BSOD PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc) happens after volume gets dismounted(Minifilter)

Hi Rod,

Thank you so much for your prompt responses.

To relate to your suggestions,in driver, to initialize advancedFCBHeader,there is a call to FsRtlSetupAdvancedHeaderEx(1stParam,2ndParam,&fcb->FileCtxSupportPointer)

And as per FsRtlSetupAdvancedHeaderEx() code in Ntifs.h ,
(_advhdr)->FileContextSupportPointer = &fcb->FileCtxSupportPointer;

and localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS;

which means, we do support PerStreamContext and PerFileContext.

In IRP_MJ_Close callback , we have called FsRtlTeardownPerStreamContexts(AdvacncedFCBHeader) to teardown streamcontext.

Should we call FsRtlTeardownPerFileContexts() to teardown filecontexts as well??

Thanks a lot!

Hey, guess what the documentation for FsRtlTeardownPerFileContexts had disappeared alongside nearly every other useful IFS api. That’s two weeks and counting. If anyone would like to add their distress at this breakage to the case it might be useful.

Anyway to the case in point - that sounds like a good plan. Without the documentation I cannot be sure…

Gotta love that! Though it does appear to still be present on the Korean(?) version of the help docs.

Pete

Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

To follow up you can get an a approximation of the document here. It looks like this is required during IRP_MJ_CLOSE handling (or during final deref)

BSOD details:
PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

BUGCHECK_P1: ffffcf8080a90be0

BUGCHECK_P2: 0

BUGCHECK_P3: fffff800365ba96c

BUGCHECK_P4: 0

READ_ADDRESS: ffffcf8080a90be0 Special pool

FAULTING_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCC

PROCESS_NAME: System

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

FOLLOWUP_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

FAULT_INSTR_CODE: 48018b48

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: nt!FsRtlLookupReservedPerFileContext+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e6c7

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 0

FAILURE_BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

PRIMARY_PROBLEM_CLASS: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext
FAILURE_ID_HASH_STRING: km:0xcc_vrf_nt!fsrtllookupreservedperfilecontext

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

BUGCHECK_P1: ffffcf8080a90be0

BUGCHECK_P2: 0

BUGCHECK_P3: fffff800365ba96c

BUGCHECK_P4: 0

READ_ADDRESS: ffffcf8080a90be0 Special pool

FAULTING_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCC

PROCESS_NAME: System

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

FOLLOWUP_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

FAULT_INSTR_CODE: 48018b48

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: nt!FsRtlLookupReservedPerFileContext+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e6c7

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 0

FAILURE_BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

PRIMARY_PROBLEM_CLASS: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext
FAILURE_ID_HASH_STRING: km:0xcc_vrf_nt!fsrtllookupreservedperfilecontext

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

One observation is that rdx register has same value of FLT_VOLUME: ffffcf807f1787f0 for which last volume dismount has happened.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

One observation is that rdx register has same value of FLT_VOLUME: ffffcf807f1787f0 for which last volume dismount has happened.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

BSOD details:
PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

BUGCHECK_P1: ffffcf8080a90be0

BUGCHECK_P2: 0

BUGCHECK_P3: fffff800365ba96c

BUGCHECK_P4: 0

READ_ADDRESS: ffffcf8080a90be0 Special pool

FAULTING_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCC

PROCESS_NAME: System

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

FOLLOWUP_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

FAULT_INSTR_CODE: 48018b48

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: nt!FsRtlLookupReservedPerFileContext+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e6c7

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 0

FAILURE_BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

PRIMARY_PROBLEM_CLASS: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext
FAILURE_ID_HASH_STRING: km:0xcc_vrf_nt!fsrtllookupreservedperfilecontext

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

BUGCHECK_P1: ffffcf8080a90be0

BUGCHECK_P2: 0

BUGCHECK_P3: fffff800365ba96c

BUGCHECK_P4: 0

READ_ADDRESS: ffffcf8080a90be0 Special pool

FAULTING_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0xCC

PROCESS_NAME: System

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

FOLLOWUP_IP:
nt!FsRtlLookupReservedPerFileContext+0
fffff800`365ba96c 488b01 mov rax,qword ptr [rcx]

FAULT_INSTR_CODE: 48018b48

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: nt!FsRtlLookupReservedPerFileContext+0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e6c7

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 0

FAILURE_BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

BUCKET_ID: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext

PRIMARY_PROBLEM_CLASS: 0xCC_VRF_nt!FsRtlLookupReservedPerFileContext
FAILURE_ID_HASH_STRING: km:0xcc_vrf_nt!fsrtllookupreservedperfilecontext

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

PAGE_FAULT_IN_FREED_SPECIAL_POOL (cc)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver’s name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffffcf8080a90be0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff800365ba96c, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, Mm internal code.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800365d2d5a to fffff80036565500

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

0: kd> !fltkd.volumes

Volume List: ffffcf80702629b0 “Frame 0”
FLT_VOLUME: ffffcf80702aa800 “\Device\Mup”
FLT_INSTANCE: ffffcf8076bbc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80702f8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807364ed90 “CCFFilter” “261160”
FLT_INSTANCE: ffffcf80702606c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf807038a7f0 “\Device\HarddiskVolume2”
FLT_INSTANCE: ffffcf807193cc30 “CsvNSFlt Instance” “404900”
FLT_INSTANCE: ffffcf807f12c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070876c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf80709fe6c0 “Sfntpffd Instance” “144200”
FLT_INSTANCE: ffffcf80719984c0 “luafv” “135000”
FLT_VOLUME: ffffcf807073e7f0 “\Device\HarddiskVolume3”
FLT_INSTANCE: ffffcf807f13a6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf80707c2c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf807077e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80707bc7f0 “\Device\NamedPipe”
FLT_INSTANCE: ffffcf807076cd30 “npsvctrig” “46000”
FLT_VOLUME: ffffcf807070a7f0 “\Device\Mailslot”
FLT_VOLUME: ffffcf80707d47f0 “\Device\HarddiskVolume4”
FLT_INSTANCE: ffffcf807cbcc6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807066e6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf80706787f0 “\Device\HarddiskVolume5”
FLT_INSTANCE: ffffcf807f1386a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a306c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070b9a7f0 “\Device\HarddiskVolume1”
FLT_INSTANCE: ffffcf807e92c6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070be8c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b466c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070ae67f0 “\Device\HarddiskVolume6”
FLT_INSTANCE: ffffcf807e84e6a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070a48c30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070a246c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf8070a4e7f0 “\Device\HarddiskVolume7”
FLT_INSTANCE: ffffcf807deb26a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf8070aeec30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8070b5c6c0 “Sfntpffd Instance” “144200”
FLT_VOLUME: ffffcf808068e7f0 “\Device\HarddiskVolume61”
FLT_INSTANCE: ffffcf80806e06a0 “Process Monitor 23 Instance” “385200”
FLT_INSTANCE: ffffcf807e29ac30 “vsepflt Instance” “328200”
FLT_INSTANCE: ffffcf8081748b40 “ResumeKeyFilter” “202000”
FLT_INSTANCE: ffffcf80816a26c0 “Sfntpffd Instance” “144200”
** FLT_VOLUME: ffffcf807f1787f0 “\Device\HarddiskVolume64”**

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_TEXT:
ffffd000233a9f28 fffff800365d2d5a : 0000000000000000 0000000000000000 ffffd000233aa090 fffff800364c2f90 : nt!DbgBreakPointWithStatus
ffffd000233a9f30 fffff800365d2686 : 0000000000000003 ffffd000233aa090 fffff8003656fb00 00000000000000cc : nt!KiBugCheckDebugBreak+0x12
ffffd000233a9f90 fffff8003655d3a4 : 4f808126e0000000 fffff80036459262 0000000000000002 0000000000000000 : nt!KeBugCheck2+0x8a2
ffffd000233aa690 fffff80036602af4 : 0000000000000050 ffffcf8080a90be0 0000000000000000 ffffd000233aa860 : nt!KeBugCheckEx+0x104
ffffd000233aa6d0 fffff800364509d9 : 0000000000000000 ffffcf8080a90be0 ffffd000233aa860 ffffcf8080a90be0 : nt!MiSystemFault+0x1048
ffffd000233aa760 fffff8003656a957 : ffffcf807f178d78 fffffffffa0a1f00 0000000000000000 fffff80036641f90 : nt!MmAccessFault+0x219
ffffd000233aa860 fffff800365ba96c : fffff800365bad7a ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 : nt!KiPageFault+0x317
ffffd000233aa9f8 fffff800365bad7a : ffffd000233aaa60 ffffcf8000000000 fffff8015c1d68f6 ffffcf807f1787f0 : nt!FsRtlLookupReservedPerFileContext
ffffd000233aaa00 fffff8015c1e0748 : ffffcf807f1788e8 ffffcf807f178d78 ffffcf807f1788e8 fffff800366ba400 : nt!FsRtlRemoveReservedPerFileContext+0xe
ffffd000233aaa30 fffff8015c1d670f : ffffcf807f1788e8 ffffcf807f1787f0 ffffcf807f7386c0 ffffcf807f1788e8 : fltmgr!FltpDeleteAllFileListCtrls+0x9e98
ffffd000233aaa80 fffff8015c1d687b : ffffe00045f73a50 0000000000000008 ffffe00045f73900 0000000000000000 : fltmgr!FltpFreeVolume+0xdf
ffffd000233aaac0 fffff8015c1d67e8 : ffffcf8080888f90 ffffe0004521f040 ffffcf8080888f98 0000000000000018 : fltmgr!FltpCleanupDeviceObject+0x6b
ffffd000233aab20 fffff8003646799f : 0000000000000000 ffffe0004521f040 ffffcf8080888f98 0000000000000000 : fltmgr!FltpFastIoDetachDeviceWorker+0x15
ffffd000233aab50 fffff800364f052a : ffffe00044db1ce0 ffffd001572d5180 0000000000000080 ffffe00041c885c0 : nt!ExpWorkerThread+0x69f
ffffd000233aac00 fffff80036564d56 : ffffd001572d5180 ffffe0004521f040 ffffe00044a28080 0000000000000004 : nt!PspSystemThreadStartup+0x18a
ffffd000233aac60 0000000000000000 : ffffd000233ab000 ffffd000233a5000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

One observation is that rdx register has same value of FLT_VOLUME: ffffcf807f1787f0 for which last volume dismount has happened.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

One observation is that rdx register has same value of FLT_VOLUME: ffffcf807f1787f0 for which last volume dismount has happened.

TRAP_FRAME: ffffd000233aa860 – (.trap 0xffffd000233aa860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=ffffcf8080a90be0
rdx=ffffcf807f1787f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800365ba96c rsp=ffffd000233aa9f8 rbp=ffffd000233aaa60
r8=ffffcf8080a90be0 r9=0000000000000000 r10=0000000000000000
r11=ffffd000233aa9c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!FsRtlLookupReservedPerFileContext:
fffff800365ba96c 488b01 mov rax,qword ptr [rcx] ds:ffffcf8080a90be0=???
Resetting default scope

Thanks Rod and Peter for your valuable suggestions. This issue seems to be resolved with FsRtlTeardownPerFileContexts () while clearing FCB structure.

Thanks again!

Using this blindly “FsRtlTeardownPerFileContexts ()” can let you away this time but be cautious.