Access Violation c0000005 - mrxdav or AV

Hi, I had a BSOD listed below and according with the !analyze -v the problem might be related with the
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf / Access Violation c0000005/ NULL_DEREFERENCE related with module mrxdav.sys.

Im a newbie on WinDbg, but since the AV appears in the faulty Call stack Im suspecting that the AV may something to do with it.

Since this dump appears to deal with UNC paths/File related, I was trying to find the file name/path and destination (not sure if is a local folder or remote computer)??!!!

Can you give me your opinion and show me how to find the UNC path or File name involved in this problem?

Bellow the Analysis that I was able to get from this kernel dump.
Thank you.

7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
exception record and context record. Do a .cxr on the 3rd parameter and then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: 00000000baad0073
Arg2: fffff8800572c0a8
Arg3: fffff8800572b900
Arg4: fffff88003992def

Debugging Details:

EXCEPTION_RECORD: fffff8800572c0a8 – (.exr 0xfffff8800572c0a8)
ExceptionAddress: fffff88003992def (mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0x00000000000000cf)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000

CONTEXT: fffff8800572b900 – (.cxr 0xfffff8800572b900)
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80ed67d010
rdx=fffffa8147652810 rsi=fffffa80c9ce9f38 rdi=fffffa813cc9bca0
rip=fffff88003992def rsp=fffff8800572c2e0 rbp=fffff8800304ed08
r8=fffff8800304ed08 r9=00000000000023d4 r10=fffffa81324b6494
r11=fffff8800572c300 r12=fffffa81324b6310 r13=fffff88003986110
r14=fffff88003985520 r15=fffffa80c1d93040
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] ds:002b:0000000000000000=???
Resetting default scope

CPU_COUNT: 8
CPU_MHZ: 95d
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 1a
CPU_STEPPING: 4
CPU_MICROCODE: 6,1a,4,0 (F,M,S,R) SIG: 36’00000000 (cache) 36’00000000 (init)
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
FOLLOWUP_IP:
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf
fffff880`03992def 8b00 mov eax,dword ptr [rax]

FAULTING_IP:
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf
fffff880`03992def 8b00 mov eax,dword ptr [rax]

READ_ADDRESS: 0000000000000000

BUGCHECK_STR: 0x27

ANALYSIS_SESSION_HOST: C9O8EPR

ANALYSIS_SESSION_TIME: 03-18-2017 19:20:11.0542

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

DEVICE_OBJECT: fffffa80d05b5070

DRIVER_OBJECT: fffffa80c0f2fe40

LAST_CONTROL_TRANSFER: from fffff8800399e7be to fffff88003992def

STACK_TEXT:
fffff8800572c2e0 fffff8800399e7be : fffffa81324b6310 fffff88003992d20 fffffa8147652810 0000000000000000 : mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
fffff8800572c330 fffff8800399f633 : fffffa81324b6310 0000000000000001 fffff8000237bf01 fffff800000023d4 : mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca
fffff8800572c3c0 fffff88003988411 : fffffa81324b6458 0000000000000000 fffffa80d1861e0e fffffa8106649010 : mrxdav!UMRxAssignWork+0x47b
fffff8800572c420 fffff88003332345 : fffffa80c1d93040 fffffa8106649010 fffffa80d1861e90 fffffa80d1861ca0 : mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff8800572c490 fffff88003331709 : 00000000000001eb fffffa80d1861ca0 ffff00000643a4df 645365531263177c : rdbss!RxXXXControlFileCallthru+0xcd
fffff8800572c4c0 fffff880032ff6a0 : 0000000000000000 fffff8800572c550 fffffa8106649010 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff8800572c510 fffff8800331cbb4 : fffffa80d1861ca0 fffffa80d05b500e 00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff8800572c600 fffff88003990be5 : 0000000000000000 fffff880014a9918 fffffa80d1861ca0 fffffa80d05b5070 : rdbss!RxFsdDispatch+0x224
fffff8800572c670 fffff880014a7c79 : fffffa80c1d93040 fffffa80d1861ca0 fffff8800572c80e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff8800572c740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c9572620 0000000000000103 fffffa80d1861f20 : mup!MupiCallUncProvider+0x169
fffff8800572c7b0 fffff880014a8001 : fffffa80d1861ca0 fffff880014a4118 fffffa80d05b5070 0000000000000000 : mup!MupStateMachine+0x165
fffff8800572c800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c9572620 fffffa80d05b5000 fffffa80d1861ca0 : mup!MupFsdIrpPassThrough+0x12d
fffff8800572c850 fffff880015659e3 : fffffa80c1078000 0000000000000002 fffffa80c1078000 fffffa80d05b5000 : fltmgr!FltpDispatch+0x9f
fffff8800572c8b0 fffff8800130e6af : fffffa80c3880830 fffffa80d05b5070 0000000000000001 fffffa80d1861ca0 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff8800572c930 fffff8000239184a : 0000000000000002 fffffa80d05b5070 0000000000000001 fffffa80d1861ca0 : fltmgr!FltpDispatch+0x9f
fffff8800572c990 fffff800023a59aa : fffffa80d05b5070 0000000000000000 fffffa80d05b5070 fffffa80d05b5070 : nt!IopSynchronousServiceTail+0xfa
fffff8800572ca00 fffff800023a5a46 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff8800572cb40 fffff80002084693 : 0000000000000001 fffffa80cba45060 0000000000000000 fffff8800572cc00 : nt!NtDeviceIoControlFile+0x56
fffff8800572cbb0 000000007747bbaa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
00000000013afc58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x7747bbaa

THREAD_SHA1_HASH_MOD_FUNC: 0f1c2a86b1b6e813715fcce35a8f75984029d48e

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: adc93dcb4217433e9f4e37d2ea4740ca5bc14555

THREAD_SHA1_HASH_MOD: cf421238e1ccaa278482b9fea3276d57a1e118b5

FAULT_INSTR_CODE: 8589008b

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mrxdav

IMAGE_NAME: mrxdav.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 568ea37b

STACK_COMMAND: .cxr 0xfffff8800572b900 ; kb

FAILURE_BUCKET_ID: X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

BUCKET_ID: X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

PRIMARY_PROBLEM_CLASS: X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

TARGET_TIME: 2017-01-12T10:52:51.000Z

OSBUILD: 7601

OSSERVICEPACK: 1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 16

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-09 06:46:22

BUILDDATESTAMP_STR: 160408-2045

BUILDLAB_STR: win7sp1_ldr

BUILDOSVER_STR: 6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045

ANALYSIS_SESSION_ELAPSED_TIME: 43b

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:x64_0x27_mrxdav!mrxdavformatusermodevnetrootfinalizerequest+cf

FAILURE_ID_HASH: {13c7e885-fd69-3db5-b48f-4af0d2ab0812}

Followup: MachineOwner

7: kd> lmvm mrxdav
Browse full module list
start end module name
fffff8800397e000 fffff880039a7000 mrxdav (pdb symbols) c:\sym\mrxdav.pdb\6806449D6A9B408BB4453345D3ED8DB91\mrxdav.pdb
Loaded symbol image file: mrxdav.sys
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image name: mrxdav.sys
Browse all global symbols functions data
Timestamp: Thu Jan 7 17:42:19 2016 (568EA37B)
CheckSum: 000243D6
ImageSize: 00029000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

7: kd> !pte 00000000baad0073
VA ffffffffbaad0073
PXE at FFFFF6FB7DBEDFF8 PPE at FFFFF6FB7DBFFFF0 PDE at FFFFF6FB7FFFEEA8 PTE at FFFFF6FFFFDD5680
contains 00000000001C4063 contains 0000000000000000
pfn 1c4 —DA–KWEV not valid

7: kd> !devobj fffffa80d05b5070 f
fffffa80d05b5070: is not a device object

7: kd> !drvobj fffffa80c0f2fe40 f
Driver object (fffffa80c0f2fe40) is for:
fffffa80c0f2fe40: is not a driver object

7: kd> .cxr 0xfffff8800572b900
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80ed67d010
rdx=fffffa8147652810 rsi=fffffa80c9ce9f38 rdi=fffffa813cc9bca0
rip=fffff88003992def rsp=fffff8800572c2e0 rbp=fffff8800304ed08
r8=fffff8800304ed08 r9=00000000000023d4 r10=fffffa81324b6494
r11=fffff8800572c300 r12=fffffa81324b6310 r13=fffff88003986110
r14=fffff88003985520 r15=fffffa80c1d93040
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] ds:002b:0000000000000000=???

7: kd> ub mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xad:
fffff88003992dcd 488bb7e8000000 mov rsi,qword ptr [rdi+0E8h] fffff88003992dd4 488b4810 mov rcx,qword ptr [rax+10h]
fffff88003992dd8 488bc3 mov rax,rbx fffff88003992ddb 488b7910 mov rdi,qword ptr [rcx+10h]
fffff88003992ddf 483bfb cmp rdi,rbx fffff88003992de2 7404 je mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xc8 (fffff88003992de8) fffff88003992de4 488b4710 mov rax,qword ptr [rdi+10h]
fffff880`03992de8 c7453008000000 mov dword ptr [rbp+30h],8

7: kd> u .
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] fffff88003992df1 898588020000 mov dword ptr [rbp+288h],eax
fffff88003992df7 8b4650 mov eax,dword ptr [rsi+50h] fffff88003992dfa 898580020000 mov dword ptr [rbp+280h],eax
fffff88003992e00 8b4654 mov eax,dword ptr [rsi+54h] fffff88003992e03 898584020000 mov dword ptr [rbp+284h],eax
fffff88003992e09 488b050033ffff mov rax,qword ptr [mrxdav!WPP_GLOBAL_Control (fffff88003986110)]
fffff880`03992e10 493bc5 cmp rax,r13

7: kd> !thread -1 17
THREAD fffffa80c3cb1410 Cid 169c.18bc Teb: 000007fffffd3000 Win32Thread: 0000000000000000 RUNNING on processor 7
IRP List:
fffffa80d1861ca0: (0006,0358) Flags: 00060000 Mdl: fffffa80dc12b710
Not impersonating
DeviceMap fffff8a001137980
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464334880 Ticks: 0
Context Switch Count 18 IdealProcessor: 7
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x000007fef20e1c2c
Stack Init fffff8800572cdb0 Current fffff8800572c0f0
Base fffff8800572d000 Limit fffff88005727000 Call 0000000000000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff8800572b078 fffff8800330cec2 : 0000000000000027 00000000baad0073 fffff8800572c0a8 fffff8800572b900 : nt!KeBugCheckEx
fffff8800572b080 fffff88003312c11 : fffff88003314254 fffff8800572c550 fffff8800572c510 0000000000000000 : rdbss!RxExceptionFilter+0xea
fffff8800572b0d0 fffff800020b19c4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : rdbss! ?? ::FNODOBFM::string'+0x547 fffff8800572b120 fffff88003312665 : fffff8800331425c fffff8800572c510 fffff8800572c0a8 fffff8800572c510 : nt!_C_specific_handler+0x8c fffff8800572b190 fffff800020b143d : fffff88003314248 0000000000000000 fffff880032fb000 0000000000000000 : rdbss!_GSHandlerCheck_SEH+0x75 fffff8800572b1c0 fffff800020b0215 : fffff88003314248 fffff8800572b238 fffff8800572c0a8 fffff880032fb000 : nt!RtlpExecuteHandlerForException+0xd fffff8800572b1f0 fffff800020c1725 : fffff8800572c0a8 fffff8800572b900 fffff88000000000 fffffa813cc9bca0 : nt!RtlDispatchException+0x415 fffff8800572b8d0 fffff80002084a82 : fffff8800572c0a8 0000000000000000 fffff8800572c150 fffffa80c9ce9f38 : nt!KiDispatchException+0x135 fffff8800572bf70 fffff800020835fa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiExceptionDispatch+0xc2 fffff8800572c150 fffff88003992def : fffffa80c3cb1410 0000000000000000 fffffa8000000000 fffff8000208d6d3 : nt!KiPageFault+0x23a (TrapFrame @ fffff8800572c150)
fffff8800572c2e0 fffff8800399e7be : fffffa81324b6310 fffff88003992d20 fffffa8147652810 0000000000000000 : mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
fffff8800572c330 fffff8800399f633 : fffffa81324b6310 0000000000000001 fffff8000237bf01 fffff800000023d4 : mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca
fffff8800572c3c0 fffff88003988411 : fffffa81324b6458 0000000000000000 fffffa80d1861e0e fffffa8106649010 : mrxdav!UMRxAssignWork+0x47b
fffff8800572c420 fffff88003332345 : fffffa80c1d93040 fffffa8106649010 fffffa80d1861e90 fffffa80d1861ca0 : mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff8800572c490 fffff88003331709 : 00000000000001eb fffffa80d1861ca0 ffff00000643a4df 645365531263177c : rdbss!RxXXXControlFileCallthru+0xcd
fffff8800572c4c0 fffff880032ff6a0 : 0000000000000000 fffff8800572c550 fffffa8106649010 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff8800572c510 fffff8800331cbb4 : fffffa80d1861ca0 fffffa80d05b500e 00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff8800572c600 fffff88003990be5 : 0000000000000000 fffff880014a9918 fffffa80d1861ca0 fffffa80d05b5070 : rdbss!RxFsdDispatch+0x224
fffff8800572c670 fffff880014a7c79 : fffffa80c1d93040 fffffa80d1861ca0 fffff8800572c80e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff8800572c740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c9572620 0000000000000103 fffffa80d1861f20 : mup!MupiCallUncProvider+0x169
fffff8800572c7b0 fffff880014a8001 : fffffa80d1861ca0 fffff880014a4118 fffffa80d05b5070 0000000000000000 : mup!MupStateMachine+0x165
fffff8800572c800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c9572620 fffffa80d05b5000 fffffa80d1861ca0 : mup!MupFsdIrpPassThrough+0x12d
fffff8800572c850 fffff880015659e3 : fffffa80c1078000 0000000000000002 fffffa80c1078000 fffffa80d05b5000 : fltmgr!FltpDispatch+0x9f
fffff8800572c8b0 fffff8800130e6af : fffffa80c3880830 fffffa80d05b5070 0000000000000001 fffffa80d1861ca0 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff8800572c930 fffff8000239184a : 0000000000000002 fffffa80d05b5070 0000000000000001 fffffa80d1861ca0 : fltmgr!FltpDispatch+0x9f
fffff8800572c990 fffff800023a59aa : fffffa80d05b5070 0000000000000000 fffffa80d05b5070 fffffa80d05b5070 : nt!IopSynchronousServiceTail+0xfa
fffff8800572ca00 fffff800023a5a46 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff8800572cb40 fffff80002084693 : 0000000000000001 fffffa80cba45060 0000000000000000 fffff8800572cc00 : nt!NtDeviceIoControlFile+0x56
fffff8800572cbb0 000000007747bbaa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff8800572cc20) 00000000013afc58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747bbaa

7: kd> !irp fffffa80d1861ca0
Irp is active with 6 stacks 5 is current (= 0xfffffa80d1861e90)
Mdl=fffffa80dc12b710: No System Buffer: Thread fffffa80c3cb1410: Irp stack trace.
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
0 e0 fffffa80c1d93040 fffffa80d05b5070 fffff8800149f9cc-fffffa80c9572620 Success Error Cancel
\FileSystem\MRxDAV mup!MupiUncProviderCompletion
Args: 000023d4 00000000 0014037e 00000000
[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
0 0 fffffa80c0f2fe40 fffffa80d05b5070 00000000-00000000
\FileSystem\Mup
Args: 000023d4 00000000 0014037e 00000000
7: kd> dt nt!_FILE_OBJECT fffffa80d05b5070
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xfffffa80c0f2fe40 _DEVICE_OBJECT +0x010 Vpb : (null) +0x018 FsContext : 0xfffff88003316ce0 Void
+0x020 FsContext2 : (null)
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ‘’
+0x049 DeletePending : 0 ‘’
+0x04a ReadAccess : 0 ‘’
+0x04b WriteAccess : 0 ‘’
+0x04c DeleteAccess : 0 ‘’
+0x04d SharedRead : 0 ‘’
+0x04e SharedWrite : 0 ‘’
+0x04f SharedDelete : 0 ‘’
+0x050 Flags : 0x40006
+0x058 FileName : _UNICODE_STRING “”
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 1
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : (null)
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [0xfffffa80d05b5130 - 0xfffffa80d05b5130]
+0x0d0 FileObjectExtension : 0xfffffa80`c58c6860 Void

7: kd> !stacks 0 Mup
Proc.Thread .Thread Ticks ThreadState Blocker
169c.0018bc fffffa80c3cb1410 e452cfe0 RUNNING nt!KeBugCheckEx
169c.002058 fffffa80c66706f0 e452dcf2 Blocked mrxdav!UMRxAssignWork+0x399
169c.002288 fffffa80cec85700 e452cfe0 Blocked mrxdav!UMRxSubmitAsyncEngUserModeRequest+0x25a

7: kd> !thread fffffa80c66706f0 17
THREAD fffffa80c66706f0 Cid 169c.2058 Teb: 000007fffffae000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
fffffa80c1d93970 QueueObject
IRP List:
fffffa810cf43a20: (0006,0358) Flags: 00060000 Mdl: fffffa80dc2d2950
Not impersonating
DeviceMap fffff8a001137980
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464331534 Ticks: 3346 (0:00:00:52.281)
Context Switch Count 415 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.031
Win32 Start Address 0x000007fef20e1c2c
Stack Init fffff88008b21db0 Current fffff88008b210f0
Base fffff88008b22000 Limit fffff88008b1c000 Call 0000000000000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff88008b21130 fffff8000208a672 : fffff88000000000 fffffa80c66706f0 fffff88000000000 0000000000000000 : nt!KiSwapContext+0x7a
fffff88008b21270 fffff8000208d6d3 : fffff88003316100 000000000014037e 0000000000000000 0000000000000000 : nt!KiCommitThreadWait+0x1d2
fffff88008b21300 fffff8800399f551 : fffffa8000000000 0000000000000001 fffff8000237bf01 fffff80002397301 : nt!KeRemoveQueueEx+0x323
fffff88008b213c0 fffff88003988411 : fffffa8100000000 0000000000000000 fffffa810cf43c0e fffffa80cf06a9c0 : mrxdav!UMRxAssignWork+0x399
fffff88008b21420 fffff88003332345 : fffffa80c1d93040 fffffa80cf06a9c0 fffffa810cf43c10 fffffa810cf43a20 : mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff88008b21490 fffff88003331709 : 00000000000001eb fffffa810cf43a20 ffff00000b8374df 645365533147b91c : rdbss!RxXXXControlFileCallthru+0xcd
fffff88008b214c0 fffff880032ff6a0 : 0000000000000000 fffff88008b21550 fffffa80cf06a9c0 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff88008b21510 fffff8800331cbb4 : fffffa810cf43a20 fffffa8160f2200e 00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff88008b21600 fffff88003990be5 : 0000000000000000 fffff880014a9918 fffffa810cf43a20 fffffa8160f22070 : rdbss!RxFsdDispatch+0x224
fffff88008b21670 fffff880014a7c79 : fffffa80c1d93040 fffffa810cf43a20 fffff88008b2180e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff88008b21740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c802ce10 0000000000000103 fffffa810cf43ca0 : mup!MupiCallUncProvider+0x169
fffff88008b217b0 fffff880014a8001 : fffffa810cf43a20 fffff880014a4118 fffffa8160f22070 0000000000000000 : mup!MupStateMachine+0x165
fffff88008b21800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c802ce10 fffffa8160f22000 fffffa810cf43a20 : mup!MupFsdIrpPassThrough+0x12d
fffff88008b21850 fffff880015659e3 : fffffa80c1078000 0000000000000002 fffffa80c1078000 fffffa8160f22000 : fltmgr!FltpDispatch+0x9f
fffff88008b218b0 fffff8800130e6af : fffffa80c3880830 fffffa8160f22070 0000000000000001 fffffa810cf43a20 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff88008b21930 fffff8000239184a : 0000000000000002 fffffa8160f22070 0000000000000001 fffffa810cf43a20 : fltmgr!FltpDispatch+0x9f
fffff88008b21990 fffff800023a59aa : fffffa8160f22070 0000000000000000 fffffa8160f22070 fffffa8160f22070 : nt!IopSynchronousServiceTail+0xfa
fffff88008b21a00 fffff800023a5a46 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff88008b21b40 fffff80002084693 : 0000000000000001 fffffa80cba45060 0000000000000000 fffff88008b21c00 : nt!NtDeviceIoControlFile+0x56
fffff88008b21bb0 000000007747bbaa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff88008b21c20) 000000000159fa18 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747bbaa

7: kd> !thread fffffa80cec85700 17
THREAD fffffa80cec85700 Cid 169c.2288 Teb: 000007fffffdc000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffffa81324b64b0 SynchronizationEvent
IRP List:
fffffa80ccddbca0: (0006,0358) Flags: 00000884 Mdl: 00000000
Impersonation token: fffff8a0395a2a90 (Level Impersonation)
DeviceMap fffff8a0125151b0
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464334880 Ticks: 0
Context Switch Count 20925 IdealProcessor: 3
UserTime 00:00:00.093
KernelTime 00:00:00.187
Win32 Start Address 0x000000007744f5d0
Stack Init fffff880082b3db0 Current fffff880082b29a0
Base fffff880082b4000 Limit fffff880082ae000 Call 0000000000000000
Priority 10 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff880082b29e0 fffff8000208a672 : 00000000634e7852 fffffa80cec85700 0000000000000000 fffff8000208b71a : nt!KiSwapContext+0x7a
fffff880082b2b20 fffff8000208ce9f : fffffa80c3cb1410 fffff80002048cc4 fffffa8000000000 0000000000000000 : nt!KiCommitThreadWait+0x1d2
fffff880082b2bb0 fffff8800399dd36 : fffffa81324b6300 fffff88000000000 fffffa81324b6300 fffffa81324b6300 : nt!KeWaitForSingleObject+0x19f
fffff880082b2c50 fffff88003992cc7 : fffffa81324b6310 fffffa8147652810 000000020e100bb8 fffffa8147652810 : mrxdav!UMRxSubmitAsyncEngUserModeRequest+0x25a
fffff880082b2cd0 fffff880039a039d : 0000000000000000 fffff88003992c18 0000000000000000 0000000000000000 : mrxdav!MRxDAVFinalizeVNetRootContinuation+0xaf
fffff880082b2d10 fffff88003992b45 : fffffa80c9ce9f38 fffffa8147652810 0000000000000000 fffffa80c9ce9d80 : mrxdav!UMRxAsyncEngOuterWrapper+0x199
fffff880082b2d70 fffff88003301b89 : 0000000000000000 fffffa80ed67d010 fffffa80c1d93200 00000000000e0082 : mrxdav!MRxDAVFinalizeVNetRoot+0x211
fffff880082b2dd0 fffff8800331b954 : fffffa80c9ce9d80 fffffa80ed67d010 fffffa80c1d93200 0000000000000000 : rdbss!RxMRxFinalizeVNetRoot+0x7d
fffff880082b2e00 fffff880033380d8 : fffffa80c9ce9d80 fffffa80c1d937e0 fffffa80c1d932b8 0000000000000000 : rdbss!RxFinalizeVNetRoot+0x104
fffff880082b2e50 fffff8800333d1f8 : fffffa8154ebd200 fffffa80ccddbca0 fffff880082b2f20 0000000000000004 : rdbss!RxScavengeVNetRoots+0xc8
fffff880082b2e90 fffff880033326aa : fffffa8154ebd200 0000000000000000 0000000000000000 fffffa80ccddbca0 : rdbss!RxFindOrConstructVirtualNetRootWithRetry+0x74
fffff880082b2ee0 fffff88003322cec : 0000000000000004 0000000000000000 fffffa80ccddbca0 fffffa80ccddbca0 : rdbss!RxCreateTreeConnect+0x13e
fffff880082b2f70 fffff880032ff6a0 : 0000000000000000 fffffa80ccddbca0 fffffa80ccddbe48 0000000000000000 : rdbss!RxCommonCreate+0x1ec
fffff880082b3030 fffff8800331cbb4 : fffffa80ccddbca0 fffffa80c3862600 fffff8a0002aa800 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff880082b3120 fffff88003990be5 : fffff8a02f9be9b0 fffff880014b0b32 fffffa80ccddbca0 fffffa80c3862620 : rdbss!RxFsdDispatch+0x224
fffff880082b3190 fffff880014a7c79 : fffffa80c1d93040 fffffa80ccddbca0 fffff880082b3300 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff880082b3260 fffff880014a6175 : fffff8a0002aa8a0 fffffa8130df21b0 0000000000000103 fffffa80c3862620 : mup!MupiCallUncProvider+0x169
fffff880082b32d0 fffff880014a67c5 : 0000000000000000 0000000000000000 fffffa80d2491160 0000000000000000 : mup!MupStateMachine+0x165
fffff880082b3320 fffff8800132f0b6 : 0000000000000000 fffffa80ccddbca0 0000000000000000 fffffa80c3862620 : mup!MupCreate+0x31d
fffff880082b33b0 fffff88001564fb0 : fffff880082b3650 fffffa80ccddbed8 fffff880082b3548 fffff8800150c60f : fltmgr!FltpCreate+0xa6
fffff880082b3460 fffff880014fb619 : fffffa80ccddbed8 fffffa80c1078000 fffffa80c3862620 0000000000000000 : mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+0xa0
fffff880082b34f0 fffff88001565973 : 0000000055555555 0000000000000000 fffffa80c1078000 0000000000000000 : mfehidk+0x1e619
fffff880082b3620 fffff8800132f0b6 : 0000000000000005 0000000000000040 fffffa80c3862620 fffffa80c3880830 : mfehidk!DEVICEDISPATCH::DispatchPassThrough+0xd3
fffff880082b36a0 fffff80002387afb : 0000000000000005 0000000000000040 fffffa80c3862620 fffffa80c38626b8 : fltmgr!FltpCreate+0xa6
fffff880082b3750 fffff8000238361e : fffffa80c0f2fe40 0000000000000000 fffffa80d38009b0 fffffa8000000001 : nt!IopParseDevice+0x14e2
fffff880082b38b0 fffff80002384106 : 0000000000000000 fffff880082b3a30 0000000000000040 fffffa80c08ffc90 : nt!ObpLookupObjectName+0x784
fffff880082b39b0 fffff80002385efc : fffffa80cec85700 0000000000000000 0000000000000001 ffffffffffffffff : nt!ObOpenObjectByName+0x306
fffff880082b3a80 fffff80002391574 : 00000000019eed30 0000000000100000 00000000019eebf0 00000000019eebe0 : nt!IopCreateFile+0x2bc
fffff880082b3b20 fffff80002084693 : fffffa80c4abdb10 0000007fffffffff fffffa80cec85700 0000098000000000 : nt!NtCreateFile+0x78
fffff880082b3bb0 000000007747c08a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880082b3c20) 00000000019eeb58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747c08a

7: kd> !irp fffffa80ccddbca0
Irp is active with 6 stacks 4 is current (= 0xfffffa80ccddbe48)
No Mdl: System buffer=fffffa816ae1a010: Thread fffffa80cec85700: Irp stack trace.
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[IRP_MJ_CREATE(0), N/A(0)]
0 e0 fffffa80c1d93040 fffffa80c3862620 fffff8800149f9cc-fffffa8130df21b0 Success Error Cancel
\FileSystem\MRxDAV mup!MupiUncProviderCompletion
Args: fffff880082b3858 010000a0 00070080 000000b4
[IRP_MJ_CREATE(0), N/A(0)]
0 e0 fffffa80c0f2fe40 fffffa80c3862620 fffff88001564ea0-fffff880082b34a8 Success Error Cancel
\FileSystem\Mup mfehidk!CopyELAMLog
Args: fffff880082b3858 010000a0 00070080 000000b4
[IRP_MJ_CREATE(0), N/A(0)]
0 0 fffffa80c0f31950 fffffa80c3862620 00000000-00000000
\Driver\mfehidk
Args: fffff880082b3858 010000a0 00070080 000000b4

7: kd> dt nt!_FILE_OBJECT fffffa80c3862620
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xfffffa80c0f2fe40 _DEVICE_OBJECT +0x010 Vpb : (null) +0x018 FsContext : (null) +0x020 FsContext2 : (null) +0x028 SectionObjectPointer : (null) +0x030 PrivateCacheMap : (null) +0x038 FinalStatus : 0n0 +0x040 RelatedFileObject : (null) +0x048 LockOperation : 0 '' +0x049 DeletePending : 0 '' +0x04a ReadAccess : 0 '' +0x04b WriteAccess : 0 '' +0x04c DeleteAccess : 0 '' +0x04d SharedRead : 0 '' +0x04e SharedWrite : 0 '' +0x04f SharedDelete : 0 '' +0x050 Flags : 2 +0x058 FileName : _UNICODE_STRING "\vidplf01@8080\Reference Data" +0x068 CurrentByteOffset : _LARGE_INTEGER 0x0 +0x070 Waiters : 0 +0x074 Busy : 0 +0x078 LastLock : (null) +0x080 Lock : _KEVENT +0x098 Event : _KEVENT +0x0b0 CompletionContext : (null) +0x0b8 IrpListLock : 0 +0x0c0 IrpList : _LIST_ENTRY [0xfffffa80c38626e0 - 0xfffffa80c38626e0] +0x0d0 FileObjectExtension : 0xfffffa80c25c7cb0 Void

7: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks…

Resource @ 0xfffffa80c1d932d0 Exclusively owned
Contention Count = 9
Threads: fffffa80cec85700-01<*>
KD: Scanning for held locks.

Resource @ mrxdav!UMRxAsyncEngineContextListLock (0xfffff88003986180) Exclusively owned
Contention Count = 6
Threads: fffffa80c3cb1410-01<*>
KD: Scanning for held locks…
139721 total locks, 2 locks currently held

7: kd> !irpfind 0 0 Thread 0xfffffa80c1d932d0
Looking for IRPs with thread == fffffa80c1d932d0
Scanning large pool allocation table for tag 0x3f707249 (Irp?) (fffffa80d8200000 : fffffa80d8500000)
Page 43c6ef not present in the dump file. Type “.hh dbgerr004” for details
Page 43c6d6 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be29 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be2a not present in the dump file. Type “.hh dbgerr004” for details
Page 43c717 not present in the dump file. Type “.hh dbgerr004” for details
Searching nonpaged pool (fffffa80c0008000 : fffffa83bbe00000) for tag 0x3f707249 (Irp?)

7: kd> !irpfind 0 0 Thread fffffa80c3cb1410
Looking for IRPs with thread == fffffa80c3cb1410
Scanning large pool allocation table for tag 0x3f707249 (Irp?) (fffffa80d8200000 : fffffa80d8500000)
Page 43c6ef not present in the dump file. Type “.hh dbgerr004” for details
Page 43c6d6 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be29 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be2a not present in the dump file. Type “.hh dbgerr004” for details
Page 43c717 not present in the dump file. Type “.hh dbgerr004” for details
Searching nonpaged pool (fffffa80c0008000 : fffffa83bbe00000) for tag 0x3f707249 (Irp?)
Irp [Thread] irpStack: (Mj,Mn) DevObj [Driver] MDL Process
fffffa80d1861ca0 [fffffa80c3cb1410] irpStack: ( e, 0) fffffa80c1d93040 [\FileSystem\MRxDAV] 0xfffffa80c4abdb10

7: kd> !running -it

System Processors: (00000000000000ff)
Idle Processors: (000000000000007f) (0000000000000000) (0000000000000000) (0000000000000000)

Prcbs Current (pri) Next (pri) Idle
0 fffff80002204e80 fffff80002212cc0 ( 0) fffff80002212cc0 …

Child-SP RetAddr Call Site

00 fffff80001e18c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff80001e18ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff80001e18d80 0000000000000000 nt!KiIdleLoop+0x2c

1 fffff880009bf180 fffff880009ca0c0 ( 0) fffff880009ca0c0 …

Child-SP RetAddr Call Site

00 fffff880009d2c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff880009d2ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff880009d2d80 0000000000000000 nt!KiIdleLoop+0x2c

2 fffff88001e5d180 fffff88001e680c0 ( 0) fffff88001e680c0 …

Child-SP RetAddr Call Site

00 fffff88001e85c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001e85ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001e85d80 0000000000000000 nt!KiIdleLoop+0x2c

3 fffff88001ece180 fffff88001ed90c0 ( 0) fffff88001ed90c0 …

Child-SP RetAddr Call Site

00 fffff88001ef6c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001ef6ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001ef6d80 0000000000000000 nt!KiIdleLoop+0x2c

4 fffff88001f3f180 fffff88001f4a0c0 ( 0) fffff88001f4a0c0 …

Child-SP RetAddr Call Site

00 fffff88001f67c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001f67ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001f67d80 0000000000000000 nt!KiIdleLoop+0x2c

5 fffff88001fb0180 fffff88001fbb0c0 ( 0) fffff88001fbb0c0 …

Child-SP RetAddr Call Site

00 fffff88001fd8c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001fd8ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001fd8d80 0000000000000000 nt!KiIdleLoop+0x2c

6 fffff88001fe1180 fffff88001fec0c0 ( 0) fffff88001fec0c0 …

Child-SP RetAddr Call Site

00 fffff8800205bc98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff8800205bca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff8800205bd80 0000000000000000 nt!KiIdleLoop+0x2c

7 fffff880020a4180 fffffa80c3cb1410 ( 8) fffff880020af0c0 …

Child-SP RetAddr Call Site

00 fffff8800572b078 fffff8800330cec2 nt!KeBugCheckEx
01 fffff8800572b080 fffff88003312c11 rdbss!RxExceptionFilter+0xea
02 fffff8800572b0d0 fffff800020b19c4 rdbss! ?? ::FNODOBFM::string'+0x547 03 fffff8800572b120 fffff88003312665 nt!_C_specific_handler+0x8c 04 fffff8800572b190 fffff800020b143d rdbss!_GSHandlerCheck_SEH+0x75 05 fffff8800572b1c0 fffff800020b0215 nt!RtlpExecuteHandlerForException+0xd 06 fffff8800572b1f0 fffff800020c1725 nt!RtlDispatchException+0x415 07 fffff8800572b8d0 fffff80002084a82 nt!KiDispatchException+0x135 08 fffff8800572bf70 fffff800020835fa nt!KiExceptionDispatch+0xc2 09 fffff8800572c150 fffff88003992def nt!KiPageFault+0x23a 0a fffff8800572c2e0 fffff8800399e7be mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf 0b fffff8800572c330 fffff8800399f633 mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca 0c fffff8800572c3c0 fffff88003988411 mrxdav!UMRxAssignWork+0x47b 0d fffff8800572c420 fffff88003332345 mrxdav!MRxDAVDevFcbXXXControlFile+0x36d 0e fffff8800572c490 fffff88003331709 rdbss!RxXXXControlFileCallthru+0xcd 0f fffff8800572c4c0 fffff880032ff6a0 rdbss!RxCommonDevFCBIoCtl+0xf5 10 fffff8800572c510 fffff8800331cbb4 rdbss!RxFsdCommonDispatch+0x870 11 fffff8800572c600 fffff88003990be5 rdbss!RxFsdDispatch+0x224 12 fffff8800572c670 fffff880014a7c79 mrxdav!MRxDAVFsdDispatch+0x6c5 13 fffff8800572c740 fffff880014a6175 mup!MupiCallUncProvider+0x169 14 fffff8800572c7b0 fffff880014a8001 mup!MupStateMachine+0x165 15 fffff8800572c800 fffff8800130e6af mup!MupFsdIrpPassThrough+0x12d 16 fffff8800572c850 fffff880015659e3 fltmgr!FltpDispatch+0x9f 17 fffff8800572c8b0 fffff8800130e6af mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143 18 fffff8800572c930 fffff8000239184a fltmgr!FltpDispatch+0x9f 19 fffff8800572c990 fffff800023a59aa nt!IopSynchronousServiceTail+0xfa 1a fffff8800572ca00 fffff800023a5a46 nt!IopXxxControlFile+0xc27 1b fffff8800572cb40 fffff80002084693 nt!NtDeviceIoControlFile+0x56 1c fffff8800572cbb0 000000007747bbaa nt!KiSystemServiceCopyEnd+0x13 1d 00000000013afc58 00000000`00000000 0x7747bbaa

This is an FSCTL into MUP, I don’t think there’s any specific file involved
(or that knowing the file would help if there was). Likely something was
previously corrupted and this thread just tripped over it, I’d run Driver
Verifier and look to see if there’s any updates to McAfee.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@windbg…

Hi, I had a BSOD listed below and according with the !analyze -v the problem
might be related with the
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf / Access Violation
c0000005/ NULL_DEREFERENCE related with module mrxdav.sys.

Im a newbie on WinDbg, but since the AV appears in the faulty Call stack Im suspecting that the AV may something to do with it.

Since this dump appears to deal with UNC paths/File related, I was trying to
find the file name/path and destination (not sure if is a local folder or
remote computer)??!!!

Can you give me your opinion and show me how to find the UNC path or File
name involved in this problem?

Bellow the Analysis that I was able to get from this kernel dump.
Thank you.

7: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd
parameters are the
exception record and context record. Do a .cxr on the 3rd parameter and
then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code,
which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: 00000000baad0073
Arg2: fffff8800572c0a8
Arg3: fffff8800572b900
Arg4: fffff88003992def

Debugging Details:

EXCEPTION_RECORD: fffff8800572c0a8 – (.exr 0xfffff8800572c0a8)
ExceptionAddress: fffff88003992def
(mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0x00000000000000cf)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000

CONTEXT: fffff8800572b900 – (.cxr 0xfffff8800572b900)
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80ed67d010
rdx=fffffa8147652810 rsi=fffffa80c9ce9f38 rdi=fffffa813cc9bca0
rip=fffff88003992def rsp=fffff8800572c2e0 rbp=fffff8800304ed08
r8=fffff8800304ed08 r9=00000000000023d4 r10=fffffa81324b6494
r11=fffff8800572c300 r12=fffffa81324b6310 r13=fffff88003986110
r14=fffff88003985520 r15=fffffa80c1d93040
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b
efl=00010286
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] ds:002b:0000000000000000=???
Resetting default scope

CPU_COUNT: 8
CPU_MHZ: 95d
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 1a
CPU_STEPPING: 4
CPU_MICROCODE: 6,1a,4,0 (F,M,S,R) SIG: 36’00000000 (cache) 36’00000000
(init)
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced
memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
FOLLOWUP_IP:
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf
fffff880`03992def 8b00 mov eax,dword ptr [rax]

FAULTING_IP:
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf
fffff880`03992def 8b00 mov eax,dword ptr [rax]

READ_ADDRESS: 0000000000000000

BUGCHECK_STR: 0x27

ANALYSIS_SESSION_HOST: C9O8EPR

ANALYSIS_SESSION_TIME: 03-18-2017 19:20:11.0542

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

DEVICE_OBJECT: fffffa80d05b5070

DRIVER_OBJECT: fffffa80c0f2fe40

LAST_CONTROL_TRANSFER: from fffff8800399e7be to fffff88003992def

STACK_TEXT:
fffff8800572c2e0 fffff8800399e7be : fffffa81324b6310 fffff88003992d20
fffffa8147652810 0000000000000000 :
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
fffff8800572c330 fffff8800399f633 : fffffa81324b6310 0000000000000001
fffff8000237bf01 fffff800000023d4 :
mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca
fffff8800572c3c0 fffff88003988411 : fffffa81324b6458 0000000000000000
fffffa80d1861e0e fffffa8106649010 : mrxdav!UMRxAssignWork+0x47b
fffff8800572c420 fffff88003332345 : fffffa80c1d93040 fffffa8106649010
fffffa80d1861e90 fffffa80d1861ca0 :
mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff8800572c490 fffff88003331709 : 00000000000001eb fffffa80d1861ca0
ffff00000643a4df 645365531263177c : rdbss!RxXXXControlFileCallthru+0xcd
fffff8800572c4c0 fffff880032ff6a0 : 0000000000000000 fffff8800572c550
fffffa8106649010 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff8800572c510 fffff8800331cbb4 : fffffa80d1861ca0 fffffa80d05b500e
00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff8800572c600 fffff88003990be5 : 0000000000000000 fffff880014a9918
fffffa80d1861ca0 fffffa80d05b5070 : rdbss!RxFsdDispatch+0x224
fffff8800572c670 fffff880014a7c79 : fffffa80c1d93040 fffffa80d1861ca0
fffff8800572c80e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff8800572c740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c9572620
0000000000000103 fffffa80d1861f20 : mup!MupiCallUncProvider+0x169
fffff8800572c7b0 fffff880014a8001 : fffffa80d1861ca0 fffff880014a4118
fffffa80d05b5070 0000000000000000 : mup!MupStateMachine+0x165
fffff8800572c800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c9572620
fffffa80d05b5000 fffffa80d1861ca0 : mup!MupFsdIrpPassThrough+0x12d
fffff8800572c850 fffff880015659e3 : fffffa80c1078000 0000000000000002
fffffa80c1078000 fffffa80d05b5000 : fltmgr!FltpDispatch+0x9f
fffff8800572c8b0 fffff8800130e6af : fffffa80c3880830 fffffa80d05b5070
0000000000000001 fffffa80d1861ca0 :
mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff8800572c930 fffff8000239184a : 0000000000000002 fffffa80d05b5070
0000000000000001 fffffa80d1861ca0 : fltmgr!FltpDispatch+0x9f
fffff8800572c990 fffff800023a59aa : fffffa80d05b5070 0000000000000000
fffffa80d05b5070 fffffa80d05b5070 : nt!IopSynchronousServiceTail+0xfa
fffff8800572ca00 fffff800023a5a46 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff8800572cb40 fffff80002084693 : 0000000000000001 fffffa80cba45060
0000000000000000 fffff8800572cc00 : nt!NtDeviceIoControlFile+0x56
fffff8800572cbb0 000000007747bbaa : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
00000000013afc58 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : 0x7747bbaa

THREAD_SHA1_HASH_MOD_FUNC: 0f1c2a86b1b6e813715fcce35a8f75984029d48e

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: adc93dcb4217433e9f4e37d2ea4740ca5bc14555

THREAD_SHA1_HASH_MOD: cf421238e1ccaa278482b9fea3276d57a1e118b5

FAULT_INSTR_CODE: 8589008b

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: mrxdav

IMAGE_NAME: mrxdav.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 568ea37b

STACK_COMMAND: .cxr 0xfffff8800572b900 ; kb

FAILURE_BUCKET_ID:
X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

BUCKET_ID: X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

PRIMARY_PROBLEM_CLASS:
X64_0x27_mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+cf

TARGET_TIME: 2017-01-12T10:52:51.000Z

OSBUILD: 7601

OSSERVICEPACK: 1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 16

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-09 06:46:22

BUILDDATESTAMP_STR: 160408-2045

BUILDLAB_STR: win7sp1_ldr

BUILDOSVER_STR: 6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045

ANALYSIS_SESSION_ELAPSED_TIME: 43b

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING:
km:x64_0x27_mrxdav!mrxdavformatusermodevnetrootfinalizerequest+cf

FAILURE_ID_HASH: {13c7e885-fd69-3db5-b48f-4af0d2ab0812}

Followup: MachineOwner

7: kd> lmvm mrxdav
Browse full module list
start end module name
fffff8800397e000 fffff880039a7000 mrxdav (pdb symbols)
c:\sym\mrxdav.pdb\6806449D6A9B408BB4453345D3ED8DB91\mrxdav.pdb
Loaded symbol image file: mrxdav.sys
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image name: mrxdav.sys
Browse all global symbols functions data
Timestamp: Thu Jan 7 17:42:19 2016 (568EA37B)
CheckSum: 000243D6
ImageSize: 00029000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

7: kd> !pte 00000000baad0073
VA ffffffffbaad0073
PXE at FFFFF6FB7DBEDFF8 PPE at FFFFF6FB7DBFFFF0 PDE at
FFFFF6FB7FFFEEA8 PTE at FFFFF6FFFFDD5680
contains 00000000001C4063 contains 0000000000000000
pfn 1c4 —DA–KWEV not valid

7: kd> !devobj fffffa80d05b5070 f
fffffa80d05b5070: is not a device object

7: kd> !drvobj fffffa80c0f2fe40 f
Driver object (fffffa80c0f2fe40) is for:
fffffa80c0f2fe40: is not a driver object

7: kd> .cxr 0xfffff8800572b900
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80ed67d010
rdx=fffffa8147652810 rsi=fffffa80c9ce9f38 rdi=fffffa813cc9bca0
rip=fffff88003992def rsp=fffff8800572c2e0 rbp=fffff8800304ed08
r8=fffff8800304ed08 r9=00000000000023d4 r10=fffffa81324b6494
r11=fffff8800572c300 r12=fffffa81324b6310 r13=fffff88003986110
r14=fffff88003985520 r15=fffffa80c1d93040
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b
efl=00010286
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] ds:002b:0000000000000000=???

7: kd> ub mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xad:
fffff88003992dcd 488bb7e8000000 mov rsi,qword ptr [rdi+0E8h] fffff88003992dd4 488b4810 mov rcx,qword ptr [rax+10h]
fffff88003992dd8 488bc3 mov rax,rbx fffff88003992ddb 488b7910 mov rdi,qword ptr [rcx+10h]
fffff88003992ddf 483bfb cmp rdi,rbx fffff88003992de2 7404 je
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xc8 (fffff88003992de8) fffff88003992de4 488b4710 mov rax,qword ptr [rdi+10h]
fffff880`03992de8 c7453008000000 mov dword ptr [rbp+30h],8

7: kd> u .
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf:
fffff88003992def 8b00 mov eax,dword ptr [rax] fffff88003992df1 898588020000 mov dword ptr [rbp+288h],eax
fffff88003992df7 8b4650 mov eax,dword ptr [rsi+50h] fffff88003992dfa 898580020000 mov dword ptr [rbp+280h],eax
fffff88003992e00 8b4654 mov eax,dword ptr [rsi+54h] fffff88003992e03 898584020000 mov dword ptr [rbp+284h],eax
fffff88003992e09 488b050033ffff mov rax,qword ptr [mrxdav!WPP_GLOBAL_Control (fffff88003986110)]
fffff880`03992e10 493bc5 cmp rax,r13

7: kd> !thread -1 17
THREAD fffffa80c3cb1410 Cid 169c.18bc Teb: 000007fffffd3000 Win32Thread:
0000000000000000 RUNNING on processor 7
IRP List:
fffffa80d1861ca0: (0006,0358) Flags: 00060000 Mdl: fffffa80dc12b710
Not impersonating
DeviceMap fffff8a001137980
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464334880 Ticks: 0
Context Switch Count 18 IdealProcessor: 7
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x000007fef20e1c2c
Stack Init fffff8800572cdb0 Current fffff8800572c0f0
Base fffff8800572d000 Limit fffff88005727000 Call 0000000000000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
fffff8800572b078 fffff8800330cec2 : 0000000000000027 00000000baad0073
fffff8800572c0a8 fffff8800572b900 : nt!KeBugCheckEx
fffff8800572b080 fffff88003312c11 : fffff88003314254 fffff8800572c550
fffff8800572c510 0000000000000000 : rdbss!RxExceptionFilter+0xea
fffff8800572b0d0 fffff800020b19c4 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : rdbss! ?? ::FNODOBFM::string'+0x547 fffff8800572b120 fffff88003312665 : fffff8800331425c fffff8800572c510 fffff8800572c0a8 fffff8800572c510 : nt!_C_specific_handler+0x8c fffff8800572b190 fffff800020b143d : fffff88003314248 0000000000000000 fffff880032fb000 0000000000000000 : rdbss!_GSHandlerCheck_SEH+0x75 fffff8800572b1c0 fffff800020b0215 : fffff88003314248 fffff8800572b238 fffff8800572c0a8 fffff880032fb000 : nt!RtlpExecuteHandlerForException+0xd fffff8800572b1f0 fffff800020c1725 : fffff8800572c0a8 fffff8800572b900 fffff88000000000 fffffa813cc9bca0 : nt!RtlDispatchException+0x415 fffff8800572b8d0 fffff80002084a82 : fffff8800572c0a8 0000000000000000 fffff8800572c150 fffffa80c9ce9f38 : nt!KiDispatchException+0x135 fffff8800572bf70 fffff800020835fa : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiExceptionDispatch+0xc2 fffff8800572c150 fffff88003992def : fffffa80c3cb1410 0000000000000000 fffffa8000000000 fffff8000208d6d3 : nt!KiPageFault+0x23a (TrapFrame @ fffff8800572c150)
fffff8800572c2e0 fffff8800399e7be : fffffa81324b6310 fffff88003992d20
fffffa8147652810 0000000000000000 :
mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf
fffff8800572c330 fffff8800399f633 : fffffa81324b6310 0000000000000001
fffff8000237bf01 fffff800000023d4 :
mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca
fffff8800572c3c0 fffff88003988411 : fffffa81324b6458 0000000000000000
fffffa80d1861e0e fffffa8106649010 : mrxdav!UMRxAssignWork+0x47b
fffff8800572c420 fffff88003332345 : fffffa80c1d93040 fffffa8106649010
fffffa80d1861e90 fffffa80d1861ca0 :
mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff8800572c490 fffff88003331709 : 00000000000001eb fffffa80d1861ca0
ffff00000643a4df 645365531263177c : rdbss!RxXXXControlFileCallthru+0xcd
fffff8800572c4c0 fffff880032ff6a0 : 0000000000000000 fffff8800572c550
fffffa8106649010 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff8800572c510 fffff8800331cbb4 : fffffa80d1861ca0 fffffa80d05b500e
00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff8800572c600 fffff88003990be5 : 0000000000000000 fffff880014a9918
fffffa80d1861ca0 fffffa80d05b5070 : rdbss!RxFsdDispatch+0x224
fffff8800572c670 fffff880014a7c79 : fffffa80c1d93040 fffffa80d1861ca0
fffff8800572c80e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff8800572c740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c9572620
0000000000000103 fffffa80d1861f20 : mup!MupiCallUncProvider+0x169
fffff8800572c7b0 fffff880014a8001 : fffffa80d1861ca0 fffff880014a4118
fffffa80d05b5070 0000000000000000 : mup!MupStateMachine+0x165
fffff8800572c800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c9572620
fffffa80d05b5000 fffffa80d1861ca0 : mup!MupFsdIrpPassThrough+0x12d
fffff8800572c850 fffff880015659e3 : fffffa80c1078000 0000000000000002
fffffa80c1078000 fffffa80d05b5000 : fltmgr!FltpDispatch+0x9f
fffff8800572c8b0 fffff8800130e6af : fffffa80c3880830 fffffa80d05b5070
0000000000000001 fffffa80d1861ca0 :
mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff8800572c930 fffff8000239184a : 0000000000000002 fffffa80d05b5070
0000000000000001 fffffa80d1861ca0 : fltmgr!FltpDispatch+0x9f
fffff8800572c990 fffff800023a59aa : fffffa80d05b5070 0000000000000000
fffffa80d05b5070 fffffa80d05b5070 : nt!IopSynchronousServiceTail+0xfa
fffff8800572ca00 fffff800023a5a46 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff8800572cb40 fffff80002084693 : 0000000000000001 fffffa80cba45060
0000000000000000 fffff8800572cc00 : nt!NtDeviceIoControlFile+0x56
fffff8800572cbb0 000000007747bbaa : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
(TrapFrame @ fffff8800572cc20) 00000000013afc58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747bbaa

7: kd> !irp fffffa80d1861ca0
Irp is active with 6 stacks 5 is current (= 0xfffffa80d1861e90)
Mdl=fffffa80dc12b710: No System Buffer: Thread fffffa80c3cb1410: Irp stack
trace.
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
0 e0 fffffa80c1d93040 fffffa80d05b5070
fffff8800149f9cc-fffffa80c9572620 Success Error Cancel
\FileSystem\MRxDAV mup!MupiUncProviderCompletion
Args: 000023d4 00000000 0014037e 00000000
[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
0 0 fffffa80c0f2fe40 fffffa80d05b5070 00000000-00000000
\FileSystem\Mup
Args: 000023d4 00000000 0014037e 00000000
7: kd> dt nt!_FILE_OBJECT fffffa80d05b5070
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xfffffa80c0f2fe40 _DEVICE_OBJECT +0x010 Vpb : (null) +0x018 FsContext : 0xfffff88003316ce0 Void
+0x020 FsContext2 : (null)
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ‘’
+0x049 DeletePending : 0 ‘’
+0x04a ReadAccess : 0 ‘’
+0x04b WriteAccess : 0 ‘’
+0x04c DeleteAccess : 0 ‘’
+0x04d SharedRead : 0 ‘’
+0x04e SharedWrite : 0 ‘’
+0x04f SharedDelete : 0 ‘’
+0x050 Flags : 0x40006
+0x058 FileName : _UNICODE_STRING “”
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 1
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : (null)
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [ 0xfffffa80d05b5130 - 0xfffffa80d05b5130 ]
+0x0d0 FileObjectExtension : 0xfffffa80`c58c6860 Void

7: kd> !stacks 0 Mup
Proc.Thread .Thread Ticks ThreadState Blocker
169c.0018bc fffffa80c3cb1410 e452cfe0 RUNNING nt!KeBugCheckEx
169c.002058 fffffa80c66706f0 e452dcf2 Blocked
mrxdav!UMRxAssignWork+0x399
169c.002288 fffffa80cec85700 e452cfe0 Blocked
mrxdav!UMRxSubmitAsyncEngUserModeRequest+0x25a

7: kd> !thread fffffa80c66706f0 17
THREAD fffffa80c66706f0 Cid 169c.2058 Teb: 000007fffffae000 Win32Thread:
0000000000000000 WAIT: (WrQueue) UserMode Alertable
fffffa80c1d93970 QueueObject
IRP List:
fffffa810cf43a20: (0006,0358) Flags: 00060000 Mdl: fffffa80dc2d2950
Not impersonating
DeviceMap fffff8a001137980
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464331534 Ticks: 3346 (0:00:00:52.281)
Context Switch Count 415 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.031
Win32 Start Address 0x000007fef20e1c2c
Stack Init fffff88008b21db0 Current fffff88008b210f0
Base fffff88008b22000 Limit fffff88008b1c000 Call 0000000000000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
fffff88008b21130 fffff8000208a672 : fffff88000000000 fffffa80c66706f0
fffff88000000000 0000000000000000 : nt!KiSwapContext+0x7a
fffff88008b21270 fffff8000208d6d3 : fffff88003316100 000000000014037e
0000000000000000 0000000000000000 : nt!KiCommitThreadWait+0x1d2
fffff88008b21300 fffff8800399f551 : fffffa8000000000 0000000000000001
fffff8000237bf01 fffff80002397301 : nt!KeRemoveQueueEx+0x323
fffff88008b213c0 fffff88003988411 : fffffa8100000000 0000000000000000
fffffa810cf43c0e fffffa80cf06a9c0 : mrxdav!UMRxAssignWork+0x399
fffff88008b21420 fffff88003332345 : fffffa80c1d93040 fffffa80cf06a9c0
fffffa810cf43c10 fffffa810cf43a20 :
mrxdav!MRxDAVDevFcbXXXControlFile+0x36d
fffff88008b21490 fffff88003331709 : 00000000000001eb fffffa810cf43a20
ffff00000b8374df 645365533147b91c : rdbss!RxXXXControlFileCallthru+0xcd
fffff88008b214c0 fffff880032ff6a0 : 0000000000000000 fffff88008b21550
fffffa80cf06a9c0 0000000000000000 : rdbss!RxCommonDevFCBIoCtl+0xf5
fffff88008b21510 fffff8800331cbb4 : fffffa810cf43a20 fffffa8160f2200e
00000000014a9918 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff88008b21600 fffff88003990be5 : 0000000000000000 fffff880014a9918
fffffa810cf43a20 fffffa8160f22070 : rdbss!RxFsdDispatch+0x224
fffff88008b21670 fffff880014a7c79 : fffffa80c1d93040 fffffa810cf43a20
fffff88008b2180e 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff88008b21740 fffff880014a6175 : fffff8a0002aa8a0 fffffa80c802ce10
0000000000000103 fffffa810cf43ca0 : mup!MupiCallUncProvider+0x169
fffff88008b217b0 fffff880014a8001 : fffffa810cf43a20 fffff880014a4118
fffffa8160f22070 0000000000000000 : mup!MupStateMachine+0x165
fffff88008b21800 fffff8800130e6af : fffffa80c0f2f9f0 fffffa80c802ce10
fffffa8160f22000 fffffa810cf43a20 : mup!MupFsdIrpPassThrough+0x12d
fffff88008b21850 fffff880015659e3 : fffffa80c1078000 0000000000000002
fffffa80c1078000 fffffa8160f22000 : fltmgr!FltpDispatch+0x9f
fffff88008b218b0 fffff8800130e6af : fffffa80c3880830 fffffa8160f22070
0000000000000001 fffffa810cf43a20 :
mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143
fffff88008b21930 fffff8000239184a : 0000000000000002 fffffa8160f22070
0000000000000001 fffffa810cf43a20 : fltmgr!FltpDispatch+0x9f
fffff88008b21990 fffff800023a59aa : fffffa8160f22070 0000000000000000
fffffa8160f22070 fffffa8160f22070 : nt!IopSynchronousServiceTail+0xfa
fffff88008b21a00 fffff800023a5a46 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!IopXxxControlFile+0xc27
fffff88008b21b40 fffff80002084693 : 0000000000000001 fffffa80cba45060
0000000000000000 fffff88008b21c00 : nt!NtDeviceIoControlFile+0x56
fffff88008b21bb0 000000007747bbaa : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
(TrapFrame @ fffff88008b21c20) 000000000159fa18 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747bbaa

7: kd> !thread fffffa80cec85700 17
THREAD fffffa80cec85700 Cid 169c.2288 Teb: 000007fffffdc000 Win32Thread:
0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffffa81324b64b0 SynchronizationEvent
IRP List:
fffffa80ccddbca0: (0006,0358) Flags: 00000884 Mdl: 00000000
Impersonation token: fffff8a0395a2a90 (Level Impersonation)
DeviceMap fffff8a0125151b0
Owning Process fffffa80c4abdb10 Image: svchost.exe
Attached Process N/A Image: N/A
Wait Start TickCount 464334880 Ticks: 0
Context Switch Count 20925 IdealProcessor: 3
UserTime 00:00:00.093
KernelTime 00:00:00.187
Win32 Start Address 0x000000007744f5d0
Stack Init fffff880082b3db0 Current fffff880082b29a0
Base fffff880082b4000 Limit fffff880082ae000 Call 0000000000000000
Priority 10 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
fffff880082b29e0 fffff8000208a672 : 00000000634e7852 fffffa80cec85700
0000000000000000 fffff8000208b71a : nt!KiSwapContext+0x7a
fffff880082b2b20 fffff8000208ce9f : fffffa80c3cb1410 fffff80002048cc4
fffffa8000000000 0000000000000000 : nt!KiCommitThreadWait+0x1d2
fffff880082b2bb0 fffff8800399dd36 : fffffa81324b6300 fffff88000000000
fffffa81324b6300 fffffa81324b6300 : nt!KeWaitForSingleObject+0x19f
fffff880082b2c50 fffff88003992cc7 : fffffa81324b6310 fffffa8147652810
000000020e100bb8 fffffa8147652810 :
mrxdav!UMRxSubmitAsyncEngUserModeRequest+0x25a
fffff880082b2cd0 fffff880039a039d : 0000000000000000 fffff88003992c18
0000000000000000 0000000000000000 :
mrxdav!MRxDAVFinalizeVNetRootContinuation+0xaf
fffff880082b2d10 fffff88003992b45 : fffffa80c9ce9f38 fffffa8147652810
0000000000000000 fffffa80c9ce9d80 : mrxdav!UMRxAsyncEngOuterWrapper+0x199
fffff880082b2d70 fffff88003301b89 : 0000000000000000 fffffa80ed67d010
fffffa80c1d93200 00000000000e0082 : mrxdav!MRxDAVFinalizeVNetRoot+0x211
fffff880082b2dd0 fffff8800331b954 : fffffa80c9ce9d80 fffffa80ed67d010
fffffa80c1d93200 0000000000000000 : rdbss!RxMRxFinalizeVNetRoot+0x7d
fffff880082b2e00 fffff880033380d8 : fffffa80c9ce9d80 fffffa80c1d937e0
fffffa80c1d932b8 0000000000000000 : rdbss!RxFinalizeVNetRoot+0x104
fffff880082b2e50 fffff8800333d1f8 : fffffa8154ebd200 fffffa80ccddbca0
fffff880082b2f20 0000000000000004 : rdbss!RxScavengeVNetRoots+0xc8
fffff880082b2e90 fffff880033326aa : fffffa8154ebd200 0000000000000000
0000000000000000 fffffa80ccddbca0 :
rdbss!RxFindOrConstructVirtualNetRootWithRetry+0x74
fffff880082b2ee0 fffff88003322cec : 0000000000000004 0000000000000000
fffffa80ccddbca0 fffffa80ccddbca0 : rdbss!RxCreateTreeConnect+0x13e
fffff880082b2f70 fffff880032ff6a0 : 0000000000000000 fffffa80ccddbca0
fffffa80ccddbe48 0000000000000000 : rdbss!RxCommonCreate+0x1ec
fffff880082b3030 fffff8800331cbb4 : fffffa80ccddbca0 fffffa80c3862600
fffff8a0002aa800 0000000000000001 : rdbss!RxFsdCommonDispatch+0x870
fffff880082b3120 fffff88003990be5 : fffff8a02f9be9b0 fffff880014b0b32
fffffa80ccddbca0 fffffa80c3862620 : rdbss!RxFsdDispatch+0x224
fffff880082b3190 fffff880014a7c79 : fffffa80c1d93040 fffffa80ccddbca0
fffff880082b3300 0000000000000000 : mrxdav!MRxDAVFsdDispatch+0x6c5
fffff880082b3260 fffff880014a6175 : fffff8a0002aa8a0 fffffa8130df21b0
0000000000000103 fffffa80c3862620 : mup!MupiCallUncProvider+0x169
fffff880082b32d0 fffff880014a67c5 : 0000000000000000 0000000000000000
fffffa80d2491160 0000000000000000 : mup!MupStateMachine+0x165
fffff880082b3320 fffff8800132f0b6 : 0000000000000000 fffffa80ccddbca0
0000000000000000 fffffa80c3862620 : mup!MupCreate+0x31d
fffff880082b33b0 fffff88001564fb0 : fffff880082b3650 fffffa80ccddbed8
fffff880082b3548 fffff8800150c60f : fltmgr!FltpCreate+0xa6
fffff880082b3460 fffff880014fb619 : fffffa80ccddbed8 fffffa80c1078000
fffffa80c3862620 0000000000000000 :
mfehidk!DEVICEDISPATCH::LowerDispatchPassThrough+0xa0
fffff880082b34f0 fffff88001565973 : 0000000055555555 0000000000000000
fffffa80c1078000 0000000000000000 : mfehidk+0x1e619
fffff880082b3620 fffff8800132f0b6 : 0000000000000005 0000000000000040
fffffa80c3862620 fffffa80c3880830 :
mfehidk!DEVICEDISPATCH::DispatchPassThrough+0xd3
fffff880082b36a0 fffff80002387afb : 0000000000000005 0000000000000040
fffffa80c3862620 fffffa80c38626b8 : fltmgr!FltpCreate+0xa6
fffff880082b3750 fffff8000238361e : fffffa80c0f2fe40 0000000000000000
fffffa80d38009b0 fffffa8000000001 : nt!IopParseDevice+0x14e2
fffff880082b38b0 fffff80002384106 : 0000000000000000 fffff880082b3a30
0000000000000040 fffffa80c08ffc90 : nt!ObpLookupObjectName+0x784
fffff880082b39b0 fffff80002385efc : fffffa80cec85700 0000000000000000
0000000000000001 ffffffffffffffff : nt!ObOpenObjectByName+0x306
fffff880082b3a80 fffff80002391574 : 00000000019eed30 0000000000100000
00000000019eebf0 00000000019eebe0 : nt!IopCreateFile+0x2bc
fffff880082b3b20 fffff80002084693 : fffffa80c4abdb10 0000007fffffffff
fffffa80cec85700 0000098000000000 : nt!NtCreateFile+0x78
fffff880082b3bb0 000000007747c08a : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
(TrapFrame @ fffff880082b3c20) 00000000019eeb58 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : 0x7747c08a

7: kd> !irp fffffa80ccddbca0
Irp is active with 6 stacks 4 is current (= 0xfffffa80ccddbe48)
No Mdl: System buffer=fffffa816ae1a010: Thread fffffa80cec85700: Irp stack
trace.
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[IRP_MJ_CREATE(0), N/A(0)]
0 e0 fffffa80c1d93040 fffffa80c3862620
fffff8800149f9cc-fffffa8130df21b0 Success Error Cancel
\FileSystem\MRxDAV mup!MupiUncProviderCompletion
Args: fffff880082b3858 010000a0 00070080 000000b4
[IRP_MJ_CREATE(0), N/A(0)]
0 e0 fffffa80c0f2fe40 fffffa80c3862620
fffff88001564ea0-fffff880082b34a8 Success Error Cancel
\FileSystem\Mup mfehidk!CopyELAMLog
Args: fffff880082b3858 010000a0 00070080 000000b4
[IRP_MJ_CREATE(0), N/A(0)]
0 0 fffffa80c0f31950 fffffa80c3862620 00000000-00000000
\Driver\mfehidk
Args: fffff880082b3858 010000a0 00070080 000000b4

7: kd> dt nt!_FILE_OBJECT fffffa80c3862620
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xfffffa80c0f2fe40 _DEVICE_OBJECT +0x010 Vpb : (null) +0x018 FsContext : (null) +0x020 FsContext2 : (null) +0x028 SectionObjectPointer : (null) +0x030 PrivateCacheMap : (null) +0x038 FinalStatus : 0n0 +0x040 RelatedFileObject : (null) +0x048 LockOperation : 0 '' +0x049 DeletePending : 0 '' +0x04a ReadAccess : 0 '' +0x04b WriteAccess : 0 '' +0x04c DeleteAccess : 0 '' +0x04d SharedRead : 0 '' +0x04e SharedWrite : 0 '' +0x04f SharedDelete : 0 '' +0x050 Flags : 2 +0x058 FileName : _UNICODE_STRING "\vidplf01@8080\Reference Data" +0x068 CurrentByteOffset : _LARGE_INTEGER 0x0 +0x070 Waiters : 0 +0x074 Busy : 0 +0x078 LastLock : (null) +0x080 Lock : _KEVENT +0x098 Event : _KEVENT +0x0b0 CompletionContext : (null) +0x0b8 IrpListLock : 0 +0x0c0 IrpList : _LIST_ENTRY [ 0xfffffa80c38626e0 -
0xfffffa80c38626e0 ] +0x0d0 FileObjectExtension : 0xfffffa80c25c7cb0 Void

7: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held
locks…

Resource @ 0xfffffa80c1d932d0 Exclusively owned
Contention Count = 9
Threads: fffffa80cec85700-01<*>
KD: Scanning for held locks.

Resource @ mrxdav!UMRxAsyncEngineContextListLock (0xfffff88003986180)
Exclusively owned
Contention Count = 6
Threads: fffffa80c3cb1410-01<*>
KD: Scanning for held
locks…
139721 total locks, 2 locks currently held

7: kd> !irpfind 0 0 Thread 0xfffffa80c1d932d0
Looking for IRPs with thread == fffffa80c1d932d0
Scanning large pool allocation table for tag 0x3f707249 (Irp?)
(fffffa80d8200000 : fffffa80d8500000)
Page 43c6ef not present in the dump file. Type “.hh dbgerr004” for details
Page 43c6d6 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be29 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be2a not present in the dump file. Type “.hh dbgerr004” for details
Page 43c717 not present in the dump file. Type “.hh dbgerr004” for details
Searching nonpaged pool (fffffa80c0008000 : fffffa83bbe00000) for tag
0x3f707249 (Irp?)

7: kd> !irpfind 0 0 Thread fffffa80c3cb1410
Looking for IRPs with thread == fffffa80c3cb1410
Scanning large pool allocation table for tag 0x3f707249 (Irp?)
(fffffa80d8200000 : fffffa80d8500000)
Page 43c6ef not present in the dump file. Type “.hh dbgerr004” for details
Page 43c6d6 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be29 not present in the dump file. Type “.hh dbgerr004” for details
Page 43be2a not present in the dump file. Type “.hh dbgerr004” for details
Page 43c717 not present in the dump file. Type “.hh dbgerr004” for details
Searching nonpaged pool (fffffa80c0008000 : fffffa83bbe00000) for tag
0x3f707249 (Irp?)
Irp [Thread] irpStack: (Mj,Mn) DevObj
[Driver] MDL Process
fffffa80d1861ca0 [fffffa80c3cb1410] irpStack: ( e, 0) fffffa80c1d93040 [
\FileSystem\MRxDAV] 0xfffffa80c4abdb10

7: kd> !running -it

System Processors: (00000000000000ff)
Idle Processors: (000000000000007f) (0000000000000000) (0000000000000000)
(0000000000000000)

Prcbs Current (pri) Next (pri) Idle
0 fffff80002204e80 fffff80002212cc0 ( 0)
fffff80002212cc0 …

Child-SP RetAddr Call Site

00 fffff80001e18c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff80001e18ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff80001e18d80 0000000000000000 nt!KiIdleLoop+0x2c

1 fffff880009bf180 fffff880009ca0c0 ( 0)
fffff880009ca0c0 …

Child-SP RetAddr Call Site

00 fffff880009d2c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff880009d2ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff880009d2d80 0000000000000000 nt!KiIdleLoop+0x2c

2 fffff88001e5d180 fffff88001e680c0 ( 0)
fffff88001e680c0 …

Child-SP RetAddr Call Site

00 fffff88001e85c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001e85ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001e85d80 0000000000000000 nt!KiIdleLoop+0x2c

3 fffff88001ece180 fffff88001ed90c0 ( 0)
fffff88001ed90c0 …

Child-SP RetAddr Call Site

00 fffff88001ef6c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001ef6ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001ef6d80 0000000000000000 nt!KiIdleLoop+0x2c

4 fffff88001f3f180 fffff88001f4a0c0 ( 0)
fffff88001f4a0c0 …

Child-SP RetAddr Call Site

00 fffff88001f67c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001f67ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001f67d80 0000000000000000 nt!KiIdleLoop+0x2c

5 fffff88001fb0180 fffff88001fbb0c0 ( 0)
fffff88001fbb0c0 …

Child-SP RetAddr Call Site

00 fffff88001fd8c98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff88001fd8ca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff88001fd8d80 0000000000000000 nt!KiIdleLoop+0x2c

6 fffff88001fe1180 fffff88001fec0c0 ( 0)
fffff88001fec0c0 …

Child-SP RetAddr Call Site

00 fffff8800205bc98 fffff8000208ebe9 intelppm!C1Halt+0x2
01 fffff8800205bca0 fffff8000207d0dc nt!PoIdle+0x52a
02 fffff8800205bd80 0000000000000000 nt!KiIdleLoop+0x2c

7 fffff880020a4180 fffffa80c3cb1410 ( 8)
fffff880020af0c0 …

Child-SP RetAddr Call Site

00 fffff8800572b078 fffff8800330cec2 nt!KeBugCheckEx
01 fffff8800572b080 fffff88003312c11 rdbss!RxExceptionFilter+0xea
02 fffff8800572b0d0 fffff800020b19c4 rdbss! ?? ::FNODOBFM::string'+0x547 03 fffff8800572b120 fffff88003312665 nt!_C_specific_handler+0x8c 04 fffff8800572b190 fffff800020b143d rdbss!_GSHandlerCheck_SEH+0x75 05 fffff8800572b1c0 fffff800020b0215 nt!RtlpExecuteHandlerForException+0xd 06 fffff8800572b1f0 fffff800020c1725 nt!RtlDispatchException+0x415 07 fffff8800572b8d0 fffff80002084a82 nt!KiDispatchException+0x135 08 fffff8800572bf70 fffff800020835fa nt!KiExceptionDispatch+0xc2 09 fffff8800572c150 fffff88003992def nt!KiPageFault+0x23a 0a fffff8800572c2e0 fffff8800399e7be mrxdav!MRxDAVFormatUserModeVNetRootFinalizeRequest+0xcf 0b fffff8800572c330 fffff8800399f633 mrxdav!UMRxPrepareUserModeRequestBuffer+0x2ca 0c fffff8800572c3c0 fffff88003988411 mrxdav!UMRxAssignWork+0x47b 0d fffff8800572c420 fffff88003332345 mrxdav!MRxDAVDevFcbXXXControlFile+0x36d 0e fffff8800572c490 fffff88003331709 rdbss!RxXXXControlFileCallthru+0xcd 0f fffff8800572c4c0 fffff880032ff6a0 rdbss!RxCommonDevFCBIoCtl+0xf5 10 fffff8800572c510 fffff8800331cbb4 rdbss!RxFsdCommonDispatch+0x870 11 fffff8800572c600 fffff88003990be5 rdbss!RxFsdDispatch+0x224 12 fffff8800572c670 fffff880014a7c79 mrxdav!MRxDAVFsdDispatch+0x6c5 13 fffff8800572c740 fffff880014a6175 mup!MupiCallUncProvider+0x169 14 fffff8800572c7b0 fffff880014a8001 mup!MupStateMachine+0x165 15 fffff8800572c800 fffff8800130e6af mup!MupFsdIrpPassThrough+0x12d 16 fffff8800572c850 fffff880015659e3 fltmgr!FltpDispatch+0x9f 17 fffff8800572c8b0 fffff8800130e6af mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x143 18 fffff8800572c930 fffff8000239184a fltmgr!FltpDispatch+0x9f 19 fffff8800572c990 fffff800023a59aa nt!IopSynchronousServiceTail+0xfa 1a fffff8800572ca00 fffff800023a5a46 nt!IopXxxControlFile+0xc27 1b fffff8800572cb40 fffff80002084693 nt!NtDeviceIoControlFile+0x56 1c fffff8800572cbb0 000000007747bbaa nt!KiSystemServiceCopyEnd+0x13 1d 00000000013afc58 00000000`00000000 0x7747bbaa