vozersky/id1503381 - 1 Secret

## id1503381 - 1

Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Downloads\Dumps\020917-40875-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 14393 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.693.amd64fre.rs1_release.161220-1747
Machine Name:
Kernel base = 0xfffff802`57618000 PsLoadedModuleList = 0xfffff802`5791d060
Debug session time: Thu Feb  9 15:43:58.534 2017 (UTC + 3:00)
System Uptime: 0 days 12:13:11.299
Loading Kernel Symbols
...............................................................
................................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80904ade01a, ffffa60069e3e0b0, 0}

*** WARNING: Unable to verify timestamp for klwtp.sys
*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
Probably caused by : NETIO.SYS ( NETIO!StreamProcessCallout+2ae )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80904ade01a, Address of the instruction which caused the bugcheck
Arg3: ffffa60069e3e0b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP:
NETIO!StreamProcessCallout+2ae
fffff809`04ade01a 837f5003        cmp     dword ptr [rdi+50h],3

CONTEXT:  ffffa60069e3e0b0 -- (.cxr 0xffffa60069e3e0b0;r)
rax=fffff80904b31000 rbx=ffffba0d51427be0 rcx=fffff80904b31ae0
rdx=ffffba0d461f2f70 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80904ade01a rsp=ffffa60069e3eac0 rbp=ffffa60069e3ebb1
 r8=fffff80904b31ae0  r9=0000000000000000 r10=fffff80904b31ae0
r11=ffffa60069e3ea68 r12=0000000000000001 r13=ffffba0d522f4201
r14=ffffa60069e3f2c0 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
NETIO!StreamProcessCallout+0x2ae:
fffff809`04ade01a 837f5003        cmp     dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
Last set context:
rax=fffff80904b31000 rbx=ffffba0d51427be0 rcx=fffff80904b31ae0
rdx=ffffba0d461f2f70 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80904ade01a rsp=ffffa60069e3eac0 rbp=ffffa60069e3ebb1
 r8=fffff80904b31ae0  r9=0000000000000000 r10=fffff80904b31ae0
r11=ffffa60069e3ea68 r12=0000000000000001 r13=ffffba0d522f4201
r14=ffffa60069e3f2c0 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
NETIO!StreamProcessCallout+0x2ae:
fffff809`04ade01a 837f5003        cmp     dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80904add8b7 to fffff80904ade01a

STACK_TEXT:
ffffa600`69e3eac0 fffff809`04add8b7 : ffffba0d`45490014 fffff809`07561890 ffffba0d`00000001 ffffba0d`522f4210 : NETIO!StreamProcessCallout+0x2ae
ffffa600`69e3ec00 fffff809`04add02e : 00000000`00000014 ffffba0d`522f4210 ffffba0d`503941c0 ffffa600`69e3f2c0 : NETIO!ProcessCallout+0x6b7
ffffa600`69e3ed80 fffff809`04adb1c3 : a546c84a`e8f7a0d5 ffffa600`69e3efc0 00000000`00000000 00010101`011fffff : NETIO!ArbitrateAndEnforce+0x4ee
ffffa600`69e3eec0 fffff809`04b1bc65 : ffffba0d`461f0b40 fffff809`04ae0a95 00000000`00000005 00000000`00000002 : NETIO!KfdClassify+0x303
ffffa600`69e3f270 fffff809`04b1b708 : 00000000`00000000 ffffa600`69e3f411 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
ffffa600`69e3f390 fffff809`04b18e25 : 00000000`00000014 ffffba0d`50394010 00000000`00000000 ffffba0d`50bc48c0 : NETIO!StreamInject+0x214
ffffa600`69e3f460 fffff809`04e1683d : ffffba0d`50394010 00000000`00000168 00000000`00000000 fffff802`00000005 : NETIO!FwppStreamInject+0x135
ffffa600`69e3f4f0 fffff809`0759a0be : ffffba0d`53dba010 ffffa600`69e3f5c1 ffffba0d`52956788 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
ffffa600`69e3f550 ffffba0d`53dba010 : ffffa600`69e3f5c1 ffffba0d`52956788 00000000`00000000 00000000`00000168 : klwtp+0xa0be
ffffa600`69e3f558 ffffa600`69e3f5c1 : ffffba0d`52956788 00000000`00000000 00000000`00000168 00000000`00000014 : 0xffffba0d`53dba010
ffffa600`69e3f560 ffffba0d`52956788 : 00000000`00000000 00000000`00000168 00000000`00000014 001f0003`00000005 : 0xffffa600`69e3f5c1
ffffa600`69e3f568 00000000`00000000 : 00000000`00000168 00000000`00000014 001f0003`00000005 ffffba0d`50bc48c0 : 0xffffba0d`52956788


FOLLOWUP_IP:
NETIO!StreamProcessCallout+2ae
fffff809`04ade01a 837f5003        cmp     dword ptr [rdi+50h],3

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  NETIO!StreamProcessCallout+2ae

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  57899b40

IMAGE_VERSION:  10.0.14393.0

STACK_COMMAND:  .cxr 0xffffa60069e3e0b0 ; kb

BUCKET_ID_FUNC_OFFSET:  2ae

FAILURE_BUCKET_ID:  0x3B_NETIO!StreamProcessCallout

BUCKET_ID:  0x3B_NETIO!StreamProcessCallout

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_netio!streamprocesscallout

FAILURE_ID_HASH:  {12d5d042-1527-3ed4-7567-edbc67fa5418}

Followup: MachineOwner
---------

	Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
	Copyright (c) Microsoft Corporation. All rights reserved.


	Loading Dump File [D:\Downloads\Dumps\020917-40875-01.dmp]
	Mini Kernel Dump File: Only registers and stack trace are available


	*********** Symbol Path validation summary ************
	Response Time (ms) Location
	Deferred srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Symbol search path is: srvc:\symbolshttps://msdl.microsoft.com/download/symbols
	Executable search path is:
	Windows 8 Kernel Version 14393 MP (4 procs) Free x64
	Product: WinNt, suite: TerminalServer SingleUserTS
	Built by: 14393.693.amd64fre.rs1_release.161220-1747
	Machine Name:
	Kernel base = 0xfffff802`57618000 PsLoadedModuleList = 0xfffff802`5791d060
	Debug session time: Thu Feb 9 15:43:58.534 2017 (UTC + 3:00)
	System Uptime: 0 days 12:13:11.299
	Loading Kernel Symbols
	...............................................................
	................................................................
	................................................................
	......................
	Loading User Symbols
	Loading unloaded module list
	........................
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	Use !analyze -v to get detailed debugging information.

	BugCheck 3B, {c0000005, fffff80904ade01a, ffffa60069e3e0b0, 0}

	*** WARNING: Unable to verify timestamp for klwtp.sys
	*** ERROR: Module load completed but symbols could not be loaded for klwtp.sys
	Probably caused by : NETIO.SYS ( NETIO!StreamProcessCallout+2ae )

	Followup: MachineOwner
	---------

	3: kd> !analyze -v
	*******************************************************************************
	* *
	* Bugcheck Analysis *
	* *
	*******************************************************************************

	SYSTEM_SERVICE_EXCEPTION (3b)
	An exception happened while executing a system service routine.
	Arguments:
	Arg1: 00000000c0000005, Exception code that caused the bugcheck
	Arg2: fffff80904ade01a, Address of the instruction which caused the bugcheck
	Arg3: ffffa60069e3e0b0, Address of the context record for the exception that caused the bugcheck
	Arg4: 0000000000000000, zero.

	Debugging Details:
	------------------


	EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

	FAULTING_IP:
	NETIO!StreamProcessCallout+2ae
	fffff809`04ade01a 837f5003 cmp dword ptr [rdi+50h],3

	CONTEXT: ffffa60069e3e0b0 -- (.cxr 0xffffa60069e3e0b0;r)
	rax=fffff80904b31000 rbx=ffffba0d51427be0 rcx=fffff80904b31ae0
	rdx=ffffba0d461f2f70 rsi=0000000000000000 rdi=0000000000000000
	rip=fffff80904ade01a rsp=ffffa60069e3eac0 rbp=ffffa60069e3ebb1
	r8=fffff80904b31ae0 r9=0000000000000000 r10=fffff80904b31ae0
	r11=ffffa60069e3ea68 r12=0000000000000001 r13=ffffba0d522f4201
	r14=ffffa60069e3f2c0 r15=0000000000000000
	iopl=0 nv up ei pl zr na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
	NETIO!StreamProcessCallout+0x2ae:
	fffff809`04ade01a 837f5003 cmp dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
	Last set context:
	rax=fffff80904b31000 rbx=ffffba0d51427be0 rcx=fffff80904b31ae0
	rdx=ffffba0d461f2f70 rsi=0000000000000000 rdi=0000000000000000
	rip=fffff80904ade01a rsp=ffffa60069e3eac0 rbp=ffffa60069e3ebb1
	r8=fffff80904b31ae0 r9=0000000000000000 r10=fffff80904b31ae0
	r11=ffffa60069e3ea68 r12=0000000000000001 r13=ffffba0d522f4201
	r14=ffffa60069e3f2c0 r15=0000000000000000
	iopl=0 nv up ei pl zr na po nc
	cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
	NETIO!StreamProcessCallout+0x2ae:
	fffff809`04ade01a 837f5003 cmp dword ptr [rdi+50h],3 ds:002b:00000000`00000050=????????
	Resetting default scope

	CUSTOMER_CRASH_COUNT: 1

	DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

	BUGCHECK_STR: 0x3B

	PROCESS_NAME: avp.exe

	CURRENT_IRQL: 0

	ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

	LAST_CONTROL_TRANSFER: from fffff80904add8b7 to fffff80904ade01a

	STACK_TEXT:
	ffffa600`69e3eac0 fffff809`04add8b7 : ffffba0d`45490014 fffff809`07561890 ffffba0d`00000001 ffffba0d`522f4210 : NETIO!StreamProcessCallout+0x2ae
	ffffa600`69e3ec00 fffff809`04add02e : 00000000`00000014 ffffba0d`522f4210 ffffba0d`503941c0 ffffa600`69e3f2c0 : NETIO!ProcessCallout+0x6b7
	ffffa600`69e3ed80 fffff809`04adb1c3 : a546c84a`e8f7a0d5 ffffa600`69e3efc0 00000000`00000000 00010101`011fffff : NETIO!ArbitrateAndEnforce+0x4ee
	ffffa600`69e3eec0 fffff809`04b1bc65 : ffffba0d`461f0b40 fffff809`04ae0a95 00000000`00000005 00000000`00000002 : NETIO!KfdClassify+0x303
	ffffa600`69e3f270 fffff809`04b1b708 : 00000000`00000000 ffffa600`69e3f411 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109
	ffffa600`69e3f390 fffff809`04b18e25 : 00000000`00000014 ffffba0d`50394010 00000000`00000000 ffffba0d`50bc48c0 : NETIO!StreamInject+0x214
	ffffa600`69e3f460 fffff809`04e1683d : ffffba0d`50394010 00000000`00000168 00000000`00000000 fffff802`00000005 : NETIO!FwppStreamInject+0x135
	ffffa600`69e3f4f0 fffff809`0759a0be : ffffba0d`53dba010 ffffa600`69e3f5c1 ffffba0d`52956788 00000000`00000000 : fwpkclnt!FwpsStreamInjectAsync0+0xfd
	ffffa600`69e3f550 ffffba0d`53dba010 : ffffa600`69e3f5c1 ffffba0d`52956788 00000000`00000000 00000000`00000168 : klwtp+0xa0be
	ffffa600`69e3f558 ffffa600`69e3f5c1 : ffffba0d`52956788 00000000`00000000 00000000`00000168 00000000`00000014 : 0xffffba0d`53dba010
	ffffa600`69e3f560 ffffba0d`52956788 : 00000000`00000000 00000000`00000168 00000000`00000014 001f0003`00000005 : 0xffffa600`69e3f5c1
	ffffa600`69e3f568 00000000`00000000 : 00000000`00000168 00000000`00000014 001f0003`00000005 ffffba0d`50bc48c0 : 0xffffba0d`52956788


	FOLLOWUP_IP:
	NETIO!StreamProcessCallout+2ae
	fffff809`04ade01a 837f5003 cmp dword ptr [rdi+50h],3

	SYMBOL_STACK_INDEX: 0

	SYMBOL_NAME: NETIO!StreamProcessCallout+2ae

	FOLLOWUP_NAME: MachineOwner

	MODULE_NAME: NETIO

	IMAGE_NAME: NETIO.SYS

	DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40

	IMAGE_VERSION: 10.0.14393.0

	STACK_COMMAND: .cxr 0xffffa60069e3e0b0 ; kb

	BUCKET_ID_FUNC_OFFSET: 2ae

	FAILURE_BUCKET_ID: 0x3B_NETIO!StreamProcessCallout

	BUCKET_ID: 0x3B_NETIO!StreamProcessCallout

	ANALYSIS_SOURCE: KM

	FAILURE_ID_HASH_STRING: km:0x3b_netio!streamprocesscallout

	FAILURE_ID_HASH: {12d5d042-1527-3ed4-7567-edbc67fa5418}

	Followup: MachineOwner
	---------