  0xc0000005

STACK_TEXT:  
ffffc504`869e7248 fffff800`097d8cd9     : 00000000`00000200 00000000`0c424a30 fffff800`09b2f440 00000000`00000000 : nt!MmIsDriverVerifying+0x9
ffffc504`869e7250 fffff800`097d912e     : ffffb506`fe87aea0 fffff800`094f8f28 ffffc504`869e7420 ffffb506`fe87aea0 : nt!VfGetPristineDispatchRoutine+0x1d
ffffc504`869e7280 fffff800`097ccee6     : ffffb506`fe87aea0 ffffb506`f986adf0 fffff800`097b333e fffff800`0906c3e2 : nt!VfBeforeCallDriver+0xc6
ffffc504`869e72b0 fffff800`09250fe9     : ffffb506`f986adf0 ffffc504`869e7420 00000000`00000000 ffffb507`0c424a30 : nt!IovCallDriver+0x242
ffffc504`869e72f0 fffff800`097b334e     : ffffb506`f986ae40 ffffc504`869e7420 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x19b579
ffffc504`869e7330 fffff800`097b307e     : 00000000`00000001 ffffb506`f64b8670 fffff800`09a2af60 00000000`00000001 : nt!IopShutdownBaseFileSystems+0xca
ffffc504`869e73b0 fffff800`097b92ea     : 00000000`00000002 00000000`00000002 fffff800`09a2af60 00000000`00000000 : nt!IoShutdownSystem+0x156
ffffc504`869e7430 fffff800`09090265     : ffffb507`10d8a080 fffff800`095084d0 ffffb506`f64b8670 00000000`00000000 : nt!PopGracefulShutdown+0x23a
ffffc504`869e7470 fffff800`09162235     : ffffb507`10d8a080 00000000`00000080 ffffb506`f64e2140 001fe4ff`bd9bbfff : nt!ExpWorkerThread+0x105
ffffc504`869e7510 fffff800`09209f48     : ffff8c80`d41e8180 ffffb507`10d8a080 fffff800`091621e0 00000000`00000246 : nt!PspSystemThreadStartup+0x55
ffffc504`869e7560 00000000`00000000     : ffffc504`869e8000 ffffc504`869e1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28

SYMBOL_NAME:  nt!MmIsDriverVerifying+9

MODULE_NAME: nt

STACK_COMMAND:  .cxr 0xffffc504869e6840 ; kb

IMAGE_NAME:  ntkrnlmp.exe

BUCKET_ID_FUNC_OFFSET:  9

FAILURE_BUCKET_ID:  AV_VRF_nt!MmIsDriverVerifying

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {8e4134e6-d901-bae5-b88b-a2ecbb34941b}

Followup:     MachineOwner
---------

I haven’t the faintest idea how to go about debugging this. Any tips?

Thanks!
Mridul.

Scott_Noone_OSR · August 29, 2022, 2:53pm

I’d start by also enabling Verifier on ntoskrnl.exe and seeing if you get a better crash.