The DRIVER_OVERRAN_STACK_BUFFER bug check has a value of 0x000000F7. This indicates that a driver has overrun a stack-based buffer.
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\040819-8359-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802`39a0d000 PsLoadedModuleList = 0xfffff802`39e289f0
Debug session time: Mon Apr 8 16:58:43.459 2019 (UTC + 2:00)
System Uptime: 0 days 0:02:17.470
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {a803a448b52, a223a448b52, fffff5ddc5bb74ad, 0}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00000a803a448b52, Actual security check cookie from the stack
Arg2: 00000a223a448b52, Expected security check cookie
Arg3: fffff5ddc5bb74ad, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: HP Pavilion x360 Convertible
SYSTEM_SKU: 4AS57EA#ABU
SYSTEM_VERSION: Type1ProductConfigId
BIOS_VENDOR: Insyde
BIOS_VERSION: F.32
BIOS_DATE: 11/08/2018
BASEBOARD_MANUFACTURER: HP
BASEBOARD_PRODUCT: 8486
BASEBOARD_VERSION: 72.23
DUMP_TYPE: 2
BUGCHECK_P1: a803a448b52
BUGCHECK_P2: a223a448b52
BUGCHECK_P3: fffff5ddc5bb74ad
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 00000a223a448b52 found 00000a803a448b52
BUGCHECK_STR: 0xF7_THREE_BIT
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: services.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:14:56.0927
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff80239c747f5 to fffff80239bc05e0
STACK_TEXT:
ffffb480`b0e30c18 fffff802`39c747f5 : 00000000`000000f7 00000a80`3a448b52 00000a22`3a448b52 fffff5dd`c5bb74ad : nt!KeBugCheckEx
ffffb480`b0e30c20 fffff802`39ba0bfe : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_report_gsfailure+0x25
ffffb480`b0e30c60 fffff802`39ba0b93 : 00000000`00000000 fffff802`39a344ba 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheckCommon+0x5a
ffffb480`b0e30c90 fffff802`39bc90cf : fffff802`39ef0000 fffff802`39a0d000 0005be48`00a6f000 00000000`0010001f : nt!_GSHandlerCheck+0x13
ffffb480`b0e30cc0 fffff802`39a33b20 : ffffb480`b0e31310 00000000`00000000 ffffb480`b0e31230 fffff802`39df6408 : nt!RtlpExecuteHandlerForException+0xf
ffffb480`b0e30cf0 fffff802`39a78e74 : ffffb480`b0e31c28 ffffb480`b0e31970 ffffb480`b0e31c28 ffffb680`242f4200 : nt!RtlDispatchException+0x430
ffffb480`b0e31440 fffff802`39bd1e42 : 00000000`00000000 fffff601`33bea680 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x144
ffffb480`b0e31af0 fffff802`39bcdd05 : ffffa109`00000000 ffffa109`00000002 00000000`8002ddf0 ffffa109`411fe000 : nt!KiExceptionDispatch+0xc2
ffffb480`b0e31cd0 fffff802`39bc77cf : 000025ed`b59bbfff 000025ed`b59bbf00 ffff8b86`00000001 ffff8b86`00000000 : nt!KiGeneralProtectionFault+0x305
ffffb480`b0e31e60 fffff802`39bc7186 : 00000000`00000002 fffff802`39afa6f0 ffffb480`b0e32101 00000000`00000000 : nt!SwapContext+0x36f
ffffb480`b0e31ea0 fffff802`39b266c7 : ffffb480`b0e32080 ffff8b86`04a8b080 0000007f`fffffff8 ffffb480`b0e32170 : nt!KiSwapContext+0x76
ffffb480`b0e31fe0 fffff802`39b26239 : 00000000`000000a0 ffff8b86`0548c000 ffff8b85`f3a02340 00000000`00000000 : nt!KiSwapThread+0x297
ffffb480`b0e320a0 fffff802`39b23f02 : fffff838`39a0d000 ffff8b37`00000000 ffff8b43`00000000 ffffb432`b0e321c9 : nt!KiCommitThreadWait+0x549
ffffb480`b0e32140 fffff802`39fce44a : ffff8b86`00000002 ffffb480`b0e322c0 ffff8b86`04a8ace0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x582
ffffb480`b0e32210 fffff802`39fce167 : 00000000`000000ff fffff802`3a090000 00000000`00000000 ffff8b85`fc29b600 : nt!ObWaitForMultipleObjects+0x2aa
ffffb480`b0e32710 fffff802`39bd1785 : ffff8b86`04a8b080 ffffb480`b0e32a80 ffff8b86`04a8b080 0000006e`4f97f698 : nt!NtWaitForMultipleObjects+0xf7
ffffb480`b0e32990 00007f00`d3dd01c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000006e`4f97f678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007f00`d3dd01c4
THREAD_SHA1_HASH_MOD_FUNC: 0419a64963adcf17ca1084d030b74eb2a6d8b72d
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: effbdafaeff2f5cb7e2110039bc97b0686413923
THREAD_SHA1_HASH_MOD: aaa5a324bf1bd3082ad2b464ee2ed2f6d50e564c
FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff802`39c747f5 cc int 3
FAULT_INSTR_CODE: cccccccc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!_report_gsfailure+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.379
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
BUCKET_ID: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
PRIMARY_PROBLEM_CLASS: 0xF7_THREE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
TARGET_TIME: 2019-04-08T14:58:43.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 571e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf7_three_bit_missing_gsframe_nt!_report_gsfailure
FAILURE_ID_HASH: {78a85278-f601-c152-78ea-701afde9cf45}
Followup: MachineOwner
---------
3: kd> kb
# RetAddr : Args to Child : Call Site
00 fffff802`39c747f5 : 00000000`000000f7 00000a80`3a448b52 00000a22`3a448b52 fffff5dd`c5bb74ad : nt!KeBugCheckEx
01 fffff802`39ba0bfe : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_report_gsfailure+0x25
02 fffff802`39ba0b93 : 00000000`00000000 fffff802`39a344ba 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheckCommon+0x5a
03 fffff802`39bc90cf : fffff802`39ef0000 fffff802`39a0d000 0005be48`00a6f000 00000000`0010001f : nt!_GSHandlerCheck+0x13
04 fffff802`39a33b20 : ffffb480`b0e31310 00000000`00000000 ffffb480`b0e31230 fffff802`39df6408 : nt!RtlpExecuteHandlerForException+0xf
05 fffff802`39a78e74 : ffffb480`b0e31c28 ffffb480`b0e31970 ffffb480`b0e31c28 ffffb680`242f4200 : nt!RtlDispatchException+0x430
06 fffff802`39bd1e42 : 00000000`00000000 fffff601`33bea680 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x144
07 fffff802`39bcdd05 : ffffa109`00000000 ffffa109`00000002 00000000`8002ddf0 ffffa109`411fe000 : nt!KiExceptionDispatch+0xc2
08 fffff802`39bc77cf : 000025ed`b59bbfff 000025ed`b59bbf00 ffff8b86`00000001 ffff8b86`00000000 : nt!KiGeneralProtectionFault+0x305
09 fffff802`39bc7186 : 00000000`00000002 fffff802`39afa6f0 ffffb480`b0e32101 00000000`00000000 : nt!SwapContext+0x36f
0a fffff802`39b266c7 : ffffb480`b0e32080 ffff8b86`04a8b080 0000007f`fffffff8 ffffb480`b0e32170 : nt!KiSwapContext+0x76
0b fffff802`39b26239 : 00000000`000000a0 ffff8b86`0548c000 ffff8b85`f3a02340 00000000`00000000 : nt!KiSwapThread+0x297
0c fffff802`39b23f02 : fffff838`39a0d000 ffff8b37`00000000 ffff8b43`00000000 ffffb432`b0e321c9 : nt!KiCommitThreadWait+0x549
0d fffff802`39fce44a : ffff8b86`00000002 ffffb480`b0e322c0 ffff8b86`04a8ace0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x582
0e fffff802`39fce167 : 00000000`000000ff fffff802`3a090000 00000000`00000000 ffff8b85`fc29b600 : nt!ObWaitForMultipleObjects+0x2aa
0f fffff802`39bd1785 : ffff8b86`04a8b080 ffffb480`b0e32a80 ffff8b86`04a8b080 0000006e`4f97f698 : nt!NtWaitForMultipleObjects+0xf7
10 00007f00`d3dd01c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
11 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007f00`d3dd01c4
3: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
3: kd> !dpx
Start memory scan : 0xffffb480b0e30c18 ($csp)
End memory scan : 0xffffb480b0e33000 (Kernel Stack Base)
rsp : 0xffffb480b0e30c18 : 0xfffff80239c747f5 : nt!_report_gsfailure+0x25
0xffffb480b0e30c18 : 0xfffff80239c747f5 : nt!_report_gsfailure+0x25
0xffffb480b0e30c58 : 0xfffff80239ba0bfe : nt!_GSHandlerCheckCommon+0x5a
0xffffb480b0e30c88 : 0xfffff80239ba0b93 : nt!_GSHandlerCheck+0x13
0xffffb480b0e30c98 : 0xfffff80239a344ba : nt!RtlInitializeExtendedContext2+0x32
0xffffb480b0e30cb8 : 0xfffff80239bc90cf : nt!RtlpExecuteHandlerForException+0xf
0xffffb480b0e30cc0 : 0xfffff80239ef0000 : "nt!Ports <PERF> (nt+0x4e3000)"
0xffffb480b0e30cc8 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e30ce0 : 0xffffb480b0e312b0 : 0xfffff80239b266c7 : nt!KiSwapThread+0x297
0xffffb480b0e30ce8 : 0xfffff80239a33b20 : nt!RtlDispatchException+0x430
0xffffb480b0e30e28 : 0xfffff80239b26239 : nt!KiCommitThreadWait+0x549
0xffffb480b0e30e78 : 0xfffff8023a47e9f5 : hal!HalpApicRequestInterrupt+0x95
0xffffb480b0e30ea0 : 0xffff8b8604baa0f4 : !du "ERS\ROBER\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWS.CORTANA_CW5N1H2TXYEWY\TEMPSTA..."
0xffffb480b0e31058 : 0xfffff80239d58753 : nt!ExFreePoolWithTag+0xad3
0xffffb480b0e31118 : 0xfffff80239ac817b : nt!ExAllocateHeapPool+0x98b
0xffffb480b0e31188 : 0xfffff80239b2e288 : nt!KeQueryCurrentStackInformation+0x68
0xffffb480b0e311a8 : 0xfffff80239a343e0 : nt!RtlGetExtendedContextLength2+0x3c
0xffffb480b0e311b8 : 0xfffff80239b2e204 : nt!RtlpGetStackLimits+0x14
0xffffb480b0e311e8 : 0xfffff80239a33796 : nt!RtlDispatchException+0xa6
0xffffb480b0e31238 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e312b0 : 0xfffff80239b266c7 : nt!KiSwapThread+0x297
0xffffb480b0e312b8 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e312c0 : 0xfffff80239efd590 : "nt!Ports <PERF> (nt+0x4f0590)"
0xffffb480b0e312e0 : 0xfffff80239ba0b80 : nt!_GSHandlerCheck
0xffffb480b0e31318 : 0xfffff80239b26602 : nt!KiSwapThread+0x1d2
0xffffb480b0e31320 : 0xfffff80239bc79be : nt!SwapContext+0x55e
0xffffb480b0e31328 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e31330 : 0xfffff80239f067b8 : "nt!Ports <PERF> (nt+0x4f97b8)"
0xffffb480b0e31338 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e31340 : 0xfffff80239f06788 : "nt!Ports <PERF> (nt+0x4f9788)"
0xffffb480b0e31348 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e31350 : 0xfffff80239efd590 : "nt!Ports <PERF> (nt+0x4f0590)"
0xffffb480b0e31388 : 0xfffff80239a79321 : nt!KiPreprocessFault+0xb1
0xffffb480b0e313b0 : 0xffffb480b0e313c0 : 0xfffff80239bc77cf : nt!SwapContext+0x36f
0xffffb480b0e313b8 : 0xfffff80239a344ba : nt!RtlInitializeExtendedContext2+0x32
0xffffb480b0e313c0 : 0xfffff80239bc77cf : nt!SwapContext+0x36f
0xffffb480b0e313c8 : 0xfffff80239bc77df : nt!SwapContext+0x37f
0xffffb480b0e313d0 : 0xfffff80239bc77d1 : nt!SwapContext+0x371
0xffffb480b0e313e8 : 0xfffff80239bc77d0 : nt!SwapContext+0x370
0xffffb480b0e313f8 : 0xfffff80239a791ee : nt!KdTrap+0x22
0xffffb480b0e31438 : 0xfffff80239a78e74 : nt!KiDispatchException+0x144
0xffffb480b0e31468 : 0xfffff80239d57000 : "nt!RtlMinimalBarrier <PERF> (nt+0x34a000)"
0xffffb480b0e31568 : 0xfffff80239bc77cf : nt!SwapContext+0x36f
0xffffb480b0e315b8 : 0xfffff8023a47e9f5 : hal!HalpApicRequestInterrupt+0x95
0xffffb480b0e315e0 : 0xffff8b8604baa0f4 : !du "ERS\ROBER\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWS.CORTANA_CW5N1H2TXYEWY\TEMPSTA..."
0xffffb480b0e31898 : 0xfffff80239a2815b : nt!KiIpiSendRequest+0x35b
0xffffb480b0e318c8 : 0xfffff80239a343e0 : nt!RtlGetExtendedContextLength2+0x3c
0xffffb480b0e31908 : 0xfffff80239a342d9 : nt!RtlGetExtendedContextLength+0x2d
0xffffb480b0e31a38 : 0xfffff80239b09dae : nt!MiDeletePteRun+0x75e
0xffffb480b0e31a70 : 0xffffb480b0e32418 : 0xfffff80239d58753 : nt!ExFreePoolWithTag+0xad3
0xffffb480b0e31a88 : 0xfffff80239e4a880 : nt!MiSystemPartition
0xffffb480b0e31ae8 : 0xfffff80239bd1e42 : nt!KiExceptionDispatch+0xc2
0xffffb480b0e31c38 : 0xfffff80239bc77cf : nt!SwapContext+0x36f
0xffffb480b0e31cc8 : 0xfffff80239bcdd05 : nt!KiGeneralProtectionFault+0x305
0xffffb480b0e31cd0 : 0xffffa10900000000 : Trap @ ffffb480b0e31cd0
0xffffb480b0e31d38 : 0xfffff80239af4f4a : nt!MiWalkPageTablesRecursively+0x4ba
0xffffb480b0e31de8 : 0xfffff80239a5efd2 : nt!KiUpdateSpeculationControl+0x1e2
0xffffb480b0e31e38 : 0xfffff80239bc77cf : nt!SwapContext+0x36f
0xffffb480b0e31e98 : 0xfffff80239bc7186 : nt!KiSwapContext+0x76
0xffffb480b0e31ea8 : 0xfffff80239afa6f0 : nt!MiDeleteVa
0xffffb480b0e31ec8 : 0xffffa109419dd010 : 0xffff8b86080e6430 : !du "\Device\HarddiskVolume3\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04F..."
0xffffb480b0e31f98 : 0xfffff80239afa6f0 : nt!MiDeleteVa
0xffffb480b0e31fb0 : 0xffff8b8604d90040 : 0xfffff80239e4d640 : nt!PspSystemQuotaBlock
0xffffb480b0e31fd8 : 0xfffff80239b266c7 : nt!KiSwapThread+0x297
0xffffb480b0e32008 : 0xfffff80239af460a : nt!MiWalkPageTables+0x1ea
0xffffb480b0e32098 : 0xfffff80239b26239 : nt!KiCommitThreadWait+0x549
0xffffb480b0e32138 : 0xfffff80239b23f02 : nt!KeWaitForMultipleObjects+0x582
0xffffb480b0e32208 : 0xfffff80239fce44a : nt!ObWaitForMultipleObjects+0x2aa
Unable to load image \SystemRoot\system32\drivers\mfeavfk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfeavfk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfeavfk.sys
0xffffb480b0e32400 : 0xfffff80239a0d000 : "nt!MmFreeIndependentPages <PERF> (nt+0x0)"
0xffffb480b0e32418 : 0xfffff80239d58753 : nt!ExFreePoolWithTag+0xad3
0xffffb480b0e32588 : 0xfffff80239ca422f : nt!KiSelectProcessorToPreempt+0x11b
0xffffb480b0e325b8 : 0xfffff80239fb7c86 : nt!AlpcViewDestroyProcedure+0x176
0xffffb480b0e32608 : 0xfffff80239f6a240 : nt!ExNode0
0xffffb480b0e32628 : 0xfffff80239ca3f81 : nt!KiHeteroChooseTargetProcessor+0x2d5
0xffffb480b0e32708 : 0xfffff80239fce167 : nt!NtWaitForMultipleObjects+0xf7
0xffffb480b0e32718 : 0xfffff8023a090000 : nt!NtDuplicateToken+0x1d0
0xffffb480b0e32788 : 0xfffff80239ad0417 : nt!KiExitDispatcher+0x187
0xffffb480b0e32798 : 0xfffff80239ad5743 : nt!KiUpdateTotalCyclesCurrentThread+0x2b
0xffffb480b0e32888 : 0xfffff80239a5e427 : nt!AlpcpSignal+0x43
0xffffb480b0e32918 : 0xfffff80239acfed7 : nt!KeSetEvent+0xb7
0xffffb480b0e32988 : 0xfffff80239bd1785 : nt!KiSystemServiceCopyEnd+0x25
0xffffb480b0e32a00 : 0xffff8b8604a8b080 : Trap @ ffffb480b0e32a00
Update driver mfeavfk.sys:
Code:
3: kd> lmvm mfeavfk
Browse full module list
start end module name
fffff802`54540000 fffff802`5459a000 mfeavfk T (no symbols)
Loaded symbol image file: mfeavfk.sys
Image path: \SystemRoot\system32\drivers\mfeavfk.sys
Image name: mfeavfk.sys
Browse all global symbols functions data
Timestamp: Tue Aug 21 13:46:57 2018 (5B7BFBB1)
CheckSum: 0005EC51
ImageSize: 0005A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
The PAGE_FAULT_IN_NONPAGED_AREA bug check has a value of 0x00000050. This indicates that invalid system memory has been referenced.
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\040819-9156-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801`08ea9000 PsLoadedModuleList = 0xfffff801`092c49f0
Debug session time: Mon Apr 8 16:56:01.315 2019 (UTC + 2:00)
System Uptime: 0 days 0:00:16.326
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff85399db45d0, 10, fffff85399db45d0, 2}
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : EhStorClass.sys ( EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+214 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff85399db45d0, memory referenced.
Arg2: 0000000000000010, value 0 = read operation, 1 = write operation.
Arg3: fffff85399db45d0, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: HP Pavilion x360 Convertible
SYSTEM_SKU: 4AS57EA#ABU
SYSTEM_VERSION: Type1ProductConfigId
BIOS_VENDOR: Insyde
BIOS_VERSION: F.32
BIOS_DATE: 11/08/2018
BASEBOARD_MANUFACTURER: HP
BASEBOARD_PRODUCT: 8486
BASEBOARD_VERSION: 72.23
DUMP_TYPE: 2
BUGCHECK_P1: fffff85399db45d0
BUGCHECK_P2: 10
BUGCHECK_P3: fffff85399db45d0
BUGCHECK_P4: 2
READ_ADDRESS: fffff801093eb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff85399db45d0
FAULTING_IP:
+0
fffff853`99db45d0 ?? ???
MM_INTERNAL_CODE: 2
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:21:19.0408
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
TRAP_FRAME: fffffc85389ac380 -- (.trap 0xfffffc85389ac380)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff85399db45d0 rbx=0000000000000000 rcx=ffffb785fd4dfe60
rdx=0000487a025826d8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff85399db45d0 rsp=fffffc85389ac518 rbp=ffffb7860ed8f340
r8=fffff80c99e59100 r9=0000000000000000 r10=ffffb785fd4dfcb0
r11=fffff80c9c285790 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
fffff853`99db45d0 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8010908c00f to fffff8010905c5e0
FAILED_INSTRUCTION_ADDRESS:
+0
fffff853`99db45d0 ?? ???
STACK_TEXT:
fffffc85`389ac098 fffff801`0908c00f : 00000000`00000050 fffff853`99db45d0 00000000`00000010 fffffc85`389ac380 : nt!KeBugCheckEx
fffffc85`389ac0a0 fffff801`08fb0ab7 : ffff0631`00000000 00000000`00000010 00000000`00000000 fffff853`99db45d0 : nt!MiSystemFault+0x1ac34f
fffffc85`389ac1e0 fffff801`0906a083 : ffffb786`0ed19020 ffffb786`0ed19340 0000487a`025826d8 00000000`00000000 : nt!MmAccessFault+0x327
fffffc85`389ac380 fffff853`99db45d0 : fffff80c`9c2859a4 00000000`00000000 ffffb785`fd9f93f0 ffffb786`0ed8f340 : nt!KiPageFault+0x343
fffffc85`389ac518 fffff80c`9c2859a4 : 00000000`00000000 ffffb785`fd9f93f0 ffffb786`0ed8f340 00000000`00000000 : 0xfffff853`99db45d0
fffffc85`389ac520 fffff80c`99db1c4e : ffffb786`0ed8f340 00000000`0000000f 00000000`00000168 ffffb785`fda7d920 : EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+0x214
fffffc85`389ac550 fffff801`08f610d9 : 00000000`00000001 00000000`00001000 00000000`00000000 ffffb785`fd85ddf0 : Wdf01000!FxDevice::DispatchWithLock+0x1ee [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1430]
fffffc85`389ac5b0 fffff80c`9a4b7623 : ffffb786`0f51f488 ffffb786`0e7ead30 00000000`00000001 ffffb785`fda22040 : nt!IofCallDriver+0x59
fffffc85`389ac5f0 fffff80c`9a4b69b9 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00001000 : CLASSPNP!SubmitTransferPacket+0x2c3
fffffc85`389ac630 fffff80c`9a4b6743 : ffffb786`0e7ead30 ffffb786`0f51f200 00000000`00000000 fffff80c`00020000 : CLASSPNP!ServiceTransferRequest+0x209
fffffc85`389ac6c0 fffff80c`9a4b1404 : ffffb785`fda76e10 ffffb786`0f51f010 00000000`00000000 fffff801`08effc0f : CLASSPNP!ClassReadWrite+0x143
fffffc85`389ac710 fffff801`08f610d9 : 00000000`00000000 fffff780`00000008 ffffb785`fd8b38a0 ffffb785`fd8a7a20 : CLASSPNP!ClassGlobalDispatch+0x24
fffffc85`389ac740 fffff80c`9a231c8f : 00000000`00000000 ffffb785`fd8a7a20 ffffb786`0f51f010 ffffb786`0f51f248 : nt!IofCallDriver+0x59
fffffc85`389ac780 fffff80c`9a231f21 : 00000000`00000000 00000000`09d28700 ffffb786`0f51f010 fffff801`08effc0f : partmgr!PmWrite+0x16f
fffffc85`389ac800 fffff801`08f610d9 : 00000000`00000000 fffff780`00000008 ffffb785`fd8b38a0 ffffb786`0f51f010 : partmgr!PmGlobalDispatch+0x21
fffffc85`389ac830 fffff80c`9a231a88 : 00000000`00000000 00000000`00000000 ffffb785`fd8a7a20 ffffb786`0f51f248 : nt!IofCallDriver+0x59
fffffc85`389ac870 fffff80c`9a23189e : 00000000`00001000 ffffb786`0f51f290 fffffc85`389acad9 fffff801`08effc0f : partmgr!PartitionIo+0x1d8
fffffc85`389ac920 fffff80c`9a231f21 : 00000000`00000000 fffff780`00000008 ffffb785`fda8e181 ffffb786`0f51f010 : partmgr!PartitionWrite+0x1e
fffffc85`389ac950 fffff801`08f610d9 : ffffb786`0f51f2f0 fffff80c`9a231f9c 00000000`00000000 ffffb785`fd8e88a0 : partmgr!PmGlobalDispatch+0x21
fffffc85`389ac980 fffff80c`9a311af4 : ffffb785`fd8c6a40 00000000`00000001 00000000`09d286fa 00000000`00000000 : nt!IofCallDriver+0x59
fffffc85`389ac9c0 fffff801`08f610d9 : fffffc85`389acad9 ffffb785`fda8e180 00000000`00000002 ffffb785`fd8d4a04 : volmgr!VmReadWrite+0xf4
fffffc85`389aca00 fffff80c`9b4f43a3 : 00000000`00000000 ffffb785`fda8e180 00000000`00000000 ffffb785`00001000 : nt!IofCallDriver+0x59
fffffc85`389aca40 fffff80c`9b4f403c : fffffc85`389acb5c fffffc85`389acb58 00001000`00000000 ffffb786`0f51f010 : fvevol!FveFilterRundownReadWrite+0x2f3
fffffc85`389acb40 fffff801`08f610d9 : ffffb785`fd8d4a20 00000000`00000000 ffffb785`fd8d4a20 fffff80c`9b4f4097 : fvevol!FveFilterRundownWrite+0x4c
fffffc85`389acbe0 fffff80c`9b6c3c3e : 00000000`00000000 ffffb785`fd8d4a20 ffffb785`fda84e30 00000000`00000000 : nt!IofCallDriver+0x59
fffffc85`389acc20 fffff80c`9b6c4de8 : 00000000`00000002 fffffc85`389acd11 ffffb786`0f51f010 ffffb785`fd8d4a20 : iorate!IoRateIssueAndRecordIo+0x7a
fffffc85`389acc60 fffff80c`9b6c4fc0 : 00000000`00000001 ffffb785`fda8d1d0 00000003`24fef000 fffff178`ade183d0 : iorate!IoRateProcessIrpWrapper+0x180
fffffc85`389acd70 fffff801`08f610d9 : 00000000`00000000 fffff80c`9b6c4fc0 00000000`00000001 ffffb785`fda8d1d0 : iorate!IoRateDispatchReadWrite+0x80
fffffc85`389acdb0 fffff80c`9b5c102e : ffffb785`fda78520 fffff80c`9b5d136b ffffb786`0f544000 fffff80c`9b5de5fc : nt!IofCallDriver+0x59
fffffc85`389acdf0 fffff801`08f610d9 : ffffb785`fda8d1d0 fffff80c`9b5ede84 00000000`00000000 ffffb786`0f51f3b0 : volume!VolumePassThrough+0x1e
fffffc85`389ace20 fffff80c`9b5d14e4 : 00000003`24fef000 ffffb785`fda8d1d0 ffffb785`fda8d1e8 00000000`00000000 : nt!IofCallDriver+0x59
fffffc85`389ace60 fffff80c`9b5d13b3 : fffffc85`37ed0000 fffffc85`389ad000 00000000`00000000 fffffc85`380de0d0 : volsnap!VolsnapWriteFilter+0x114
fffffc85`389acee0 fffff801`08f610d9 : 00000000`00000000 00000000`00000000 ffffb786`0e64e040 fffffc85`389ad000 : volsnap!VolSnapWrite+0x13
fffffc85`389acf10 fffff80c`9ac20ec7 : 00000000`00000000 fffffc85`383bc6c0 fffffc85`380dda90 ffffb786`0e64e040 : nt!IofCallDriver+0x59
fffffc85`389acf50 fffff801`0905fdae : fffffc85`380dda90 00000000`00000000 00000000`00000002 000000f3`6affc230 : Ntfs!NtfsStorageDriverCallout+0x17
fffffc85`389acf80 fffff801`0905fd6c : 00000000`00006000 ffffb785`fd57ee60 ffffb786`0cb31040 fffff801`08fc9546 : nt!KxSwitchKernelStackCallout+0x2e
fffffc85`37026660 fffff801`08fc9546 : ffffa480`00000012 00000000`00000012 00000000`00000000 00000000`00001000 : nt!KiSwitchKernelStackContinue
fffffc85`37026680 fffff801`08fc928c : fffff80c`9ac20eb0 fffffc85`37026868 00000000`00000000 00000100`00000000 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x256
fffffc85`37026710 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xdc
THREAD_SHA1_HASH_MOD_FUNC: 293e84b2ccf97fc3b4e071223b0ef9c668e58290
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: deaedf4dae817d12d7bcf9834e79145bde1d865f
THREAD_SHA1_HASH_MOD: c1b446c77e409524fdec36e2f98e152c954557f6
FOLLOWUP_IP:
EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+214
fffff80c`9c2859a4 488bc8 mov rcx,rax
FAULT_INSTR_CODE: 48c88b48
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+214
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EhStorClass
IMAGE_NAME: EhStorClass.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.253
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 214
FAILURE_BUCKET_ID: AV_INVALID_BAD_IP_EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
BUCKET_ID: AV_INVALID_BAD_IP_EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
PRIMARY_PROBLEM_CLASS: AV_INVALID_BAD_IP_EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
TARGET_TIME: 2019-04-08T14:56:01.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 19dd
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_bad_ip_ehstorclass!filterdeviceevtwdmioctlirppreprocess
FAILURE_ID_HASH: {8124c873-6d92-0b04-800b-cf57d7de4b44}
Followup: MachineOwner
---------
0: kd> !pte fffff85399db45d0
VA fffff85399db45d0
PXE at FFFFF178BC5E2F80 PPE at FFFFF178BC5F0A70 PDE at FFFFF178BE14E670 PTE at FFFFF17C29CCEDA0
contains 0000000004208063 contains 0000000000000000
pfn 4208 ---DA--KWEV not valid
0: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
0: kd> !dpx
Start memory scan : 0xfffffc85389ac098 ($csp)
End memory scan : 0xfffffc85389ad000 (Kernel Stack Base)
0xfffffc85389ac0e8 : 0xfffff80108e1c131 : hal!HalpBuildScatterGatherList+0x231
0xfffffc85389ac0f0 : 0xfffff80c9a3fcae0 : storport!RaidpAdapterContinueScatterGather
0xfffffc85389ac1a8 : 0xfffff80108e1bee3 : hal!HalBuildScatterGatherListV3+0x73
0xfffffc85389ac1d8 : 0xfffff80108fb0ab7 : nt!MmAccessFault+0x327
0xfffffc85389ac238 : 0xfffff80c9a3fce3d : storport!RaUnitStartIo+0x2ed
0xfffffc85389ac258 : 0xfffff80c9a3f875b : storport!RaidInsertDeviceQueue+0x17b
0xfffffc85389ac268 : 0xfffff80c9a3fcae0 : storport!RaidpAdapterContinueScatterGather
0xfffffc85389ac328 : 0xfffff80c9a3fce3d : storport!RaUnitStartIo+0x2ed
0xfffffc85389ac378 : 0xfffff8010906a083 : nt!KiPageFault+0x343
0xfffffc85389ac3c8 : 0xfffff80c99e59100 : Wdf01000!_Tlgg_TelemetryProviderProv
0xfffffc85389ac3e0 : 0xfffff80c9c285790 : EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
0xfffffc85389ac488 : 0xfffff80c9a44d000 : storport!WPP_GLOBAL_Control
0xfffffc85389ac498 : 0xfffff80c9a3f76fa : storport!RaDriverScsiIrp+0x5a
0xfffffc85389ac4c0 : 0xffffb785fd9f93f0 : dt Wdf01000!FxSpinLock
0xfffffc85389ac4c8 : 0xfffff80c99db25e9 : Wdf01000!imp_WdfSpinLockRelease+0x79
0xfffffc85389ac500 : 0xfffffc85389ac518 : 0xfffff80c9c2859a4 : EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+0x214
0xfffffc85389ac518 : 0xfffff80c9c2859a4 : EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+0x214
0xfffffc85389ac528 : 0xffffb785fd9f93f0 : dt Wdf01000!FxSpinLock
0xfffffc85389ac548 : 0xfffff80c99db1c4e : Wdf01000!FxDevice::DispatchWithLock+0x1ee
0xfffffc85389ac568 : 0xffffb785fda7d920 : dt Wdf01000!FxDevice
0xfffffc85389ac578 : 0xfffff80c9a44d000 : storport!WPP_GLOBAL_Control
0xfffffc85389ac588 : 0xfffff80c9a3f76fa : storport!RaDriverScsiIrp+0x5a
0xfffffc85389ac5a8 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389ac5e8 : 0xfffff80c9a4b7623 : CLASSPNP!SubmitTransferPacket+0x2c3
0xfffffc85389ac628 : 0xfffff80c9a4b69b9 : CLASSPNP!ServiceTransferRequest+0x209
0xfffffc85389ac658 : 0xffffb785fda7d920 : dt Wdf01000!FxDevice
0xfffffc85389ac6b8 : 0xfffff80c9a4b6743 : CLASSPNP!ClassReadWrite+0x143
0xfffffc85389ac708 : 0xfffff80c9a4b1404 : CLASSPNP!ClassGlobalDispatch+0x24
0xfffffc85389ac728 : 0xfffff80108effc0f : nt!KeQueryUnbiasedInterruptTimePrecise+0x6f
0xfffffc85389ac738 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389ac778 : 0xfffff80c9a231c8f : partmgr!PmWrite+0x16f
0xfffffc85389ac7a8 : 0xfffff80c9a4b6743 : CLASSPNP!ClassReadWrite+0x143
0xfffffc85389ac7f8 : 0xfffff80c9a231f21 : partmgr!PmGlobalDispatch+0x21
0xfffffc85389ac818 : 0xfffff80108effc0f : nt!KeQueryUnbiasedInterruptTimePrecise+0x6f
0xfffffc85389ac828 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389ac868 : 0xfffff80c9a231a88 : partmgr!PartitionIo+0x1d8
0xfffffc85389ac898 : 0xfffff80c9b5c102e : volume!VolumePassThrough+0x1e
0xfffffc85389ac8f8 : 0xfffff80c9b50f000 : fvevol!WPP_GLOBAL_Control
0xfffffc85389ac918 : 0xfffff80c9a23189e : partmgr!PartitionWrite+0x1e
0xfffffc85389ac938 : 0xfffff80108effc0f : nt!KeQueryUnbiasedInterruptTimePrecise+0x6f
0xfffffc85389ac948 : 0xfffff80c9a231f21 : partmgr!PmGlobalDispatch+0x21
0xfffffc85389ac978 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389ac988 : 0xfffff80c9a231f9c : partmgr!PmWmiCounterIoStart+0x1c
0xfffffc85389ac9b8 : 0xfffff80c9a311af4 : volmgr!VmReadWrite+0xf4
0xfffffc85389ac9e8 : 0xfffff80c9b50f000 : fvevol!WPP_GLOBAL_Control
0xfffffc85389ac9f0 : 0xfffff80c9b502670 : fvevol!FVE_PERF_WRITE_REQUEST_START
0xfffffc85389ac9f8 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389aca38 : 0xfffff80c9b4f43a3 : fvevol!FveFilterRundownReadWrite+0x2f3
0xfffffc85389acaa8 : 0xfffff80c9b6c41f0 : iorate!IoRateOutstandingCountIncrement+0x70
0xfffffc85389acad8 : 0xfffff80c9b6c4c44 : iorate!IoRateProcessIrpHelper+0x394
0xfffffc85389acb38 : 0xfffff80c9b4f403c : fvevol!FveFilterRundownWrite+0x4c
0xfffffc85389acbd8 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389acbf8 : 0xfffff80c9b4f4097 : fvevol!FveFilterRundownRead+0x27
0xfffffc85389acc18 : 0xfffff80c9b6c3c3e : iorate!IoRateIssueAndRecordIo+0x7a
0xfffffc85389acc58 : 0xfffff80c9b6c4de8 : iorate!IoRateProcessIrpWrapper+0x180
0xfffffc85389acd28 : 0xfffff801091f306d : nt!ExAllocatePoolWithTag+0x3d
0xfffffc85389acd68 : 0xfffff80c9b6c4fc0 : iorate!IoRateDispatchReadWrite+0x80
0xfffffc85389acda8 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389acdb8 : 0xfffff80c9b6c4fc0 : iorate!IoRateDispatchReadWrite+0x80
0xfffffc85389acde8 : 0xfffff80c9b5c102e : volume!VolumePassThrough+0x1e
0xfffffc85389acdf8 : 0xfffff80c9b5d136b : volsnap!ExAllocateFromNPagedLookasideList+0x13
0xfffffc85389ace08 : 0xfffff80c9b5de5fc : volsnap!VspDoubleBufferIncomingWrite+0x128
0xfffffc85389ace18 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389ace28 : 0xfffff80c9b5ede84 : volsnap!VspAllocateWriteContext+0x10
0xfffffc85389ace40 : 0xffffb785fda84950 : Trap @ fffffc85389ace40
0xfffffc85389ace58 : 0xfffff80c9b5d14e4 : volsnap!VolsnapWriteFilter+0x114
0xfffffc85389ace88 : 0xfffff80c99a9e421 : FLTMGR!FltpGetOpenedFileName+0x19
0xfffffc85389aced8 : 0xfffff80c9b5d13b3 : volsnap!VolSnapWrite+0x13
0xfffffc85389acf08 : 0xfffff80108f610d9 : nt!IofCallDriver+0x59
0xfffffc85389acf48 : 0xfffff80c9ac20ec7 : Ntfs!NtfsStorageDriverCallout+0x17
0xfffffc85389acf78 : 0xfffff8010905fdae : nt!KxSwitchKernelStackCallout+0x2e
0xfffffc85389acfa8 : 0xfffff8010905fd6c : nt!KiSwitchKernelStackContinue
0xfffffc85389acfb8 : 0xfffff80c9ac20eb0 : Ntfs!NtfsStorageDriverCallout
0: kd> .trap 0xfffffc85389ac380
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff85399db45d0 rbx=0000000000000000 rcx=ffffb785fd4dfe60
rdx=0000487a025826d8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff85399db45d0 rsp=fffffc85389ac518 rbp=ffffb7860ed8f340
r8=fffff80c99e59100 r9=0000000000000000 r10=ffffb785fd4dfcb0
r11=fffff80c9c285790 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
fffff853`99db45d0 ?? ???
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 0 (LOW_LEVEL)
The DRIVER_IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x000000D1. This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\040819-9531-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff800`66cb5000 PsLoadedModuleList = 0xfffff800`670d09f0
Debug session time: Mon Apr 8 16:24:21.454 2019 (UTC + 2:00)
System Uptime: 0 days 2:28:57.468
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff865670ba8a0, 2, 0, fffff8027be39c7c}
Probably caused by : Wdf01000.sys ( Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+4c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff865670ba8a0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8027be39c7c, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: HP Pavilion x360 Convertible
SYSTEM_SKU: 4AS57EA#ABU
SYSTEM_VERSION: Type1ProductConfigId
BIOS_VENDOR: Insyde
BIOS_VERSION: F.32
BIOS_DATE: 11/08/2018
BASEBOARD_MANUFACTURER: HP
BASEBOARD_PRODUCT: 8486
BASEBOARD_VERSION: 72.23
DUMP_TYPE: 2
BUGCHECK_P1: fffff865670ba8a0
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8027be39c7c
READ_ADDRESS: fffff800671f7390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff865670ba8a0
CURRENT_IRQL: 2
FAULTING_IP:
Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+4c [minkernel\wdf\framework\shared\irphandlers\pnp\poweridlestatemachine.cpp @ 1306]
fffff802`7be39c7c 488b4008 mov rax,qword ptr [rax+8]
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: MfeAVSvc.exe
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:26:26.0980
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
DPC_STACK_BASE: FFFFF80069FEEFB0
TRAP_FRAME: ffffd3899274437e -- (.trap 0xffffd3899274437e)
Unable to read trap frame at ffffd389`9274437e
EXCEPTION_RECORD: 00000000084cdc22 -- (.exr 0x84cdc22)
Cannot read Exception record @ 00000000084cdc22
LAST_CONTROL_TRANSFER: from fffff80066e79d69 to fffff80066e685e0
STACK_TEXT:
fffff800`69fee998 fffff800`66e79d69 : 00000000`0000000a fffff865`670ba8a0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`69fee9a0 fffff800`66e7618e : fffff800`00000001 ffffc389`0a731920 ffffc389`10184020 fffff800`66ce7d6f : nt!KiBugCheckDispatch+0x69
fffff800`69feeae0 fffff802`7be39c7c : ffffc389`10802bf0 ffffc389`1b95e000 ffffc389`10802c68 fffff800`65425180 : nt!KiPageFault+0x44e
fffff800`69feec70 fffff800`66d6c659 : 00000000`00000004 fffff800`80801000 ffffc389`10802c68 fffff800`00000002 : Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+0x4c [minkernel\wdf\framework\shared\irphandlers\pnp\poweridlestatemachine.cpp @ 1306]
fffff800`69feecb0 fffff800`66d6d5a7 : 00000000`0000000c 00000000`00989680 ffffc389`1b95e080 00000000`0000001a : nt!KiProcessExpiredTimerList+0x159
fffff800`69feeda0 fffff800`66e6f445 : 00000000`00000000 fffff800`65425180 ffffd389`011539b0 fffff800`66c857e0 : nt!KiRetireDpcList+0x4a7
fffff800`69feefb0 fffff800`66e6f230 : 00000000`01d0070a fffff800`66c1fae6 00000000`00000000 00000000`0000001c : nt!KxRetireDpcList+0x5
ffffd389`011538f0 fffff800`66e6eaf5 : 00000000`356c1fa1 fffff800`66e6a5a1 00000000`235b97f2 ffffd389`011539b0 : nt!KiDispatchInterruptContinue
ffffd389`01153920 fffff800`66e6a5a1 : 00000000`235b97f2 ffffd389`011539b0 fffff800`66c857e0 fffff800`66e6e91c : nt!KiDpcInterruptBypass+0x25
ffffd389`01153930 fffff802`7bd7957a : 00000000`084cdc22 00000000`f8cef1c7 ffffd389`9274437e fffff802`7bd76deb : nt!KiInterruptDispatchNoLockNoEtw+0xb1
ffffd389`01153ac0 fffff802`7bd758da : ffffc389`1d0a1000 00000000`0000f000 fffff802`7d263601 00000000`00000000 : cng!SymCryptSha1AppendBlocks+0xf5a
ffffd389`01153c70 fffff802`7bd757f9 : 00000000`00000000 00000000`00000000 00000000`0000f000 ffffc389`1d0a1000 : cng!SymCryptHashAppendInternal+0xd6
ffffd389`01153cc0 fffff802`7bd75342 : 00000000`00000000 00000000`00000000 00000000`0000f000 00000000`00000000 : cng!SymCryptSha1Append+0x19
ffffd389`01153cf0 fffff802`7bd75209 : ffffc389`0aeda000 fffff802`7d289bbe ffffd6e1`c48e7810 ffffd6eb`70e24738 : cng!MSCryptHashDataInternal+0xf6
ffffd389`01153d20 fffff802`7bd7caeb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : cng!MSCryptHashData+0x69
ffffd389`01153dc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : cng!BCryptHashData+0x7b
THREAD_SHA1_HASH_MOD_FUNC: 8e6979cec5993588073acccf7ea5425034761357
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ac253776e097fe446da1628313e178bc4245e6f0
THREAD_SHA1_HASH_MOD: 0bf749d16e175496659779e214b6cb27f3335a9a
FOLLOWUP_IP:
Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+4c [minkernel\wdf\framework\shared\irphandlers\pnp\poweridlestatemachine.cpp @ 1306]
fffff802`7be39c7c 488b4008 mov rax,qword ptr [rax+8]
FAULT_INSTR_CODE: 8408b48
FAULTING_SOURCE_LINE: minkernel\wdf\framework\shared\irphandlers\pnp\poweridlestatemachine.cpp
FAULTING_SOURCE_FILE: minkernel\wdf\framework\shared\irphandlers\pnp\poweridlestatemachine.cpp
FAULTING_SOURCE_LINE_NUMBER: 1306
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 1.27.17763.132
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 4c
FAILURE_BUCKET_ID: AV_Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine
BUCKET_ID: AV_Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine
PRIMARY_PROBLEM_CLASS: AV_Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine
TARGET_TIME: 2019-04-08T14:24:21.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 150a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_wdf01000!fxpoweridlemachine::_powertimeoutdpcroutine
FAILURE_ID_HASH: {5bb4760c-65d9-15a3-2e30-3b234eb03ad4}
Followup: MachineOwner
---------
0: kd> !irql
Debugger saved IRQL for processor 0x0 -- 2 (DISPATCH_LEVEL)
0: kd> !pte fffff865670ba8a0
VA fffff865670ba8a0
PXE at FFFFD6EB75BADF80 PPE at FFFFD6EB75BF0CA8 PDE at FFFFD6EB7E1959C0 PTE at FFFFD6FC32B385D0
contains 0000000004208063 contains 0000000000000000
pfn 4208 ---DA--KWEV not valid
0: kd> !pte fffff8027be39c7c
VA fffff8027be39c7c
PXE at FFFFD6EB75BADF80 PPE at FFFFD6EB75BF0048 PDE at FFFFD6EB7E009EF8 PTE at FFFFD6FC013DF1C8
contains 0000000004208063 contains 0A0000026BD3F863 contains 0A0000026BD42863 contains 090000026B985021
pfn 4208 ---DA--KWEV pfn 26bd3f ---DA--KWEV pfn 26bd42 ---DA--KWEV pfn 26b985 ----A--KREV
0: kd> !verifier
Verify Flags Level 0x00000000
STANDARD FLAGS:
[X] (0x00000000) Automatic Checks
[ ] (0x00000001) Special pool
[ ] (0x00000002) Force IRQL checking
[ ] (0x00000008) Pool tracking
[ ] (0x00000010) I/O verification
[ ] (0x00000020) Deadlock detection
[ ] (0x00000080) DMA checking
[ ] (0x00000100) Security checks
[ ] (0x00000800) Miscellaneous checks
[ ] (0x00020000) DDI compliance checking
ADDITIONAL FLAGS:
[ ] (0x00000004) Randomized low resources simulation
[ ] (0x00000200) Force pending I/O requests
[ ] (0x00000400) IRP logging
[ ] (0x00002000) Invariant MDL checking for stack
[ ] (0x00004000) Invariant MDL checking for driver
[ ] (0x00008000) Power framework delay fuzzing
[ ] (0x00010000) Port/miniport interface checking
[ ] (0x00040000) Systematic low resources simulation
[ ] (0x00080000) DDI compliance checking (additional)
[ ] (0x00200000) NDIS/WIFI verification
[ ] (0x00800000) Kernel synchronization delay fuzzing
[ ] (0x01000000) VM switch verification
[ ] (0x02000000) Code integrity checks
[X] Indicates flag is enabled
Summary of All Verifier Statistics
RaiseIrqls 0x0
AcquireSpinLocks 0x0
Synch Executions 0x0
Trims 0x0
Pool Allocations Attempted 0x0
Pool Allocations Succeeded 0x0
Pool Allocations Succeeded SpecialPool 0x0
Pool Allocations With NO TAG 0x0
Pool Allocations Failed 0x0
Current paged pool allocations 0x0 for 00000000 bytes
Peak paged pool allocations 0x0 for 00000000 bytes
Current nonpaged pool allocations 0x0 for 00000000 bytes
Peak nonpaged pool allocations 0x0 for 00000000 bytes
0: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
0: kd> !dpx
Start memory scan : 0xfffff80069fee998 ($csp)
End memory scan : 0xfffff80069feefb0 (DPC Stack Base)
rsp : 0xfffff80069fee998 : 0xfffff80066e79d69 : nt!KiBugCheckDispatch+0x69
0xfffff80069fee998 : 0xfffff80066e79d69 : nt!KiBugCheckDispatch+0x69
0xfffff80069fee9c0 : 0xfffff8027be39c7c : Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+0x4c
0xfffff80069feead8 : 0xfffff80066e7618e : nt!KiPageFault+0x44e
0xfffff80069feeae0 : 0xfffff80000000001 : Trap @ fffff80069feeae0
0xfffff80069feeae8 : 0xffffc3890a731920 : dt Wdf01000!FxDevice
0xfffff80069feeaf0 : 0xffffc38910184020 : dt Wdf01000!FxPkgFdo
0xfffff80069feeaf8 : 0xfffff80066ce7d6f : nt!IoQueueWorkItem+0x1f
*** ERROR: Module load completed but symbols could not be loaded for iaLPSS2_SPI.sys
0xfffff80069feeb40 : 0xfffff80069feebf0 : 0xfffff8027beb5750 : Wdf01000!FxPowerIdleMachine::m_StateTable
0xfffff80069feeb48 : 0xfffff80069feebf0 : 0xfffff8027beb5750 : Wdf01000!FxPowerIdleMachine::m_StateTable
0xfffff80069feebf0 : 0xfffff8027beb5750 : Wdf01000!FxPowerIdleMachine::m_StateTable
0xfffff80069feebf8 : 0xfffff8027be31b4e : Wdf01000!FxPowerIdleMachine::ProcessEventLocked+0xee
0xfffff80069feec08 : 0xfffff8027beba630 : Wdf01000!WPP_PowerIdleStateMachine_cpp_Traceguids
0xfffff80069feec20 : 0xfffff8027beba630 : Wdf01000!WPP_PowerIdleStateMachine_cpp_Traceguids
0xfffff80069feec48 : 0xfffff8027be39c7c : Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine+0x4c
0xfffff80069feeca8 : 0xfffff80066d6c659 : nt!KiProcessExpiredTimerList+0x159
0xfffff80069feecf8 : 0xfffff8027be39c30 : Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine
0xfffff80069feed98 : 0xfffff80066d6d5a7 : nt!KiRetireDpcList+0x4a7
0xfffff80069feee70 : 0xfffff8007d5136c0 : CLASSPNP!ClasspIdleTimerDpc
0xfffff80069feee80 : 0xfffff8027be39c30 : Wdf01000!FxPowerIdleMachine::_PowerTimeoutDpcRoutine
0xfffff80069feee90 : 0xfffff8007d516440 : CLASSPNP!TransferPacketRetryTimerDpc
0xfffff80069feeea0 : 0xfffff8007d516440 : CLASSPNP!TransferPacketRetryTimerDpc
0xfffff80069feeeb0 : 0xfffff80066ddf6d0 : nt!PpmCheckPeriodicStart
0xfffff80069feeec0 : 0xfffff80066cc36d0 : nt!KiProcessPendingForegroundBoosts
0xfffff80069feeed0 : 0xfffff80066cc36d0 : nt!KiProcessPendingForegroundBoosts
0xfffff80069feeee0 : 0xfffff80066cc36d0 : nt!KiProcessPendingForegroundBoosts
0xfffff80069feeef0 : 0xfffff80066cc36d0 : nt!KiProcessPendingForegroundBoosts
0xfffff80069feef00 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef10 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef20 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef30 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef40 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef50 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feef60 : 0xfffff80080da8390 : UsbHub3!HUBMISC_PsmEventTimer
0xfffff80069feefa8 : 0xfffff80066e6f445 : nt!KxRetireDpcList+0x5
Update Intel serial io spi driver:
Code:
0: kd> lmvm iaLPSS2_SPI
Browse full module list
start end module name
fffff800`80800000 fffff800`80827000 iaLPSS2_SPI (no symbols)
Loaded symbol image file: iaLPSS2_SPI.sys
Mapped memory image file: c:\symcache\iaLPSS2_SPI.sys\5B15F85C27000\iaLPSS2_SPI.sys
Image path: \SystemRoot\System32\drivers\iaLPSS2_SPI.sys
Image name: iaLPSS2_SPI.sys
Browse all global symbols functions data
Timestamp: Tue Jun 5 04:41:32 2018 (5B15F85C)
CheckSum: 0002CC4B
ImageSize: 00027000
File version: 30.100.1823.1
Product version: 30.100.1823.1
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Intel Corporation
ProductName: Intel(R) Serial IO Driver
InternalName: iaLPSS2_SPI.sys
OriginalFilename: iaLPSS2_SPI.sys
ProductVersion: 30.100.1823.1
FileVersion: 30.100.1823.1
FileDescription: Intel(R) Serial IO SPI Driver v2
LegalCopyright: Copyright © 2015, Intel Corporation.
The IRQL_NOT_LESS_OR_EQUAL bug check has a value of 0x0000000A. This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\040819-9609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801`430b5000 PsLoadedModuleList = 0xfffff801`434d09f0
Debug session time: Mon Apr 8 16:34:42.196 2019 (UTC + 2:00)
System Uptime: 0 days 0:09:49.208
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
..........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {ffffb20061177948, 2, 0, fffff80143173866}
Probably caused by : nsiproxy.sys ( nsiproxy!NsippEnumerateObjectsAllParameters+3af )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffb20061177948, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80143173866, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: HP Pavilion x360 Convertible
SYSTEM_SKU: 4AS57EA#ABU
SYSTEM_VERSION: Type1ProductConfigId
BIOS_VENDOR: Insyde
BIOS_VERSION: F.32
BIOS_DATE: 11/08/2018
BASEBOARD_MANUFACTURER: HP
BASEBOARD_PRODUCT: 8486
BASEBOARD_VERSION: 72.23
DUMP_TYPE: 2
BUGCHECK_P1: ffffb20061177948
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80143173866
READ_ADDRESS: fffff801435f7390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffb20061177948
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlRbRemoveNode+476
fffff801`43173866 0fb64210 movzx eax,byte ptr [rdx+10h]
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: svchost.exe
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:31:10.0824
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
TRAP_FRAME: ffffc58b6aa17030 -- (.trap 0xffffc58b6aa17030)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb2085e333938 rbx=0000000000000000 rcx=00000000000000c8
rdx=ffffb20061177938 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80143173866 rsp=ffffc58b6aa171c8 rbp=0000000000000000
r8=ffffb20863a77938 r9=ffffb20061177938 r10=ffffb2085efa8938
r11=ffffb20849c02290 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlRbRemoveNode+0x476:
fffff801`43173866 0fb64210 movzx eax,byte ptr [rdx+10h] ds:ffffb200`61177948=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80143279d69 to fffff801432685e0
STACK_TEXT:
ffffc58b`6aa16ee8 fffff801`43279d69 : 00000000`0000000a ffffb200`61177948 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffc58b`6aa16ef0 fffff801`4327618e : 00000000`0000000f 00000000`00000000 00000000`00000000 ffffc58b`6aa170c8 : nt!KiBugCheckDispatch+0x69
ffffc58b`6aa17030 fffff801`43173866 : ffffb208`5efa84b0 ffffb208`5efa8930 fffff801`43172945 ffffb208`5efa8000 : nt!KiPageFault+0x44e
ffffc58b`6aa171c8 fffff801`43172945 : ffffb208`5efa8000 ffffb208`49c02280 ffffb208`5efa8030 ffffb208`5efa8000 : nt!RtlRbRemoveNode+0x476
ffffc58b`6aa171e0 fffff801`431732ca : ffffb208`00000000 00010024`00240000 00000000`00000000 00000000`00000048 : nt!RtlpHpVsFreeChunkRemove+0x25
ffffc58b`6aa17210 fffff801`431729d0 : 00000000`00000000 ffffb208`5efa86f0 ffffb208`5efa8000 ffffb208`49c02000 : nt!RtlpHpVsChunkCoalesce+0xea
ffffc58b`6aa17260 fffff801`43263aa9 : 00000000`00000000 fffff801`00000024 ffffc58b`6aa17340 fffff801`43263294 : nt!RtlpHpVsChunkFree+0x40
ffffc58b`6aa172c0 fffff801`43263b61 : ffffb208`49c02280 00000000`00000000 00000000`00000000 ffffb208`61c904b0 : nt!RtlpHpVsContextFreeInternal+0x131
ffffc58b`6aa17310 fffff801`4340090c : ffffb208`5afa6000 0000021b`00442ee0 00000000`00000020 00000000`00000990 : nt!RtlpHpVsContextFreeList+0x55
ffffc58b`6aa17380 fffff801`59c72aaf : 00000000`00000000 00000097`5117e2e0 00000097`0000020f ffffb208`6770534e : nt!ExFreePoolWithTag+0xc8c
ffffc58b`6aa174b0 fffff801`59c72532 : 00000000`00000000 ffffb208`63add510 ffffb208`63add440 00000097`5117e2e0 : nsiproxy!NsippEnumerateObjectsAllParameters+0x3af
ffffc58b`6aa176a0 fffff801`4316d0d9 : ffffb208`5ba46910 00000000`00000000 00000000`00000002 00000000`00000000 : nsiproxy!NsippDispatch+0x82
ffffc58b`6aa176f0 fffff801`43728721 : ffffb208`63add440 00000000`00000000 00000000`00000000 ffffb208`5ba46910 : nt!IofCallDriver+0x59
ffffc58b`6aa17730 fffff801`4375364a : ffffb208`00000000 ffffb208`5ba46960 ffffc58b`6aa17a80 ffffc58b`6aa17a80 : nt!IopSynchronousServiceTail+0x1b1
ffffc58b`6aa177e0 fffff801`436e02d6 : 00000097`5117e160 00000000`000002e4 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x68a
ffffc58b`6aa17920 fffff801`43279785 : ffffb208`58ecc040 00000097`5117e148 ffffc58b`6aa179a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffc58b`6aa17990 00007ff9`c50ef754 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000097`5117e1d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`c50ef754
THREAD_SHA1_HASH_MOD_FUNC: 073e9e5b8f4eb3354bcca01d6ff457695982aeca
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: cabbfe36125d5377b3da8bfab1f916d42038b692
THREAD_SHA1_HASH_MOD: 84ff40da7340bf761a357a14705254d27ccdc72a
FOLLOWUP_IP:
nsiproxy!NsippEnumerateObjectsAllParameters+3af
fffff801`59c72aaf 0f1f440000 nop dword ptr [rax+rax]
FAULT_INSTR_CODE: 441f0f
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: nsiproxy!NsippEnumerateObjectsAllParameters+3af
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nsiproxy
IMAGE_NAME: nsiproxy.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 50877bf
IMAGE_VERSION: 10.0.17763.253
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 3af
FAILURE_BUCKET_ID: AV_nsiproxy!NsippEnumerateObjectsAllParameters
BUCKET_ID: AV_nsiproxy!NsippEnumerateObjectsAllParameters
PRIMARY_PROBLEM_CLASS: AV_nsiproxy!NsippEnumerateObjectsAllParameters
TARGET_TIME: 2019-04-08T14:34:42.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 2ceb
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nsiproxy!nsippenumerateobjectsallparameters
FAILURE_ID_HASH: {ec818f2a-b517-2eb2-2ddb-be94f3f688db}
Followup: MachineOwner
---------
4: kd> kv
# Child-SP RetAddr : Args to Child : Call Site
00 ffffc58b`6aa16ee8 fffff801`43279d69 : 00000000`0000000a ffffb200`61177948 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
01 ffffc58b`6aa16ef0 fffff801`4327618e : 00000000`0000000f 00000000`00000000 00000000`00000000 ffffc58b`6aa170c8 : nt!KiBugCheckDispatch+0x69
02 ffffc58b`6aa17030 fffff801`43173866 : ffffb208`5efa84b0 ffffb208`5efa8930 fffff801`43172945 ffffb208`5efa8000 : nt!KiPageFault+0x44e (TrapFrame @ ffffc58b`6aa17030)
03 ffffc58b`6aa171c8 fffff801`43172945 : ffffb208`5efa8000 ffffb208`49c02280 ffffb208`5efa8030 ffffb208`5efa8000 : nt!RtlRbRemoveNode+0x476
04 ffffc58b`6aa171e0 fffff801`431732ca : ffffb208`00000000 00010024`00240000 00000000`00000000 00000000`00000048 : nt!RtlpHpVsFreeChunkRemove+0x25
05 ffffc58b`6aa17210 fffff801`431729d0 : 00000000`00000000 ffffb208`5efa86f0 ffffb208`5efa8000 ffffb208`49c02000 : nt!RtlpHpVsChunkCoalesce+0xea
06 ffffc58b`6aa17260 fffff801`43263aa9 : 00000000`00000000 fffff801`00000024 ffffc58b`6aa17340 fffff801`43263294 : nt!RtlpHpVsChunkFree+0x40
07 ffffc58b`6aa172c0 fffff801`43263b61 : ffffb208`49c02280 00000000`00000000 00000000`00000000 ffffb208`61c904b0 : nt!RtlpHpVsContextFreeInternal+0x131
08 ffffc58b`6aa17310 fffff801`4340090c : ffffb208`5afa6000 0000021b`00442ee0 00000000`00000020 00000000`00000990 : nt!RtlpHpVsContextFreeList+0x55
09 ffffc58b`6aa17380 fffff801`59c72aaf : 00000000`00000000 00000097`5117e2e0 00000097`0000020f ffffb208`6770534e : nt!ExFreePoolWithTag+0xc8c
0a ffffc58b`6aa174b0 fffff801`59c72532 : 00000000`00000000 ffffb208`63add510 ffffb208`63add440 00000097`5117e2e0 : nsiproxy!NsippEnumerateObjectsAllParameters+0x3af
0b ffffc58b`6aa176a0 fffff801`4316d0d9 : ffffb208`5ba46910 00000000`00000000 00000000`00000002 00000000`00000000 : nsiproxy!NsippDispatch+0x82
0c ffffc58b`6aa176f0 fffff801`43728721 : ffffb208`63add440 00000000`00000000 00000000`00000000 ffffb208`5ba46910 : nt!IofCallDriver+0x59
0d ffffc58b`6aa17730 fffff801`4375364a : ffffb208`00000000 ffffb208`5ba46960 ffffc58b`6aa17a80 ffffc58b`6aa17a80 : nt!IopSynchronousServiceTail+0x1b1
0e ffffc58b`6aa177e0 fffff801`436e02d6 : 00000097`5117e160 00000000`000002e4 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x68a
0f ffffc58b`6aa17920 fffff801`43279785 : ffffb208`58ecc040 00000097`5117e148 ffffc58b`6aa179a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
10 ffffc58b`6aa17990 00007ff9`c50ef754 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ ffffc58b`6aa17a00)
11 00000097`5117e1d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`c50ef754
4: kd> !pte ffffb20061177948
VA ffffb20061177948
PXE at FFFFA5D2E974BB20 PPE at FFFFA5D2E9764008 PDE at FFFFA5D2EC801840 PTE at FFFFA5D900308BB8
contains 0A000000044D3863 contains 0000000000000000
pfn 44d3 ---DA--KWEV not valid
4: kd> !pte fffff80143173866
VA fffff80143173866
PXE at FFFFA5D2E974BF80 PPE at FFFFA5D2E97F0028 PDE at FFFFA5D2FE0050C0 PTE at FFFFA5FC00A18B98
contains 0000000006508063 contains 0000000006509063 contains 00000000028008E3 contains 0000000000000000
pfn 6508 ---DA--KWEV pfn 6509 ---DA--KWEV pfn 2800 --LDA--KWEV LARGE PAGE pfn 2833
4: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
4: kd> !dpx
Start memory scan : 0xffffc58b6aa16ee8 ($csp)
End memory scan : 0xffffc58b6aa18000 (Kernel Stack Base)
rsp : 0xffffc58b6aa16ee8 : 0xfffff80143279d69 : nt!KiBugCheckDispatch+0x69
0xffffc58b6aa16ee8 : 0xfffff80143279d69 : nt!KiBugCheckDispatch+0x69
0xffffc58b6aa16f10 : 0xfffff80143173866 : nt!RtlRbRemoveNode+0x476
0xffffc58b6aa17028 : 0xfffff8014327618e : nt!KiPageFault+0x44e
0xffffc58b6aa17030 : 0x000000000000000f : Trap @ ffffc58b6aa17030
0xffffc58b6aa17108 : 0xfffff801431701c6 : nt!ExAllocateHeapPool+0x9d6
0xffffc58b6aa17128 : 0xfffff80144b678e7 : ndis!NdisGetThreadObjectCompartmentScope+0xd7
0xffffc58b6aa17138 : 0xfffff8014326330b : nt!RtlpHpReleaseQueuedLockExclusive+0x43
0xffffc58b6aa17140 : 0xffffc58b6aa17198 : 0xfffff80143173866 : nt!RtlRbRemoveNode+0x476
0xffffc58b6aa17148 : 0xfffff80143263255 : nt!RtlInterlockedPushEntrySList+0x9
0xffffc58b6aa17168 : 0xfffff80143119840 : nt!RtlpHpVsSubsegmentCommitPages+0xe0
0xffffc58b6aa17198 : 0xfffff80143173866 : nt!RtlRbRemoveNode+0x476
0xffffc58b6aa171d8 : 0xfffff80143172945 : nt!RtlpHpVsFreeChunkRemove+0x25
0xffffc58b6aa17208 : 0xfffff801431732ca : nt!RtlpHpVsChunkCoalesce+0xea
0xffffc58b6aa17258 : 0xfffff801431729d0 : nt!RtlpHpVsChunkFree+0x40
0xffffc58b6aa172b8 : 0xfffff80143263aa9 : nt!RtlpHpVsContextFreeInternal+0x131
0xffffc58b6aa172d8 : 0xfffff80143263294 : nt!RtlpHpAcquireQueuedLockExclusive+0x34
0xffffc58b6aa172e8 : 0xfffff80144d2a748 : !da "NsiEnumerateObjectsAllParametersEx"
0xffffc58b6aa17308 : 0xfffff80143263b61 : nt!RtlpHpVsContextFreeList+0x55
0xffffc58b6aa17378 : 0xfffff8014340090c : nt!ExFreePoolWithTag+0xc8c
0xffffc58b6aa174a8 : 0xfffff80159c72aaf : nsiproxy!NsippEnumerateObjectsAllParameters+0x3af
0xffffc58b6aa17618 : 0xfffff80143400753 : nt!ExFreePoolWithTag+0xad3
0xffffc58b6aa17698 : 0xfffff80159c72532 : nsiproxy!NsippDispatch+0x82
0xffffc58b6aa176e8 : 0xfffff8014316d0d9 : nt!IofCallDriver+0x59
0xffffc58b6aa17728 : 0xfffff80143728721 : nt!IopSynchronousServiceTail+0x1b1
0xffffc58b6aa177d8 : 0xfffff8014375364a : nt!IopXxxControlFile+0x68a
0xffffc58b6aa17828 : 0xfffff80143730a60 : nt!ObpAllocateObject+0x1a0
0xffffc58b6aa17848 : 0xfffff8014374e601 : nt!ObCloseHandleTableEntry+0x271
0xffffc58b6aa178a8 : 0xfffff8014374b561 : nt!ObCreateObjectEx+0xf1
0xffffc58b6aa17918 : 0xfffff801436e02d6 : nt!NtDeviceIoControlFile+0x56
0xffffc58b6aa17988 : 0xfffff80143279785 : nt!KiSystemServiceCopyEnd+0x25
0xffffc58b6aa179f8 : 0xfffff80143279785 : nt!KiSystemServiceCopyEnd+0x25
0xffffc58b6aa17a00 : 0xffffb20858ecc040 : Trap @ ffffc58b6aa17a00
Unknown bugcheck code (fd00000b) (propably an internal error code for the Realtek wifi card driver (?) )
Unknown bugcheck description
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\RealTek-20190408-1602.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff804`60411000 PsLoadedModuleList = 0xfffff804`6082c9f0
Debug session time: Mon Apr 8 17:02:09.099 2019 (UTC + 2:00)
System Uptime: 0 days 0:02:17.109
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver list
*** WARNING: Unable to verify timestamp for rtwlane.sys
*** ERROR: Module load completed but symbols could not be loaded for rtwlane.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck FD00000B, {2, ffffc382e2827520, 1b0, 0}
Probably caused by : rtwlane.sys ( rtwlane+8a069e )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (fd00000b)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000002
Arg2: ffffc382e2827520
Arg3: 00000000000001b0
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.379 (WinBuild.160101.0800)
DUMP_TYPE: 2
BUGCHECK_P1: 2
BUGCHECK_P2: ffffc382e2827520
BUGCHECK_P3: 1b0
BUGCHECK_P4: 0
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xFD00000B
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:37:38.0001
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from ffff9f8ad5823880 to fffff80395d3069e
STACK_TEXT:
ffffc382`e2826f00 ffff9f8a`d5823880 : fffff803`9585ffc0 00000000`00000000 00000000`00000000 ffffc382`e2827520 : rtwlane+0x8a069e
ffffc382`e2826f08 fffff803`9585ffc0 : 00000000`00000000 00000000`00000000 ffffc382`e2827520 00000000`000001b0 : 0xffff9f8a`d5823880
ffffc382`e2826f10 00000000`00000000 : 00000000`00000000 ffffc382`e2827520 00000000`000001b0 00000000`00000000 : rtwlane+0x3cffc0
THREAD_SHA1_HASH_MOD_FUNC: 1b9845844ab9dcb71157af5e20eff2d021d7feeb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 77702903be39e54f06c0ca5f9392aca591624508
THREAD_SHA1_HASH_MOD: 1b9845844ab9dcb71157af5e20eff2d021d7feeb
FOLLOWUP_IP:
rtwlane+8a069e
fffff803`95d3069e 488b03 mov rax,qword ptr [rbx]
FAULT_INSTR_CODE: 48038b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: rtwlane+8a069e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rtwlane
IMAGE_NAME: rtwlane.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b988080
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 8a069e
FAILURE_BUCKET_ID: 0xFD00000B_rtwlane!unknown_function
BUCKET_ID: 0xFD00000B_rtwlane!unknown_function
PRIMARY_PROBLEM_CLASS: 0xFD00000B_rtwlane!unknown_function
TARGET_TIME: 2019-04-08T15:02:09.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.379
ANALYSIS_SESSION_ELAPSED_TIME: b06
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xfd00000b_rtwlane!unknown_function
FAILURE_ID_HASH: {6b807f42-1753-04ce-9e6a-284d75e8c42d}
Followup: MachineOwner
---------
0: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
0: kd> !dpx
Start memory scan : 0xffffc382e2826f00 ($csp)
End memory scan : 0xffffc382e2828000 (Kernel Stack Base)
*** WARNING: Unable to verify timestamp for rtwlane.sys
*** ERROR: Module load completed but symbols could not be loaded for rtwlane.sys
0xffffc382e28274a0 : 0xfffff8046096e240 : nt!ExNode0
0xffffc382e28276f8 : 0xfffff804605cb60f : nt!SwapContext+0x1af
0xffffc382e2827720 : 0x3431353031203d20 : !da "" = 10514""
0xffffc382e2827738 : 0xfffff804605cb186 : nt!KiSwapContext+0x76
0xffffc382e2827748 : 0x21212054524f5050 : !da ""PPORT !!.""
0xffffc382e2827878 : 0xfffff8046052a724 : nt!KiSwapThread+0x2f4
0xffffc382e2827918 : 0xfffff80390c72650 : ndis!ndisDispatchIoWorkItem
0xffffc382e2827928 : 0xfffff8046053341f : nt!PsImpersonateContainerOfThread+0x24f
0xffffc382e28279c8 : 0xfffff80390c72662 : ndis!ndisDispatchIoWorkItem+0x12
0xffffc382e28279e0 : 0xfffff80390c72650 : ndis!ndisDispatchIoWorkItem
0xffffc382e28279f8 : 0xfffff8046047ff7c : nt!IopProcessWorkItem+0x12c
0xffffc382e2827a28 : 0xfffff8046096e240 : nt!ExNode0
0xffffc382e2827a68 : 0xfffff804604c51ea : nt!ExpWorkerThread+0x16a
0xffffc382e2827a80 : 0xfffff8046047fe50 : nt!IopProcessWorkItem
0xffffc382e2827af0 : 0xfffff804604c5080 : nt!ExpWorkerThread
0xffffc382e2827b08 : 0xfffff80460497bc5 : nt!PspSystemThreadStartup+0x55
0xffffc382e2827b58 : 0xfffff804605cba3c : nt!KiStartSystemThread+0x1c
0xffffc382e2827b70 : 0xfffff80460497b70 : nt!PspSystemThreadStartup
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\RealTek-20190409-1222.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff804`59298000 PsLoadedModuleList = 0xfffff804`596b39f0
Debug session time: Tue Apr 9 13:22:19.088 2019 (UTC + 2:00)
System Uptime: 0 days 0:00:21.091
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver list
*** WARNING: Unable to verify timestamp for rtwlane.sys
*** ERROR: Module load completed but symbols could not be loaded for rtwlane.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck FD00000B, {2, ffffe28ffa65a520, 1b0, 0}
Probably caused by : rtwlane.sys ( rtwlane+8a069e )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (fd00000b)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000002
Arg2: ffffe28ffa65a520
Arg3: 00000000000001b0
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.17763.379 (WinBuild.160101.0800)
DUMP_TYPE: 2
BUGCHECK_P1: 2
BUGCHECK_P2: ffffe28ffa65a520
BUGCHECK_P3: 1b0
BUGCHECK_P4: 0
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xFD00000B
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: MICHAL
ANALYSIS_SESSION_TIME: 04-09-2019 17:41:07.0605
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from ffff96861803d860 to fffff8013a0e069e
STACK_TEXT:
ffffe28f`fa659f00 ffff9686`1803d860 : fffff801`39c0ffc0 00000000`00000000 00000000`00000000 ffffe28f`fa65a520 : rtwlane+0x8a069e
ffffe28f`fa659f08 fffff801`39c0ffc0 : 00000000`00000000 00000000`00000000 ffffe28f`fa65a520 00000000`000001b0 : 0xffff9686`1803d860
ffffe28f`fa659f10 00000000`00000000 : 00000000`00000000 ffffe28f`fa65a520 00000000`000001b0 00000000`00000000 : rtwlane+0x3cffc0
THREAD_SHA1_HASH_MOD_FUNC: 1b9845844ab9dcb71157af5e20eff2d021d7feeb
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 77702903be39e54f06c0ca5f9392aca591624508
THREAD_SHA1_HASH_MOD: 1b9845844ab9dcb71157af5e20eff2d021d7feeb
FOLLOWUP_IP:
rtwlane+8a069e
fffff801`3a0e069e 488b03 mov rax,qword ptr [rbx]
FAULT_INSTR_CODE: 48038b48
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: rtwlane+8a069e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rtwlane
IMAGE_NAME: rtwlane.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b988080
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 8a069e
FAILURE_BUCKET_ID: 0xFD00000B_rtwlane!unknown_function
BUCKET_ID: 0xFD00000B_rtwlane!unknown_function
PRIMARY_PROBLEM_CLASS: 0xFD00000B_rtwlane!unknown_function
TARGET_TIME: 2019-04-09T11:22:19.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.379
ANALYSIS_SESSION_ELAPSED_TIME: b0d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xfd00000b_rtwlane!unknown_function
FAILURE_ID_HASH: {6b807f42-1753-04ce-9e6a-284d75e8c42d}
Followup: MachineOwner
---------
6: kd> .load pde
=========================================================================================
PDE v11.3 - Copyright 2017 Andrew Richards
=========================================================================================
6: kd> !dpx
Start memory scan : 0xffffe28ffa659f00 ($csp)
End memory scan : 0xffffe28ffa65b000 (Kernel Stack Base)
*** WARNING: Unable to verify timestamp for rtwlane.sys
*** ERROR: Module load completed but symbols could not be loaded for rtwlane.sys
0xffffe28ffa65a4a0 : 0xfffff804597f5240 : nt!ExNode0
0xffffe28ffa65a6f8 : 0xfffff80459452930 : nt!SwapContext+0x4d0
0xffffe28ffa65a728 : 0xfffff801354ba600 : !da "l\wdf\framework\shared\core\fxrequest.cpp"
0xffffe28ffa65a738 : 0xfffff80459452186 : nt!KiSwapContext+0x76
0xffffe28ffa65a740 : 0xfffff801354ba630 : Wdf01000!WPP_PowerIdleStateMachine_cpp_Traceguids
0xffffe28ffa65a768 : 0xfffff80135431a31 : Wdf01000!WPP_IFR_SF_qqLL+0xe1
0xffffe28ffa65a838 : 0xfffff804593581ab : nt!KeReleaseMutant+0x19b
0xffffe28ffa65a878 : 0xfffff804593b1724 : nt!KiSwapThread+0x2f4
0xffffe28ffa65a898 : 0xfffff804593b07b1 : nt!KeWaitForSingleObject+0xd11
0xffffe28ffa65a8d8 : 0xfffff8045935aed7 : nt!KeSetEvent+0xb7
0xffffe28ffa65a918 : 0xfffff80136672650 : ndis!ndisDispatchIoWorkItem
0xffffe28ffa65a928 : 0xfffff804593ba41f : nt!PsImpersonateContainerOfThread+0x24f
0xffffe28ffa65a9c8 : 0xfffff80136672662 : ndis!ndisDispatchIoWorkItem+0x12
0xffffe28ffa65a9e0 : 0xfffff80136672650 : ndis!ndisDispatchIoWorkItem
0xffffe28ffa65a9f8 : 0xfffff80459306f7c : nt!IopProcessWorkItem+0x12c
0xffffe28ffa65aa28 : 0xfffff804597f5240 : nt!ExNode0
0xffffe28ffa65aa68 : 0xfffff8045934c1ea : nt!ExpWorkerThread+0x16a
0xffffe28ffa65aa80 : 0xfffff80459306e50 : nt!IopProcessWorkItem
0xffffe28ffa65aaf0 : 0xfffff8045934c080 : nt!ExpWorkerThread
0xffffe28ffa65ab08 : 0xfffff8045931ebc5 : nt!PspSystemThreadStartup+0x55
0xffffe28ffa65ab50 : 0xfffff804597f7400 : nt!KiInitialThread
0xffffe28ffa65ab58 : 0xfffff80459452a3c : nt!KiStartSystemThread+0x1c
0xffffe28ffa65ab70 : 0xfffff8045931eb70 : nt!PspSystemThreadStartup
Update Realtek WLAN Driver:
Code:
6: kd> lmvm rtwlane
Browse full module list
start end module name
fffff801`39840000 fffff801`3a16d000 rtwlane T (no symbols)
Loaded symbol image file: rtwlane.sys
Image path: rtwlane.sys
Image name: rtwlane.sys
Browse all global symbols functions data
Timestamp: Wed Sep 12 04:57:04 2018 (5B988080)
CheckSum: 00916BE5
ImageSize: 0092D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
Mini Kernel Dump does not contain unloaded driver list
At the end check your SSD with HD Tune and RAM with memtest86+