B
BSOD ntkrnlmp.exe AV_CODE_AV_BAD_IP
Guest
Had this problem, any suggestions ?
2: kd> !analyze -v
***
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffe001aa82fa96, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: ffffe001aa82fa96, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 9600.19125.amd64fre.winblue_ltsb.180812-0703
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 09/17/2015
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 1
BUGCHECK_P1: ffffe001aa82fa96
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: ffffe001aa82fa96
READ_ADDRESS: ffffe001aa82fa96 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
+0
ffffe001`aa82fa96 ?? ???
CPU_COUNT: 8
CPU_MHZ: 9c1
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 2
CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 35'00000000 (cache) 35'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: csrss.exe
ANALYSIS_SESSION_HOST: NO-L-7002570
ANALYSIS_SESSION_TIME: 01-09-2019 11:35:41.0323
ANALYSIS_VERSION: 10.0.17763.132 x86fre
TRAP_FRAME: ffffd000293bdef0 -- (.trap 0xffffd000293bdef0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000080040031 rbx=0000000000000000 rcx=fffff6fb7dbedf80
rdx=ffffd000293be450 rsi=0000000000000000 rdi=0000000000000000
rip=ffffe001aa82fa96 rsp=ffffd000293be088 rbp=ffffd000293be100
r8=0000000000000000 r9=0000000000000000 r10=7010008004002001
r11=0000000080050031 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
ffffe001`aa82fa96 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff801a35c3529 to fffff801a35b32a0
FAILED_INSTRUCTION_ADDRESS:
+0
ffffe001`aa82fa96 ?? ???
STACK_TEXT:
ffffd000`293bdda8 fffff801`a35c3529 : 00000000`0000000a ffffe001`aa82fa96 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
ffffd000`293bddb0 fffff801`a35c0a62 : ffffe001`a0fe68b8 00000000`00000000 ffffd000`293be000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`293bdef0 ffffe001`aa82fa96 : ffffe001`aad14031 ffffe001`9ec08080 ffffd000`293be100 ffffe001`aad093c8 : nt!KiPageFault+0x422
ffffd000`293be088 ffffe001`aad14031 : ffffe001`9ec08080 ffffd000`293be100 ffffe001`aad093c8 00000000`00000004 : 0xffffe001`aa82fa96
ffffd000`293be090 ffffe001`9ec08080 : ffffd000`293be100 ffffe001`aad093c8 00000000`00000004 ffffe001`9fb001a0 : 0xffffe001`aad14031
ffffd000`293be098 ffffd000`293be100 : ffffe001`aad093c8 00000000`00000004 ffffe001`9fb001a0 ffffe001`9fb00050 : 0xffffe001`9ec08080
ffffd000`293be0a0 ffffe001`aad093c8 : 00000000`00000004 ffffe001`9fb001a0 ffffe001`9fb00050 00000000`00000001 : 0xffffd000`293be100
ffffd000`293be0a8 00000000`00000004 : ffffe001`9fb001a0 ffffe001`9fb00050 00000000`00000001 00000000`00000000 : 0xffffe001`aad093c8
ffffd000`293be0b0 ffffe001`9fb001a0 : ffffe001`9fb00050 00000000`00000001 00000000`00000000 ffffe001`a247e150 : 0x4
ffffd000`293be0b8 ffffe001`9fb00050 : 00000000`00000001 00000000`00000000 ffffe001`a247e150 fffff801`a36ff839 : 0xffffe001`9fb001a0
ffffd000`293be0c0 00000000`00000001 : 00000000`00000000 ffffe001`a247e150 fffff801`a36ff839 fffff801`00000003 : 0xffffe001`9fb00050
ffffd000`293be0c8 00000000`00000000 : ffffe001`a247e150 fffff801`a36ff839 fffff801`00000003 00000000`00000002 : 0x1
THREAD_SHA1_HASH_MOD_FUNC: bf99962f16aee8a6a536cfcc5454c0cd4db15ac9
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5242227c16c4d981a5f10ce90489f29c7c013455
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!KiPageFault+422
fffff801`a35c0a62 440f20c0 mov rax,cr8
FAULT_INSTR_CODE: c0200f44
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+422
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5b705abc
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 422
FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
PRIMARY_PROBLEM_CLASS: AV_CODE_AV_BAD_IP_nt!KiPageFault
TARGET_TIME: 2018-12-29T11:04:05.000Z
OSBUILD: 9600
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-08-12 18:05:16
BUILDDATESTAMP_STR: 180812-0703
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19125.amd64fre.winblue_ltsb.180812-0703
ANALYSIS_SESSION_ELAPSED_TIME: 97f
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_code_av_bad_ip_nt!kipagefault
FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}
Followup: MachineOwner
More...
2: kd> !analyze -v
***
- *
- Bugcheck Analysis *
- *
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffe001aa82fa96, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: ffffe001aa82fa96, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 9600.19125.amd64fre.winblue_ltsb.180812-0703
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 09/17/2015
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 1
BUGCHECK_P1: ffffe001aa82fa96
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: ffffe001aa82fa96
READ_ADDRESS: ffffe001aa82fa96 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
+0
ffffe001`aa82fa96 ?? ???
CPU_COUNT: 8
CPU_MHZ: 9c1
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 2
CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 35'00000000 (cache) 35'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: csrss.exe
ANALYSIS_SESSION_HOST: NO-L-7002570
ANALYSIS_SESSION_TIME: 01-09-2019 11:35:41.0323
ANALYSIS_VERSION: 10.0.17763.132 x86fre
TRAP_FRAME: ffffd000293bdef0 -- (.trap 0xffffd000293bdef0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000080040031 rbx=0000000000000000 rcx=fffff6fb7dbedf80
rdx=ffffd000293be450 rsi=0000000000000000 rdi=0000000000000000
rip=ffffe001aa82fa96 rsp=ffffd000293be088 rbp=ffffd000293be100
r8=0000000000000000 r9=0000000000000000 r10=7010008004002001
r11=0000000080050031 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
ffffe001`aa82fa96 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff801a35c3529 to fffff801a35b32a0
FAILED_INSTRUCTION_ADDRESS:
+0
ffffe001`aa82fa96 ?? ???
STACK_TEXT:
ffffd000`293bdda8 fffff801`a35c3529 : 00000000`0000000a ffffe001`aa82fa96 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
ffffd000`293bddb0 fffff801`a35c0a62 : ffffe001`a0fe68b8 00000000`00000000 ffffd000`293be000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`293bdef0 ffffe001`aa82fa96 : ffffe001`aad14031 ffffe001`9ec08080 ffffd000`293be100 ffffe001`aad093c8 : nt!KiPageFault+0x422
ffffd000`293be088 ffffe001`aad14031 : ffffe001`9ec08080 ffffd000`293be100 ffffe001`aad093c8 00000000`00000004 : 0xffffe001`aa82fa96
ffffd000`293be090 ffffe001`9ec08080 : ffffd000`293be100 ffffe001`aad093c8 00000000`00000004 ffffe001`9fb001a0 : 0xffffe001`aad14031
ffffd000`293be098 ffffd000`293be100 : ffffe001`aad093c8 00000000`00000004 ffffe001`9fb001a0 ffffe001`9fb00050 : 0xffffe001`9ec08080
ffffd000`293be0a0 ffffe001`aad093c8 : 00000000`00000004 ffffe001`9fb001a0 ffffe001`9fb00050 00000000`00000001 : 0xffffd000`293be100
ffffd000`293be0a8 00000000`00000004 : ffffe001`9fb001a0 ffffe001`9fb00050 00000000`00000001 00000000`00000000 : 0xffffe001`aad093c8
ffffd000`293be0b0 ffffe001`9fb001a0 : ffffe001`9fb00050 00000000`00000001 00000000`00000000 ffffe001`a247e150 : 0x4
ffffd000`293be0b8 ffffe001`9fb00050 : 00000000`00000001 00000000`00000000 ffffe001`a247e150 fffff801`a36ff839 : 0xffffe001`9fb001a0
ffffd000`293be0c0 00000000`00000001 : 00000000`00000000 ffffe001`a247e150 fffff801`a36ff839 fffff801`00000003 : 0xffffe001`9fb00050
ffffd000`293be0c8 00000000`00000000 : ffffe001`a247e150 fffff801`a36ff839 fffff801`00000003 00000000`00000002 : 0x1
THREAD_SHA1_HASH_MOD_FUNC: bf99962f16aee8a6a536cfcc5454c0cd4db15ac9
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5242227c16c4d981a5f10ce90489f29c7c013455
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!KiPageFault+422
fffff801`a35c0a62 440f20c0 mov rax,cr8
FAULT_INSTR_CODE: c0200f44
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+422
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5b705abc
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 422
FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault
PRIMARY_PROBLEM_CLASS: AV_CODE_AV_BAD_IP_nt!KiPageFault
TARGET_TIME: 2018-12-29T11:04:05.000Z
OSBUILD: 9600
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-08-12 18:05:16
BUILDDATESTAMP_STR: 180812-0703
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19125.amd64fre.winblue_ltsb.180812-0703
ANALYSIS_SESSION_ELAPSED_TIME: 97f
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_code_av_bad_ip_nt!kipagefault
FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}
Followup: MachineOwner
More...