I would say it's related to this: https://support.microsoft.com/en-us/kb/3055343
But you're on Windows 10 now you said.
If the Memtest86+ run comes back clean, then:
Make sure your network drivers are up to date (go to the network card manufacturer's site and make sure you get the latest driver from them, not from your system's OEM).
I'd also suggest since you did the upgrade to Win10, to just do a clean install - I've seen several issues from upgrades, and it's usually best to do a clean install to make sure that's not the issue.
For informational purposes, here's the WinDbg output (oldest to newest):
But you're on Windows 10 now you said.
If the Memtest86+ run comes back clean, then:
Make sure your network drivers are up to date (go to the network card manufacturer's site and make sure you get the latest driver from them, not from your system's OEM).
I'd also suggest since you did the upgrade to Win10, to just do a clean install - I've seen several issues from upgrades, and it's usually best to do a clean install to make sure that's not the issue.
For informational purposes, here's the WinDbg output (oldest to newest):
Code:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.16430.amd64fre.th1.150807-2049
Machine Name:
Kernel base = 0xfffff800`49807000 PsLoadedModuleList = 0xfffff800`49b2c030
Debug session time: Sat Aug 15 16:35:40.915 2015 (UTC - 5:00)
System Uptime: 0 days 0:25:23.622
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 12B, {ffffffffc00002c4, cab, 1600f4dbe0, ffffd00094f2f000}
Probably caused by : hardware ( REGION_PAGED_OUT )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
FAULTY_HARDWARE_CORRUPTED_PAGE (12b)
This bugcheck indicates that a single bit error was found in this page. This is a hardware memory error.
Arguments:
Arg1: ffffffffc00002c4, virtual address mapping the corrupted page
Arg2: 0000000000000cab, physical page number
Arg3: 0000001600f4dbe0, zero
Arg4: ffffd00094f2f000, zero
Debugging Details:
------------------
BUGCHECK_STR: PAGE_NOT_ZERO
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
STACK_TEXT:
ffffd000`97aa6208 fffff800`49a4895d : 00000000`0000012b ffffffff`c00002c4 00000000`00000cab 00000016`00f4dbe0 : nt!KeBugCheckEx
ffffd000`97aa6210 fffff800`499c6fab : 00000000`00000003 ffffe000`98fdb050 ffffe000`98fdb050 00000000`00000001 : nt!ST_STORE<SM_TRAITS>::StDmPageError+0xe5
ffffd000`97aa6280 fffff800`49918aae : ffffe000`989920f0 ffff0090`80d1f397 ffffe000`98e37040 fffff800`4991a27c : nt! ?? ::FNODOBFM::`string'+0x636ab
ffffd000`97aa6360 fffff800`499188b5 : 00000000`00000002 ffffe000`95cd9560 ffffe000`98fdb050 00000000`00000000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xb6
ffffd000`97aa63c0 fffff800`49918644 : 00000000`ffffffff 00000000`00000dbe ffffd000`0000006b ffffe000`989920f0 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x1e1
ffffd000`97aa6460 fffff800`49917cad : ffffd000`97aa6650 ffffe000`989920f0 ffffd000`0000fb38 ffffe000`9484b400 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0x118
ffffd000`97aa6520 fffff800`49917be1 : ffffe000`98fdb000 ffffe000`989920f0 ffffe000`98fdb000 fffff800`49917bc8 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x91
ffffd000`97aa6590 fffff800`498831f5 : ffffe000`989920f0 ffffd000`97aa6650 ffffe000`98fdc1d4 fffff800`498edcb0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x19
ffffd000`97aa65c0 fffff800`49917af3 : 00000000`00000003 fffff800`49b4a2c0 ffffe000`98e37000 ffffe000`98fdb000 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffd000`97aa6610 fffff800`499165b8 : ffffe000`989920f0 00000000`00000801 ffffe000`98fdb000 00000000`00000002 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xb7
ffffd000`97aa66e0 fffff800`4991625f : ffffe000`989920f0 ffffe000`989920f0 ffffe000`98fdb000 fffff800`49b4a2c0 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1c8
ffffd000`97aa6740 fffff800`49914401 : 00000000`0000000c ffffe000`9502af50 00000000`00000010 ffffe000`9502aea0 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xc7
ffffd000`97aa67d0 fffff800`49914295 : ffffe000`9502ae50 ffffd000`97aa6890 ffffd000`00000010 fffff680`00000000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x165
ffffd000`97aa6850 fffff800`49838881 : ffffd000`2000334a ffffe000`9484b001 fffffa80`79517350 ffffd000`97aa68c0 : nt!SmPageRead+0x75
ffffd000`97aa6890 fffff800`49836ae8 : 00000000`00000002 ffffe000`99273578 ffffe000`9502ae50 00000000`00000000 : nt!MiIssueHardFaultIo+0x129
ffffd000`97aa6910 fffff800`4982623d : 00000000`c0033333 ffffe000`99273578 0000005f`88f15178 ffffd000`00000000 : nt!MiIssueHardFault+0x168
ffffd000`97aa69b0 fffff800`4995ddbd : ffffe000`9484b080 00000000`00000000 ffffe000`9c17c120 ffffe000`9c17c120 : nt!MmAccessFault+0x39d
ffffd000`97aa6b00 00007ffb`bb595613 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x13d
0000005f`8fb6d090 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`bb595613
STACK_COMMAND: kb
SYMBOL_NAME: REGION_PAGED_OUT
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION:
FAILURE_BUCKET_ID: PAGE_NOT_ZERO_REGION_PAGED_OUT
BUCKET_ID: PAGE_NOT_ZERO_REGION_PAGED_OUT
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:page_not_zero_region_paged_out
FAILURE_ID_HASH: {2116c973-78f0-ac8c-fd80-e8f7849726ae}
Followup: MachineOwner
Code:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.16430.amd64fre.th1.150807-2049
Machine Name:
Kernel base = 0xfffff800`9501d000 PsLoadedModuleList = 0xfffff800`95342030
Debug session time: Sat Aug 15 21:32:22.502 2015 (UTC - 5:00)
System Uptime: 0 days 4:51:24.207
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800950a9f4e, ffffd00023e50c30, 0}
Probably caused by : dxgkrnl.sys ( dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences+48 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800950a9f4e, Address of the instruction which caused the bugcheck
Arg3: ffffd00023e50c30, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
nt!ExfReleaseRundownProtection+2e
fffff800`950a9f4e f0490fc100 lock xadd qword ptr [r8],rax
CONTEXT: ffffd00023e50c30 -- (.cxr 0xffffd00023e50c30;r)
rax=ffffffffffffffff rbx=ffffc00053107010 rcx=ffffc0005e353ff8
rdx=00000000000014d9 rsi=0000000000000000 rdi=ffffc000531070d0
rip=fffff800950a9f4e rsp=ffffd00023e51650 rbp=ffffc0005e353fa0
r8=0000000000000000 r9=ffffc0005ef6d000 r10=7fffc0005e3f40a0
r11=7ffffffffffffffc r12=ffffd00023e51770 r13=0000000000000000
r14=ffffc0005e3f4000 r15=00007ffe9a6c6da0
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!ExfReleaseRundownProtection+0x2e:
fffff800`950a9f4e f0490fc100 lock xadd qword ptr [r8],rax ds:002b:00000000`00000000=0000000000000000
Last set context:
rax=ffffffffffffffff rbx=ffffc00053107010 rcx=ffffc0005e353ff8
rdx=00000000000014d9 rsi=0000000000000000 rdi=ffffc000531070d0
rip=fffff800950a9f4e rsp=ffffd00023e51650 rbp=ffffc0005e353fa0
r8=0000000000000000 r9=ffffc0005ef6d000 r10=7fffc0005e3f40a0
r11=7ffffffffffffffc r12=ffffd00023e51770 r13=0000000000000000
r14=ffffc0005e3f4000 r15=00007ffe9a6c6da0
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!ExfReleaseRundownProtection+0x2e:
fffff800`950a9f4e f0490fc100 lock xadd qword ptr [r8],rax ds:002b:00000000`00000000=0000000000000000
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff8008d69c544 to fffff800950a9f4e
STACK_TEXT:
ffffd000`23e51650 fffff800`8d69c544 : ffffc000`53107010 00000000`00000000 00000000`00000000 ffffe001`7e040190 : nt!ExfReleaseRundownProtection+0x2e
ffffd000`23e51680 fffff800`8d6aebb6 : 00000000`00000001 ffffd000`23e517b0 00000000`00000000 ffffc000`5e3f4000 : dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences+0x48
ffffd000`23e516b0 fffff800`8d6a9bac : ffffc000`5e3f4000 fffff800`8d6a9b16 ffffc000`5e3f4000 fffff800`8d63313c : dxgkrnl!DXGDEVICE::DestroyAllocations+0xca
ffffd000`23e51840 fffff800`8d6a8ea2 : ffffd000`23e51950 ffffc000`5e3f4000 ffffc000`5e3f4000 ffffc000`5e3f4000 : dxgkrnl!DXGDEVICE::DrainAllocations+0x5c
ffffd000`23e518a0 fffff800`8d69e8c3 : ffffc000`5e3f4000 ffffe001`7e0834d0 ffffd000`23e51950 ffffc000`5e3f4000 : dxgkrnl!DXGDEVICE::DestroyAllDeviceState+0x166
ffffd000`23e518e0 fffff800`8d69e9a8 : ffffc000`5e3f4000 ffffc000`5e3f4000 ffffc000`5e3f4000 fffff800`8d63252d : dxgkrnl!ADAPTER_RENDER::DestroyDevice+0xa7
ffffd000`23e51910 fffff800`8d69ea5a : ffffc000`5e3f4000 ffffe001`00000001 ffffc000`5e3f4000 ffffc000`5e3f4000 : dxgkrnl!ADAPTER_RENDER::DestroyDeviceNoLocksInternal+0x70
ffffd000`23e519b0 fffff800`8d6990f7 : ffffc000`5e3f4000 ffffd000`23e51a40 0000009b`784e2a98 ffffc000`53107010 : dxgkrnl!ADAPTER_RENDER::DestroyDeviceNoLocks+0x7a
ffffd000`23e519e0 fffff800`95175363 : ffffe001`7ec15080 00000000`00000020 00000000`00000000 ffffe001`7bad0fe0 : dxgkrnl!DxgkDestroyDevice+0x277
ffffd000`23e51b00 00007ffe`9f2af11a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000009b`6b66cd08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`9f2af11a
FOLLOWUP_IP:
dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences+48
fffff800`8d69c544 4883670800 and qword ptr [rdi+8],0
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences+48
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgkrnl
IMAGE_NAME: dxgkrnl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 55bebfed
IMAGE_VERSION: 10.0.10240.16425
STACK_COMMAND: .cxr 0xffffd00023e50c30 ; kb
BUCKET_ID_FUNC_OFFSET: 48
FAILURE_BUCKET_ID: 0x3B_dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences
BUCKET_ID: 0x3B_dxgkrnl!ADAPTER_RENDER::FreeAllocationHandleAndWaitForZeroReferences
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_dxgkrnl!adapter_render::freeallocationhandleandwaitforzeroreferences
FAILURE_ID_HASH: {ea3e938a-b8b4-5f7e-83a4-50ee413e8487}
Followup: MachineOwner
---------
Code:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.16430.amd64fre.th1.150807-2049
Machine Name:
Kernel base = 0xfffff803`d587a000 PsLoadedModuleList = 0xfffff803`d5b9f030
Debug session time: Sat Aug 15 22:01:18.791 2015 (UTC - 5:00)
System Uptime: 0 days 0:28:22.498
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd00024e2b030, ffffd00024e2af88, 0}
Probably caused by : Pool_Corruption ( nt!ExFreePool+d6f )
Followup: Pool_corruption
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00024e2b030, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00024e2af88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00024e2b030 -- (.trap 0xffffd00024e2b030)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc0002f882fe0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffc0002f1ca660 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803d5aeea37 rsp=ffffd00024e2b1c0 rbp=000000000000001a
r8=ffffc0002f882fa0 r9=ffffc0002fcc7f20 r10=ffffc000311a02f0
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!ExFreePool+0xd6f:
fffff803`d5aeea37 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd00024e2af88 -- (.exr 0xffffd00024e2af88)
ExceptionAddress: fffff803d5aeea37 (nt!ExFreePool+0x0000000000000d6f)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
EXCEPTION_STR: 0x0
LAST_CONTROL_TRANSFER: from fffff803d59d26a9 to fffff803d59c7d00
STACK_TEXT:
ffffd000`24e2ad08 fffff803`d59d26a9 : 00000000`00000139 00000000`00000003 ffffd000`24e2b030 ffffd000`24e2af88 : nt!KeBugCheckEx
ffffd000`24e2ad10 fffff803`d59d29d0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`24e2ae50 fffff803`d59d1bf4 : 00000000`0000003f fffff803`d5c53200 00000000`00000002 0000057f`9904ed36 : nt!KiFastFailDispatch+0xd0
ffffd000`24e2b030 fffff803`d5aeea37 : ffffe001`96cdbb60 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`24e2b1c0 fffff803`d5aec772 : fffff803`00000000 ffffc000`2effe960 00000000`00000001 ffffe001`96601140 : nt!ExFreePool+0xd6f
ffffd000`24e2b240 fffff803`d5c87385 : 00000000`00000000 ffffd000`00000000 ffffd000`24e2b419 fffff803`00000000 : nt!ExFreePoolWithTag+0x772
ffffd000`24e2b320 fffff803`d589294e : 00000000`00000000 ffffc000`41849150 ffffd000`24e2b419 fffff803`d5bc0350 : nt!PfpRpFileKeyUpdate+0x4d5
ffffd000`24e2b3b0 fffff800`65e2b855 : 00000000`00000000 00000000`00000000 ffffc000`2f272380 ffffd000`24e2b5a0 : nt!PfFileInfoNotify+0x5be
ffffd000`24e2b480 fffff800`65e2b0df : ffffe001`00000000 ffffc000`2ff54690 ffffc000`2ff54648 fffff800`657353e8 : fileinfo!FIStreamLog+0x155
ffffd000`24e2b580 fffff800`65708859 : ffffe001`9bc7e778 00000000`00000706 ffffffff`ffffffff ffffe001`9bc7e778 : fileinfo!FIStreamCleanup+0x9f
ffffd000`24e2b5e0 fffff800`65733c2f : 00000000`00000000 fffff800`65700000 00000000`00000000 ffffc000`2ff54648 : FLTMGR!DoFreeContext+0x59
ffffd000`24e2b610 fffff800`6573537e : ffffe001`9bc7e778 00000000`00000705 ffffffff`ffffffff ffffe001`985fa290 : FLTMGR!FltpDeleteContextList+0xaf
ffffd000`24e2b640 fffff800`657363e2 : ffffe001`9bc7e730 ffffe001`98513180 00000000`00000702 ffffe001`98513180 : FLTMGR!CleanupStreamListCtrl+0x4a
ffffd000`24e2b680 fffff803`d5d5ef06 : 00000000`00000000 00000000`00000700 00000000`00000000 ffffe001`975115f8 : FLTMGR!DeleteStreamListCtrlCallback+0x92
ffffd000`24e2b6c0 fffff800`65f8c7be : ffffc000`41849150 ffffe001`9bc7e738 ffffd000`24e2b818 ffffe001`98513180 : nt!FsRtlTeardownPerStreamContexts+0x62
ffffd000`24e2b720 fffff800`65f8c3d6 : ffffc000`3fecf318 ffffc000`00000000 ffffe001`9ab319d8 fffff800`65ede766 : NTFS!NtfsDeleteScb+0x36e
ffffd000`24e2b7c0 fffff800`65edc343 : ffffc000`41849048 ffffc000`41849150 ffffc000`41849010 ffff903b`f3d64df8 : NTFS!NtfsRemoveScb+0xa6
ffffd000`24e2b810 fffff800`65f8c11f : ffffc000`41849010 ffffd000`24e2ba40 ffffd000`24e2b952 ffffc000`2f7e1aa0 : NTFS!NtfsPrepareFcbForRemoval+0x63
ffffd000`24e2b850 fffff800`65edd170 : ffffe001`9c0c9738 ffffd000`24e2b952 ffffc000`41849420 ffffe001`9c0c9738 : NTFS!NtfsTeardownStructures+0x8f
ffffd000`24e2b8d0 fffff800`65f8e191 : ffffd000`24e2ba78 ffffd000`00000000 ffffd000`24e2ba40 ffffe001`9c0c9738 : NTFS!NtfsDecrementCloseCounts+0xd0
ffffd000`24e2b910 fffff800`65f8b612 : ffffe001`9c0c9738 ffffc000`41849150 ffffc000`41849010 ffffe001`98513180 : NTFS!NtfsCommonClose+0x401
ffffd000`24e2b9e0 fffff803`d58f26a9 : fffff803`d5c53340 ffffe001`96cdb840 fffff803`d5c53200 fffff803`d5c53340 : NTFS!NtfsFspCloseInternal+0x1a6
ffffd000`24e2bb70 fffff803`d5960948 : 00000000`00000000 00000000`00000080 fffff803`d5c53340 ffffe001`96cdb840 : nt!ExpWorkerThread+0xe9
ffffd000`24e2bc00 fffff803`d59ccde6 : ffffd001`b2689180 ffffe001`96cdb840 ffffd001`b2695c40 00000000`00000000 : nt!PspSystemThreadStartup+0x58
ffffd000`24e2bc60 00000000`00000000 : ffffd000`24e2c000 ffffd000`24e26000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePool+d6f
fffff803`d5aeea37 cd29 int 29h
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ExFreePool+d6f
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.10240.16430
MODULE_NAME: Pool_Corruption
BUCKET_ID_FUNC_OFFSET: d6f
FAILURE_BUCKET_ID: 0x139_3_nt!ExFreePool
BUCKET_ID: 0x139_3_nt!ExFreePool
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_nt!exfreepool
FAILURE_ID_HASH: {69f2cbfc-cf7d-eab0-c350-960c83bc118e}
Followup: Pool_corruption
---------
Code:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.16430.amd64fre.th1.150807-2049
Machine Name:
Kernel base = 0xfffff803`bce06000 PsLoadedModuleList = 0xfffff803`bd12b030
Debug session time: Mon Aug 17 14:14:50.537 2015 (UTC - 5:00)
System Uptime: 0 days 3:00:59.243
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd00021413ec0, ffffd00021413e18, 0}
Probably caused by : Npfs.SYS ( Npfs!NpFsdCreate+21f )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00021413ec0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00021413e18, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00021413ec0 -- (.trap 0xffffd00021413ec0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0006b2c4f88 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe0006b116538 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800c7f5ccc6 rsp=ffffd00021414050 rbp=fffff800c7f74000
r8=ffffd00021414080 r9=0000000000000000 r10=fffff800c7f50000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
FLTMGR!FltpPerformPostCallbacks+0x9926:
fffff800`c7f5ccc6 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd00021413e18 -- (.exr 0xffffd00021413e18)
ExceptionAddress: fffff800c7f5ccc6 (FLTMGR!FltpPerformPostCallbacks+0x0000000000009926)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: nvtray.exe
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
EXCEPTION_STR: 0x0
LAST_CONTROL_TRANSFER: from fffff803bcf5e6a9 to fffff803bcf53d00
STACK_TEXT:
ffffd000`21413b98 fffff803`bcf5e6a9 : 00000000`00000139 00000000`00000003 ffffd000`21413ec0 ffffd000`21413e18 : nt!KeBugCheckEx
ffffd000`21413ba0 fffff803`bcf5e9d0 : ffff03de`6872f945 ffffd000`ac06eaf0 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`21413ce0 fffff803`bcf5dbf4 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`06451530 : nt!KiFastFailDispatch+0xd0
ffffd000`21413ec0 fffff800`c7f5ccc6 : 00000000`00000000 fffff803`bd160d00 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`21414050 fffff800`c7f53086 : fffffff6`00000000 00000001`ffffff00 00000000`00000002 00000000`00000000 : FLTMGR!FltpPerformPostCallbacks+0x9926
ffffd000`21414120 fffff803`bce5126d : 00000000`00000000 ffffe000`6ace3e10 ffffe000`68ddc850 ffffe000`6ace3ee3 : FLTMGR!FltpPassThroughCompletionWorker+0x76
ffffd000`21414160 fffff800`c916c6bf : ffffe000`695bd1c0 ffffe000`00000002 ffffe000`69c849d0 00000000`00000000 : nt!IopfCompleteRequest+0x20d
ffffd000`21414220 fffff800`c7f551c4 : ffffd000`21414401 ffffe000`0012019f ffffe000`00000000 ffffe000`6b3dab10 : Npfs!NpFsdCreate+0x21f
ffffd000`21414350 fffff800`c7f8383a : ffffe000`68ddc850 ffffd000`abe8f000 00000000`00000001 00000000`00000801 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4
ffffd000`214143d0 fffff803`bd232866 : 00000000`00000000 00000000`00000005 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x34a
ffffd000`21414480 fffff803`bd22d9d1 : ffffc000`f862a888 ffffc000`f862a888 ffffd000`21414790 ffffe000`65772ae0 : nt!IopParseDevice+0x9a6
ffffd000`21414690 fffff803`bd28c38c : ffffe000`6b3dab01 ffffd000`214148b8 ffffe000`00000040 ffffe000`64b0e9a0 : nt!ObpLookupObjectName+0x711
ffffd000`21414830 fffff803`bd28869c : 00000000`00000001 ffffe000`6b1d3b10 00000000`00cae5b8 00000000`00cae558 : nt!ObOpenObjectByName+0x1ec
ffffd000`21414960 fffff803`bd2882e9 : 00000000`00cae540 ffffd000`21414b00 00000000`00cae5b8 00000000`00cae558 : nt!IopCreateFile+0x38c
ffffd000`21414a00 fffff803`bcf5e363 : ffffc000`fde3c740 fffff803`bd22705d 00000000`00000000 fffff803`bd212978 : nt!NtCreateFile+0x79
ffffd000`21414a90 00007fff`4f5b3a4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00cae4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`4f5b3a4a
STACK_COMMAND: kb
FOLLOWUP_IP:
Npfs!NpFsdCreate+21f
fffff800`c916c6bf 488d45a7 lea rax,[rbp-59h]
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: Npfs!NpFsdCreate+21f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 559f3835
IMAGE_VERSION: 10.0.10240.16384
BUCKET_ID_FUNC_OFFSET: 21f
FAILURE_BUCKET_ID: 0x139_3_Npfs!NpFsdCreate
BUCKET_ID: 0x139_3_Npfs!NpFsdCreate
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_npfs!npfsdcreate
FAILURE_ID_HASH: {64b89ae6-1ec3-3364-d900-e0a9d0a312c5}
Followup: MachineOwner
---------