Code:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.20738.amd64fre.win7_ldr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c0c000 PsLoadedModuleList = 0xfffff800`02e40eb0
Debug session time: Sun Feb 6 04:07:41.437 2011 (GMT-5)
System Uptime: 0 days 0:03:33.359
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880090c90d8, fffff880090c8940, fffff8800146b2b1}
Probably caused by : Ntfs.sys ( Ntfs!NtfsReleaseFcbWithPaging+41 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880090c90d8
Arg3: fffff880090c8940
Arg4: fffff8800146b2b1
Debugging Details:
------------------
EXCEPTION_RECORD: fffff880090c90d8 -- (.exr 0xfffff880090c90d8)
ExceptionAddress: fffff8800146b2b1 (Ntfs!NtfsReleaseFcbWithPaging+0x0000000000000041)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 000000000000003b
Attempt to write to address 000000000000003b
CONTEXT: fffff880090c8940 -- (.cxr 0xfffff880090c8940)
rax=fffffa8008768d50 rbx=fffff8a002e61010 rcx=0000000000000033
rdx=fffff8a002e61010 rsi=fffff8a002e61010 rdi=fffffa8007b72510
rip=fffff8800146b2b1 rsp=fffff880090c9310 rbp=fffff880090c98a0
r8=fffff8a002e61100 r9=0000000000000000 r10=fffff8a002e61010
r11=fffff880090c92e0 r12=fffffa8007755180 r13=0000000000000000
r14=fffff8a002e613a0 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
Ntfs!NtfsReleaseFcbWithPaging+0x41:
fffff880`0146b2b1 48894108 mov qword ptr [rcx+8],rax ds:002b:00000000`0000003b=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MsMpEng.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 000000000000003b
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eab0e0
000000000000003b
FOLLOWUP_IP:
Ntfs!NtfsReleaseFcbWithPaging+41
fffff880`0146b2b1 48894108 mov qword ptr [rcx+8],rax
FAULTING_IP:
Ntfs!NtfsReleaseFcbWithPaging+41
fffff880`0146b2b1 48894108 mov qword ptr [rcx+8],rax
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff88001504e3b to fffff8800146b2b1
STACK_TEXT:
fffff880`090c9310 fffff880`01504e3b : fffffa80`07b72510 fffff8a0`02e61010 fffff8a0`02e61010 00000000`00000009 : Ntfs!NtfsReleaseFcbWithPaging+0x41
fffff880`090c9350 fffff880`014de38f : fffffa80`07b72510 fffff8a0`02e61140 fffff8a0`02e61010 fffffa80`07755180 : Ntfs!NtfsCommonClose+0x978
fffff880`090c9420 fffff880`014d4795 : fffffa80`07755180 00000000`00000000 fffff8a0`013d0c01 00000000`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`090c94f0 fffff880`01476b7c : fffffa80`07e1d2f0 fffffa80`07755180 fffffa80`03bed401 fffffa80`03bed400 : Ntfs!NtfsFlushVolume+0x75
fffff880`090c9620 fffff880`0146abed : fffffa80`07e1d2f0 fffff880`01344d01 fffffa80`06701b80 fffff880`090c9700 : Ntfs!NtfsVolumeDasdIo+0x1dc
fffff880`090c96d0 fffff880`0146bf78 : fffffa80`07e1d2f0 fffffa80`03ba2c60 fffff880`090c9801 fffffa80`03b9c700 : Ntfs!NtfsCommonRead+0x1e61
fffff880`090c9870 fffff880`0133823f : fffffa80`03ba2fb8 fffffa80`03ba2c60 fffffa80`03b9c730 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`090c9920 fffff880`013366df : fffffa80`066f88d0 00000000`00000001 fffffa80`066f8800 fffffa80`03ba2c60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`090c99b0 fffff800`02f89669 : 00000000`00000000 fffffa80`03bed420 00000000`00000001 fffffa80`03ba2c60 : fltmgr!FltpDispatch+0xcf
fffff880`090c9a10 fffff800`02f90773 : fffffa80`03bed420 fffffa80`03bed420 fffffa80`03bed420 fffff880`031d3180 : nt!IopSynchronousServiceTail+0xf9
fffff880`090c9a80 fffff800`02c717d3 : 00000000`00000740 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631
fffff880`090c9b70 00000000`76f7fdba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`04a8e128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f7fdba
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsReleaseFcbWithPaging+41
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff880090c8940 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsReleaseFcbWithPaging+41
BUCKET_ID: X64_0x24_Ntfs!NtfsReleaseFcbWithPaging+41
Followup: MachineOwner
---------
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.20738.amd64fre.win7_ldr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c00000 PsLoadedModuleList = 0xfffff800`02e34eb0
Debug session time: Sun Feb 6 04:09:52.289 2011 (GMT-5)
System Uptime: 0 days 0:01:40.211
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffff8a003c953c0, fffff8a003c95450, 50901a5}
GetPointerFromAddress: unable to read from fffff80002e9f0e0
GetUlongFromAddress: unable to read from fffff80002e0d210
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonClose+528 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a003c953c0, The pool entry we were looking for within the page.
Arg3: fffff8a003c95450, The next pool entry.
Arg4: 00000000050901a5, (reserved)
Debugging Details:
------------------
GetUlongFromAddress: unable to read from fffff80002e0d210
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffff8a003c953c0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002d9b6d3 to fffff80002c66580
STACK_TEXT:
fffff880`08e52698 fffff800`02d9b6d3 : 00000000`00000019 00000000`00000020 fffff8a0`03c953c0 fffff8a0`03c95450 : nt!KeBugCheckEx
fffff880`08e526a0 fffff880`014b19e8 : fffffa80`07754180 fffff880`08e52960 fffff8a0`6366744e fffff880`08e52878 : nt!ExDeferredFreePool+0x12c4
fffff880`08e52750 fffff880`014b9adc : fffffa80`08c69930 fffff8a0`06b03c70 fffff8a0`06b03b40 fffffa80`07754180 : Ntfs!NtfsCommonClose+0x528
fffff880`08e52820 fffff880`012e323f : fffff880`08e52901 fffffa80`089a9010 fffff880`08e58000 fffff700`00000002 : Ntfs!NtfsFsdClose+0x2dc
fffff880`08e52920 fffff880`012e16df : fffffa80`066efb20 fffffa80`089a9010 fffffa80`065a4f00 fffffa80`089a9010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`08e529b0 fffff800`02f7d14e : fffffa80`086fe400 fffffa80`0668fb10 fffffa80`08638b30 fffffa80`066efb20 : fltmgr!FltpDispatch+0xcf
fffff880`08e52a10 fffff800`02c6ac84 : fffff8a0`0386e030 fffffa80`08638b30 fffffa80`039e7080 fffffa80`039f0890 : nt!IopDeleteFile+0x11e
fffff880`08e52aa0 fffff800`02f7ced4 : fffffa80`08638b30 00000000`00000000 fffffa80`08a9eb60 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`08e52b00 fffff800`02f7cdd4 : 00000000`00000074 fffffa80`08638b30 fffff8a0`039084e0 00000000`00000074 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`08e52b90 fffff800`02c657d3 : fffffa80`08a9eb60 fffff880`08e52c60 00000000`77c73540 00000000`0027ed00 : nt!ObpCloseHandle+0x94
fffff880`08e52be0 00000000`77b8fe4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00bbe1b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b8fe4a
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs!NtfsCommonClose+528
fffff880`014b19e8 e9edfdffff jmp Ntfs!NtfsCommonClose+0x31a (fffff880`014b17da)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Ntfs!NtfsCommonClose+528
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
FAILURE_BUCKET_ID: X64_0x19_20_Ntfs!NtfsCommonClose+528
BUCKET_ID: X64_0x19_20_Ntfs!NtfsCommonClose+528
Followup: MachineOwner
---------
Debug session time: Sat Feb 5 15:57:13.966 2011 (GMT-5)
System Uptime: 0 days 0:00:12.261
Loading Kernel Symbols
...............................................................
................................................................
......
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41201, fffff68000002fc0, b5, fffffa800819dcc0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+138f2 )
Followup: MachineOwner
---------
Debug session time: Sat Feb 5 15:54:33.871 2011 (GMT-5)
System Uptime: 0 days 0:01:58.166
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 406f8, fffff960001a5e75}
Probably caused by : memory_corruption
Followup: memory_corruption
---------
Debug session time: Sat Feb 5 15:52:00.081 2011 (GMT-5)
System Uptime: 0 days 0:03:55.002
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88009a19e68, fffff88009a196d0, fffff880015416c0}
Probably caused by : memory_corruption
Followup: memory_corruption
---------