Code:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a06000 PsLoadedModuleList = 0x82b4e810
Debug session time: Sat Dec 4 07:02:29.930 2010 (GMT-5)
System Uptime: 0 days 13:42:22.506
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
.......
0: kd> !Analyze
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 85bd7a92, 85bd8522, 69520404}
GetPointerFromAddress: unable to read from 82b6e718
Unable to read MiSystemVaType memory at 82b4e160
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+1b1 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 85bd7a92, The pool entry we were looking for within the page.
Arg3: 85bd8522, The next pool entry.
Arg4: 69520404, (reserved)
Debugging Details:
------------------
GetPointerFromAddress: unable to read from 82b6e718
Unable to read MiSystemVaType memory at 82b4e160
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from 82b6e718
Unable to read MiSystemVaType memory at 82b4e160
85bd7a92
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82aac9c4 to 82b251b6
STACK_TEXT:
8db0babc 82aac9c4 85bd7a9a 00000000 85be6400 nt!ExFreePoolWithTag+0x1b1
8db0bae0 8ba36a69 85be6424 82a4051c 85be6400 nt!ExDeleteResourceLite+0xfb
8db0baf4 8ba28c0c 85be6400 8db0bb18 8bacdc4b Ntfs!NtfsFreeNonpagedDataFcb+0x16
8db0bb00 8bacdc4b 8ba5c300 85be6400 855b9350 Ntfs!ExFreeToNPagedLookasideList+0x1e
8db0bb18 8bacabc8 85be6400 00000000 8696b240 Ntfs!NtfsDeleteNonpagedFcb+0x3c
8db0bb40 8ba36174 855b9350 8db0bb70 8db0bb7a Ntfs!NtfsDeleteFcb+0xd5
8db0bb94 8bab215d 855b9350 8696b0d8 aef0b008 Ntfs!NtfsTeardownFromLcb+0x24f
8db0bbe4 8ba2ebec 855b9350 aef0b0f8 01f0b2a0 Ntfs!NtfsTeardownStructures+0xf3
8db0bc0c 8baae55b 855b9350 aef0b0f8 aef0b2a0 Ntfs!NtfsDecrementCloseCounts+0xaf
8db0bc6c 8bacd4c3 855b9350 aef0b0f8 aef0b008 Ntfs!NtfsCommonClose+0x4f2
8db0bd00 82a73f3b 00000000 00000000 851c1a70 Ntfs!NtfsFspClose+0x118
8db0bd50 82c146d3 00000000 a18cc16f 00000000 nt!ExpWorkerThread+0x10d
8db0bd90 82ac60f9 82a73e2e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+1b1
82b251b6 cc int 3
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExFreePoolWithTag+1b1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c3fac
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+1b1
Followup: MachineOwner
---------
0: kd> lmtsmn
start end module name
92068000 92094000 1394ohci 1394ohci.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
8b6ba000 8b702000 ACPI ACPI.sys Mon Jul 13 19:11:11 2009 (4A5BBF0F)
8b978000 8b9d2000 afd afd.sys Mon Jul 13 19:12:34 2009 (4A5BBF62)
9212a000 9213c000 AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
8b92a000 8b933000 amdxata amdxata.sys Tue May 19 13:57:35 2009 (4A12F30F)
920e0000 920e1420 ASACPI ASACPI.sys Thu Aug 12 22:52:52 2004 (411C2D04)
a08fd000 a0906000 asyncmac asyncmac.sys Mon Jul 13 19:54:46 2009 (4A5BC946)
8b8f4000 8b8fd000 atapi atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
8b8fd000 8b920000 ataport ataport.SYS Mon Jul 13 19:11:18 2009 (4A5BBF16)
9154a000 91551000 Beep Beep.SYS Mon Jul 13 19:45:00 2009 (4A5BC6FC)
916a0000 916ae000 blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
8b4a0000 8b4a8000 BOOTVID BOOTVID.dll Mon Jul 13 21:04:34 2009 (4A5BD9A2)
9b4b6000 9b4cf000 bowser bowser.sys Mon Jul 13 19:14:21 2009 (4A5BBFCD)
98800000 9881e000 cdd cdd.dll unavailable (00000000)
8b4ea000 8b595000 CI CI.dll Mon Jul 13 21:09:28 2009 (4A5BDAC8)
8bd8e000 8bdb3000 CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
8b4a8000 8b4ea000 CLFS CLFS.SYS Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8bb89000 8bbe6000 cng cng.sys Mon Jul 13 19:32:55 2009 (4A5BC427)
92111000 9211e000 CompositeBus CompositeBus.sys Mon Jul 13 19:45:26 2009 (4A5BC716)
93767000 93774000 crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
91624000 91688000 csc csc.sys Mon Jul 13 19:15:08 2009 (4A5BBFFC)
91688000 916a0000 dfsc dfsc.sys Mon Jul 13 19:14:16 2009 (4A5BBFC8)
8b9d2000 8b9de000 discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
8be08000 8be19000 disk disk.sys Mon Jul 13 19:11:28 2009 (4A5BBF20)
9371a000 93733000 drmk drmk.sys Mon Jul 13 20:36:05 2009 (4A5BD2F5)
93774000 93785000 dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
9140e000 914e8000 dump_iaStor dump_iaStor.sys Thu Jun 04 21:42:33 2009 (4A287809)
9375d000 93767000 Dxapi Dxapi.sys Mon Jul 13 19:25:25 2009 (4A5BC265)
916e1000 91798000 dxgkrnl dxgkrnl.sys Thu Oct 01 20:48:33 2009 (4AC54DE1)
92c00000 92c39000 dxgmms1 dxgmms1.sys Mon Jul 13 19:25:25 2009 (4A5BC265)
93733000 9375d000 fastfat fastfat.SYS Mon Jul 13 19:14:01 2009 (4A5BBFB9)
920d5000 920e0000 fdc fdc.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
8b967000 8b978000 fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
93680000 9368a000 flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
8b933000 8b967000 fltmgr fltmgr.sys Mon Jul 13 19:11:13 2009 (4A5BBF11)
8bbf4000 8bbfd000 Fs_Rec Fs_Rec.sys Mon Jul 13 19:11:14 2009 (4A5BBF12)
8bd5c000 8bd8e000 fvevol fvevol.sys Fri Sep 25 22:24:21 2009 (4ABD7B55)
8bf6f000 8bfa0000 fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)
82e16000 82e4d000 hal halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)
91600000 9161f000 HDAudBus HDAudBus.sys Mon Jul 13 19:50:55 2009 (4A5BC85F)
9369b000 936eb000 HdAudio HdAudio.sys Mon Jul 13 19:51:46 2009 (4A5BC892)
81f47000 81f5a000 HIDCLASS HIDCLASS.SYS Mon Jul 13 19:51:01 2009 (4A5BC865)
81f5a000 81f60480 HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
81f3c000 81f47000 hidusb hidusb.sys Mon Jul 13 19:51:04 2009 (4A5BC868)
9b431000 9b4b6000 HTTP HTTP.sys Mon Jul 13 19:12:53 2009 (4A5BBF75)
8be00000 8be08000 hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)
8b81a000 8b8f4000 iaStor iaStor.sys Thu Jun 04 21:42:33 2009 (4A287809)
916cf000 916e1000 intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
92104000 92111000 kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
81fe5000 81ff1000 kbdhid kbdhid.sys Mon Jul 13 19:45:09 2009 (4A5BC705)
80b9b000 80ba3000 kdcom kdcom.dll Mon Jul 13 21:08:58 2009 (4A5BDAAA)
8b600000 8b634000 ks ks.sys Wed Mar 03 22:57:52 2010 (4B8F2FC0)
8bb76000 8bb89000 ksecdd ksecdd.sys Mon Jul 13 19:11:56 2009 (4A5BBF3C)
8bd0a000 8bd2f000 ksecpkg ksecpkg.sys Thu Dec 10 23:04:22 2009 (4B21C4C6)
81f6c000 81f7c000 lltdio lltdio.sys Mon Jul 13 19:53:18 2009 (4A5BC8EE)
81eee000 81f09000 luafv luafv.sys Mon Jul 13 19:15:44 2009 (4A5BC020)
8b417000 8b48f000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)
93785000 93790000 monitor monitor.sys Mon Jul 13 19:25:58 2009 (4A5BC286)
921d1000 921de000 mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
81f61000 81f6c000 mouhid mouhid.sys Mon Jul 13 19:45:08 2009 (4A5BC704)
8b7c9000 8b7df000 mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)
91520000 91543000 MpFilter MpFilter.sys Sat Mar 20 00:03:26 2010 (4BA4490E)
a088a000 a0892e00 MpNWMon MpNWMon.sys Sat Mar 20 00:03:24 2010 (4BA4490C)
9b4cf000 9b4e1000 mpsdrv mpsdrv.sys Mon Jul 13 19:52:52 2009 (4A5BC8D4)
9b4e1000 9b504000 mrxsmb mrxsmb.sys Sat Feb 27 02:32:02 2010 (4B88CA72)
9b504000 9b53f000 mrxsmb10 mrxsmb10.sys Sat Feb 27 02:32:21 2010 (4B88CA85)
9b53f000 9b55a000 mrxsmb20 mrxsmb20.sys Sat Feb 27 02:32:11 2010 (4B88CA7B)
8b920000 8b92a000 msahci msahci.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
915a3000 915ae000 Msfs Msfs.SYS Mon Jul 13 19:11:26 2009 (4A5BBF1E)
8b70b000 8b713000 msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8bb4b000 8bb76000 msrpc msrpc.sys Mon Jul 13 19:11:59 2009 (4A5BBF3F)
8ba10000 8ba1a000 mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
8bff0000 8c000000 mup mup.sys Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8bc15000 8bccc000 ndis ndis.sys Mon Jul 13 19:12:24 2009 (4A5BBF58)
92154000 9215f000 ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
81fc2000 81fd2000 ndisuio ndisuio.sys Mon Jul 13 19:53:51 2009 (4A5BC90F)
9215f000 92181000 ndiswan ndiswan.sys Mon Jul 13 19:54:34 2009 (4A5BC93A)
9368a000 9369b000 NDProxy NDProxy.SYS Mon Jul 13 19:54:27 2009 (4A5BC933)
91400000 9140e000 netbios netbios.sys Mon Jul 13 19:53:54 2009 (4A5BC912)
8bdb3000 8bde5000 netbt netbt.sys Mon Jul 13 19:12:18 2009 (4A5BBF52)
8bccc000 8bd0a000 NETIO NETIO.SYS Mon Jul 13 19:12:35 2009 (4A5BBF63)
81e24000 81ee4000 netr28u netr28u.sys Wed Aug 05 09:59:27 2009 (4A79903F)
915ae000 915bc000 Npfs Npfs.SYS Mon Jul 13 19:11:31 2009 (4A5BBF23)
915f6000 91600000 nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
82a06000 82e16000 nt ntkrpamp.exe Fri Jun 18 23:55:24 2010 (4C1C3FAC)
8ba1c000 8bb4b000 Ntfs Ntfs.sys Mon Jul 13 19:12:05 2009 (4A5BBF45)
91543000 9154a000 Null Null.SYS Mon Jul 13 19:11:12 2009 (4A5BBF10)
935db000 935dc040 nvBridge nvBridge.kmd Sat Oct 16 13:04:23 2010 (4CB9DB17)
92c3e000 935da5a0 nvlddmkm nvlddmkm.sys Sat Oct 16 13:07:56 2010 (4CB9DBEC)
81f7c000 81fc2000 nwifi nwifi.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
91501000 91520000 pacer pacer.sys Mon Jul 13 19:53:58 2009 (4A5BC916)
8b748000 8b759000 partmgr partmgr.sys Mon Jul 13 19:11:35 2009 (4A5BBF27)
8b713000 8b73d000 pci pci.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
8b7b4000 8b7bb000 pciide pciide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
8b7bb000 8b7c9000 PCIIDEX PCIIDEX.SYS Mon Jul 13 19:11:15 2009 (4A5BBF13)
8bbe6000 8bbf4000 pcw pcw.sys Mon Jul 13 19:11:10 2009 (4A5BBF0E)
9b55a000 9b5f1000 peauth peauth.sys Mon Jul 13 20:35:44 2009 (4A5BD2E0)
936eb000 9371a000 portcls portcls.sys Mon Jul 13 19:51:00 2009 (4A5BC864)
8b48f000 8b4a0000 PSHED PSHED.dll Mon Jul 13 21:09:36 2009 (4A5BDAD0)
9211e000 92129e00 RAMDiskVE RAMDiskVE.sys Thu Nov 11 08:10:05 2010 (4CDBEB2D)
9213c000 92154000 rasl2tp rasl2tp.sys Mon Jul 13 19:54:33 2009 (4A5BC939)
92181000 92199000 raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
92199000 921b0000 raspptp raspptp.sys Mon Jul 13 19:54:47 2009 (4A5BC947)
921b0000 921c7000 rassstp rassstp.sys Mon Jul 13 19:54:57 2009 (4A5BC951)
8b595000 8b5d6000 rdbss rdbss.sys Mon Jul 13 19:14:26 2009 (4A5BBFD2)
921c7000 921d1000 rdpbus rdpbus.sys Mon Jul 13 20:02:40 2009 (4A5BCB20)
9158b000 91593000 RDPCDD RDPCDD.sys Mon Jul 13 20:01:40 2009 (4A5BCAE4)
91593000 9159b000 rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
9159b000 915a3000 rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8bd2f000 8bd5c000 rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)
81fd2000 81fe5000 rspndr rspndr.sys Mon Jul 13 19:53:20 2009 (4A5BC8F0)
92094000 920d5000 Rt86win7 Rt86win7.sys Tue Jan 12 01:37:10 2010 (4B4C1896)
9b5f1000 9b5fb000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
920e2000 920ec000 serenum serenum.sys Mon Jul 13 19:45:27 2009 (4A5BC717)
8bde5000 8bdff000 serial serial.sys Mon Jul 13 19:45:33 2009 (4A5BC71D)
8bfe8000 8bff0000 spldr spldr.sys Mon May 11 12:13:47 2009 (4A084EBB)
a0839000 a088a000 srv srv.sys Thu Aug 26 23:31:26 2010 (4C77318E)
93790000 937df000 srv2 srv2.sys Thu Aug 26 23:30:45 2010 (4C773165)
9b400000 9b421000 srvnet srvnet.sys Thu Aug 26 23:30:39 2010 (4C77315F)
921de000 921df380 swenum swenum.sys Mon Jul 13 19:45:08 2009 (4A5BC704)
8be26000 8bf6f000 tcpip tcpip.sys Sun Jun 13 23:36:59 2010 (4C15A3DB)
9b421000 9b42e000 tcpipreg tcpipreg.sys Mon Jul 13 19:54:14 2009 (4A5BC926)
915d3000 915de000 TDI TDI.SYS Mon Jul 13 19:12:12 2009 (4A5BBF4C)
915bc000 915d3000 tdx tdx.sys Mon Jul 13 19:12:10 2009 (4A5BBF4A)
8ba00000 8ba10000 termdd termdd.sys Mon Jul 13 20:01:35 2009 (4A5BCADF)
98bc0000 98bc9000 TSDDD TSDDD.dll unavailable (00000000)
916ae000 916cf000 tunnel tunnel.sys Mon Jul 13 19:54:03 2009 (4A5BC91B)
921e0000 921ee000 umbus umbus.sys Mon Jul 13 19:51:38 2009 (4A5BC88A)
81f23000 81f3a000 usbccgp usbccgp.sys Mon Jul 13 19:51:31 2009 (4A5BC883)
81f3a000 81f3b700 USBD USBD.SYS Mon Jul 13 19:51:05 2009 (4A5BC869)
935e8000 935f7000 usbehci usbehci.sys Mon Jul 13 19:51:14 2009 (4A5BC872)
9363c000 93680000 usbhub usbhub.sys Mon Jul 13 19:52:06 2009 (4A5BC8A6)
91798000 917e3000 USBPORT USBPORT.SYS Mon Jul 13 19:51:13 2009 (4A5BC871)
81ff1000 81ffc000 usbprint usbprint.sys Mon Jul 13 20:17:06 2009 (4A5BCE82)
935dd000 935e8000 usbuhci usbuhci.sys Mon Jul 13 19:51:10 2009 (4A5BC86E)
8b73d000 8b748000 vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
91551000 9155d000 vga vga.sys Mon Jul 13 19:25:50 2009 (4A5BC27E)
9155d000 9157e000 VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8bfa0000 8bfa8380 vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)
8b759000 8b769000 volmgr volmgr.sys Mon Jul 13 19:11:25 2009 (4A5BBF1D)
8b769000 8b7b4000 volmgrx volmgrx.sys Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8bfa9000 8bfe8000 volsnap volsnap.sys Mon Jul 13 19:11:34 2009 (4A5BBF26)
81ee4000 81eee000 vwifibus vwifibus.sys Mon Jul 13 19:52:02 2009 (4A5BC8A2)
915e5000 915f6000 vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)
8bc00000 8bc13000 wanarp wanarp.sys Mon Jul 13 19:55:02 2009 (4A5BC956)
9157e000 9158b000 watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8b63b000 8b6ac000 Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
8b6ac000 8b6ba000 WDFLDR WDFLDR.SYS Mon Jul 13 19:11:25 2009 (4A5BBF1D)
915de000 915e5000 wfplwf wfplwf.sys Mon Jul 13 19:53:51 2009 (4A5BC90F)
98960000 98bab000 win32k win32k.sys unavailable (00000000)
8b702000 8b70b000 WMILIB WMILIB.SYS Mon Jul 13 19:11:22 2009 (4A5BBF1A)
81f09000 81f23000 WudfPf WudfPf.sys Mon Jul 13 19:50:13 2009 (4A5BC835)
92017000 92068000 yk62x86 yk62x86.sys Mon Sep 28 02:33:34 2009 (4AC058BE)
Unloaded modules:
a0893000 a08fd000 spsys.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
9b55a000 9b572000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
8be19000 8be26000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
91416000 914f0000 dump_iaStor.
Timestamp: unavailable (00000000)
Checksum: 00000000
914f0000 91501000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
920ec000 92104000 i8042prt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
91501000 91520000 cdrom.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
Debug session time: Fri Dec 3 09:56:00.233 2010 (GMT-5)
System Uptime: 0 days 0:00:13.638
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {aceb00bb, 2, 0, 8ba5e8c1}
Unable to load image \SystemRoot\system32\DRIVERS\iaStor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
Probably caused by : iaStor.sys ( iaStor+5e8c1 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: aceb00bb, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8ba5e8c1, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 82bbe718
Unable to read MiSystemVaType memory at 82b9e160
aceb00bb
CURRENT_IRQL: 2
FAULTING_IP:
iaStor+5e8c1
8ba5e8c1 8a5006 mov dl,byte ptr [eax+6]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 82b7c9b0 -- (.trap 0xffffffff82b7c9b0)
ErrCode = 00000000
eax=aceb00b5 ebx=860fac30 ecx=8610109c edx=00000000 esi=8610109c edi=aceb00b5
eip=8ba5e8c1 esp=82b7ca24 ebp=82b7ca24 iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
iaStor+0x5e8c1:
8ba5e8c1 8a5006 mov dl,byte ptr [eax+6] ds:0023:aceb00bb=??
Resetting default scope
LAST_CONTROL_TRANSFER: from 8ba5e8c1 to 82a9c82b
STACK_TEXT:
82b7c9b0 8ba5e8c1 badb0d00 00000000 82ac2ba9 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
82b7ca24 8ba5ee8e aceb00b5 860fcfa0 860fac30 iaStor+0x5e8c1
82b7ca44 8ba08020 aceb00b5 82a93f48 aceb00b5 iaStor+0x5ee8e
82b7caf4 8ba09595 860fac30 aceb00b5 82a93f48 iaStor+0x8020
82b7cbc8 8ba098fc 860fac30 0000001e 82b81600 iaStor+0x9595
82b7cc64 8ba269d9 860fac30 00000000 82b89304 iaStor+0x98fc
82b7cc78 82abe3b5 8609c480 8609a020 00000000 iaStor+0x269d9
82b7ccd4 82abe218 82b7fd20 82b89280 00000000 nt!KiExecuteAllDpcs+0xf9
82b7cd20 82abe038 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
82b7cd24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
iaStor+5e8c1
8ba5e8c1 8a5006 mov dl,byte ptr [eax+6]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: iaStor+5e8c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: iaStor
IMAGE_NAME: iaStor.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b8f1b5b
FAILURE_BUCKET_ID: 0xD1_iaStor+5e8c1
BUCKET_ID: 0xD1_iaStor+5e8c1
Followup: MachineOwner
---------
Debug session time: Fri Dec 3 05:39:01.760 2010 (GMT-5)
System Uptime: 0 days 15:20:27.337
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.........
1: kd> !Analyze
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, b50d65fc, b50d61e0, 8bc23b74}
Probably caused by : Ntfs.sys ( Ntfs!NtfsReleasePagingResource+d )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 001904fb
Arg2: b50d65fc
Arg3: b50d61e0
Arg4: 8bc23b74
Debugging Details:
------------------
EXCEPTION_RECORD: b50d65fc -- (.exr 0xffffffffb50d65fc)
ExceptionAddress: 8bc23b74 (Ntfs!NtfsReleasePagingResource+0x0000000d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000008
Attempt to read from address 00000008
CONTEXT: b50d61e0 -- (.cxr 0xffffffffb50d61e0)
eax=00000008 ebx=00000000 ecx=00000702 edx=00000000 esi=88fda920 edi=88fda9d4
eip=8bc23b74 esp=b50d66c4 ebp=b50d66c4 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
Ntfs!NtfsReleasePagingResource+0xd:
8bc23b74 663b08 cmp cx,word ptr [eax] ds:0023:00000008=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000008
READ_ADDRESS: GetPointerFromAddress: unable to read from 82b86718
Unable to read MiSystemVaType memory at 82b66160
00000008
FOLLOWUP_IP:
Ntfs!NtfsReleasePagingResource+d
8bc23b74 663b08 cmp cx,word ptr [eax]
FAULTING_IP:
Ntfs!NtfsReleasePagingResource+d
8bc23b74 663b08 cmp cx,word ptr [eax]
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 8bc23e73 to 8bc23b74
STACK_TEXT:
b50d66c4 8bc23e73 00000000 00000008 88fda9c8 Ntfs!NtfsReleasePagingResource+0xd
b50d66e0 8bc249ed 88fda920 00000001 b50d67bc Ntfs!NtfsCleanupIrpContext+0x36
b50d6700 8bcaa5af 88fda920 00000000 00000000 Ntfs!NtfsExtendedCompleteRequestInternal+0x79
b50d6758 8bcc94c3 88fda920 b78020f8 b7802008 Ntfs!NtfsCommonClose+0x546
b50d67ec 8bc8951f 87cbc0d8 3ec802f5 85d3f4d0 Ntfs!NtfsFspClose+0x118
b50d687c 8bc97fab 89628ee0 87cbc0d8 00000001 Ntfs!NtfsFlushVolume+0x74
b50d6900 8bc9876b 89628ee0 85d3f4d0 3ec803e1 Ntfs!NtfsCommonFlushBuffers+0x1a9
b50d6968 82a5a4bc 87cbc020 85d3f4d0 85d3f4d0 Ntfs!NtfsFsdFlushBuffers+0xf7
b50d6980 8b9c520c 87cb7408 85d3f4d0 00000000 nt!IofCallDriver+0x63
b50d69a4 8b9c53cb b50d69c4 87cb7408 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
b50d69dc 82a5a4bc 87cb7408 85d3f4d0 85d3f4d0 fltmgr!FltpDispatch+0xc5
b50d69f4 82c5bf6e 85d3f4d0 8837c728 00000000 nt!IofCallDriver+0x63
b50d6a14 82c3ceba 87cb7408 8837c728 00000000 nt!IopSynchronousServiceTail+0x1f8
b50d6a80 82a6144a 85599a98 b50d6b40 b50d6d50 nt!NtFlushBuffersFile+0x1d7
b50d6a80 82a5f361 85599a98 b50d6b40 b50d6d50 nt!KiFastCallEntry+0x12a
b50d6b00 82d3d712 800008fc b50d6b40 00000000 nt!ZwFlushBuffersFile+0x11
b50d6d50 82c2c6d3 a4b35ac0 9afbbda2 00000000 nt!PopFlushVolumeWorker+0x13c
b50d6d90 82ade0f9 82d3d5d6 a4b35ac0 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsReleasePagingResource+d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf45
STACK_COMMAND: .cxr 0xffffffffb50d61e0 ; kb
FAILURE_BUCKET_ID: 0x24_Ntfs!NtfsReleasePagingResource+d
BUCKET_ID: 0x24_Ntfs!NtfsReleasePagingResource+d
Followup: MachineOwner
---------
Debug session time: Thu Dec 2 14:17:55.840 2010 (GMT-5)
System Uptime: 0 days 3:26:10.401
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {a88c2a00, 2, 0, 82aeef5d}
Probably caused by : ntkrpamp.exe ( nt!KiDeliverApc+b5 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: a88c2a00, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 82aeef5d, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 82baf718
Unable to read MiSystemVaType memory at 82b8f160
a88c2a00
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiDeliverApc+b5
82aeef5d 8b4e14 mov ecx,dword ptr [esi+14h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: chrome.exe
TRAP_FRAME: 9b057ac4 -- (.trap 0xffffffff9b057ac4)
ErrCode = 00000000
eax=a88c29f8 ebx=82a15b48 ecx=854e29f8 edx=00000000 esi=a88c29ec edi=854e29b8
eip=82aeef5d esp=9b057b38 ebp=9b057b6c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!KiDeliverApc+0xb5:
82aeef5d 8b4e14 mov ecx,dword ptr [esi+14h] ds:0023:a88c2a00=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 82aeef5d to 82a8d82b
STACK_TEXT:
9b057ac4 82aeef5d badb0d00 00000000 00000301 nt!KiTrap0E+0x2cf
9b057b6c 82ab5b0d 00000000 00000000 00000000 nt!KiDeliverApc+0xb5
9b057bb0 82ab4423 854e2a78 854e29b8 855f0118 nt!KiSwapThread+0x24e
9b057bd8 82ab567d 854e29b8 854e2a78 00000000 nt!KiCommitThreadWait+0x1df
9b057c38 82c7879d 855f0118 82af8f01 00000001 nt!KeRemoveQueueEx+0x4f8
9b057c90 82ab8d06 855f0118 9b057cc8 9b057cf0 nt!IoRemoveIoCompletion+0x23
9b057d24 82a8a44a 00000184 01a7fdbc 01a7fe68 nt!NtWaitForWorkViaWorkerFactory+0x1a1
9b057d24 770d64f4 00000184 01a7fdbc 01a7fe68 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
01a7fe68 00000000 00000000 00000000 00000000 0x770d64f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDeliverApc+b5
82aeef5d 8b4e14 mov ecx,dword ptr [esi+14h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiDeliverApc+b5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c3fac
FAILURE_BUCKET_ID: 0xA_nt!KiDeliverApc+b5
BUCKET_ID: 0xA_nt!KiDeliverApc+b5
Followup: MachineOwner
---------