Code:
- BugCheck 1A, {41201, fffff6800003ffc0, 4780000033459847, fffffa8003ea6e00}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+13b42 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff6800003ffc0
Arg3: 4780000033459847
Arg4: fffffa8003ea6e00
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41201
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: opera.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800028d5a6e to fffff800028775c0
STACK_TEXT:
fffff880`03b589b8 fffff800`028d5a6e : 00000000`0000001a 00000000`00041201 fffff680`0003ffc0 47800000`33459847 : nt!KeBugCheckEx
fffff880`03b589c0 fffff800`02845b7e : 00000000`0181e964 00000000`00000000 00000000`00000000 47800000`33459847 : nt! ?? ::FNODOBFM::`string'+0x13b42
fffff880`03b58a00 fffff800`0284581a : fffffa80`03ea6e00 fffffa80`03d8b730 fffffa80`03d8b730 00000000`07ff8000 : nt!MiQueryAddressState+0x2ae
fffff880`03b58a50 fffff800`02b5b8f8 : fffff880`00000004 00000000`07ff9000 fffffa80`03ea6e00 00000000`00000000 : nt!MiQueryAddressSpan+0xaa
fffff880`03b58ac0 fffff800`02876813 : 00000000`000007a8 fffffa80`066f1780 fffff880`03b58bc8 00000000`00d7e618 : nt!NtQueryVirtualMemory+0x386
fffff880`03b58bb0 00000000`7727f8ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00d7e5f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7727f8ea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+13b42
fffff800`028d5a6e cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+13b42
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x1a_41201_nt!_??_::FNODOBFM::_string_+13b42
BUCKET_ID: X64_0x1a_41201_nt!_??_::FNODOBFM::_string_+13b42
Followup: MachineOwner
---------
- BugCheck 50, {fffffa9004418a98, 0, fffff80002b7aa3c, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectByHandleWithTag+10c )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa9004418a98, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002b7aa3c, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ac10e0
fffffa9004418a98
FAULTING_IP:
nt!ObReferenceObjectByHandleWithTag+10c
fffff800`02b7aa3c 0fb64518 movzx eax,byte ptr [rbp+18h]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: opera.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880060e87b0 -- (.trap 0xfffff880060e87b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa9004418a81 rbx=0000000000000000 rcx=fffffa9004418a80
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002b7aa3c rsp=fffff880060e8940 rbp=fffffa9004418a80
r8=fffff8a0083ed000 r9=0000000000000000 r10=fffffa80039ebc90
r11=000000000016019f r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!ObReferenceObjectByHandleWithTag+0x10c:
fffff800`02b7aa3c 0fb64518 movzx eax,byte ptr [rbp+18h] ss:0018:fffffa90`04418a98=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800029087a1 to fffff800028895c0
STACK_TEXT:
fffff880`060e8648 fffff800`029087a1 : 00000000`00000050 fffffa90`04418a98 00000000`00000000 fffff880`060e87b0 : nt!KeBugCheckEx
fffff880`060e8650 fffff800`028876ae : 00000000`00000000 fffff8a0`0837a8c0 00000000`00080100 00000000`00000400 : nt! ?? ::FNODOBFM::`string'+0x40d4b
fffff880`060e87b0 fffff800`02b7aa3c : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa80`04796940 : nt!KiPageFault+0x16e
fffff880`060e8940 fffff800`02ba16d8 : 00000000`00000000 00000000`00000002 fffffa80`03a0a200 00000000`00000001 : nt!ObReferenceObjectByHandleWithTag+0x10c
fffff880`060e8a10 fffff800`02ba1df6 : 00000000`00000000 00000000`00000230 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x748
fffff880`060e8b40 fffff800`02888813 : fffffa80`0477ab60 00000000`0014e0c8 fffff880`060e8bc8 00000000`73f8c844 : nt!NtDeviceIoControlFile+0x56
fffff880`060e8bb0 00000000`73f02dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0014e9b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73f02dd9
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObReferenceObjectByHandleWithTag+10c
fffff800`02b7aa3c 0fb64518 movzx eax,byte ptr [rbp+18h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ObReferenceObjectByHandleWithTag+10c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x50_nt!ObReferenceObjectByHandleWithTag+10c
BUCKET_ID: X64_0x50_nt!ObReferenceObjectByHandleWithTag+10c
Followup: MachineOwner
---------
- BugCheck A, {fffffa90064e3bc8, 2, 1, fffff800028ec2ef}
Unable to load image \SystemRoot\system32\DRIVERS\eamonm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for eamonm.sys
*** ERROR: Module load completed but symbols could not be loaded for eamonm.sys
Probably caused by : eamonm.sys ( eamonm+a1e7 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa90064e3bc8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800028ec2ef, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ab90e0
fffffa90064e3bc8
CURRENT_IRQL: 2
FAULTING_IP:
nt! ?? ::FNODOBFM::`string'+25100
fffff800`028ec2ef 48894108 mov qword ptr [rcx+8],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: SearchProtocol
TRAP_FRAME: fffff88007dabc20 -- (.trap 0xfffff88007dabc20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80064e3db0 rbx=0000000000000000 rcx=fffffa90064e3bc0
rdx=fffffa80064e3bc0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800028ec2ef rsp=fffff88007dabdb0 rbp=fffff88007dabe50
r8=fffffa80064e3bb0 r9=fffffa8003b464b0 r10=00000000000005f0
r11=fffff88007dabea8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt! ?? ::FNODOBFM::`string'+0x25100:
fffff800`028ec2ef 48894108 mov qword ptr [rcx+8],rax ds:bf80:fffffa90`064e3bc8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002880b29 to fffff800028815c0
STACK_TEXT:
fffff880`07dabad8 fffff800`02880b29 : 00000000`0000000a fffffa90`064e3bc8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`07dabae0 fffff800`0287f7a0 : fffffa80`03b464f0 fffffa80`064e3b60 fffff880`07dac0e0 fffffa80`04952de0 : nt!KiBugCheckDispatch+0x69
fffff880`07dabc20 fffff800`028ec2ef : fffff880`0107dcb0 00000000`00000100 00000000`00000000 fffffa80`04952de0 : nt!KiPageFault+0x260
fffff880`07dabdb0 fffff800`02b7a81d : fffffa80`067cb730 00000000`00000801 fffff880`07dac268 fffff880`58434f46 : nt! ?? ::FNODOBFM::`string'+0x25100
fffff880`07dabe30 fffff800`02b94381 : fffffa80`067cb730 fffffa80`00000001 fffff8a0`00001a00 00000000`00000000 : nt!ObpDecrementHandleCount+0x17d
fffff880`07dabeb0 fffff800`02b94294 : 00000000`000005f0 fffffa80`067cb730 fffff8a0`00001a00 00000000`000005f0 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`07dabf40 fffff800`02880813 : fffffa80`064e3b60 fffff880`07dac010 fffffa80`03de1500 00000000`00000000 : nt!ObpCloseHandle+0x94
fffff880`07dabf90 fffff800`0287cdb0 : fffff880`024991e7 00000000`00000000 00000000`00000001 00000000`00004686 : nt!KiSystemServiceCopyEnd+0x13
fffff880`07dac128 fffff880`024991e7 : 00000000`00000000 00000000`00000001 00000000`00004686 fffffa80`03de1500 : nt!KiServiceLinkage
fffff880`07dac130 00000000`00000000 : 00000000`00000001 00000000`00004686 fffffa80`03de1500 00000000`00000000 : eamonm+0xa1e7
STACK_COMMAND: kb
FOLLOWUP_IP:
eamonm+a1e7
fffff880`024991e7 ?? ???
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: eamonm+a1e7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: eamonm
IMAGE_NAME: eamonm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e37c469
FAILURE_BUCKET_ID: X64_0xA_eamonm+a1e7
BUCKET_ID: X64_0xA_eamonm+a1e7
Followup: MachineOwner
---------
- BugCheck 50, {fffff88102926bd8, 1, fffff80002b71c33, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!IoRemoveIoCompletion+153 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88102926bd8, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff80002b71c33, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ab10e0
fffff88102926bd8
FAULTING_IP:
nt!IoRemoveIoCompletion+153
fffff800`02b71c33 8931 mov dword ptr [rcx],esi
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: lsass.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88002926900 -- (.trap 0xfffff88002926900)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88102926bd8
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002b71c33 rsp=fffff88002926a90 rbp=fffff88002926ca0
r8=0000000000000000 r9=0000000000000000 r10=fffffffffffffff7
r11=fffffa8005bf7c10 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!IoRemoveIoCompletion+0x153:
fffff800`02b71c33 8931 mov dword ptr [rcx],esi ds:fffff881`02926bd8=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800028f87a1 to fffff800028795c0
STACK_TEXT:
fffff880`02926798 fffff800`028f87a1 : 00000000`00000050 fffff881`02926bd8 00000000`00000001 fffff880`02926900 : nt!KeBugCheckEx
fffff880`029267a0 fffff800`028776ae : 00000000`00000001 fffff880`02926bc8 fffffa80`07e10500 fffff880`02fd3180 : nt! ?? ::FNODOBFM::`string'+0x40d4b
fffff880`02926900 fffff800`02b71c33 : 00000000`00000000 00000000`00000000 fffffa80`05bf7c10 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`02926a90 fffff800`02889926 : 000007fe`00000001 fffff880`02926ba8 fffff880`02926bc8 00000000`00000001 : nt!IoRemoveIoCompletion+0x153
fffff880`02926b20 fffff800`02878813 : fffffa80`07e10570 00000000`77635270 00000000`00000000 00000000`003cd4c0 : nt!NtWaitForWorkViaWorkerFactory+0x285
fffff880`02926c20 00000000`77580fba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0180fb08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77580fba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IoRemoveIoCompletion+153
fffff800`02b71c33 8931 mov dword ptr [rcx],esi
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!IoRemoveIoCompletion+153
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x50_nt!IoRemoveIoCompletion+153
BUCKET_ID: X64_0x50_nt!IoRemoveIoCompletion+153
Followup: MachineOwner
---------
- BugCheck 50, {fffffa9005cda9e8, 0, fffff80002aa31ec, 5}
Could not read faulting driver name
Probably caused by : cng.sys ( cng!GatherRandomKey+22c )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa9005cda9e8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002aa31ec, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cbf0e0
fffffa9005cda9e8
FAULTING_IP:
nt!ObReferenceObjectSafe+c
fffff800`02aa31ec 498b02 mov rax,qword ptr [r10]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880031caf90 -- (.trap 0xfffff880031caf90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8006880060 rbx=0000000000000000 rcx=fffffa9005cdaa18
rdx=fffff80002cbf900 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002aa31ec rsp=fffff880031cb120 rbp=fffff880031cb700
r8=0000000000000000 r9=fffffa8005cdab60 r10=fffffa9005cda9e8
r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!ObReferenceObjectSafe+0xc:
fffff800`02aa31ec 498b02 mov rax,qword ptr [r10] ds:bae0:fffffa90`05cda9e8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b067a1 to fffff80002a875c0
STACK_TEXT:
fffff880`031cae28 fffff800`02b067a1 : 00000000`00000050 fffffa90`05cda9e8 00000000`00000000 fffff880`031caf90 : nt!KeBugCheckEx
fffff880`031cae30 fffff800`02a856ae : 00000000`00000000 fffffa90`05cdaa18 fffff8a0`0827de00 00000000`00002f98 : nt! ?? ::FNODOBFM::`string'+0x40d4b
fffff880`031caf90 fffff800`02aa31ec : 00000000`00000000 fffff800`02d1adb1 fffff8a0`0827dea0 00000000`00003218 : nt!KiPageFault+0x16e
fffff880`031cb120 fffff800`02d1afe6 : 00000000`00000000 fffffa80`06880060 fffffa80`06880060 fffff8a0`0827db08 : nt!ObReferenceObjectSafe+0xc
fffff880`031cb150 fffff800`02d81e46 : fffff8a0`0827b0a8 fffffa80`0001ff58 fffff880`031cb2e0 00000000`00000000 : nt!ExpGetProcessInformation+0x498
fffff880`031cb2a0 fffff800`02d82f15 : fffff8a0`0827b0a8 fffffa80`6365734b 00000000`00000000 fffff880`031cbc20 : nt!ExpQuerySystemInformation+0xf14
fffff880`031cb640 fffff800`02a86813 : fffff880`031cb710 fffff800`02a857bd 00000000`00000001 fffffa80`04801060 : nt!NtQuerySystemInformation+0x4d
fffff880`031cb680 fffff800`02a82db0 : fffff880`010c8a9c 00000000`00000000 fffff880`031cb844 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`031cb818 fffff880`010c8a9c : 00000000`00000000 fffff880`031cb844 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
fffff880`031cb820 fffff880`010c856d : fffffa80`04801060 00000000`00000000 fffff800`20206f49 fffff800`02a92141 : cng!GatherRandomKey+0x22c
fffff880`031cbbe0 fffff800`02d8098d : 00000000`00000000 fffffa80`053af7f0 fffffa80`053af7f0 fffffa80`039deb60 : cng!scavengingWorkItemRoutine+0x3d
fffff880`031cbc80 fffff800`02a947e1 : fffff800`02c2c500 fffff800`02d80950 fffffa80`039deb60 00000000`00000000 : nt!IopProcessWorkItem+0x3d
fffff880`031cbcb0 fffff800`02d276fa : 00000000`00000080 fffffa80`039deb60 00000000`00000080 fffffa80`0396d890 : nt!ExpWorkerThread+0x111
fffff880`031cbd40 fffff800`02a65b46 : fffff880`02f63180 fffffa80`039deb60 fffff880`02f6dfc0 00000000`05420000 : nt!PspSystemThreadStartup+0x5a
fffff880`031cbd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
cng!GatherRandomKey+22c
fffff880`010c8a9c 83ff20 cmp edi,20h
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: cng!GatherRandomKey+22c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cng
IMAGE_NAME: cng.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc814
FAILURE_BUCKET_ID: X64_0x50_cng!GatherRandomKey+22c
BUCKET_ID: X64_0x50_cng!GatherRandomKey+22c
Followup: MachineOwner
---------
- BugCheck A, {fffffa9006d2a320, 2, 1, fffff80002adccd9}
Probably caused by : ntkrnlmp.exe ( nt!KiProcessExpiredTimerList+129 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa9006d2a320, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002adccd9, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d090e0
fffffa9006d2a320
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiProcessExpiredTimerList+129
fffff800`02adccd9 48894108 mov qword ptr [rcx+8],rax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88002f1b450 -- (.trap 0xfffff88002f1b450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8006d2a318 rbx=0000000000000000 rcx=fffffa9006d2a318
rdx=fffffa8005995640 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002adccd9 rsp=fffff88002f1b5e0 rbp=fffffa8005995520
r8=0000000000000006 r9=0000000000000000 r10=0000000000000091
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiProcessExpiredTimerList+0x129:
fffff800`02adccd9 48894108 mov qword ptr [rcx+8],rax ds:7b00:fffffa90`06d2a320=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ad0b29 to fffff80002ad15c0
STACK_TEXT:
fffff880`02f1b308 fffff800`02ad0b29 : 00000000`0000000a fffffa90`06d2a320 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`02f1b310 fffff800`02acf7a0 : 00000000`00000001 fffffa80`05995580 fffffa80`05830e20 00000001`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f1b450 fffff800`02adccd9 : fffffa80`06b68060 fffffa80`05422888 fffffa80`05422888 00000000`00000102 : nt!KiPageFault+0x260
fffff880`02f1b5e0 fffff800`02add34e : 00000004`732d9f0f fffff880`02f1bc58 00000000`0001de91 fffff880`009ec7a8 : nt!KiProcessExpiredTimerList+0x129
fffff880`02f1bc30 fffff800`02adcb57 : 00000001`29424bc6 00000001`0001de91 00000001`29424b02 00000000`00000091 : nt!KiTimerExpiration+0x1be
fffff880`02f1bcd0 fffff800`02ad9d8a : fffff880`009e9180 fffff880`009f3fc0 00000000`00000000 fffff880`00c2ef44 : nt!KiRetireDpcList+0x277
fffff880`02f1bd80 00000000`00000000 : fffff880`02f1c000 fffff880`02f16000 fffff880`02f1bd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiProcessExpiredTimerList+129
fffff800`02adccd9 48894108 mov qword ptr [rcx+8],rax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiProcessExpiredTimerList+129
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+129
BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+129
Followup: MachineOwner
---------
- BugCheck 19, {3, fffffa800395c470, fffffa800395c470, fffffa900395c470}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 )
Followup: Pool_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa800395c470, the pool entry being checked.
Arg3: fffffa800395c470, the read back flink freelist value (should be the same as 2).
Arg4: fffffa900395c470, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002bb34b3 to fffff80002a85c40
STACK_TEXT:
fffff880`0a273338 fffff800`02bb34b3 : 00000000`00000019 00000000`00000003 fffffa80`0395c470 fffffa80`0395c470 : nt!KeBugCheckEx
fffff880`0a273340 fffff800`02d7fa5f : fffff8a0`00000002 fffffa80`039f3108 00000000`0000001d 00000000`00000000 : nt!ExDeferredFreePool+0xa53
fffff880`0a273430 fffff800`02d7f87b : fffffa80`00000000 fffffa80`03a3ba01 fffff880`00000050 fffff880`0a2734d8 : nt!ObpAllocateObject+0x12f
fffff880`0a2734a0 fffff800`02d54714 : 00000000`00000000 fffff880`0a2736b9 fffff8a0`01d87130 00000000`00000000 : nt!ObCreateObject+0xdb
fffff880`0a273510 fffff800`02d50426 : fffff8a0`00000000 fffff880`0252f758 fffff8a0`016cd010 fffffa80`041ec900 : nt!CmpDoOpen+0x154
fffff880`0a2735d0 fffff800`02d80838 : fffffa80`041ecab8 fffffa80`00000000 fffffa80`041ec900 69634d43`00000001 : nt!CmpParseKey+0x496
fffff880`0a2738d0 fffff800`02d81a56 : 00000000`00000040 fffffa80`041ec900 00000000`00000000 fffffa80`039f31e0 : nt!ObpLookupObjectName+0x588
fffff880`0a2739c0 fffff800`02d552bc : 00000000`00000000 00000000`00000000 fffff8a0`038fc601 fffff880`0a273aa8 : nt!ObOpenObjectByName+0x306
fffff880`0a273a90 fffff800`02d5772f : 00000000`058de238 00000000`00020019 00000000`058de258 00000000`00000000 : nt!CmOpenKey+0x28a
fffff880`0a273be0 fffff800`02a84ed3 : fffffa80`061f57e0 00000000`058de308 fffff880`0a273bf8 fffffa80`00000004 : nt!NtOpenKeyEx+0xf
fffff880`0a273c20 00000000`77a9226a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`058de1f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77a9226a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`02bb34b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
---------
- BugCheck A, {fffffa90039dc45e, 2, 0, fffff80002a95da4}
Probably caused by : ntkrnlmp.exe ( nt!KiDeferredReadyThread+e4 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa90039dc45e, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a95da4, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc2100
fffffa90039dc45e
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiDeferredReadyThread+e4
fffff800`02a95da4 80bd1e04000002 cmp byte ptr [rbp+41Eh],2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff8800317e7f0 -- (.trap 0xfffff8800317e7f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000061 rbx=0000000000000000 rcx=000000000000000d
rdx=000000000000000d rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a95da4 rsp=fffff8800317e980 rbp=fffffa90039dc040
r8=000000000000000d r9=0000000000000000 r10=fffff80002a13000
r11=00000000000001bd r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KiDeferredReadyThread+0xe4:
fffff800`02a95da4 80bd1e04000002 cmp byte ptr [rbp+41Eh],2 ss:0018:fffffa90`039dc45e=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a8f1e9 to fffff80002a8fc40
STACK_TEXT:
fffff880`0317e6a8 fffff800`02a8f1e9 : 00000000`0000000a fffffa90`039dc45e 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0317e6b0 fffff800`02a8de60 : fffffa80`01f7fe50 fffff880`0317e8b8 00000000`00000000 00000000`00000004 : nt!KiBugCheckDispatch+0x69
fffff880`0317e7f0 fffff800`02a95da4 : 00000000`00000000 fffff880`0317eaa8 00000000`63426343 fffff800`02a92552 : nt!KiPageFault+0x260
fffff880`0317e980 fffff800`02a85e3e : 00000000`00000000 00000000`00000000 fffffa80`065a55d8 fffffa80`065a54d0 : nt!KiDeferredReadyThread+0xe4
fffff880`0317ea00 fffff800`02a9c1f4 : 00000000`00000000 fffffa80`039fdd60 00000000`00000000 00000000`00000000 : nt!KiInsertQueue+0x1fe
fffff880`0317ea80 fffff800`02ad67d8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExQueueWorkItem+0x44
fffff880`0317eac0 fffff800`02ad608c : 00000000`00000002 00000000`00000000 fffff800`02c30260 fffffa80`040b73f0 : nt!CcPostWorkQueue+0x168
fffff880`0317eb20 fffff800`02ad5969 : fffff880`00000000 fffffa80`00000000 00000000`00000030 fffffa80`040b73f0 : nt!CcLazyWriteScan+0x3ac
fffff880`0317ec00 fffff800`02a9a001 : fffffa80`03a2e840 fffff800`02d86901 fffff800`02c918c0 fffffa80`00000000 : nt!CcWorkerThread+0x1f9
fffff880`0317ecb0 fffff800`02d2afee : 63535c65`6e696863 fffffa80`03a43040 00000000`00000080 fffffa80`039dc040 : nt!ExpWorkerThread+0x111
fffff880`0317ed40 fffff800`02a815e6 : fffff880`02f63180 fffffa80`03a43040 fffff880`02f6dfc0 61727475`656e3d65 : nt!PspSystemThreadStartup+0x5a
fffff880`0317ed80 00000000`00000000 : fffff880`0317f000 fffff880`03179000 fffff880`0317e9e0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDeferredReadyThread+e4
fffff800`02a95da4 80bd1e04000002 cmp byte ptr [rbp+41Eh],2
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiDeferredReadyThread+e4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiDeferredReadyThread+e4
BUCKET_ID: X64_0xA_nt!KiDeferredReadyThread+e4
Followup: MachineOwner
---------