Code:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a13000 PsLoadedModuleList = 0xfffff800`02c50e50
Debug session time: Sat Nov 27 08:33:04.728 2010 (GMT-5)
System Uptime: 0 days 3:08:00.211
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002d994a1, fffff880085e35d0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+51 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002d994a1, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff880085e35d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObpCloseHandleTableEntry+51
fffff800`02d994a1 4883bba800000000 cmp qword ptr [rbx+0A8h],0
CONTEXT: fffff880085e35d0 -- (.cxr 0xfffff880085e35d0)
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a007c98360
rdx=fffff8a007faadc0 rsi=fffffa800612ab60 rdi=fffff8a007faadc0
rip=fffff80002d994a1 rsp=fffff880085e3fa0 rbp=fffff8a007c98360
r8=fffffa8005b3d940 r9=0000000000000770 r10=0000000000000770
r11=fffff880085e4000 r12=fffffa8005f7ff30 r13=fffffa8005b3d940
r14=fffffa8005b3da00 r15=fffff8a007c98360
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ObpCloseHandleTableEntry+0x51:
fffff800`02d994a1 4883bba800000000 cmp qword ptr [rbx+0A8h],0 ds:002b:00000000`000000a8=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: msnmsgr.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002d994a1
STACK_TEXT:
fffff880`085e3fa0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpCloseHandleTableEntry+0x51
FOLLOWUP_IP:
nt!ObpCloseHandleTableEntry+51
fffff800`02d994a1 4883bba800000000 cmp qword ptr [rbx+0A8h],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpCloseHandleTableEntry+51
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff880085e35d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ObpCloseHandleTableEntry+51
BUCKET_ID: X64_0x3B_nt!ObpCloseHandleTableEntry+51
Followup: MachineOwner
---------
Debug session time: Sat Nov 27 10:02:42.850 2010 (GMT-5)
System Uptime: 0 days 1:28:45.332
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff88041e241cc, 1, fffff88000e24162, 5}
Could not read faulting driver name
Probably caused by : hardware ( fileinfo!FIStreamGetInfo+11f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88041e241cc, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff88000e24162, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc10e0
fffff88041e241cc
FAULTING_IP:
fltmgr!FltpExpandShortNames+292
fffff880`00e24162 891564000041 mov dword ptr [fffff880`41e241cc],edx
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: javaw.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88006a7f080 -- (.trap 0xfffff88006a7f080)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8005c53701
rdx=fffff88006a7fc01 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000e24162 rsp=fffff88006a7f210 rbp=0000000000000017
r8=fffffa8005dc5970 r9=0000000000000150 r10=fffff80002c04e80
r11=fffffa8005ab76d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fltmgr!FltpExpandShortNames+0x292:
fffff880`00e24162 891564000041 mov dword ptr [fffff880`41e241cc],edx ds:0037:fffff880`41e241cc=????????
Resetting default scope
MISALIGNED_IP:
fltmgr!FltpExpandShortNames+292
fffff880`00e24162 891564000041 mov dword ptr [fffff880`41e241cc],edx
LAST_CONTROL_TRANSFER: from fffff80002b088c1 to fffff80002a89740
STACK_TEXT:
fffff880`06a7ef18 fffff800`02b088c1 : 00000000`00000050 fffff880`41e241cc 00000000`00000001 fffff880`06a7f080 : nt!KeBugCheckEx
fffff880`06a7ef20 fffff800`02a8782e : 00000000`00000001 00000000`00000037 fffffa80`04903700 fffff880`00e24c01 : nt! ?? ::FNODOBFM::`string'+0x40e8b
fffff880`06a7f080 fffff880`00e24162 : 00000000`00000017 00000000`00000037 fffffa80`0428b510 fffff880`00e25200 : nt!KiPageFault+0x16e
fffff880`06a7f210 fffff880`00e25361 : fffffa80`00000042 00000000`00000042 00000000`00000038 00000000`00000000 : fltmgr!FltpExpandShortNames+0x292
fffff880`06a7f270 fffff880`00e2513e : fffffa80`0428b510 fffff880`00e20000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetNormalizedFileNameWorker+0xc1
fffff880`06a7f2b0 fffff880`00e0654b : fffffa80`039c1000 00000000`00000000 fffffa80`05cda430 fffff880`06a80000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`06a7f310 fffff880`00e11ad4 : 00000000`00008000 fffffa80`05cda430 00000000`00000000 00000000`00000401 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`06a7f390 fffff880`0102a36b : fffffa80`0428b510 fffff8a0`0a4ab2d0 00000000`00000001 fffff880`06a7f4c0 : fltmgr!FltGetFileNameInformation+0x184
fffff880`06a7f420 fffff880`01028bdb : fffff140`167b2027 00000000`00000001 00000000`00000000 00000000`000276d5 : fileinfo!FIStreamGetInfo+0x11f
fffff880`06a7f4a0 fffff880`00e04242 : 00000000`00000000 fffff8a0`0a4ab2d0 fffffa80`05d09ca0 00000000`00000000 : fileinfo!FIPostCreateCallback+0x1c7
fffff880`06a7f530 fffff880`00e0338b : fffffa80`048c0030 fffffa80`03d636f0 fffffa80`049b0bb0 fffffa80`049b0dd0 : fltmgr!FltpPerformPostCallbacks+0x392
fffff880`06a7f600 fffff880`00e222b9 : fffffa80`05d09900 fffffa80`04a4a010 fffffa80`05d09900 fffffa80`04a0b3d0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x39b
fffff880`06a7f690 fffff800`02d8c807 : 00000000`00000005 fffff800`02d8c260 fffffa80`05cef010 00000000`00000000 : fltmgr!FltpCreate+0x2a9
fffff880`06a7f740 fffff800`02d82e84 : fffffa80`049289d0 00000000`00000000 fffffa80`05c4fb10 fffff880`06a7f801 : nt!IopParseDevice+0x5a7
fffff880`06a7f8d0 fffff800`02d87e4d : fffffa80`05c4fb10 fffff880`06a7fa30 00000000`00000040 fffffa80`03a01de0 : nt!ObpLookupObjectName+0x585
fffff880`06a7f9d0 fffff800`02d8e917 : 00000000`000007ff 00000000`00000001 fffffa80`05d7d101 00000000`00000180 : nt!ObOpenObjectByName+0x1cd
fffff880`06a7fa80 fffff800`02d98520 : 00000000`354bf0d8 fffff8a0`00100080 fffff8a0`0b565020 00000000`354bf0e8 : nt!IopCreateFile+0x2b7
fffff880`06a7fb20 fffff800`02a88993 : fffffa80`03da47e0 00000000`00000001 fffffa80`05ab76d0 fffff800`02d9f414 : nt!NtCreateFile+0x78
fffff880`06a7fbb0 00000000`77c702aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`354bf058 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c702aa
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIStreamGetInfo+11f
fffff880`0102a36b 85c0 test eax,eax
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: fileinfo!FIStreamGetInfo+11f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
Debug session time: Fri Nov 26 13:54:37.562 2010 (GMT-5)
System Uptime: 0 days 0:48:31.045
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {ffffffff828b027a, 2, 1, fffff8800167c468}
Unable to load image \SystemRoot\system32\DRIVERS\Rt64win7.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rt64win7.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : Rt64win7.sys ( Rt64win7+11af7 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffffffff828b027a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800167c468, address which referenced memory
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'SCSIPORT' and 'spsys.sys' overlap
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d070e0
ffffffff828b027a
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!TcpPreValidatedReceive+228
fffff880`0167c468 66448b7902 mov r15w,word ptr [rcx+2]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88006b4ec40 -- (.trap 0xfffff88006b4ec40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000050c2401f rbx=0000000000000000 rcx=fffff88004f51662
rdx=0000000000000009 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800167c468 rsp=fffff88006b4edd8 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=0000000080000000
r11=0000000220b58dbc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!TcpPreValidatedReceive+0x228:
fffff880`0167c468 66448b7902 mov r15w,word ptr [rcx+2] ds:e5f6:fffff880`04f51664=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002aceca9 to fffff80002acf740
STACK_TEXT:
fffff880`06b4eaf8 fffff800`02aceca9 : 00000000`0000000a ffffffff`828b027a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`06b4eb00 fffff800`02acd920 : 00000000`00000000 00000000`00000001 00000000`8a391749 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`06b4ec40 fffff880`0167c468 : fffffa80`0482a000 fffff880`04f47000 fffff880`00000000 fffffa80`04f5eb40 : nt!KiPageFault+0x260
fffff880`06b4edd8 fffffa80`044abf00 : fffff880`0165e6c7 fffffa80`0482a000 fffffa80`04829e30 fffffa80`044a0000 : tcpip!TcpPreValidatedReceive+0x228
fffff880`06b4ee88 fffff880`0165e6c7 : fffffa80`0482a000 fffffa80`04829e30 fffffa80`044a0000 00000000`00000000 : 0xfffffa80`044abf00
fffff880`06b4ee90 fffff880`0165e799 : fffff880`06b4f010 fffff880`0176c9a0 fffff880`06b4f020 fffff880`01635bab : tcpip!IppDeliverListToProtocol+0x97
fffff880`06b4ef50 fffff880`0165ec90 : fffffa80`0482a000 fffffa80`04f55200 00000000`00000011 fffff880`06b4f010 : tcpip!IppProcessDeliverList+0x59
fffff880`06b4efc0 fffff880`0165db21 : fffffa80`faffffef fffffa80`0482a000 fffff880`0176c9a0 00000000`04c36b01 : tcpip!IppReceiveHeaderBatch+0x231
fffff880`06b4f0a0 fffff880`0165c592 : fffffa80`04c427e0 00000000`00000000 fffffa80`04c36b01 00000000`00000001 : tcpip!IpFlcReceivePackets+0x651
fffff880`06b4f2a0 fffff880`01675e5a : fffffa80`04c36bb0 fffff880`06b4f3d0 fffffa80`04c36bb0 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
fffff880`06b4f380 fffff800`02adee5a : fffffa80`04f5ea10 fffff880`06b4a000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda
fffff880`06b4f3d0 fffff880`01675882 : fffff880`01675d80 fffff880`06b4f4e0 fffff880`06b4f502 00000000`00000001 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`06b4f4b0 fffff880`015730eb : fffffa80`04d478d0 00000000`00000000 fffffa80`04ca61a0 fffff880`03ba4a7e : tcpip!FlReceiveNetBufferListChain+0xb2
fffff880`06b4f520 fffff880`0153cfc6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff880`06b4f590 fffff880`014b6ef1 : fffffa80`04ca61a0 00000000`00000002 00000000`00000001 00000000`00000000 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff880`06b4fa10 fffff880`04411af7 : fffffa80`04ef8000 00000000`00000000 fffff880`04ed3030 00000000`00000001 : ndis!NdisMIndicateReceiveNetBufferLists+0xc1
fffff880`06b4fa60 fffffa80`04ef8000 : 00000000`00000000 fffff880`04ed3030 00000000`00000001 00000000`00000001 : Rt64win7+0x11af7
fffff880`06b4fa68 00000000`00000000 : fffff880`04ed3030 00000000`00000001 00000000`00000001 00000000`00000000 : 0xfffffa80`04ef8000
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt64win7+11af7
fffff880`04411af7 ?? ???
SYMBOL_STACK_INDEX: 10
SYMBOL_NAME: Rt64win7+11af7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt64win7
IMAGE_NAME: Rt64win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49a65b0d
FAILURE_BUCKET_ID: X64_0xD1_Rt64win7+11af7
BUCKET_ID: X64_0xD1_Rt64win7+11af7
Followup: MachineOwner
---------
Debug session time: Fri Nov 26 12:02:14.028 2010 (GMT-5)
System Uptime: 0 days 0:03:38.511
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck BE, {6b42828, 9f000000c8eb6025, fffff88006b4a6d0, a}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+409b4 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 0000000006b42828, Virtual address for the attempted write.
Arg2: 9f000000c8eb6025, PTE contents.
Arg3: fffff88006b4a6d0, (reserved)
Arg4: 000000000000000a, (reserved)
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: MsMpEng.exe
CURRENT_IRQL: 2
TRAP_FRAME: fffff88006b4a6d0 -- (.trap 0xfffff88006b4a6d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88006b4a7e8 rbx=0000000000000000 rcx=fffff88006b4a7e8
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ac2743 rsp=fffff88006b4a860 rbp=0000000000000001
r8=fffff880009e7180 r9=0000000000000000 r10=fffff80002cc9840
r11=fffff88006b4a830 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiDeletePageTableHierarchy+0x203:
fffff800`02ac2743 f00fba6f1000 lock bts dword ptr [rdi+10h],0 ds:00000000`00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b0e448 to fffff80002a8f740
STACK_TEXT:
fffff880`06b4a568 fffff800`02b0e448 : 00000000`000000be 00000000`06b42828 9f000000`c8eb6025 fffff880`06b4a6d0 : nt!KeBugCheckEx
fffff880`06b4a570 fffff800`02a8d82e : fffff880`06b4a700 fffffa80`0028c2c0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x409b4
fffff880`06b4a6d0 fffff800`02ac2743 : fffffa80`0028c2c0 00000000`00000001 00000000`06b42818 fffff680`00024ff8 : nt!KiPageFault+0x16e
fffff880`06b4a860 fffff800`02ac08e5 : fffffa80`0574c6b0 55555555`55555555 00000000`00000000 fffff800`02d665f5 : nt!MiDeletePageTableHierarchy+0x203
fffff880`06b4a970 fffff800`02ad10da : 00000000`00000000 00000000`04b00fff fffffa80`00000000 fffffa80`00000000 : nt!MiDeleteVirtualAddresses+0x96c
fffff880`06b4ab30 fffff800`02a8e993 : ffffffff`ffffffff 00000000`020feb50 00000000`020feb18 fffffa80`00008000 : nt!NtFreeVirtualMemory+0x5ca
fffff880`06b4ac20 00000000`7719ff3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`020fea88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7719ff3a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+409b4
fffff800`02b0e448 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+409b4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xBE_nt!_??_::FNODOBFM::_string_+409b4
BUCKET_ID: X64_0xBE_nt!_??_::FNODOBFM::_string_+409b4
Followup: MachineOwner
---------
I find the following outdated drivers loading on your system. Out of date drivers can and do cause memory corruption and BSDOD's. Update these two drivers.