Need help with multiple BSOD

E

Evgeny Kharyushin

Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP (12 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS Personal

Built by: 19041.1.amd64fre.vb_release.191206-1406

Machine Name:

Kernel base = 0xfffff805`69800000 PsLoadedModuleList = 0xfffff805`6a42a3b0

Debug session time: Thu Nov 26 08:50:18.373 2020 (UTC + 3:00)

System Uptime: 0 days 0:25:37.052

Loading Kernel Symbols

...............................................................

....Page 8018dc not present in the dump file. Type ".hh dbgerr004" for details

............................................................

.......................................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 00000036`85864018). Type ".hh dbgerr001" for details

Loading unloaded module list

.............

For analysis of this file, run !analyze -v

11: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 000000000000001e, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000001, bitfield :

bit 0 : value 0 = read operation, 1 = write operation

bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: fffff80569a272ad, address which referenced memory


Debugging Details:

------------------



KEY_VALUES_STRING: 1


Key : Analysis.CPU.Sec

Value: 3


Key : Analysis.DebugAnalysisProvider.CPP

Value: Create: 8007007e on DESKTOP-IV0IRJE


Key : Analysis.DebugData

Value: CreateObject


Key : Analysis.DebugModel

Value: CreateObject


Key : Analysis.Elapsed.Sec

Value: 10


Key : Analysis.Memory.CommitPeak.Mb

Value: 70


Key : Analysis.System

Value: CreateObject



BUGCHECK_CODE: a


BUGCHECK_P1: 1e


BUGCHECK_P2: 2


BUGCHECK_P3: 1


BUGCHECK_P4: fffff80569a272ad


WRITE_ADDRESS: 000000000000001e


BLACKBOXBSD: 1 (!blackboxbsd)



BLACKBOXNTFS: 1 (!blackboxntfs)



BLACKBOXPNP: 1 (!blackboxpnp)



BLACKBOXWINLOGON: 1


PROCESS_NAME: chrome.exe


IRP_ADDRESS: ffffa78d20034888


TRAP_FRAME: ffffa4070d65a4e0 -- (.trap 0xffffa4070d65a4e0)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000

rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80569a272ad rsp=ffffa4070d65a670 rbp=0000000000000001

r8=00000000000081f9 r9=0000000000000000 r10=ffffa78d13010160

r11=0000000000001000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei pl zr na po nc

nt!RtlpHpSegPageRangeShrink+0x13d:

fffff805`69a272ad 88411e mov byte ptr [rcx+1Eh],al ds:00000000`0000001e=??

Resetting default scope


STACK_TEXT:

ffffa407`0d65a398 fffff805`69c07169 : 00000000`0000000a 00000000`0000001e 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx

ffffa407`0d65a3a0 fffff805`69c03469 : 00000000`00000000 00000000`00000006 00000048`063200e6 00000000`00000004 : nt!KiBugCheckDispatch+0x69

ffffa407`0d65a4e0 fffff805`69a272ad : ffffa78d`14201e80 00000000`00000001 ffffffff`ffffffff ffffd381`35b4b340 : nt!KiPageFault+0x469

ffffa407`0d65a670 fffff805`69ac75b2 : 00000000`00000000 ffffa78d`13010100 00000000`14200000 00000000`00000000 : nt!RtlpHpSegPageRangeShrink+0x13d

ffffa407`0d65a6e0 fffff805`6a1b1019 : 00000000`00000000 ffffa78d`22d65250 ffffa78d`2034b1c0 01000000`00100000 : nt!ExFreeHeapPool+0x6b2

ffffa407`0d65a7c0 fffff805`69ac3fbe : 00000000`00000000 00000000`00000000 ffffa78d`2034b080 fffff805`69ae2cc3 : nt!ExFreePool+0x9

ffffa407`0d65a7f0 fffff805`69ae29f3 : ffffa78d`20034900 00000000`00000001 ffffa78d`22c3cad0 ffffa78d`22c3cac0 : nt!IopCompleteRequest+0x8e

ffffa407`0d65a8b0 fffff805`69e5ee3d : 00000000`00000000 00000000`00000000 ffffa78d`1fca46a0 00000000`00000000 : nt!IoRemoveIoCompletion+0x393

ffffa407`0d65a9e0 fffff805`69c06bb8 : ffffa78d`2034b080 00000036`8920f528 ffffa407`0d65aaa8 000001a6`f2902240 : nt!NtRemoveIoCompletion+0x13d

ffffa407`0d65aa90 00007ffa`9ce4bec4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28

00000036`8920f508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`9ce4bec4



SYMBOL_NAME: nt!ExFreePool+9


IMAGE_NAME: Pool_Corruption


MODULE_NAME: Pool_Corruption


STACK_COMMAND: .thread ; .cxr ; kb


BUCKET_ID_FUNC_OFFSET: 9


FAILURE_BUCKET_ID: AV_nt!ExFreePool


OS_VERSION: 10.0.19041.1


BUILDLAB_STR: vb_release


OSPLATFORM_TYPE: x64


OSNAME: Windows 10


FAILURE_ID_HASH: {2ae0a97e-dcd7-47ef-dbfb-430f2cbf58a1}


Followup: Pool_corruption

---------

Continue reading...
 
Back
Top Bottom