BSOD: DRIVER_IRQL_NOT_LESS_OR_EQUAL/SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

I consistently encountered DRIVER_IRQL_NOT_LESS_OR_EQUAL bugchecks when trying to hook certain third-party drivers on boot and capture data. ~~Manually setting up data capture of the same drivers after boot, however, works without issues.~~ Edit: Also triggered bugcheck once.

WinDbg analysis is dumped below.

I understand that data capture has known stability problems as per https://github.com/MartinDrab/IRPMon/wiki/Monitoring-Drivers-and-Devices. Please feel free to close the issue if the behaviour is expected.

KD !analyze -v

``` 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: ffffa2820f7ffff0, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8031efb240f, address which referenced memory Debugging Details: ------------------ Unable to load image \SystemRoot\system32\drivers\IRPMon\kbase.dll, Win32 error 0n2 Page 102b2e not present in the dump file. Type ".hh dbgerr004" for details KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2296 Key : Analysis.Elapsed.mSec Value: 3907 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 765 Key : Analysis.Init.Elapsed.mSec Value: 563713 Key : Analysis.Memory.CommitPeak.Mb Value: 115 Key : Bugcheck.Code.KiBugCheckData Value: 0xd1 Key : Bugcheck.Code.LegacyAPI Value: 0xd1 Key : Dump.Attributes.AsUlong Value: 1800 Key : Dump.Attributes.DiagDataWrittenToHeader Value: 1 Key : Dump.Attributes.ErrorCode Value: 0 Key : Dump.Attributes.LastLine Value: Dump completed successfully. Key : Dump.Attributes.ProgressPercentage Value: 100 Key : Failure.Bucket Value: AV_kbase!RequestXXXDetectedCreate Key : Failure.Hash Value: {f120e0af-e30d-355c-1e47-cbea64654a6b} Key : Hypervisor.Enlightenments.ValueHex Value: 1417df84 Key : Hypervisor.Flags.AnyHypervisorPresent Value: 1 Key : Hypervisor.Flags.ApicEnlightened Value: 0 Key : Hypervisor.Flags.ApicVirtualizationAvailable Value: 1 Key : Hypervisor.Flags.AsyncMemoryHint Value: 0 Key : Hypervisor.Flags.CoreSchedulerRequested Value: 0 Key : Hypervisor.Flags.CpuManager Value: 1 Key : Hypervisor.Flags.DeprecateAutoEoi Value: 1 Key : Hypervisor.Flags.DynamicCpuDisabled Value: 1 Key : Hypervisor.Flags.Epf Value: 0 Key : Hypervisor.Flags.ExtendedProcessorMasks Value: 1 Key : Hypervisor.Flags.HardwareMbecAvailable Value: 1 Key : Hypervisor.Flags.MaxBankNumber Value: 0 Key : Hypervisor.Flags.MemoryZeroingControl Value: 0 Key : Hypervisor.Flags.NoExtendedRangeFlush Value: 0 Key : Hypervisor.Flags.NoNonArchCoreSharing Value: 1 Key : Hypervisor.Flags.Phase0InitDone Value: 1 Key : Hypervisor.Flags.PowerSchedulerQos Value: 0 Key : Hypervisor.Flags.RootScheduler Value: 0 Key : Hypervisor.Flags.SynicAvailable Value: 1 Key : Hypervisor.Flags.UseQpcBias Value: 0 Key : Hypervisor.Flags.Value Value: 21631230 Key : Hypervisor.Flags.ValueHex Value: 14a10fe Key : Hypervisor.Flags.VpAssistPage Value: 1 Key : Hypervisor.Flags.VsmAvailable Value: 1 Key : Hypervisor.RootFlags.AccessStats Value: 1 Key : Hypervisor.RootFlags.CrashdumpEnlightened Value: 1 Key : Hypervisor.RootFlags.CreateVirtualProcessor Value: 1 Key : Hypervisor.RootFlags.DisableHyperthreading Value: 0 Key : Hypervisor.RootFlags.HostTimelineSync Value: 1 Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled Value: 0 Key : Hypervisor.RootFlags.IsHyperV Value: 1 Key : Hypervisor.RootFlags.LivedumpEnlightened Value: 1 Key : Hypervisor.RootFlags.MapDeviceInterrupt Value: 1 Key : Hypervisor.RootFlags.MceEnlightened Value: 1 Key : Hypervisor.RootFlags.Nested Value: 0 Key : Hypervisor.RootFlags.StartLogicalProcessor Value: 1 Key : Hypervisor.RootFlags.Value Value: 1015 Key : Hypervisor.RootFlags.ValueHex Value: 3f7 Key : SecureKernel.HalpHvciEnabled Value: 1 Key : WER.OS.Branch Value: ni_release Key : WER.OS.Version Value: 10.0.22621.1 BUGCHECK_CODE: d1 BUGCHECK_P1: ffffa2820f7ffff0 BUGCHECK_P2: 2 BUGCHECK_P3: 0 BUGCHECK_P4: fffff8031efb240f FILE_IN_CAB: MEMORY.DMP TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b DUMP_FILE_ATTRIBUTES: 0x1800 READ_ADDRESS: unable to get nt!PspSessionIdBitmap ffffa2820f7ffff0 Nonpaged pool BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: System TRAP_FRAME: fffff80317837200 -- (.trap 0xfffff80317837200) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffa2820f8000b0 rbx=0000000000000000 rcx=ffffa28231bb3750 rdx=ffffffffddc4c8e0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8031efb240f rsp=fffff80317837398 rbp=fffff803178374c9 r8=0000000000000020 r9=000000000088ecda r10=ffffa281e8601a60 r11=ffffa282e17f4600 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc kbase!RequestXXXDetectedCreate+0x180f: fffff803`1efb240f 0f106411c0 movups xmm4,xmmword ptr [rcx+rdx-40h] ds:ffffa282`0f7ffff0=???????????????????????????????? Resetting default scope STACK_TEXT: fffff803`178370b8 fffff803`19a2bf29 : 00000000`0000000a ffffa282`0f7ffff0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff803`178370c0 fffff803`19a27389 : ffffa282`0f800000 ffffa282`fd042790 00000000`00000000 00000000`f43a7d10 : nt!KiBugCheckDispatch+0x69 fffff803`17837200 fffff803`1efb240f : fffff803`1efabb88 ffffa281`f43a7850 ffffa281`ef1c4010 ffffa281`f43a7888 : nt!KiPageFault+0x489 fffff803`17837398 fffff803`1efabb88 : ffffa281`f43a7850 ffffa281`ef1c4010 ffffa281`f43a7888 ffffa281`ef1c4010 : kbase!RequestXXXDetectedCreate+0x180f fffff803`178373a0 fffff803`1987b3f4 : ffffa281`ef142060 ffffa281`ef1c4010 ffffa281`f43a7850 00000000`00000000 : kbase!HookHandlerIRPDisptach+0xff8 fffff803`17837450 fffff803`1987b2a7 : ffffa281`ef1c4010 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x134 fffff803`17837530 fffff803`1da03cc6 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IofCompleteRequest+0x17 fffff803`17837560 fffff803`1da03a51 : ffffa281`ef1c4010 fffff803`00000001 ffffa281`ed3bfdc0 ffffa281`ed2f2220 : Wdf01000!FxRequest::CompleteInternal+0x246 [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869] fffff803`178375f0 fffff803`1da3fafd : ffffa281`ed2f2220 ffffa281`ed2f2220 ffffa281`ef1c4000 ffffa281`f03f7ba0 : Wdf01000!imp_WdfRequestCompleteWithInformation+0xa1 [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 571] fffff803`17837650 fffff803`1da154c9 : ffffa281`ed2f2220 fffff803`1da060b3 fffff803`19600000 ffffa281`fed54840 : Wdf01000!FxRequestBase::CompleteSubmittedNoContext+0x8d [minkernel\wdf\framework\shared\core\fxrequestbase.cpp @ 451] fffff803`178376e0 fffff803`1da06b5a : ffffa281`ed2f2220 ffffa281`fed54701 ffffa281`fed54701 00000000`00000001 : Wdf01000!FxRequestBase::CompleteSubmitted+0xe75d [minkernel\wdf\framework\shared\core\fxrequestbase.cpp @ 523] fffff803`17837720 fffff803`1da07285 : ffffa281`ef1c4002 ffffa281`ef1c4010 ffffa281`ef06ad80 ffffa281`ef1c4010 : Wdf01000!FxIoTarget::RequestCompletionRoutine+0xba [minkernel\wdf\framework\shared\targets\general\fxiotarget.cpp @ 2393] fffff803`17837780 fffff803`198f4c16 : ffffa281`ef06ad80 ffffa281`ef1c4010 ffffa281`ef1c4010 00000000`00000000 : Wdf01000!FxIoTarget::_RequestCompletionRoutine+0x35 [minkernel\wdf\framework\shared\targets\general\fxiotarget.cpp @ 2450] fffff803`178377b0 fffff803`1987b3f4 : 00000000`00000000 fffff803`17837859 ffffa281`ef1c451b ffffa281`ef06ad80 : nt!IopUnloadSafeCompletion+0x56 fffff803`178377e0 fffff803`1987b2a7 : ffffa281`ef1c4010 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x134 fffff803`178378c0 fffff803`1da03cc6 : 00000000`00000002 00000000`00000000 00000000`00000000 fffff803`1da4267d : nt!IofCompleteRequest+0x17 fffff803`178378f0 fffff803`1da02031 : ffffa281`ef1c4010 00000000`00000001 ffffa281`e6d84b00 ffffa281`ed41a4f0 : Wdf01000!FxRequest::CompleteInternal+0x246 [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 869] fffff803`17837980 fffff803`1da01fbf : 00000000`00000000 ffffa281`eed81440 ffffa281`ed41a690 fffff803`17837a98 : Wdf01000!FxRequest::Complete+0x4d [minkernel\wdf\framework\shared\inc\private\common\FxRequest.hpp @ 806] fffff803`178379e0 fffff803`58012ff9 : ffffa281`ed41a4f0 00000000`ffffffff 00000000`00000004 fffff803`17837ab0 : Wdf01000!imp_WdfRequestComplete+0x3f [minkernel\wdf\framework\shared\core\fxrequestapi.cpp @ 437] fffff803`17837a10 fffff803`58011787 : ffffa281`ed41a690 00000000`00000016 ffffa281`ed41a720 fffff803`17837c28 : USBXHCI!Bulk_Transfer_CompleteCancelable+0xc9 fffff803`17837a70 fffff803`58011310 : 00000000`00000004 fffff803`17837be0 00000000`00000000 ffffa281`eed81660 : USBXHCI!Bulk_ProcessTransferEventWithED1+0x463 fffff803`17837b20 fffff803`58009ca9 : 00000000`00000004 fffff803`17837bf8 00000000`00000008 fffff803`17837c00 : USBXHCI!Bulk_EP_TransferEventHandler+0x10 fffff803`17837b50 fffff803`58009318 : ffffa281`e6222cb0 ffffa281`e7556d00 ffffa281`e7796610 ffffa281`e6222cb0 : USBXHCI!Endpoint_TransferEventHandler+0x109 fffff803`17837bb0 fffff803`58008bcc : 00000000`00000000 00000000`00000000 ffffa281`e6222ab0 00000000`00000000 : USBXHCI!Interrupter_DeferredWorkProcessor+0x738 fffff803`17837cb0 fffff803`1da06d2e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USBXHCI!Interrupter_WdfEvtInterruptDpc+0xc fffff803`17837ce0 fffff803`1da06cd5 : 00000000`00001601 fffff803`162284d8 ffffa281`e6222ab0 00000000`00000000 : Wdf01000!FxInterrupt::DpcHandler+0x4a [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 79] fffff803`17837d10 fffff803`1985338c : 00000000`00000000 ffffc600`754d5d30 fffff803`00000000 00000000`00989680 : Wdf01000!FxInterrupt::_InterruptDpcThunk+0x35 [minkernel\wdf\framework\shared\irphandlers\pnp\km\interruptobjectkm.cpp @ 410] fffff803`17837d50 fffff803`19852394 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExecuteAllDpcs+0x42c fffff803`17838290 fffff803`19a1b00e : 00000000`00000000 fffff803`16225180 fffff803`1a34d700 ffffa281`f35e0080 : nt!KiRetireDpcList+0x1b4 fffff803`17838540 00000000`00000000 : fffff803`17839000 fffff803`17832000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e SYMBOL_NAME: kbase!RequestXXXDetectedCreate+180f MODULE_NAME: kbase IMAGE_NAME: kbase.dll STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 180f FAILURE_BUCKET_ID: AV_kbase!RequestXXXDetectedCreate OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {f120e0af-e30d-355c-1e47-cbea64654a6b} Followup: MachineOwner --------- ```

Here is the log of another bugcheck SYSTEM_THREAD_EXCEPTION_NOT_HANDLED. This happened when I tried to set the startup type to SYSTEM instead of BOOT.

``` 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common BugCheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff8023f5a0aba, The address that the exception occurred at Arg3: ffff81002b00e618, Exception Record Address Arg4: ffff81002b00de30, Context Record Address Debugging Details: ------------------ Unable to load image \SystemRoot\system32\drivers\IRPMon\kbase.dll, Win32 error 0n2 Page 12fd1f not present in the dump file. Type ".hh dbgerr004" for details KEY_VALUES_STRING: 1 Key : AV.Dereference Value: NullClassPtr Key : AV.Fault Value: Write Key : Analysis.CPU.mSec Value: 3031 Key : Analysis.Elapsed.mSec Value: 16749 Key : Analysis.IO.Other.Mb Value: 11 Key : Analysis.IO.Read.Mb Value: 0 Key : Analysis.IO.Write.Mb Value: 2 Key : Analysis.Init.CPU.mSec Value: 1749 Key : Analysis.Init.Elapsed.mSec Value: 15039 Key : Analysis.Memory.CommitPeak.Mb Value: 119 Key : Bugcheck.Code.KiBugCheckData Value: 0x7e Key : Bugcheck.Code.LegacyAPI Value: 0x7e Key : Dump.Attributes.AsUlong Value: 1800 Key : Dump.Attributes.DiagDataWrittenToHeader Value: 1 Key : Dump.Attributes.ErrorCode Value: 0 Key : Dump.Attributes.LastLine Value: Dump completed successfully. Key : Dump.Attributes.ProgressPercentage Value: 100 Key : Failure.Bucket Value: AV_kbase!unknown_function Key : Failure.Hash Value: {05a83128-d8de-21cc-9292-1125d9f52265} Key : Hypervisor.Enlightenments.ValueHex Value: 1417df84 Key : Hypervisor.Flags.AnyHypervisorPresent Value: 1 Key : Hypervisor.Flags.ApicEnlightened Value: 0 Key : Hypervisor.Flags.ApicVirtualizationAvailable Value: 1 Key : Hypervisor.Flags.AsyncMemoryHint Value: 0 Key : Hypervisor.Flags.CoreSchedulerRequested Value: 0 Key : Hypervisor.Flags.CpuManager Value: 1 Key : Hypervisor.Flags.DeprecateAutoEoi Value: 1 Key : Hypervisor.Flags.DynamicCpuDisabled Value: 1 Key : Hypervisor.Flags.Epf Value: 0 Key : Hypervisor.Flags.ExtendedProcessorMasks Value: 1 Key : Hypervisor.Flags.HardwareMbecAvailable Value: 1 Key : Hypervisor.Flags.MaxBankNumber Value: 0 Key : Hypervisor.Flags.MemoryZeroingControl Value: 0 Key : Hypervisor.Flags.NoExtendedRangeFlush Value: 0 Key : Hypervisor.Flags.NoNonArchCoreSharing Value: 1 Key : Hypervisor.Flags.Phase0InitDone Value: 1 Key : Hypervisor.Flags.PowerSchedulerQos Value: 0 Key : Hypervisor.Flags.RootScheduler Value: 0 Key : Hypervisor.Flags.SynicAvailable Value: 1 Key : Hypervisor.Flags.UseQpcBias Value: 0 Key : Hypervisor.Flags.Value Value: 21631230 Key : Hypervisor.Flags.ValueHex Value: 14a10fe Key : Hypervisor.Flags.VpAssistPage Value: 1 Key : Hypervisor.Flags.VsmAvailable Value: 1 Key : Hypervisor.RootFlags.AccessStats Value: 1 Key : Hypervisor.RootFlags.CrashdumpEnlightened Value: 1 Key : Hypervisor.RootFlags.CreateVirtualProcessor Value: 1 Key : Hypervisor.RootFlags.DisableHyperthreading Value: 0 Key : Hypervisor.RootFlags.HostTimelineSync Value: 1 Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled Value: 0 Key : Hypervisor.RootFlags.IsHyperV Value: 1 Key : Hypervisor.RootFlags.LivedumpEnlightened Value: 1 Key : Hypervisor.RootFlags.MapDeviceInterrupt Value: 1 Key : Hypervisor.RootFlags.MceEnlightened Value: 1 Key : Hypervisor.RootFlags.Nested Value: 0 Key : Hypervisor.RootFlags.StartLogicalProcessor Value: 1 Key : Hypervisor.RootFlags.Value Value: 1015 Key : Hypervisor.RootFlags.ValueHex Value: 3f7 Key : SecureKernel.HalpHvciEnabled Value: 1 Key : WER.OS.Branch Value: ni_release Key : WER.OS.Version Value: 10.0.22621.1 BUGCHECK_CODE: 7e BUGCHECK_P1: ffffffffc0000005 BUGCHECK_P2: fffff8023f5a0aba BUGCHECK_P3: ffff81002b00e618 BUGCHECK_P4: ffff81002b00de30 FILE_IN_CAB: MEMORY.DMP TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b DUMP_FILE_ATTRIBUTES: 0x1800 EXCEPTION_RECORD: ffff81002b00e618 -- (.exr 0xffff81002b00e618) ExceptionAddress: fffff8023f5a0aba (kbase+0x0000000000010aba) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 000000000000001c Attempt to write to address 000000000000001c CONTEXT: ffff81002b00de30 -- (.cxr 0xffff81002b00de30) rax=fffff8023f5a89f0 rbx=0000000000000000 rcx=00000000000004ac rdx=fffff8023f5a8d00 rsi=ffffd70db2feec40 rdi=0000000000000000 rip=fffff8023f5a0aba rsp=ffff81002b00e850 rbp=ffffd70dbf11a010 r8=0000000000000000 r9=0000000000000000 r10=00000000ffffffff r11=0000000000000000 r12=0000000000000000 r13=ffffd70db89f3c00 r14=ffffd70dbcfe2d30 r15=ffffb38bb5a2ad00 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206 kbase+0x10aba: fffff802`3f5a0aba 894f1c mov dword ptr [rdi+1Ch],ecx ds:002b:00000000`0000001c=???????? Resetting default scope BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) PROCESS_NAME: System WRITE_ADDRESS: unable to get nt!PspSessionIdBitmap 000000000000001c ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000001 EXCEPTION_PARAMETER2: 000000000000001c EXCEPTION_STR: 0xc0000005 LOCK_ADDRESS: fffff8022825c880 -- (!locks fffff8022825c880) Resource @ nt!PiEngineLock (0xfffff8022825c880) Exclusively owned Contention Count = 2 NumberOfExclusiveWaiters = 1 Threads: ffffd70dafcca040-01<*> Threads Waiting On Exclusive Access: ffffd70dafd14040 1 total locks PNP_TRIAGE_DATA: Lock address : 0xfffff8022825c880 Thread Count : 1 Thread address: 0xffffd70dafcca040 Thread wait : 0x83e STACK_TEXT: ffff8100`2b00e850 fffff802`3f59b3ce : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd70d`00000000 : kbase+0x10aba ffff8100`2b00e890 fffff802`27912695 : 00000000`00000d4e ffffd70d`befbed90 ffffd70d`bf11a010 ffffd70d`bf01a040 : kbase+0xb3ce ffff8100`2b00eac0 fffff802`29791342 : 00000000`00000000 fffff802`280ab67d 00000000`00000040 00000000`00000001 : nt!IofCallDriver+0x55 ffff8100`2b00eb00 fffff802`297910db : ffffd70d`b236d8b0 00000000`00000007 ffffd70d`bf11a010 ffffd70d`bf11a560 : ACPI!ACPIIrpDispatchDeviceControl+0xb2 ffff8100`2b00eb40 fffff802`27912695 : 00000000`00000007 ffffd70d`bf11a010 ffffd70d`bf01a040 ffffd70d`bf008488 : ACPI!ACPIDispatchIrp+0xcb ffff8100`2b00ebc0 fffff802`26445068 : ffffd70d`bf11a010 ffffd70d`bf01a040 ffffd70d`bf008488 00000000`00000000 : nt!IofCallDriver+0x55 ffff8100`2b00ec00 fffff802`2644dd9a : ffffd70d`bf008488 ffffd70d`b818c770 ffffd70d`bf008488 ffffd70d`bf098050 : usbvideo!USBVideoCallUSBD+0x108 ffff8100`2b00eca0 fffff802`2644a701 : ffffd70d`bf098050 00000000`00000000 fffff802`26484150 ffffd70d`bf008488 : usbvideo!StartUSBVideoDevice+0xca ffff8100`2b00ed00 fffff802`5595e3e1 : ffffd70d`bf0083c0 ffffd70d`ba671e28 00000000`00000001 00000000`00000200 : usbvideo!USBVideoPnpStart+0x111 ffff8100`2b00ed40 fffff802`5596cab6 : 00000000`00000000 ffffd70d`ba671e28 ffffd70d`bf0083c0 00000000`20707249 : ks!CKsDevice::PnpStart+0xc1 ffff8100`2b00eda0 fffff802`27912695 : ffffd70d`ba671890 ffff8100`2b00eea0 ffffd70d`ba671e70 ffffd70d`bf0e2cc0 : ks!CKsDevice::DispatchPnp+0x416 ffff8100`2b00ee10 fffff802`51971415 : ffffd70d`b6dfc600 ffff8100`2b00f200 ffff8600`62498180 00000000`00000628 : nt!IofCallDriver+0x55 ffff8100`2b00ee50 fffff802`51971133 : ffffd70d`ba671890 ffffd70d`bef82db0 ffffd70d`00000000 ffffd70d`bf0e5830 : ksthunk!CKernelFilterDevice::DispatchIrp+0xf5 ffff8100`2b00eeb0 fffff802`27912695 : ffffd70d`bf0e5830 fffff802`27808d10 00000000`00000013 ffffd70d`b84f5b00 : ksthunk!CKernelFilterDevice::DispatchIrpBridge+0x13 ffff8100`2b00eee0 fffff802`27c886de : ffffd70d`bf0e5830 ffffd70d`b84f5b30 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55 ffff8100`2b00ef20 fffff802`27802ea2 : ffffd70d`bf0e5830 00000000`00000000 ffffd70d`b84f5b30 fffff802`27891f70 : nt!PnpAsynchronousCall+0xe6 ffff8100`2b00ef60 fffff802`278921e8 : 00000000`00000000 ffffd70d`bf0e5830 fffff802`27802690 fffff802`27802690 : nt!PnpSendIrp+0x9e ffff8100`2b00efd0 fffff802`27cf7293 : ffffd70d`bf0e2c40 00000000`00000000 ffffd70d`b84f5b30 00000000`00000000 : nt!PnpStartDevice+0x88 ffff8100`2b00f060 fffff802`27cf70d5 : ffffd70d`bf0e2c40 00000000`00000000 ffffd70d`afeceaa0 ffffd70d`bf0e2c40 : nt!PnpStartDeviceNode+0xef ffff8100`2b00f0f0 fffff802`27ccd1a2 : ffffd70d`bf0e2c40 ffff8100`2b00f1a8 ffffd70d`00000000 ffffd70d`afeceaa0 : nt!PipProcessStartPhase1+0x61 ffff8100`2b00f130 fffff802`27d85586 : ffffd70d`b6dfc600 fffff802`27862a01 ffff8100`2b00f240 ffff8100`00000002 : nt!PipProcessDevNodeTree+0x422 ffff8100`2b00f1f0 fffff802`27803359 : 00000001`00000003 ffffd70d`b237bae0 ffffd70d`b6dfc6c0 00000000`00000000 : nt!PiProcessReenumeration+0x92 ffff8100`2b00f240 fffff802`27952355 : ffffd70d`afcca040 ffffd70d`afcc6cf0 fffff802`2834aac0 ffffd70d`00000000 : nt!PnpDeviceActionWorker+0x339 ffff8100`2b00f300 fffff802`27954d47 : ffffd70d`afcca040 00000000`00000127 ffffd70d`afcca040 fffff802`27952200 : nt!ExpWorkerThread+0x155 ffff8100`2b00f4f0 fffff802`27a1b174 : ffff8600`62498180 ffffd70d`afcca040 fffff802`27954cf0 00000000`00000000 : nt!PspSystemThreadStartup+0x57 ffff8100`2b00f540 00000000`00000000 : ffff8100`2b010000 ffff8100`2b009000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34 SYMBOL_NAME: kbase+10aba MODULE_NAME: kbase IMAGE_NAME: kbase.dll STACK_COMMAND: .cxr 0xffff81002b00de30 ; kb BUCKET_ID_FUNC_OFFSET: 10aba FAILURE_BUCKET_ID: AV_kbase!unknown_function OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {05a83128-d8de-21cc-9292-1125d9f52265} Followup: MachineOwner --------- ```

MartinDrab / IRPMon

BSOD: DRIVER_IRQL_NOT_LESS_OR_EQUAL/SYSTEM_THREAD_EXCEPTION_NOT_HANDLED #116