1
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffffffffffffa0, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff801074651e0, address which referenced memory

FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  a

BUGCHECK_P1: ffffffffffffffa0

BUGCHECK_P2: d

BUGCHECK_P3: 1

BUGCHECK_P4: fffff801074651e0

WRITE_ADDRESS:  ffffffffffffffa0 

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  SenseCE.exe

I tried to decode it as https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xa--irql-not-less-or-equal mentioned:

6: kd> !pool ffffffffffffffa0
Pool page ffffffffffffffa0 region is Unknown
fffffffffffff000 is not a valid large pool allocation, checking large session pool...
fffffffffffff000 is not valid pool. Checking for freed (or corrupt) pool
Address fffffffffffff000 could not be read. It may be a freed, invalid or paged out page

6: kd> !pte ffffffffffffffa0
Levels not implemented for this platform

6: kd> !address ffffffffffffffa0


Usage:                  
Base Address:           ffffffff`ffc00000
End Address:            ffffffff`ffffffff
Region Size:            00000000`00400000
VA Type:                HAL

6: kd> ln ffffffffffffffa0
Browse module
Set bu breakpoint

6: kd> ln fffff801074651e0
Browse module
Set bu breakpoint

(fffff801`07464d80)   nt!KiUpdateTime+0x460   |  (fffff801`074653f0)   nt!PoExecutePerfCheck

What is the root cause of this problem? what information can be found if we decode the address?

GreenTea
  • 119
  • 2

0 Answers0