pmon.sys BSOD due to rapid USB connection/disconnection

[TheMohawkNinja]

Hello,


I am working on a project that involves my keyboard and mouse disconnecting and reconnecting from Windows multiple times, as I am switching which computer the devices are sending inputs to.


Despite having tried two different hardware USB switches, and even the USB/IP project (a software USB over LAN switch solution) as a means to handle the USB switching between devices, it is inevitably the case that when I go to switch which computer is receiving keyboard/mouse inputs, Windows 10 will eventually BSOD usually within the first dozen or so attempts at switching inputs. It is possible the issue is limited to the keyboard, as in my early attempts at getting USB/IP to work, I just switched the mouse and was able to switch the mouse back-and-forth between devices many times in rapid succession without issue.


According to all of the minidumps created, the associated driver is "pmon.sys".


- My machine is up-to-date (save for 2020-10 .NET Cumulative, but this issue has been plaguing me for months, so unless you can 100% confirm there is a fix in that KB, I highly doubt that is a solution).

- All updates have been successfully applied according to Update History

- "sfc /scannow" has been run on the machine.


The timestamp for pmon.sys according to the minidump file is 2/7/18, however the last modified date in its' containing folder is 4/4/19. Either way, it has been over 1.5 years since it has updated, which seems odd given it is apparently responsible for handing USB, something I would think would be updated frequently due to it's ubiqutous usage.


Any help in resolving this issue would be much appreciated. My project requires a stable and reliable means of handling USB switching, and short of reinstalling Windows (which I'd prefer to avoid if at all possible), I'm not really sure where to go from here.


Minidumps are below:


===============================================================================================


Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\091420-13625-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff800`69800000 PsLoadedModuleList = 0xfffff800`69c460f0
Debug session time: Mon Sep 14 16:52:55.213 2020 (UTC - 5:00)
System Uptime: 0 days 1:03:11.903
Loading Kernel Symbols
...............................................................
................................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
...................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`699c2990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff800`6d089950=0000000000000139
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8006d089c70, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8006d089bc8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 7577

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BENPC

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 15800

Key : Analysis.Memory.CommitPeak.Mb
Value: 80

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: 19h1_release

Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z

Key : WER.OS.Version
Value: 10.0.18362.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: fffff8006d089c70

BUGCHECK_P3: fffff8006d089bc8

BUGCHECK_P4: 0

TRAP_FRAME: fffff8006d089c70 -- (.trap 0xfffff8006d089c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff900e54916240 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff80069d8f709 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800698b446f rsp=fffff8006d089e00 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=0000000000000001
r11=fffff780000003b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!KeReleaseMutant+0x23f:
fffff800`698b446f cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: fffff8006d089bc8 -- (.exr 0xfffff8006d089bc8)
ExceptionAddress: fffff800698b446f (nt!KeReleaseMutant+0x000000000000023f)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
fffff800`6d089948 fffff800`699d4829 : 00000000`00000139 00000000`00000003 fffff800`6d089c70 fffff800`6d089bc8 : nt!KeBugCheckEx
fffff800`6d089950 fffff800`699d4c50 : fffff800`6d089b29 00000000`00000002 00000000`00000040 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff800`6d089a90 fffff800`699d2fe3 : 00000000`00000000 ffff900e`56c182b8 00000000`00000002 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff800`6d089c70 fffff800`698b446f : 00000000`00000006 fffff800`6662108d 00000000`00000000 00000000`000000c0 : nt!KiRaiseSecurityCheckFailure+0x323
fffff800`6d089e00 fffff800`698b45a3 : ffff900e`00000000 ffff900e`00000001 ffff900e`00000001 ffff900e`54916100 : nt!KeReleaseMutant+0x23f
fffff800`6d089ef0 fffff800`78cb11b9 : ffff900e`54916228 fffff800`00000000 00000000`00000000 00000000`00000000 : nt!KeReleaseMutex+0x13
fffff800`6d089f20 ffff900e`54916228 : fffff800`00000000 00000000`00000000 00000000`00000000 fffff800`00000002 : pmon+0x11b9
fffff800`6d089f28 fffff800`00000000 : 00000000`00000000 00000000`00000000 fffff800`00000002 fffff800`78b323e2 : 0xffff900e`54916228
fffff800`6d089f30 00000000`00000000 : 00000000`00000000 fffff800`00000002 fffff800`78b323e2 ffff900e`549161a0 : 0xfffff800`00000000


SYMBOL_NAME: pmon+11b9

MODULE_NAME: pmon

IMAGE_NAME: pmon.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 11b9

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_pmon!unknown_function

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {e49d5e15-5c34-b425-9ae4-d71f984a1b14}

Followup: MachineOwner
---------

0: kd> lmvm pmon
Browse full module list
start end module name
fffff800`78cb0000 fffff800`78cb8000 pmon T (no symbols)
Loaded symbol image file: pmon.sys
Image path: \??\C:\WINDOWS\System32\drivers\pmon.sys
Image name: pmon.sys
Browse all global symbols functions data
Timestamp: Wed Feb 7 16:30:18 2018 (5A7B6FEA)
CheckSum: 0000D687
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:



===============================================================================================


Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64


Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\100820-12718-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`39c00000 PsLoadedModuleList = 0xfffff803`3a0460f0
Debug session time: Thu Oct 8 18:26:04.078 2020 (UTC - 5:00)
System Uptime: 0 days 19:51:07.780
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
......................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`39dc2990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff283`27a28b30=000000000000000a
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffae8d06b58230, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80339cb4452, address which referenced memory

Debugging Details:
------------------

*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 4874

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BENPC

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 5503

Key : Analysis.Memory.CommitPeak.Mb
Value: 79

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: 19h1_release

Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z

Key : WER.OS.Version
Value: 10.0.18362.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: a

BUGCHECK_P1: ffffae8d06b58230

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80339cb4452

READ_ADDRESS: fffff8033a1713b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8033a0283b8: Unable to get Flags value from nt!KdVersionBlock
fffff8033a0283b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffae8d06b58230

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

TRAP_FRAME: fffff28327a28c70 -- (.trap 0xfffff28327a28c70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffae8c06b58240 rbx=0000000000000000 rcx=ffffc101fe47b180
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80339cb4452 rsp=fffff28327a28e00 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=0000000000000001
r11=fffff780000003b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeReleaseMutant+0x222:
fffff803`39cb4452 498b06 mov rax,qword ptr [r14] ds:00000000`00000000=????????????????
Resetting default scope

STACK_TEXT:
fffff283`27a28b28 fffff803`39dd4829 : 00000000`0000000a ffffae8d`06b58230 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff283`27a28b30 fffff803`39dd0b69 : 00000000`00000000 ffffae8c`0d05d2b8 00000000`00000002 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff283`27a28c70 fffff803`39cb4452 : 00000000`00000006 fffff803`3652408d 00000000`00000000 00000000`000000c0 : nt!KiPageFault+0x469
fffff283`27a28e00 fffff803`39cb45a3 : ffffae8c`00000000 ffffae8c`00000001 ffffae8c`00000001 ffffae8c`06b58100 : nt!KeReleaseMutant+0x222
fffff283`27a28ef0 fffff803`487511b9 : ffffae8c`06b58228 fffff803`00000000 00000000`00000000 00000000`00000000 : nt!KeReleaseMutex+0x13
fffff283`27a28f20 ffffae8c`06b58228 : fffff803`00000000 00000000`00000000 00000000`00000000 fffff283`00000002 : pmon+0x11b9
fffff283`27a28f28 fffff803`00000000 : 00000000`00000000 00000000`00000000 fffff283`00000002 fffff803`485d23e2 : 0xffffae8c`06b58228
fffff283`27a28f30 00000000`00000000 : 00000000`00000000 fffff283`00000002 fffff803`485d23e2 ffffae8c`06b581a0 : 0xfffff803`00000000


SYMBOL_NAME: pmon+11b9

MODULE_NAME: pmon

IMAGE_NAME: pmon.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 11b9

FAILURE_BUCKET_ID: AV_pmon!unknown_function

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {146d5e1c-c312-8f0e-6f37-5dc8aefa6e27}

Followup: MachineOwner
---------

1: kd> lmvm pmon
Browse full module list
start end module name
fffff803`48750000 fffff803`48758000 pmon T (no symbols)
Loaded symbol image file: pmon.sys
Image path: \??\C:\WINDOWS\System32\drivers\pmon.sys
Image name: pmon.sys
Browse all global symbols functions data
Timestamp: Wed Feb 7 16:30:18 2018 (5A7B6FEA)
CheckSum: 0000D687
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:


=================================================================================================================


Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\102820-8093-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff800`4d200000 PsLoadedModuleList = 0xfffff800`4d6461b0
Debug session time: Wed Oct 28 15:33:01.909 2020 (UTC - 5:00)
System Uptime: 0 days 6:12:04.885
Loading Kernel Symbols
...............................................................
................................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`4d3c2ce0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8789`ba763a90=000000000000000a
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffb404b122d388, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8004d260b62, address which referenced memory

Debugging Details:
------------------

*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 6155

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BENPC

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 6768

Key : Analysis.Memory.CommitPeak.Mb
Value: 92

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: 19h1_release

Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z

Key : WER.OS.Version
Value: 10.0.18362.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: a

BUGCHECK_P1: ffffb404b122d388

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8004d260b62

READ_ADDRESS: fffff8004d7713b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8004d6283b8: Unable to get Flags value from nt!KdVersionBlock
fffff8004d6283b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffb404b122d388

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: usbip.exe

TRAP_FRAME: ffff8789ba763bd0 -- (.trap 0xffff8789ba763bd0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb4039fe42240 rbx=0000000000000000 rcx=ffffb404b122d388
rdx=ffffb403b122d388 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8004d260b62 rsp=ffff8789ba763d60 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=0000000000000001
r11=fffff780000003b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KeReleaseMutant+0x142:
fffff800`4d260b62 483901 cmp qword ptr [rcx],rax ds:ffffb404`b122d388=????????????????
Resetting default scope

STACK_TEXT:
ffff8789`ba763a88 fffff800`4d3d4b29 : 00000000`0000000a ffffb404`b122d388 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff8789`ba763a90 fffff800`4d3d0e69 : ffffb403`97010340 ffffb403`97010800 ffffb403`97015f00 000000b0`00000030 : nt!KiBugCheckDispatch+0x69
ffff8789`ba763bd0 fffff800`4d260b62 : 00000000`00000002 ffffb403`aa8ff860 0000010f`b2af0900 00004bfc`57070200 : nt!KiPageFault+0x469
ffff8789`ba763d60 fffff800`4d260d93 : ffffb403`00000000 ffffb403`00000001 ffffb403`00000001 ffffb403`9fe42100 : nt!KeReleaseMutant+0x142
ffff8789`ba763e50 fffff800`5de211b9 : ffffb403`9fe42228 fffff800`00000000 ffffb403`00000000 fffff800`5de03c00 : nt!KeReleaseMutex+0x13
ffff8789`ba763e80 ffffb403`9fe42228 : fffff800`00000000 ffffb403`00000000 fffff800`5de03c00 ffff8789`00000002 : pmon+0x11b9
ffff8789`ba763e88 fffff800`00000000 : ffffb403`00000000 fffff800`5de03c00 ffff8789`00000002 fffff800`5dcb23e2 : 0xffffb403`9fe42228
ffff8789`ba763e90 ffffb403`00000000 : fffff800`5de03c00 ffff8789`00000002 fffff800`5dcb23e2 ffffb403`9fe421a0 : 0xfffff800`00000000
ffff8789`ba763e98 fffff800`5de03c00 : ffff8789`00000002 fffff800`5dcb23e2 ffffb403`9fe421a0 fffff800`5de210cd : 0xffffb403`00000000
ffff8789`ba763ea0 fffff800`5de03abc : 00000000`00000002 ffff8789`ba763f58 ffffb403`a6d2b910 ffffb403`ad9e9960 : mouhid!MouHid_StartRead+0x84
ffff8789`ba763f00 fffff800`4d25bd99 : 00000000`00000000 00000000`00000000 00000000`c0000201 00000000`00000000 : mouhid!MouHid_ReadComplete+0x75c
ffff8789`ba763fa0 fffff800`4d25bc67 : ffffb403`b2b229f0 00000000`00000006 00000000`00000000 ffffb403`a1550660 : nt!IopfCompleteRequest+0x119
ffff8789`ba7640b0 fffff800`5dc7acb1 : ffffb403`b2b229e0 ffffb403`b2b22902 ffff8789`ba764151 00000000`00000005 : nt!IofCompleteRequest+0x17
ffff8789`ba7640e0 fffff800`5dc7a7ba : ffffb403`a1550660 ffffb403`a1550602 ffffb403`b13f7ab0 00000000`00000005 : HIDCLASS!HidpDistributeInterruptReport+0x25d
ffff8789`ba7641b0 fffff800`4d25bd99 : ffffb403`ae5da010 ffffb403`ae5da010 ffff8789`ba764201 ffffb403`ae5da323 : HIDCLASS!HidpInterruptReadComplete+0x34a
ffff8789`ba764250 fffff800`4d25bc67 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000001 : nt!IopfCompleteRequest+0x119
ffff8789`ba764360 fffff800`505a84ad : 00000000`00000000 ffffb403`b1993df0 00000000`00000002 00000000`00000000 : nt!IofCompleteRequest+0x17
ffff8789`ba764390 fffff800`505a7f7b : ffffb403`adcfb302 00000000`00000000 ffffb403`ae5da010 00000000`00000000 : Wdf01000!FxRequest::CompleteInternal+0x22d [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869]
ffff8789`ba764420 fffff800`5db491d0 : 00000000`00000000 ffffb403`b1993df0 00004bfc`4e66f688 00004bfc`4e66c208 : Wdf01000!imp_WdfRequestComplete+0x8b [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 436]
ffff8789`ba764480 fffff800`5db33540 : ffffb403`aadefdb0 ffffb403`b4a26c02 00000000`00000000 00004bfc`4e66f688 : udecx!UdecxUrbComplete+0x100
ffff8789`ba7644e0 ffffb403`aadefdb0 : ffffb403`b4a26c02 00000000`00000000 00004bfc`4e66f688 ffffb403`adcfb340 : usbip_vhci_ude+0x3540
ffff8789`ba7644e8 ffffb403`b4a26c02 : 00000000`00000000 00004bfc`4e66f688 ffffb403`adcfb340 fffff800`5db37307 : 0xffffb403`aadefdb0
ffff8789`ba7644f0 00000000`00000000 : 00004bfc`4e66f688 ffffb403`adcfb340 fffff800`5db37307 00000000`00000000 : 0xffffb403`b4a26c02


SYMBOL_NAME: pmon+11b9

MODULE_NAME: pmon

IMAGE_NAME: pmon.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 11b9

FAILURE_BUCKET_ID: AV_pmon!unknown_function

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {146d5e1c-c312-8f0e-6f37-5dc8aefa6e27}

Followup: MachineOwner
---------

10: kd> lmvm pmon
Browse full module list
start end module name
fffff800`5de20000 fffff800`5de28000 pmon T (no symbols)
Loaded symbol image file: pmon.sys
Image path: \??\C:\WINDOWS\System32\drivers\pmon.sys
Image name: pmon.sys
Browse all global symbols functions data
Timestamp: Wed Feb 7 16:30:18 2018 (5A7B6FEA)
CheckSum: 0000D687
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:


Continue reading...