Trying to debug bug check 0xc2.
got dump with verifier on. here is the analyze -v output
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000000000000, Memory contents of the pool block
Arg4: fffff8a0141cb010, Address of the block of pool being deallocated
Debugging Details:
POOL_ADDRESS: fffff8a0141cb010 Paged pool
BUGCHECK_STR: 0xc2_7
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fb9be9 to fffff80002e86c00
STACK_TEXT:
fffff880099b94b8 fffff800
02fb9be9 : 00000000000000c2 00000000
00000007 000000000000109b 00000000
00000000 : nt!KeBugCheckEx
fffff880099b94c0 fffff800
02e48cd2 : 0000000000000000 fffff8a0
141cb810 fffffa80144c15d0 00000000
0008c011 : nt!ExDeferredFreePool+0x1201
fffff880099b9570 fffff800
031291bb : fffffa80144c1550 00000000
00000011 000000000008c089 00000000
00010286 : nt!MiDeleteSegmentPages+0x112
fffff880099b9640 fffff800
02e8fe44 : 0000000000000000 fffff880
014ffa00 fffffa8003d1e080 fffffa80
03d1e080 : nt!MiSegmentDelete+0x7b
fffff880099b9680 fffff800
02ecac3b : fffff880014ffa00 fffffa80
144a6db0 0000000000000000 00000000
00000000 : nt!ObfDereferenceObject+0xd4
fffff880099b96e0 fffff800
02e9fb99 : fffff880014ffa64 fffffa80
144a3e00 fffffa80144a6db0 00000000
00000000 : nt!CcDeleteSharedCacheMap+0x1cb
fffff880099b9740 fffff880
014ffb30 : fffffa80076b9180 00000000
00000000 0000000000000001 00000000
00000000 : nt!CcUninitializeCacheMap+0x389
fffff880099b97c0 fffff880
014d08d6 : 0000000000000000 fffff800
0302c200 0000000000000001 00000000
00000000 : Ntfs!NtfsDeleteInternalAttributeStream+0xcc
fffff880099b9810 fffff880
014485d0 : fffff8a0141c9660 fffff8a0
141c9760 fffff8000302c200 fffff8a0
141cdab0 : Ntfs!NtfsRemoveScb+0xe2
fffff880099b9850 fffff880
0144787f : fffff8a0141c9630 fffff800
0302c280 fffff880099b9a01 fffffa80
139eb1e0 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880099b9880 fffff880
014ce6f0 : fffffa80139eb1e0 fffffa80
076b9180 fffff8a0141cda80 fffff8a0
141cde18 : Ntfs!NtfsTeardownFromLcb+0x2af
fffff880099b9910 fffff880
0144ea42 : fffffa80139eb1e0 fffffa80
139eb1e0 fffff8a0141cda80 fffff880
014dda00 : Ntfs!NtfsTeardownStructures+0x200
fffff880099b9990 fffff880
014ddc53 : fffffa80139eb1e0 fffff800
0302c280 fffff8a0141cda80 00000000
00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880099b99d0 fffff880
014cd2cf : fffffa80139eb1e0 fffff8a0
141cdbb0 fffff8a0141cda80 fffffa80
076b9180 : Ntfs!NtfsCommonClose+0x353
fffff880099b9aa0 fffff800
02e90251 : 0000000000000000 fffff800
0317ed00 fffff8000308d801 fffff800
00000002 : Ntfs!NtfsFspClose+0x15f
fffff880099b9b70 fffff800
03124ede : 0000000000000010 fffffa80
18017040 0000000000000080 fffffa80
03c8db30 : nt!ExpWorkerThread+0x111
fffff880099b9c00 fffff800
02e77906 : fffff80003001e80 fffffa80
18017040 fffffa801601a040 00000000
00000000 : nt!PspSystemThreadStartup+0x5a
fffff880099b9c40 00000000
00000000 : fffff880099ba000 fffff880
099b4000 fffff880099b9190 00000000
00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiDeleteSegmentPages+112
fffff800`02e48cd2 4c8b8424d0000000 mov r8,qword ptr [rsp+0D0h]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!MiDeleteSegmentPages+112
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xc2_7_VRF_nt!MiDeleteSegmentPages+112
BUCKET_ID: X64_0xc2_7_VRF_nt!MiDeleteSegmentPages+112
Followup: MachineOwner
Also tried using !verifier 0x80
0: kd> !verifier 0x80 fffff8a0141cb010
Log of recent kernel pool Allocate and Free operations:
There are up to 0x10000 entries in the log.
Parsing 0x0000000000010000 log entries, searching for address 0xfffff8a0141cb010.
Finished parsing all pool tracking information.
No entries matching address fffff8a0141cb010 have been found.
Any help to further debug this issue is appreciated.