My laptop just BSOD at teefer2.sys. Very disconcerting. Here is the !analyze -v
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800ab53a58, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88003e3c55c, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x64)\sym\ntkrnlmp.exe\4A5BC6005dd000\ntkrnlmp.exe
The system cannot find the file specified.
READ_ADDRESS: fffffa800ab53a58 Nonpaged pool
FAULTING_IP:
teefer2+555c
fffff880`03e3c55c 488b9b88010000 mov rbx,qword ptr [rbx+188h]
MM_INTERNAL_CODE: 0
IMAGE_NAME: teefer2.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a0b1ec0
MODULE_NAME: teefer2
FAULTING_MODULE: fffff88003e37000 teefer2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 1
TRAP_FRAME: fffff88002e73ae0 -- (.trap 0xfffff88002e73ae0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000015
rdx=fffff88003e46f4c rsi=0000000000000000 rdi=0000000000000000
rip=fffff88003e3c55c rsp=fffff88002e73c70 rbp=0000000000000080
r8=000000000000005c r9=fffff88003e5849d r10=00000000000003cb
r11=0000000000000042 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
teefer2+0x555c:
fffff880`03e3c55c 488b9b88010000 mov rbx,qword ptr [rbx+188h] ds:6a04:0188=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800031061e4 to fffff80003086f00
STACK_TEXT:
fffff880`02e73978 fffff800`031061e4 : 00000000`00000050 fffffa80`0ab53a58 00000000`00000000 fffff880`02e73ae0 : nt!KeBugCheckEx
fffff880`02e73980 fffff800`03084fee : 00000000`00000000 fffffa80`0ab538d0 fffffa80`0abbe000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x42907
fffff880`02e73ae0 fffff880`03e3c55c : fffff880`03e46ed3 fffffa80`0ab538d0 00000000`00000080 fffff880`03e594e0 : nt!KiPageFault+0x16e
fffff880`02e73c70 fffff880`03e3c680 : fffff880`00000000 fffffa80`05903980 00000000`00000001 00000000`0001118e : teefer2+0x555c
fffff880`02e73ca0 fffff880`03e3c78c : 00000000`0001118e fffffa80`05572000 ffffffff`ff85ee00 00000000`00000080 : teefer2+0x5680
fffff880`02e73cd0 fffff800`0332a166 : 00000000`00000001 fffffa80`056154d0 00000000`00000080 fffffa80`056154d0 : teefer2+0x578c
fffff880`02e73d00 fffff800`03065486 : fffff880`009e9180 fffffa80`056154d0 fffffa80`054aca60 fffff880`0121ea90 : nt!PspSystemThreadStartup+0x5a
fffff880`02e73d40 00000000`00000000 : fffff880`02e74000 fffff880`02e6e000 fffff880`02e73650 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
teefer2+555c
fffff880`03e3c55c 488b9b88010000 mov rbx,qword ptr [rbx+188h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: teefer2+555c
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0x50_teefer2+555c
BUCKET_ID: X64_0x50_teefer2+555c
Followup: MachineOwner
---------
if anyone at Symantec wants the dump I'll be happy to upload it.
If anyone has any suggestions on how to avoid this let me know.