BSOD: IRQL_NOT_LESS_OR_EQUAL (a) due to ntkrnlmp.exe

ZuluKingFL · Sep 30, 2020

Could some one check my BSOD bugcheck analysis?

Minidump windows 10

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\093020-5906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`66e00000 PsLoadedModuleList = 0xfffff805`67a2a310
Debug session time: Wed Sep 30 20:07:59.209 2020 (UTC + 2:00)
System Uptime: 0 days 10:29:08.848
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`671f3ea0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8185`d45566e0=000000000000000a

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Can't set dump file contexts
MachineInfo::SetContext failed - Thread: 0000027CF0CE0890 Handle: 3 Id: 3 - Error == 0x8000FFFF

************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`66e00000 PsLoadedModuleList = 0xfffff805`67a2a310
Debug session time: Wed Sep 30 20:07:59.209 2020 (UTC + 2:00)
System Uptime: 0 days 10:29:08.848
Loading Kernel Symbols
...............................................................
.........Page 403605 not present in the dump file. Type ".hh dbgerr004" for details
.......................................................
....................Page 141e95 not present in the dump file. Type ".hh dbgerr004" for details
......Page 149cbb not present in the dump file. Type ".hh dbgerr004" for details
......................................
.
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000049`50478018). Type ".hh dbgerr001" for details
Loading unloaded module list
........
nt!KeBugCheckEx:
fffff805`671f3ea0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8185`d45566e0=000000000000000a
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Kernel.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2007.6001.0_neutral__8wekyb3d8bbwe\amd64\Visualizers\winrt.natvis'

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\OneDrive\Minidump windows 10\093020-5906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`66e00000 PsLoadedModuleList = 0xfffff805`67a2a310
Debug session time: Wed Sep 30 20:07:59.209 2020 (UTC + 2:00)
System Uptime: 0 days 10:29:08.848
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`671f3ea0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8185`d45566e0=000000000000000a
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8056708e9ec, address which referenced memory

Debugging Details:
------------------

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 4436

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOPPMCSMOLD

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 24185

Key : Analysis.Memory.CommitPeak.Mb
Value: 82

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1

ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: a

BUGCHECK_P1: 0

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8056708e9ec

READ_ADDRESS: fffff80567afa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80567a0f2e0: Unable to get Flags value from nt!KdVersionBlock
fffff80567a0f2e0: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000000000

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: dwm.exe

TRAP_FRAME: ffff8185d4556820 -- (.trap 0xffff8185d4556820)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe68fdd2b4580 rbx=0000000000000000 rcx=ffff9f0111b40180
rdx=ffffe68fdcfc7c00 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8056708e9ec rsp=ffff8185d45569b0 rbp=ffff9f0111b40180
r8=ffffe68fd9f4d7e0 r9=ffffe68fdcf5d080 r10=0000fffff8056700
r11=ffff8e8ecb3b3bc0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!KiWakeQueueWaiter+0x2c:
fffff805`6708e9ec 488b1b mov rbx,qword ptr [rbx] ds:00000000`00000000=????????????????
Resetting default scope

STACK_TEXT:
ffff8185`d45566d8 fffff805`67205e69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff8185`d45566e0 fffff805`67202169 : ffffe68f`dcf5d080 ffffe68f`dcf97b08 ffffe68f`dcf5d080 ffffe68f`dcf97be0 : nt!KiBugCheckDispatch+0x69
ffff8185`d4556820 fffff805`6708e9ec : 00000000`00000200 00000000`00000000 00000000`00000000 fffff805`674b3edf : nt!KiPageFault+0x469
ffff8185`d45569b0 fffff805`670c9479 : 00000000`00000000 00000000`00000001 ffffe68f`dcf2f6e0 ffff9f01`11b40180 : nt!KiWakeQueueWaiter+0x2c
ffff8185`d4556a00 fffff805`674a48bd : ffffe68f`dcfc7c00 ffff8185`d4556b80 00000049`5089f848 ffffe68f`d9f4d7e0 : nt!KeSetEvent+0x279
ffff8185`d4556a90 fffff805`672058b8 : ffffe68f`dcf5d080 00000000`00000000 00000000`00000000 ffffe68f`00000000 : nt!NtSetEvent+0xbd
ffff8185`d4556b00 00007ffd`26acbf84 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000049`5089f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`26acbf84

SYMBOL_NAME: nt!KiWakeQueueWaiter+2c

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.19041.508

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 2c

FAILURE_BUCKET_ID: AV_nt!KiWakeQueueWaiter

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {89a3d14f-3238-5523-6cfb-56792bd502eb}

Followup: MachineOwner
---------

Continue reading...

BSOD: IRQL_NOT_LESS_OR_EQUAL (a) due to ntkrnlmp.exe

ZuluKingFL

Guest

Similar threads