Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, I

1.  
2. Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
3. Show DivPrimary Analysis
4.  
5. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
6. Online Crash Dump Analysis Service
7. See http://www.osronline.com for more information
8. Windows 8 Kernel Version 16299 MP (4 procs) Free x64
9. Product: WinNt, suite: TerminalServer SingleUserTS
10. Built by: 16299.15.amd64fre.rs3_release.170928-1534
11. Machine Name:
12. Kernel base = 0xfffff803`c5a03000 PsLoadedModuleList = 0xfffff803`c5d64fb0
13. Debug session time: Fri Nov 24 08:14:20.984 2017 (UTC - 5:00)
14. System Uptime: 0 days 0:04:24.636
15. *******************************************************************************
16. * *
17. * Bugcheck Analysis *
18. * *
19. *******************************************************************************
20.  
21. PAGE_FAULT_IN_NONPAGED_AREA (50)
22. Invalid system memory was referenced. This cannot be protected by try-except,
23. it must be protected by a Probe. Typically the address is just plain bad or it
24. is pointing at freed memory.
25. Arguments:
26. Arg1: ffffe107e057ace2, memory referenced.
27. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
28. Arg3: fffff803c5ca949d, If non-zero, the instruction address which referenced the bad memory
29. address.
30. Arg4: 0000000000000002, (reserved)
31.  
32. Debugging Details:
33. ------------------
34.  
35.  
36. Could not read faulting driver name
37. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
38.  
39. READ_ADDRESS: unable to get nt!MmSpecialPoolStart
40. unable to get nt!MmSpecialPoolEnd
41. unable to get nt!MmPagedPoolEnd
42. unable to get nt!MmNonPagedPoolStart
43. unable to get nt!MmSizeOfNonPagedPoolInBytes
44. ffffe107e057ace2
45.  
46. FAULTING_IP:
47. nt!ExFreePoolWithTag+3d
48. fffff803`c5ca949d 410fb747f2 movzx eax,word ptr [r15-0Eh]
49.  
50. MM_INTERNAL_CODE: 2
51.  
52. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
53.  
54. BUGCHECK_STR: AV
55.  
56. PROCESS_NAME: System
57.  
58. CURRENT_IRQL: 0
59.  
60. TRAP_FRAME: ffff8f015bf8a5e0 -- (.trap 0xffff8f015bf8a5e0)
61. NOTE: The trap frame does not contain all registers.
62. Some register values may be zeroed or incorrect.
63. rax=0000000000000000 rbx=0000000000000000 rcx=ffffe107e057acf0
64. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
65. rip=fffff803c5ca949d rsp=ffff8f015bf8a770 rbp=fffff80ff439c050
66. r8=0000000000000001 r9=7fffbe0412317638 r10=7ffffffffffffffc
67. r11=ffff8f015bf8a810 r12=0000000000000000 r13=0000000000000000
68. r14=0000000000000000 r15=0000000000000000
69. iopl=0 nv up ei pl nz na po nc
70. nt!ExFreePoolWithTag+0x3d:
71. fffff803`c5ca949d 410fb747f2 movzx eax,word ptr [r15-0Eh] ds:ffffffff`fffffff2=????
72. Resetting default scope
73.  
74. LAST_CONTROL_TRANSFER: from fffff803c5ba6640 to fffff803c5b670e0
75.  
76. STACK_TEXT:
77. ffff8f01`5bf8a358 fffff803`c5ba6640 : 00000000`00000050 ffffe107`e057ace2 00000000`00000000 ffff8f01`5bf8a5e0 : nt!KeBugCheckEx
78. ffff8f01`5bf8a360 fffff803`c5a72777 : 00000000`00000000 ffffe107`e057ace2 ffff8f01`5bf8a5e0 ffff8f01`5bf8a500 : nt!MiSystemFault+0x116a20
79. ffff8f01`5bf8a400 fffff803`c5b70c72 : ffffbe04`11264000 ffffbe04`0f1b24f0 ffffa107`dee7d120 fffff80f`f426e001 : nt!MmAccessFault+0xae7
80. ffff8f01`5bf8a5e0 fffff803`c5ca949d : 00000000`00000000 ffffbe04`123176d0 ffffbe04`00000000 ffffbe04`00000001 : nt!KiPageFault+0x132
81. ffff8f01`5bf8a770 fffff80f`f435d31d : 00000000`00000000 ffffa107`00000000 ffffa107`00000000 ffffbe04`0cf4b338 : nt!ExFreePoolWithTag+0x3d
82. ffff8f01`5bf8a840 fffff80f`f439c235 : ffffbe04`0cf4b338 ffffa107`e0b94bf0 ffffa107`e0b94ab0 ffffbe04`0ae76180 : NTFS!NtfsCommonClose+0x59d
83. ffff8f01`5bf8a910 fffff80f`f439c05f : 00000000`00000200 ffffbe04`0b13f580 ffffbe04`0aef5a70 fffff803`c5f4d590 : NTFS!NtfsFspCloseInternal+0x1c9
84. ffff8f01`5bf8aa50 fffff803`c5a3fe05 : ffffbe04`0aef5a70 fffff803`c5f4d500 ffffbe04`0aef5a00 ffffbe04`0aef5a70 : NTFS!NtfsFspClose+0xf
85. ffff8f01`5bf8aa80 fffff803`c5a2bf87 : 00000000`00000000 00000000`00000080 ffffbe04`0aee9040 ffffbe04`0b13f580 : nt!ExpWorkerThread+0xf5
86. ffff8f01`5bf8ab10 fffff803`c5b6c676 : ffffcf81`280a0180 ffffbe04`0b13f580 fffff803`c5a2bf40 00000000`00000000 : nt!PspSystemThreadStartup+0x47
87. ffff8f01`5bf8ab60 00000000`00000000 : ffff8f01`5bf8b000 ffff8f01`5bf84000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
88.  
89.  
90. STACK_COMMAND: kb
91.  
92. FOLLOWUP_IP:
93. nt!ExFreePoolWithTag+3d
94. fffff803`c5ca949d 410fb747f2 movzx eax,word ptr [r15-0Eh]
95.  
96. SYMBOL_STACK_INDEX: 4
97.  
98. SYMBOL_NAME: nt!ExFreePoolWithTag+3d
99.  
100. FOLLOWUP_NAME: MachineOwner
101.  
102. MODULE_NAME: nt
103.  
104. IMAGE_NAME: ntkrnlmp.exe
105.  
106. DEBUG_FLR_IMAGE_TIMESTAMP: 59efff9b
107.  
108. FAILURE_BUCKET_ID: X64_AV_nt!ExFreePoolWithTag+3d
109.  
110. BUCKET_ID: X64_AV_nt!ExFreePoolWithTag+3d
111.  
112. Followup: MachineOwner
113. ---------
114.  
115.  
116. This free analysis is provided by OSR Open Systems Resources, Inc.
117. Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
118. Show DivCrash Code Links
119. Show DivInformation About Address 0xffffe107e057ace2
120. Show DivLoaded Module List
121. Show DivRaw Stack Contents
122. Show DivDump Header Information
123. Show DivStrings