New
#1
Plz help analyse BSOD
Hi guys,
i am getting the following BSOD at random in windows:
What would you say is the cuase?Code:Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\Minidump\Mini020410-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: C:\Debugging Tools for Windows (x64)\Symbols Executable search path is: *** WARNING: Unable to verify checksum for ntkrnlmp.exe Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 3790.srv03_sp2_gdr.090805-1438 Machine Name: Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140 Debug session time: Thu Feb 4 12:35:42.171 2010 (GMT+1) System Uptime: 0 days 0:14:16.373 *** WARNING: Unable to verify checksum for ntkrnlmp.exe Loading Kernel Symbols ............................................................... ......................................................... Loading User Symbols Loading unloaded module list ....................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {fffffadf9f326010, 2, 1, fffff80001007fcb} Probably caused by : memory_corruption ( nt!MiReleasePageFileSpace+34 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffadf9f326010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80001007fcb, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: fffffadf9f326010 CURRENT_IRQL: 2 FAULTING_IP: nt!MiReleasePageFileSpace+34 fffff800`01007fcb 4c0fb302 btr qword ptr [rdx],r8 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: crashreporter.e TRAP_FRAME: fffffadf7ef14070 -- (.trap 0xfffffadf7ef14070) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffadf9b326000 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffadf9b326010 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80001007fcb rsp=fffffadf7ef14200 rbp=fffffadf9b1bdc20 r8=0000000020000000 r9=fffffadf9bcc41d0 r10=2000000000000000 r11=fffffadf9be7cfb0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!MiReleasePageFileSpace+0x34: fffff800`01007fcb 4c0fb302 btr qword ptr [rdx],r8 ds:fffffadf`9b326010=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890 STACK_TEXT: fffffadf`7ef13ee8 fffff800`0102e5b4 : 00000000`0000000a fffffadf`9f326010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffffadf`7ef13ef0 fffff800`0102d547 : 00000000`00000000 fffff800`01045d7d 00000000`00000000 fffffadf`9b19d4f0 : nt!KiBugCheckDispatch+0x74 fffffadf`7ef14070 fffff800`01007fcb : 00000000`00000006 fffffadf`9b1bdf40 00000000`000781d9 fffff800`01041964 : nt!KiPageFault+0x207 fffffadf`7ef14200 fffff800`010aa638 : fffff6fb`40001df8 fffffadf`9b1bdc20 fffffadf`928a2410 00000000`00000000 : nt!MiReleasePageFileSpace+0x34 fffffadf`7ef14230 fffff800`01050e36 : fffffadf`00000035 fffffa80`0044ef58 fffffadf`00000001 00000000`00000001 : nt!MiDeletePte+0x5e1 fffffadf`7ef142c0 fffff800`01045cf4 : fffffadf`9b1bdc20 00000000`781dffff fffffadf`9be7cfb0 ffffffff`ffffffff : nt!MiDeleteVirtualAddresses+0x9b9 fffffadf`7ef14460 fffff800`0103f46d : fffffadf`9b1bdc20 fffffadf`9b0d5040 ffffffff`ffffffff 00000000`00000000 : nt!MiRemoveMappedView+0xa93 fffffadf`7ef145a0 fffff800`0127381a : fffffa80`03699c30 fffffadf`7ef14c70 00000000`00000000 fffffadf`9b0d5040 : nt!MmCleanProcessAddressSpace+0x388 fffffadf`7ef14610 fffff800`0127bb72 : 00000000`00000080 00000000`00000080 fffffadf`9b0d5088 00000000`00000000 : nt!PspExitThread+0xb4d fffffadf`7ef148a0 fffff800`01038c30 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d fffffadf`7ef148d0 fffff800`01027c3b : 00000000`00000000 fffffadf`7ef14970 fffff800`0127bdc0 00000000`0016e5c0 : nt!KiDeliverApc+0x504 fffffadf`7ef14970 fffff800`0102e73e : fffffadf`7ef14540 fffffadf`7ef145e0 00000000`00000000 00000000`7817c860 : nt!KiInitiateUserApc+0x7b fffffadf`7ef14af0 fffff800`0102e33d : fffffadf`9b0d5040 fffffadf`9b0d5040 00000000`00223d01 00000000`00000000 : nt!KiExceptionExit+0x8f fffffadf`7ef14c70 00000000`6b006369 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3 00000000`0016e190 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6b006369 STACK_COMMAND: kb FOLLOWUP_IP: nt!MiReleasePageFileSpace+34 fffff800`01007fcb 4c0fb302 btr qword ptr [rdx],r8 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!MiReleasePageFileSpace+34 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4a7992a0 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0xA_nt!MiReleasePageFileSpace+34 BUCKET_ID: X64_0xA_nt!MiReleasePageFileSpace+34 Followup: MachineOwner ---------
Thanks,
Lennart