IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000014, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8065187829e, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 14
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8065187829e
READ_ADDRESS: fffff80651d733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000000000014
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiGetPage+6e
fffff806`5187829e 49035610 add rdx,qword ptr [r14+10h]
CPU_COUNT: c
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: explorer.exe
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-09-2020 23:28:57.0824
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: fffff489c58ed580 -- (.trap 0xfffff489c58ed580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8065187829e rsp=fffff489c58ed710 rbp=0000000000000002
r8=0000000000000002 r9=0000000000000000 r10=0000000000000001
r11=000000000000003d r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!MiGetPage+0x6e:
fffff806`5187829e 49035610 add rdx,qword ptr [r14+10h] ds:00000000`00000010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff806519d32e9 to fffff806519c14e0
STACK_TEXT:
fffff489`c58ed438 fffff806`519d32e9 : 00000000`0000000a 00000000`00000014 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff489`c58ed440 fffff806`519cf62b : fffffb13`c0200340 fffffb13`c0201b40 fffffb13`c0201d80 ffffe489`00000090 : nt!KiBugCheckDispatch+0x69
fffff489`c58ed580 fffff806`5187829e : fffff806`00ffffff fffffb13`00000005 ffffe489`128e03e0 fffff489`c58ed880 : nt!KiPageFault+0x46b
fffff489`c58ed710 fffff806`51877c71 : fffff806`51c6a3c0 00000000`0000003d 00000000`0000003d 00000000`00000000 : nt!MiGetPage+0x6e
fffff489`c58ed7f0 fffff806`5187599a : 00000000`00000cf8 fffff489`00000000 fffff806`00000000 fffffb13`c0602a60 : nt!MiGetPageChain+0x181
fffff489`c58ed9e0 fffff806`51872159 : 00000000`00000010 fffffb5d`00000000 ffffffff`ffffffff 00000000`00000001 : nt!MiResolvePrivateZeroFault+0x14a
fffff489`c58edb00 fffff806`51873580 : fffff489`c58edd60 fffff489`c58edca0 fffff489`c58edca8 fffff489`c58edc30 : nt!MiZeroFault+0x389
fffff489`c58edbf0 fffff806`51872cee : 00000000`00512c01 00000000`00000000 00000000`00000000 fffffb13`c41a6f80 : nt!MiUserFault+0x3a0
fffff489`c58edca0 fffff806`519cf520 : ffffe489`128e00c0 00000000`00000000 00007ff8`6ffcfb70 fffffb13`00000000 : nt!MmAccessFault+0x14e
fffff489`c58ede40 00007ff8`6ff8785b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
00000000`070eada0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`6ff8785b
THREAD_SHA1_HASH_MOD_FUNC: e720b9d8ef504ec173c344c6da39feab9e815481
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5d4bb544db17c99198bdd908811227e8c4003feb
THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406
FOLLOWUP_IP:
nt!MiGetPage+6e
fffff806`5187829e 49035610 add rdx,qword ptr [r14+10h]
FAULT_INSTR_CODE: 10560349
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiGetPage+6e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 12dcb470
IMAGE_VERSION: 10.0.18362.535
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: memory_corruption
BUCKET_ID_FUNC_OFFSET: 6e
FAILURE_BUCKET_ID: AV_nt!MiGetPage
BUCKET_ID: AV_nt!MiGetPage
PRIMARY_PROBLEM_CLASS: AV_nt!MiGetPage
TARGET_TIME: 2020-01-05T22:46:49.000Z
OSBUILD: 18362
OSSERVICEPACK: 535
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1980-01-11 18:53:20
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 3e9b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!migetpage
FAILURE_ID_HASH: {f2081220-629b-308b-003b-b589256b0abf}
Followup: MachineOwner
---------
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the bugcheck
Arg2: fffff801572aae62, Address of the instruction which caused the bugcheck
Arg3: ffff978a233b7be0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: c000001d
BUGCHECK_P2: fffff801572aae62
BUGCHECK_P3: ffff978a233b7be0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - <Unable to get error code text>
FAULTING_IP:
dxgkrnl!DxgkSubmitCommandInternal+642
fffff801`572aae62 ff ???
CONTEXT: ffff978a233b7be0 -- (.cxr 0xffff978a233b7be0)
rax=ffff978a233b86f0 rbx=ffffd48f3b271b30 rcx=ffffd48f3f0522d0
rdx=0000000000000000 rsi=ffff978a233b8900 rdi=ffffd48f3b271b30
rip=fffff801572aae62 rsp=ffff978a233b85d0 rbp=ffff978a233b8b80
r8=ffff978a233b85a8 r9=00000000ffffffff r10=0000000000000011
r11=ffffb189fb4301f0 r12=0000000000000000 r13=ffffd48f3f057760
r14=0000000000000000 r15=0000000000000947
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
dxgkrnl!DxgkSubmitCommandInternal+0x642:
fffff801`572aae62 ff ???
Resetting default scope
BUGCHECK_STR: 0x3B_c000001d
CPU_COUNT: c
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: starwarsjedifallenord
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-09-2020 23:28:53.0820
ANALYSIS_VERSION: 10.0.18362.1 x86fre
MISALIGNED_IP:
dxgkrnl!DxgkSubmitCommandInternal+642
fffff801`572aae62 ff ???
LAST_CONTROL_TRANSFER: from fffff801572ab54a to fffff801572aae62
STACK_TEXT:
ffff978a`233b85d0 fffff801`572ab54a : fffff801`00000000 ffffb189`fd6a90e0 ffffd48f`3c38a4f0 00000000`14abf340 : dxgkrnl!DxgkSubmitCommandInternal+0x642
ffff978a`233b8ac0 fffff801`4add2d18 : ffffb189`fbd06080 00000000`15d58000 00000000`00000000 00000000`00000000 : dxgkrnl!DxgkSubmitCommand+0x5a
ffff978a`233b8b00 00007ff8`98fe5a44 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`14abf278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`98fe5a44
THREAD_SHA1_HASH_MOD_FUNC: 21a7e7edb2a1ccc80687ee96dd7bd701c9c5091f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 93d163265a9b4bf787c489bc875582e7e20897c7
THREAD_SHA1_HASH_MOD: 0a5d04a59a737196880b39f94877fada46227b94
FOLLOWUP_IP:
dxgkrnl!DxgkSubmitCommandInternal+642
fffff801`572aae62 ff ???
FAULT_INSTR_CODE: f708e8ff
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgkrnl!DxgkSubmitCommandInternal+642
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.449
STACK_COMMAND: .cxr 0xffff978a233b7be0 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED_dxgkrnl.sys
BUCKET_ID: IP_MISALIGNED_dxgkrnl.sys
PRIMARY_PROBLEM_CLASS: IP_MISALIGNED_dxgkrnl.sys
TARGET_TIME: 2020-01-05T22:57:53.000Z
OSBUILD: 18362
OSSERVICEPACK: 535
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1980-01-11 18:53:20
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: d335
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:ip_misaligned_dxgkrnl.sys
FAILURE_ID_HASH: {4baef1c4-80c9-3ccc-f0ef-4c23adb576f1}
Followup: MachineOwner
---------
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001d, Type of memory safety violation
Arg2: ffff890e2d9e4b40, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff890e2d9e4a98, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 1d
BUGCHECK_P2: ffff890e2d9e4b40
BUGCHECK_P3: ffff890e2d9e4a98
BUGCHECK_P4: 0
TRAP_FRAME: ffff890e2d9e4b40 -- (.trap 0xffff890e2d9e4b40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fff7e281c6ca2478 rbx=0000000000000000 rcx=000000000000001d
rdx=ffffe281c6ca2478 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8071edfab3b rsp=ffff890e2d9e4cd8 rbp=0000000000000023
r8=ffffe281c94cffc8 r9=0000000000000000 r10=ffffe281b6e4afb8
r11=ffffe281c94cffc8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!RtlRbRemoveNode+0x1b64fb:
fffff807`1edfab3b cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff890e2d9e4a98 -- (.exr 0xffff890e2d9e4a98)
ExceptionAddress: fffff8071edfab3b (nt!RtlRbRemoveNode+0x00000000001b64fb)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001d
Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
CPU_COUNT: c
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_BALANCED_TREE
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001d
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-09-2020 23:28:50.0614
ANALYSIS_VERSION: 10.0.18362.1 x86fre
DEVICE_OBJECT: ffffe28100000000
LAST_CONTROL_TRANSFER: from fffff8071edd32e9 to fffff8071edc14e0
STACK_TEXT:
ffff890e`2d9e4818 fffff807`1edd32e9 : 00000000`00000139 00000000`0000001d ffff890e`2d9e4b40 ffff890e`2d9e4a98 : nt!KeBugCheckEx
ffff890e`2d9e4820 fffff807`1edd3710 : 00000000`00000000 00001000`23523e79 ffff9900`57549180 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff890e`2d9e4960 fffff807`1edd1aa5 : ffffe281`c5551010 fffff807`1ec47d41 00000000`00000002 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff890e`2d9e4b40 fffff807`1edfab3b : 00000023`00020000 00010026`00230000 fffff807`1ec44493 00000000`00000023 : nt!KiRaiseSecurityCheckFailure+0x325
ffff890e`2d9e4cd8 fffff807`1ec44493 : 00000000`00000023 ffffe281`c6ca2240 00000000`00000000 ffffe281`c6ca2470 : nt!RtlRbRemoveNode+0x1b64fb
ffff890e`2d9e4cf0 fffff807`1ec43e7a : ffffe281`b7010280 ffffe281`b7010280 ffffe281`c3fc8270 ffff890e`2d9e4e00 : nt!RtlpHpVsChunkCoalesce+0x183
ffff890e`2d9e4d60 fffff807`1ec460ed : ffff984c`0000003e 00159ed9`00000000 fffff600`0000b028 00159ed9`00000000 : nt!RtlpHpVsContextFree+0x18a
ffff890e`2d9e4e00 fffff807`1ef6f0a9 : 00000000`00000000 fffff807`00000220 00000000`00000000 01000000`00100000 : nt!ExFreeHeapPool+0x56d
ffff890e`2d9e4f20 fffff807`1ec9320d : ffffe281`c4991a50 fffff300`03d623f0 00000000`00000000 00000000`00000000 : nt!ExFreePool+0x9
ffff890e`2d9e4f50 fffff807`1ec92a83 : 00000000`00000001 ffff890e`00000000 00000000`00000000 ffff9901`59b91002 : nt!MiFreeInPageSupportBlock+0x9d
ffff890e`2d9e4f80 fffff807`1ec54a41 : 00000000`00000000 00000000`00000000 ffff890e`2d9e5170 ffffe281`00000000 : nt!MiFinishHardFault+0x6c3
ffff890e`2d9e5140 fffff807`1ec54965 : 00000000`00000000 00000000`00000000 ffffe281`c93eba88 00000000`00000001 : nt!MiPfCompleteInPageSupport+0x95
ffff890e`2d9e5230 fffff807`1f1fb8a2 : ffffe281`beafc250 00000000`00000001 00000000`ffffffff 00000000`00000000 : nt!MiPfCompletePrefetchIos+0x51
ffff890e`2d9e5260 fffff807`1f1fb70c : 00000000`00000040 00000000`00000000 00000000`00000000 ffffe281`beafc250 : nt!MmPrefetchPagesEx+0x18a
ffff890e`2d9e52d0 fffff807`23520fc5 : 00000000`00000040 ffff890e`2d9e5340 ffffe281`bf133ab0 00000000`00000000 : nt!MmPrefetchPages+0xc
ffff890e`2d9e5300 fffff807`235adad5 : ffffe281`ba9b4400 0000ffff`ffffffff ffff890e`2d9e54b4 0000ffff`ffffffff : Ntfs!NtfsPerformPrefetch+0x135
ffff890e`2d9e5370 fffff807`236f911a : ffffe281`c47934d8 ffffe281`ba9b4180 00000000`00000000 ffffe281`00000000 : Ntfs!NtfsIterateMft+0x29d
ffff890e`2d9e5400 fffff807`236b70d9 : ffffe281`c47934d8 ffffe281`c79a09a0 ffff890e`00000000 00000000`00000000 : Ntfs!NtfsQueryFileLayout+0x892
ffff890e`2d9e5560 fffff807`2362bf71 : ffffe281`c47934d8 00000000`00000001 00000000`00000000 ffffe281`c79a09a0 : Ntfs!NtfsUserFsRequest+0x8ae81
ffff890e`2d9e55e0 fffff807`1ec31f79 : ffffe281`c2b78010 fffff807`22ae45a0 ffffe281`c79a0d88 00000000`00000000 : Ntfs!NtfsFsdFileSystemControl+0x171
ffff890e`2d9e5700 fffff807`22ae55de : 00000000`00000000 ffff890e`2d9e57e0 ffffe281`c79a09a0 ffff890e`2d9e57f0 : nt!IofCallDriver+0x59
ffff890e`2d9e5740 fffff807`22b1c190 : ffff890e`2d9e57e0 00000000`00000000 00000000`00000001 ffffe281`ba3f83c0 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15e
ffff890e`2d9e57c0 fffff807`1ec31f79 : ffffe281`c79a09a0 00000000`00000002 00000000`00000001 00000000`00000020 : FLTMGR!FltpFsControl+0x110
ffff890e`2d9e5820 fffff807`1f1e95e5 : ffff890e`2d9e5b80 ffffe281`c79a09a0 00000000`00000001 ffffe281`c8956740 : nt!IofCallDriver+0x59
ffff890e`2d9e5860 fffff807`1f1e93f0 : ffffe281`00000000 00000000`00000000 ffffe281`c8956740 ffff890e`2d9e5b80 : nt!IopSynchronousServiceTail+0x1a5
ffff890e`2d9e5900 fffff807`1f2bbd96 : 00000214`bbfaf22e 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc10
ffff890e`2d9e5a20 fffff807`1edd2d18 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff9901`57549180 : nt!NtFsControlFile+0x56
ffff890e`2d9e5a90 00007ffa`0247c7e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000fe`7c9fd938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`0247c7e4
THREAD_SHA1_HASH_MOD_FUNC: 84f27b4637b72b494ece1417af664e36a97e2fb6
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 331a79f7b447a8dda5afeb156a8f2a7142dc5078
THREAD_SHA1_HASH_MOD: 1a884e2826f78ffee4e07148c3b54bdc39ee15b8
FOLLOWUP_IP:
nt!ExFreePool+9
fffff807`1ef6f0a9 4883c428 add rsp,28h
FAULT_INSTR_CODE: 28c48348
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: nt!ExFreePool+9
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.535
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!ExFreePool
BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!ExFreePool
PRIMARY_PROBLEM_CLASS: 0x139_1d_INVALID_BALANCED_TREE_nt!ExFreePool
TARGET_TIME: 2020-01-06T15:50:48.000Z
OSBUILD: 18362
OSSERVICEPACK: 535
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1980-01-11 18:53:20
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: f13e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_1d_invalid_balanced_tree_nt!exfreepool
FAILURE_ID_HASH: {ab43366d-59cb-5971-8e17-b53398bf3f90}
Followup: Pool_corruption
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000230, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000017, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000e0b915b, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 230
BUGCHECK_P2: ff
BUGCHECK_P3: 17
BUGCHECK_P4: fffff8000e0b915b
WRITE_ADDRESS: fffff8000db733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000000000230
CURRENT_IRQL: d
FAULTING_IP:
hal!HalRequestSoftwareInterrupt+eb
fffff800`0e0b915b 488b8c2430020000 mov rcx,qword ptr [rsp+230h]
CPU_COUNT: c
CPU_MHZ: e09
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 1
CPU_STEPPING: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-09-2020 23:28:47.0554
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffe085a0229620 -- (.trap 0xffffe085a0229620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000210
rdx=0000000000000210 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000e0b915b rsp=ffffe085a02297b0 rbp=ffffe085a0229aa0
r8=00000000000008e1 r9=000000000000002f r10=0000fffff8000e0b
r11=ffff877b29400000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl zr na po nc
hal!HalRequestSoftwareInterrupt+0xeb:
fffff800`0e0b915b 488b8c2430020000 mov rcx,qword ptr [rsp+230h] ss:0018:ffffe085`a02299e0=ffffa23cf3433b8a
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000d7d32e9 to fffff8000d7c14e0
STACK_TEXT:
ffffe085`a02294d8 fffff800`0d7d32e9 : 00000000`0000000a 00000000`00000230 00000000`000000ff 00000000`00000017 : nt!KeBugCheckEx
ffffe085`a02294e0 fffff800`0d7cf62b : ffff9780`46362fa0 fffff800`0e0b939b 00000000`00000000 ffffe085`a02297b0 : nt!KiBugCheckDispatch+0x69
ffffe085`a0229620 fffff800`0e0b915b : 00000000`0000002f ffffcf06`f2203080 ffffcf06`f2203180 ffffe085`a0229aa0 : nt!KiPageFault+0x46b
ffffe085`a02297b0 fffff800`0d7c3574 : ffff9780`45c00180 ffffe085`a0229aa0 ffffcf06`e9ab2400 00000000`00000000 : hal!HalRequestSoftwareInterrupt+0xeb
ffffe085`a0229a20 fffff800`0d6ee268 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0xc4
ffffe085`a0229bb0 fffff800`0d7c86ef : 00000067`b4bbbdff 00000000`00000001 ffffcf06`00000000 00000000`00000000 : nt!KiUpdateSpeculationControl+0x298
ffffe085`a0229c20 fffff800`0d7c50fe : ffffffff`00000000 ffff9780`45c00180 ffffcf06`f2203080 00000000`00000894 : nt!SwapContext+0x1af
ffffe085`a0229c60 00000000`00000000 : ffffe085`a022a000 ffffe085`a0224000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x15e
THREAD_SHA1_HASH_MOD_FUNC: c618b1875bf2b33df6487a82768dfdd0ab0de901
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: fd4353d99b10f19e8dac5b9358e3d447bccd601a
THREAD_SHA1_HASH_MOD: 77b99fd8d0bba6459fea0474c255a54ffe46d91a
FOLLOWUP_IP:
nt!KiPageFault+46b
fffff800`0d7cf62b 33c0 xor eax,eax
FAULT_INSTR_CODE: ffb0c033
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+46b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 12dcb470
IMAGE_VERSION: 10.0.18362.535
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 46b
FAILURE_BUCKET_ID: AV_CODE_AV_nt!KiPageFault
BUCKET_ID: AV_CODE_AV_nt!KiPageFault
PRIMARY_PROBLEM_CLASS: AV_CODE_AV_nt!KiPageFault
TARGET_TIME: 2020-01-06T15:57:29.000Z
OSBUILD: 18362
OSSERVICEPACK: 535
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1980-01-11 18:53:20
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 482b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_code_av_nt!kipagefault
FAILURE_ID_HASH: {22c06795-f62b-154a-eb13-05cdd373e37e}
Followup: MachineOwner
---------