Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040311-24710-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c5ce50
Debug session time: Sun Apr 3 23:23:58.124 2011 (UTC - 4:00)
System Uptime: 0 days 0:04:17.763
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880070553d8, fffff88007054c40, fffff8800130f5fa}
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsLookupInFileRecord+18a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880070553d8
Arg3: fffff88007054c40
Arg4: fffff8800130f5fa
Debugging Details:
------------------
EXCEPTION_RECORD: fffff880070553d8 -- (.exr 0xfffff880070553d8)
ExceptionAddress: fffff8800130f5fa (Ntfs!NtfsLookupInFileRecord+0x000000000000018a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000000000012c
Attempt to read from address 000000000000012c
CONTEXT: fffff88007054c40 -- (.cxr 0xfffff88007054c40)
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88006c16340
rdx=fffff980020bc800 rsi=fffff88007055770 rdi=0000000006c16100
rip=fffff8800130f5fa rsp=fffff88007055610 rbp=0000000000000000
r8=fffff980020bc898 r9=0000000000000000 r10=fffff880012b8580
r11=fffff8800705599c r12=fffff880036fdb40 r13=fffffa8003697180
r14=fffff88006c16340 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
Ntfs!NtfsLookupInFileRecord+0x18a:
fffff880`0130f5fa 8b882c010000 mov ecx,dword ptr [rax+12Ch] ds:002b:00000000`0000012c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
PROCESS_NAME: McSvHost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000000012c
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc70e0
000000000000012c
FOLLOWUP_IP:
Ntfs!NtfsLookupInFileRecord+18a
fffff880`0130f5fa 8b882c010000 mov ecx,dword ptr [rax+12Ch]
FAULTING_IP:
Ntfs!NtfsLookupInFileRecord+18a
fffff880`0130f5fa 8b882c010000 mov ecx,dword ptr [rax+12Ch]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880012e60ff to fffff8800130f5fa
STACK_TEXT:
fffff880`07055610 fffff880`012e60ff : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`0000ba01 : Ntfs!NtfsLookupInFileRecord+0x18a
fffff880`070556a0 fffff880`012ffc0a : fffff880`06c16340 fffff8a0`036fdb40 fffff8a0`01d6bbc0 fffff880`0705599c : Ntfs!NtfsDeleteFile+0x233
fffff880`07055920 fffff880`0126daa9 : fffffa80`02e1a990 fffffa80`02492c10 fffff880`06c162a0 fffffa80`034c0060 : Ntfs!NtfsCommonCleanup+0x15da
fffff880`07055d30 fffff800`02a875c7 : fffff880`06c162a0 a05d46fb`fe2025eb 9cea2915`9ae8537d 2b80b26d`d5ada915 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`07055d60 fffff800`02a87581 : 00000000`00000000 fffffa80`034c0060 fffff880`07056000 fffff800`02a9f01a : nt!KxSwitchKernelStackCallout+0x27
fffff880`06c16170 fffff800`02a9f01a : fffff880`06c17000 fffffa80`034c0060 fffffa80`036a5ae0 00000000`00000000 : nt!KiSwitchKernelStackContinue
fffff880`06c16190 fffff880`0126d662 : fffff880`0126da90 fffff880`06c162a0 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x29a
fffff880`06c16270 fffff880`0130f244 : fffff880`06c16340 fffff880`06c16340 fffff880`06c16340 fffff8a0`036fdc70 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`06c162e0 fffff800`02f36c16 : fffff880`06c16340 fffffa80`02c53bd0 fffffa80`02c53bd0 fffffa80`03697030 : Ntfs!NtfsFsdCleanup+0x144
fffff880`06c16550 fffff880`010ca23f : fffffa80`02c53f70 fffff880`06c16600 fffffa80`02578c30 fffffa80`04bb2740 : nt!IovCallDriver+0x566
fffff880`06c165b0 fffff880`010c86df : fffffa80`036a5ae0 fffffa80`036a5ae0 fffffa80`025f7200 fffffa80`02c53bd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`06c16640 fffff800`02f36c16 : fffffa80`02c53bd0 00000000`00000002 fffffa80`05510140 fffff880`039dea57 : fltmgr!FltpDispatch+0xcf
fffff880`06c166a0 fffff880`0116e8f4 : fffffa80`02c53bd0 fffff880`06c16870 00000000`00000000 fffffa80`0552af40 : nt!IovCallDriver+0x566
fffff880`06c16700 fffffa80`02c53bd0 : fffff880`06c16870 00000000`00000000 fffffa80`0552af40 fffffa80`04e3e970 : mfehidk+0x478f4
fffff880`06c16708 fffff880`06c16870 : 00000000`00000000 fffffa80`0552af40 fffffa80`04e3e970 fffff880`039cbae3 : 0xfffffa80`02c53bd0
fffff880`06c16710 00000000`00000000 : fffffa80`0552af40 fffffa80`04e3e970 fffff880`039cbae3 00000000`03060000 : 0xfffff880`06c16870
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsLookupInFileRecord+18a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff88007054c40 ; kb
FAILURE_BUCKET_ID: X64_0x24_VRF_Ntfs!NtfsLookupInFileRecord+18a
BUCKET_ID: X64_0x24_VRF_Ntfs!NtfsLookupInFileRecord+18a
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040311-21793-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02a19000 PsLoadedModuleList = 0xfffff800`02c56e50
Debug session time: Sun Apr 3 23:35:13.827 2011 (UTC - 4:00)
System Uptime: 0 days 0:09:44.465
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa9001850130, 0, fffff80002bbca5e, 5}
Could not read faulting driver name
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+16ab )
Followup: Pool_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa9001850130, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002bbca5e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc10e0
fffffa9001850130
FAULTING_IP:
nt!ExDeferredFreePool+16ab
fffff800`02bbca5e 488b01 mov rax,qword ptr [rcx]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880072ad700 -- (.trap 0xfffff880072ad700)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000005000000 rbx=0000000000000000 rcx=fffffa9001850130
rdx=fffff88002c5a700 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002bbca5e rsp=fffff880072ad890 rbp=0000000000000000
r8=0000000000000001 r9=0000000000000000 r10=fffff80002a19000
r11=00000000000004f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!ExDeferredFreePool+0x16ab:
fffff800`02bbca5e 488b01 mov rax,qword ptr [rcx] ds:0003:fffffa90`01850130=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b088c1 to fffff80002a89740
STACK_TEXT:
fffff880`072ad598 fffff800`02b088c1 : 00000000`00000050 fffffa90`01850130 00000000`00000000 fffff880`072ad700 : nt!KeBugCheckEx
fffff880`072ad5a0 fffff800`02a8782e : 00000000`00000000 fffff880`02c5a6f0 00000000`00000000 fffff800`02ab6668 : nt! ?? ::FNODOBFM::`string'+0x40e8b
fffff880`072ad700 fffff800`02bbca5e : fffff880`02c5a6f0 00000000`00000000 00000000`00000003 00000000`00000001 : nt!KiPageFault+0x16e
fffff880`072ad890 fffff800`02e3b666 : fffff8a0`00082cf0 fffffa80`034a2000 fffff880`69634d43 00000000`000004ef : nt!ExDeferredFreePool+0x16ab
fffff880`072ad940 fffff800`02dd2c87 : fffff8a0`00000019 fffff880`072ada80 fffffa80`0342c800 00000000`00000019 : nt!CmpCallCallBacks+0x4f6
fffff880`072ada10 fffff800`02a8e8b4 : 00000000`00000000 fffffa80`034a2060 fffffa80`018fd080 fffff8a0`0256eeb0 : nt! ?? ::NNGAKEGL::`string'+0x354d8
fffff880`072adae0 fffff800`02d9d354 : fffffa80`034a2060 00000000`00000000 fffffa80`0342c830 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`072adb40 fffff800`02d9d254 : 00000000`00000588 fffffa80`034a2060 fffff8a0`02074340 00000000`00000588 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`072adbd0 fffff800`02a88993 : fffffa80`0342c830 fffff880`072adca0 00000000`003d7fa0 00000000`003d7fa0 : nt!ObpCloseHandle+0x94
fffff880`072adc20 00000000`76f2f7aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0152c6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f2f7aa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+16ab
fffff800`02bbca5e 488b01 mov rax,qword ptr [rcx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+16ab
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x50_VRF_nt!ExDeferredFreePool+16ab
BUCKET_ID: X64_0x50_VRF_nt!ExDeferredFreePool+16ab
Followup: Pool_corruption
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040311-26192-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02a1b000 PsLoadedModuleList = 0xfffff800`02c58e50
Debug session time: Sun Apr 3 23:17:07.161 2011 (UTC - 4:00)
System Uptime: 3 days 14:33:56.800
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88002da47e8, fffff88002da4050, fffff80002a51054}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonWrite+1835 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88002da47e8
Arg3: fffff88002da4050
Arg4: fffff80002a51054
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88002da47e8 -- (.exr 0xfffff88002da47e8)
ExceptionAddress: fffff80002a51054 (nt!ExReleaseFastMutex+0x0000000000000004)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88002da4050 -- (.cxr 0xfffff88002da4050)
rax=0020002000200020 rbx=0000000000000000 rcx=0010001000480020
rdx=0020002000200020 rsi=fffff8a001735c30 rdi=fffff88001735bc0
rip=fffff80002a51054 rsp=fffff88002da4a20 rbp=fffff88002da4e00
r8=0000000000000000 r9=0000000000000005 r10=0000000000000000
r11=fffff88002da4c08 r12=fffff88002da4c40 r13=0000000000000044
r14=0000000000000000 r15=0000000000000012
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!ExReleaseFastMutex+0x4:
fffff800`02a51054 0fb65130 movzx edx,byte ptr [rcx+30h] ds:002b:00100010`00480050=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc30e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsCommonWrite+1835
fffff880`012699cd f6470420 test byte ptr [rdi+4],20h
FAULTING_IP:
nt!ExReleaseFastMutex+4
fffff800`02a51054 0fb65130 movzx edx,byte ptr [rcx+30h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880012699cd to fffff80002a51054
STACK_TEXT:
fffff880`02da4a20 fffff880`012699cd : 00000000`00000000 fffff880`02da6000 00000000`02da4a00 fffffa80`034e1440 : nt!ExReleaseFastMutex+0x4
fffff880`02da4a50 fffff880`0126d413 : fffff880`02da4c40 fffffa80`049ff9d0 fffff880`02da4e00 fffff880`02da5c00 : Ntfs!NtfsCommonWrite+0x1835
fffff880`02da4c10 fffff800`02f32c16 : fffffa80`049ff9d0 fffffa80`049ff9d0 fffffa80`036ad030 fffffa80`02e3c5f0 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`02da4e90 fffff880`0106a23f : fffffa80`049ffdb8 fffff880`02da4f40 fffffa80`0349c970 fffffa80`02e3c5f0 : nt!IovCallDriver+0x566
fffff880`02da4ef0 fffff880`010686df : fffffa80`02f5d9d0 fffffa80`02f5d9d0 fffffa80`02f5d900 fffffa80`049ff9d0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`02da4f80 fffff800`02f32c16 : fffffa80`049ff9d0 00000000`00000002 fffff880`00000000 00000000`10000000 : fltmgr!FltpDispatch+0xcf
fffff880`02da4fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IovCallDriver+0x566
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs!NtfsCommonWrite+1835
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff88002da4050 ; kb
FAILURE_BUCKET_ID: X64_0x24_VRF_Ntfs!NtfsCommonWrite+1835
BUCKET_ID: X64_0x24_VRF_Ntfs!NtfsCommonWrite+1835
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040311-23181-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16695.amd64fre.win7_gdr.101026-1503
Machine Name:
Kernel base = 0xfffff800`02a0d000 PsLoadedModuleList = 0xfffff800`02c4ae50
Debug session time: Sun Apr 3 23:44:26.415 2011 (UTC - 4:00)
System Uptime: 0 days 0:07:20.054
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa9001850130, 0, fffff80002bb0a5e, 5}
Could not read faulting driver name
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+16ab )
Followup: Pool_corruption
---------