Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031212-22729-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a61000 PsLoadedModuleList = 0xfffff800`02c9ee70
Debug session time: Mon Mar 12 16:27:11.221 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:40.907
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C1, {fffff980385c2ff0, fffff980385c2d82, 3f4010, 23}
Probably caused by : memory_corruption ( nt!MiCheckSpecialPoolSlop+9a )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff980385c2ff0, address trying to free
Arg2: fffff980385c2d82, address where bits are corrupted
Arg3: 00000000003f4010, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002b613ba to fffff80002ad15c0
STACK_TEXT:
fffff880`031bdad8 fffff800`02b613ba : 00000000`000000c1 fffff980`385c2ff0 fffff980`385c2d82 00000000`003f4010 : nt!KeBugCheckEx
fffff880`031bdae0 fffff800`02bd8393 : fffff800`03f9a080 00000000`00000000 fffff980`385c2ff0 fffff800`02c60480 : nt!MiCheckSpecialPoolSlop+0x9a
fffff880`031bdb20 fffff800`02c04356 : fffff800`02a61000 00000000`4f494656 00000000`000ce0f0 fffff800`02c60480 : nt!MmFreeSpecialPool+0x1d3
fffff880`031bdc50 fffff800`02f761f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0xf13
fffff880`031bdd00 fffff800`02d716fa : fffff980`006b8b60 fffff980`00306b30 00000000`00000000 00000000`00000000 : nt!ViPoolDelayFreeTrimThreadRoutine+0x46
fffff880`031bdd40 fffff800`02aafb46 : fffff800`02c4be80 fffff980`006b8b60 fffff800`02c59c40 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`031bdd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiCheckSpecialPoolSlop+9a
fffff800`02b613ba cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiCheckSpecialPoolSlop+9a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xC1_23_VRFK_nt!MiCheckSpecialPoolSlop+9a
BUCKET_ID: X64_0xC1_23_VRFK_nt!MiCheckSpecialPoolSlop+9a
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031212-19890-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a55000 PsLoadedModuleList = 0xfffff800`02c92e70
Debug session time: Mon Mar 12 16:25:41.914 2012 (UTC - 6:00)
System Uptime: 0 days 0:10:55.350
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C1, {fffff98088326fe0, fffff98088326042, f3c020, 23}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamLog+89 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff98088326fe0, address trying to free
Arg2: fffff98088326042, address where bits are corrupted
Arg3: 0000000000f3c020, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002b553ba to fffff80002ac55c0
STACK_TEXT:
fffff880`0314d428 fffff800`02b553ba : 00000000`000000c1 fffff980`88326fe0 fffff980`88326042 00000000`00f3c020 : nt!KeBugCheckEx
fffff880`0314d430 fffff800`02bcc393 : 00000000`00000000 00000000`00000000 fffff980`88326fe0 fffff800`02c66c88 : nt!MiCheckSpecialPoolSlop+0x9a
fffff880`0314d470 fffff800`02bf8390 : fffff800`02a55000 00000000`4b466650 00000000`0008c000 00000000`00000001 : nt!MmFreeSpecialPool+0x1d3
fffff880`0314d5a0 fffff800`02f121bc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0xf4d
fffff880`0314d650 fffff800`02be62b9 : fffff980`80ffcfb0 00000000`00000001 00000000`00000000 fffff980`86a32bc0 : nt!PfpRpFileKeyUpdate+0x4cc
fffff880`0314d6e0 fffff880`010b255d : 00000000`00000000 00000000`00000000 fffff880`0314d860 fffff800`02c7ca68 : nt!PfFileInfoNotify+0x549
fffff880`0314d770 fffff880`010b2746 : fffff980`8ad12fb0 fffff980`8ad12fb0 00000000`00000000 00000000`00000000 : fileinfo!FIStreamLog+0x89
fffff880`0314d840 fffff880`0106b65e : 00000000`000000d0 fffff880`0314e000 ffffffff`ffffffff fffff980`68250fa0 : fileinfo!FIStreamCleanup+0x96
fffff880`0314d890 fffff880`0108722d : fffff980`8ad12f68 fffff880`0105d000 00000000`00000000 00000000`00000703 : fltmgr!DoFreeContext+0x7e
fffff880`0314d8c0 fffff880`01082bc1 : fffff980`05f98800 00000000`00000130 fffff980`86a32bc0 fffff980`86a32bc0 : fltmgr! ?? ::NNGAKEGL::`string'+0x1196
fffff880`0314d8f0 fffff880`01082b7b : fffff980`05f98800 fffff980`86a32ed0 fffff980`05f98800 00000000`00000706 : fltmgr!CleanupStreamListCtrl+0x21
fffff880`0314d920 fffff800`02db15ae : 00000000`00000001 fffff980`8f14cee0 fffff980`88a4cf30 fffff800`02f698de : fltmgr!DeleteStreamListCtrlCallback+0x6b
fffff880`0314d950 fffff880`012e5cd8 : fffff980`86a32bc0 fffff980`0064ab60 fffff880`0314da28 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2
fffff880`0314d9a0 fffff880`012e59d9 : 00000000`00000000 00000000`00000000 fffff800`02c6a500 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108
fffff880`0314d9e0 fffff880`0125ba50 : fffff980`86a32ac0 fffff980`86a32bc0 fffff800`02c6a500 00000000`4566744e : Ntfs!NtfsRemoveScb+0x61
fffff880`0314da20 fffff880`012e33ec : fffff980`86a32a90 fffff800`02c6a5a0 fffff880`0314db52 fffff980`8f134e40 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`0314da50 fffff880`01264602 : fffff980`8f134e40 fffff980`8f134e40 fffff980`86a32a90 fffff880`012fa900 : Ntfs!NtfsTeardownStructures+0xdc
fffff880`0314dad0 fffff880`012fa8f3 : fffff980`8f134e40 fffff800`02c6a5a0 fffff980`86a32a90 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`0314db10 fffff880`012d4c9f : fffff980`8f134e40 fffff980`86a32bc0 fffff980`86a32a90 fffffa80`066fe180 : Ntfs!NtfsCommonClose+0x353
fffff880`0314dbe0 fffff800`02ad27e1 : 00000000`00000000 fffff880`012d4b00 fffff980`0064ab01 fffff980`00000003 : Ntfs!NtfsFspClose+0x15f
fffff880`0314dcb0 fffff800`02d656fa : 00000000`00000000 fffff980`0064ab60 00000000`00000080 fffff980`00306b30 : nt!ExpWorkerThread+0x111
fffff880`0314dd40 fffff800`02aa3b46 : fffff880`02f64180 fffff980`0064ab60 fffff880`02f6ef80 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0314dd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIStreamLog+89
fffff880`010b255d 4c8b1534c5ffff mov r10,qword ptr [fileinfo!FIGlobals+0x798 (fffff880`010aea98)]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: fileinfo!FIStreamLog+89
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc481
FAILURE_BUCKET_ID: X64_0xC1_23_VRFK_fileinfo!FIStreamLog+89
BUCKET_ID: X64_0xC1_23_VRFK_fileinfo!FIStreamLog+89
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031212-20124-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a13000 PsLoadedModuleList = 0xfffff800`02c50e70
Debug session time: Mon Mar 12 14:24:09.716 2012 (UTC - 6:00)
System Uptime: 0 days 0:01:22.402
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C1, {fffff900c57caf90, fffff900c57cac02, a1a070, 23}
Probably caused by : win32k.sys ( win32k!FreeSMS+2f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff900c57caf90, address trying to free
Arg2: fffff900c57cac02, address where bits are corrupted
Arg3: 0000000000a1a070, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: hamachi-2-ui.e
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002b133ba to fffff80002a835c0
STACK_TEXT:
fffff880`06de9638 fffff800`02b133ba : 00000000`000000c1 fffff900`c57caf90 fffff900`c57cac02 00000000`00a1a070 : nt!KeBugCheckEx
fffff880`06de9640 fffff800`02b8a393 : 00000000`00000001 00000000`00000000 fffff900`c57caf90 00000000`00000001 : nt!MiCheckSpecialPoolSlop+0x9a
fffff880`06de9680 fffff800`02bb6390 : 00000000`0000003e 00000000`6d737355 00000000`00000070 fffff900`c57caf90 : nt!MmFreeSpecialPool+0x1d3
fffff880`06de97b0 fffff960`00153f5f : fffff980`14704f80 00000000`63737355 fffff960`00000000 fffff880`06de9800 : nt!ExDeferredFreePool+0xf4d
fffff880`06de9860 fffff960`00153e53 : fffff900`c5d6ac20 fffff900`c30039b0 00000000`00001200 00000000`00000000 : win32k!FreeSMS+0x2f
fffff880`06de9890 fffff960`0019ba52 : fffff900`c30039b0 00650053`00000000 00000000`000100fa fffff900`c2bc4a10 : win32k!xxxInterSendMsgEx+0x13c6
fffff880`06de99a0 fffff960`0014fba7 : fffff880`06de9a60 00000000`0008e2e0 00000000`000002b3 00000000`0000004a : win32k!xxxSendMessageTimeout+0x1de
fffff880`06de9a50 fffff960`001b364b : fffff900`c30039b0 00000000`0000004a 00000000`000100fa fffff880`06de9b00 : win32k!xxxSendMessageEx+0xeb
fffff880`06de9ad0 fffff960`00181102 : fffff900`c30039b0 00000000`0000004a fffff900`c5d7efc0 fffff880`06de9b00 : win32k!NtUserfnCOPYDATA+0xab
fffff880`06de9b30 fffff800`02a82813 : fffff980`2c292b60 fffff880`06de9ca0 00000000`0008e1d8 fffff960`001bbd3a : win32k!NtUserMessageCall+0x132
fffff880`06de9bb0 00000000`734efe4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e1b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x734efe4a
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!FreeSMS+2f
fffff960`00153f5f eb0c jmp win32k!FreeSMS+0x3d (fffff960`00153f6d)
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32k!FreeSMS+2f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f10fe35
FAILURE_BUCKET_ID: X64_0xC1_23_VRFK_win32k!FreeSMS+2f
BUCKET_ID: X64_0xC1_23_VRFK_win32k!FreeSMS+2f
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031212-22916-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a59000 PsLoadedModuleList = 0xfffff800`02c96e70
Debug session time: Mon Mar 12 13:36:18.135 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:42.571
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C1, {fffff98038bb4fc0, fffff98038bb4c02, a9c040, 23}
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : dxgkrnl.sys ( dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+113 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff98038bb4fc0, address trying to free
Arg2: fffff98038bb4c02, address where bits are corrupted
Arg3: 0000000000a9c040, (reserved)
Arg4: 0000000000000023, caller is freeing an address where nearby bytes within the same page have been corrupted
Debugging Details:
------------------
BUGCHECK_STR: 0xC1_23
SPECIAL_POOL_CORRUPTION_TYPE: 23
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: MMLoadDrv.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002b593ba to fffff80002ac95c0
STACK_TEXT:
fffff880`07336218 fffff800`02b593ba : 00000000`000000c1 fffff980`38bb4fc0 fffff980`38bb4c02 00000000`00a9c040 : nt!KeBugCheckEx
fffff880`07336220 fffff800`02bd0393 : 00000000`00000001 fffff880`073367d8 fffff980`38bb4fc0 00000000`00000000 : nt!MiCheckSpecialPoolSlop+0x9a
fffff880`07336260 fffff800`02bfc390 : 00000000`00000798 00000000`4e506456 ffffffff`fffcb6a4 fffff980`38bb4fd0 : nt!MmFreeSpecialPool+0x1d3
fffff880`07336390 fffff880`0513653b : fffff980`38bb4fc0 00000000`00000000 fffff880`073367d8 00000000`00000001 : nt!ExDeferredFreePool+0xf4d
fffff880`07336440 fffff880`0512d712 : fffff980`3786cf60 fffff980`3786cf60 00000000`00000002 00000000`00000088 : dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+0x113
fffff880`07336470 fffff880`046b4b63 : fffff980`fffffe32 fffff980`38526470 00000000`00000000 00000000`00000000 : dxgkrnl!DXGK_VIDPNSOURCEMODESET_INTERFACE_V1_IMPL::ReleaseModeInfo+0x11e
fffff880`073364a0 fffff980`fffffe32 : fffff980`38526470 00000000`00000000 00000000`00000000 ffffd319`2aecc601 : atikmdag+0xa4b63
fffff880`073364a8 fffff980`38526470 : 00000000`00000000 00000000`00000000 ffffd319`2aecc601 00000000`00000001 : 0xfffff980`fffffe32
fffff880`073364b0 00000000`00000000 : 00000000`00000000 ffffd319`2aecc601 00000000`00000001 00000000`0000008c : 0xfffff980`38526470
STACK_COMMAND: kb
FOLLOWUP_IP:
dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+113
fffff880`0513653b 33c0 xor eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+113
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgkrnl
IMAGE_NAME: dxgkrnl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d3fa1a0
FAILURE_BUCKET_ID: X64_0xC1_23_VRFK_dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+113
BUCKET_ID: X64_0xC1_23_VRFK_dxgkrnl!DMMVIDPNSOURCEMODESET::ReleaseDdiEnumerator+113
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031112-32869-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a05000 PsLoadedModuleList = 0xfffff800`02c42e70
Debug session time: Sun Mar 11 16:35:47.731 2012 (UTC - 6:00)
System Uptime: 0 days 0:01:29.448
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002a8d315, 0, 10}
Probably caused by : fileinfo.sys ( fileinfo!FIPfInterfaceClose+48 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002a8d315, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000010, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!FsRtlLookupPerFileObjectContext+a5
fffff800`02a8d315 48395810 cmp qword ptr [rax+10h],rbx
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000010
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cad0e0
0000000000000010
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 1
EXCEPTION_RECORD: fffff88007ee9d98 -- (.exr 0xfffff88007ee9d98)
ExceptionAddress: fffff80002a8d315 (nt!FsRtlLookupPerFileObjectContext+0x00000000000000a5)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010
TRAP_FRAME: fffff88007ee9e40 -- (.trap 0xfffff88007ee9e40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8009bacc18
rdx=fffffa8008161dd0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a8d315 rsp=fffff88007ee9fd0 rbp=0000000000000000
r8=0000000000000000 r9=fffff9802b438f00 r10=fffff98002b9a800
r11=fffffa8009cdb600 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!FsRtlLookupPerFileObjectContext+0xa5:
fffff800`02a8d315 48395810 cmp qword ptr [rax+10h],rbx ds:00000000`00000010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002aaf919 to fffff80002a755c0
STACK_TEXT:
fffff880`07ee95c8 fffff800`02aaf919 : 00000000`0000001e ffffffff`c0000005 fffff800`02a8d315 00000000`00000000 : nt!KeBugCheckEx
fffff880`07ee95d0 fffff800`02a74c02 : fffff880`07ee9d98 fffffa80`08161dd0 fffff880`07ee9e40 fffffa80`09bacbe0 : nt!KiDispatchException+0x1b9
fffff880`07ee9c60 fffff800`02a7377a : 00000000`00000000 fffffa80`08161dd0 00001f80`00100000 fffff880`07ee5001 : nt!KiExceptionDispatch+0xc2
fffff880`07ee9e40 fffff800`02a8d315 : fffffa80`09251010 fffff980`2b438fb8 fffff800`02d8888f fffffa80`09cb9d10 : nt!KiPageFault+0x23a
fffff880`07ee9fd0 fffff880`0109baaf : fffff880`07eea140 fffff880`07eea140 fffffa80`0a1d3aa0 fffff800`00000000 : nt!FsRtlLookupPerFileObjectContext+0xa5
fffff880`07eea010 fffff880`0109a9c7 : fffff880`00000001 fffff880`07eea0b8 00000000`00000000 fffffa80`092518d0 : fltmgr!FltpGetStartingCallbackNode+0x3f
fffff880`07eea0a0 fffff880`010996c7 : fffff980`00000001 fffffa80`00000001 fffffa80`00000001 fffff800`02d8888f : fltmgr!FltpPassThrough+0xb7
fffff880`07eea120 fffff800`02f1bc16 : fffff980`2b438a20 00000000`00000002 fffffa80`08315b60 00000000`00000000 : fltmgr!FltpDispatch+0xb7
fffff880`07eea180 fffff800`02d8888f : fffff980`2b438a20 fffffa80`066bd5f0 00000000`00000000 fffffa80`09cdb690 : nt!IovCallDriver+0x566
fffff880`07eea1e0 fffff800`02d6e754 : 00000000`00000001 fffffa80`09aed060 fffff8a0`000003a0 fffff8a0`00000000 : nt!IopCloseFile+0x11f
fffff880`07eea270 fffff800`02d88381 : fffffa80`09aed060 fffffa80`00000001 fffff8a0`00001ae0 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`07eea2f0 fffff800`02d88294 : 00000000`00000c30 fffffa80`09aed060 fffff8a0`00001ae0 00000000`00000c30 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`07eea380 fffff800`02a74813 : fffffa80`09aedb60 fffff880`07eea450 fffff880`07eea5c0 00000000`6a764d46 : nt!ObpCloseHandle+0x94
fffff880`07eea3d0 fffff800`02a70db0 : fffff880`010ef66c fffff980`1840cfb0 fffff980`1840cfb0 fffff880`07eea5c0 : nt!KiSystemServiceCopyEnd+0x13
fffff880`07eea568 fffff880`010ef66c : fffff980`1840cfb0 fffff980`1840cfb0 fffff880`07eea5c0 fffff800`02a7a75c : nt!KiServiceLinkage
fffff880`07eea570 fffff800`02de67e5 : fffff880`07eea748 fffff880`07eea740 fffff8a0`073ee278 fffff800`02cd1b00 : fileinfo!FIPfInterfaceClose+0x48
fffff880`07eea5a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfpOpenHandleClose+0x55
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIPfInterfaceClose+48
fffff880`010ef66c 488bcb mov rcx,rbx
SYMBOL_STACK_INDEX: f
SYMBOL_NAME: fileinfo!FIPfInterfaceClose+48
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc481
FAILURE_BUCKET_ID: X64_0x1E_c0000005_VRF_fileinfo!FIPfInterfaceClose+48
BUCKET_ID: X64_0x1E_c0000005_VRF_fileinfo!FIPfInterfaceClose+48
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031012-26254-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a07000 PsLoadedModuleList = 0xfffff800`02c44e70
Debug session time: Sat Mar 10 13:23:17.971 2012 (UTC - 6:00)
System Uptime: 0 days 11:39:41.657
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88006dc6268, fffff88006dc5ad0, fffff80002a2ea32}
Unable to load image \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVGIDSFilter.Sys
*** ERROR: Module load completed but symbols could not be loaded for AVGIDSFilter.Sys
Probably caused by : Ntfs.sys ( Ntfs!NtfsExtendedCompleteRequestInternal+114 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88006dc6268
Arg3: fffff88006dc5ad0
Arg4: fffff80002a2ea32
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88006dc6268 -- (.exr 0xfffff88006dc6268)
ExceptionAddress: fffff80002a2ea32 (nt!RtlSubtreePredecessor+0x0000000000000012)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88006dc5ad0 -- (.cxr 0xfffff88006dc5ad0)
rax=6b1d4e000045641d rbx=fffffa800bf7b1e8 rcx=6b1d4e000045641d
rdx=fffffa800bf7b1e8 rsi=fffffa800bfeb1e0 rdi=0000000000000000
rip=fffff80002a2ea32 rsp=fffff88006dc64a8 rbp=fffffa800bfeb1e8
r8=ffffffffffffffff r9=ffffffffffffffff r10=fffff88002d65f60
r11=fffff8a012a2acc8 r12=ffffffffffffffff r13=fffffa8007775668
r14=0000000000008000 r15=0000000000000001
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
nt!RtlSubtreePredecessor+0x12:
fffff800`02a2ea32 488b4910 mov rcx,qword ptr [rcx+10h] ds:002b:6b1d4e00`0045642d=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002caf0e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsExtendedCompleteRequestInternal+114
fffff880`01210cb4 488b5c2450 mov rbx,qword ptr [rsp+50h]
FAULTING_IP:
nt!RtlSubtreePredecessor+12
fffff800`02a2ea32 488b4910 mov rcx,qword ptr [rcx+10h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80002a5abc4 to fffff80002a2ea32
STACK_TEXT:
fffff880`06dc64a8 fffff800`02a5abc4 : 00000000`00000000 fffff880`00e1436a 00000000`00000010 00000000`00000282 : nt!RtlSubtreePredecessor+0x12
fffff880`06dc64b0 fffff880`00e14373 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlDeleteNoSplay+0x7c
fffff880`06dc64e0 fffff880`00e10238 : fffff8a0`18cae510 00000000`00000000 00000000`00000001 fffffa80`07775010 : fltmgr!TreeUnlinkNoBalance+0x13
fffff880`06dc6510 fffff880`00e2e46f : ffffffff`ffffffff 00000000`00000297 fffff880`6e664d46 00000000`00000018 : fltmgr!TreeUnlinkMulti+0x148
fffff880`06dc6560 fffff880`00e2edfe : ffffffff`ffffffff fffffa80`0bff9580 fffffa80`07775010 fffffa80`0bfeb170 : fltmgr!DeleteNameCacheNodes+0x9f
fffff880`06dc65a0 fffff880`00e3e2af : fffffa80`0bff9580 fffffa80`0bfeb170 00000000`00000000 00000000`00000000 : fltmgr!PurgeStreamNameCache+0x8e
fffff880`06dc65e0 fffff880`00e35a30 : fffffa80`0b8d7600 fffffa80`07775010 00000000`00000000 fffffa80`0d58d730 : fltmgr!FltpPurgeVolumeNameCache+0x7f
fffff880`06dc6620 fffff880`00e2ed4b : fffffa80`07775010 00000000`00000000 fffffa80`0d58d730 00000000`00000000 : fltmgr! ?? ::NNGAKEGL::`string'+0x1a04
fffff880`06dc6660 fffff880`00e1106a : fffffa80`0d2703e0 fffffa80`082d6370 00000000`00000000 0070006d`0075004a : fltmgr!FltpReinstateNameCachingAllFrames+0x4b
fffff880`06dc6690 fffff800`02a79bb6 : 00000000`00000000 fffffa80`09feb690 fffffa80`0b8d7600 fffff880`00e100a2 : fltmgr!FltpPassThroughCompletion+0x8a
fffff880`06dc66d0 fffff880`01210cb4 : fffffa80`0d125b80 00000000`00000001 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x336
fffff880`06dc67c0 fffff880`01297eda : fffff8a0`11872140 fffffa80`076ab180 00000000`00000000 00000000`00000701 : Ntfs!NtfsExtendedCompleteRequestInternal+0x114
fffff880`06dc6800 fffff880`01209ba0 : fffffa80`0d125b80 fffffa80`1086ebd0 fffff880`06dc6901 fffff880`06dc6900 : Ntfs!NtfsCommonSetInformation+0xef1
fffff880`06dc68e0 fffff880`00e0e23f : fffffa80`1086efb8 fffffa80`1086ebd0 fffffa80`0d125b80 fffff880`06dc6908 : Ntfs!NtfsFsdSetInformation+0x11c
fffff880`06dc6960 fffff880`00e0c6df : fffffa80`082d6370 fffffa80`09612da0 fffffa80`082d6300 fffffa80`1086ebd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`06dc69f0 fffff880`044345c3 : fffffa80`1086ebd0 fffffa80`1086ebd0 00000000`03c8e600 00000000`0000000a : fltmgr!FltpDispatch+0xcf
fffff880`06dc6a50 fffffa80`1086ebd0 : fffffa80`1086ebd0 00000000`03c8e600 00000000`0000000a fffffa80`0d58d730 : AVGIDSFilter+0x35c3
fffff880`06dc6a58 fffffa80`1086ebd0 : 00000000`03c8e600 00000000`0000000a fffffa80`0d58d730 fffffa80`10919240 : 0xfffffa80`1086ebd0
fffff880`06dc6a60 00000000`03c8e600 : 00000000`0000000a fffffa80`0d58d730 fffffa80`10919240 00000000`00000000 : 0xfffffa80`1086ebd0
fffff880`06dc6a68 00000000`0000000a : fffffa80`0d58d730 fffffa80`10919240 00000000`00000000 fffff800`02d572ed : 0x3c8e600
fffff880`06dc6a70 fffffa80`0d58d730 : fffffa80`10919240 00000000`00000000 fffff800`02d572ed 00000000`000000b6 : 0xa
fffff880`06dc6a78 fffffa80`10919240 : 00000000`00000000 fffff800`02d572ed 00000000`000000b6 fffffa80`1086ebd0 : 0xfffffa80`0d58d730
fffff880`06dc6a80 00000000`00000000 : fffff800`02d572ed 00000000`000000b6 fffffa80`1086ebd0 00000000`00000000 : 0xfffffa80`10919240
SYMBOL_STACK_INDEX: b
SYMBOL_NAME: Ntfs!NtfsExtendedCompleteRequestInternal+114
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79996d
STACK_COMMAND: .cxr 0xfffff88006dc5ad0 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsExtendedCompleteRequestInternal+114
BUCKET_ID: X64_0x24_Ntfs!NtfsExtendedCompleteRequestInternal+114
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\tjk2world\Windows_NT6_BSOD_jcgriff2\031112-21840-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c5ce70
Debug session time: Sun Mar 11 02:01:41.567 2012 (UTC - 6:00)
System Uptime: 0 days 5:08:54.268
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {403, fffff6800014fe90, 8ab00000b90e1867, fffff680008cfe90}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+31eb2 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000403, The subtype of the bugcheck.
Arg2: fffff6800014fe90
Arg3: 8ab00000b90e1867
Arg4: fffff680008cfe90
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_403
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002b01628 to fffff80002a8f5c0
STACK_TEXT:
fffff880`091897b8 fffff800`02b01628 : 00000000`0000001a 00000000`00000403 fffff680`0014fe90 8ab00000`b90e1867 : nt!KeBugCheckEx
fffff880`091897c0 fffff800`02ac0251 : 00000000`00000000 fffff680`0014fff8 fffffa80`06b14b30 ffffffff`ffffffff : nt! ?? ::FNODOBFM::`string'+0x31eb2
fffff880`09189970 fffff800`02ad0fba : 00000000`00000000 00000000`2a336fff fffffa80`00000000 fffffa80`06b14b30 : nt!MiDeleteVirtualAddresses+0x408
fffff880`09189b30 fffff800`02a8e813 : ffffffff`ffffffff 00000000`01e9ceb0 00000000`01e9ce78 00000000`00008000 : nt!NtFreeVirtualMemory+0x5ca
fffff880`09189c20 00000000`777ff89a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01e9cde8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777ff89a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+31eb2
fffff800`02b01628 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+31eb2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x1a_403_nt!_??_::FNODOBFM::_string_+31eb2
BUCKET_ID: X64_0x1a_403_nt!_??_::FNODOBFM::_string_+31eb2
Followup: MachineOwner
---------