I’m not able to repro such error with enabling verifier,
it appears another BSoD error code 0x50.
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa801199e308, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff800033757b7, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
WRITE_ADDRESS: fffffa801199e308 Nonpaged pool
FAULTING_IP:
nt!RtlFreeAnsiString+1b
fffff800`033757b7 4c891b mov qword ptr [rbx],r11
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff88003078940 – (.trap 0xfffff88003078940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800833d6b0 rbx=0000000000000000 rcx=fffffa80066643a0
rdx=fffff8a0036be480 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033757b7 rsp=fffff88003078ad0 rbp=0000000000000080
r8=0000000000000000 r9=0000000000000130 r10=fffff80003049000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlFreeAnsiString+0x1b:
fffff800`033757b7 4c891b mov qword ptr [rbx],r11 ds:9878:0000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000313cbf0 to fffff800030bebc0
STACK_TEXT:
fffff880030787d8 fffff800
0313cbf0 : 0000000000000050 fffffa80
1199e308 0000000000000001 fffff880
03078940 : nt!KeBugCheckEx
fffff880030787e0 fffff800
030bccee : 0000000000000001 fffffa80
1199e308 0000000000000000 fffffa80
1199e308 : nt! ?? ::FNODOBFM::string'+0x4518f fffff880
03078940 fffff800033757b7 : 00000000
00000000 0000000000010282 fffff880
20207050 0000000000000018 : nt!KiPageFault+0x16e fffff880
03078ad0 fffff8800193e761 : fffffa80
1199e1a0 0000000000000080 00000000
00000000 0000000000000000 : nt!RtlFreeAnsiString+0x1b fffff880
03078b00 fffff88001987fd4 : 00000000
00000001 fffff8800195e110 fffff880
0190c500 fffffa801199e1a0 : ndis!ndisDeleteMiniportOnLastDeref+0x271 fffff880
03078b40 fffff8800199ddeb : fffff980
046c68d0 fffff8800195e101 00000000
00000080 fffff8800195e101 : ndis! ?? ::DKGKHJNI::
string’+0x1507
fffff88003078b80 fffff880
0190c64a : 0000000000000000 00000000
00000080 fffff8800195e110 fffff980
046c6a28 : ndis!ndisMQueuedFinishClose+0x18b
fffff88003078bd0 fffff800
0335b2ea : fffffa800833d660 fffffa80
06676b30 fffff88003078c70 fffffa80
0833d660 : ndis!ndisWorkerThread+0xba
fffff88003078c00 fffff800
030af8e6 : fffff880009c0180 fffffa80
0833d660 fffff880009cafc0 a1a1a1a1
a1a1a1a1 : nt!PspSystemThreadStartup+0x5a
fffff88003078c40 00000000
00000000 : fffff88003079000 fffff880
03073000 fffff880030784b0 00000000
00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
ndis!ndisDeleteMiniportOnLastDeref+271
fffff880`0193e761 4889b370010000 mov qword ptr [rbx+170h],rsi
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: ndis!ndisDeleteMiniportOnLastDeref+271
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ndis
IMAGE_NAME: ndis.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5034f6b2
FAILURE_BUCKET_ID: X64_0x50_VRF_ndis!ndisDeleteMiniportOnLastDeref+271
BUCKET_ID: X64_0x50_VRF_ndis!ndisDeleteMiniportOnLastDeref+271
Followup: MachineOwner
1: kd> !verifier 80 fffffa801199e308
Log of recent kernel pool Allocate and Free operations:
There are up to 0x10000 entries in the log.
Parsing 0x0000000000010000 log entries, searching for address 0xfffffa801199e308.
======================================================================
Pool block fffffa801199e000, Size 0000000000001940, Thread fffffa80066fd040
fffff8000355ca4a nt!VfFreePoolNotification+0x4a
fffff800031f1a6f nt!ExDeferredFreePool+0x107b
fffff800030c7e5c nt!ObfDereferenceObject+0xdc
fffff800031c10fb nt!PnpRemoveLockedDeviceNode+0x23b
fffff800034aaef4 nt!PnpDeleteLockedDeviceNode+0x44
fffff800034ab000 nt!PnpDeleteLockedDeviceNodes+0xa0
fffff800034ab0f9 nt!PnpDelayedRemoveWorker+0x79
fffff800034ab271 nt!PnpChainDereferenceComplete+0x131
fffff800031c129a nt!PnpIsChainDereferenced+0xda
fffff8000353c2a0 nt!PnpProcessQueryRemoveAndEject+0xff0
fffff8000353c53c nt!PnpProcessTargetDeviceEvent+0x4c
fffff8000342573e nt! ?? ::NNGAKEGL::`string’+0x54d9b
Finished parsing all pool tracking information.
1: kd> !thread fffffa80066fd040
THREAD fffffa80066fd040 Cid 0004.0064 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Non-Alertable
fffff88003507fe0 SynchronizationEvent
IRP List:
fffff9800dfbae50: (0006,01a8) Flags: 40000000 Mdl: 00000000
Not impersonating
DeviceMap fffff8a000007d90
Owning Process fffffa8006676b30 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 7164 Ticks: 0
Context Switch Count 1583
UserTime 00:00:00.000
KernelTime 00:00:00.358
Win32 Start Address nt!ExpWorkerThread (0xfffff800030c8150)
Stack Init fffff88003508c70 Current fffff88003507c10
Base fffff88003509000 Limit fffff88003503000 Call 0
Priority 13 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff88003507c50 fffff800
030b45f2 : fffffa80066fd040 fffffa80
066fd040 0000000000000000 fffffa80
0000000c : nt!KiSwapContext+0x7a
fffff88003507d90 fffff800
030c599f : fffff8a0033a3000 fffff8a0
06853000 fffff8a000000000 fffff880
009c0180 : nt!KiCommitThreadWait+0x1d2
fffff88003507e20 fffff880
01a85957 : 0000000000000000 fffff800
00000006 0000000000000000 00000000
00000000 : nt!KeWaitForSingleObject+0x19f
fffff88003507ec0 fffff880
01a85a4c : 0000000000000000 fffff880
035080a0 0000000000000040 fffff800
031f205a : tcpip!FlpNdisRequestUnderReference+0xc7
fffff88003508030 fffff880
01a52b43 : fffffa800f73d0a0 00000000
fc01020a fffffa8011b4b6e0 00000000
00000000 : tcpip!FlQueryInterface+0x8c
fffff88003508080 fffff880
01a5347d : fffffa8011b4b010 00000000
00000000 fffff88001b6d668 fffff880
01b68800 : tcpip!IppQueryInterfaceProperty+0x73
fffff880035080d0 fffff880
01a023fd : fffffa8000000040 fffffa80
11b4b010 fffff88001b68800 fffffa80
11b4b6e0 : tcpip!IppAddInterfaceStats+0x7d
fffff88003508150 fffff880
01a027e2 : fffffa8011b4b010 00000000
00000017 fffffa8011b141a0 fffff980
046228d0 : tcpip!IpFlcDeleteInterface+0x7d
fffff880035081c0 fffff880
019a2375 : fffff980046228d0 fffffa80
11b141a0 fffff88003508448 fffffa80
11b141a0 : tcpip!FlUnbindAdapter+0x102
fffff88003508290 fffff880
019b3adf : fffffa8011b141a0 fffffa80
11b14100 fffffa80119a2c60 00000000
00000000 : ndis!ndisUnbindProtocol+0x205
fffff880035083a0 fffff880
019b4c5b : fffffa8011b14101 00000000
00000001 fffff88003508430 00000000
00000001 : ndis!ndisCloseMiniportBindings+0x2df
fffff880035084b0 fffff880
0194dbc2 : fffffa8011b141a0 fffffa80
11b141a0 fffff9800dfbae50 fffffa80
11b141a0 : ndis!ndisPnPRemoveDevice+0x25b
fffff88003508650 fffff880
019b7dc1 : 0000000000000000 fffff980
0dfbae50 0000000000000000 fffffa80
11b141a0 : ndis!ndisPnPRemoveDeviceEx+0xa2
fffff88003508690 fffff800
03567d26 : fffff9800dfbae50 fffff980
0dfbae50 0000000000000002 00000000
00000000 : ndis!ndisPnPDispatch+0x862
fffff88003508730 fffff800
0332b121 : fffffa8011b14050 fffff880
03508848 00000000c00000bb fffffa80
115649a0 : nt!IovCallDriver+0x566
fffff88003508790 fffff800
034ab3a1 : fffffa80119fdbc0 00000000
00000000 fffffa80119fd430 00000000
00000000 : nt!IopSynchronousCall+0xe1
fffff88003508800 fffff800
034a5d78 : 0000000000000000 fffffa80
119fdbc0 000000000000030a 00000000
00000308 : nt!IopRemoveDevice+0x101
fffff880035088c0 fffff800
034aaee7 : fffffa80119fd430 00000000
00000000 0000000000000003 00000000
000007ff : nt!PnpSurpriseRemoveLockedDeviceNode+0x128
fffff88003508900 fffff800
034ab000 : 0000000000000000 fffff8a0
15e62300 fffff8a0030a64b0 fffff880
03508a58 : nt!PnpDeleteLockedDeviceNode+0x37
fffff88003508930 fffff800
0353b97f : 0000000000000002 00000000
00000000 fffffa80119fd430 00000000
00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0
fffff880035089a0 fffff800
0353c53c : fffff88003508b78 fffffa80
11d03800 fffffa80066fd000 fffffa80
00000000 : nt!PnpProcessQueryRemoveAndEject+0x6cf
fffff88003508ae0 fffff800
0342573e : 0000000000000000 fffffa80
11d03820 fffff8a015e62360 00000000
00000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff88003508b10 fffff800
030c8261 : fffff80003329f88 fffff8a0
15e62360 fffff800032642d8 fffffa80
066fd040 : nt! ?? ::NNGAKEGL::string'+0x54d9b fffff880
03508b70 fffff8000335b2ea : 00000000
00000000 fffffa80066fd040 00000000
00000080 fffffa8006676b30 : nt!ExpWorkerThread+0x111 fffff880
03508c00 fffff800030af8e6 : fffff880
031b4180 fffffa80066fd040 fffff880
031befc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a fffff880
03508c40 0000000000000000 : fffff880
03509000 fffff88003503000 fffff880
03507f00 00000000`00000000 : nt!KiStartSystemThread+0x16
1: kd> !irp fffff9800dfbae50
Irp is active with 3 stacks 3 is current (= 0xfffff9800dfbafb0)
No Mdl: No System Buffer: Thread fffffa80066fd040: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[1b,17] 0 0 fffffa8011b14050 00000000 00000000-00000000
\Driver\vwifimp
Args: 00000000 00000000 00000000 00000000