*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {fffffa4143414349, 2, 1, fffff80002ffc147}
Probably caused by : netbt.sys ( netbt!AddToPendingList+28 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: fffffa4143414349, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80002ffc147, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExAllocatePoolWithTag+537
fffff800`02ffc147 48895808 mov qword ptr [rax+8],rbx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: AvastUI.exe
TRAP_FRAME: fffff8800a8644a0 -- (.trap 0xfffff8800a8644a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa4143414341 rbx=0000000000000000 rcx=fffffa80043f8130
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ffc147 rsp=fffff8800a864630 rbp=0000000000001000
r8=0000000000000000 r9=fffff800030577b0 r10=fffff80003057588
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x537:
fffff800`02ffc147 48895808 mov qword ptr [rax+8],rbx ds:fffffa41`43414349=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ec71a9 to fffff80002ec7c00
STACK_TEXT:
fffff880`0a864358 fffff800`02ec71a9 : 00000000`0000000a fffffa41`43414349 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0a864360 fffff800`02ec5e20 : fffff880`044a6768 fffffa80`06d73a70 fffffa80`03d5e978 fffff800`030577b0 : nt!KiBugCheckDispatch+0x69
fffff880`0a8644a0 fffff800`02ffc147 : fffffa80`08c070e0 fffff880`048da2c0 fffffa80`040d5370 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0a864630 fffff880`048d9c88 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`0a864720 fffff880`048d9dd0 : 00000000`00000000 fffffa80`0454fc60 fffffa80`0454fc60 fffffa80`0454fc60 : netbt!AddToPendingList+0x28
fffff880`0a864750 fffff880`048d9c51 : fffffa80`09217fc8 fffffa80`04b478d0 00000000`c0000001 fffffa80`0454fc60 : netbt!QueryNameOnNet+0xf7
fffff880`0a864800 fffff880`04909520 : 00000000`c0000120 fffffa80`09217fc8 fffff880`048db2d0 fffffa80`08d56e00 : netbt!FindNameOrQuery+0x550
fffff880`0a864880 fffff880`049095d3 : 00000000`c0000001 00000000`00210096 fffffa80`08d56f70 fffffa80`08d56e10 : netbt!NbtQueryFindName+0x12a
fffff880`0a864930 fffff880`049091ce : fffffa80`08d56e10 fffffa80`08d56f70 00000000`00000001 fffffa80`08d56f70 : netbt!DispatchIoctls+0x28e
fffff880`0a8649e0 fffff800`031e5f37 : fffffa80`06b20070 fffff880`0a864ca0 fffffa80`06b20070 fffffa80`08d56e10 : netbt!NbtDispatchDevCtrl+0xc5
fffff880`0a864a10 fffff800`031e6796 : 00000000`048be6d8 00000000`0000068c 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0a864b40 fffff800`02ec6e93 : fffffa80`04572b50 00000000`048be678 fffff880`0a864bc8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`0a864bb0 00000000`73ac2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`048bef88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ac2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
netbt!AddToPendingList+28
fffff880`048d9c88 488bd8 mov rbx,rax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: netbt!AddToPendingList+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: netbt
IMAGE_NAME: netbt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79386
FAILURE_BUCKET_ID: X64_0xC5_2_netbt!AddToPendingList+28
BUCKET_ID: X64_0xC5_2_netbt!AddToPendingList+28
Followup: MachineOwner
---------