Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\jo15765\Windows_NT6_BSOD_jcgriff2\010212-30810-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e5d000 PsLoadedModuleList = 0xfffff800`030a2670
Debug session time: Mon Jan 2 13:00:12.948 2012 (UTC - 7:00)
System Uptime: 0 days 19:51:23.869
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 8, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+6436666136633265
00000000`00000000 ?? ???
PROCESS_NAME: System
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: fffff80000b9c740 -- (.trap 0xfffff80000b9c740)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80000b9c801 rbx=0000000000000000 rcx=fffffa800600b618
rdx=fffff80000b9c8d8 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff80000b9c8d0 rbp=0000000000000000
r8=fffff80000b9c8d0 r9=0000000000000000 r10=0000000000000000
r11=000000005e040600 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ed91e9 to fffff80002ed9c40
FAILED_INSTRUCTION_ADDRESS:
+6436666136633265
00000000`00000000 ?? ???
STACK_TEXT:
fffff800`00b9c5f8 fffff800`02ed91e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff800`00b9c600 fffff800`02ed7e60 : fffffa80`08743860 00000000`00000000 fffffa80`0838f160 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c740 00000000`00000000 : 00000000`00000200 00000000`5e040600 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02ed7e60 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_nt!KiPageFault+260
BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_nt!KiPageFault+260
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\jo15765\Windows_NT6_BSOD_jcgriff2\010412-32136-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e0f000 PsLoadedModuleList = 0xfffff800`03054670
Debug session time: Wed Jan 4 16:24:05.752 2012 (UTC - 7:00)
System Uptime: 0 days 0:26:53.064
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 8, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030be100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+6436666136633265
00000000`00000000 ?? ???
PROCESS_NAME: System
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xD1
TRAP_FRAME: fffff8000460b740 -- (.trap 0xfffff8000460b740)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8000460b801 rbx=0000000000000000 rcx=fffffa8006f73618
rdx=fffff8000460b8d8 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff8000460b8d0 rbp=0000000000000000
r8=fffff8000460b8d0 r9=0000000000000000 r10=0000000000000000
r11=000000005e040600 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e8b1e9 to fffff80002e8bc40
FAILED_INSTRUCTION_ADDRESS:
+6436666136633265
00000000`00000000 ?? ???
STACK_TEXT:
fffff800`0460b5f8 fffff800`02e8b1e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff800`0460b600 fffff800`02e89e60 : fffff800`0460b740 fffff800`0300fcc0 fffff880`0127acdf 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`0460b740 00000000`00000000 : 00000000`00000200 00000000`5e040600 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02e89e60 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xD1_VRF_CODE_AV_NULL_IP_nt!KiPageFault+260
BUCKET_ID: X64_0xD1_VRF_CODE_AV_NULL_IP_nt!KiPageFault+260
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\jo15765\Windows_NT6_BSOD_jcgriff2\010512-32261-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e4c000 PsLoadedModuleList = 0xfffff800`03091670
Debug session time: Thu Jan 5 02:31:55.858 2012 (UTC - 7:00)
System Uptime: 0 days 10:02:50.169
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D5, {fffff98029c20ef0, 0, fffff88001078338, 0}
Unable to load image \SystemRoot\system32\DRIVERS\avgtdia.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avgtdia.sys
*** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys
Could not read faulting driver name
Probably caused by : avgtdia.sys ( avgtdia+6338 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff98029c20ef0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff88001078338, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fb100
fffff98029c20ef0
FAULTING_IP:
avgtdia+6338
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xD5
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880033bd790 -- (.trap 0xfffff880033bd790)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80090d7700 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000005 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001078338 rsp=fffff880033bd920 rbp=fffff98029c20e90
r8=000000000000003b r9=fffff880017db444 r10=fffff880033bdb40
r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
avgtdia+0x6338:
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0 ss:0018:fffff980`29c20ef0=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e749fc to fffff80002ec8c40
STACK_TEXT:
fffff880`033bd628 fffff800`02e749fc : 00000000`00000050 fffff980`29c20ef0 00000000`00000000 fffff880`033bd790 : nt!KeBugCheckEx
fffff880`033bd630 fffff800`02ec6d6e : 00000000`00000000 fffff980`29c20ef0 00000000`00000000 fffff880`033bd9e8 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`033bd790 fffff880`01078338 : fffff880`033bd9e8 fffff880`033bd9e8 00000000`000000c0 fffffa80`064af930 : nt!KiPageFault+0x16e
fffff880`033bd920 fffff880`033bd9e8 : fffff880`033bd9e8 00000000`000000c0 fffffa80`064af930 fffff880`033bd968 : avgtdia+0x6338
fffff880`033bd928 fffff880`033bd9e8 : 00000000`000000c0 fffffa80`064af930 fffff880`033bd968 fffff880`033bd960 : 0xfffff880`033bd9e8
fffff880`033bd930 00000000`000000c0 : fffffa80`064af930 fffff880`033bd968 fffff880`033bd960 00000000`00000005 : 0xfffff880`033bd9e8
fffff880`033bd938 fffffa80`064af930 : fffff880`033bd968 fffff880`033bd960 00000000`00000005 fffff800`02f8668b : 0xc0
fffff880`033bd940 fffff880`033bd968 : fffff880`033bd960 00000000`00000005 fffff800`02f8668b fffffa80`0a926b10 : 0xfffffa80`064af930
fffff880`033bd948 fffff880`033bd960 : 00000000`00000005 fffff800`02f8668b fffffa80`0a926b10 fffff880`02ef6fb0 : 0xfffff880`033bd968
fffff880`033bd950 00000000`00000005 : fffff800`02f8668b fffffa80`0a926b10 fffff880`02ef6fb0 00000000`00000000 : 0xfffff880`033bd960
fffff880`033bd958 fffff800`02f8668b : fffffa80`0a926b10 fffff880`02ef6fb0 00000000`00000000 fffff980`25554e90 : 0x5
fffff880`033bd960 fffffa80`06c52d80 : fffffa80`06d567e0 fffff880`015e2982 fffff980`29c20e90 fffff880`033bd9e8 : nt!RtlCaptureStackBackTrace+0x4b
fffff880`033bd990 fffffa80`06d567e0 : fffff880`015e2982 fffff980`29c20e90 fffff880`033bd9e8 00000000`000000c0 : 0xfffffa80`06c52d80
fffff880`033bd998 fffff880`015e2982 : fffff980`29c20e90 fffff880`033bd9e8 00000000`000000c0 fffff880`033bd9e8 : 0xfffffa80`06d567e0
fffff880`033bd9a0 fffff880`019536f2 : fffffa80`064ee248 fffffa80`00000000 00000000`00000000 fffffa80`00000002 : tdx!TdxCloseConnectionEndpointTlRequestComplete+0x2a2
fffff880`033bda50 fffff880`0178f73b : fffff800`030692b8 fffff880`01a76f80 fffff800`030692b8 00000000`00000000 : tcpip!TcpCleanupTcbWorkQueueRoutine+0x112
fffff880`033bdaf0 fffff800`031bf9fd : fffffa80`06f1f560 fffffa80`051ec680 00000000`00000000 fffffa80`051ec680 : NETIO!NetiopIoWorkItemRoutine+0x3b
fffff880`033bdb40 fffff800`02ed3001 : fffff800`031acb00 fffffa80`051ec601 00000000`00000000 fffffa80`051ec680 : nt!IopProcessWorkItem+0x3d
fffff880`033bdb70 fffff800`03163fee : 00000000`00000000 fffffa80`051ec680 00000000`00000080 fffffa80`051cc890 : nt!ExpWorkerThread+0x111
fffff880`033bdc00 fffff800`02eba5e6 : fffff880`031d7180 fffffa80`051ec680 fffff880`031e1fc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033bdc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
avgtdia+6338
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: avgtdia+6338
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: avgtdia
IMAGE_NAME: avgtdia.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e1a2bdd
FAILURE_BUCKET_ID: X64_0xD5_VRF_avgtdia+6338
BUCKET_ID: X64_0xD5_VRF_avgtdia+6338
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\jo15765\Windows_NT6_BSOD_jcgriff2\010512-23524-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e18000 PsLoadedModuleList = 0xfffff800`0305d670
Debug session time: Thu Jan 5 07:47:35.133 2012 (UTC - 7:00)
System Uptime: 0 days 1:43:30.444
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff98007556e48, 2, 1, fffff80003335b60}
Unable to load image \SystemRoot\system32\DRIVERS\tap0901.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tap0901.sys
*** ERROR: Module load completed but symbols could not be loaded for tap0901.sys
Probably caused by : tap0901.sys ( tap0901+330f )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff98007556e48, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003335b60, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c7100
fffff98007556e48
CURRENT_IRQL: 2
FAULTING_IP:
nt!VerifierKeAcquireSpinLockRaiseToDpc+a0
fffff800`03335b60 f0480fba2b00 lock bts qword ptr [rbx],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff880033b5fb0 -- (.trap 0xfffff880033b5fb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8005175138 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000005 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003335b60 rsp=fffff880033b6140 rbp=0000000000000000
r8=0000000000000389 r9=0000000000000000 r10=fffff880033b6370
r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!VerifierKeAcquireSpinLockRaiseToDpc+0xa0:
fffff800`03335b60 f0480fba2b00 lock bts qword ptr [rbx],0 ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e941e9 to fffff80002e94c40
STACK_TEXT:
fffff880`033b5e68 fffff800`02e941e9 : 00000000`0000000a fffff980`07556e48 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`033b5e70 fffff800`02e92e60 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff980`07556e48 : nt!KiBugCheckDispatch+0x69
fffff880`033b5fb0 fffff800`03335b60 : fffff980`07556e48 fffff980`07556cb0 fffff880`016de902 fffff880`016de922 : nt!KiPageFault+0x260
fffff880`033b6140 fffff880`061f430f : fffffa80`0949f1a0 fffff980`1e358f50 00000000`00000006 00000000`000000b0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0xa0
fffff880`033b61a0 fffffa80`0949f1a0 : fffff980`1e358f50 00000000`00000006 00000000`000000b0 fffff980`1e358f90 : tap0901+0x330f
fffff880`033b61a8 fffff980`1e358f50 : 00000000`00000006 00000000`000000b0 fffff980`1e358f90 fffff980`1e358f8c : 0xfffffa80`0949f1a0
fffff880`033b61b0 00000000`00000006 : 00000000`000000b0 fffff980`1e358f90 fffff980`1e358f8c 00000000`00000000 : 0xfffff980`1e358f50
fffff880`033b61b8 00000000`000000b0 : fffff980`1e358f90 fffff980`1e358f8c 00000000`00000000 fffff880`016e9585 : 0x6
fffff880`033b61c0 fffff980`1e358f90 : fffff980`1e358f8c 00000000`00000000 fffff880`016e9585 00000000`00000000 : 0xb0
fffff880`033b61c8 fffff980`1e358f8c : 00000000`00000000 fffff880`016e9585 00000000`00000000 fffff980`1e358f50 : 0xfffff980`1e358f90
fffff880`033b61d0 00000000`00000000 : fffff880`016e9585 00000000`00000000 fffff980`1e358f50 fffff980`11a46f10 : 0xfffff980`1e358f8c
STACK_COMMAND: kb
FOLLOWUP_IP:
tap0901+330f
fffff880`061f430f ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: tap0901+330f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tap0901
IMAGE_NAME: tap0901.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ade24e5
FAILURE_BUCKET_ID: X64_0xA_VRF_tap0901+330f
BUCKET_ID: X64_0xA_VRF_tap0901+330f
Followup: MachineOwner
---------
-
Could not read faulting driver name
Probably caused by : avgtdia.sys ( avgtdia+6338 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff98029c20ef0, memory referenced
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
Arg3: fffff88001078338, if non-zero, the address which referenced memory.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fb100
fffff98029c20ef0
FAULTING_IP:
avgtdia+6338
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0xD5
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880033bd790 -- <link cmd=".trap 0xfffff880033bd790">(.trap 0xfffff880033bd790)</exec>
NOTE: The trap frame does not contain all registers.
<col fg="emphfg" bg="emphbg">Some register values may be zeroed or incorrect.</col>
rax=fffffa80090d7700 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000005 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001078338 rsp=fffff880033bd920 rbp=fffff98029c20e90
r8=000000000000003b r9=fffff880017db444 r10=fffff880033bdb40
r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
avgtdia+0x6338:
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0 ss:0018:fffff980`29c20ef0=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e749fc to fffff80002ec8c40
STACK_TEXT:
fffff880`033bd628 fffff800`02e749fc : 00000000`00000050 fffff980`29c20ef0 00000000`00000000 fffff880`033bd790 : nt!KeBugCheckEx
fffff880`033bd630 fffff800`02ec6d6e : 00000000`00000000 fffff980`29c20ef0 00000000`00000000 fffff880`033bd9e8 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`033bd790 fffff880`01078338 : fffff880`033bd9e8 fffff880`033bd9e8 00000000`000000c0 fffffa80`064af930 : nt!KiPageFault+0x16e
fffff880`033bd920 fffff880`033bd9e8 : fffff880`033bd9e8 00000000`000000c0 fffffa80`064af930 fffff880`033bd968 : avgtdia+0x6338
fffff880`033bd928 fffff880`033bd9e8 : 00000000`000000c0 fffffa80`064af930 fffff880`033bd968 fffff880`033bd960 : 0xfffff880`033bd9e8
fffff880`033bd930 00000000`000000c0 : fffffa80`064af930 fffff880`033bd968 fffff880`033bd960 00000000`00000005 : 0xfffff880`033bd9e8
fffff880`033bd938 fffffa80`064af930 : fffff880`033bd968 fffff880`033bd960 00000000`00000005 fffff800`02f8668b : 0xc0
fffff880`033bd940 fffff880`033bd968 : fffff880`033bd960 00000000`00000005 fffff800`02f8668b fffffa80`0a926b10 : 0xfffffa80`064af930
fffff880`033bd948 fffff880`033bd960 : 00000000`00000005 fffff800`02f8668b fffffa80`0a926b10 fffff880`02ef6fb0 : 0xfffff880`033bd968
fffff880`033bd950 00000000`00000005 : fffff800`02f8668b fffffa80`0a926b10 fffff880`02ef6fb0 00000000`00000000 : 0xfffff880`033bd960
fffff880`033bd958 fffff800`02f8668b : fffffa80`0a926b10 fffff880`02ef6fb0 00000000`00000000 fffff980`25554e90 : 0x5
fffff880`033bd960 fffffa80`06c52d80 : fffffa80`06d567e0 fffff880`015e2982 fffff980`29c20e90 fffff880`033bd9e8 : nt!RtlCaptureStackBackTrace+0x4b
fffff880`033bd990 fffffa80`06d567e0 : fffff880`015e2982 fffff980`29c20e90 fffff880`033bd9e8 00000000`000000c0 : 0xfffffa80`06c52d80
fffff880`033bd998 fffff880`015e2982 : fffff980`29c20e90 fffff880`033bd9e8 00000000`000000c0 fffff880`033bd9e8 : 0xfffffa80`06d567e0
fffff880`033bd9a0 fffff880`019536f2 : fffffa80`064ee248 fffffa80`00000000 00000000`00000000 fffffa80`00000002 : tdx!TdxCloseConnectionEndpointTlRequestComplete+0x2a2
fffff880`033bda50 fffff880`0178f73b : fffff800`030692b8 fffff880`01a76f80 fffff800`030692b8 00000000`00000000 : tcpip!TcpCleanupTcbWorkQueueRoutine+0x112
fffff880`033bdaf0 fffff800`031bf9fd : fffffa80`06f1f560 fffffa80`051ec680 00000000`00000000 fffffa80`051ec680 : NETIO!NetiopIoWorkItemRoutine+0x3b
fffff880`033bdb40 fffff800`02ed3001 : fffff800`031acb00 fffffa80`051ec601 00000000`00000000 fffffa80`051ec680 : nt!IopProcessWorkItem+0x3d
fffff880`033bdb70 fffff800`03163fee : 00000000`00000000 fffffa80`051ec680 00000000`00000080 fffffa80`051cc890 : nt!ExpWorkerThread+0x111
fffff880`033bdc00 fffff800`02eba5e6 : fffff880`031d7180 fffffa80`051ec680 fffff880`031e1fc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033bdc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
avgtdia+6338
fffff880`01078338 807d6000 cmp byte ptr [rbp+60h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: avgtdia+6338
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: <link cmd="lmvm avgtdia">avgtdia</exec>
IMAGE_NAME: avgtdia.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e1a2bdd
FAILURE_BUCKET_ID: X64_0xD5_VRF_avgtdia+6338
BUCKET_ID: X64_0xD5_VRF_avgtdia+6338
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\jo15765\Windows_NT6_BSOD_jcgriff2\010612-21559-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e4b000 PsLoadedModuleList = 0xfffff800`03090670
Debug session time: Fri Jan 6 20:17:29.916 2012 (UTC - 7:00)
System Uptime: 0 days 2:14:26.211
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 8, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: 0000000000000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fa100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+6436666136633265
00000000`00000000 ?? ???
PROCESS_NAME: System
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: fffff80000b9c740 -- (.trap 0xfffff80000b9c740)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80000b9c801 rbx=0000000000000000 rcx=fffffa80060c2618
rdx=fffff80000b9c8d8 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff80000b9c8d0 rbp=0000000000000000
r8=fffff80000b9c8d0 r9=0000000000000000 r10=0000000000000000
r11=000000005e040600 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ec71e9 to fffff80002ec7c40
FAILED_INSTRUCTION_ADDRESS:
+6436666136633265
00000000`00000000 ?? ???
STACK_TEXT:
fffff800`00b9c5f8 fffff800`02ec71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff800`00b9c600 fffff800`02ec5e60 : fffffa80`08d42310 00000000`00000000 fffffa80`05551e00 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c740 00000000`00000000 : 00000000`00000200 00000000`5e040600 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02ec5e60 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_nt!KiPageFault+260
BUCKET_ID: X64_0xD1_CODE_AV_NULL_IP_nt!KiPageFault+260
Followup: MachineOwner
---------
Update the following drivers or remove the software/hardware associated with them. For driver information, see