BATESVILLE
Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\110411-21606-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c5e000 PsLoadedModuleList = 0xfffff800`02ea3670
Debug session time: Fri Nov 4 11:16:30.029 2011 (UTC - 7:00)
System Uptime: 3 days 14:24:25.857
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002e0aa9b, 0, ffffffffffffffff}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1df )
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002e0aa9b, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExDeferredFreePool+1df
fffff800`02e0aa9b 4c395808 cmp qword ptr [rax+8],r11
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0d100
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: winlogon.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002d26588 to fffff80002cdac40
STACK_TEXT:
fffff880`078fc568 fffff800`02d26588 : 00000000`0000001e ffffffff`c0000005 fffff800`02e0aa9b 00000000`00000000 : nt!KeBugCheckEx
fffff880`078fc570 fffff800`02cda2c2 : fffff880`078fcd48 00000000`00000000 fffff880`078fcdf0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`078fcc10 fffff800`02cd8bca : fffff880`078fd020 fffff880`012a0807 fffff880`078fcf28 fffffa80`0c4cb180 : nt!KiExceptionDispatch+0xc2
fffff880`078fcdf0 fffff800`02e0aa9b : 00000000`00000000 00000000`00000000 fffff880`078fd080 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`078fcf80 fffff800`02e0a1a1 : fffff8a0`00001b30 fffffa80`0e6beb00 00000000`00000000 fffffa80`0a5ab8a0 : nt!ExDeferredFreePool+0x1df
fffff880`078fd010 fffff800`02fd74a9 : fffffa80`0c1ef820 fffffa80`09a04a30 fffffa80`58434f46 fffffa80`0c1ef820 : nt!ExFreePoolWithTag+0x411
fffff880`078fd0c0 fffff800`02ce4af4 : fffffa80`0e6beb10 fffffa80`11888920 fffffa80`09a04a30 fffff880`078fd3c8 : nt!IopDeleteFile+0x239
fffff880`078fd150 fffff800`02fd1f44 : fffffa80`11888920 00000000`00000000 fffffa80`0ec06b60 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`078fd1b0 fffff800`02fd24f4 : 00000000`00002d64 fffffa80`11888920 fffff8a0`00001b30 00000000`00002d64 : nt!ObpCloseHandleTableEntry+0xc4
fffff880`078fd240 fffff800`02cd9ed3 : fffffa80`0ec06b60 fffff880`078fd310 fffff880`078fd480 00000000`00000000 : nt!ObpCloseHandle+0x94
fffff880`078fd290 fffff800`02cd6470 : fffff880`011c366c 00000000`00000000 fffff8a0`050fb0b0 fffff880`078fd480 : nt!KiSystemServiceCopyEnd+0x13
fffff880`078fd428 fffff880`011c366c : 00000000`00000000 fffff8a0`050fb0b0 fffff880`078fd480 fffff800`02ce4afc : nt!KiServiceLinkage
fffff880`078fd430 fffff800`03049405 : fffff880`078fd608 fffff880`078fd600 fffff8a0`0369cfd4 00000000`000007ff : fileinfo!FIPfInterfaceClose+0x48
fffff880`078fd460 fffff800`030d33e7 : fffff8a0`0369c150 fffff8a0`0369c150 fffff8a0`0369cfd4 fffff880`078fd600 : nt!PfpOpenHandleClose+0x55
fffff880`078fd4b0 fffff800`03136c71 : 00000000`00000000 00000000`00000000 fffffa80`4c506343 00000000`00000000 : nt!PfSnCleanupPrefetchSectionInfo+0x57
fffff880`078fd4e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfSnPrefetchSections+0x4b1
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+1df
fffff800`02e0aa9b 4c395808 cmp qword ptr [rax+8],r11
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ExDeferredFreePool+1df
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!ExDeferredFreePool+1df
BUCKET_ID: X64_0x1E_c0000005_nt!ExDeferredFreePool+1df
Followup: Pool_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121411-15444-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c08000 PsLoadedModuleList = 0xfffff800`02e4d670
Debug session time: Wed Dec 14 08:38:42.205 2011 (UTC - 7:00)
System Uptime: 0 days 10:58:18.033
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002c09530, fffff8800355ae58, fffff8800355a6b0}
Probably caused by : ndis.sys ( ndis!ndisMInitializeAdapter+9fd )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c09530, The address that the exception occurred at
Arg3: fffff8800355ae58, Exception Record Address
Arg4: fffff8800355a6b0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByDevice+10
fffff800`02c09530 48394810 cmp qword ptr [rax+10h],rcx
EXCEPTION_RECORD: fffff8800355ae58 -- (.exr 0xfffff8800355ae58)
ExceptionAddress: fffff80002c09530 (nt!WmipDoFindRegEntryByDevice+0x0000000000000010)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800355a6b0 -- (.cxr 0xfffff8800355a6b0)
rax=ff49009249209249 rbx=fffffa801021f050 rcx=fffffa801021f050
rdx=fffff80002df6460 rsi=0000000000000000 rdi=fffffa801021f050
rip=fffff80002c09530 rsp=fffff8800355b098 rbp=0000000000000000
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff880009cf180 r12=fffffa801021f050 r13=0000000000000000
r14=0000000000000000 r15=0000000000000004
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!WmipDoFindRegEntryByDevice+0x10:
fffff800`02c09530 48394810 cmp qword ptr [rax+10h],rcx ds:002b:ff490092`49209259=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb7100
ffffffffffffffff
FOLLOWUP_IP:
ndis!ndisMInitializeAdapter+9fd
fffff880`016d114d 85c0 test eax,eax
BUGCHECK_STR: 0x7E
LOCK_ADDRESS: fffff80002e83b80 -- (!locks fffff80002e83b80)
Resource @ nt!PiEngineLock (0xfffff80002e83b80) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0xfffff80002e83b80
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from fffff8000301263d to fffff80002c09530
STACK_TEXT:
fffff880`0355b098 fffff800`0301263d : 00000000`00000000 fffffa80`09d52300 fffff880`009cf180 fffffa80`0fe69020 : nt!WmipDoFindRegEntryByDevice+0x10
fffff880`0355b0a0 fffff800`030af177 : fffffa80`0fe69020 80000000`00000004 00000000`00000000 fffffa80`0fe69020 : nt!WmipFindRegEntryByDevice+0x1d
fffff880`0355b0d0 fffff800`030af37c : fffffa80`10220100 00000000`00000000 00000000`00000000 fffffa80`1021f050 : nt!WmipRegisterDevice+0x37
fffff880`0355b100 fffff880`016d114d : fffffa80`10220100 00000000`00000004 80000000`00000004 fffffa80`1021f1a0 : nt!IoWMIRegistrationControl+0xec
fffff880`0355b130 fffff880`016d0683 : fffffa80`0d0f1ea0 fffffa80`0fe69020 00000000`00000000 01ccba76`7532937c : ndis!ndisMInitializeAdapter+0x9fd
fffff880`0355b4f0 fffff880`016d276c : fffffa80`0d0f1ea0 fffffa80`1021f050 00000000`00000000 fffff880`01625300 : ndis!ndisInitializeAdapter+0x113
fffff880`0355b550 fffff880`016d0356 : fffffa80`1021f1a0 fffffa80`0d0f1ea0 00000000`00000000 ffffd353`6b43ca50 : ndis!ndisPnPStartDevice+0xac
fffff880`0355b5b0 fffff800`0303dd6e : 00000000`00000000 fffffa80`0d0f1ea0 fffffa80`1021f050 fffff880`0355b6e0 : ndis!ndisPnPDispatch+0x246
fffff880`0355b650 fffff800`02d7587d : fffffa80`0fee84b0 fffffa80`0a6ed4b0 fffff800`02d7efa0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`0355b690 fffff800`0304d0b6 : fffff800`02e83940 fffffa80`0fedea30 fffffa80`0a6ed4b0 fffffa80`0fedebd8 : nt!PnpStartDevice+0x11d
fffff880`0355b750 fffff800`0304d354 : fffffa80`0fedea30 fffffa80`09a10032 fffffa80`09a1fb60 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`0355b7e0 fffff800`03070a86 : fffffa80`0fedea30 fffffa80`09a1fb60 00000000`00000002 00000000`00000000 : nt!PipProcessStartPhase1+0x74
fffff880`0355b810 fffff800`03071018 : fffff800`02e81500 00000000`00000000 00000000`00000001 fffff800`02eee814 : nt!PipProcessDevNodeTree+0x296
fffff880`0355ba80 fffff800`02d818e7 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0355bad0 fffff800`02c8f001 : fffff800`02d815c0 fffff800`02f7b901 fffffa80`09a5cb00 00000000`00000000 : nt!PnpDeviceActionWorker+0x327
fffff880`0355bb70 fffff800`02f1ffee : 00000000`00000000 fffffa80`09a5cb60 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111
fffff880`0355bc00 fffff800`02c765e6 : fffff880`02174180 fffffa80`09a5cb60 fffff880`0217f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0355bc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: ndis!ndisMInitializeAdapter+9fd
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ndis
IMAGE_NAME: ndis.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d1ad232
STACK_COMMAND: .cxr 0xfffff8800355a6b0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_ndis!ndisMInitializeAdapter+9fd
BUCKET_ID: X64_0x7E_ndis!ndisMInitializeAdapter+9fd
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121611-13478-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c66000 PsLoadedModuleList = 0xfffff800`02eab670
Debug session time: Fri Dec 16 06:29:41.613 2011 (UTC - 7:00)
System Uptime: 0 days 5:11:02.314
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa8058acb0b4, 0, fffff88005bb7497, 5}
Could not read faulting driver name
Probably caused by : dxgmms1.sys ( dxgmms1!VidMmGetTotalSegmentSize+23 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8058acb0b4, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88005bb7497, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f15100
fffffa8058acb0b4
FAULTING_IP:
dxgmms1!VidMmGetTotalSegmentSize+23
fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88007cf6820 -- (.trap 0xfffff88007cf6820)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8058acb084 rbx=0000000000000000 rcx=fffffa800e3b1000
rdx=fffff8a00be700d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88005bb7497 rsp=fffff88007cf69b8 rbp=fffff88007cf6b60
r8=fffff8a00be700d8 r9=fffff8a00be700e0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
dxgmms1!VidMmGetTotalSegmentSize+0x23:
fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1 ds:00d0:fffffa80`58acb0b4=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c8d3bf to fffff80002ce2c40
STACK_TEXT:
fffff880`07cf66b8 fffff800`02c8d3bf : 00000000`00000050 fffffa80`58acb0b4 00000000`00000000 fffff880`07cf6820 : nt!KeBugCheckEx
fffff880`07cf66c0 fffff800`02ce0d6e : 00000000`00000000 fffffa80`58acb0b4 00000000`00000000 fffffa80`0e174000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`07cf6820 fffff880`05bb7497 : fffff880`05ae8a97 fffffa80`0e174000 fffffa80`0e174000 00000000`0265ef00 : nt!KiPageFault+0x16e
fffff880`07cf69b8 fffff880`05ae8a97 : fffffa80`0e174000 fffffa80`0e174000 00000000`0265ef00 00000000`000007ff : dxgmms1!VidMmGetTotalSegmentSize+0x23
fffff880`07cf69c0 fffff960`001157a2 : fffffa80`09ee6b60 00000000`00000018 00000000`00000003 00000000`000007df : dxgkrnl!DxgkQueryAdapterInfo+0x5a3
fffff880`07cf6ab0 fffff800`02ce1ed3 : fffffa80`09ee6b60 fffff880`07cf6b60 00000000`7efa7000 fffffa80`0c8e76d0 : win32k!NtGdiDdDDIQueryAdapterInfo+0x12
fffff880`07cf6ae0 00000000`74c115ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0265e618 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74c115ea
STACK_COMMAND: kb
FOLLOWUP_IP:
dxgmms1!VidMmGetTotalSegmentSize+23
fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: dxgmms1!VidMmGetTotalSegmentSize+23
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgmms1
IMAGE_NAME: dxgmms1.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799c1
FAILURE_BUCKET_ID: X64_0x50_dxgmms1!VidMmGetTotalSegmentSize+23
BUCKET_ID: X64_0x50_dxgmms1!VidMmGetTotalSegmentSize+23
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121911-14726-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c07000 PsLoadedModuleList = 0xfffff800`02e4c670
Debug session time: Mon Dec 19 14:10:33.785 2011 (UTC - 7:00)
System Uptime: 3 days 6:44:15.612
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E4, {1, fffffa800d5004c0, 1, 0}
Probably caused by : usbhub.sys ( usbhub!UsbhHubQueueProcessChangeWorker+77 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WORKER_INVALID (e4)
A executive worker item was found in memory which must not contain such
items or a work item was queued that is currently active in the system.
Usually this is memory being freed. This is usually caused by
a device driver that has not cleaned up properly before freeing memory.
Arguments:
Arg1: 0000000000000001, Queuing of active worker item
Arg2: fffffa800d5004c0, Address of worker item
Arg3: 0000000000000001, Queue number
Arg4: 0000000000000000, 0
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xE4
PROCESS_NAME: NCWTService.ex
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002c3f59a to fffff80002c83c40
STACK_TEXT:
fffff880`0cf002d8 fffff800`02c3f59a : 00000000`000000e4 00000000`00000001 fffffa80`0d5004c0 00000000`00000001 : nt!KeBugCheckEx
fffff880`0cf002e0 fffff880`05d36bc7 : fffffa80`0e00d640 fffffa80`0e00d640 fffffa80`0d3d1000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x104aa
fffff880`0cf00320 fffff880`05d31362 : fffffa80`0e00d640 fffffa80`0d3d1050 fffffa80`0d3d1050 fffffa80`63654448 : usbhub!UsbhHubQueueProcessChangeWorker+0x77
fffff880`0cf00360 fffff880`05d2fbef : 00000000`00000000 fffffa80`50447100 fffffa80`0e00d640 00000000`00100000 : usbhub!Usbh_PCE_Enable_Action+0x212
fffff880`0cf003b0 fffff880`05d34900 : fffffa80`0d3d1050 00000000`00000001 fffffa80`0d3d1918 00000000`00000003 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0x123
fffff880`0cf003f0 fffff880`05d2cfeb : 00000000`00000003 fffffa80`0d3d1918 00000000`00000000 fffff800`00000000 : usbhub!UsbhPCE_Enable+0xb0
fffff880`0cf00440 fffff880`05d2c850 : 00000000`00000003 fffffa80`0d3d11a0 fffffa80`0d3d1050 00000000`00000008 : usbhub!UsbhBusResume_Action+0x8f
fffff880`0cf00480 fffff880`05d2cea3 : fffffa80`0d3d11a0 00000000`00000008 fffffa80`0d3d1050 00000000`00000000 : usbhub!UsbhReleaseBusStateLock+0x50
fffff880`0cf004b0 fffff880`05d2d9a6 : fffffa80`0d3d1918 fffffa80`0d3d11a0 fffffa80`0d3d1050 fffffa80`10aede08 : usbhub!UsbhDispatch_BusEvent+0x1fb
fffff880`0cf00500 fffff880`05d5ea75 : 00000000`00000000 fffff880`6e447352 00000000`00000000 fffffa80`0d640000 : usbhub!UsbhSyncBusResume+0x42
fffff880`0cf00540 fffff880`05d5da9e : 00000000`00000000 fffffa80`0d3d11a0 fffffa80`0d3d11a0 fffffa80`0d3d1050 : usbhub!UsbhSshResumeDownstream+0x59
fffff880`0cf005c0 fffff880`05d5d473 : 00000000`00000008 00000000`00000001 fffffa80`0d3d1050 00000000`00000000 : usbhub!Usbh_SSH_HubPendingResume+0xb6
fffff880`0cf00600 fffff880`05d260ad : fffffa80`10aedc60 fffffa80`0d02a050 fffffa80`0d640050 fffffa80`0d3d1050 : usbhub!Usbh_SSH_Event+0x10b
fffff880`0cf00630 fffff880`05d25fdf : fffffa80`10aedc60 fffffa80`0d640050 00000000`00000001 fffffa80`0d6401a0 : usbhub!UsbhFdoInternalDeviceControl+0x75
fffff880`0cf00670 fffff880`04816459 : fffffa80`0d3c4640 fffffa80`0d3d1050 00000000`00000000 fffffa80`0d640050 : usbhub!UsbhGenDispatch+0x7f
fffff880`0cf006a0 fffff880`04816363 : fffffa80`0d3c4640 fffffa80`0d02a050 fffffa80`0d02a1a0 00000000`00000000 : USBPORT!USBPORT_SendSynchronousUsbIoctlRequest+0xd1
fffff880`0cf00730 fffff880`05d5e949 : 00000000`00000000 fffffa80`0d3d11a0 fffffa80`0d3d1868 fffffa80`0d3d1050 : USBPORT!USBPORTBUSIF_ResumeRootHub+0x19f
fffff880`0cf00780 fffff880`05d5d993 : 00000000`00000000 00000000`00000001 fffff880`00000003 fffffa80`0d3d1050 : usbhub!UsbhSshResumeUpstream+0x79
fffff880`0cf007e0 fffff880`05d5d482 : 00000000`00000006 fffffa80`0d3d1050 00000040`00000000 00000000`00600056 : usbhub!Usbh_SSH_HubSuspended+0xd3
fffff880`0cf00810 fffff880`05d261f4 : 00000000`00220450 fffffa80`109e0200 fffffa80`0d3d1050 fffffa80`109e0010 : usbhub!Usbh_SSH_Event+0x11a
fffff880`0cf00840 fffff880`05d25fdf : fffffa80`108d8d00 fffff880`0cf00b60 fffffa80`108d8d00 00000000`00000004 : usbhub!UsbhFdoDeviceControl+0xc0
fffff880`0cf008a0 fffff800`02f9ea97 : fffffa80`109e0248 fffff880`0cf00b60 fffffa80`109e0248 fffffa80`109e0010 : usbhub!UsbhGenDispatch+0x7f
fffff880`0cf008d0 fffff800`02f9f2f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0cf00a00 fffff800`02c82ed3 : fffffa80`114a19b0 fffff880`0cf00b60 fffff880`746c6644 fffff880`0cf00af8 : nt!NtDeviceIoControlFile+0x56
fffff880`0cf00a70 00000000`7781138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`06d2d6f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7781138a
STACK_COMMAND: kb
FOLLOWUP_IP:
usbhub!UsbhHubQueueProcessChangeWorker+77
fffff880`05d36bc7 488d8b78090000 lea rcx,[rbx+978h]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: usbhub!UsbhHubQueueProcessChangeWorker+77
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: usbhub
IMAGE_NAME: usbhub.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0b08
FAILURE_BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77
BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77
Followup: MachineOwner
---------
Drivers that may need updating:
Code:
lmimirr fffff880`048ab000 fffff880`048b2000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`03e72000 fffff880`03e79000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
PBADRV fffff880`01bd4000 fffff880`01be0000 Mon Jan 07 12:12:13 2008 (4782798d) 000085ef PBADRV.sys
LMIRfsDriver fffff880`03e79000 fffff880`03e8c000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
dsNcAdpt fffff880`048b2000 fffff880`048bf000 Mon Mar 30 20:33:33 2009 (49d180fd) 00010bf6 dsNcAdpt.sys
CLIFTYFALLS
Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\CLIFTYFALLS-PC-BSOD\Windows_NT6_BSOD_jcgriff2\120811-16426-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a54000 PsLoadedModuleList = 0xfffff800`02c99670
Debug session time: Thu Dec 8 05:15:14.037 2011 (UTC - 7:00)
System Uptime: 0 days 8:55:19.865
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {a65, 2, 0, fffff80002c00a9b}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1df )
Followup: Pool_corruption
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000a65, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80002c00a9b, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+1df
fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff880079514a0 -- (.trap 0xfffff880079514a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000a5d rbx=0000000000000000 rcx=fffff80002c5b4a0
rdx=fffffa800d0da4f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c00a9b rsp=fffff88007951630 rbp=0000000000000000
r8=fffffa800a2b6a70 r9=fffffa800d0da4b0 r10=0000000000000001
r11=fffffa800d0da4c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!ExDeferredFreePool+0x1df:
fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11 ds:00000000`00000a65=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ad01e9 to fffff80002ad0c40
STACK_TEXT:
fffff880`07951358 fffff800`02ad01e9 : 00000000`0000000a 00000000`00000a65 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07951360 fffff800`02acee60 : fffff6fb`7ea003d0 fffff800`02bfc514 fffff880`07951b60 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`079514a0 fffff800`02c00a9b : 00000000`00000000 fffff800`02c5b348 fffff6fb`7ea00302 00000000`00000040 : nt!KiPageFault+0x260
fffff880`07951630 fffff800`02c001a1 : fffffa80`0c30fcb0 fffffa80`09d673c0 00000000`00000000 00000000`000007ff : nt!ExDeferredFreePool+0x1df
fffff880`079516c0 fffff880`01615603 : 00000000`00000000 00000000`000000fb fffffa80`46706657 00000000`000000fb : nt!ExFreePoolWithTag+0x411
fffff880`07951770 fffff880`01615a65 : fffffa80`09d673d0 fffffa80`09d673d0 00000000`000000ff fffffa80`09d67ad0 : NETIO!HandleFilterFree+0x53
fffff880`079517a0 fffff880`01615b88 : fffffa80`09b44010 fffffa80`0ec36bb0 00000000`000000fb fffffa80`0c52b480 : NETIO!DeleteFilterFromIndex+0x165
fffff880`07951820 fffff880`01616454 : fffffa80`09000004 fffffa80`09e6ec00 fffffa80`09b44048 00000000`00000000 : NETIO!KfdCommitTransaction+0xe1
fffff880`07951860 fffff880`018e8fcb : fffffa80`09b44010 fffffa80`09e6ec00 fffffa80`0d69c990 00000000`00000001 : NETIO!IoctlKfdCommitTransaction+0x54
fffff880`07951890 fffff800`02deba97 : fffffa80`0d69c990 fffff880`07951b60 fffffa80`0d69c990 fffffa80`09b44010 : tcpip!KfdDispatchDevCtl+0x6b
fffff880`079518d0 fffff800`02dec2f6 : fffff680`000103f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07951a00 fffff800`02acfed3 : ffffffff`ffffffff 0000007f`ffffffff 00000000`00000000 00000980`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`07951a70 00000000`7709138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`025af5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7709138a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+1df
fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+1df
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+1df
BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+1df
Followup: Pool_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\CLIFTYFALLS-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010612-12183-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c00000 PsLoadedModuleList = 0xfffff800`02e45670
Debug session time: Fri Jan 6 10:32:13.431 2012 (UTC - 7:00)
System Uptime: 0 days 15:24:00.258
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, fffffa800f06eb30, fffffa800f06ee10, fffff80002f808b0}
Probably caused by : csrss.exe
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800f06eb30, Terminating object
Arg3: fffffa800f06ee10, Process image file name
Arg4: fffff80002f808b0, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: fffffa800f06eb30
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: csrss.exe
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0xF4_C0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`0955ee38 fffff800`030075e2 : 00000000`000000f4 00000000`00000003 fffffa80`0f06eb30 fffffa80`0f06ee10 : nt!KeBugCheckEx
fffff880`0955ee40 fffff800`02fb499b : ffffffff`ffffffff fffffa80`10107060 fffffa80`0f06eb30 fffffa80`0f06eb30 : nt!PspCatchCriticalBreak+0x92
fffff880`0955ee80 fffff800`02f34448 : ffffffff`ffffffff 00000000`00000001 fffffa80`0f06eb30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x176d6
fffff880`0955eed0 fffff800`02c7bed3 : fffffa80`0f06eb30 fffff800`c0000005 fffffa80`10107060 00000000`02d60540 : nt!NtTerminateProcess+0xf4
fffff880`0955ef50 fffff800`02c78470 : fffff800`02cc867f fffff880`0955fa38 fffff880`0955f790 fffff880`0955fae0 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0955f0e8 fffff800`02cc867f : fffff880`0955fa38 fffff880`0955f790 fffff880`0955fae0 00000000`02d62050 : nt!KiServiceLinkage
fffff880`0955f0f0 fffff800`02c7c2c2 : fffff880`0955fa38 00000000`00095fd0 fffff880`0955fae0 00000000`02d61b28 : nt! ?? ::FNODOBFM::`string'+0x49874
fffff880`0955f900 fffff800`02c7ae3a : 00000000`00000001 00000000`02d60c58 00000000`00000001 00000000`00095fd0 : nt!KiExceptionDispatch+0xc2
fffff880`0955fae0 00000000`77458e3d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
00000000`02d60c60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77458e3d
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xF4_C0000005_IMAGE_csrss.exe
BUCKET_ID: X64_0xF4_C0000005_IMAGE_csrss.exe
Followup: MachineOwner
---------
Drivers that may need updating:
Code:
lmimirr fffff880`05b8d000 fffff880`05b94000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`02e9f000 fffff880`02ea6000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
PBADRV fffff880`01b56000 fffff880`01b62000 Mon Jan 07 12:12:13 2008 (4782798d) 000085ef PBADRV.sys
LMIRfsDriver fffff880`02ea6000 fffff880`02eb9000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
COVINGTON
Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\112111-16863-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e56670
Debug session time: Mon Nov 21 08:32:48.864 2011 (UTC - 7:00)
System Uptime: 12 days 7:16:15.529
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002f2d205, fffff880021fc848, fffff880021fc0a0}
Probably caused by : memory_corruption ( nt!MiSegmentDelete+21 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002f2d205, The address that the exception occurred at
Arg3: fffff880021fc848, Exception Record Address
Arg4: fffff880021fc0a0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiSegmentDelete+21
fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch]
EXCEPTION_RECORD: fffff880021fc848 -- (.exr 0xfffff880021fc848)
ExceptionAddress: fffff80002f2d205 (nt!MiSegmentDelete+0x0000000000000021)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880021fc0a0 -- (.cxr 0xfffff880021fc0a0)
rax=0000000000000000 rbx=00000000000840a1 rcx=fffffa800d4ab4c0
rdx=0000000080000000 rsi=fffffa800d4ab4c0 rdi=fffffa800d4ab4c0
rip=fffff80002f2d205 rsp=fffff880021fca80 rbp=0000000000000001
r8=0000000000000000 r9=fffff880033f3180 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=a516b0d111111111
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!MiSegmentDelete+0x21:
fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch] ds:002b:a516b0d1`1111111d=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec0100
ffffffffffffffff
FOLLOWUP_IP:
nt!MiSegmentDelete+21
fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff80002cdb18d to fffff80002f2d205
STACK_TEXT:
fffff880`021fca80 fffff800`02cdb18d : fffffa80`0d4ab4c8 00000000`00000001 00000000`00000000 00000000`00000631 : nt!MiSegmentDelete+0x21
fffff880`021fcac0 fffff800`02cdb051 : 00000000`00000000 00000000`00000080 fffffa80`099dc040 fffffa80`00000012 : nt!MiProcessDereferenceList+0x131
fffff880`021fcb80 fffff800`02f28fee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiDereferenceSegmentThread+0x10d
fffff880`021fcc00 fffff800`02c7f5e6 : fffff880`03381180 fffffa80`09a73040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`021fcc40 00000000`00000000 : fffff880`021fd000 fffff880`021f7000 fffff880`021fc6b0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiSegmentDelete+21
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff880021fc0a0 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x7E_nt!MiSegmentDelete+21
BUCKET_ID: X64_0x7E_nt!MiSegmentDelete+21
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122911-16442-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c03000 PsLoadedModuleList = 0xfffff800`02e48670
Debug session time: Thu Dec 29 09:57:54.612 2011 (UTC - 7:00)
System Uptime: 0 days 14:33:36.814
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff88005c56fae, fffff8800cadaa60, 0}
Probably caused by : ks.sys ( ks!FindAndReferenceCreateItem+2e )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88005c56fae, Address of the instruction which caused the bugcheck
Arg3: fffff8800cadaa60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
ks!FindAndReferenceCreateItem+2e
fffff880`05c56fae 48833800 cmp qword ptr [rax],0
CONTEXT: fffff8800cadaa60 -- (.cxr 0xfffff8800cadaa60)
rax=fa800f14f0d004c0 rbx=fffff8a004000000 rcx=fffff8a00fc676e2
rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88005c56fae rsp=fffff8800cadb440 rbp=0000000000000020
r8=fffffa800d0054c0 r9=fffffa800f695c60 r10=0000000000000000
r11=fffffa800eb80a70 r12=fffffa800d0054c0 r13=fffff8a00fc676e2
r14=0000000000000000 r15=fffffa800d00b610
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
ks!FindAndReferenceCreateItem+0x2e:
fffff880`05c56fae 48833800 cmp qword ptr [rax],0 ds:002b:fa800f14`f0d004c0=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: audiodg.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88005c56fae
STACK_TEXT:
fffff880`0cadb440 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ks!FindAndReferenceCreateItem+0x2e
FOLLOWUP_IP:
ks!FindAndReferenceCreateItem+2e
fffff880`05c56fae 48833800 cmp qword ptr [rax],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ks!FindAndReferenceCreateItem+2e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ks
IMAGE_NAME: ks.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a3f3
STACK_COMMAND: .cxr 0xfffff8800cadaa60 ; kb
FAILURE_BUCKET_ID: X64_0x3B_ks!FindAndReferenceCreateItem+2e
BUCKET_ID: X64_0x3B_ks!FindAndReferenceCreateItem+2e
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010512-10982-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c62000 PsLoadedModuleList = 0xfffff800`02ea7670
Debug session time: Thu Jan 5 19:00:41.125 2012 (UTC - 7:00)
System Uptime: 7 days 9:01:28.598
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 109b, fdd1d1fc, fffffa800cfca4c0}
Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
GetPointerFromAddress: unable to read from fffff80002f11100
GetUlongFromAddress: unable to read from fffff80002e7fa18
Probably caused by : MpFilter.sys ( MpFilter+d84d )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 00000000fdd1d1fc, Memory contents of the pool block
Arg4: fffffa800cfca4c0, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from fffff80002e7fa18
POOL_ADDRESS: fffffa800cfca4c0
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e0cbe9 to fffff80002cdec40
STACK_TEXT:
fffff880`02184fa8 fffff800`02e0cbe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`fdd1d1fc : nt!KeBugCheckEx
fffff880`02184fb0 fffff880`03a7684d : 00000000`00000705 fffff8a0`006e43a8 fffff8a0`00312290 fffff880`011ad2c8 : nt!ExDeferredFreePool+0x1201
fffff880`02185060 00000000`00000705 : fffff8a0`006e43a8 fffff8a0`00312290 fffff880`011ad2c8 00000000`73634946 : MpFilter+0xd84d
fffff880`02185068 fffff8a0`006e43a8 : fffff8a0`00312290 fffff880`011ad2c8 00000000`73634946 fffff8a0`00717d80 : 0x705
fffff880`02185070 fffff8a0`00312290 : fffff880`011ad2c8 00000000`73634946 fffff8a0`00717d80 fffffa80`0c1ddc40 : 0xfffff8a0`006e43a8
fffff880`02185078 fffff880`011ad2c8 : 00000000`73634946 fffff8a0`00717d80 fffffa80`0c1ddc40 fffff880`011b66ce : 0xfffff8a0`00312290
fffff880`02185080 fffff880`011d220d : fffff8a0`00312248 fffff880`011a8000 00000000`00000000 00000000`00000090 : fltmgr!TreeUnlinkMulti+0x148
fffff880`021850d0 fffff880`011cd311 : fffffa80`0a320800 00000000`00000130 fffff8a0`006e4140 00000000`00000000 : fltmgr! ?? ::NNGAKEGL::`string'+0x1196
fffff880`02185100 fffff880`011cd3fb : fffffa80`0a320800 fffff8a0`006e43a8 fffffa80`0a320800 fffffa80`09ab3040 : fltmgr!CleanupStreamListCtrl+0x21
fffff880`02185140 fffff800`02f9790e : 00000000`00000001 fffff800`02cbac2f 00000000`00000705 fffff880`0122ff49 : fltmgr!DeleteStreamListCtrlCallback+0x6b
fffff880`02185170 fffff880`012b2bac : fffff8a0`006e4140 fffffa80`09ab3040 fffff880`02185248 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2
fffff880`021851c0 fffff880`012b7cc1 : fffffa00`01010000 00000000`00000000 00000000`00000000 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108
fffff880`02185200 fffff880`0123085c : fffff8a0`006e4040 fffff8a0`006e4140 00000000`00000000 fffff880`02185372 : Ntfs!NtfsRemoveScb+0x61
fffff880`02185240 fffff880`012b564c : fffff8a0`006e4010 00000000`00000001 fffff880`02185372 fffffa80`0fb1a010 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`02185270 fffff880`012370e2 : fffffa80`0fb1a010 fffffa80`0fb1a010 fffff8a0`006e4010 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc
fffff880`021852f0 fffff880`012c5193 : fffffa80`0fb1a010 00000000`00000001 fffff8a0`006e4010 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`02185330 fffff880`012b4357 : fffffa80`0fb1a010 fffff8a0`006e4140 fffff8a0`006e4010 fffffa80`0c44f180 : Ntfs!NtfsCommonClose+0x353
fffff880`02185400 fffff880`012a3291 : fffffa80`0c44f180 fffffa00`01000100 fffff8a0`0000fa01 00000000`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`021854d0 fffff880`013789fa : fffff880`021857d0 fffffa80`0c44f180 fffff880`02185701 fffff880`01399100 : Ntfs!NtfsFlushVolume+0x75
fffff880`02185600 fffff880`0139cbc7 : fffff880`021857d0 fffffa80`0c44f180 fffffa80`0c44f180 fffffa80`0c44f180 : Ntfs!NtfsCheckpointVolumeUntilDone+0x4a
fffff880`02185680 fffff880`012ef27b : fffff880`021857d0 fffffa80`0c44f180 fffffa80`0eb0fb50 fffffa80`0c44f188 : Ntfs!NtfsShutdownVolume+0xa7
fffff880`02185700 fffff880`013a4fc5 : fffff880`021857d0 00000000`00000000 fffff880`0139eae0 00000000`00000000 : Ntfs!NtfsForEachVcb+0x167
fffff880`021857a0 fffff880`011a96af : fffffa80`0a773300 fffff800`02e7f260 fffff800`02ede990 fffffa80`0eb0fb50 : Ntfs!NtfsFsdShutdown+0x145
fffff880`021859d0 fffff800`02f2942c : fffffa80`0a773990 fffff800`02e89620 00000000`00000001 00000000`00000000 : fltmgr!FltpDispatch+0x9f
fffff880`02185a30 fffff800`02f295c2 : 00000000`00000001 00000000`00000001 fffff800`02e7f260 00000000`00000000 : nt!IopShutdownBaseFileSystems+0xac
fffff880`02185ab0 fffff800`02f2a286 : fffff800`02f2a0a0 fffff800`02e7f260 00000000`00000001 00000000`00000001 : nt!IoShutdownSystem+0x122
fffff880`02185b30 fffff800`02ce9001 : fffff800`02f2a0a0 fffff800`02fd5901 fffffa80`09ab3000 00000000`00000004 : nt!PopGracefulShutdown+0x1e6
fffff880`02185b70 fffff800`02f79fee : 00000000`00000000 fffffa80`09ab3040 00000000`00000080 fffffa80`099eb040 : nt!ExpWorkerThread+0x111
fffff880`02185c00 fffff800`02cd05e6 : fffff880`03381180 fffffa80`09ab3040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02185c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
MpFilter+d84d
fffff880`03a7684d ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: MpFilter+d84d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MpFilter
IMAGE_NAME: MpFilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9cc801
FAILURE_BUCKET_ID: X64_0xc2_7_MpFilter+d84d
BUCKET_ID: X64_0xc2_7_MpFilter+d84d
Followup: MachineOwner
---------
Drivers that may need updating:
Code:
lmimirr fffff880`05b08000 fffff880`05b0f000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`05872000 fffff880`05879000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
PBADRV fffff880`01b04000 fffff880`01b10000 Mon Jan 07 12:12:13 2008 (4782798d) 000085ef PBADRV.sys
LMIRfsDriver fffff880`05879000 fffff880`0588c000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
DILLSBORO
Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\110211-23197-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c56000 PsLoadedModuleList = 0xfffff800`02e9b670
Debug session time: Wed Nov 2 07:15:53.720 2011 (UTC - 7:00)
System Uptime: 7 days 9:56:21.776
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88005c5b439, fffff880035623f8, fffff88003561c50}
Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_StopDevice+48d )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88005c5b439, The address that the exception occurred at
Arg3: fffff880035623f8, Exception Record Address
Arg4: fffff88003561c50, Context Record Address
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'usbhub' and 'usbhub.sys' overlap
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
USBPORT!USBPORT_StopDevice+48d
fffff880`05c5b439 ff5008 call qword ptr [rax+8]
EXCEPTION_RECORD: fffff880035623f8 -- (.exr 0xfffff880035623f8)
ExceptionAddress: fffff88005c5b439 (USBPORT!USBPORT_StopDevice+0x000000000000048d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008
CONTEXT: fffff88003561c50 -- (.cxr 0xfffff88003561c50)
rax=0000000000000000 rbx=fffffa800e3a61a0 rcx=0000000000080001
rdx=0000000000000000 rsi=fffffa800e3a6050 rdi=fffffa800e3a61a0
rip=fffff88005c5b439 rsp=fffff88003562630 rbp=fffffa800e3a7168
r8=000000004f444648 r9=0000000000000000 r10=0000000000000000
r11=fffff880009cf180 r12=000000004f444648 r13=0000000000000000
r14=0000000000000000 r15=00000000ffffffff
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
USBPORT!USBPORT_StopDevice+0x48d:
fffff880`05c5b439 ff5008 call qword ptr [rax+8] ds:002b:00000000`00000008=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000008
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f05100
0000000000000008
FOLLOWUP_IP:
USBPORT!USBPORT_StopDevice+48d
fffff880`05c5b439 ff5008 call qword ptr [rax+8]
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff88005c70cbd to fffff88005c5b439
STACK_TEXT:
fffff880`03562630 fffff880`05c70cbd : fffffa80`0e38b1a0 fffffa80`2346a010 fffffa80`0e3a61a0 fffffa80`0e3a6050 : USBPORT!USBPORT_StopDevice+0x48d
fffff880`035626a0 fffff880`05c5c8f5 : fffffa80`0e4604d0 fffff8a0`0c013760 fffffa80`0e3a6050 fffffa80`0e4604d0 : USBPORT!USBPORT_FdoPnP+0x3a9
fffff880`03562750 fffff800`02f3daf9 : fffff8a0`0c013760 00000000`c00000bb fffff880`03562838 fffffa80`2346a010 : USBPORT!USBPORT_DispatchPnP+0x1d
fffff880`03562780 fffff800`030bbf71 : fffffa80`0e4604d0 00000000`00000000 fffffa80`0e42e230 00000000`00000801 : nt!IopSynchronousCall+0xc5
fffff880`035627f0 fffff800`02dcf133 : fffff8a0`0d003a70 fffff8a0`0d003a70 00000000`00000015 00000000`00000000 : nt!IopRemoveDevice+0x101
fffff880`035628b0 fffff800`030bbac4 : fffffa80`0e42e230 00000000`00000000 00000000`00000002 fffffa80`0e4604d0 : nt!PnpRemoveLockedDeviceNode+0x1a3
fffff880`03562900 fffff800`030bbbd0 : 00000000`00000000 fffff8a0`0d16a801 fffff8a0`0c2f1510 ffffd35c`2222c568 : nt!PnpDeleteLockedDeviceNode+0x44
fffff880`03562930 fffff800`0314ca34 : 00000000`00000002 00000000`00000000 fffffa80`0e42e230 fffff8a0`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0
fffff880`035629a0 fffff800`0314d08c : fffff880`00000000 fffffa80`10291300 fffffa80`09a86000 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xc34
fffff880`03562ae0 fffff800`0303634e : 00000000`00000000 fffffa80`10291370 fffff8a0`03a54570 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff880`03562b10 fffff800`02cdd001 : fffff800`02f3c998 fffff8a0`0d16a8b0 fffff800`02e732b8 fffffa80`09a86040 : nt! ?? ::NNGAKEGL::`string'+0x5b3cb
fffff880`03562b70 fffff800`02f6dfee : 00000000`00000000 fffffa80`09a86040 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111
fffff880`03562c00 fffff800`02cc45e6 : fffff880`02174180 fffffa80`09a86040 fffff880`0217f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03562c40 00000000`00000000 : fffff880`03563000 fffff880`0355d000 fffff880`03562220 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: USBPORT!USBPORT_StopDevice+48d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: USBPORT
IMAGE_NAME: USBPORT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0c08
STACK_COMMAND: .cxr 0xfffff88003561c50 ; kb
FAILURE_BUCKET_ID: X64_0x7E_USBPORT!USBPORT_StopDevice+48d
BUCKET_ID: X64_0x7E_USBPORT!USBPORT_StopDevice+48d
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010412-13244-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c4c000 PsLoadedModuleList = 0xfffff800`02e91670
Debug session time: Wed Jan 4 13:22:56.176 2012 (UTC - 7:00)
System Uptime: 5 days 22:57:57.004
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffffffffffffa, 2, 0, fffff80002cd82ce}
Probably caused by : ntkrnlmp.exe ( nt!IopTimerDispatch+121 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffffffffffa, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cd82ce, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efb100
fffffffffffffffa
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopTimerDispatch+121
fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff80000b9c190 -- (.trap 0xfffff80000b9c190)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=fffffa800d07ef00
rdx=fffffa800d07ed02 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd82ce rsp=fffff80000b9c320 rbp=0000000000000000
r8=000000004f444600 r9=0000000000000000 r10=bff807ffc2ec9f64
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!IopTimerDispatch+0x121:
fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx ds:0001:ffffffff`fffffffa=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc81e9 to fffff80002cc8c40
STACK_TEXT:
fffff800`00b9c048 fffff800`02cc81e9 : 00000000`0000000a ffffffff`fffffffa 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`00b9c050 fffff800`02cc6e60 : 00000000`00000000 00000000`00000008 fffffa80`0cf4c8d0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c190 fffff800`02cd82ce : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`0d04b4c8 : nt!KiPageFault+0x260
fffff800`00b9c320 fffff800`02cd45fc : 00000000`00000002 fffff800`00b9c4c0 00000000`00000006 00000000`00000000 : nt!IopTimerDispatch+0x121
fffff800`00b9c430 fffff800`02cd4496 : fffffa80`11535010 fffffa80`11535010 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`00b9c4a0 fffff800`02cd437e : 000004ae`536682b0 fffff800`00b9cb18 00000000`01f76aa0 fffff800`02e42688 : nt!KiProcessExpiredTimerList+0xc6
fffff800`00b9caf0 fffff800`02cd4167 : 0000018c`fae9aee0 0000018c`01f76aa0 0000018c`fae9ae76 00000000`000000a0 : nt!KiTimerExpiration+0x1be
fffff800`00b9cb90 fffff800`02cc096a : fffff800`02e3ee80 fffff800`02e4ccc0 00000000`00000002 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!IopTimerDispatch+121
fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!IopTimerDispatch+121
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!IopTimerDispatch+121
BUCKET_ID: X64_0xA_nt!IopTimerDispatch+121
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010512-15522-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c0c000 PsLoadedModuleList = 0xfffff800`02e51670
Debug session time: Thu Jan 5 14:03:23.861 2012 (UTC - 7:00)
System Uptime: 1 days 0:39:13.562
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002c47f80, fffff8800842eb40, 0}
Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c47f80, Address of the instruction which caused the bugcheck
Arg3: fffff8800842eb40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx
CONTEXT: fffff8800842eb40 -- (.cxr 0xfffff8800842eb40)
rax=3333333333333360 rbx=000000000000003b rcx=000000000000003b
rdx=fffff80002dfa460 rsi=0000000000000000 rdi=fffff8800842f6d0
rip=fffff80002c47f80 rsp=fffff8800842f528 rbp=fffffa800f02e960
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff88003181180 r12=0000000000000001 r13=0000000000000001
r14=fffff8a00ee1f380 r15=fffff8800842f6e8
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
nt!WmipDoFindRegEntryByProviderId+0x10:
fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx ds:002b:33333333`33333390=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c47f80
STACK_TEXT:
fffff880`0842f528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10
FOLLOWUP_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800842eb40 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010812-10810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c14000 PsLoadedModuleList = 0xfffff800`02e59670
Debug session time: Sun Jan 8 15:07:40.515 2012 (UTC - 7:00)
System Uptime: 2 days 20:02:46.551
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck E4, {1, fffffa800d0404c0, 1, 0}
Probably caused by : usbhub.sys ( usbhub!UsbhHubQueueProcessChangeWorker+77 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WORKER_INVALID (e4)
A executive worker item was found in memory which must not contain such
items or a work item was queued that is currently active in the system.
Usually this is memory being freed. This is usually caused by
a device driver that has not cleaned up properly before freeing memory.
Arguments:
Arg1: 0000000000000001, Queuing of active worker item
Arg2: fffffa800d0404c0, Address of worker item
Arg3: 0000000000000001, Queue number
Arg4: 0000000000000000, 0
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xE4
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002c4c59a to fffff80002c90c40
STACK_TEXT:
fffff880`0330d328 fffff800`02c4c59a : 00000000`000000e4 00000000`00000001 fffffa80`0d0404c0 00000000`00000001 : nt!KeBugCheckEx
fffff880`0330d330 fffff880`05d2cbc7 : fffffa80`0d95fb20 fffffa80`0d95fb20 fffffa80`0d178000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x104aa
fffff880`0330d370 fffff880`05d27362 : fffffa80`0d95fb20 fffffa80`0d178050 fffffa80`0d178050 fffffa80`63654448 : usbhub!UsbhHubQueueProcessChangeWorker+0x77
fffff880`0330d3b0 fffff880`05d25bef : 00000000`00000000 fffffa80`50447100 fffffa80`0d95fb20 fffff880`00100000 : usbhub!Usbh_PCE_Enable_Action+0x212
fffff880`0330d400 fffff880`05d2a900 : fffffa80`0d178050 00000000`00000001 fffffa80`0d178918 00000000`00000002 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0x123
fffff880`0330d440 fffff880`05d22feb : 00000000`00000002 fffffa80`0d178918 00000000`00000000 fffff800`00000000 : usbhub!UsbhPCE_Enable+0xb0
fffff880`0330d490 fffff880`05d22850 : 00000000`00000003 fffffa80`0d1781a0 fffffa80`0d178050 00000000`00000008 : usbhub!UsbhBusResume_Action+0x8f
fffff880`0330d4d0 fffff880`05d22ea3 : fffffa80`0d1781a0 00000000`00000008 fffffa80`0d178050 00000000`00000000 : usbhub!UsbhReleaseBusStateLock+0x50
fffff880`0330d500 fffff880`05d239a6 : fffffa80`0d178918 fffffa80`0d1781a0 fffffa80`0d178050 fffffa80`09fc6538 : usbhub!UsbhDispatch_BusEvent+0x1fb
fffff880`0330d550 fffff880`05d54a75 : 00000000`00000000 fffff880`6e447352 00000000`00000000 fffffa80`0d173000 : usbhub!UsbhSyncBusResume+0x42
fffff880`0330d590 fffff880`05d53a9e : 00000000`00000000 fffffa80`0d1781a0 fffffa80`0d1781a0 fffffa80`0d178050 : usbhub!UsbhSshResumeDownstream+0x59
fffff880`0330d610 fffff880`05d53473 : 00000000`00000008 00000000`00000001 fffffa80`0d178050 00000000`00000000 : usbhub!Usbh_SSH_HubPendingResume+0xb6
fffff880`0330d650 fffff880`05d1c0ad : fffffa80`09fc6390 fffffa80`0cc43050 fffffa80`0d173050 fffffa80`0d178050 : usbhub!Usbh_SSH_Event+0x10b
fffff880`0330d680 fffff880`05d1bfdf : fffffa80`09fc6390 fffffa80`0d173050 00000000`00000778 fffffa80`0d1731a0 : usbhub!UsbhFdoInternalDeviceControl+0x75
fffff880`0330d6c0 fffff880`05a87459 : fffffa80`0cf3edf0 fffffa80`0d178050 00000000`00000000 fffffa80`0d173050 : usbhub!UsbhGenDispatch+0x7f
fffff880`0330d6f0 fffff880`05a87363 : fffffa80`0cf3edf0 fffffa80`0cc43050 fffffa80`0cc431a0 00000000`00000000 : USBPORT!USBPORT_SendSynchronousUsbIoctlRequest+0xd1
fffff880`0330d780 fffff880`05d54949 : 00000000`00000000 fffffa80`0d1781a0 fffffa80`0d178918 fffffa80`0d178050 : USBPORT!USBPORTBUSIF_ResumeRootHub+0x19f
fffff880`0330d7d0 fffff880`05d53993 : 00000000`00000000 00000000`00000001 fffff800`00000003 fffffa80`0d178050 : usbhub!UsbhSshResumeUpstream+0x79
fffff880`0330d830 fffff880`05d53482 : 00000000`00000006 fffffa80`0d178050 fffff880`0330d868 00000000`00000030 : usbhub!Usbh_SSH_HubSuspended+0xd3
fffff880`0330d860 fffff880`05d46f79 : fffffa80`0d178050 fffffa80`0db2e1a0 fffffa80`0d97d060 fffffa80`0d97d1b0 : usbhub!Usbh_SSH_Event+0x11a
fffff880`0330d890 fffff880`05d54949 : 00000000`00000000 fffffa80`0db2e1a0 fffffa80`0db2e708 fffffa80`0db2e050 : usbhub!UsbhBusIf_ResumeChildHub+0x65
fffff880`0330d8d0 fffff880`05d53993 : 00000000`00000000 00000000`00000001 fffff800`00000003 fffffa80`0db2e050 : usbhub!UsbhSshResumeUpstream+0x79
fffff880`0330d930 fffff880`05d53482 : 00000000`00000006 fffffa80`0db2e050 fffffa80`0db2e050 fffffa80`0db2e050 : usbhub!Usbh_SSH_HubSuspended+0xd3
fffff880`0330d960 fffff880`05d5320e : fffffa80`0e493c60 fffffa80`0db2e050 fffffa80`0db2e050 fffffa80`0e493c88 : usbhub!Usbh_SSH_Event+0x11a
fffff880`0330d990 fffff880`05d35cd8 : fffffa80`0db2e1a0 00000000`00000006 fffffa80`0db2e050 00000000`000007ff : usbhub!UsbhIncHubBusy+0x116
fffff880`0330d9f0 fffff880`05d367f9 : fffffa80`0db2e708 00000000`00000006 fffffa80`0ff0f2b0 fffffa80`0db2e050 : usbhub!UsbhFdoSetPowerSx_Action+0x9c
fffff880`0330da40 fffff880`05d35789 : fffffa80`0ff0f530 fffffa80`0db2e1a0 fffffa80`0db2e050 fffffa80`0e976050 : usbhub!UsbhFdoSystemPowerState+0x435
fffff880`0330daa0 fffff880`05d34a3b : fffffa80`0ff0f2b0 00000000`00000000 fffffa80`0db2e050 fffffa80`0e98d050 : usbhub!UsbhFdoPower_SetPower+0x9d
fffff880`0330dae0 fffff880`05d1bfdf : 00000000`00000001 fffffa80`0db2e050 00000000`00000000 fffffa80`0ec33c60 : usbhub!UsbhFdoPower+0xaf
fffff880`0330db20 fffff800`02da6f65 : 00000000`00000000 00000000`00000002 00000000`00000001 fffffa80`0ff0f358 : usbhub!UsbhGenDispatch+0x7f
fffff880`0330db50 fffff800`02f2bfee : 00000000`00000000 fffffa80`09a40b60 00000000`00000080 2e876a21`48452819 : nt!PopIrpWorker+0x3c5
fffff880`0330dc00 fffff800`02c825e6 : fffff880`0330f180 fffffa80`09a40b60 fffff880`0331a0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0330dc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
usbhub!UsbhHubQueueProcessChangeWorker+77
fffff880`05d2cbc7 488d8b78090000 lea rcx,[rbx+978h]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: usbhub!UsbhHubQueueProcessChangeWorker+77
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: usbhub
IMAGE_NAME: usbhub.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0b08
FAILURE_BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77
BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77
Followup: MachineOwner
---------
Drivers that may need updating:
Code:
lmimirr fffff880`05b1c000 fffff880`05b23000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`03c82000 fffff880`03c89000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
PBADRV fffff880`01b1a000 fffff880`01b26000 Mon Jan 07 12:12:13 2008 (4782798d) 000085ef PBADRV.sys
LMIRfsDriver fffff880`03c89000 fffff880`03c9c000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
DUNELAND
Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\111011-22869-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c0e000 PsLoadedModuleList = 0xfffff800`02e53670
Debug session time: Thu Nov 10 02:15:35.378 2011 (UTC - 7:00)
System Uptime: 2 days 21:03:13.580
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, fffffa800d40c4c0, fffffa800d40c950, 94492492}
GetPointerFromAddress: unable to read from fffff80002ebd100
GetUlongFromAddress: unable to read from fffff80002e2ba18
Probably caused by : ntkrnlmp.exe ( nt!FsRtlTeardownPerStreamContexts+e2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffffa800d40c4c0, The pool entry we were looking for within the page.
Arg3: fffffa800d40c950, The next pool entry.
Arg4: 0000000094492492, (reserved)
Debugging Details:
------------------
GetUlongFromAddress: unable to read from fffff80002e2ba18
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: fffffa800d40c4c0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002db8cae to fffff80002c8ac40
STACK_TEXT:
fffff880`021850b8 fffff800`02db8cae : 00000000`00000019 00000000`00000020 fffffa80`0d40c4c0 fffffa80`0d40c950 : nt!KeBugCheckEx
fffff880`021850c0 fffff800`02f4390e : 00000000`00000705 00003450`13ed96df fffff8a0`53924924 fffff880`01239f49 : nt!ExDeferredFreePool+0x12da
fffff880`02185170 fffff880`012bcbac : fffff8a0`04f04890 fffffa80`09ab3040 fffff880`02185248 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2
fffff880`021851c0 fffff880`012c1cc1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108
fffff880`02185200 fffff880`0123a85c : fffff8a0`04f04790 fffff8a0`04f04890 00000000`00000000 00000000`000004d0 : Ntfs!NtfsRemoveScb+0x61
fffff880`02185240 fffff880`012bf64c : fffff8a0`04f04760 00000000`00000001 fffff880`02185372 fffffa80`0a318370 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`02185270 fffff880`012410e2 : fffffa80`0a318370 fffffa80`0a318370 fffff8a0`04f04760 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc
fffff880`021852f0 fffff880`012cf193 : fffffa80`0a318370 00000000`00000001 fffff8a0`04f04760 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`02185330 fffff880`012be357 : fffffa80`0a318370 fffff8a0`04f04890 fffff8a0`04f04760 fffffa80`0cedc180 : Ntfs!NtfsCommonClose+0x353
fffff880`02185400 fffff880`012ad291 : fffffa80`0cedc180 00000000`01000100 fffff8a0`0000ea01 00000000`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`021854d0 fffff880`013829fa : fffff880`021857d0 fffffa80`0cedc180 fffff880`02185701 fffff880`013a3100 : Ntfs!NtfsFlushVolume+0x75
fffff880`02185600 fffff880`013a6bc7 : fffff880`021857d0 fffffa80`0cedc180 fffffa80`0cedc180 fffffa80`0cedc180 : Ntfs!NtfsCheckpointVolumeUntilDone+0x4a
fffff880`02185680 fffff880`012f927b : fffff880`021857d0 fffffa80`0cedc180 fffffa80`0e9b8010 fffffa80`0cedc188 : Ntfs!NtfsShutdownVolume+0xa7
fffff880`02185700 fffff880`013aefc5 : fffff880`021857d0 00000000`00000000 fffff880`013a8ae0 00000000`00000000 : Ntfs!NtfsForEachVcb+0x167
fffff880`021857a0 fffff880`0119f6af : fffffa80`0c0ce4b0 fffff800`02e2b260 fffff800`02e8a990 fffffa80`0e9b8010 : Ntfs!NtfsFsdShutdown+0x145
fffff880`021859d0 fffff800`02ed542c : fffffa80`0c0cebd0 fffff800`02e35620 00000000`00000001 00000000`00000000 : fltmgr!FltpDispatch+0x9f
fffff880`02185a30 fffff800`02ed55c2 : 00000000`00000001 00000000`00000001 fffff800`02e2b260 00000000`00000000 : nt!IopShutdownBaseFileSystems+0xac
fffff880`02185ab0 fffff800`02ed6286 : fffff800`02ed60a0 fffff800`02e2b260 00000000`00000001 00000000`00000001 : nt!IoShutdownSystem+0x122
fffff880`02185b30 fffff800`02c95001 : fffff800`02ed60a0 fffff800`02e2b201 fffff800`02e8c800 00000000`00000004 : nt!PopGracefulShutdown+0x1e6
fffff880`02185b70 fffff800`02f25fee : 00000000`00000000 fffffa80`09ab3040 00000000`00000080 fffffa80`099eb040 : nt!ExpWorkerThread+0x111
fffff880`02185c00 fffff800`02c7c5e6 : fffff880`03381180 fffffa80`09ab3040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02185c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!FsRtlTeardownPerStreamContexts+e2
fffff800`02f4390e 448a5e07 mov r11b,byte ptr [rsi+7]
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!FsRtlTeardownPerStreamContexts+e2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x19_20_nt!FsRtlTeardownPerStreamContexts+e2
BUCKET_ID: X64_0x19_20_nt!FsRtlTeardownPerStreamContexts+e2
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\120811-10108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c60000 PsLoadedModuleList = 0xfffff800`02ea5670
Debug session time: Thu Dec 8 06:31:56.256 2011 (UTC - 7:00)
System Uptime: 0 days 10:11:45.458
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.
Unable to load image \SystemRoot\system32\drivers\RTDVHD64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for RTDVHD64.sys
*** ERROR: Module load completed but symbols could not be loaded for RTDVHD64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88005f4d8a9, fffff8800476a748, fffff88004769fa0}
Probably caused by : RTDVHD64.sys ( RTDVHD64+1458a9 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88005f4d8a9, The address that the exception occurred at
Arg3: fffff8800476a748, Exception Record Address
Arg4: fffff88004769fa0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
RTDVHD64+1458a9
fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h]
EXCEPTION_RECORD: fffff8800476a748 -- (.exr 0xfffff8800476a748)
ExceptionAddress: fffff88005f4d8a9 (RTDVHD64+0x00000000001458a9)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88004769fa0 -- (.cxr 0xfffff88004769fa0)
rax=9c74979a72959a72 rbx=fffffa800d074530 rcx=fffffa800d06e4c0
rdx=fffffa800d09b4d0 rsi=fffffa800d1fd000 rdi=fffffa800d1fd000
rip=fffff88005f4d8a9 rsp=fffff8800476a980 rbp=0000000000000000
r8=fffff88005ebfef8 r9=fffff80002e52e80 r10=0000000000000009
r11=fffffa800d0a4580 r12=0000000000000000 r13=0000000000000001
r14=0000000000000004 r15=0000000000000001
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
RTDVHD64+0x1458a9:
fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h] ds:002b:9c74979a`72959ad2=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0f100
ffffffffffffffff
FOLLOWUP_IP:
RTDVHD64+1458a9
fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 8000000000000000 to fffff88005f4d8a9
STACK_TEXT:
fffff880`0476a980 80000000`00000000 : 00000000`00000000 fffffa80`0d083500 fffff880`05e0ade8 00000000`00000009 : RTDVHD64+0x1458a9
fffff880`0476a988 00000000`00000000 : fffffa80`0d083500 fffff880`05e0ade8 00000000`00000009 fffffa80`0d0a49c0 : 0x80000000`00000000
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: RTDVHD64+1458a9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RTDVHD64
IMAGE_NAME: RTDVHD64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c8eefa2
STACK_COMMAND: .cxr 0xfffff88004769fa0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_RTDVHD64+1458a9
BUCKET_ID: X64_0x7E_RTDVHD64+1458a9
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121211-11824-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c00000 PsLoadedModuleList = 0xfffff800`02e45670
Debug session time: Mon Dec 12 11:34:23.987 2011 (UTC - 7:00)
System Uptime: 2 days 23:46:51.189
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002c3bf80, fffff8800d18cb40, 0}
Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c3bf80, Address of the instruction which caused the bugcheck
Arg3: fffff8800d18cb40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx
CONTEXT: fffff8800d18cb40 -- (.cxr 0xfffff8800d18cb40)
rax=ff847fb083ff1a9b rbx=0000000000000044 rcx=0000000000000044
rdx=fffff80002dee460 rsi=0000000000000000 rdi=fffff8800d18d6d0
rip=fffff80002c3bf80 rsp=fffff8800d18d528 rbp=fffffa800f80e010
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff880033f3180 r12=0000000000000001 r13=0000000000000001
r14=fffff8a012112d78 r15=fffff8800d18d6e8
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!WmipDoFindRegEntryByProviderId+0x10:
fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx ds:002b:ff847fb0`83ff1acb=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c3bf80
STACK_TEXT:
fffff880`0d18d528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10
FOLLOWUP_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800d18cb40 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121311-10389-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c64000 PsLoadedModuleList = 0xfffff800`02ea9670
Debug session time: Tue Dec 13 09:39:57.874 2011 (UTC - 7:00)
System Uptime: 0 days 22:04:11.702
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002c9ff80, fffff88009c93b40, 0}
Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c9ff80, Address of the instruction which caused the bugcheck
Arg3: fffff88009c93b40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx
CONTEXT: fffff88009c93b40 -- (.cxr 0xfffff88009c93b40)
rax=24a0000000000000 rbx=0000000000000042 rcx=0000000000000042
rdx=fffff80002e52460 rsi=0000000000000000 rdi=fffff88009c946d0
rip=fffff80002c9ff80 rsp=fffff88009c94528 rbp=fffffa800e91bbe0
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff88003181180 r12=0000000000000001 r13=0000000000000001
r14=fffff8a00fb99a70 r15=fffff88009c946e8
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
nt!WmipDoFindRegEntryByProviderId+0x10:
fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx ds:002b:24a00000`00000030=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c9ff80
STACK_TEXT:
fffff880`09c94528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10
FOLLOWUP_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff88009c93b40 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121511-11840-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c1d000 PsLoadedModuleList = 0xfffff800`02e62670
Debug session time: Thu Dec 15 15:36:40.020 2011 (UTC - 7:00)
System Uptime: 1 days 18:47:24.222
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002c58f80, fffff8800a682b40, 0}
Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c58f80, Address of the instruction which caused the bugcheck
Arg3: fffff8800a682b40, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx
CONTEXT: fffff8800a682b40 -- (.cxr 0xfffff8800a682b40)
rax=8888888800000000 rbx=0000000000000043 rcx=0000000000000043
rdx=fffff80002e0b460 rsi=0000000000000000 rdi=fffff8800a6836d0
rip=fffff80002c58f80 rsp=fffff8800a683528 rbp=fffffa800ffc7780
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff80002e0fe80 r12=0000000000000001 r13=0000000000000001
r14=fffff8800a683650 r15=fffff8800a6836e8
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
nt!WmipDoFindRegEntryByProviderId+0x10:
fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx ds:002b:88888888`00000030=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c58f80
STACK_TEXT:
fffff880`0a683528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10
FOLLOWUP_IP:
nt!WmipDoFindRegEntryByProviderId+10
fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800a682b40 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122111-15865-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c50000 PsLoadedModuleList = 0xfffff800`02e95670
Debug session time: Wed Dec 21 11:50:51.210 2011 (UTC - 7:00)
System Uptime: 0 days 1:49:57.038
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {21, fffffa800cffb000, 24a0, c0c0c0c0c0}
Unable to load image \SystemRoot\system32\DRIVERS\agnfilt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for agnfilt.sys
*** ERROR: Module load completed but symbols could not be loaded for agnfilt.sys
Probably caused by : agnfilt.sys ( agnfilt+1b08 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block.
Arg2: fffffa800cffb000, The pool pointer being freed.
Arg3: 00000000000024a0, The number of bytes allocated for the pool block.
Arg4: 000000c0c0c0c0c0, The corrupted value found following the pool block.
Debugging Details:
------------------
BUGCHECK_STR: 0x19_21
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eff100
fffffa800cffb000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: msiexec.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002dfa9b2 to fffff80002cccc40
STACK_TEXT:
fffff880`0a8c6598 fffff800`02dfa9b2 : 00000000`00000019 00000000`00000021 fffffa80`0cffb000 00000000`000024a0 : nt!KeBugCheckEx
fffff880`0a8c65a0 fffff880`01480b08 : 00000000`00000001 fffff880`01727110 fffffa80`66747441 fffffa80`00000000 : nt!ExDeferredFreePool+0xfaa
fffff880`0a8c6650 00000000`00000001 : fffff880`01727110 fffffa80`66747441 fffffa80`00000000 fffffa80`09c50e70 : agnfilt+0x1b08
fffff880`0a8c6658 fffff880`01727110 : fffffa80`66747441 fffffa80`00000000 fffffa80`09c50e70 fffff880`01714526 : 0x1
fffff880`0a8c6660 fffffa80`66747441 : fffffa80`00000000 fffffa80`09c50e70 fffff880`01714526 00000000`00000001 : ndis!WPP_GLOBAL_Control
fffff880`0a8c6668 fffffa80`00000000 : fffffa80`09c50e70 fffff880`01714526 00000000`00000001 fffffa80`0cb041a0 : 0xfffffa80`66747441
fffff880`0a8c6670 fffffa80`09c50e70 : fffff880`01714526 00000000`00000001 fffffa80`0cb041a0 fffffa80`09c50e00 : 0xfffffa80`00000000
fffff880`0a8c6678 fffff880`01714526 : 00000000`00000001 fffffa80`0cb041a0 fffffa80`09c50e00 00000000`00000000 : 0xfffffa80`09c50e70
fffff880`0a8c6680 fffff880`0177d1c3 : fffffa80`0cde4860 fffffa80`0c3e7700 fffffa80`0cde4800 fffffa80`0cb04100 : ndis!ndisDetachFilter+0x436
fffff880`0a8c6760 fffff880`0177190f : fffffa80`0c3e7700 00000000`00000000 fffff8a0`00004e01 fffffa80`0c5d2670 : ndis!ndisHandleFilterDetachNotification+0x1f3
fffff880`0a8c67f0 fffff880`0176399f : 00000000`c0000023 fffffa80`0c3e7700 00000000`000000f9 fffffa80`0c3e7700 : ndis! ?? ::LNCPHCLB::`string'+0x660c
fffff880`0a8c6830 fffff880`01763c91 : fffffa80`0ccaf750 fffffa80`0ccaf750 fffffa80`0c0f9e40 00000000`00000000 : ndis!ndisHandlePnPRequest+0x11f
fffff880`0a8c68a0 fffff800`02fe7a97 : fffffa80`0c45d070 fffff880`0a8c6b60 fffff880`0a8c6b60 fffffa80`0c45d070 : ndis!ndisDispatchRequest+0x111
fffff880`0a8c68d0 fffff800`02fe82f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0a8c6a00 fffff800`02ccbed3 : fffffa80`09ebc4b0 fffff880`0a8c6b60 fffffa80`09ebc4b0 fffff800`02fc44f4 : nt!NtDeviceIoControlFile+0x56
fffff880`0a8c6a70 00000000`7735138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0290ed28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7735138a
STACK_COMMAND: kb
FOLLOWUP_IP:
agnfilt+1b08
fffff880`01480b08 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: agnfilt+1b08
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: agnfilt
IMAGE_NAME: agnfilt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c602418
FAILURE_BUCKET_ID: X64_0x19_21_agnfilt+1b08
BUCKET_ID: X64_0x19_21_agnfilt+1b08
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122211-11949-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c0e000 PsLoadedModuleList = 0xfffff800`02e53670
Debug session time: Thu Dec 22 08:05:05.718 2011 (UTC - 7:00)
System Uptime: 0 days 19:17:33.920
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002c0f530, fffff880021a8118, fffff880021a7970}
Probably caused by : WSDPrint.sys ( WSDPrint!WSDPrintDispatchPnp+eb )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c0f530, The address that the exception occurred at
Arg3: fffff880021a8118, Exception Record Address
Arg4: fffff880021a7970, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!WmipDoFindRegEntryByDevice+10
fffff800`02c0f530 48394810 cmp qword ptr [rax+10h],rcx
EXCEPTION_RECORD: fffff880021a8118 -- (.exr 0xfffff880021a8118)
ExceptionAddress: fffff80002c0f530 (nt!WmipDoFindRegEntryByDevice+0x0000000000000010)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010
CONTEXT: fffff880021a7970 -- (.cxr 0xfffff880021a7970)
rax=0000000000000000 rbx=fffffa8009d9c6a0 rcx=fffffa8009d9c6a0
rdx=fffff80002dfc460 rsi=0000000000000000 rdi=fffffa8009d9c6a0
rip=fffff80002c0f530 rsp=fffff880021a8358 rbp=fffffa8009d9c6a0
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff8800330f180 r12=0000000000000000 r13=0000000000000000
r14=fffff880078c9150 r15=fffff88000f160f0
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
nt!WmipDoFindRegEntryByDevice+0x10:
fffff800`02c0f530 48394810 cmp qword ptr [rax+10h],rcx ds:002b:00000000`00000010=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000010
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ebd100
0000000000000010
FOLLOWUP_IP:
WSDPrint!WSDPrintDispatchPnp+eb
fffff880`078cd27b 488bcf mov rcx,rdi
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff8000301863d to fffff80002c0f530
STACK_TEXT:
fffff880`021a8358 fffff800`0301863d : fffffa80`09dc0400 0000057f`f623fb00 fffff880`0330f180 00000000`00000000 : nt!WmipDoFindRegEntryByDevice+0x10
fffff880`021a8360 fffff800`030af658 : 00000000`75626d75 00000000`00000000 fffff880`021a8410 fffff880`00ec64e5 : nt!WmipFindRegEntryByDevice+0x1d
fffff880`021a8390 fffff800`030b536e : fffffa80`09dd68a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDeregisterDevice+0x28
fffff880`021a83c0 fffff880`00ee5bc4 : fffffa80`09dd68a0 00000000`00000100 00000000`0000012b fffffa80`09d9c901 : nt!IoWMIRegistrationControl+0xde
fffff880`021a83f0 fffff880`00f082d6 : 00000000`00000008 fffffa80`09d9c980 00000000`00000008 fffff880`021a84f8 : Wdf01000!FxWmiIrpHandler::Deregister+0xf0
fffff880`021a8450 fffff880`00f08854 : fffffa80`09d9c980 00000000`0000012b 00000000`0000012b 00000000`00000000 : Wdf01000!FxPkgPnp::PnpCleanupForRemove+0x2a
fffff880`021a8490 fffff880`00f07841 : 00000000`0000012b 00000000`0000012a 00000000`0000012a 00000000`00000000 : Wdf01000!FxPkgPnp::PnpEventFailed+0x10
fffff880`021a84c0 fffff880`00f074fe : fffffa80`09d9c980 fffff880`021a85f0 00000000`00001000 fffff880`00f167f0 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x1a5
fffff880`021a8530 fffff880`00f07201 : 00000000`00000000 00000000`00000400 fffffa80`09d9c980 fffffa80`09d9c980 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x122
fffff880`021a85a0 fffff880`00efc35a : 00000000`00000000 fffffa80`09da2850 00000000`00000001 fffffa80`09d9c980 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x1b1
fffff880`021a8630 fffff880`00efddd6 : fffffa80`0cd56b17 00000000`00000000 00000000`00000000 fffffa80`09d9c980 : Wdf01000!FxPkgPdo::_PnpSurpriseRemoval+0x6a
fffff880`021a8660 fffff880`00ecd245 : fffffa80`0f75bc60 fffffa80`0f75bc60 fffffa80`09d9c6a0 fffffa80`0f75bf28 : Wdf01000!FxPkgPnp::Dispatch+0x1b2
fffff880`021a86d0 fffff880`00ecd14b : 00000000`00000001 fffffa80`0f75bc60 00000000`00000001 fffffa80`09d9c6a0 : Wdf01000!FxDevice::Dispatch+0xa9
fffff880`021a8700 fffff880`078cd27b : fffffa80`0f75bc60 00000000`00000001 fffffa80`09dc0040 fffff880`021a8af8 : Wdf01000!FxDevice::DispatchWithLock+0x93
fffff880`021a8740 fffff800`02ef5af9 : fffffa80`09dc0040 00000000`c00000bb fffff880`021a8848 fffffa80`0f75bc60 : WSDPrint!WSDPrintDispatchPnp+0xeb
fffff880`021a8790 fffff800`03073f71 : fffffa80`09d9c6a0 00000000`00000000 fffffa80`09de5a10 00000000`00000000 : nt!IopSynchronousCall+0xc5
fffff880`021a8800 fffff800`0306e968 : fffff8a0`0ff4eef0 fffffa80`09d9c6a0 00000000`0000030a 00000000`00000308 : nt!IopRemoveDevice+0x101
fffff880`021a88c0 fffff800`03073ab7 : fffffa80`09de5a10 00000000`00000000 00000000`00000003 fffff880`021a8b78 : nt!PnpSurpriseRemoveLockedDeviceNode+0x128
fffff880`021a8900 fffff800`03073bd0 : 00000000`00000000 fffff8a0`0fd54e00 fffff8a0`0ff4eef0 fffff880`021a8a58 : nt!PnpDeleteLockedDeviceNode+0x37
fffff880`021a8930 fffff800`031044cf : 00000000`00000002 00000000`00000000 fffffa80`09dcfd90 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0
fffff880`021a89a0 fffff800`0310508c : fffff880`021a8b78 fffffa80`0fa13500 fffffa80`09a9d600 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0x6cf
fffff880`021a8ae0 fffff800`02fee34e : 00000000`00000000 fffffa80`0fa13580 fffff8a0`0a090680 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff880`021a8b10 fffff800`02c95001 : fffff800`02ef4998 fffff8a0`0fd54e10 fffff800`02e2b2b8 fffff800`02e2b2b8 : nt! ?? ::NNGAKEGL::`string'+0x5b3cb
fffff880`021a8b70 fffff800`02f25fee : 00000000`00000000 fffffa80`09a9d680 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111
fffff880`021a8c00 fffff800`02c7c5e6 : fffff880`03381180 fffffa80`09a9d680 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`021a8c40 00000000`00000000 : fffff880`021a9000 fffff880`021a3000 fffff880`021a85e0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: e
SYMBOL_NAME: WSDPrint!WSDPrintDispatchPnp+eb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WSDPrint
IMAGE_NAME: WSDPrint.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd3b8
STACK_COMMAND: .cxr 0xfffff880021a7970 ; kb
FAILURE_BUCKET_ID: X64_0x7E_WSDPrint!WSDPrintDispatchPnp+eb
BUCKET_ID: X64_0x7E_WSDPrint!WSDPrintDispatchPnp+eb
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122211-10826-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c1e000 PsLoadedModuleList = 0xfffff800`02e63670
Debug session time: Thu Dec 22 21:29:32.568 2011 (UTC - 7:00)
System Uptime: 0 days 13:23:05.770
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {21, fffffa800cff2000, 24a0, d3ccced1ccccdcd6}
Unable to load image \SystemRoot\system32\DRIVERS\agnfilt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for agnfilt.sys
*** ERROR: Module load completed but symbols could not be loaded for agnfilt.sys
Probably caused by : agnfilt.sys ( agnfilt+1b08 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block.
Arg2: fffffa800cff2000, The pool pointer being freed.
Arg3: 00000000000024a0, The number of bytes allocated for the pool block.
Arg4: d3ccced1ccccdcd6, The corrupted value found following the pool block.
Debugging Details:
------------------
BUGCHECK_STR: 0x19_21
POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ecd100
fffffa800cff2000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: msiexec.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002dc89b2 to fffff80002c9ac40
STACK_TEXT:
fffff880`08eee598 fffff800`02dc89b2 : 00000000`00000019 00000000`00000021 fffffa80`0cff2000 00000000`000024a0 : nt!KeBugCheckEx
fffff880`08eee5a0 fffff880`00dc3b08 : 00000000`00000001 fffff880`016ae110 fffffa80`66747441 fffffa80`00000000 : nt!ExDeferredFreePool+0xfaa
fffff880`08eee650 00000000`00000001 : fffff880`016ae110 fffffa80`66747441 fffffa80`00000000 fffffa80`0a6826b0 : agnfilt+0x1b08
fffff880`08eee658 fffff880`016ae110 : fffffa80`66747441 fffffa80`00000000 fffffa80`0a6826b0 fffff880`0169b526 : 0x1
fffff880`08eee660 fffffa80`66747441 : fffffa80`00000000 fffffa80`0a6826b0 fffff880`0169b526 00000000`00000001 : ndis!WPP_GLOBAL_Control
fffff880`08eee668 fffffa80`00000000 : fffffa80`0a6826b0 fffff880`0169b526 00000000`00000001 fffffa80`0cb111a0 : 0xfffffa80`66747441
fffff880`08eee670 fffffa80`0a6826b0 : fffff880`0169b526 00000000`00000001 fffffa80`0cb111a0 fffffa80`0a682600 : 0xfffffa80`00000000
fffff880`08eee678 fffff880`0169b526 : 00000000`00000001 fffffa80`0cb111a0 fffffa80`0a682600 00000000`00000000 : 0xfffffa80`0a6826b0
fffff880`08eee680 fffff880`017041c3 : fffffa80`0cde6520 fffffa80`0d2bc700 fffffa80`0cde6500 fffffa80`0cb11100 : ndis!ndisDetachFilter+0x436
fffff880`08eee760 fffff880`016f890f : fffffa80`0d2bc780 00000000`00000000 fffff8a0`00004e01 fffffa80`0c62c010 : ndis!ndisHandleFilterDetachNotification+0x1f3
fffff880`08eee7f0 fffff880`016ea99f : 00000000`c0000023 fffffa80`0d2bc780 00000000`000000f9 fffffa80`0d2bc780 : ndis! ?? ::LNCPHCLB::`string'+0x660c
fffff880`08eee830 fffff880`016eac91 : fffffa80`0ed09ad0 fffffa80`0ed09ad0 fffffa80`0c113df0 00000000`00000000 : ndis!ndisHandlePnPRequest+0x11f
fffff880`08eee8a0 fffff800`02fb5a97 : fffffa80`09da7720 fffff880`08eeeb60 fffff880`08eeeb60 fffffa80`09da7720 : ndis!ndisDispatchRequest+0x111
fffff880`08eee8d0 fffff800`02fb62f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`08eeea00 fffff800`02c99ed3 : fffffa80`0e55f060 fffff880`08eeeb60 fffffa80`0e55f060 fffff800`02f924f4 : nt!NtDeviceIoControlFile+0x56
fffff880`08eeea70 00000000`76e7138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02a5f048 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e7138a
STACK_COMMAND: kb
FOLLOWUP_IP:
agnfilt+1b08
fffff880`00dc3b08 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: agnfilt+1b08
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: agnfilt
IMAGE_NAME: agnfilt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c602418
FAILURE_BUCKET_ID: X64_0x19_21_agnfilt+1b08
BUCKET_ID: X64_0x19_21_agnfilt+1b08
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122611-13665-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c17000 PsLoadedModuleList = 0xfffff800`02e5c670
Debug session time: Mon Dec 26 10:01:26.895 2011 (UTC - 7:00)
System Uptime: 3 days 2:01:42.723
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffadb6db6dc78, 0, fffff88005e1e5ac, 5}
Unable to load image \SystemRoot\system32\drivers\RTDVHD64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for RTDVHD64.sys
*** ERROR: Module load completed but symbols could not be loaded for RTDVHD64.sys
Could not read faulting driver name
Probably caused by : RTDVHD64.sys ( RTDVHD64+d5ac )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffadb6db6dc78, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88005e1e5ac, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec6100
fffffadb6db6dc78
FAULTING_IP:
RTDVHD64+d5ac
fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh]
MM_INTERNAL_CODE: 5
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880045a8830 -- (.trap 0xfffff880045a8830)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000003 rbx=0000000000000000 rcx=fffffadb6db6db6d
rdx=fffffa800d1724e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88005e1e5ac rsp=fffff880045a89c8 rbp=0000000000000000
r8=fffff88005ec8ef8 r9=fffffadb6db6db6d r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
RTDVHD64+0xd5ac:
fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh] ds:0010:fffffadb`6db6dc78=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c3e3bf to fffff80002c93c40
STACK_TEXT:
fffff880`045a86c8 fffff800`02c3e3bf : 00000000`00000050 fffffadb`6db6dc78 00000000`00000000 fffff880`045a8830 : nt!KeBugCheckEx
fffff880`045a86d0 fffff800`02c91d6e : 00000000`00000000 fffffadb`6db6dc78 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`045a8830 fffff880`05e1e5ac : fffff880`05e1e5f8 00000000`00000009 fffffa80`0d1484f0 fffffa80`0d2b4000 : nt!KiPageFault+0x16e
fffff880`045a89c8 fffff880`05e1e5f8 : 00000000`00000009 fffffa80`0d1484f0 fffffa80`0d2b4000 00000000`00000000 : RTDVHD64+0xd5ac
fffff880`045a89d0 00000000`00000009 : fffffa80`0d1484f0 fffffa80`0d2b4000 00000000`00000000 00000000`00000005 : RTDVHD64+0xd5f8
fffff880`045a89d8 fffffa80`0d1484f0 : fffffa80`0d2b4000 00000000`00000000 00000000`00000005 fffff880`05ec903f : 0x9
fffff880`045a89e0 fffffa80`0d2b4000 : 00000000`00000000 00000000`00000005 fffff880`05ec903f fffff800`02c9e845 : 0xfffffa80`0d1484f0
fffff880`045a89e8 00000000`00000000 : 00000000`00000005 fffff880`05ec903f fffff800`02c9e845 fffff880`0330f180 : 0xfffffa80`0d2b4000
STACK_COMMAND: kb
FOLLOWUP_IP:
RTDVHD64+d5ac
fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RTDVHD64+d5ac
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RTDVHD64
IMAGE_NAME: RTDVHD64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c8eefa2
FAILURE_BUCKET_ID: X64_0x50_RTDVHD64+d5ac
BUCKET_ID: X64_0x50_RTDVHD64+d5ac
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122811-12948-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c51000 PsLoadedModuleList = 0xfffff800`02e96670
Debug session time: Wed Dec 28 09:01:40.176 2011 (UTC - 7:00)
System Uptime: 1 days 22:58:51.003
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+3532343234656437
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff80000b9c0e8 -- (.exr 0xfffff80000b9c0e8)
ExceptionAddress: fffff80002cdd2dc (nt!IopTimerDispatch+0x000000000000012f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff80000b9c190 -- (.trap 0xfffff80000b9c190)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80000b9c2e0 rbx=0000000000000000 rcx=73f83b44f78b4d00
rdx=0000958e0fc73b41 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cdd2dc rsp=fffff80000b9c320 rbp=0000000000000000
r8=00000000646d5800 r9=0000000000000000 r10=07fffaecdaec27ff
r11=fffff80000b9c2f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!IopTimerDispatch+0x12f:
fffff800`02cdd2dc ff5710 call qword ptr [rdi+10h] ds:34c8:00000000`00000010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc55fe to fffff80002ccdc10
STACK_TEXT:
fffff800`00b9b1c8 fffff800`02cc55fe : 00000000`00000000 fffff800`02cf99f0 fffff800`02ed7908 fffff800`02cdd2dc : nt!KeBugCheck
fffff800`00b9b1d0 fffff800`02cf94fd : fffff800`02ed771c fffff800`02e14c30 fffff800`02c51000 fffff800`00b9c0e8 : nt!KiKernelCalloutExceptionHandler+0xe
fffff800`00b9b200 fffff800`02cf82d5 : fffff800`02e180fc fffff800`00b9b278 fffff800`00b9c0e8 fffff800`02c51000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`00b9b230 fffff800`02d09361 : fffff800`00b9c0e8 fffff800`00b9b940 fffff800`00000000 fffffa80`0d0143ac : nt!RtlDispatchException+0x415
fffff800`00b9b910 fffff800`02ccd2c2 : fffff800`00b9c0e8 00000000`00000000 fffff800`00b9c190 00000000`00000001 : nt!KiDispatchException+0x135
fffff800`00b9bfb0 fffff800`02ccbbca : 0000000e`00000028 fffff880`03037bb4 fffff880`03037bb4 00000000`0007c0c8 : nt!KiExceptionDispatch+0xc2
fffff800`00b9c190 fffff800`02cdd2dc : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`0d0084c8 : nt!KiGeneralProtectionFault+0x10a
fffff800`00b9c320 fffff800`02cd95fc : 00000000`00000002 fffff800`00b9c538 00000000`00000004 00000000`00000007 : nt!IopTimerDispatch+0x12f
fffff800`00b9c430 fffff800`02cd9496 : fffffa80`0f82ac60 fffffa80`0f82ac60 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`00b9c4a0 fffff800`02cd937e : 00000189`c9ef1b54 fffff800`00b9cb18 00000000`00a56e3d fffff800`02e46a28 : nt!KiProcessExpiredTimerList+0xc6
fffff800`00b9caf0 fffff800`02cd9167 : 00000082`7443a8d1 00000082`00a56e3d 00000082`7443a83a 00000000`0000003d : nt!KiTimerExpiration+0x1be
fffff800`00b9cb90 fffff800`02cc596a : fffff800`02e43e80 fffff800`02e51cc0 00000000`00000002 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`02cc55fe 90 nop
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
Followup: MachineOwner
---------
Drivers that may need updating:
Code:
lmimirr fffff880`04518000 fffff880`0451f000 Tue Apr 10 16:32:45 2007 (461c108d) 0000a04c lmimirr.sys
RaInfo fffff880`03dcf000 fffff880`03dd6000 Fri Jan 04 11:57:14 2008 (477e818a) 0000d903 RaInfo.sys
PBADRV fffff880`01b3a000 fffff880`01b46000 Mon Jan 07 12:12:13 2008 (4782798d) 000085ef PBADRV.sys
LMIRfsDriver fffff880`03dd6000 fffff880`03de9000 Mon Jul 14 10:26:56 2008 (487b7e50) 0001e26d LMIRfsDriver.sys
Okay, so bottom line, the blue screen errors are all over the place. This usually means a hardware problem or an underlying driver problem. First thing to check is hardware since memory could be the problem.
Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete.
The next thing to check is underlying driver problems. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. Run
Driver Verifier
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the above steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.