Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\103111-29624-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e67000 PsLoadedModuleList = 0xfffff800`030a4e70
Debug session time: Mon Oct 31 21:03:11.200 2011 (UTC - 7:00)
System Uptime: 0 days 0:13:30.119
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {4, 2, 1, fffff88014b51a51}
Probably caused by : hardware ( USBPORT!USBPORT_Core_iSubmitTransferToMiniport+239 )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000004, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88014b51a51, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310f0e0
0000000000000004
CURRENT_IRQL: 2
FAULTING_IP:
USBPORT!USBPORT_Core_iSubmitTransferToMiniport+239
fffff880`14b51a51 b909000000 mov ecx,9
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff880030cca20 -- (.trap 0xfffff880030cca20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000004 rbx=0000000000000000 rcx=fffffa8008989178
rdx=000000004f444602 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88014b51a51 rsp=fffff880030ccbb0 rbp=fffffa800945fa00
r8=000000004f444600 r9=fffffa800945fc48 r10=fffffa8008b996b0
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
USBPORT!USBPORT_Core_iSubmitTransferToMiniport+0x239:
fffff880`14b51a51 b909000000 mov ecx,9
Resetting default scope
MISALIGNED_IP:
USBPORT!USBPORT_Core_iSubmitTransferToMiniport+239
fffff880`14b51a51 b909000000 mov ecx,9
LAST_CONTROL_TRANSFER: from fffff80002ed6b29 to fffff80002ed75c0
STACK_TEXT:
fffff880`030cc8d8 fffff800`02ed6b29 : 00000000`0000000a 00000000`00000004 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`030cc8e0 fffff800`02ed57a0 : fffffa80`0945fc48 fffffa80`06cb3010 00000000`00000000 fffffa80`06cb33d8 : nt!KiBugCheckDispatch+0x69
fffff880`030cca20 fffff880`14b51a51 : fffffa80`089881a0 00000000`00000000 fffff880`00000010 fffffa80`06cb3010 : nt!KiPageFault+0x260
fffff880`030ccbb0 fffff880`14b4ed39 : fffffa80`00000001 fffffa80`08988050 fffffa80`0945fa00 fffffa80`089881a0 : USBPORT!USBPORT_Core_iSubmitTransferToMiniport+0x239
fffff880`030ccc40 fffff880`14b3ff89 : fffffa80`08988050 00000000`00000000 fffffa80`08988d02 fffffa80`08988d28 : USBPORT!USBPORT_Core_UsbMapDpc_Worker+0x149
fffff880`030ccca0 fffff800`02ee2a9c : fffff880`030a4180 fffffa80`08988d28 fffffa80`08988d40 00000000`00000000 : USBPORT!USBPORT_Xdpc_Worker+0x1d9
fffff880`030cccd0 fffff800`02edfd8a : fffff880`030a4180 fffff880`030af040 00000000`00000000 fffff880`14b3fdb0 : nt!KiRetireDpcList+0x1bc
fffff880`030ccd80 00000000`00000000 : fffff880`030cd000 fffff880`030c7000 fffff880`030ccd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
USBPORT!USBPORT_Core_iSubmitTransferToMiniport+239
fffff880`14b51a51 b909000000 mov ecx,9
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: USBPORT!USBPORT_Core_iSubmitTransferToMiniport+239
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122111-25084-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0320c000 PsLoadedModuleList = 0xfffff800`03451670
Debug session time: Wed Dec 21 19:27:36.504 2011 (UTC - 7:00)
System Uptime: 0 days 0:01:36.674
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880030a6258, fffff880030a5ab0, fffff800032765eb}
Probably caused by : Ntfs.sys ( Ntfs!NtfsVolumeDasdIo+175 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880030a6258
Arg3: fffff880030a5ab0
Arg4: fffff800032765eb
Debugging Details:
------------------
EXCEPTION_RECORD: fffff880030a6258 -- (.exr 0xfffff880030a6258)
ExceptionAddress: fffff800032765eb (nt!MmCreateKernelStack+0x00000000000000d0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880030a5ab0 -- (.cxr 0xfffff880030a5ab0)
rax=fff6fc400185f808 rbx=fffffa800930e631 rcx=fffa8005f4042003
rdx=fffffa80054cfcf0 rsi=fffffa800930e630 rdi=fff6fc400185f7d8
rip=fffff800032765eb rsp=fffff880030a6490 rbp=0000000000000002
r8=ffff80030bf01000 r9=0000000fffffffff r10=fffffa8000000000
r11=fffffa80054cfcef r12=0000000000000000 r13=0000000000000002
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!MmCreateKernelStack+0xd0:
fffff800`032765eb 488b48f8 mov rcx,qword ptr [rax-8] ds:002b:fff6fc40`0185f800=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: autochk.exe
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034bb100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsVolumeDasdIo+175
fffff880`0122ed21 f6460801 test byte ptr [rsi+8],1
FAULTING_IP:
nt!MmCreateKernelStack+d0
fffff800`032765eb 488b48f8 mov rcx,qword ptr [rax-8]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80003295792 to fffff800032765eb
STACK_TEXT:
fffff880`030a6490 fffff800`03295792 : 00000000`00000000 00000000`00000002 fffffa80`07bd5c60 fffff680`00009fb0 : nt!MmCreateKernelStack+0xd0
fffff880`030a6580 fffff880`0122ed21 : fffff880`01224384 fffff880`030a68e0 fffffa80`09329400 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x252
fffff880`030a6660 fffff880`0121d684 : fffffa80`093294f0 fffff880`0119ad00 fffffa80`07976e10 fffff880`030a6701 : Ntfs!NtfsVolumeDasdIo+0x175
fffff880`030a6710 fffff880`0121da68 : fffffa80`093294f0 fffffa80`07bd5c60 fffff880`030a6801 fffffa80`08ecc100 : Ntfs!NtfsCommonRead+0x1e58
fffff880`030a68b0 fffff880`0118dbcf : fffffa80`07bd5fb8 fffffa80`07bd5c60 fffffa80`08ecc1d0 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`030a6960 fffff880`0118c6df : fffffa80`0796fde0 00000000`00000001 fffffa80`0796fd00 fffffa80`07bd5c60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`030a69f0 fffff800`0359121b : 00000000`00000000 fffffa80`08d35b70 00000000`00000001 fffffa80`07bd5c60 : fltmgr!FltpDispatch+0xcf
fffff880`030a6a50 fffff800`03572b63 : fffffa80`08d35b70 fffffa80`08d35b70 fffffa80`08d35b70 fffff880`009ce180 : nt!IopSynchronousServiceTail+0xfb
fffff880`030a6ac0 fffff800`03287ed3 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631
fffff880`030a6bb0 00000000`7724137a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0016c6d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7724137a
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Ntfs!NtfsVolumeDasdIo+175
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff880030a5ab0 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsVolumeDasdIo+175
BUCKET_ID: X64_0x24_Ntfs!NtfsVolumeDasdIo+175
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122111-37752-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0324a000 PsLoadedModuleList = 0xfffff800`0348f670
Debug session time: Wed Dec 21 19:47:12.277 2011 (UTC - 7:00)
System Uptime: 0 days 0:02:14.072
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff880049bbfb8, fffff880049bb810, fffff88001252c07}
Probably caused by : Ntfs.sys ( Ntfs!NtfsPrepareSimpleBuffers+47 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff880049bbfb8
Arg3: fffff880049bb810
Arg4: fffff88001252c07
Debugging Details:
------------------
EXCEPTION_RECORD: fffff880049bbfb8 -- (.exr 0xfffff880049bbfb8)
ExceptionAddress: fffff88001252c07 (Ntfs!NtfsPrepareSimpleBuffers+0x0000000000000047)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880049bb810 -- (.cxr 0xfffff880049bb810)
rax=fffff880049bc380 rbx=fffff880049bc3d8 rcx=30fffff880049bc6
rdx=fffffa8006e5fc60 rsi=30fffff880049bc6 rdi=30fffff880049bc6
rip=fffff88001252c07 rsp=fffff880049bc1f0 rbp=fffffa8006e5fc60
r8=0000000000004000 r9=0000000000149600 r10=0000000000000000
r11=fffff880049bc430 r12=0000000000004000 r13=0000000000149600
r14=fffffa8006e5fc60 r15=0000000000004000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246
Ntfs!NtfsPrepareSimpleBuffers+0x47:
fffff880`01252c07 0fb64118 movzx eax,byte ptr [rcx+18h] ds:002b:30fffff8`80049bde=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034f9100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsPrepareSimpleBuffers+47
fffff880`01252c07 0fb64118 movzx eax,byte ptr [rcx+18h]
FAULTING_IP:
Ntfs!NtfsPrepareSimpleBuffers+47
fffff880`01252c07 0fb64118 movzx eax,byte ptr [rcx+18h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff8800125414b to fffff88001252c07
STACK_TEXT:
fffff880`049bc1f0 fffff880`0125414b : 30fffff8`80049bc6 fffffa80`06e5fc60 fffff8a0`0166e140 00000000`00149600 : Ntfs!NtfsPrepareSimpleBuffers+0x47
fffff880`049bc2b0 fffff880`0125337c : fffffa80`06e5fc60 fffffa80`0798fd80 fffff880`049bc3d0 fffff800`032ba0f9 : Ntfs!NtfsPrepareBuffers+0xcb
fffff880`049bc330 fffff880`0124bfc6 : fffff880`049bc6d0 fffffa80`06e5fc60 fffff8a0`0166e140 00000000`00000000 : Ntfs!NtfsNonCachedIo+0x1bc
fffff880`049bc500 fffff880`0124da68 : fffff880`049bc6d0 fffffa80`06e5fc60 fffff880`049bc801 fffffa80`06e2c001 : Ntfs!NtfsCommonRead+0x7a6
fffff880`049bc6a0 fffff880`01177bcf : fffffa80`06e5ffb8 fffffa80`06e5fc60 fffffa80`06e2c010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`049bc8b0 fffff880`011766df : fffffa80`0798ede0 fffffa80`0a0e7601 fffffa80`0798ed00 fffffa80`06e5fc60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`049bc940 fffff800`032eebc5 : fffffa80`06e5fc80 fffffa80`0a0d5f20 fffffa80`084e5dd0 fffff880`009ce180 : fltmgr!FltpDispatch+0xcf
fffff880`049bc9a0 fffff800`032ee699 : 00000000`00000001 00000000`00000001 fffffa80`084e5d10 00000000`00040000 : nt!IoPageRead+0x255
fffff880`049bca30 fffff800`032d502a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255
fffff880`049bcac0 fffff800`032c4d6e : 00000000`00000000 000007fe`f5bcc6bc 00000000`00000001 00000000`00003286 : nt!MmAccessFault+0x146a
fffff880`049bcc20 00000000`77359c12 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0257db40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77359c12
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsPrepareSimpleBuffers+47
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff880049bb810 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareSimpleBuffers+47
BUCKET_ID: X64_0x24_Ntfs!NtfsPrepareSimpleBuffers+47
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122211-24039-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0321a000 PsLoadedModuleList = 0xfffff800`0345f670
Debug session time: Thu Dec 22 12:17:40.388 2011 (UTC - 7:00)
System Uptime: 0 days 12:21:11.559
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {9a, 109b80, 2, 0}
Probably caused by : memory_corruption ( nt!MiBadRefCount+4f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 000000000000009a,
Arg2: 0000000000109b80
Arg3: 0000000000000002
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_9a
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: RAIDXpert.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff8000331fd1f to fffff80003296c40
STACK_TEXT:
fffff880`099aa8c8 fffff800`0331fd1f : 00000000`0000004e 00000000`0000009a 00000000`00109b80 00000000`00000002 : nt!KeBugCheckEx
fffff880`099aa8d0 fffff800`03308149 : 00000000`00000000 fffffa80`031de800 ffffffff`ffffffff 00000000`00000000 : nt!MiBadRefCount+0x4f
fffff880`099aa910 fffff800`032be6cf : fffffa80`09fee710 fffff880`099aaa80 fffffa80`098aeec8 fffffa80`09fee710 : nt! ?? ::FNODOBFM::`string'+0x38254
fffff880`099aa9f0 fffff800`032a502a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`02f00180 : nt!MiIssueHardFault+0x28b
fffff880`099aaac0 fffff800`03294d6e : 00000000`00000008 00000000`02876c70 fffff880`099aab01 00000000`0876def8 : nt!MmAccessFault+0x146a
fffff880`099aac20 00000000`02876c70 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0e13fa0c 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x2876c70
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadRefCount+4f
fffff800`0331fd1f cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadRefCount+4f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_9a_nt!MiBadRefCount+4f
BUCKET_ID: X64_0x4E_9a_nt!MiBadRefCount+4f
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122211-30061-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03259000 PsLoadedModuleList = 0xfffff800`0349e670
Debug session time: Thu Dec 22 13:33:48.970 2011 (UTC - 7:00)
System Uptime: 0 days 0:40:03.796
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 171a28, 2, 180127}
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000171a28, page frame number
Arg3: 0000000000000002, current page state
Arg4: 0000000000180127, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: sidebar.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff8000335ed7c to fffff800032d5c40
STACK_TEXT:
fffff880`0a84ac98 fffff800`0335ed7c : 00000000`0000004e 00000000`00000099 00000000`00171a28 00000000`00000002 : nt!KeBugCheckEx
fffff880`0a84aca0 fffff800`0327d3ce : 00000000`00000000 fffff680`00029f68 00000000`00000000 00000000`00000000 : nt!MiBadShareCount+0x4c
fffff880`0a84ace0 fffff800`03307bb7 : 00000000`00000000 fffff680`00029f70 fffffa80`08992b30 fffff800`034041de : nt! ?? ::FNODOBFM::`string'+0x33094
fffff880`0a84ae90 fffff800`032c30ff : fffffa80`00000000 00000000`053eefff 00000000`00000000 00000000`00000000 : nt!MiDeleteVirtualAddresses+0x41f
fffff880`0a84b050 fffff800`032d4ed3 : ffffffff`ffffffff fffff880`0a84b320 fffff880`0a84b388 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`0a84b150 fffff800`032d1470 : fffff960`00136644 00000000`00000001 00000000`00000000 fffff900`c1de3320 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0a84b2e8 fffff960`00136644 : 00000000`00000001 00000000`00000000 fffff900`c1de3320 00000000`00000000 : nt!KiServiceLinkage
fffff880`0a84b2f0 fffff960`00136994 : ffffffff`00000000 fffff880`00000000 fffff900`c1de3320 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x3c8
fffff880`0a84b440 fffff960`000f7669 : ffffffff`99051831 fffff900`c1de3320 ffffffff`99051831 00000000`030ab780 : win32k!bDeleteSurface+0x34
fffff880`0a84b470 fffff800`032d4ed3 : fffffa80`08b79060 00000000`06a7e000 00000000`030aa801 00000000`030ab920 : win32k!NtGdiDeleteObjectApp+0xd5
fffff880`0a84b4a0 000007fe`fe89108a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`030ab638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fe89108a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`0335ed7c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-32229-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03268000 PsLoadedModuleList = 0xfffff800`034ad670
Debug session time: Sat Dec 24 04:24:28.265 2011 (UTC - 7:00)
System Uptime: 0 days 5:51:38.075
Loading Kernel Symbols
...............................................................
................................................................
..........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffff8a0140ee830, fffff8a0140ee860, 5030103}
GetPointerFromAddress: unable to read from fffff80003517100
Probably caused by : Ntfs.sys ( Ntfs!NtfsRemoveHashEntry+e2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a0140ee830, The pool entry we were looking for within the page.
Arg3: fffff8a0140ee860, The next pool entry.
Arg4: 0000000005030103, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffff8a0140ee830
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003412cae to fffff800032e4c40
STACK_TEXT:
fffff880`03376878 fffff800`03412cae : 00000000`00000019 00000000`00000020 fffff8a0`140ee830 fffff8a0`140ee860 : nt!KeBugCheckEx
fffff880`03376880 fffff880`012d1fe6 : 00000000`1de96ff7 fffffa80`087d1350 00000000`3066744e fffff800`0359d90e : nt!ExDeferredFreePool+0x12da
fffff880`03376930 fffff880`0124d9ae : fffff8a0`17625b40 fffff800`03485260 fffff880`03376b01 fffff880`012d5cc1 : Ntfs!NtfsRemoveHashEntry+0xe2
fffff880`033769c0 fffff880`012d363c : fffffa80`0be09700 fffffa80`087d0180 fffff8a0`17625b40 fffff8a0`17625ed8 : Ntfs!NtfsTeardownFromLcb+0x21e
fffff880`03376a50 fffff880`012550e2 : fffffa80`0be09700 fffffa80`0be09700 fffff8a0`17625b40 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`03376ad0 fffff880`012e3193 : fffffa80`0be09700 fffff800`03485260 fffff8a0`17625b40 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`03376b10 fffff880`012d2357 : fffffa80`0be09700 fffff8a0`17625c70 fffff8a0`17625b40 fffffa80`087d0180 : Ntfs!NtfsCommonClose+0x353
fffff880`03376be0 fffff800`032ef001 : 00000000`00000000 fffff800`035db900 fffffa80`06a4b001 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`03376cb0 fffff800`0357ffee : 00000000`00000000 fffffa80`06a4b040 00000000`00000080 fffffa80`069acb30 : nt!ExpWorkerThread+0x111
fffff880`03376d40 fffff800`032d65e6 : fffff880`032a4180 fffffa80`06a4b040 fffff880`032af040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03376d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs!NtfsRemoveHashEntry+e2
fffff880`012d1fe6 4533c9 xor r9d,r9d
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Ntfs!NtfsRemoveHashEntry+e2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
FAILURE_BUCKET_ID: X64_0x19_20_Ntfs!NtfsRemoveHashEntry+e2
BUCKET_ID: X64_0x19_20_Ntfs!NtfsRemoveHashEntry+e2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-25069-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c60000 PsLoadedModuleList = 0xfffff800`03ea5670
Debug session time: Sat Dec 24 12:40:02.024 2011 (UTC - 7:00)
System Uptime: 0 days 0:20:52.210
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41287, 30, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+46485 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041287, The subtype of the bugcheck.
Arg2: 0000000000000030
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41287
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800c03f6e0 -- (.trap 0xfffff8800c03f6e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000001600001
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003dbabc5 rsp=fffff8800c03f870 rbp=fffff8800c03f8c0
r8=fffff80003c60000 r9=0000000000000001 r10=0000058000000000
r11=0000000fffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!MiResolvePageFileFault+0x1115:
fffff800`03dbabc5 8b4830 mov ecx,dword ptr [rax+30h] ds:00000000`00000030=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003c6fd7e to fffff80003cdcc40
STACK_TEXT:
fffff880`0c03f578 fffff800`03c6fd7e : 00000000`0000001a 00000000`00041287 00000000`00000030 00000000`00000000 : nt!KeBugCheckEx
fffff880`0c03f580 fffff800`03cdad6e : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`01600001 : nt! ?? ::FNODOBFM::`string'+0x46485
fffff880`0c03f6e0 fffff800`03dbabc5 : 00000000`0003c93f 00000000`00000000 fffff880`0c03f950 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`0c03f870 fffff800`03d4f6b0 : 00000000`6da18c01 fffff680`0036d0c0 fffffa80`076e73f8 00000000`00000011 : nt!MiResolvePageFileFault+0x1115
fffff880`0c03f9b0 fffff800`03ce9f19 : 00000000`00000001 ffffffff`ffffffff fffff880`0c03fbf8 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x399d4
fffff880`0c03fac0 fffff800`03cdad6e : 00000000`00000008 00000000`6da18c01 fffff880`0c03fb01 00000000`0034f538 : nt!MmAccessFault+0x359
fffff880`0c03fc20 00000000`6da18c01 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0034f1cc 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6da18c01
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+46485
fffff800`03c6fd7e cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+46485
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485
BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-23197-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03004000 PsLoadedModuleList = 0xfffff800`03249670
Debug session time: Sat Dec 24 13:11:48.620 2011 (UTC - 7:00)
System Uptime: 0 days 0:03:18.759
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800238bf68, fffff8800238b7c0, fffff800030c4c08}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800238bf68
Arg3: fffff8800238b7c0
Arg4: fffff800030c4c08
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800238bf68 -- (.exr 0xfffff8800238bf68)
ExceptionAddress: fffff800030c4c08 (nt!MiFlushSectionInternal+0x0000000000000b38)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000013
Attempt to write to address 0000000000000013
CONTEXT: fffff8800238b7c0 -- (.cxr 0xfffff8800238b7c0)
rax=0000000000000000 rbx=fffff8800238c6c0 rcx=f8800126314d0000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000008
rip=fffff800030c4c08 rsp=fffff8800238c1a0 rbp=fffffa8006556230
r8=0000000000000000 r9=fffff800031f6e80 r10=fffffa8006a7be00
r11=fffff8800238c170 r12=fffff8800238c2c0 r13=fffff8800238c2f8
r14=fffff8a000409680 r15=fffff8a000409688
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!MiFlushSectionInternal+0xb38:
fffff800`030c4c08 8c5613 mov word ptr [rsi+13h],ss ds:002b:00000000`00000013=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000013
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b3100
0000000000000013
FOLLOWUP_IP:
nt!MiFlushSectionInternal+b38
fffff800`030c4c08 8c5613 mov word ptr [rsi+13h],ss
FAULTING_IP:
nt!MiFlushSectionInternal+b38
fffff800`030c4c08 8c5613 mov word ptr [rsi+13h],ss
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: CODE_CORRUPTION
LAST_CONTROL_TRANSFER: from fffff800030c32d8 to fffff800030c4c08
STACK_TEXT:
fffff880`0238c1a0 fffff800`030c32d8 : fffff8a0`00409680 fffff8a0`00409688 fffffa80`087eb1e0 fffffa80`087eb1e0 : nt!MiFlushSectionInternal+0xb38
fffff880`0238c3d0 fffff800`030c2669 : fffffa80`07b6c220 00000000`00000000 00000000`00001000 fffff880`0238c680 : nt!MmFlushSection+0x1f4
fffff880`0238c490 fffff880`012ce6e1 : fffffa80`07b6c220 fffff800`00000000 fffffa80`00001000 fffff880`00001000 : nt!CcFlushCache+0x5e9
fffff880`0238c590 fffff880`012d18db : fffff880`0238cab0 fffffa80`07af7180 fffff880`0238ca00 fffff880`01224000 : Ntfs!NtfsCheckpointVolume+0xbc1
fffff880`0238c990 fffff880`012d027b : fffff880`0238cab0 fffffa80`07af7180 fffffa80`07af7188 fffff880`01217020 : Ntfs!NtfsCheckpointAllVolumesWorker+0x4b
fffff880`0238c9e0 fffff880`012d2398 : fffff880`0238cab0 00000000`00000000 fffff880`012d1890 fffff880`0238ccb8 : Ntfs!NtfsForEachVcb+0x167
fffff880`0238ca80 fffff800`0308b001 : fffff800`03221200 fffff800`03377900 fffffa80`06a67100 fffffa80`00000005 : Ntfs!NtfsCheckpointAllVolumes+0xb8
fffff880`0238ccb0 fffff800`0331bfee : 00000000`00000000 fffffa80`06a671a0 00000000`00000080 fffffa80`06a4f040 : nt!ExpWorkerThread+0x111
fffff880`0238cd40 fffff800`030725e6 : fffff880`021b0180 fffffa80`06a671a0 fffff880`021bb040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0238cd80 00000000`00000000 : fffff880`0238d000 fffff880`02387000 fffff880`0238b6f0 00000000`00000000 : nt!KxStartSystemThread+0x16
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff800030c4c08 - nt!MiFlushSectionInternal+b38
[ 8d:8c ]
1 error : !nt (fffff800030c4c08)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: ONE_BIT
STACK_COMMAND: .cxr 0xfffff8800238b7c0 ; kb
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
Followup: memory_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-25053-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c1c000 PsLoadedModuleList = 0xfffff800`03e61670
Debug session time: Sat Dec 24 16:04:00.662 2011 (UTC - 7:00)
System Uptime: 0 days 1:55:10.833
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050030, 6f8, fffff80003cc482b}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050030
Arg3: 00000000000006f8
Arg4: fffff80003cc482b
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TurboV_EVO.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003c981e9 to fffff80003c98c40
STACK_TEXT:
fffff880`03177d68 fffff800`03c981e9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`03177d70 fffff800`03c966b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`03177eb0 fffff800`03cc482b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
00000000`06b9dfd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlpGetStackLimits+0xf
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`03c966b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-24367-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c56000 PsLoadedModuleList = 0xfffff800`03e9b670
Debug session time: Sat Dec 24 16:26:39.798 2011 (UTC - 7:00)
System Uptime: 0 days 0:05:08.985
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9600017cbf4, fffff880079e61b0, 0}
Probably caused by : hardware ( win32k!NtUserGetMessage+74 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600017cbf4, Address of the instruction which caused the bugcheck
Arg3: fffff880079e61b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!NtUserGetMessage+74
fffff960`0017cbf4 ff8bd8488b15 dec dword ptr [rbx+158B48D8h]
CONTEXT: fffff880079e61b0 -- (.cxr 0xfffff880079e61b0)
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=000000001adcf870
rip=fffff9600017cbf4 rsp=fffff880079e6b90 rbp=fffff880079e6ca0
r8=fffff900c1b2ca10 r9=0000000000000000 r10=fffffa80058fa7f0
r11=fffff900c1b27c40 r12=0000000000000000 r13=000000001adcf7a8
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
win32k!NtUserGetMessage+0x74:
fffff960`0017cbf4 ff8bd8488b15 dec dword ptr [rbx+158B48D8h] ds:002b:00000000`158b48d8=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WDRulesEngine.
CURRENT_IRQL: 0
MISALIGNED_IP:
win32k!NtUserGetMessage+74
fffff960`0017cbf4 ff8bd8488b15 dec dword ptr [rbx+158B48D8h]
LAST_CONTROL_TRANSFER: from fffff80003cd1ed3 to fffff9600017cbf4
STACK_TEXT:
fffff880`079e6b90 fffff800`03cd1ed3 : fffffa80`0751cb60 00000000`00000000 00000000`00000020 00000000`00000000 : win32k!NtUserGetMessage+0x74
fffff880`079e6c20 00000000`775e9e6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`1adcf698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775e9e6a
FOLLOWUP_IP:
win32k!NtUserGetMessage+74
fffff960`0017cbf4 ff8bd8488b15 dec dword ptr [rbx+158B48D8h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!NtUserGetMessage+74
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffff880079e61b0 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-23540-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c00000 PsLoadedModuleList = 0xfffff800`03e45670
Debug session time: Sat Dec 24 17:14:02.807 2011 (UTC - 7:00)
System Uptime: 0 days 0:44:10.633
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {797600000, 2, 1, fffff880014bf5f5}
Unable to load image \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for VBoxNetFlt.sys
*** ERROR: Module load completed but symbols could not be loaded for VBoxNetFlt.sys
Probably caused by : VBoxNetFlt.sys ( VBoxNetFlt+4c02 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000797600000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880014bf5f5, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003eaf100
0000000797600000
CURRENT_IRQL: 2
FAULTING_IP:
ndis!ndisXlateRecvPacketArrayToNetBufferLists+b5
fffff880`014bf5f5 4c895d00 mov qword ptr [rbp],r11
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff80000b9bfc0 -- (.trap 0xfffff80000b9bfc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff80000b9c300
rdx=fffffa8007e93e2f rsi=0000000000000000 rdi=0000000000000000
rip=fffff880014bf5f5 rsp=fffff80000b9c150 rbp=0000000797600000
r8=0000000000000000 r9=0000000000000000 r10=fffffa8005d581a0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
ndis!ndisXlateRecvPacketArrayToNetBufferLists+0xb5:
fffff880`014bf5f5 4c895d00 mov qword ptr [rbp],r11 ss:0018:00000007`97600000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003c7c1e9 to fffff80003c7cc40
STACK_TEXT:
fffff800`00b9be78 fffff800`03c7c1e9 : 00000000`0000000a 00000007`97600000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9be80 fffff800`03c7ae60 : fffffa80`058a8970 fffffa80`0435cd30 fffffa80`0007c0c8 fffffa80`07e93e2f : nt!KiBugCheckDispatch+0x69
fffff800`00b9bfc0 fffff880`014bf5f5 : ffffffff`ffffffff 0000057f`00000000 fffff880`05e31a80 fffffa80`07435c10 : nt!KiPageFault+0x260
fffff800`00b9c150 fffff880`01574b01 : fffff800`00000000 fffffa80`00000000 fffffa80`05d581a0 00000000`00000000 : ndis!ndisXlateRecvPacketArrayToNetBufferLists+0xb5
fffff800`00b9c1e0 fffff880`019d6c02 : fffffa80`05cd8550 fffffa80`07ef6e30 fffffa80`063b78e0 fffffa80`00000000 : ndis!ndisMIndicatePacketsToNetBufferLists+0x51
fffff800`00b9c280 fffffa80`05cd8550 : fffffa80`07ef6e30 fffffa80`063b78e0 fffffa80`00000000 00000000`00000246 : VBoxNetFlt+0x4c02
fffff800`00b9c288 fffffa80`07ef6e30 : fffffa80`063b78e0 fffffa80`00000000 00000000`00000246 fffff880`019d6902 : 0xfffffa80`05cd8550
fffff800`00b9c290 fffffa80`063b78e0 : fffffa80`00000000 00000000`00000246 fffff880`019d6902 fffffa80`05cd8550 : 0xfffffa80`07ef6e30
fffff800`00b9c298 fffffa80`00000000 : 00000000`00000246 fffff880`019d6902 fffffa80`05cd8550 fffffa80`064bb010 : 0xfffffa80`063b78e0
fffff800`00b9c2a0 00000000`00000246 : fffff880`019d6902 fffffa80`05cd8550 fffffa80`064bb010 fffffa80`05cfa100 : 0xfffffa80`00000000
fffff800`00b9c2a8 fffff880`019d6902 : fffffa80`05cd8550 fffffa80`064bb010 fffffa80`05cfa100 00000000`00000000 : 0x246
fffff800`00b9c2b0 fffffa80`05cd8550 : fffffa80`064bb010 fffffa80`05cfa100 00000000`00000000 fffffa80`060a5850 : VBoxNetFlt+0x4902
fffff800`00b9c2b8 fffffa80`064bb010 : fffffa80`05cfa100 00000000`00000000 fffffa80`060a5850 fffffa80`07ef6dc0 : 0xfffffa80`05cd8550
fffff800`00b9c2c0 fffffa80`05cfa100 : 00000000`00000000 fffffa80`060a5850 fffffa80`07ef6dc0 fffffa80`07ef6e30 : 0xfffffa80`064bb010
fffff800`00b9c2c8 00000000`00000000 : fffffa80`060a5850 fffffa80`07ef6dc0 fffffa80`07ef6e30 fffff880`0157dafc : 0xfffffa80`05cfa100
STACK_COMMAND: kb
FOLLOWUP_IP:
VBoxNetFlt+4c02
fffff880`019d6c02 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: VBoxNetFlt+4c02
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: VBoxNetFlt
IMAGE_NAME: VBoxNetFlt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4eb3ce58
FAILURE_BUCKET_ID: X64_0xD1_VBoxNetFlt+4c02
BUCKET_ID: X64_0xD1_VBoxNetFlt+4c02
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-34398-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Invalid directory table base value 0x0
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c4e000 PsLoadedModuleList = 0xfffff800`03e93670
Debug session time: Sat Dec 24 17:58:50.519 2011 (UTC - 7:00)
System Uptime: 0 days 0:32:42.345
Loading Kernel Symbols
.....................................................Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
Loading User Symbols
Loading unloaded module list
.Missing image name, possible paged-out or corrupt data.
..Missing image name, possible paged-out or corrupt data.
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8e002fe29bc, 1, fffff80003df9fa2, 5}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+212 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8e002fe29bc, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff80003df9fa2, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003efd100
fffff8e002fe29bc
FAULTING_IP:
nt!ExFreePoolWithTag+212
fffff800`03df9fa2 ff411c inc dword ptr [rcx+1Ch]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8800440272d to fffff880044026e4
STACK_TEXT:
fffff800`0511dc68 fffff880`0440272d : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`05117080 : 0xfffff880`044026e4
fffff800`0511dc70 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff800`05117080 00000000`00000000 : 0xfffff880`0440272d
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+212
fffff800`03df9fa2 ff411c inc dword ptr [rcx+1Ch]
SYMBOL_NAME: nt!ExFreePoolWithTag+212
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x50_nt!ExFreePoolWithTag+212
BUCKET_ID: X64_0x50_nt!ExFreePoolWithTag+212
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122411-34554-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03c02000 PsLoadedModuleList = 0xfffff800`03e47670
Debug session time: Sat Dec 24 18:04:49.028 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:12.963
Loading Kernel Symbols
........................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+6363616266646534
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880032cba18 -- (.exr 0xfffff880032cba18)
ExceptionAddress: 0000000000000080
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: 0000000000000080
Attempt to execute non-executable address 0000000000000080
TRAP_FRAME: fffff880032cbac0 -- (.trap 0xfffff880032cbac0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff880032cbd78 rbx=0000000000000000 rcx=fffff880032a3180
rdx=0000000900000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000080 rsp=fffff880032cbc58 rbp=fffffa8000888900
r8=0000000000000000 r9=000000000000001e r10=fffffa800280bbc0
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl zr na po nc
00000000`00000080 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003c765fe to fffff80003c7ec10
STACK_TEXT:
fffff880`032caaf8 fffff800`03c765fe : fffff800`03e88494 fffff800`03c8838a fffff800`03dc7f14 fffff880`032cba18 : nt!KeBugCheck
fffff880`032cab00 fffff800`03caa4fd : fffff800`03e88494 fffff800`03dc6c8c fffff800`03c02000 fffff880`032cba18 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`032cab30 fffff800`03ca92d5 : fffff800`03dc90fc fffff880`032caba8 fffff880`032cba18 fffff800`03c02000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`032cab60 fffff800`03cba361 : fffff880`032cba18 fffff880`032cb270 fffff880`00000000 fffffa80`01941040 : nt!RtlDispatchException+0x415
fffff880`032cb240 fffff800`03c7e2c2 : fffff880`032cba18 fffff880`032a3180 fffff880`032cbac0 fffff880`032a3180 : nt!KiDispatchException+0x135
fffff880`032cb8e0 fffff800`03c7ce3a : 00000000`00000008 00000000`00000080 fffffa80`0382cc00 fffff880`032a3180 : nt!KiExceptionDispatch+0xc2
fffff880`032cbac0 00000000`00000080 : 00000000`00000000 fffff880`032cbd78 fffff800`042087d2 00000000`00000010 : nt!KiPageFault+0x23a
fffff880`032cbc58 00000000`00000000 : fffff880`032cbd78 fffff800`042087d2 00000000`00000010 00000000`00000246 : 0x80
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`03c765fe 90 nop
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-24726-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03e4f000 PsLoadedModuleList = 0xfffff800`04094670
Debug session time: Sun Dec 25 10:11:36.672 2011 (UTC - 7:00)
System Uptime: 0 days 0:11:53.843
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : hardware ( nt!KiKernelCalloutExceptionHandler+e )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+6331363936666530
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff8800325ba68 -- (.exr 0xfffff8800325ba68)
ExceptionAddress: fffff80003ed54a8 (nt!PoIdle+0x0000000000000529)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000001
Attempt to write to address 0000000000000001
TRAP_FRAME: fffff8800325bb10 -- (.trap 0xfffff8800325bb10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000814
rdx=0000000000000814 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003ed54a8 rsp=fffff8800325bca0 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8008fcc458 r10=0000000000001148
r11=fffff880009ce180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na pe nc
nt!PoIdle+0x529:
fffff800`03ed54a8 300f xor byte ptr [rdi],cl ds:b2be:00000000`00000000=??
Resetting default scope
MISALIGNED_IP:
nt!PoIdle+529
fffff800`03ed54a8 300f xor byte ptr [rdi],cl
LAST_CONTROL_TRANSFER: from fffff80003ec35fe to fffff80003ecbc10
STACK_TEXT:
fffff880`0325ab48 fffff800`03ec35fe : fffffa80`08af1470 fffff880`02f9b783 fffff880`0325b2c0 fffff800`03ef7830 : nt!KeBugCheck
fffff880`0325ab50 fffff800`03ef74fd : fffff800`040d5488 fffff800`04013c8c fffff800`03e4f000 fffff880`0325ba68 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`0325ab80 fffff800`03ef62d5 : fffff800`040160fc fffff880`0325abf8 fffff880`0325ba68 fffff800`03e4f000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0325abb0 fffff800`03f07361 : fffff880`0325ba68 fffff880`0325b2c0 fffff880`00000000 00000000`00000001 : nt!RtlDispatchException+0x415
fffff880`0325b290 fffff800`03ecb2c2 : fffff880`0325ba68 00000000`00000001 fffff880`0325bb10 fffff880`009ce180 : nt!KiDispatchException+0x135
fffff880`0325b930 fffff800`03ec9e3a : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000001 : nt!KiExceptionDispatch+0xc2
fffff880`0325bb10 fffff800`03ed54a8 : 00000000`002cda6d fffffa80`08fde2d0 fffff880`009ce180 00000000`00000001 : nt!KiPageFault+0x23a
fffff880`0325bca0 fffff800`03ec393c : fffff880`009ce180 fffff880`00000001 00000000`00000001 fffff800`00000000 : nt!PoIdle+0x529
fffff880`0325bd80 00000000`00000000 : fffff880`0325c000 fffff880`03256000 fffff880`0325bd40 00000000`00000000 : nt!KiIdleLoop+0x2c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`03ec35fe 90 nop
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-30217-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03e00000 PsLoadedModuleList = 0xfffff800`04045670
Debug session time: Sun Dec 25 10:35:50.698 2011 (UTC - 7:00)
System Uptime: 0 days 0:15:38.869
Loading Kernel Symbols
...............................................................
................................................................
...............................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 1b769d, 2, 1d73a2}
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 00000000001b769d, page frame number
Arg3: 0000000000000002, current page state
Arg4: 00000000001d73a2, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WDDMStatus.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003f05d7c to fffff80003e7cc40
STACK_TEXT:
fffff880`0485d638 fffff800`03f05d7c : 00000000`0000004e 00000000`00000099 00000000`001b769d 00000000`00000002 : nt!KeBugCheckEx
fffff880`0485d640 fffff800`03e243d7 : 00000000`00000e7d fffff680`0000efc0 e7f00001`b829c025 00000000`00000002 : nt!MiBadShareCount+0x4c
fffff880`0485d680 fffff800`03eaebb7 : 00000003`00000000 fffff680`0000efd0 fffffa80`0a12f750 e8100001`b739e025 : nt! ?? ::FNODOBFM::`string'+0x3309d
fffff880`0485d830 fffff800`03eb0569 : fffffa80`00000000 00000000`01dfafff fffffa80`00000000 fffff800`00000000 : nt!MiDeleteVirtualAddresses+0x41f
fffff880`0485d9f0 fffff800`04194221 : fffffa80`071baaa0 00000000`00000000 fffffa80`0a5b5210 fffffa80`0a5b5210 : nt!MiRemoveMappedView+0xd9
fffff880`0485db10 fffff800`04194623 : 00000000`00000000 00000000`01df0000 fffffa80`00000001 00000000`00000101 : nt!MiUnmapViewOfSection+0x1b1
fffff880`0485dbd0 fffff800`03e7bed3 : fffffa80`0aa292c0 fffff880`0485dca0 fffffa80`0a12f750 00000000`00000004 : nt!NtUnmapViewOfSection+0x5f
fffff880`0485dc20 00000000`773815ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00127fb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773815ba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`03f05d7c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-29468-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03253000 PsLoadedModuleList = 0xfffff800`03498670
Debug session time: Sun Dec 25 12:44:27.614 2011 (UTC - 7:00)
System Uptime: 0 days 2:06:42.255
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa800ab93f6f, fffffa800ab9403f, c0d333a}
Probably caused by : afd.sys ( afd!AfdReturnBuffer+1fa )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800ab93f6f, The pool entry we were looking for within the page.
Arg3: fffffa800ab9403f, The next pool entry.
Arg4: 000000000c0d333a, (reserved)
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'nvlddmkm' and 'nvlddmkm.sys' overlap
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80003502100
fffffa800ab93f6f
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800033fdcae to fffff800032cfc40
STACK_TEXT:
fffff880`0e6a54a8 fffff800`033fdcae : 00000000`00000019 00000000`00000020 fffffa80`0ab93f6f fffffa80`0ab9403f : nt!KeBugCheckEx
fffff880`0e6a54b0 fffff880`078a920a : fffffa80`0a361b30 fffff880`0786959b 00000000`333a0a0d 00000000`00010202 : nt!ExDeferredFreePool+0x12da
fffff880`0e6a5560 fffff880`078b07ea : fffffa80`0ab93f7f 00000000`00000025 fffff880`0e6a5ca0 fffff880`0e6a57d0 : afd!AfdReturnBuffer+0x1fa
fffff880`0e6a55a0 fffff880`0789404c : fffffa80`0a5e2850 fffff880`0e6a57d0 fffffa80`00000025 00000000`00000000 : afd!AfdFastDatagramSend+0x1da
fffff880`0e6a56a0 fffff800`035ea803 : 00000000`00000000 fffffa80`0c0c8f20 00000000`01c6dc18 fffffa80`0be9c701 : afd!AfdFastIoDeviceControl+0x103c
fffff880`0e6a5a10 fffff800`035eb2f6 : fffffa80`091c8901 00000000`00000688 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x373
fffff880`0e6a5b40 fffff800`032ceed3 : 00000000`0715d574 fffffa80`091c89c0 00000000`00000001 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`0e6a5bb0 00000000`772e138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01c6db48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772e138a
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdReturnBuffer+1fa
fffff880`078a920a e986feffff jmp afd!AfdReturnBuffer+0x85 (fffff880`078a9095)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: afd!AfdReturnBuffer+1fa
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4db4dd96
FAILURE_BUCKET_ID: X64_0x19_20_afd!AfdReturnBuffer+1fa
BUCKET_ID: X64_0x19_20_afd!AfdReturnBuffer+1fa
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-39764-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03e68000 PsLoadedModuleList = 0xfffff800`040ad670
Debug session time: Sun Dec 25 16:05:49.758 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:25.944
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C9, {220, fffff88013298710, fffff9800f7e6dc0, fffffa80069de700}
Probably caused by : HIDCLASS.SYS ( HIDCLASS!HidpMajorHandler+0 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000220, IRP_MJ_SYSTEM_CONTROL has been completed by someone other than the ProviderId.
This IRP should either have been completed earlier or should have been passed
down.
Arg2: fffff88013298710, The address in the driver's code where the error was detected.
Arg3: fffff9800f7e6dc0, IRP address.
Arg4: fffffa80069de700, ProviderId.
Debugging Details:
------------------
BUGCHECK_STR: 0xc9_220
DRIVER_VERIFIER_IO_VIOLATION_TYPE: 220
FAULTING_IP:
HIDCLASS!HidpMajorHandler+0
fffff880`13298710 48895c2410 mov qword ptr [rsp+10h],rbx
FOLLOWUP_IP:
HIDCLASS!HidpMajorHandler+0
fffff880`13298710 48895c2410 mov qword ptr [rsp+10h],rbx
IRP_ADDRESS: fffff9800f7e6dc0
DEVICE_OBJECT: fffffa8009617b90
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 2
LOCK_ADDRESS: fffff800040e3b80 -- (!locks fffff800040e3b80)
Resource @ nt!PiEngineLock (0xfffff800040e3b80) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0xfffff800040e3b80
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from fffff8000436e3dc to fffff80003ee4c40
STACK_TEXT:
fffff880`033a70a8 fffff800`0436e3dc : 00000000`000000c9 00000000`00000220 fffff880`13298710 fffff980`0f7e6dc0 : nt!KeBugCheckEx
fffff880`033a70b0 fffff800`0437847a : fffff800`0436c9f0 fffff880`13298710 fffff980`0f7e6dc0 fffffa80`069de700 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`033a70f0 fffff800`043790ff : 00000000`00000220 fffffa80`069de700 fffff980`0f7e6dc0 00000000`ffffffff : nt!ViErrorFinishReport+0xda
fffff880`033a7140 fffff800`0437e6a7 : fffff980`0f7e6f20 fffff880`13298710 00000000`00000000 00000000`00000000 : nt!VfErrorReport10+0x6f
fffff880`033a7220 fffff800`0436e04e : fffffa80`098c7788 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfWmiVerifyIrpStackUpward+0x67
fffff880`033a7250 fffff800`0437ab2d : fffffa80`095cf2d0 fffffa80`098c75d0 fffff980`0f7e6dc0 fffff980`0f7e6dc0 : nt!VfMajorVerifyIrpStackUpward+0x6e
fffff880`033a7290 fffff800`0438c50d : fffff980`0f7e6f20 fffff880`033a7480 00000000`c0000010 fffff980`0f7e6f20 : nt!IovpCompleteRequest2+0xad
fffff880`033a7300 fffff800`03ee8021 : fffff980`0f7e6f23 00000000`00000000 00000000`000000ff fffff800`0436feea : nt!IovpLocalCompletionRoutine+0x9d
fffff880`033a7360 fffff800`0438419f : fffff980`0f7e6dc0 fffff880`132a2400 fffffa80`09617c00 00000000`00000000 : nt!IopfCompleteRequest+0x341
fffff880`033a7450 fffff800`03eca876 : fffff880`00000013 fffff880`033a7578 fffff980`0f7e6f20 fffffa80`09617ce0 : nt!IovCompleteRequest+0x19f
fffff880`033a7520 fffff880`13298a0f : 00000000`00000000 fffffa80`09617ce0 00000000`00000001 00000000`00000017 : nt!IopInvalidDeviceRequest+0x16
fffff880`033a7550 fffff880`132987fb : 00000000`00000000 fffffa80`09617ce0 fffff980`0f7e6dc0 fffff880`033a7600 : HIDCLASS!HidpIrpMajorDefault+0x8b
fffff880`033a7590 fffff800`0438ac16 : fffff980`00000002 fffff980`0f7e6dc0 00000000`00000002 fffff800`0438637e : HIDCLASS!HidpMajorHandler+0xeb
fffff880`033a7600 fffff800`04389c42 : fffff980`0f7e6f68 00000000`00000002 fffffa80`095d3810 fffffa80`095ddb90 : nt!IovCallDriver+0x566
fffff880`033a7660 fffff800`0438ac16 : fffff980`0f7e6dc0 00000000`00000002 fffffa80`095d36c0 00000000`00000000 : nt!ViFilterDispatchGeneric+0x62
fffff880`033a7690 fffff800`04389d58 : fffff980`0f7e6dc0 fffffa80`095d36c0 00000000`00000000 fffffa80`097e8420 : nt!IovCallDriver+0x566
fffff880`033a76f0 fffff800`04389e42 : fffffa80`069de700 00000000`00000001 fffffa80`069de700 00000000`00000017 : nt!VfIrpSendSynchronousIrp+0xe8
fffff880`033a7760 fffff800`04376faf : fffffa80`069de430 00000000`000007ff fffff800`0401e5b8 fffff800`0427a899 : nt!VfWmiTestStartedPdoStack+0x72
fffff880`033a7800 fffff800`03f919d2 : fffffa80`069de430 00000000`00000000 ffffffff`ffffffff 00000000`00000016 : nt!VfMajorTestStartedPdoStack+0x5f
fffff880`033a7830 fffff800`042cee5c : fffffa80`069de430 00000000`00000001 00000000`00000000 00000000`00000002 : nt!PpvUtilTestStartedPdoStack+0x12
fffff880`033a7860 fffff800`042d0a54 : fffffa80`069de430 fffffa80`069de430 fffffa80`069d9300 00000000`00000001 : nt!PipProcessStartPhase3+0x55c
fffff880`033a7950 fffff800`042d0f3c : fffff800`040e1500 00000000`00000000 00000000`00000001 fffff800`0414e814 : nt!PipProcessDevNodeTree+0x264
fffff880`033a7bc0 fffff800`03fe18c2 : 00000001`00000003 fffff800`040852b8 00000000`00000001 00000000`00000000 : nt!PiProcessStartSystemDevices+0x7c
fffff880`033a7c10 fffff800`03eef001 : fffff800`03fe15c0 fffff800`04085201 fffffa80`069ffb00 fffffa80`069ffb60 : nt!PnpDeviceActionWorker+0x302
fffff880`033a7cb0 fffff800`0417ffee : 00000000`00000000 fffffa80`069ffb60 00000000`00000080 fffffa80`069c9890 : nt!ExpWorkerThread+0x111
fffff880`033a7d40 fffff800`03ed65e6 : fffff880`032a4180 fffffa80`069ffb60 fffff880`032af040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033a7d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: .bugcheck ; kb
SYMBOL_NAME: HIDCLASS!HidpMajorHandler+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: HIDCLASS
IMAGE_NAME: HIDCLASS.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a665
FAILURE_BUCKET_ID: X64_0xc9_220_VRF_HIDCLASS!HidpMajorHandler+0
BUCKET_ID: X64_0xc9_220_VRF_HIDCLASS!HidpMajorHandler+0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-28236-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03e04000 PsLoadedModuleList = 0xfffff800`04049670
Debug session time: Sun Dec 25 16:33:55.191 2011 (UTC - 7:00)
System Uptime: 0 days 0:26:51.362
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80003e7ead0}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80003e7ead0
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: steam.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003e801e9 to fffff80003e80c40
STACK_TEXT:
fffff880`02fe8d68 fffff800`03e801e9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02fe8d70 fffff800`03e7e6b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02fe8eb0 fffff800`03e7ead0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
00000000`0d2bef70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`03e7e6b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-27175-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`04800000 PsLoadedModuleList = 0xfffff800`04a45670
Debug session time: Sun Dec 25 17:26:57.420 2011 (UTC - 7:00)
System Uptime: 0 days 0:29:36.590
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff960001374da, fffff8800a63e9c0, 0}
Probably caused by : win32k.sys ( win32k!HmgIncrementShareReferenceCount+a )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960001374da, Address of the instruction which caused the bugcheck
Arg3: fffff8800a63e9c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!HmgIncrementShareReferenceCount+a
fffff960`001374da 0fb701 movzx eax,word ptr [rcx]
CONTEXT: fffff8800a63e9c0 -- (.cxr 0xfffff8800a63e9c0)
rax=fffff900c1c2c3c0 rbx=fffff900c295aa30 rcx=00fffff900c2970c
rdx=00fffff900c2970c rsi=fffffa800952fba0 rdi=fffff900c0000400
rip=fffff960001374da rsp=fffff8800a63f3a0 rbp=0000000000000001
r8=fffff900c295aa30 r9=fffff900c00c0010 r10=0000000000000001
r11=0000000000000000 r12=fffff900c1c2c010 r13=0000000000000000
r14=0000000000000000 r15=000000002e05182e
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
win32k!HmgIncrementShareReferenceCount+0xa:
fffff960`001374da 0fb701 movzx eax,word ptr [rcx] ds:002b:00fffff9`00c2970c=????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff960001374da
STACK_TEXT:
fffff880`0a63f3a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!HmgIncrementShareReferenceCount+0xa
FOLLOWUP_IP:
win32k!HmgIncrementShareReferenceCount+a
fffff960`001374da 0fb701 movzx eax,word ptr [rcx]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!HmgIncrementShareReferenceCount+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ecdcd5a
STACK_COMMAND: .cxr 0xfffff8800a63e9c0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!HmgIncrementShareReferenceCount+a
BUCKET_ID: X64_0x3B_win32k!HmgIncrementShareReferenceCount+a
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122511-27768-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`04818000 PsLoadedModuleList = 0xfffff800`04a5d670
Debug session time: Sun Dec 25 18:04:28.385 2011 (UTC - 7:00)
System Uptime: 0 days 0:13:01.196
Loading Kernel Symbols
...............................................................
................................................................
............................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : hardware ( nt!KiKernelCalloutExceptionHandler+e )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+3461666436643837
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880009c5a68 -- (.exr 0xfffff880009c5a68)
ExceptionAddress: fffff8000489e4a8 (nt!PoIdle+0x0000000000000529)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000001
Attempt to write to address 0000000000000001
TRAP_FRAME: fffff880009c5b10 -- (.trap 0xfffff880009c5b10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000814
rdx=0000000000000814 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000489e4a8 rsp=fffff880009c5ca0 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8008f73488 r10=000000000000412a
r11=fffff8800ac14c70 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na pe nc
nt!PoIdle+0x529:
fffff800`0489e4a8 300f xor byte ptr [rdi],cl ds:00000000`00000000=??
Resetting default scope
MISALIGNED_IP:
nt!PoIdle+529
fffff800`0489e4a8 300f xor byte ptr [rdi],cl
LAST_CONTROL_TRANSFER: from fffff8000488c5fe to fffff80004894c10
STACK_TEXT:
fffff880`009c4b48 fffff800`0488c5fe : fffffa80`09aacc60 fffff880`04476f99 fffff880`009c52c0 fffff800`048c0830 : nt!KeBugCheck
fffff880`009c4b50 fffff800`048c04fd : fffff800`04a9e488 fffff800`049dcc8c fffff800`04818000 fffff880`009c5a68 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`009c4b80 fffff800`048bf2d5 : fffff800`049df0fc fffff880`009c4bf8 fffff880`009c5a68 fffff800`04818000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`009c4bb0 fffff800`048d0361 : fffff880`009c5a68 fffff880`009c52c0 fffff880`00000000 00000000`00000001 : nt!RtlDispatchException+0x415
fffff880`009c5290 fffff800`048942c2 : fffff880`009c5a68 00000000`00000001 fffff880`009c5b10 fffff880`031e2180 : nt!KiDispatchException+0x135
fffff880`009c5930 fffff800`04892e3a : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000001 : nt!KiExceptionDispatch+0xc2
fffff880`009c5b10 fffff800`0489e4a8 : 00000000`002cda5a fffffa80`08f78dd0 fffff880`031e2180 00000000`00000000 : nt!KiPageFault+0x23a
fffff880`009c5ca0 fffff800`0488c93c : fffff880`031e2180 fffff880`00000001 00000000`00000001 fffff800`00000000 : nt!PoIdle+0x529
fffff880`009c5d80 00000000`00000000 : fffff880`009c6000 fffff880`009c0000 fffff880`009c5d40 00000000`00000000 : nt!KiIdleLoop+0x2c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`0488c5fe 90 nop
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122611-21715-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`04866000 PsLoadedModuleList = 0xfffff800`04aab670
Debug session time: Mon Dec 26 02:54:28.972 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:53.111
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff800048e0e9f, 0, 9d}
Probably caused by : memory_corruption
Followup: memory_corruption
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800048e0e9f, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 000000000000009d, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!KiPageFault+29f
fffff800`048e0e9f 80787a00 cmp byte ptr [rax+7Ah],0
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000000000009d
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80004b15100
000000000000009d
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
PROCESS_NAME: GoogleUpdate.e
CURRENT_IRQL: 0
TRAP_FRAME: fffff88007ce2a90 -- (.trap 0xfffff88007ce2a90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000023 rbx=0000000000000000 rcx=fffffa800948b2e0
rdx=0000000076fce50e rsi=0000000000000000 rdi=0000000000000000
rip=fffff800048e0e9f rsp=fffff88007ce2c20 rbp=fffff88007ce2ca0
r8=0000000000000110 r9=fffffa800948b2e0 r10=00000000001a17d3
r11=fffffa8008a03750 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!KiPageFault+0x29f:
fffff800`048e0e9f 80787a00 cmp byte ptr [rax+7Ah],0 ds:f5fc:00000000`0000009d=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000492e588 to fffff800048e2c40
STACK_TEXT:
fffff880`07ce2208 fffff800`0492e588 : 00000000`0000001e ffffffff`c0000005 fffff800`048e0e9f 00000000`00000000 : nt!KeBugCheckEx
fffff880`07ce2210 fffff800`048e22c2 : fffff880`07ce29e8 00000000`008a7540 fffff880`07ce2a90 00000000`74d00278 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`07ce28b0 fffff800`048e0e3a : 00000000`00000000 00000000`0000009d 00000000`00000000 00000000`008a7540 : nt!KiExceptionDispatch+0xc2
fffff880`07ce2a90 fffff800`048e0e9f : 00000000`00000000 00000000`74d0224c 00000000`7efdb001 00000000`008a7540 : nt!KiPageFault+0x23a
fffff880`07ce2c20 00000000`76fce50e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x29f
00000000`0018f580 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76fce50e
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff800048e0ea0 - nt!KiPageFault+2a0
[ 79:78 ]
1 error : !nt (fffff800048e0ea0)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: ONE_BIT
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT
Followup: memory_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\TP93\Windows_NT6_BSOD_jcgriff2\122611-31028-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0480a000 PsLoadedModuleList = 0xfffff800`04a4f670
Debug session time: Mon Dec 26 12:20:07.680 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:25.866
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {18, 2, 0, fffff880016f09f8}
Probably caused by : tcpip.sys ( tcpip!IppDereferenceEchoRequest+8 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000018, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880016f09f8, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80004ab9100
0000000000000018
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!IppDereferenceEchoRequest+8
fffff880`016f09f8 83781800 cmp dword ptr [rax+18h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff80005d17330 -- (.trap 0xfffff80005d17330)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8007862910
rdx=fffffa8007862930 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880016f09f8 rsp=fffff80005d174c0 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8007862850 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
tcpip!IppDereferenceEchoRequest+0x8:
fffff880`016f09f8 83781800 cmp dword ptr [rax+18h],0 ds:7600:00000000`00000018=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800048861e9 to fffff80004886c40
STACK_TEXT:
fffff800`05d171e8 fffff800`048861e9 : 00000000`0000000a 00000000`00000018 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`05d171f0 fffff800`04884e60 : fffff800`05d17600 00000000`00000000 fffff800`05d173d0 fffff880`017db800 : nt!KiBugCheckDispatch+0x69
fffff800`05d17330 fffff880`016f09f8 : fffff800`05d17600 fffff880`016ee1c9 00000000`00000000 fffffa80`07862910 : nt!KiPageFault+0x260
fffff800`05d174c0 fffff880`016fc645 : fffff880`017db800 fffff800`05d17c58 00000000`00000000 fffff800`049387ec : tcpip!IppDereferenceEchoRequest+0x8
fffff800`05d174f0 fffff880`016ee887 : fffff800`05d17600 00000000`00000000 00000000`00000001 fffff800`0488f5fa : tcpip! ?? ::FNODOBFM::`string'+0xc765
fffff800`05d17540 fffff800`048925fc : fffff800`05d17600 00000000`00000000 00000000`40990089 fffff800`05d17600 : tcpip!IppTimeout+0xa7
fffff800`05d17570 fffff800`04892496 : fffff880`017fc960 00000000`0000067a 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`05d175e0 fffff800`0489237e : 00000000`0f6ae7f1 fffff800`05d17c58 00000000`0000067a fffff800`04a001c8 : nt!KiProcessExpiredTimerList+0xc6
fffff800`05d17c30 fffff800`04892167 : 00000000`04a7b0c1 00000000`0000067a 00000000`04a7b062 00000000`0000007a : nt!KiTimerExpiration+0x1be
fffff800`05d17cd0 fffff800`0487e96a : fffff800`049fce80 fffff800`04a0acc0 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`05d17d80 00000000`00000000 : fffff800`05d18000 fffff800`05d12000 fffff800`05d17d40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!IppDereferenceEchoRequest+8
fffff880`016f09f8 83781800 cmp dword ptr [rax+18h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tcpip!IppDereferenceEchoRequest+8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948
FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppDereferenceEchoRequest+8
BUCKET_ID: X64_0xD1_tcpip!IppDereferenceEchoRequest+8
Followup: MachineOwner
---------