BugCheck A, {ffff888000000000, 2, 1, fffff8026d305841}
*** WARNING: Unable to verify timestamp for rt640x64.sys
*** ERROR: Module load completed but symbols could not be loaded for rt640x64.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffff888000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8026d305841, address which referenced memory
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'srv2' and 'dump_storpor' overlap
WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
ffff888000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiFillSystemPtes+e1
fffff802`6d305841 0000 add byte ptr [rax],al
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
DPC_STACK_BASE: FFFFC9061D630FB0
TRAP_FRAME: ffffc9061d627810 -- (.trap 0xffffc9061d627810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff888000000000 rbx=0000000000000000 rcx=ffff88fffffff0fe
rdx=0000000000000011 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026d305841 rsp=ffffc9061d6279a0 rbp=0000000000000004
r8=ffffa601dcf824f0 r9=0000000000000004 r10=0000000000000011
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!MiFillSystemPtes+0xe1:
fffff802`6d305841 0000 add byte ptr [rax],al ds:ffff8880`00000000=??
Resetting default scope
MISALIGNED_IP:
nt!MiFillSystemPtes+e1
fffff802`6d305841 0000 add byte ptr [rax],al
LAST_CONTROL_TRANSFER: from fffff8026d405e69 to fffff8026d3f3ea0
STACK_TEXT:
ffffc906`1d6276c8 fffff802`6d405e69 : 00000000`0000000a ffff8880`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffc906`1d6276d0 fffff802`6d402169 : 00000000`00000000 ffffc906`1d6278d9 00000000`00000800 fffff802`6fd4a6f7 : nt!KiBugCheckDispatch+0x69
ffffc906`1d627810 fffff802`6d305841 : 00000000`00000000 00000000`00000011 00000000`00002fe3 00000000`00003a00 : nt!KiPageFault+0x469
ffffc906`1d6279a0 fffff802`6d305692 : 00000000`00000001 00000000`00000011 00000000`00000023 00000000`00000000 : nt!MiFillSystemPtes+0xe1
ffffc906`1d627a60 fffff802`6fbd7c32 : 00000000`0000058c 00000000`00000000 00000000`0000058c ffffc906`1d627c08 : nt!MmMapLockedPagesSpecifyCache+0x162
ffffc906`1d627ac0 fffff802`6fd312c0 : ffffc906`1d627c00 ffffc906`1d627bbc ffffc906`1d627c08 ffffc906`1d627bc0 : NETIO!RtlCopyMdlToMdlIndirect+0x242
ffffc906`1d627b40 fffff802`6fd31bc4 : ffffa601`dc80d8b8 ffffc906`1d627e40 00000000`00000000 00000000`00000000 : tcpip!TcpSatisfyReceiveRequests+0x100
ffffc906`1d627d40 fffff802`6fd31755 : ffffc906`1d628020 ffffa601`dda77690 ffffc906`1d628068 ffffc906`1d628070 : tcpip!TcpDeliverDataToClient+0x284
ffffc906`1d627ec0 fffff802`6fd48e38 : 00000000`00003778 00000000`00001000 00000000`2831cb0b ffffa601`86946b6d : tcpip!TcpDeliverReceive+0xb5
ffffc906`1d627fb0 fffff802`6fd343ae : ffffa601`dc80d700 00000000`ffffffff ffffc906`1d628510 00000000`00000000 : tcpip!TcpTcbCarefulDatagram+0x40f8
ffffc906`1d628410 fffff802`6fd33844 : ffffa601`d5d6e008 ffffc906`1d628700 ffffa601`d8879c60 ffffa601`d5cfbb70 : tcpip!TcpTcbReceive+0x30e
ffffc906`1d628660 fffff802`6fd32be8 : 00000001`91cd627b 00000000`00989680 ffffb681`f0cc7222 ffffa601`d58fda60 : tcpip!TcpMatchReceive+0x204
ffffc906`1d628910 fffff802`6fd3168e : ffffa601`d59fe590 ffffa601`d80a61a0 ffffa601`00000001 00000000`00000000 : tcpip!TcpReceive+0x358
ffffc906`1d628a00 fffff802`6fcf0969 : 00000000`00000000 ffffa601`d80a6050 ffffc906`00000028 00000000`00000000 : tcpip!TcpNlClientReceivePreValidatedDatagrams+0x2e
ffffc906`1d628a40 fffff802`6fd49a2e : ffffa601`d85663c0 ffffa601`d8b4c970 00000000`00000006 00000000`00000000 : tcpip!IpFlcReceivePreValidatedPackets+0x6b9
ffffc906`1d628cd0 fffff802`6d2b8908 : ffffa601`d5de5a80 00000000`00000002 ffffb681`ef859140 ffffc906`1d628fc8 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x12e
ffffc906`1d628e20 fffff802`6d2b887d : fffff802`6fd49900 ffffc906`1d628fc8 ffffa601`d58f0100 fffff802`6fbc23af : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffc906`1d628e90 fffff802`6fcd331d : 00000000`00000000 00000000`00000000 ffffa601`d9fefc80 fffff802`6ffc142f : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffc906`1d628ed0 fffff802`6fcd29fd : 00000000`00000001 ffffc906`1d629030 ffffa601`d8b4c970 ffffc906`1d629040 : tcpip!NetioExpandKernelStackAndCallout+0x8d
ffffc906`1d628f30 fffff802`6fa51eb0 : ffffa601`d8071321 00000000`00000001 ffffa601`d5e1d890 ffffc906`1d629340 : tcpip!FlReceiveNetBufferListChain+0x46d
ffffc906`1d6291e0 fffff802`6fa51ccb : ffffa601`d8b26010 fffff802`00000001 ffffc906`00000000 0f0f0f0f`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x140
ffffc906`1d6292c0 fffff802`6fa57ef0 : ffffa601`d80a61a0 ffffa601`d870b001 ffffa601`d80a61a0 fffff802`6d23b301 : ndis!ndisMTopReceiveNetBufferLists+0x22b
ffffc906`1d629340 fffff802`6fa8dcf3 : ffffa601`d870b030 ffffc906`1d629411 00000000`00000000 00000000`00006472 : ndis!ndisCallReceiveHandler+0x60
ffffc906`1d629390 fffff802`6fa54a94 : 00000000`0000a887 00000000`00000001 ffffa601`d80a61a0 00000000`00000001 : ndis!ndisInvokeNextReceiveHandler+0x1df
ffffc906`1d629460 fffff802`79296a28 : ffffa601`d8503000 ffffa601`d8503000 00000000`00000001 00000000`00000000 : ndis!NdisMIndicateReceiveNetBufferLists+0x104
ffffc906`1d6294f0 ffffa601`d8503000 : ffffa601`d8503000 00000000`00000001 00000000`00000000 00000000`00000001 : rt640x64+0x26a28
ffffc906`1d6294f8 ffffa601`d8503000 : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : 0xffffa601`d8503000
ffffc906`1d629500 00000000`00000001 : 00000000`00000000 00000000`00000001 00000000`00000000 00000001`00000001 : 0xffffa601`d8503000
ffffc906`1d629508 00000000`00000000 : 00000000`00000001 00000000`00000000 00000001`00000001 80000000`00000001 : 0x1
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8026d2c6866 - nt!MmUnlockPages+6e6
[ f6:88 ]
fffff8026d30561e - nt!MmMapLockedPagesSpecifyCache+ee (+0x3edb8)
[ f6:88 ]
fffff8026d3057fc - nt!MiFillSystemPtes+9c (+0x1de)
[ f6:88 ]
fffff8026d30580f - nt!MiFillSystemPtes+af (+0x13)
[ 00:03 ]
fffff8026d305817 - nt!MiFillSystemPtes+b7 (+0x08)
[ 00:0b ]
fffff8026d30581f - nt!MiFillSystemPtes+bf (+0x08)
[ cb:cf ]
fffff8026d305827 - nt!MiFillSystemPtes+c7 (+0x08)
[ ff:f0 ]
fffff8026d30582b - nt!MiFillSystemPtes+cb (+0x04)
[ f6:88 ]
fffff8026d30582f - nt!MiFillSystemPtes+cf (+0x04)
[ 3b:3e ]
fffff8026d305837 - nt!MiFillSystemPtes+d7 (+0x08)
[ 48:46 ]
fffff8026d30583f - nt!MiFillSystemPtes+df (+0x08)
[ 36:3d ]
fffff8026d30585e-fffff8026d30585f 2 bytes - nt!MiFillSystemPtes+fe (+0x1f)
[ fb f6:c4 88 ]
fffff8026d30586d-fffff8026d30586e 2 bytes - nt!MiFillSystemPtes+10d (+0x0f)
[ fb f6:c4 88 ]
fffff8026d305878-fffff8026d30587d 6 bytes - nt!MiFillSystemPtes+118 (+0x0b)
[ 68 df be 7d fb f6:88 18 31 62 c4 88 ]
fffff8026d305939 - nt!MiFillSystemPtes+1d9 (+0xc1)
[ f6:88 ]
fffff8026d305a2f - nt!MiFillSystemPtes+2cf (+0xf6)
[ fa:f9 ]
fffff8026d305a3d - nt!MiFillSystemPtes+2dd (+0x0e)
[ fa:f9 ]
fffff8026d305b74 - nt!MiFillSystemPtes+414 (+0x137)
[ f6:88 ]
fffff8026d305bcd - nt!MiFillSystemPtes+46d (+0x59)
[ f6:88 ]
fffff8026d305bed - nt!MiFillSystemPtes+48d (+0x20)
[ f6:88 ]
fffff8026d305ddc - nt!MiFillSystemPtes+67c (+0x1ef)
[ fa:f9 ]
fffff8026d305de6 - nt!MiFillSystemPtes+686 (+0x0a)
[ fa:f9 ]
fffff8026d305ee0-fffff8026d305ee4 5 bytes - nt!MiReservePtes+a0 (+0xfa)
[ d0 be 7d fb f6:10 31 62 c4 88 ]
fffff8026d305eea-fffff8026d305eee 5 bytes - nt!MiReservePtes+aa (+0x0a)
[ d7 be 7d fb f6:17 31 62 c4 88 ]
fffff8026d3963ae-fffff8026d3963b1 4 bytes - nt!MiFreeUltraMapping+32 (+0x904c4)
[ a0 7d fb f6:20 62 c4 88 ]
43 errors : !nt (fffff8026d2c6866-fffff8026d3963b1)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000250, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8062e40de4d, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000000000250
CURRENT_IRQL: 0
FAULTING_IP:
nt!HalRequestSoftwareInterrupt+dd
fffff806`2e40de4d 85b42450020000 test dword ptr [rsp+250h],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
DPC_STACK_BASE: FFFFB78105E30FB0
TRAP_FRAME: ffffb78105e29240 -- (.trap 0xffffb78105e29240)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000210
rdx=0000000000000210 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8062e40de4d rsp=ffffb78105e293d0 rbp=ffffffffffffffff
r8=000000000000082f r9=000000000000002f r10=0000fffff8062e56
r11=ffffd6ff10c00000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na pe nc
nt!HalRequestSoftwareInterrupt+0xdd:
fffff806`2e40de4d 85b42450020000 test dword ptr [rsp+250h],esi ss:0018:ffffb781`05e29620=00040046
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8062e605e69 to fffff8062e5f3ea0
STACK_TEXT:
ffffb781`05e290f8 fffff806`2e605e69 : 00000000`0000000a 00000000`00000250 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
ffffb781`05e29100 fffff806`2e602169 : 00000000`00000000 ffffd40e`9936da20 00000000`00000002 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffb781`05e29240 fffff806`2e40de4d : 00000000`00000000 00000000`0000002f 00000000`00000001 00000000`00000000 : nt!KiPageFault+0x469
ffffb781`05e293d0 fffff806`2e508b4f : 00000000`00000000 fffff806`2e45454d 00000009`634ccbe4 fffff806`2e200000 : nt!HalRequestSoftwareInterrupt+0xdd
ffffb781`05e29630 fffff806`2e508480 : 00000000`0003f004 00000000`00000000 00000000`0003f004 00000009`63714b38 : nt!KiCheckForTimerExpiration+0x31f
ffffb781`05e296c0 fffff806`2e507af7 : 000011be`7c714512 000011be`7c714512 00000000`00000000 ffffd40e`99306010 : nt!KeAccumulateTicks+0x30
ffffb781`05e29720 fffff806`2e506fe4 : 00000000`00000000 00001f80`00000000 00000000`00000000 00000000`00000002 : nt!PpmIdleExecuteTransition+0x997
ffffb781`05e29af0 fffff806`2e5f79c4 : ffffffff`00000000 ffffe701`21459140 ffffd40e`9d70b080 00000000`000006c8 : nt!PoIdle+0x374
ffffb781`05e29c60 00000000`00000000 : ffffb781`05e2a000 ffffb781`05e24000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x54
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8062e44ffa4-fffff8062e44ffa5 2 bytes - nt!MmAreMdlPagesCached+44
[ 80 fa:00 a2 ]
fffff8062e4538fb-fffff8062e4538fc 2 bytes - nt!HalpRemapVirtualAddress64+43 (+0x3957)
[ 80 f6:00 bd ]
fffff8062e5963ae-fffff8062e5963b1 4 bytes - nt!MiFreeUltraMapping+32 (+0x142ab3)
[ a0 7d fb f6:40 af 5e bd ]
8 errors : !nt (fffff8062e44ffa4-fffff8062e5963b1)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------