Code:
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\012712-29920-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e16000 PsLoadedModuleList = 0xfffff800`03053e70
Debug session time: Fri Jan 27 16:53:22.362 2012 (GMT-7)
System Uptime: 0 days 0:06:27.141
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002eaba4f, 0, ffffffffffffffff}
Probably caused by : memory_corruption ( nt!MiReplenishPageSlist+100 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002eaba4f, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiReplenishPageSlist+100
fffff800`02eaba4f f00fba6b1000 lock bts dword ptr [rbx+10h],0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030be0e0
ffffffffffffffff
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: MsMpEng.exe
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff880047a1708 -- (.exr 0xfffff880047a1708)
ExceptionAddress: fffff80002eaba4f (nt!MiReplenishPageSlist+0x0000000000000100)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff880047a17b0 -- (.trap 0xfffff880047a17b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000100000149b4a rbx=0000000000000000 rcx=fdffffffffffffff
rdx=0000000000000047 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002eaba4f rsp=fffff880047a1940 rbp=fffffa8006c00b90
r8=fffff800030c0400 r9=fffffa8006c00000 r10=fffffa8006c00bb0
r11=fffff880047a1998 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiReplenishPageSlist+0x100:
fffff800`02eaba4f f00fba6b1000 lock bts dword ptr [rbx+10h],0 ds:00000000`00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ec0919 to fffff80002e865c0
STACK_TEXT:
fffff880`047a0f38 fffff800`02ec0919 : 00000000`0000001e ffffffff`c0000005 fffff800`02eaba4f 00000000`00000000 : nt!KeBugCheckEx
fffff880`047a0f40 fffff800`02e85c02 : fffff880`047a1708 0002fa80`03dd1de0 fffff880`047a17b0 00000000`00000004 : nt!KiDispatchException+0x1b9
fffff880`047a15d0 fffff800`02e8450a : 00000000`00000000 fffff800`02e34ab3 fffff700`01080000 fffffa80`0c924af0 : nt!KiExceptionDispatch+0xc2
fffff880`047a17b0 fffff800`02eaba4f : ffffffff`ffffffff fffffa80`096f4b30 00000000`00000000 00000000`0000004c : nt!KiGeneralProtectionFault+0x10a
fffff880`047a1940 fffff800`02eabf7f : fffff800`030c0400 00000000`0000004a fffffa80`03de0de0 fffffa80`03dddde0 : nt!MiReplenishPageSlist+0x100
fffff880`047a19a0 fffff800`02ea18ea : fffff680`0004f298 00000000`00000002 00000000`00000000 ffffffff`ffffffff : nt!MiRemoveAnyPage+0x24f
fffff880`047a1ac0 fffff800`02e846ae : 00000000`00000001 00000000`07ee64b0 00000000`00000001 fffffa80`071fa560 : nt!MmAccessFault+0x169a
fffff880`047a1c20 000007fe`fa6ed8e2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`023de088 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fa6ed8e2
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiReplenishPageSlist+100
fffff800`02eaba4f f00fba6b1000 lock bts dword ptr [rbx+10h],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiReplenishPageSlist+100
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_nt!MiReplenishPageSlist+100
BUCKET_ID: X64_0x1E_nt!MiReplenishPageSlist+100
Followup: MachineOwner
---------
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\012712-24570-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e0d000 PsLoadedModuleList = 0xfffff800`0304ae70
Debug session time: Fri Jan 27 16:34:07.492 2012 (GMT-7)
System Uptime: 0 days 0:04:58.271
Loading Kernel Symbols
...............................................................
................................................................
.......................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff7ffe2e87524, 8, fffff7ffe2e87524, 2}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+40d80 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff7ffe2e87524, memory referenced.
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation.
Arg3: fffff7ffe2e87524, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b50e0
fffff7ffe2e87524
FAULTING_IP:
+0
fffff7ff`e2e87524 ?? ???
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: CCC.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800b5a0430 -- (.trap 0xfffff8800b5a0430)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8007899780 rsi=0000000000000000 rdi=0000000000000000
rip=fffff7ffe2e87524 rsp=fffff8800b5a05c0 rbp=fffffa8007899780
r8=0000000000000000 r9=0000000000000000 r10=fffffa80096998e0
r11=fffffa80096ee6c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff7ff`e2e87524 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002efc7d2 to fffff80002e7d5c0
STACK_TEXT:
fffff880`0b5a02c8 fffff800`02efc7d2 : 00000000`00000050 fffff7ff`e2e87524 00000000`00000008 fffff880`0b5a0430 : nt!KeBugCheckEx
fffff880`0b5a02d0 fffff800`02e7b6ae : 00000000`00000008 fffffa80`096ee690 fffff880`031e2100 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x40d80
fffff880`0b5a0430 fffff7ff`e2e87524 : 00000000`00000000 00000000`00000000 fffff880`0b5a0c20 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`0b5a05c0 00000000`00000000 : 00000000`00000000 fffff880`0b5a0c20 00000000`00000000 fffff880`0b5a06f8 : 0xfffff7ff`e2e87524
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+40d80
fffff800`02efc7d2 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+40d80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+40d80
BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+40d80
Followup: MachineOwner
---------
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\012712-43009-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e07000 PsLoadedModuleList = 0xfffff800`03044e70
Debug session time: Fri Jan 27 16:25:58.476 2012 (GMT-7)
System Uptime: 0 days 0:01:39.255
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002f7133c, fffff88008355df0, 0}
Probably caused by : memory_corruption ( nt!MmFreePagesFromMdl+bc )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002f7133c, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88008355df0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MmFreePagesFromMdl+bc
fffff800`02f7133c 488b4328 mov rax,qword ptr [rbx+28h]
CONTEXT: fffff88008355df0 -- (.cxr 0xfffff88008355df0)
rax=0000058000000000 rbx=fffef281bd34bc80 rcx=000fffffffffffff
rdx=0000000000000001 rsi=fffffa80088eeed0 rdi=0000000000000008
rip=fffff80002f7133c rsp=fffff880083567c0 rbp=fffffa80088eef40
r8=fffffa8009466e98 r9=0000000000000000 r10=fffff800030b1840
r11=fffff88008356720 r12=0000000000000000 r13=0000000000000000
r14=0000000000000018 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!MmFreePagesFromMdl+0xbc:
fffff800`02f7133c 488b4328 mov rax,qword ptr [rbx+28h] ds:002b:fffef281`bd34bca8=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002f7133c
STACK_TEXT:
fffff880`083567c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmFreePagesFromMdl+0xbc
FOLLOWUP_IP:
nt!MmFreePagesFromMdl+bc
fffff800`02f7133c 488b4328 mov rax,qword ptr [rbx+28h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MmFreePagesFromMdl+bc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
STACK_COMMAND: .cxr 0xfffff88008355df0 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x3B_nt!MmFreePagesFromMdl+bc
BUCKET_ID: X64_0x3B_nt!MmFreePagesFromMdl+bc
Followup: MachineOwner
---------
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\012712-41901-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e1f000 PsLoadedModuleList = 0xfffff800`0305ce70
Debug session time: Fri Jan 27 15:04:07.186 2012 (GMT-7)
System Uptime: 0 days 1:56:04.966
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 109, {a3a039d89cd6491d, b3b7465eef531b23, fffff800033035e0, 1}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a039d89cd6491d, Reserved
Arg2: b3b7465eef531b23, Reserved
Arg3: fffff800033035e0, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
BUGCHECK_STR: 0x109
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002e8f5c0
STACK_TEXT:
fffff880`033af5d8 00000000`00000000 : 00000000`00000109 a3a039d8`9cd6491d b3b7465e`ef531b23 fffff800`033035e0 : nt!KeBugCheckEx
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff8000330362d - nt!BcdSetElementDataWithFlags+4d
[ 64:44 ]
1 error : !nt (fffff8000330362d)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: ONE_BIT
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
Followup: memory_corruption
---------
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\012712-41371-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c0c000 PsLoadedModuleList = 0xfffff800`02e49e70
Debug session time: Fri Jan 27 12:01:29.427 2012 (GMT-7)
System Uptime: 0 days 0:01:07.207
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88008a24d58, fffff88008a245c0, fffff880012ce9b9}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCleanup+2a9 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88008a24d58
Arg3: fffff88008a245c0
Arg4: fffff880012ce9b9
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88008a24d58 -- (.exr 0xfffff88008a24d58)
ExceptionAddress: fffff880012ce9b9 (Ntfs!NtfsCommonCleanup+0x00000000000002a9)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88008a245c0 -- (.cxr 0xfffff88008a245c0)
rax=fffff88008a25501 rbx=fffff8a002e32010 rcx=fffff88008a255c8
rdx=fffff8a002e32050 rsi=fffff8a002e32140 rdi=fffffa800a10b904
rip=fffff880012ce9b9 rsp=fffff88008a24f90 rbp=fffff88008a257e0
r8=0109153208000000 r9=0000000000000008 r10=fffffa8008623180
r11=fffff88008a25398 r12=fffff88008a25580 r13=0000000000000000
r14=0000000000000000 r15=fffffa800a47c1b8
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
Ntfs!NtfsCommonCleanup+0x2a9:
fffff880`012ce9b9 41f6400402 test byte ptr [r8+4],2 ds:002b:01091532`08000004=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: drvinst.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb40e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+2a9
fffff880`012ce9b9 41f6400402 test byte ptr [r8+4],2
FAULTING_IP:
Ntfs!NtfsCommonCleanup+2a9
fffff880`012ce9b9 41f6400402 test byte ptr [r8+4],2
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff88001240829 to fffff880012ce9b9
STACK_TEXT:
fffff880`08a24f90 fffff880`01240829 : fffffa80`06d0f450 fffff8a0`071132b0 fffff880`08a254e0 fffff880`08a14000 : Ntfs!NtfsCommonCleanup+0x2a9
fffff880`08a253a0 fffff800`02c8bcda : fffff880`08a254e0 fffffa80`05bccc20 fffff680`000000f8 fffff880`02f00180 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`08a253d0 fffff880`012403e2 : fffff880`01240810 fffff880`08a254e0 fffff880`08a25800 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`08a254b0 fffff880`012df324 : fffff880`08a25580 fffff880`08a25580 fffff880`08a25580 fffffa80`0891f6f0 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`08a25520 fffff880`0111623f : fffff880`08a25580 fffffa80`0a2ed4d0 fffffa80`0a2ed828 fffffa80`08ae8c30 : Ntfs!NtfsFsdCleanup+0x144
fffff880`08a25790 fffff880`011146df : fffffa80`07c59890 00000000`00000000 fffffa80`07b14300 fffffa80`0a2ed4d0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`08a25820 fffff800`02f8f88f : fffffa80`0a2ed4d0 fffffa80`0a0cc390 00000000`00000000 fffffa80`089d1e20 : fltmgr!FltpDispatch+0xcf
fffff880`08a25880 fffff800`02f75754 : 00000000`00000000 fffff8a0`0710ea50 00000000`00000000 fffff800`02c8175c : nt!IopCloseFile+0x11f
fffff880`08a25910 fffff800`02f8f381 : fffff8a0`0710ea50 fffff8a0`00000001 fffff8a0`0710ea50 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`08a25990 fffff800`02f36e64 : 00000000`0000014c fffff8a0`0710ea50 fffff8a0`07115530 00000000`0000014c : nt!ObpCloseHandleTableEntry+0xb1
fffff880`08a25a20 fffff800`02f36de4 : 00000000`00000004 00000000`00000000 fffffa80`0a0cc390 fffff800`02f1f4c1 : nt!ObpCloseHandleProcedure+0x30
fffff880`08a25a60 fffff800`02f35c2e : fffff8a0`07113201 00000000`00000001 fffffa80`0a0cc390 fffffa80`0a0cc390 : nt!ExSweepHandleTable+0x74
fffff880`08a25aa0 fffff800`02f5e9d4 : fffff8a0`071132b0 00000000`00000000 00000000`00000000 000007ff`fffde000 : nt!ObKillProcess+0x62
fffff880`08a25ae0 fffff800`02f3635b : 00000000`00000000 00000000`00000001 000007ff`fffde000 00000000`00000000 : nt!PspExitThread+0x878
fffff880`08a25ba0 fffff800`02c7b813 : fffffa80`0a0cc390 fffff880`00000000 00000000`002d3bb0 fffffa80`0a10b9a0 : nt!NtTerminateProcess+0x25b
fffff880`08a25c20 00000000`76f6f97a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0021fa58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f6f97a
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCommonCleanup+2a9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79996d
STACK_COMMAND: .cxr 0xfffff88008a245c0 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+2a9
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+2a9
Followup: MachineOwner
---------
-
Loading Dump File [K:\BSODDmpFiles\Reddcapp\Windows_NT6_BSOD_jcgriff2\111711-39483-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c52000 PsLoadedModuleList = 0xfffff800`02e8fe70
Debug session time: Thu Jan 26 10:58:49.028 2012 (GMT-7)
System Uptime: 0 days 0:01:13.807
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffb8008844be3, 2, 0, fffff80002cd36bc}
Probably caused by : ntkrnlmp.exe ( nt!KiInsertQueue+12c )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffb8008844be3, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cd36bc, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efa0e0
fffffb8008844be3
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiInsertQueue+12c
fffff800`02cd36bc 0fb6472b movzx eax,byte ptr [rdi+2Bh]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: Origin.exe
TRAP_FRAME: fffff8800923c970 -- (.trap 0xfffff8800923c970)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000003 rbx=0000000000000000 rcx=fffffa8008844b50
rdx=fffffa8008844a01 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd36bc rsp=fffff8800923cb00 rbp=0000000000000000
r8=0000000000000001 r9=fffffa8008844bb8 r10=0000000000000001
r11=00000000000f00ff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KiInsertQueue+0x12c:
fffff800`02cd36bc 0fb6472b movzx eax,byte ptr [rdi+2Bh] ds:00000000`0000002b=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc1b29 to fffff80002cc25c0
STACK_TEXT:
fffff880`0923c828 fffff800`02cc1b29 : 00000000`0000000a fffffb80`08844be3 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0923c830 fffff800`02cc07a0 : fffff700`01080000 fffff880`02f71180 fffffa80`0a60b1f0 00000000`00004400 : nt!KiBugCheckDispatch+0x69
fffff880`0923c970 fffff800`02cd36bc : fffff880`02f71180 fffffa80`08844ab0 fffffa80`0a4090d0 fffffa80`099e9280 : nt!KiPageFault+0x260
fffff880`0923cb00 fffff800`02fbbd24 : 00000000`00000000 00000000`00000000 00000000`7ef9b000 fffff880`00000000 : nt!KiInsertQueue+0x12c
fffff880`0923cb70 fffff800`02cd262e : 00000000`00000000 00000000`00000001 fffffa80`0990f740 fffffa80`0990f740 : nt!IoSetIoCompletionEx+0x58
fffff880`0923cba0 fffff800`02cc1813 : fffffa80`0a56db60 fffffa80`0990f740 fffff880`0923cca0 00000000`7ef9b000 : nt!NtReleaseWorkerFactoryWorker+0x196
fffff880`0923cc20 00000000`76f30a6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0469e678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f30a6a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiInsertQueue+12c
fffff800`02cd36bc 0fb6472b movzx eax,byte ptr [rdi+2Bh]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiInsertQueue+12c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0xA_nt!KiInsertQueue+12c
BUCKET_ID: X64_0xA_nt!KiInsertQueue+12c
Followup: MachineOwner
---------