New
#1
BSOD after reboot
Here's an analysis from WinDbg and the crash dump is attached. Any help is appreciated.
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [P:\Crash Dumps\110412-20638-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`02a0b000 PsLoadedModuleList = 0xfffff800`02c4f670
Debug session time: Sun Nov 4 13:59:21.592 2012 (GMT-6)
System Uptime: 0 days 0:00:21.013
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff80002a9ef74}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a9ef74, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb9100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+c64
fffff800`02a9ef74 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: csrss.exe
IRP_ADDRESS: ffffffffffffff88
TRAP_FRAME: fffff8800309e6e0 -- (.trap 0xfffff8800309e6e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800309d958 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a9ef74 rsp=fffff8800309e870 rbp=0000000000000000
r8=0000000000004740 r9=0000000000000080 r10=0000000000000002
r11=00000000000001c8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt!IopCompleteRequest+0xc64:
fffff800`02a9ef74 488b09 mov rcx,qword ptr [rcx] ds:27a5:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a89569 to fffff80002a89fc0
STACK_TEXT:
fffff880`0309e598 fffff800`02a89569 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0309e5a0 fffff800`02a881e0 : 00000000`00000100 00000000`00000007 fffffa80`08295e38 fffffa80`06a57c00 : nt!KiBugCheckDispatch+0x69
fffff880`0309e6e0 fffff800`02a9ef74 : 00000000`00000001 00000000`00000000 fffff880`20206f49 fffff880`0309eb58 : nt!KiPageFault+0x260
fffff880`0309e870 fffff800`02a7ca37 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff8a0`00000000 : nt!IopCompleteRequest+0xc64
fffff880`0309e940 fffff800`02a33425 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1c7
fffff880`0309e9c0 fffff800`02cd596a : fffffa80`0732d730 fffffa80`082449d0 fffff880`0309eb50 fffff880`0309eb48 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`0309e9f0 fffff800`02d9f39e : fffffa80`00000004 fffffa80`082449d0 fffff880`0309eb50 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x2a54a
fffff880`0309eae0 fffff800`02a89253 : 00000000`00000030 fffffa80`07a6eb50 00000000`002eefb8 00000000`002ef201 : nt!NtMapViewOfSection+0x2bd
fffff880`0309ebb0 00000000`77b3159a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`002eef98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b3159a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02a881e0 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be
FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
BUCKET_ID: X64_0xA_nt!KiPageFault+260
Followup: MachineOwner
---------
2: kd> lmvm nt
start end module name
fffff800`02a0b000 fffff800`02ff3000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\B2DA40502FA744C18B9022FD187ADB592\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: c:\symbols\ntoskrnl.exe\503F82BE5e8000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Aug 30 10:11:58 2012 (503F82BE)
CheckSum: 00554126
ImageSize: 005E8000
File version: 6.1.7601.17944
Product version: 6.1.7601.17944
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.17944
FileVersion: 6.1.7601.17944 (win7sp1_gdr.120830-0333)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Quote