Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD copying files, ntoskrnl.exe+7cc40

07 Feb 2012   #1

Windows 7 Ultimate x64
 
 
BSOD copying files, ntoskrnl.exe+7cc40

I've had half a dozen crashes since December that I can easily reproduce when attempting to copy large amounts of data (hundreds of GB) between non-OS drives. Bug check code is usually x0a (IRQL_NOT_LESS_OR_EQUAL), but I've also seen x024 (NTFS_FILE_SYSTEM) and x0c5 (DRIVER_CORRUPTED_EXPOOL). The crash happens randomly during the copy process, sometimes very quickly and other times only after a half hour or more. Dumps are attached and debugger analyses for the most recent 4 crashes have been copied below.

I thought I had a memory leak because file copy operations always consumed all 16 GB of physical memory installed, but it turns out I did not have swap files set for my non-OS drives. I setup swap files this morning, which reduced physical memory use during data transfer from 16GB to 3GB, but still ended up with a BSOD despite this fix. I've had BSODs when using windows shell to copy, or a freeware utility (syncback). I've also had BSODs when trying to copy over a network to a non-OS drive.

I'm not running any quirky security software (MSE+Comodo Firewall). My rig is overclocked (CPU-Z Validator 3.1) but stable (12 hours prime95, all intel burn tests, memtest86 for 10+ hours, etc. See http://img197.imageshack.us/img197/7...bstability.png). SFC /scannow reports nothing. Disk check has not reported errors.

Ideas?

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\020712-5600-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\Windows\System32
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0220a000 PsLoadedModuleList = 0xfffff800`0244f670
Debug session time: Tue Feb  7 08:00:20.880 2012 (UTC - 8:00)
System Uptime: 0 days 0:57:13.284
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {10015a, 2, 1, fffff8000226f659}

Probably caused by : memory_corruption ( nt!MiRestoreTransitionPte+109 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000010015a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000226f659, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800024b9100
 000000000010015a 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiRestoreTransitionPte+109
fffff800`0226f659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  SyncBack.exe

TRAP_FRAME:  fffff8800ce9cf90 -- (.trap 0xfffff8800ce9cf90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffff880022d500e
rdx=0000098000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000226f659 rsp=fffff8800ce9d120 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000001 r10=0000000000000002
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!MiRestoreTransitionPte+0x109:
fffff800`0226f659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh ds:0400:00000000`00000048=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800022861e9 to fffff80002286c40

STACK_TEXT:  
fffff880`0ce9ce48 fffff800`022861e9 : 00000000`0000000a 00000000`0010015a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0ce9ce50 fffff800`02284e60 : 00000001`01000100 00000000`00000001 fffff8a0`0d14bff8 00000000`00100112 : nt!KiBugCheckDispatch+0x69
fffff880`0ce9cf90 fffff800`0226f659 : fffffa80`06a71ff0 fffffa80`0cd31a40 fffff8a0`01e37ad0 fffffa80`1015a010 : nt!KiPageFault+0x260
fffff880`0ce9d120 fffff800`022d47ad : 00000000`00000002 fffff800`00000001 fffffa80`06a71ff0 fffffa80`06a85670 : nt!MiRestoreTransitionPte+0x109
fffff880`0ce9d1b0 fffff800`022b39bc : 00000000`00000000 00000000`00000000 fffff880`0ce9d280 ffffffff`ffffffff : nt!MiRemoveLowestPriorityStandbyPage+0x1d5
fffff880`0ce9d230 fffff800`022afe3e : fffff980`0c328000 00000000`03928020 fffff880`00000000 00000000`00001000 : nt!MmCopyToCachedPage+0xe50
fffff880`0ce9d420 fffff800`022b03f4 : fffffa80`0feb9900 00000000`03928020 fffff880`0ce9d560 00000000`00000000 : nt!CcMapAndCopyInToCache+0x20e
fffff880`0ce9d510 fffff880`01262bf6 : 00000000`00000000 fffff880`0ce9d780 fffffa80`0fc4e980 00000000`00000000 : nt!CcCopyWrite+0x194
fffff880`0ce9d5a0 fffff880`012631a3 : fffffa80`0fc4e980 fffffa80`10055010 fffff880`0ce9d701 fffff880`0ce9d700 : Ntfs!NtfsCommonWrite+0x3390
fffff880`0ce9d750 fffff880`01002bcf : fffffa80`10055368 fffffa80`10055010 fffffa80`0fe94290 00000000`00000001 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`0ce9d810 fffff880`010016df : fffffa80`0e0774e0 00000000`00000001 fffffa80`0e077400 fffffa80`10055010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0ce9d8a0 fffff800`0258f21b : 00000000`00000001 fffffa80`0eddb120 00000000`00000001 fffffa80`10055010 : fltmgr!FltpDispatch+0xcf
fffff880`0ce9d900 fffff800`02599c83 : fffffa80`100553b0 fffffa80`0fda7770 fffffa80`0eddb120 fffff880`022a5180 : nt!IopSynchronousServiceTail+0xfb
fffff880`0ce9d970 fffff800`02285ed3 : 00000000`74e22401 00000000`00000204 00000000`00000000 00000000`00bc836c : nt!NtWriteFile+0x7e2
fffff880`0ce9da70 00000000`74e22e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`03bdf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74e22e09


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiRestoreTransitionPte+109
fffff800`0226f659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiRestoreTransitionPte+109

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiRestoreTransitionPte+109

BUCKET_ID:  X64_0xA_nt!MiRestoreTransitionPte+109

Followup: MachineOwner
---------
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\020612-5740-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\Windows\System32
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02250000 PsLoadedModuleList = 0xfffff800`02495670
Debug session time: Mon Feb  6 07:27:02.472 2012 (UTC - 8:00)
System Uptime: 0 days 1:16:07.988
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff8800c593ee8, fffff8800c593740, fffff800022b5659}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonWrite+3390 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800c593ee8
Arg3: fffff8800c593740
Arg4: fffff800022b5659

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800c593ee8 -- (.exr 0xfffff8800c593ee8)
ExceptionAddress: fffff800022b5659 (nt!MiRestoreTransitionPte+0x0000000000000109)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff8800c593740 -- (.cxr 0xfffff8800c593740)
rax=0000000000000002 rbx=524220302e312f50 rcx=fffff88000800019
rdx=0000098000000000 rsi=0000000000000080 rdi=fffffa8006a71ff0
rip=fffff800022b5659 rsp=fffff8800c594120 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000001 r10=0000000000000002
r11=0000000000000001 r12=fffff80002442e80 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
nt!MiRestoreTransitionPte+0x109:
fffff800`022b5659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh ds:002b:52422030`2e312f98=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  SyncBack.exe

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800024ff100
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsCommonWrite+3390
fffff880`01254bf6 84c0            test    al,al

FAULTING_IP: 
nt!MiRestoreTransitionPte+109
fffff800`022b5659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff8000231a7ad to fffff800022b5659

STACK_TEXT:  
fffff880`0c594120 fffff800`0231a7ad : 00000000`00000002 fffff800`00000001 fffffa80`06a71ff0 fffffa80`0924a950 : nt!MiRestoreTransitionPte+0x109
fffff880`0c5941b0 fffff800`022f99bc : 00000000`00000000 00000000`00000000 fffff880`0c594280 ffffffff`ffffffff : nt!MiRemoveLowestPriorityStandbyPage+0x1d5
fffff880`0c594230 fffff800`022f5e3e : fffff980`1778c000 00000000`0411c020 fffff880`00000000 00000000`00001000 : nt!MmCopyToCachedPage+0xe50
fffff880`0c594420 fffff800`022f63f4 : fffffa80`0f639740 00000000`0411c020 fffff880`0c594560 00000000`00000000 : nt!CcMapAndCopyInToCache+0x20e
fffff880`0c594510 fffff880`01254bf6 : 00000000`00000000 fffff880`0c594780 fffffa80`0fb7c3b0 00000000`00000000 : nt!CcCopyWrite+0x194
fffff880`0c5945a0 fffff880`012551a3 : fffffa80`0fb7c3b0 fffffa80`103ffa90 fffff880`0c594701 fffff880`0c594700 : Ntfs!NtfsCommonWrite+0x3390
fffff880`0c594750 fffff880`01109bcf : fffffa80`103ffde8 fffffa80`103ffa90 fffffa80`13b82cb0 00000000`00000001 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`0c594810 fffff880`011086df : fffffa80`0df988b0 00000000`00000001 fffffa80`0df98800 fffffa80`103ffa90 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0c5948a0 fffff800`025d521b : 00000000`00000001 fffffa80`0f147250 00000000`00000001 fffffa80`103ffa90 : fltmgr!FltpDispatch+0xcf
fffff880`0c594900 fffff800`025dfc83 : fffffa80`103ffe30 fffffa80`147e64f0 fffffa80`0f147250 fffff800`02442e80 : nt!IopSynchronousServiceTail+0xfb
fffff880`0c594970 fffff800`022cbed3 : ffffffff`ffffff01 00000000`000005e4 00000000`00000000 00000000`0092c72c : nt!NtWriteFile+0x7e2
fffff880`0c594a70 00000000`744d2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02b7f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x744d2e09


SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  Ntfs!NtfsCommonWrite+3390

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d79997b

STACK_COMMAND:  .cxr 0xfffff8800c593740 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsCommonWrite+3390

BUCKET_ID:  X64_0x24_Ntfs!NtfsCommonWrite+3390

Followup: MachineOwner
---------
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\020612-5600-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\Windows\System32
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02256000 PsLoadedModuleList = 0xfffff800`0249b670
Debug session time: Mon Feb  6 06:10:31.632 2012 (UTC - 8:00)
System Uptime: 0 days 0:08:33.147
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {48, 2, 1, fffff800022bb659}

Probably caused by : memory_corruption ( nt!MiRestoreTransitionPte+109 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000048, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800022bb659, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002505100
 0000000000000048 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiRestoreTransitionPte+109
fffff800`022bb659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff8800216a530 -- (.trap 0xfffff8800216a530)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffff88000800007
rdx=0000098000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800022bb659 rsp=fffff8800216a6c0 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000001 r10=0000000000000002
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!MiRestoreTransitionPte+0x109:
fffff800`022bb659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh ds:04c0:00000000`00000048=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800022d21e9 to fffff800022d2c40

STACK_TEXT:  
fffff880`0216a3e8 fffff800`022d21e9 : 00000000`0000000a 00000000`00000048 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0216a3f0 fffff800`022d0e60 : 00000000`00000000 fffff800`0249bf40 fffffa80`0cd60380 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0216a530 fffff800`022bb659 : fffffa80`06a71ff0 fffff6fc`00000000 00000000`00000010 fffff8a0`194547f8 : nt!KiPageFault+0x260
fffff880`0216a6c0 fffff800`023207ad : 00000000`00000002 fffff800`00000001 fffffa80`06a71ff0 fffff800`0245d340 : nt!MiRestoreTransitionPte+0x109
fffff880`0216a750 fffff800`0229729f : fa800fc8`7f9004c0 fa800fc8`7f9004c0 fffff880`0216a840 00000000`00000016 : nt!MiRemoveLowestPriorityStandbyPage+0x1d5
fffff880`0216a7d0 fffff800`0256f4ea : fffffa80`0d9b2000 fffffa80`00000001 fffffa80`0d9b2000 00000000`00000002 : nt!MiPfPutPagesInTransition+0x826
fffff880`0216a940 fffff800`0227ed37 : fffffa80`0d9b2000 00000000`0a900000 00000000`0a900000 fffff800`02473260 : nt!MmPrefetchForCacheManager+0x8e
fffff880`0216a990 fffff800`0231898e : fffffa80`102b5f20 fffffa80`0cd60300 fffff880`00000005 fffff880`0319f734 : nt!CcPerformReadAhead+0x2f3
fffff880`0216aac0 fffff800`022dd001 : fffffa80`0cd664f0 fffff800`025c9901 fffff800`024d48d0 965817c2`00000002 : nt!CcWorkerThread+0x21e
fffff880`0216ab70 fffff800`0256dfee : 189e240c`b8cf08f8 fffffa80`0cd60380 00000000`00000080 fffffa80`0cd435a0 : nt!ExpWorkerThread+0x111
fffff880`0216ac00 fffff800`022c45e6 : fffff880`020a5180 fffffa80`0cd60380 fffff880`020b00c0 2842fc01`8280d00a : nt!PspSystemThreadStartup+0x5a
fffff880`0216ac40 00000000`00000000 : fffff880`0216b000 fffff880`02165000 fffff880`0216a5a0 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiRestoreTransitionPte+109
fffff800`022bb659 f00fba6b481f    lock bts dword ptr [rbx+48h],1Fh

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiRestoreTransitionPte+109

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiRestoreTransitionPte+109

BUCKET_ID:  X64_0xA_nt!MiRestoreTransitionPte+109

Followup: MachineOwner
---------
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\020512-5538-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\Windows\System32
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02249000 PsLoadedModuleList = 0xfffff800`0248e670
Debug session time: Sun Feb  5 23:06:39.429 2012 (UTC - 8:00)
System Uptime: 0 days 1:09:44.945
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {ffffd80002450c90, 2, 1, fffff800023f4773}

*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : MpFilter.sys ( MpFilter+f674 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: ffffd80002450c90, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff800023f4773, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExAllocatePoolWithTag+693
fffff800`023f4773 488910          mov     qword ptr [rax],rdx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  explorer.exe

TRAP_FRAME:  fffff8800c19ab30 -- (.trap 0xfffff8800c19ab30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd80002450c90 rbx=0000000000000000 rcx=fffff80002450c90
rdx=fffffa801040c3f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800023f4773 rsp=fffff8800c19acc0 rbp=0000000000001000
 r8=0000000000000000  r9=fffff80002451070 r10=fffff80002450348
r11=fffff8800c19ae60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!ExAllocatePoolWithTag+0x693:
fffff800`023f4773 488910          mov     qword ptr [rax],rdx ds:ffff:ffffd800`02450c90=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800022c51e9 to fffff800022c5c40

STACK_TEXT:  
fffff880`0c19a9e8 fffff800`022c51e9 : 00000000`0000000a ffffd800`02450c90 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0c19a9f0 fffff800`022c3e60 : 000f01ff`00020005 00000000`00000000 00000000`00000000 fffffa80`1040c000 : nt!KiBugCheckDispatch+0x69
fffff880`0c19ab30 fffff800`023f4773 : fffff880`0c19b0a8 ffffffff`80000c48 00000000`00000000 fffff800`022c4ed3 : nt!KiPageFault+0x260
fffff880`0c19acc0 fffff880`010f561f : ffffffff`00000000 fffff880`0c19aea0 fffff8a0`0fe84970 fffff800`00000000 : nt!ExAllocatePoolWithTag+0x693
fffff880`0c19adb0 fffff880`010f653b : fffffa80`0dd47de0 fffff880`0c19aea0 00000000`00000000 fffff8a0`0a60c8d8 : fltmgr!FltpAllocateIrpCtrl+0x2ef
fffff880`0c19ae40 fffff880`0112c4bf : fffffa80`0dd94cc0 00000000`009bc000 fffff880`0c19afa0 fffff880`0c19af00 : fltmgr!FltAllocateCallbackData+0x3b
fffff880`0c19ae80 fffff880`014c4674 : 00000000`009bc000 fffffa80`1196b4c0 fffff880`01104a00 fffff880`0c19b0a8 : fltmgr!FltQueryInformationFile+0x1f
fffff880`0c19aec0 fffff880`014c5db9 : fffffa80`1196b4c0 fffff880`0c19b0a8 00000000`00000040 fffff880`0c19b040 : MpFilter+0xf674
fffff880`0c19b010 fffff880`010f5288 : fffffa80`1196bb90 00000000`00000000 fffff8a0`08fcbca0 00000000`00000000 : MpFilter+0x10db9
fffff880`0c19b060 fffff880`010f3d1b : fffffa80`0de26030 fffffa80`1196b560 fffffa80`0dd94cc0 fffffa80`0dd94ee0 : fltmgr!FltpPerformPostCallbacks+0x368
fffff880`0c19b130 fffff880`011132b9 : fffffa80`1196b7f0 fffffa80`0cd69800 fffffa80`1196b700 fffffa80`0dd47de0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x39b
fffff880`0c19b1c0 fffff800`025c3f95 : 00000000`00000005 fffffa80`0d7ea528 fffffa80`0fe88b10 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`0c19b270 fffff800`025c0838 : fffffa80`0dd04ad0 fffff800`00000000 fffffa80`0d7ea370 fffffa80`00000001 : nt!IopParseDevice+0x5a5
fffff880`0c19b400 fffff800`025c1a56 : 00000000`00000000 fffffa80`0d7ea370 fffff880`0c19b510 fffffa80`0cd614b0 : nt!ObpLookupObjectName+0x588
fffff880`0c19b4f0 fffff800`025c335c : 00000000`00000000 00000000`00000000 00000000`00000001 00000010`00000028 : nt!ObOpenObjectByName+0x306
fffff880`0c19b5c0 fffff800`025aebe4 : 00000000`0398da10 00000000`00100001 00000000`0398da40 00000000`0398da80 : nt!IopCreateFile+0x2bc
fffff880`0c19b660 fffff800`022c4ed3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtOpenFile+0x58
fffff880`0c19b6f0 00000000`7758164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0398d8d8 fffff800`022bd210 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7758164a
fffff880`0c19bcb0 fffff880`0c19bd08 : fffff800`02207b7f 00000000`00000000 fffff900`c0000d00 00000018`004a8242 : nt!KiCallUserMode
fffff880`0c19bcb8 fffff800`02207b7f : 00000000`00000000 fffff900`c0000d00 00000018`004a8242 fffff880`0c19c3b0 : 0xfffff880`0c19bd08
fffff880`0c19bcc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalSendSoftwareInterrupt+0x48


STACK_COMMAND:  kb

FOLLOWUP_IP: 
MpFilter+f674
fffff880`014c4674 413bc4          cmp     eax,r12d

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  MpFilter+f674

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: MpFilter

IMAGE_NAME:  MpFilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9cc801

FAILURE_BUCKET_ID:  X64_0xC5_2_MpFilter+f674

BUCKET_ID:  X64_0xC5_2_MpFilter+f674

Followup: MachineOwner
---------



My System SpecsSystem Spec
.

07 Feb 2012   #2

Win 8 Release candidate 8400
 
 

Nice post thanks

These crashes were caused by memory corruption/exception (probably a driver).
Please run these two tests to verify your memory and find which driver is causing the problem.

If you are overclocking anything reset to default before running these tests.
In other words STOP!!!


Memtest.
Quote:
*Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program. Memtest86+ - Advanced Memory Diagnostic Tool

*Boot from the CD, and leave it running for at least 5 or 6 passes.

Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot.

Test the sticks individually, and if you find a good one, test it in all slots.

Any errors are indicative of a memory problem.

If a known good stick fails in a motherboard slot it is probably the slot.

RAM - Test with Memtest86+



Driver verifier

Quote:
Using Driver Verifier is an iffy proposition. Most times it'll crash and it'll tell you what the driver is. But sometimes it'll crash and won't tell you the driver. Other times it'll crash before you can log in to Windows. If you can't get to Safe Mode, then you'll have to resort to offline editing of the registry to disable Driver Verifier.

So, I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Windows 7 Startup Repair feature).

Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and press Enter
- Select "Create custom settings (for code developers)" and click "Next"
- Select "Select individual settings from a full list" and click "Next"
- Select everything EXCEPT FOR "Special Pool", "Force Pending I/O Requests" and "Low Resource Simulation" and click "Next"
- Select "Select driver names from a list" and click "Next"
Then select all drivers NOT provided by Microsoft and click "Next"
- Select "Finish" on the next page.

Reboot the system and wait for it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation (an estimate on my part).

Reboot into Windows (after the crash) and turn off Driver Verifier by going back in and selecting "Delete existing settings" on the first page, then locate and zip up the memory dump file and upload it with your next post.

If you can't get into Windows because it crashes too soon, try it in Safe Mode.
If you can't get into Safe Mode, try using System Restore from your installation DVD to set the system back to the previous restore point that you created.
Using Driver Verifier to identify issues with Windows drivers for advanced users
My System SpecsSystem Spec
Reply

 BSOD copying files, ntoskrnl.exe+7cc40




Thread Tools



Similar help and support threads for2: BSOD copying files, ntoskrnl.exe+7cc40
Thread Forum
BSOD Windows 7 - ntoskrnl.exe+7cc40 BSOD Help and Support
BSOD ntoskrnl.exe 7cc40 BSOD Help and Support
BSOD ntoskrnl.exe+7cc40 BSOD Help and Support
Solved Random BSOD - ntoskrnl.exe+7cc40 BSOD Help and Support
ntoskrnl.exe+7cc40 BSOD's BSOD Help and Support
Had a random BSoD, not sure what the cause, ntoskrnl.exe+7cc40, dmp in BSOD Help and Support
Solved BSOD ntoskrnl.exe+26ee0 ntoskrnl.exe+7cc40 BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:48 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33