Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\040310-36863-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02e4c000 PsLoadedModuleList = 0xfffff800`03089e50
Debug session time: Sat Apr 3 08:05:43.442 2010 (UTC - 4:00)
System Uptime: 0 days 3:06:10.674
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7A, {fffff6fc40009bb8, ffffffffc0000185, 60b6b860, fffff88001377ef0}
Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
GetPointerFromAddress: unable to read from fffff800030f4220
Probably caused by : memory_corruption
Followup: memory_corruption
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc40009bb8, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc0000185, error status (normally i/o status code)
Arg3: 0000000060b6b860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff88001377ef0, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
ERROR_CODE: (NTSTATUS) 0xc0000185 - The I/O device reported an I/O error.
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR: 0x7a_c0000185
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff880084ee430 -- (.trap 0xfffff880084ee430)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000000b rbx=0000000000000000 rcx=fffff880084ee750
rdx=fffffa8001febc10 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001377ef0 rsp=fffff880084ee5c8 rbp=fffff880084ee960
r8=fffff8a0022e7010 r9=fffff880084ee6c0 r10=0000000000000004
r11=fffff880084ee5a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
Ntfs!NtfsQueryLinksInfo:
fffff880`01377ef0 0000 add byte ptr [rax],al ds:e750:00000000`0000000b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002f31438 to fffff80002ebdf00
STACK_TEXT:
fffff880`084ee118 fffff800`02f31438 : 00000000`0000007a fffff6fc`40009bb8 ffffffff`c0000185 00000000`60b6b860 : nt!KeBugCheckEx
fffff880`084ee120 fffff800`02eafd8b : fffffa80`0410e9f0 fffff880`084ee290 fffff800`03049440 fffffa80`032eb2a0 : nt! ?? ::FNODOBFM::`string'+0x34cde
fffff880`084ee200 fffff800`02ed8da4 : 00000000`00000000 00000000`00000008 ffffffff`ffffffff 00000000`0000fffe : nt!MiIssueHardFault+0x28b
fffff880`084ee2d0 fffff800`02ebbfee : 00000000`00000008 fffff8a0`022e7330 fffff880`084ee400 fffff880`084ee448 : nt!MmAccessFault+0x11c4
fffff880`084ee430 fffff880`01377ef0 : fffff880`012d2538 fffff8a0`022e7330 fffff8a0`022e7140 fffff880`084ee750 : nt!KiPageFault+0x16e
fffff880`084ee5c8 fffff880`012d2538 : fffff8a0`022e7330 fffff8a0`022e7140 fffff880`084ee750 fffff8a0`022e7140 : Ntfs!NtfsQueryLinksInfo
fffff880`084ee5d0 fffff880`012d2906 : fffff880`084ee750 fffffa80`01febc10 fffff880`00000060 fffffa80`00000060 : Ntfs!NtfsCommonQueryInformation+0xd46
fffff880`084ee6b0 fffff880`012d2ea4 : fffff880`084ee750 fffffa80`01febc10 fffffa80`01febfb0 00000000`00000000 : Ntfs!NtfsFsdDispatchSwitch+0x106
fffff880`084ee730 fffff880`0102223f : fffff880`084ee9d0 fffff880`01021be9 fffff880`084ee900 00000000`00100005 : Ntfs!NtfsFsdDispatchWait+0x14
fffff880`084ee920 fffff880`010206df : fffffa80`024eb5b0 00000000`00000000 fffffa80`024eb500 fffffa80`01febc10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`084ee9b0 fffff880`03d885f1 : fffffa80`01febc10 fffff800`02eded6c ffffffff`ffffffff 00000000`00000000 : fltmgr!FltpDispatch+0xcf
fffff880`084eea10 fffffa80`01febc10 : fffff800`02eded6c ffffffff`ffffffff 00000000`00000000 fffffa80`040f39b0 : mfehidk+0x255f1
fffff880`084eea18 fffff800`02eded6c : ffffffff`ffffffff 00000000`00000000 fffffa80`040f39b0 fffffa80`024eb5b0 : 0xfffffa80`01febc10
fffff880`084eea20 fffff800`0319ec7a : 00000000`005cd498 fffff880`084eeca0 00000000`005cd498 00000000`0000002e : nt!ExAllocatePoolWithQuotaTag+0xbc
fffff880`084eea70 fffff800`02ebd153 : 00000000`000000d8 00000000`001ddd78 00000000`005cd498 0000007f`00000060 : nt!NtQueryInformationFile+0x535
fffff880`084eebb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !Ntfs
fffff88001377000-fffff88001377005 6 bytes - Ntfs!NtfsGetVolumeBitmap+1e0
[ 74 1b 41 b8 8f 2d:00 00 00 00 00 00 ]
fffff88001377008-fffff88001377011 10 bytes - Ntfs!NtfsGetVolumeBitmap+1e8 (+0x08)
[ 48 8d 15 41 2b f7 ff bb:00 00 00 00 00 00 00 00 ]
fffff88001377013-fffff8800137701f 13 bytes - Ntfs!NtfsGetVolumeBitmap+1f3 (+0x0b)
[ c0 8b cb e8 35 63 ee ff:00 00 00 00 00 00 00 00 ]
fffff88001377021-fffff88001377046 38 bytes - Ntfs!NtfsGetVolumeBitmap+201 (+0x0e)
[ c0 89 7c 24 20 41 b1 01:00 00 00 00 00 00 00 00 ]
fffff88001377049-fffff8800137704b 3 bytes - Ntfs!NtfsGetVolumeBitmap+229 (+0x28)
[ 48 8d 15:00 00 00 ]
fffff8800137704d-fffff8800137705b 15 bytes - Ntfs!NtfsGetVolumeBitmap+22d (+0x04)
[ 2b f7 ff 8b cb e8 f9 62:00 00 00 00 00 00 00 00 ]
fffff8800137705e-fffff8800137707b 30 bytes - Ntfs!NtfsGetVolumeBitmap+23e (+0x11)
[ 4c 8b 7e 40 4c 89 7c 24:00 00 00 00 00 00 00 00 ]
fffff8800137707d - Ntfs!NtfsGetVolumeBitmap+25d (+0x1f)
[ 07:00 ]
fffff88001377080-fffff8800137708f 16 bytes - Ntfs!NtfsGetVolumeBitmap+260 (+0x03)
[ ff 15 1a dc f0 ff c6 44:00 00 00 00 00 00 00 00 ]
fffff88001377092-fffff8800137709a 9 bytes - Ntfs!NtfsGetVolumeBitmap+272 (+0x12)
[ 0f ba e0 10 73 07 bb 6e:00 00 00 00 00 00 00 00 ]
fffff8800137709c-fffff8800137709f 4 bytes - Ntfs!NtfsGetVolumeBitmap+27c (+0x0a)
[ c0 eb 0f 25:f4 6a 89 02 ]
fffff880013770a3-fffff880013770aa 8 bytes - Ntfs!NtfsGetVolumeBitmap+283 (+0x07)
[ 01 f7 d8 1b db 81 e3 08:00 00 00 00 00 00 00 00 ]
fffff880013770ad-fffff880013770b8 12 bytes - Ntfs!NtfsGetVolumeBitmap+28d (+0x0a)
[ c0 89 5c 24 48 3b df 0f:00 00 00 00 00 00 00 00 ]
fffff880013770ba-fffff880013770c0 7 bytes - Ntfs!NtfsGetVolumeBitmap+29a (+0x0d)
[ 4c 3b e7 0f 8c 67 02:00 00 00 00 00 00 00 ]
fffff880013770c3-fffff880013770c6 4 bytes - Ntfs!NtfsGetVolumeBitmap+2a3 (+0x09)
[ 48 8d 86 f0:00 01 00 00 ]
fffff880013770ca-fffff880013770d5 12 bytes - Ntfs!NtfsGetVolumeBitmap+2aa (+0x07)
[ 48 89 44 24 68 4c 3b 20:00 00 00 00 00 00 00 00 ]
fffff880013770d8-fffff880013770f3 28 bytes - Ntfs!NtfsGetVolumeBitmap+2b8 (+0x0e)
[ 41 83 c6 f0 44 89 74 24:00 00 00 00 00 00 00 00 ]
fffff880013770f7-fffff880013770fd 7 bytes - Ntfs!NtfsGetVolumeBitmap+2d7 (+0x1f)
[ 48 3b 08 0f 8d 9f 01:00 ad 0a 6b 11 00 00 ]
fffff880013770ff-fffff88001377104 6 bytes - Ntfs!NtfsGetVolumeBitmap+2df (+0x08)
[ 00 48 39 bc 24 f8:80 5d 02 8f 00 01 ]
fffff88001377107-fffff8800137710e 8 bytes - Ntfs!NtfsGetVolumeBitmap+2e7 (+0x08)
[ 00 74 1b 48 8b 8c 24 f8:c0 00 00 00 00 28 e7 91 ]
fffff88001377110-fffff8800137712e 31 bytes - Ntfs!NtfsGetVolumeBitmap+2f0 (+0x09)
[ 00 00 ff 15 78 db f0 ff:14 e7 91 00 d0 b0 8c 00 ]
fffff88001377130 - Ntfs!NtfsGetVolumeBitmap+310 (+0x20)
[ 00:05 ]
fffff88001377132-fffff8800137713b 10 bytes - Ntfs!NtfsGetVolumeBitmap+312 (+0x02)
[ 48 89 44 24 28 48 8d 84:00 00 00 00 00 00 e4 e6 ]
fffff8800137713f-fffff88001377153 21 bytes - Ntfs!NtfsGetVolumeBitmap+31f (+0x0d)
[ 48 89 44 24 20 4c 8d 4c:00 a4 90 8d 00 14 11 c9 ]
fffff88001377157-fffff88001377170 26 bytes - Ntfs!NtfsGetVolumeBitmap+337 (+0x18)
[ e8 94 33 f4 ff 3b df 75:00 d4 72 cb 04 00 00 00 ]
fffff88001377174-fffff88001377177 4 bytes - Ntfs!NtfsGetVolumeBitmap+354 (+0x1d)
[ 8b b4 24 80:00 00 00 00 ]
fffff8800137717b-fffff8800137719a 32 bytes - Ntfs!NtfsGetVolumeBitmap+35b (+0x07)
[ 83 c6 07 c1 ee 03 41 2b:00 00 00 00 00 00 00 00 ]
fffff8800137719d-fffff880013771a5 9 bytes - Ntfs!NtfsGetVolumeBitmap+37d (+0x22)
[ 48 8d 15 ac 29 f7 ff b9:00 00 00 00 00 00 00 00 ]
fffff880013771a8-fffff880013771b2 11 bytes - Ntfs!NtfsGetVolumeBitmap+388 (+0x0b)
[ 80 e8 a2 61 ee ff c7 44:00 00 00 00 00 00 00 00 ]
fffff880013771b5-fffff880013771c4 16 bytes - Ntfs!NtfsGetVolumeBitmap+395 (+0x0d)
[ 80 39 7c 24 4c 74 0e 8b:00 00 00 00 00 00 00 00 ]
fffff880013771c8-fffff880013771e3 28 bytes - Ntfs!NtfsGetVolumeBitmap+3a8 (+0x13)
[ eb 1d 4c 8b 7c 24 58 48:00 00 00 00 00 00 00 00 ]
fffff880013771e7-fffff880013771f6 16 bytes - Ntfs!NtfsGetVolumeBitmap+3c7 (+0x1f)
[ c6 44 24 40 01 44 8b c6:00 00 00 00 00 00 00 00 ]
fffff880013771fa-fffff88001377219 32 bytes - Ntfs!NtfsGetVolumeBitmap+3da (+0x13)
[ 8b c3 48 c1 e8 03 48 8b:00 00 00 00 00 00 00 00 ]
fffff8800137721c-fffff88001377222 7 bytes - Ntfs!NtfsGetVolumeBitmap+3fc (+0x22)
[ 80 74 61 8b 84 24 f0:00 00 00 00 00 00 00 ]
fffff88001377226-fffff8800137722c 7 bytes - Ntfs!NtfsGetVolumeBitmap+406 (+0x0a)
[ c1 e0 03 8b 8c 24 80:00 00 00 00 00 00 00 ]
fffff88001377230-fffff8800137724f 32 bytes - Ntfs!NtfsGetVolumeBitmap+410 (+0x0a)
[ 2b c8 8b 5c 24 44 03 d9:00 00 00 00 00 00 00 00 ]
fffff88001377253-fffff88001377256 4 bytes - Ntfs!NtfsGetVolumeBitmap+433 (+0x23)
[ 8b 84 24 80:00 00 00 00 ]
fffff8800137725a-fffff880013772b1 88 bytes - Ntfs!NtfsGetVolumeBitmap+43a (+0x07)
[ 48 8b 4c 24 60 48 03 c8:00 00 00 00 00 00 00 00 ]
fffff880013772b3-fffff880013772cc 26 bytes - Ntfs!NtfsGetVolumeBitmap+493 (+0x59)
[ 49 2b c4 48 89 41 08 40:00 00 00 00 00 00 00 00 ]
fffff880013772d0-fffff880013772d9 10 bytes - Ntfs!NtfsGetVolumeBitmap+4b0 (+0x1d)
[ 49 89 44 24 38 4c 8b ac:00 00 00 00 00 00 00 00 ]
fffff880013772dd-fffff880013772de 2 bytes - Ntfs!NtfsGetVolumeBitmap+4bd (+0x0d)
[ e9 8e:00 00 ]
fffff880013772e2-fffff880013772f2 17 bytes - Ntfs!NtfsGetVolumeBitmap+4c2 (+0x05)
[ 8a 05 21 45 f2 ff 33 ff:00 00 00 00 00 00 00 00 ]
fffff880013772f5-fffff880013772fd 9 bytes - Ntfs!NtfsGetVolumeBitmap+4d5 (+0x13)
[ 48 8d 15 54 28 f7 ff b9:00 00 00 00 00 00 00 00 ]
fffff88001377300-fffff8800137730c 13 bytes - Ntfs!NtfsGetVolumeBitmap+4e0 (+0x0b)
[ c0 e8 4a 60 ee ff c7 44:00 00 00 00 00 00 00 00 ]
fffff8800137730e-fffff88001377315 8 bytes - Ntfs!NtfsGetVolumeBitmap+4ee (+0x0e)
[ 45 33 c9 45 33 c0 ba e8:00 00 00 00 00 00 00 00 ]
fffff88001377318-fffff8800137731d 6 bytes - Ntfs!NtfsGetVolumeBitmap+4f8 (+0x0a)
[ c0 48 8b 8c 24 e0:00 00 00 00 00 00 ]
fffff88001377321-fffff88001377327 7 bytes - Ntfs!NtfsGetVolumeBitmap+501 (+0x09)
[ e8 2a f9 ed ff cc eb:00 00 00 00 00 00 00 ]
fffff88001377329-fffff88001377338 16 bytes - Ntfs!NtfsGetVolumeBitmap+506 (+0x08)
[ 90 8a 05 d9 44 f2 ff 40:00 00 00 00 00 00 00 00 ]
fffff8800137733b-fffff88001377343 9 bytes - Ntfs!NtfsGetVolumeBitmap+518 (+0x12)
[ 48 8d 15 0e 28 f7 ff b9:00 00 00 00 00 00 00 00 ]
fffff88001377346-fffff88001377350 11 bytes - Ntfs!NtfsGetVolumeBitmap+523 (+0x0b)
[ c0 e8 04 60 ee ff c7 44:00 00 00 00 00 00 00 00 ]
WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
3654 errors : !Ntfs (fffff88001377000-fffff88001377ffd)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE_4096
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_4096
BUCKET_ID: X64_MEMORY_CORRUPTION_LARGE_4096
Followup: memory_corruption
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\030611-34070-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`0301e000 PsLoadedModuleList = 0xfffff800`0325be50
Debug session time: Sun Mar 6 09:37:52.624 2011 (UTC - 4:00)
System Uptime: 0 days 0:00:50.856
Loading Kernel Symbols
...............................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2000, 2, 0, fffff800030ae306}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000002000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800030ae306, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c60e0
0000000000002000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+c73
fffff800`030ae306 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: MpCmdRun.exe
IRP_ADDRESS: ffffffffffffff88
TRAP_FRAME: fffff8800255be20 -- (.trap 0xfffff8800255be20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800255c408 rbx=0000000000000000 rcx=0000000000002000
rdx=0000000000002000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030ae306 rsp=fffff8800255bfb0 rbp=fffff8800255c100
r8=fffffa8001668ad0 r9=fffff8800255c0b0 r10=0000000000000002
r11=fffffa8002f9c010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt!IopCompleteRequest+0xc73:
fffff800`030ae306 488b09 mov rcx,qword ptr [rcx] ds:00000000`00002000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000308db69 to fffff8000308e600
STACK_TEXT:
fffff880`0255bcd8 fffff800`0308db69 : 00000000`0000000a 00000000`00002000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0255bce0 fffff800`0308c7e0 : 00000000`00000000 fffffa80`01664b70 00000000`00000000 fffff880`0255ca18 : nt!KiBugCheckDispatch+0x69
fffff880`0255be20 fffff800`030ae306 : fffffa80`025db3f8 00000000`00000002 00000000`00000001 fffffa80`0306e010 : nt!KiPageFault+0x260
fffff880`0255bfb0 fffff800`0306afcf : 00000000`00000000 000fffff`8a001fed 00000000`00000000 fffffa80`00000000 : nt!IopCompleteRequest+0xc73
fffff880`0255c080 fffff800`0306b387 : fffff8a0`01fed000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`0255c100 fffff800`030a17b3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiApcInterrupt+0xd7
fffff880`0255c290 fffff800`030a0f7d : fffff8a0`01fed000 fffff880`20206f49 00000000`00002000 fffff800`00000000 : nt!ExpAddTagForBigPages+0x1a3
fffff880`0255c330 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff8a0`00000000 fffff880`00969000 : nt!ExpAllocateBigPool+0xcd
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`0308c7e0 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
BUCKET_ID: X64_0xA_nt!KiPageFault+260
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\051311-39998-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`0300f000 PsLoadedModuleList = 0xfffff800`0324ce50
Debug session time: Fri May 13 13:42:19.249 2011 (UTC - 4:00)
System Uptime: 0 days 0:10:25.480
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80003083bd8, fffff88007ba39c0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+28 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80003083bd8, Address of the instruction which caused the bugcheck
Arg3: fffff88007ba39c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!KiTryUnwaitThread+28
fffff800`03083bd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
CONTEXT: fffff88007ba39c0 -- (.cxr 0xfffff88007ba39c0)
rax=fffff88007ba4408 rbx=4120ec8348571024 rcx=fffff800031f9e80
rdx=fffff88000fe0000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003083bd8 rsp=fffff88007ba4390 rbp=fffff88007ba4540
r8=0000000000000100 r9=0000000000000000 r10=0000000000000002
r11=fffffa8001ad7870 r12=0000000000000000 r13=0000000000000000
r14=fffffa8003d90960 r15=fffff800031f9e80
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiTryUnwaitThread+0x28:
fffff800`03083bd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0 ds:002b:4120ec83`48571064=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: eventcreate.ex
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80003083bd8
STACK_TEXT:
fffff880`07ba4390 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiTryUnwaitThread+0x28
FOLLOWUP_IP:
nt!KiTryUnwaitThread+28
fffff800`03083bd8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTryUnwaitThread+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb
STACK_COMMAND: .cxr 0xfffff88007ba39c0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\030611-33321-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`0241d000 PsLoadedModuleList = 0xfffff800`0265ae50
Debug session time: Sun Mar 6 12:26:07.989 2011 (UTC - 4:00)
System Uptime: 0 days 0:05:58.505
Loading Kernel Symbols
...............................................................
........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {1, 2, 0, fffff800024ad183}
Probably caused by : win32k.sys ( win32k!FreeView+a2 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000001, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800024ad183, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800026c50e0
0000000000000001
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae3
fffff800`024ad183 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: eventcreate.ex
IRP_ADDRESS: ffffffffffffff89
TRAP_FRAME: fffff880045be1d0 -- (.trap 0xfffff880045be1d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880045be408 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800024ad183 rsp=fffff880045be360 rbp=0000000000000000
r8=fffffa8003898400 r9=fffff880045be460 r10=0000000000000002
r11=fffffa800389b4b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`024ad183 488b09 mov rcx,qword ptr [rcx] ds:e3c0:00000000`00000001=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000248cb69 to fffff8000248d600
STACK_TEXT:
fffff880`045be088 fffff800`0248cb69 : 00000000`0000000a 00000000`00000001 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`045be090 fffff800`0248b7e0 : 00000000`00000008 fffffa80`03477cd0 fffffa80`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`045be1d0 fffff800`024ad183 : fffffa80`0389b400 00001f80`00000000 fffffa80`030a2350 00000000`00000000 : nt!KiPageFault+0x260
fffff880`045be360 fffff800`02469fcf : 00000000`00000001 00000000`ffffffff fffffa80`03056200 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`045be430 fffff800`02440b95 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`045be4b0 fffff800`027c958f : 00000000`00000000 00000000`00000000 fffffa80`039fd060 00000000`00000000 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`045be4e0 fffff960`000ebea6 : 00000000`00000000 fffff900`c1a95240 00000000`00000001 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x1b979
fffff880`045be5a0 fffff960`000e9c9b : fffff880`045be6c0 fffff960`000e9c30 00000000`00000001 fffff960`000e9314 : win32k!FreeView+0xa2
fffff880`045be610 fffff800`027354cc : 00000000`00000000 fffffa80`02fa0ef0 00000000`00000000 00000000`00010002 : win32k!UnmapDesktop+0x6b
fffff880`045be640 fffff800`0274acff : 00000000`00000000 fffffa80`039fd060 fffffa80`02fa0ef0 fffffa80`015f49f0 : nt!ExpWin32SessionCallout+0x5c
fffff880`045be6a0 fffff800`0278a604 : fffffa80`02f4dae0 fffff8a0`04e5f180 fffff880`045be8b0 fffff8a0`028bc030 : nt!ExpWin32CloseProcedure+0x53
fffff880`045be6f0 fffff800`027a44a1 : fffffa80`039fd060 fffffa80`00000001 fffff8a0`03628600 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`045be770 fffff800`027a43b4 : 00000000`00000038 fffffa80`039fd060 fffff8a0`03628600 00000000`00000038 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`045be800 fffff960`000ed0cf : 00000000`00000038 00000000`00004000 00000000`00000000 fffff900`c1be76a0 : nt!ObpCloseHandle+0x94
fffff880`045be850 fffff960`000e3f4b : fffff900`c1be76a0 fffff880`045bec20 00000000`ffffffff fffffa80`039fd060 : win32k!DestroyProcessInfo+0x327
fffff880`045be880 fffff960`000e4046 : fffffa80`02f4da00 fffff900`c1be76a0 00020508`00000000 fffffa80`036bc010 : win32k!xxxUserProcessCallout+0x15f
fffff880`045be8d0 fffff800`02773881 : fffffa80`02f4dae0 00000000`00000000 00000000`00000000 fffffa80`01632b60 : win32k!W32pProcessCallout+0x4e
fffff880`045be900 fffff800`0274c4d1 : 00000000`00000000 fffffa80`015f5001 fffffa80`78457300 00000000`00000000 : nt!PspExitThread+0x561
fffff880`045be9c0 fffff800`0246a0e3 : fffffa80`03998010 fffffa80`039981c8 fffff880`045bea10 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`045be9f0 fffff800`0246a520 : 00000000`00344210 fffff880`045bea70 fffff800`0274c5dc 00000000`00000001 : nt!KiDeliverApc+0x2eb
fffff880`045bea70 fffff800`0248c8f7 : 00000000`00000390 00000000`00000000 00000000`00000001 0000007f`ffffffff : nt!KiInitiateUserApc+0x70
fffff880`045bebb0 00000000`774301ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`0231ed78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774301ea
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!FreeView+a2
fffff960`000ebea6 488b06 mov rax,qword ptr [rsi]
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: win32k!FreeView+a2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc5e0
FAILURE_BUCKET_ID: X64_0xA_win32k!FreeView+a2
BUCKET_ID: X64_0xA_win32k!FreeView+a2
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\DMP\051311-35677-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 UP Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`03057000 PsLoadedModuleList = 0xfffff800`03294e50
Debug session time: Fri May 13 13:55:34.969 2011 (UTC - 4:00)
System Uptime: 0 days 0:02:47.201
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88006405ff8, fffff88006405860, fffff800030e6670}
Probably caused by : Ntfs.sys ( Ntfs! ?? ::FNODOBFM::`string'+2cc9 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88006405ff8
Arg3: fffff88006405860
Arg4: fffff800030e6670
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88006405ff8 -- (.exr 0xfffff88006405ff8)
Cannot read Exception record @ fffff88006405ff8
CONTEXT: fffff88006405860 -- (.cxr 0xfffff88006405860)
rax=fffffa800254f520 rbx=00000000052c0000 rcx=0000000000000000
rdx=0000000000000001 rsi=fffff88006406420 rdi=00000000052c1000
rip=fffff800030e6670 rsp=fffff88006406238 rbp=fffffa8001730c10
r8=0000000000000000 r9=fffff88006406350 r10=0000000000000002
r11=0000000000000001 r12=fffff88006406298 r13=0000000000000400
r14=0000000000000001 r15=fffffa80023e4bf0
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!CcFreeVirtualAddress:
fffff800`030e6670 488b5108 mov rdx,qword ptr [rcx+8] ds:002b:00000000`00000008=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000008
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032ff0e0
0000000000000008
FOLLOWUP_IP:
Ntfs! ?? ::FNODOBFM::`string'+2cc9
fffff880`0125e3d8 cc int 3
FAULTING_IP:
nt!CcFreeVirtualAddress+0
fffff800`030e6670 488b5108 mov rdx,qword ptr [rcx+8]
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800030e6670
STACK_TEXT:
fffff880`06405038 fffff880`0125e3d8 : 00000000`00000024 00000000`001904fb fffff880`06405ff8 fffff880`06405860 : nt!KeBugCheckEx
fffff880`06405040 fffff880`01241487 : fffff880`01289d38 fffff880`06406d30 fffff880`06406d30 00000000`645606b4 : Ntfs! ?? ::FNODOBFM::`string'+0x2cc9
fffff880`06405080 fffff800`030f5bdc : 04314090`043119fa 00000000`645606b4 00000000`00000000 80000000`2552643a : Ntfs! ?? ::FNODOBFM::`string'+0xfc8
fffff880`064050b0 fffff800`030ed2ed : fffff880`01289d2c fffff880`06406d30 00000000`00000000 fffff880`0123d000 : nt!_C_specific_handler+0x8c
fffff880`06405120 fffff800`030f4950 : fffff880`01289d2c fffff880`06405198 fffff880`06405ff8 fffff880`0123d000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`06405150 fffff800`031018df : fffff880`06405ff8 fffff880`06405860 fffff880`00000000 00000000`052c1000 : nt!RtlDispatchException+0x410
fffff880`06405830 fffff800`030c6c42 : fffff880`06405ff8 00000000`052c0000 fffff880`064060a0 fffff880`06406420 : nt!KiDispatchException+0x16f
fffff880`06405ec0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
STACK_COMMAND: kb
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs! ?? ::FNODOBFM::`string'+2cc9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
FAILURE_BUCKET_ID: X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2cc9
BUCKET_ID: X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2cc9
Followup: MachineOwner
---------