DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000060, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff801076653fc, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-NG9H4F5
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 16
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: d1
BUGCHECK_P1: 60
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff801076653fc
READ_ADDRESS: fffff801033733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8010322a3c8: Unable to get Flags value from nt!KdVersionBlock
fffff8010322a3c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000060
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MBAMService.exe
TRAP_FRAME: ffff860d180a1c70 -- (.trap 0xffff860d180a1c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=ffffdb019ca79180
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801076653fc rsp=ffff860d180a1e00 rbp=ffff860d180a1f00
r8=000000000000000c r9=0000000000000000 r10=fffff80102e3ee40
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!TcpCloseTcb+0x2e4:
fffff801`076653fc 428b04c2 mov eax,dword ptr [rdx+r8*8] ds:00000000`00000060=????????
Resetting default scope
STACK_TEXT:
ffff860d`180a1b28 fffff801`02fd32e9 : 00000000`0000000a 00000000`00000060 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff860d`180a1b30 fffff801`02fcf62b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff860d`180a1c70 fffff801`076653fc : ffff8b8c`f4193be0 00000000`00000000 00000000`0000002b ffff8b8c`edf67be0 : nt!KiPageFault+0x46b
ffff860d`180a1e00 fffff801`0766270e : 00000000`00000002 00000000`8da2cb1f 00000000`00000000 00000000`00000002 : tcpip!TcpCloseTcb+0x2e4
ffff860d`180a1f50 fffff801`0768ead5 : 00000000`00000000 00000000`00000200 00000000`00000000 00000000`00000000 : tcpip!TcpCreateAndConnectTcbRateLimitComplete+0x712
ffff860d`180a21d0 fffff801`0768e895 : 00000000`00000200 00000000`00000200 ffff8b8c`fc2f4f60 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x75
ffff860d`180a22b0 fffff801`0768e2c8 : 00000000`00000000 ffff8b8c`f4193be0 00000000`00000000 ffff8b8c`f4193be0 : tcpip!TcpContinueCreateAndConnect+0x54d
ffff860d`180a24d0 fffff801`07780b94 : 00000000`00014057 01000000`00100000 ffff8b8c`f14816f0 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectRequestComplete+0x118
ffff860d`180a25e0 fffff801`0714bf18 : ffff8b8c`f14816f0 ffff8b8c`f1c41670 ffff8b8c`edc7f030 ffff8b8c`edc7f030 : tcpip!AlepReleaseConnectRequestInspectContext+0x54
ffff860d`180a2630 fffff801`0714d33c : ffff8b8c`f1c41670 ffff8b8c`f4ce8990 ffff8b8c`f4ce8990 00000000`00000000 : NETIO!ClassifyContextCleanupRoutine+0x98
ffff860d`180a2670 fffff801`0714d07c : 00000000`00014057 00000000`00000000 db15ab56`66378480 00014057`00014057 : NETIO!WfpObjectDereference+0x20
ffff860d`180a26a0 fffff801`07926d15 : 00000000`00014057 00000000`00000000 ffff8b8c`fc6e17f0 ffff8b8c`f65b3ca0 : NETIO!FeReleaseClassifyHandle+0x6c
ffff860d`180a26d0 fffff801`5eadfbc6 : 00000000`00000000 fffff801`5eae5690 00000000`00000000 00000000`00000001 : fwpkclnt!FwpsReleaseClassifyHandle0+0x15
ffff860d`180a2700 00000000`00000000 : fffff801`5eae5690 00000000`00000000 00000000`00000001 ffffdb01`9e200000 : mwac+0xfbc6
SYMBOL_NAME: NETIO!ClassifyContextCleanupRoutine+98
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
IMAGE_VERSION: 10.0.18362.267
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 98
FAILURE_BUCKET_ID: AV_NETIO!ClassifyContextCleanupRoutine
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2a7c7e75-265a-e29a-accf-899e70d8ae84}
Followup: MachineOwner
---------
2: kd> lmvm NETIO
start end module name
fffff801`07100000 fffff801`07194000 NETIO # (pdb symbols) C:\ProgramData\Dbg\sym\netio.pdb\150C387212336D69EDACE42A9D2877951\netio.pdb
Loaded symbol image file: NETIO.SYS
Mapped memory image file: C:\ProgramData\Dbg\sym\NETIO.SYS\E337515594000\NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Image was built with /Brepro flag.
Timestamp: E3375155 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00099164
ImageSize: 00094000
File version: 10.0.18362.267
Product version: 10.0.18362.267
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 10.0.18362.267
FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.