27: kd> !analyze -v
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: ffffc0006c5d1de0, the pool entry being checked.
Arg3: ffffbffe6c5d1de0, the read back flink freelist value (should be the same as 2).
Arg4: ffffc0006c5d1de0, the read back blink freelist value (should be the same as 2).
Debugging Details:
GetUlongPtrFromAddress: unable to read from fffff803e1965308
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2124
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 10811
Key : Analysis.Init.CPU.mSec
Value: 843
Key : Analysis.Init.Elapsed.mSec
Value: 16874
Key : Analysis.Memory.CommitPeak.Mb
Value: 71
Key : WER.OS.Branch
Value: winblue_ltsb_escrow
Key : WER.OS.Timestamp
Value: 2022-02-22T11:58:00Z
Key : WER.OS.Version
Value: 8.1.9600.20302
FILE_IN_CAB: 041922-149187-01.dmp
BUGCHECK_CODE: 19
BUGCHECK_P1: 3
BUGCHECK_P2: ffffc0006c5d1de0
BUGCHECK_P3: ffffbffe6c5d1de0
BUGCHECK_P4: ffffc0006c5d1de0
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
ffffd001b25acbb8 fffff803
e18a52fb : 0000000000000019 00000000
00000003 ffffc0006c5d1de0 ffffbffe
6c5d1de0 : nt!KeBugCheckEx
ffffd001b25acbc0 fffff803
e1a0f02f : ffffc00000000002 00000000
00000000 ffffc00000000001 ffffe001
00000001 : nt!ExAllocatePoolWithTag+0x126b
ffffd001b25acc90 fffff803
e1a0ed9c : 0000000000000001 ffffd001
b25acd40 ffffd001b25acdb9 ffffe801
acc53080 : nt!MiCreateDataFileMap+0x67
ffffd001b25accf0 fffff803
e1a9f79b : ffffe80195535900 ffffd001
b25acf00 0000000000000001 00000000
00000001 : nt!MiCreateNewSection+0x70
ffffd001b25ace00 fffff803
e1a0ed1f : ffffe801aca34418 00000000
00000000 ffffe00100000002 ffffd001
b25ad0c8 : nt!MiCreateSection+0x477
ffffd001b25acff0 fffff803
e167abef : 0000000000000001 00000000
00000000 0000000000000208 fffff803
00000000 : nt!MmCreateSection+0x87
ffffd001b25ad050 fffff800
8597150b : ffffc0009092a150 ffffd001
b25ad730 ffffc0009092a150 ffffc000
9092a150 : nt!CcInitializeCacheMap+0x60f
ffffd001b25ad130 ffffc000
9092a150 : ffffd001b25ad730 ffffc000
9092a150 ffffc0009092a150 ffffc000
9092a150 : Ntfs+0xbf50b
ffffd001b25ad138 ffffd001
b25ad730 : ffffc0009092a150 ffffc000
9092a150 ffffc0009092a150 ffffc000
9092a010 : 0xffffc0009092a150 ffffd001
b25ad140 ffffc0009092a150 : ffffc000
9092a150 ffffc0009092a150 ffffc000
9092a010 ffffd001b25ad301 : 0xffffd001
b25ad730
ffffd001b25ad148 ffffc000
9092a150 : ffffc0009092a150 ffffc000
9092a010 ffffd001b25ad301 ffffd001
b25ad1a0 : 0xffffc0009092a150 ffffd001
b25ad150 ffffc0009092a150 : ffffc000
9092a010 ffffd001b25ad301 ffffd001
b25ad1a0 ff01000028000001 : 0xffffc000
9092a150
ffffd001b25ad158 ffffc000
9092a010 : ffffd001b25ad301 ffffd001
b25ad1a0 ff01000028000001 ffffe801
95535900 : 0xffffc0009092a150 ffffd001
b25ad160 ffffd001b25ad301 : ffffd001
b25ad1a0 ff01000028000001 ffffe801
95535900 0000000000000000 : 0xffffc000
9092a010
ffffd001b25ad168 ffffd001
b25ad1a0 : ff01000028000001 ffffe801
95535900 0000000000000000 00000018
00000000 : 0xffffd001b25ad301 ffffd001
b25ad170 ff01000028000001 : ffffe801
95535900 0000000000000000 00000018
00000000 ffffe801a40a1ca0 : 0xffffd001
b25ad1a0
ffffd001b25ad178 ffffe801
95535900 : 0000000000000000 00000018
00000000 ffffe801a40a1ca0 ffffe001
16ce8180 : 0xff01000028000001 ffffd001
b25ad180 0000000000000000 : 00000018
00000000 ffffe801a40a1ca0 ffffe001
16ce8180 ffffc0009092a150 : 0xffffe801
95535900
SYMBOL_NAME: nt!ExAllocatePoolWithTag+126b
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 6.3.9600.20302
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 126b
FAILURE_BUCKET_ID: 0x19_3_nt!ExAllocatePoolWithTag
OS_VERSION: 8.1.9600.20302
BUILDLAB_STR: winblue_ltsb_escrow
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
FAILURE_ID_HASH: {4b68972e-e926-5fd8-7b97-1ce977bc62b9}
Followup: MachineOwner
27: kd> lmvm nt
Browse full module list
start end module name
fffff803e1618000 fffff803
e1d92000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\C8539FFDFDA646A794016F13DD5EC9411\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\6215660977a000\ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Wed Feb 23 06:39:05 2022 (62156609)
CheckSum: 00709129
ImageSize: 0077A000
File version: 6.3.9600.20302
Product version: 6.3.9600.20302
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.3.9600.20302
FileVersion: 6.3.9600.20302 (winblue_ltsb_escrow.220222-1158)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.