E
Evgeny Kharyushin
Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`69800000 PsLoadedModuleList = 0xfffff805`6a42a3b0
Debug session time: Thu Nov 26 08:50:18.373 2020 (UTC + 3:00)
System Uptime: 0 days 0:25:37.052
Loading Kernel Symbols
...............................................................
....Page 8018dc not present in the dump file. Type ".hh dbgerr004" for details
............................................................
.......................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000036`85864018). Type ".hh dbgerr001" for details
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000001e, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80569a272ad, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IV0IRJE
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 10
Key : Analysis.Memory.CommitPeak.Mb
Value: 70
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: a
BUGCHECK_P1: 1e
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff80569a272ad
WRITE_ADDRESS: 000000000000001e
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: chrome.exe
IRP_ADDRESS: ffffa78d20034888
TRAP_FRAME: ffffa4070d65a4e0 -- (.trap 0xffffa4070d65a4e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80569a272ad rsp=ffffa4070d65a670 rbp=0000000000000001
r8=00000000000081f9 r9=0000000000000000 r10=ffffa78d13010160
r11=0000000000001000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlpHpSegPageRangeShrink+0x13d:
fffff805`69a272ad 88411e mov byte ptr [rcx+1Eh],al ds:00000000`0000001e=??
Resetting default scope
STACK_TEXT:
ffffa407`0d65a398 fffff805`69c07169 : 00000000`0000000a 00000000`0000001e 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffa407`0d65a3a0 fffff805`69c03469 : 00000000`00000000 00000000`00000006 00000048`063200e6 00000000`00000004 : nt!KiBugCheckDispatch+0x69
ffffa407`0d65a4e0 fffff805`69a272ad : ffffa78d`14201e80 00000000`00000001 ffffffff`ffffffff ffffd381`35b4b340 : nt!KiPageFault+0x469
ffffa407`0d65a670 fffff805`69ac75b2 : 00000000`00000000 ffffa78d`13010100 00000000`14200000 00000000`00000000 : nt!RtlpHpSegPageRangeShrink+0x13d
ffffa407`0d65a6e0 fffff805`6a1b1019 : 00000000`00000000 ffffa78d`22d65250 ffffa78d`2034b1c0 01000000`00100000 : nt!ExFreeHeapPool+0x6b2
ffffa407`0d65a7c0 fffff805`69ac3fbe : 00000000`00000000 00000000`00000000 ffffa78d`2034b080 fffff805`69ae2cc3 : nt!ExFreePool+0x9
ffffa407`0d65a7f0 fffff805`69ae29f3 : ffffa78d`20034900 00000000`00000001 ffffa78d`22c3cad0 ffffa78d`22c3cac0 : nt!IopCompleteRequest+0x8e
ffffa407`0d65a8b0 fffff805`69e5ee3d : 00000000`00000000 00000000`00000000 ffffa78d`1fca46a0 00000000`00000000 : nt!IoRemoveIoCompletion+0x393
ffffa407`0d65a9e0 fffff805`69c06bb8 : ffffa78d`2034b080 00000036`8920f528 ffffa407`0d65aaa8 000001a6`f2902240 : nt!NtRemoveIoCompletion+0x13d
ffffa407`0d65aa90 00007ffa`9ce4bec4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000036`8920f508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`9ce4bec4
SYMBOL_NAME: nt!ExFreePool+9
IMAGE_NAME: Pool_Corruption
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: AV_nt!ExFreePool
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ae0a97e-dcd7-47ef-dbfb-430f2cbf58a1}
Followup: Pool_corruption
---------
Continue reading...
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`69800000 PsLoadedModuleList = 0xfffff805`6a42a3b0
Debug session time: Thu Nov 26 08:50:18.373 2020 (UTC + 3:00)
System Uptime: 0 days 0:25:37.052
Loading Kernel Symbols
...............................................................
....Page 8018dc not present in the dump file. Type ".hh dbgerr004" for details
............................................................
.......................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000036`85864018). Type ".hh dbgerr001" for details
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000001e, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80569a272ad, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IV0IRJE
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 10
Key : Analysis.Memory.CommitPeak.Mb
Value: 70
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: a
BUGCHECK_P1: 1e
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff80569a272ad
WRITE_ADDRESS: 000000000000001e
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: chrome.exe
IRP_ADDRESS: ffffa78d20034888
TRAP_FRAME: ffffa4070d65a4e0 -- (.trap 0xffffa4070d65a4e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80569a272ad rsp=ffffa4070d65a670 rbp=0000000000000001
r8=00000000000081f9 r9=0000000000000000 r10=ffffa78d13010160
r11=0000000000001000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlpHpSegPageRangeShrink+0x13d:
fffff805`69a272ad 88411e mov byte ptr [rcx+1Eh],al ds:00000000`0000001e=??
Resetting default scope
STACK_TEXT:
ffffa407`0d65a398 fffff805`69c07169 : 00000000`0000000a 00000000`0000001e 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffa407`0d65a3a0 fffff805`69c03469 : 00000000`00000000 00000000`00000006 00000048`063200e6 00000000`00000004 : nt!KiBugCheckDispatch+0x69
ffffa407`0d65a4e0 fffff805`69a272ad : ffffa78d`14201e80 00000000`00000001 ffffffff`ffffffff ffffd381`35b4b340 : nt!KiPageFault+0x469
ffffa407`0d65a670 fffff805`69ac75b2 : 00000000`00000000 ffffa78d`13010100 00000000`14200000 00000000`00000000 : nt!RtlpHpSegPageRangeShrink+0x13d
ffffa407`0d65a6e0 fffff805`6a1b1019 : 00000000`00000000 ffffa78d`22d65250 ffffa78d`2034b1c0 01000000`00100000 : nt!ExFreeHeapPool+0x6b2
ffffa407`0d65a7c0 fffff805`69ac3fbe : 00000000`00000000 00000000`00000000 ffffa78d`2034b080 fffff805`69ae2cc3 : nt!ExFreePool+0x9
ffffa407`0d65a7f0 fffff805`69ae29f3 : ffffa78d`20034900 00000000`00000001 ffffa78d`22c3cad0 ffffa78d`22c3cac0 : nt!IopCompleteRequest+0x8e
ffffa407`0d65a8b0 fffff805`69e5ee3d : 00000000`00000000 00000000`00000000 ffffa78d`1fca46a0 00000000`00000000 : nt!IoRemoveIoCompletion+0x393
ffffa407`0d65a9e0 fffff805`69c06bb8 : ffffa78d`2034b080 00000036`8920f528 ffffa407`0d65aaa8 000001a6`f2902240 : nt!NtRemoveIoCompletion+0x13d
ffffa407`0d65aa90 00007ffa`9ce4bec4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000036`8920f508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`9ce4bec4
SYMBOL_NAME: nt!ExFreePool+9
IMAGE_NAME: Pool_Corruption
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: AV_nt!ExFreePool
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ae0a97e-dcd7-47ef-dbfb-430f2cbf58a1}
Followup: Pool_corruption
---------
Continue reading...