Code:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02806000 PsLoadedModuleList = 0xfffff800`02a43e50
Debug session time: Fri Dec 24 12:04:06.283 2010 (GMT-5)
System Uptime: 0 days 0:19:54.623
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 1097, d060409, fffff8a00c83e580}
GetPointerFromAddress: unable to read from fffff80002aae0e0
Probably caused by : Npfs.SYS ( Npfs!NpFreeClientSecurityContext+39 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001097, (reserved)
Arg3: 000000000d060409, Memory contents of the pool block
Arg4: fffff8a00c83e580, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: fffff8a00c83e580
FREED_POOL_TAG: NpFs
FAULTING_IP:
+5d2d952f00e7d914
00000000`00000004 ?? ???
BUGCHECK_STR: 0xc2_7_NpFs
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: BFBC2Game.exe
CURRENT_IRQL: 0
DEVICE_OBJECT: fffffa8003fc5448
LAST_CONTROL_TRANSFER: from fffff800029a960e to fffff80002877f00
STACK_TEXT:
fffff880`0be157d8 fffff800`029a960e : 00000000`000000c2 00000000`00000007 00000000`00001097 00000000`0d060409 : nt!KeBugCheckEx
fffff880`0be157e0 fffff880`0107e175 : fffff8a0`07a09601 fffff8a0`0c83e580 fffff880`0be15a10 00000000`00001af8 : nt!ExFreePool+0xccb
fffff880`0be15890 fffff880`0107f6c4 : 00000000`00000000 00000000`00001af8 fffff880`0be15a10 00000000`00000230 : Npfs!NpFreeClientSecurityContext+0x39
fffff880`0be158c0 fffff880`0107f422 : fffff8a0`07a09710 00000000`00000001 00000000`11cd1250 fffffa80`00001af8 : Npfs!NpWriteDataQueue+0x1f4
fffff880`0be15940 fffff880`0107f151 : fffffa80`03fc5400 00000000`11cd1250 00000000`00000000 fffffa80`04a32060 : Npfs!NpCommonWrite+0x1ba
fffff880`0be159d0 fffff800`02b8b929 : 00000000`00000001 fffffa80`04a19da0 00000000`00000000 fffffa80`03fc5330 : Npfs!NpFsdWrite+0x5d
fffff880`0be15a40 fffff800`02b8c6c3 : fffffa80`03fc5448 00000000`00000000 fffffa80`04a19da0 fffff880`009e6180 : nt!IopSynchronousServiceTail+0xf9
fffff880`0be15ab0 fffff800`02877153 : 00000000`11cb6701 00000000`00000000 fffffffe`2a74f739 00000000`0ffd5749 : nt!NtWriteFile+0x7e2
fffff880`0be15bb0 00000000`774dff3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`11efe7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774dff3a
STACK_COMMAND: kb
FOLLOWUP_IP:
Npfs!NpFreeClientSecurityContext+39
fffff880`0107e175 4883c420 add rsp,20h
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Npfs!NpFreeClientSecurityContext+39
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc114
FAILURE_BUCKET_ID: X64_0xc2_7_NpFs_Npfs!NpFreeClientSecurityContext+39
BUCKET_ID: X64_0xc2_7_NpFs_Npfs!NpFreeClientSecurityContext+39
Followup: MachineOwner
---------
Debug session time: Fri Dec 24 13:58:14.426 2010 (GMT-5)
System Uptime: 0 days 0:30:25.767
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8800a88eac0, 0, fffff880045071b6, 0}
Could not read faulting driver name
Probably caused by : dxgkrnl.sys ( dxgkrnl!DxgkWaitForSynchronizationObject+1ca )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8800a88eac0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff880045071b6, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002b0e0e0
fffff8800a88eac0
FAULTING_IP:
dxgkrnl!DxgkWaitForSynchronizationObject+1ca
fffff880`045071b6 4c8b5e10 mov r11,qword ptr [rsi+10h]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: BFBC2Game.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800b5526f0 -- (.trap 0xfffff8800b5526f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800b5528c8 rbx=0000000000000000 rcx=fffffa800646ff00
rdx=0000000000000290 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880045071b6 rsp=fffff8800b552880 rbp=fffff8800b552ca0
r8=fffff8a00897e000 r9=0000000000000017 r10=0000000040002740
r11=fffff8800b552910 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
dxgkrnl!DxgkWaitForSynchronizationObject+0x1ca:
fffff880`045071b6 4c8b5e10 mov r11,qword ptr [rsi+10h] ds:00000000`00000010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002956f14 to fffff800028d6740
STACK_TEXT:
fffff880`0b552588 fffff800`02956f14 : 00000000`00000050 fffff880`0a88eac0 00000000`00000000 fffff880`0b5526f0 : nt!KeBugCheckEx
fffff880`0b552590 fffff800`028d482e : 00000000`00000000 00000000`0372e750 00000000`00000000 00000000`00000003 : nt! ?? ::FNODOBFM::`string'+0x42837
fffff880`0b5526f0 fffff880`045071b6 : 00000000`0372e750 00000000`00000000 fffff8a0`0a885220 fffff8a0`0a885220 : nt!KiPageFault+0x16e
fffff880`0b552880 fffff960`001dba96 : 00000000`0372e6b0 00000000`00000001 00000000`000007fb fffff8a0`0ab50010 : dxgkrnl!DxgkWaitForSynchronizationObject+0x1ca
fffff880`0b552bf0 fffff800`028d5993 : fffffa80`03f6c060 00000000`000001e8 00000000`017d7840 fffffa80`03d85be0 : win32k!NtGdiDdDDIWaitForSynchronizationObject+0x12
fffff880`0b552c20 00000000`74ab152a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0372e718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74ab152a
STACK_COMMAND: kb
FOLLOWUP_IP:
dxgkrnl!DxgkWaitForSynchronizationObject+1ca
fffff880`045071b6 4c8b5e10 mov r11,qword ptr [rsi+10h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: dxgkrnl!DxgkWaitForSynchronizationObject+1ca
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgkrnl
IMAGE_NAME: dxgkrnl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ac5509e
FAILURE_BUCKET_ID: X64_0x50_dxgkrnl!DxgkWaitForSynchronizationObject+1ca
BUCKET_ID: X64_0x50_dxgkrnl!DxgkWaitForSynchronizationObject+1ca
Followup: MachineOwner
---------
Debug session time: Fri Dec 24 03:02:59.249 2010 (GMT-5)
System Uptime: 0 days 2:56:04.590
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff800028dbde6, fffff8800be6da60, 0}
Probably caused by : ntkrnlmp.exe ( nt!ExpReleaseResourceForThreadLite+46 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800028dbde6, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff8800be6da60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'nvlddmkm' and 'nvlddmkm.sys' overlap
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExpReleaseResourceForThreadLite+46
fffff800`028dbde6 f0480fba696000 lock bts qword ptr [rcx+60h],0
CONTEXT: fffff8800be6da60 -- (.cxr 0xfffff8800be6da60)
rax=000000000000fffd rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800405d410 rsi=0000000000000000 rdi=fffff8a00a483170
rip=fffff800028dbde6 rsp=fffff8800be6e440 rbp=fffffa800405d410
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=fffff8a00a483170 r12=fffff80002a4ae80 r13=fffffa800405d410
r14=0000000000000000 r15=fffff8a003de0ca0
iopl=0 nv up di pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010046
nt!ExpReleaseResourceForThreadLite+0x46:
fffff800`028dbde6 f0480fba696000 lock bts qword ptr [rcx+60h],0 ds:002b:00000000`00000060=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff800028dbde6
STACK_TEXT:
fffff880`0be6e440 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExpReleaseResourceForThreadLite+0x46
FOLLOWUP_IP:
nt!ExpReleaseResourceForThreadLite+46
fffff800`028dbde6 f0480fba696000 lock bts qword ptr [rcx+60h],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExpReleaseResourceForThreadLite+46
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
STACK_COMMAND: .cxr 0xfffff8800be6da60 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ExpReleaseResourceForThreadLite+46
BUCKET_ID: X64_0x3B_nt!ExpReleaseResourceForThreadLite+46
Followup: MachineOwner
---------