R
ravenrani
Guest
I am having weird crashes from time to time ...
Does anybody knows what may cause those or how to fix them ?
following is a sample of analysis in WINDBG ...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900050ec668, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960001aaab1, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
OVERLAPPED_MODULE: Address regions for 'WUDFRd' and 'hiber_atapor' overlap
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cf70e0
fffff900050ec668
FAULTING_IP:
win32k+caab1
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h]
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: SearchProtocol
CURRENT_IRQL: 0
TRAP_FRAME: fffff88009271a20 -- (.trap 0xfffff88009271a20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c2095010 rbx=0000000000000000 rcx=000000000001079a
rdx=fffffa8005545090 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960001aaab1 rsp=fffff88009271bb0 rbp=fffff88009271ca0
r8=fffff900050ec510 r9=0000000000000000 r10=fffffffffffffffe
r11=fffff900c2095010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
win32k+0xcaab1:
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h] ds:22d0:fffff900`050ec668=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b3ebc2 to fffff80002ac0f00
STACK_TEXT:
fffff880`092718b8 fffff800`02b3ebc2 : 00000000`00000050 fffff900`050ec668 00000000`00000000 fffff880`09271a20 : nt!KeBugCheckEx
fffff880`092718c0 fffff800`02abefee : 00000000`00000000 fffff900`c040b670 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40f90
fffff880`09271a20 fffff960`001aaab1 : 00000000`00000000 fffffa80`043c9510 fffff880`09271ca0 00000000`03d812f0 : nt!KiPageFault+0x16e
fffff880`09271bb0 00000000`00000000 : fffffa80`043c9510 fffff880`09271ca0 00000000`03d812f0 00000000`0001079a : win32k+0xcaab1
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k+caab1
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k+caab1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_0x50_win32k+caab1
BUCKET_ID: X64_0x50_win32k+caab1
Followup: MachineOwner
---------
Then, I get more,
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000285d950, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002aab0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiOutSwapKernelStacks+a8
fffff800`0285d950 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff8800331db00 -- (.trap 0xfffff8800331db00)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8005b26480 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000285d950 rsp=fffff8800331dc90 rbp=0000000000000001
r8=0000000000000000 r9=fffff88002fd7600 r10=fffff8800331dcb8
r11=fffffa8006108758 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!KiOutSwapKernelStacks+0xa8:
fffff800`0285d950 488908 mov qword ptr [rax],rcx ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002874469 to fffff80002874f00
STACK_TEXT:
fffff880`0331d9b8 fffff800`02874469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0331d9c0 fffff800`028730e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0331db00 fffff800`0285d950 : 00000000`00000000 00000000`00000000 fffffa80`04c84910 fffff800`0280ff03 : nt!KiPageFault+0x260
fffff880`0331dc90 fffff800`02869630 : 00000000`00000000 00000000`00000080 fffffa80`03666890 fffffa80`03666800 : nt!KiOutSwapKernelStacks+0xa8
fffff880`0331dd00 fffff800`02b18166 : 144e3918`66894404 cf8b48d6`8b481975 bb0ceb00`000217e8 0dbb05eb`c0000225 : nt!KeSwapProcessOrStack+0x48
fffff880`0331dd40 fffff800`02853486 : fffff880`02f63180 fffffa80`036f0040 fffff880`02f6dfc0 da8b48e0`e783e88b : nt!PspSystemThreadStartup+0x5a
fffff880`0331dd80 00000000`00000000 : fffff880`0331e000 fffff880`03318000 fffff880`0331da50 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiOutSwapKernelStacks+a8
fffff800`0285d950 488908 mov qword ptr [rax],rcx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiOutSwapKernelStacks+a8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
FAILURE_BUCKET_ID: X64_0xA_nt!KiOutSwapKernelStacks+a8
BUCKET_ID: X64_0xA_nt!KiOutSwapKernelStacks+a8
Followup: MachineOwner
---------
so I am not even sure how indicative are those analysis anymore ?
Can anyone help me to understand what is going on in my computer ?!
Does anybody knows what may cause those or how to fix them ?
following is a sample of analysis in WINDBG ...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900050ec668, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960001aaab1, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
OVERLAPPED_MODULE: Address regions for 'WUDFRd' and 'hiber_atapor' overlap
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cf70e0
fffff900050ec668
FAULTING_IP:
win32k+caab1
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h]
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: SearchProtocol
CURRENT_IRQL: 0
TRAP_FRAME: fffff88009271a20 -- (.trap 0xfffff88009271a20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c2095010 rbx=0000000000000000 rcx=000000000001079a
rdx=fffffa8005545090 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960001aaab1 rsp=fffff88009271bb0 rbp=fffff88009271ca0
r8=fffff900050ec510 r9=0000000000000000 r10=fffffffffffffffe
r11=fffff900c2095010 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
win32k+0xcaab1:
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h] ds:22d0:fffff900`050ec668=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b3ebc2 to fffff80002ac0f00
STACK_TEXT:
fffff880`092718b8 fffff800`02b3ebc2 : 00000000`00000050 fffff900`050ec668 00000000`00000000 fffff880`09271a20 : nt!KeBugCheckEx
fffff880`092718c0 fffff800`02abefee : 00000000`00000000 fffff900`c040b670 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40f90
fffff880`09271a20 fffff960`001aaab1 : 00000000`00000000 fffffa80`043c9510 fffff880`09271ca0 00000000`03d812f0 : nt!KiPageFault+0x16e
fffff880`09271bb0 00000000`00000000 : fffffa80`043c9510 fffff880`09271ca0 00000000`03d812f0 00000000`0001079a : win32k+0xcaab1
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k+caab1
fffff960`001aaab1 498b9058010000 mov rdx,qword ptr [r8+158h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k+caab1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_0x50_win32k+caab1
BUCKET_ID: X64_0x50_win32k+caab1
Followup: MachineOwner
---------
Then, I get more,
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000285d950, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002aab0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiOutSwapKernelStacks+a8
fffff800`0285d950 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff8800331db00 -- (.trap 0xfffff8800331db00)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8005b26480 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000285d950 rsp=fffff8800331dc90 rbp=0000000000000001
r8=0000000000000000 r9=fffff88002fd7600 r10=fffff8800331dcb8
r11=fffffa8006108758 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!KiOutSwapKernelStacks+0xa8:
fffff800`0285d950 488908 mov qword ptr [rax],rcx ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002874469 to fffff80002874f00
STACK_TEXT:
fffff880`0331d9b8 fffff800`02874469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0331d9c0 fffff800`028730e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0331db00 fffff800`0285d950 : 00000000`00000000 00000000`00000000 fffffa80`04c84910 fffff800`0280ff03 : nt!KiPageFault+0x260
fffff880`0331dc90 fffff800`02869630 : 00000000`00000000 00000000`00000080 fffffa80`03666890 fffffa80`03666800 : nt!KiOutSwapKernelStacks+0xa8
fffff880`0331dd00 fffff800`02b18166 : 144e3918`66894404 cf8b48d6`8b481975 bb0ceb00`000217e8 0dbb05eb`c0000225 : nt!KeSwapProcessOrStack+0x48
fffff880`0331dd40 fffff800`02853486 : fffff880`02f63180 fffffa80`036f0040 fffff880`02f6dfc0 da8b48e0`e783e88b : nt!PspSystemThreadStartup+0x5a
fffff880`0331dd80 00000000`00000000 : fffff880`0331e000 fffff880`03318000 fffff880`0331da50 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiOutSwapKernelStacks+a8
fffff800`0285d950 488908 mov qword ptr [rax],rcx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiOutSwapKernelStacks+a8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
FAILURE_BUCKET_ID: X64_0xA_nt!KiOutSwapKernelStacks+a8
BUCKET_ID: X64_0xA_nt!KiOutSwapKernelStacks+a8
Followup: MachineOwner
---------
so I am not even sure how indicative are those analysis anymore ?
Can anyone help me to understand what is going on in my computer ?!
Last edited by a moderator: