-
-
Save vozersky/91073e2147aaa8b23548517d2968e207 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| Loading Dump File [C:\Users\user\Desktop\Minidump\021817-5296-01.dmp] | |
| Mini Kernel Dump File: Only registers and stack trace are available | |
| ************* Symbol Path validation summary ************** | |
| Response Time (ms) Location | |
| Deferred srv*c:\symbols*https://msdl.microsoft.com/download/symbols | |
| Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols | |
| Executable search path is: | |
| Windows 8 Kernel Version 14393 MP (8 procs) Free x64 | |
| Product: WinNt, suite: TerminalServer SingleUserTS | |
| Built by: 14393.693.amd64fre.rs1_release.161220-1747 | |
| Machine Name: | |
| Kernel base = 0xfffff803`29e13000 PsLoadedModuleList = 0xfffff803`2a118060 | |
| Debug session time: Sat Feb 18 14:23:52.440 2017 (UTC + 3:00) | |
| System Uptime: 0 days 0:21:31.143 | |
| Loading Kernel Symbols | |
| ............................................................... | |
| ................................................................ | |
| ....................................................... | |
| Loading User Symbols | |
| Loading unloaded module list | |
| ...... | |
| ******************************************************************************* | |
| * * | |
| * Bugcheck Analysis * | |
| * * | |
| ******************************************************************************* | |
| Use !analyze -v to get detailed debugging information. | |
| BugCheck 3B, {c0000005, fffff801f913e9f3, ffff8d012f9e70c0, 0} | |
| *** WARNING: Unable to verify timestamp for epfwwfp.sys | |
| *** ERROR: Module load completed but symbols could not be loaded for epfwwfp.sys | |
| Probably caused by : NETIO.SYS ( NETIO!StreamInvokeCalloutAndNormalizeAction+20f ) | |
| Followup: MachineOwner | |
| --------- | |
| 4: kd> !analyze -v | |
| ******************************************************************************* | |
| * * | |
| * Bugcheck Analysis * | |
| * * | |
| ******************************************************************************* | |
| SYSTEM_SERVICE_EXCEPTION (3b) | |
| An exception happened while executing a system service routine. | |
| Arguments: | |
| Arg1: 00000000c0000005, Exception code that caused the bugcheck | |
| Arg2: fffff801f913e9f3, Address of the instruction which caused the bugcheck | |
| Arg3: ffff8d012f9e70c0, Address of the context record for the exception that caused the bugcheck | |
| Arg4: 0000000000000000, zero. | |
| Debugging Details: | |
| ------------------ | |
| OVERLAPPED_MODULE: Address regions for 'mrxsmb10' and 'dump_storpor' overlap | |
| EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text> | |
| FAULTING_IP: | |
| NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
| fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 | |
| CONTEXT: ffff8d012f9e70c0 -- (.cxr 0xffff8d012f9e70c0;r) | |
| rax=ffffa285e73f9b01 rbx=ffff8d012f9e7cb0 rcx=ffff8d012a140100 | |
| rdx=0000000000001001 rsi=ffff8d012f9e7c80 rdi=ffffa285e73f9be0 | |
| rip=fffff801f913e9f3 rsp=ffff8d012f9e7ad0 rbp=ffff8d012f9e7b59 | |
| r8=0000000000000000 r9=0000000000000014 r10=fffff801f9191ae0 | |
| r11=000000000013dd0f r12=0000000000000000 r13=0000000000000004 | |
| r14=ffff8d012f9e7f80 r15=fffff801f9191000 | |
| iopl=0 nv up ei pl zr na po nc | |
| cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 | |
| NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f: | |
| fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 ds:002b:00000000`00000050=???????? | |
| Last set context: | |
| rax=ffffa285e73f9b01 rbx=ffff8d012f9e7cb0 rcx=ffff8d012a140100 | |
| rdx=0000000000001001 rsi=ffff8d012f9e7c80 rdi=ffffa285e73f9be0 | |
| rip=fffff801f913e9f3 rsp=ffff8d012f9e7ad0 rbp=ffff8d012f9e7b59 | |
| r8=0000000000000000 r9=0000000000000014 r10=fffff801f9191ae0 | |
| r11=000000000013dd0f r12=0000000000000000 r13=0000000000000004 | |
| r14=ffff8d012f9e7f80 r15=fffff801f9191000 | |
| iopl=0 nv up ei pl zr na po nc | |
| cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 | |
| NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f: | |
| fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 ds:002b:00000000`00000050=???????? | |
| Resetting default scope | |
| CUSTOMER_CRASH_COUNT: 1 | |
| DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT | |
| BUGCHECK_STR: 0x3B | |
| PROCESS_NAME: ekrn.exe | |
| CURRENT_IRQL: 0 | |
| ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre | |
| LAST_CONTROL_TRANSFER: from fffff801f913f3c0 to fffff801f913e9f3 | |
| STACK_TEXT: | |
| ffff8d01`2f9e7ad0 fffff801`f913f3c0 : ffffa285`e73f9be0 ffffa285`e73f9be0 00000000`00000000 ffff8d01`2f9e7f80 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x20f | |
| ffff8d01`2f9e7bb0 fffff801`f913e3f6 : ffffa285`e73f9be0 00000000`00000000 00000000`00000000 ffffa285`e73f9be0 : NETIO!StreamCalloutProcessDisconnect+0x34 | |
| ffff8d01`2f9e7c00 fffff801`f913d8b7 : ffffa285`df740014 fffff801`fa9e1890 ffffa285`00000001 ffffa285`dfb80670 : NETIO!StreamProcessCallout+0x68a | |
| ffff8d01`2f9e7d40 fffff801`f913d02e : 00000001`ffff0014 ffffa285`dfb80670 ffffa285`dfb9a770 ffff8d01`2f9e8400 : NETIO!ProcessCallout+0x6b7 | |
| ffff8d01`2f9e7ec0 fffff801`f913b1c3 : 790e1823`e2695c45 ffff8d01`2f9e8100 00000000`00000000 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x4ee | |
| ffff8d01`2f9e8000 fffff801`f917bc65 : ffffa285`e1dbd280 fffff801`f9140a95 00000000`00000000 00000000`00000000 : NETIO!KfdClassify+0x303 | |
| ffff8d01`2f9e83b0 fffff801`f917b708 : 00000000`00000000 ffff8d01`2f9e8551 00000000`00000000 00000000`00000000 : NETIO!StreamInternalClassify+0x109 | |
| ffff8d01`2f9e84d0 fffff801`f9178e25 : 00000000`00000014 ffffa285`dfb9a5c0 00000000`00000000 ffffa285`e8397570 : NETIO!StreamInject+0x214 | |
| ffff8d01`2f9e85a0 fffff801`f947683d : ffffa285`dfb9a5c0 00000000`00000128 00000000`00000000 ffffa285`00000005 : NETIO!FwppStreamInject+0x135 | |
| ffff8d01`2f9e8630 fffff801`faa04904 : ffffa285`e3207ba0 00000000`00000005 00000000`00000000 ffffa285`dfd2dbf8 : fwpkclnt!FwpsStreamInjectAsync0+0xfd | |
| ffff8d01`2f9e8690 ffffa285`e3207ba0 : 00000000`00000005 00000000`00000000 ffffa285`dfd2dbf8 00000000`00000128 : epfwwfp+0x4904 | |
| ffff8d01`2f9e8698 00000000`00000005 : 00000000`00000000 ffffa285`dfd2dbf8 00000000`00000128 00000000`00000014 : 0xffffa285`e3207ba0 | |
| ffff8d01`2f9e86a0 00000000`00000000 : ffffa285`dfd2dbf8 00000000`00000128 00000000`00000014 ffffa285`00000005 : 0x5 | |
| FOLLOWUP_IP: | |
| NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
| fffff801`f913e9f3 4183785003 cmp dword ptr [r8+50h],3 | |
| SYMBOL_STACK_INDEX: 0 | |
| SYMBOL_NAME: NETIO!StreamInvokeCalloutAndNormalizeAction+20f | |
| FOLLOWUP_NAME: MachineOwner | |
| MODULE_NAME: NETIO | |
| IMAGE_NAME: NETIO.SYS | |
| DEBUG_FLR_IMAGE_TIMESTAMP: 57899b40 | |
| IMAGE_VERSION: 10.0.14393.0 | |
| STACK_COMMAND: .cxr 0xffff8d012f9e70c0 ; kb | |
| BUCKET_ID_FUNC_OFFSET: 20f | |
| FAILURE_BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction | |
| BUCKET_ID: 0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction | |
| ANALYSIS_SOURCE: KM | |
| FAILURE_ID_HASH_STRING: km:0x3b_netio!streaminvokecalloutandnormalizeaction | |
| FAILURE_ID_HASH: {5c8d1e60-d80c-cb2d-a65a-8d02e5eeeffd} | |
| Followup: MachineOwner | |
| --------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment