drive.google.com
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000060, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff801076653fc, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-NG9H4F5
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 16
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: d1
BUGCHECK_P1: 60
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff801076653fc
READ_ADDRESS: fffff801033733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8010322a3c8: Unable to get Flags value from nt!KdVersionBlock
fffff8010322a3c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000060
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MBAMService.exe
TRAP_FRAME: ffff860d180a1c70 -- (.trap 0xffff860d180a1c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=ffffdb019ca79180
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801076653fc rsp=ffff860d180a1e00 rbp=ffff860d180a1f00
r8=000000000000000c r9=0000000000000000 r10=fffff80102e3ee40
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!TcpCloseTcb+0x2e4:
fffff801`076653fc 428b04c2 mov eax,dword ptr [rdx+r8*8] ds:00000000`00000060=????????
Resetting default scope
STACK_TEXT:
ffff860d`180a1b28 fffff801`02fd32e9 : 00000000`0000000a 00000000`00000060 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff860d`180a1b30 fffff801`02fcf62b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff860d`180a1c70 fffff801`076653fc : ffff8b8c`f4193be0 00000000`00000000 00000000`0000002b ffff8b8c`edf67be0 : nt!KiPageFault+0x46b
ffff860d`180a1e00 fffff801`0766270e : 00000000`00000002 00000000`8da2cb1f 00000000`00000000 00000000`00000002 : tcpip!TcpCloseTcb+0x2e4
ffff860d`180a1f50 fffff801`0768ead5 : 00000000`00000000 00000000`00000200 00000000`00000000 00000000`00000000 : tcpip!TcpCreateAndConnectTcbRateLimitComplete+0x712
ffff860d`180a21d0 fffff801`0768e895 : 00000000`00000200 00000000`00000200 ffff8b8c`fc2f4f60 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x75
ffff860d`180a22b0 fffff801`0768e2c8 : 00000000`00000000 ffff8b8c`f4193be0 00000000`00000000 ffff8b8c`f4193be0 : tcpip!TcpContinueCreateAndConnect+0x54d
ffff860d`180a24d0 fffff801`07780b94 : 00000000`00014057 01000000`00100000 ffff8b8c`f14816f0 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectRequestComplete+0x118
ffff860d`180a25e0 fffff801`0714bf18 : ffff8b8c`f14816f0 ffff8b8c`f1c41670 ffff8b8c`edc7f030 ffff8b8c`edc7f030 : tcpip!AlepReleaseConnectRequestInspectContext+0x54
ffff860d`180a2630 fffff801`0714d33c : ffff8b8c`f1c41670 ffff8b8c`f4ce8990 ffff8b8c`f4ce8990 00000000`00000000 : NETIO!ClassifyContextCleanupRoutine+0x98
ffff860d`180a2670 fffff801`0714d07c : 00000000`00014057 00000000`00000000 db15ab56`66378480 00014057`00014057 : NETIO!WfpObjectDereference+0x20
ffff860d`180a26a0 fffff801`07926d15 : 00000000`00014057 00000000`00000000 ffff8b8c`fc6e17f0 ffff8b8c`f65b3ca0 : NETIO!FeReleaseClassifyHandle+0x6c
ffff860d`180a26d0 fffff801`5eadfbc6 : 00000000`00000000 fffff801`5eae5690 00000000`00000000 00000000`00000001 : fwpkclnt!FwpsReleaseClassifyHandle0+0x15
ffff860d`180a2700 00000000`00000000 : fffff801`5eae5690 00000000`00000000 00000000`00000001 ffffdb01`9e200000 : mwac+0xfbc6
SYMBOL_NAME: NETIO!ClassifyContextCleanupRoutine+98
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
IMAGE_VERSION: 10.0.18362.267
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 98
FAILURE_BUCKET_ID: AV_NETIO!ClassifyContextCleanupRoutine
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2a7c7e75-265a-e29a-accf-899e70d8ae84}
Followup: MachineOwner
---------
2: kd> lmvm NETIO
start end module name
fffff801`07100000 fffff801`07194000 NETIO # (pdb symbols) C:\ProgramData\Dbg\sym\netio.pdb\150C387212336D69EDACE42A9D2877951\netio.pdb
Loaded symbol image file: NETIO.SYS
Mapped memory image file: C:\ProgramData\Dbg\sym\NETIO.SYS\E337515594000\NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Image was built with /Brepro flag.
Timestamp: E3375155 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00099164
ImageSize: 00094000
File version: 10.0.18362.267
Product version: 10.0.18362.267
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 10.0.18362.267
FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000060, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff801076653fc, address which referenced memory
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for mwac.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: 60
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff801076653fc
READ_ADDRESS: fffff801033733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
0000000000000060
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TcpCloseTcb+2e4
fffff801`076653fc 428b04c2 mov eax,dword ptr [rdx+r8*8]
CPU_COUNT: 8
CPU_MHZ: d50
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: MBAMService.exe
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-19-2020 23:37:43.0615
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffff860d180a1c70 -- (.trap 0xffff860d180a1c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=ffffdb019ca79180
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801076653fc rsp=ffff860d180a1e00 rbp=ffff860d180a1f00
r8=000000000000000c r9=0000000000000000 r10=fffff80102e3ee40
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!TcpCloseTcb+0x2e4:
fffff801`076653fc 428b04c2 mov eax,dword ptr [rdx+r8*8] ds:00000000`00000060=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80102fd32e9 to fffff80102fc14e0
STACK_TEXT:
ffff860d`180a1b28 fffff801`02fd32e9 : 00000000`0000000a 00000000`00000060 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff860d`180a1b30 fffff801`02fcf62b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff860d`180a1c70 fffff801`076653fc : ffff8b8c`f4193be0 00000000`00000000 00000000`0000002b ffff8b8c`edf67be0 : nt!KiPageFault+0x46b
ffff860d`180a1e00 fffff801`0766270e : 00000000`00000002 00000000`8da2cb1f 00000000`00000000 00000000`00000002 : tcpip!TcpCloseTcb+0x2e4
ffff860d`180a1f50 fffff801`0768ead5 : 00000000`00000000 00000000`00000200 00000000`00000000 00000000`00000000 : tcpip!TcpCreateAndConnectTcbRateLimitComplete+0x712
ffff860d`180a21d0 fffff801`0768e895 : 00000000`00000200 00000000`00000200 ffff8b8c`fc2f4f60 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x75
ffff860d`180a22b0 fffff801`0768e2c8 : 00000000`00000000 ffff8b8c`f4193be0 00000000`00000000 ffff8b8c`f4193be0 : tcpip!TcpContinueCreateAndConnect+0x54d
ffff860d`180a24d0 fffff801`07780b94 : 00000000`00014057 01000000`00100000 ffff8b8c`f14816f0 00000000`00000000 : tcpip!TcpCreateAndConnectTcbInspectConnectRequestComplete+0x118
ffff860d`180a25e0 fffff801`0714bf18 : ffff8b8c`f14816f0 ffff8b8c`f1c41670 ffff8b8c`edc7f030 ffff8b8c`edc7f030 : tcpip!AlepReleaseConnectRequestInspectContext+0x54
ffff860d`180a2630 fffff801`0714d33c : ffff8b8c`f1c41670 ffff8b8c`f4ce8990 ffff8b8c`f4ce8990 00000000`00000000 : NETIO!ClassifyContextCleanupRoutine+0x98
ffff860d`180a2670 fffff801`0714d07c : 00000000`00014057 00000000`00000000 db15ab56`66378480 00014057`00014057 : NETIO!WfpObjectDereference+0x20
ffff860d`180a26a0 fffff801`07926d15 : 00000000`00014057 00000000`00000000 ffff8b8c`fc6e17f0 ffff8b8c`f65b3ca0 : NETIO!FeReleaseClassifyHandle+0x6c
ffff860d`180a26d0 fffff801`5eadfbc6 : 00000000`00000000 fffff801`5eae5690 00000000`00000000 00000000`00000001 : fwpkclnt!FwpsReleaseClassifyHandle0+0x15
ffff860d`180a2700 00000000`00000000 : fffff801`5eae5690 00000000`00000000 00000000`00000001 ffffdb01`9e200000 : mwac+0xfbc6
THREAD_SHA1_HASH_MOD_FUNC: a5de83b4457a266491ad19eeb4c304c7d20e23bf
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 155ecf01c474a71bf14d7f660f6cdf4d4bb4fc1f
THREAD_SHA1_HASH_MOD: d45a4fec7d4011dc5633ac2d2900d13939e281f5
FOLLOWUP_IP:
NETIO!ClassifyContextCleanupRoutine+98
fffff801`0714bf18 488b7b68 mov rdi,qword ptr [rbx+68h]
FAULT_INSTR_CODE: 687b8b48
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: NETIO!ClassifyContextCleanupRoutine+98
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.267
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 98
FAILURE_BUCKET_ID: AV_NETIO!ClassifyContextCleanupRoutine
BUCKET_ID: AV_NETIO!ClassifyContextCleanupRoutine
PRIMARY_PROBLEM_CLASS: AV_NETIO!ClassifyContextCleanupRoutine
TARGET_TIME: 2020-01-19T20:15:17.000Z
OSBUILD: 18362
OSSERVICEPACK: 592
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1972-08-22 03:24:00
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 62f1
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_netio!classifycontextcleanuproutine
FAILURE_ID_HASH: {2a7c7e75-265a-e29a-accf-899e70d8ae84}
Followup: MachineOwner
---------
