New
#11
Your wifi driver (RTL8192su.sys;Realtek) was doing most of the workload for the thread that caused that single crash. While I can't tell anything beyond this tiny minidump, that's where we can start with. I saw the driver dated from Aug 2011, so you may wanna check for an update with it, also checking an update for your BIOS as well since that can interfere as well. I assume this is a USB wifi dongle given that I'm seeing USB activity in the stack as well, and I know from experience those wifi dongles can sometimes be a little iffy in stability when it comes to drivers.
If none of the previous recommendations fixes anything, I recommend you turn on Driver Verifier, let it crash the system some, and then send us the crashdumps.
Oh, and don't rule out the CA Antivirus here. I've seen it cause stability issues with people, so it wouldn't be any exception here. However, as of now it is not a prime suspect given the current (albeit sparse) data.
Analysts:
One of the first items to look at in a crashdump is the raw stack of the faulting thread. I'll forgo using Niemiro's tidy little extension he's made for Windbg for such an occasion and demonstrate how to do so without:
Code:1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 0000000100000023, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff800033b624c, address which referenced memory Debugging Details: ------------------ TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2 BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExAllocatePoolWithTag+16c fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: System TRAP_FRAME: fffff8800311a640 -- (.trap 0xfffff8800311a640) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000ffffffff rbx=0000000000000000 rcx=fffffa800afe9ed1 rdx=fffffa8007c937c1 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800033b624c rsp=fffff8800311a7d8 rbp=fffffa8000000000 r8=0000000000000801 r9=fffff8000320c000 r10=fffff880009eab20 r11=fffff8800311a9b8 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!ExAllocatePoolWithTag+0x16c: fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h] ds:00000001`00000023=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000328a569 to fffff8000328afc0 STACK_TEXT: fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69 fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260 fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c STACK_COMMAND: kb FOLLOWUP_IP: nt!ExAllocatePoolWithTag+16c fffff800`033b624c 8b4824 mov ecx,dword ptr [rax+24h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExAllocatePoolWithTag+16c FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+16c BUCKET_ID: X64_0xC5_2_nt!ExAllocatePoolWithTag+16c Followup: MachineOwner --------- 1: kd> !thread GetPointerFromAddress: unable to read from fffff800034ba000 THREAD fffff880009f50c0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1 Not impersonating GetUlongFromAddress: unable to read from fffff800033f9ba4 Owning Process fffff8000340c180 Image: <Unknown> Attached Process fffffa80066dd040 Image: System fffff78000000000: Unable to get shared data Wait Start TickCount 1022583 Context Switch Count 1095647 IdealProcessor: 1 ReadMemory error: Cannot get nt!KeMaximumIncrement value. UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiIdleLoop (0xfffff80003282c70) Stack Init fffff8800311bc70 Current fffff8800311bc00 Base fffff8800311c000 Limit fffff88003116000 Call 0 Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0 Child-SP RetAddr : Args to Child : Call Site fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69 fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0311a640) fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c 1: kd> dps fffff88003116000 fffff8800311c000 //start of range is Limit, end of range is Base, since stacks grow backwards. fffff880`03116000 ????????`???????? fffff880`03116008 ????????`???????? fffff880`03116010 ????????`???????? //Currently unused portion of stack fffff880`03116018 ????????`???????? fffff880`03116020 ????????`???????? fffff880`03116028 ????????`???????? ... fffff880`03119ff0 ????????`???????? fffff880`03119ff8 ????????`???????? fffff880`0311a000 00000000`00000000 //Current top of stack fffff880`0311a008 00000000`00000000 fffff880`0311a010 00000000`37383138 fffff880`0311a018 fffff800`0328afc0 nt!KeBugCheckEx fffff880`0311a020 00000000`00000000 fffff880`0311a028 00000000`00000000 fffff880`0311a030 00000000`00000000 ... fffff880`0311a938 fffffa80`0c4a6000 fffff880`0311a940 fffff880`0311a9c8 fffff880`0311a948 fffff880`0d2d0392 RTL8192su+0xe392 fffff880`0311a950 00000000`00000000 fffff880`0311a958 00000000`00000000 ... fffff880`0311b4d0 00000068`06938100 fffff880`0311b4d8 fffff880`0d338618 RTL8192su+0x76618 fffff880`0311b4e0 fffffa80`0c5c8000 fffff880`0311b4e8 fffff880`07d4cd8f usbhub!UsbhPdoInternalDeviceControl+0x373 fffff880`0311b4f0 00000000`00000000 //Current bottom of stack. Notice USB activity in stack. fffff880`0311b4f8 ????????`???????? fffff880`0311b500 ????????`????????