Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-19952-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e04000 PsLoadedModuleList = 0xfffff800`03049670
Debug session time: Mon Jan 9 11:42:47.193 2012 (UTC - 7:00)
System Uptime: 0 days 7:15:06.365
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 109b, 310033, fffff8a006f92620}
GetPointerFromAddress: unable to read from fffff800030b3100
Probably caused by : ntkrnlmp.exe ( nt!HvFreeHive+24b )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000000310033, Memory contents of the pool block
Arg4: fffff8a006f92620, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: fffff8a006f92620
FREED_POOL_TAG: NtFs
BUGCHECK_STR: 0xc2_7_NtFs
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002faebe9 to fffff80002e80c40
STACK_TEXT:
fffff880`09f587b8 fffff800`02faebe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`00310033 : nt!KeBugCheckEx
fffff880`09f587c0 fffff800`03104e7f : fffff8a0`02e050e0 00000000`01408000 fffff8a0`20374d43 00000000`00000633 : nt!ExDeferredFreePool+0x1201
fffff880`09f58870 fffff800`031044d0 : fffff8a0`00000000 fffff880`09f58901 fffff8a0`00000001 fffff880`029d5000 : nt!HvFreeHive+0x24b
fffff880`09f588f0 fffff800`03104199 : fffff8a0`0247dfa0 fffff880`09f58b60 00000000`00000000 00000000`00000006 : nt!CmUnloadKey+0x190
fffff880`09f58930 fffff800`02e7fed3 : fffffa80`03c17b60 000007fe`ff113110 00000000`00000001 00000000`00000001 : nt!NtUnloadKey2+0x4e4
fffff880`09f58ae0 00000000`771b2b9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00f8f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771b2b9a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!HvFreeHive+24b
fffff800`03104e7f 4533f6 xor r14d,r14d
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!HvFreeHive+24b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xc2_7_NtFs_nt!HvFreeHive+24b
BUCKET_ID: X64_0xc2_7_NtFs_nt!HvFreeHive+24b
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-17721-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e4a000 PsLoadedModuleList = 0xfffff800`0308f670
Debug session time: Mon Jan 9 11:59:08.958 2012 (UTC - 7:00)
System Uptime: 0 days 0:11:05.535
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800317e618, fffff8800317de70, fffff80002ed919a}
Probably caused by : Ntfs.sys ( Ntfs!NtfsTeardownFromLcb+fb )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800317e618
Arg3: fffff8800317de70
Arg4: fffff80002ed919a
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800317e618 -- (.exr 0xfffff8800317e618)
ExceptionAddress: fffff80002ed919a (nt!ExAcquireFastMutex+0x000000000000001a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800317de70 -- (.cxr 0xfffff8800317de70)
rax=0000000000000001 rbx=6e664d460041031c rcx=6e664d460041031c
rdx=fffffa8003ad5b60 rsi=fffff8800317ea01 rdi=0000000000000000
rip=fffff80002ed919a rsp=fffff8800317e850 rbp=fffff80003067260
r8=0000000000000000 r9=0000000000000000 r10=fffff80002e4a000
r11=fffff8800317e850 r12=fffff8a007f2a010 r13=fffff8a008256bc0
r14=fffff8a007f2a300 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!ExAcquireFastMutex+0x1a:
fffff800`02ed919a f00fba3100 lock btr dword ptr [rcx],0 ds:002b:6e664d46`0041031c=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f9100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsTeardownFromLcb+fb
fffff880`0102c88b 83bfc000000000 cmp dword ptr [rdi+0C0h],0
FAULTING_IP:
nt!ExAcquireFastMutex+1a
fffff800`02ed919a f00fba3100 lock btr dword ptr [rcx],0
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff8800102c88b to fffff80002ed919a
STACK_TEXT:
fffff880`0317e850 fffff880`0102c88b : fffff8a0`07f2a010 fffff800`03067260 fffff880`0317ea01 fffff880`010b4cc1 : nt!ExAcquireFastMutex+0x1a
fffff880`0317e880 fffff880`010b263c : fffffa80`03bfb770 fffffa80`0498a180 fffff8a0`07f2a010 fffff8a0`07f2a3a8 : Ntfs!NtfsTeardownFromLcb+0xfb
fffff880`0317e910 fffff880`010340e2 : fffffa80`03bfb770 fffffa80`03bfb770 fffff8a0`07f2a010 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`0317e990 fffff880`010c2193 : fffffa80`03bfb770 fffff800`03067260 fffff8a0`07f2a010 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`0317e9d0 fffff880`010b1357 : fffffa80`03bfb770 fffff8a0`07f2a140 fffff8a0`07f2a010 fffffa80`0498a180 : Ntfs!NtfsCommonClose+0x353
fffff880`0317eaa0 fffff800`02ed1001 : 00000000`00000000 fffff800`031bd900 fffffa80`03ad5b01 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`0317eb70 fffff800`03161fee : 00000000`00000000 fffffa80`03ad5b60 00000000`00000080 fffffa80`039a4040 : nt!ExpWorkerThread+0x111
fffff880`0317ec00 fffff800`02eb85e6 : fffff880`02f64180 fffffa80`03ad5b60 fffff880`02f6efc0 00010000`01000001 : nt!PspSystemThreadStartup+0x5a
fffff880`0317ec40 00000000`00000000 : fffff880`0317f000 fffff880`03179000 fffff880`0317e8a0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs!NtfsTeardownFromLcb+fb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff8800317de70 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsTeardownFromLcb+fb
BUCKET_ID: X64_0x24_Ntfs!NtfsTeardownFromLcb+fb
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-16317-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e4b000 PsLoadedModuleList = 0xfffff800`03090670
Debug session time: Mon Jan 9 12:30:10.220 2012 (UTC - 7:00)
System Uptime: 0 days 0:30:24.780
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 4E, {99, 233cb, 2, 670a3}
Probably caused by : memory_corruption ( nt!MiBadShareCount+4c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 00000000000233cb, page frame number
Arg3: 0000000000000002, current page state
Arg4: 00000000000670a3, 0
Debugging Details:
------------------
BUGCHECK_STR: 0x4E_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: SC2.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002f50d7c to fffff80002ec7c40
STACK_TEXT:
fffff880`07b61c38 fffff800`02f50d7c : 00000000`0000004e 00000000`00000099 00000000`000233cb 00000000`00000002 : nt!KeBugCheckEx
fffff880`07b61c40 fffff800`02e6f3d7 : 00000000`00000000 fffff680`00180038 00000000`00000000 fffff700`012e7ff8 : nt!MiBadShareCount+0x4c
fffff880`07b61c80 fffff800`02ef9bb7 : 00000000`00000000 fffff680`00180df8 fffffa80`0446c5e0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x3309d
fffff880`07b61e30 fffff800`02eb50ff : fffffa80`00000000 00000000`301bffff 00000000`00000000 00000000`00000000 : nt!MiDeleteVirtualAddresses+0x41f
fffff880`07b61ff0 fffff800`02ec6ed3 : ffffffff`ffffffff fffff8a0`0a3e4268 fffff8a0`0a3e4290 fffffa80`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`07b620f0 fffff800`02ec3470 : fffff880`11da94b2 fffff8a0`07599930 fffffa80`0446c5e0 fffffa80`04083db0 : nt!KiSystemServiceCopyEnd+0x13
fffff880`07b62288 fffff880`11da94b2 : fffff8a0`07599930 fffffa80`0446c5e0 fffffa80`04083db0 fffff8a0`0a3e4260 : nt!KiServiceLinkage
fffff880`07b62290 fffff880`11d94b5a : fffff880`07b622b8 fffff8a0`08ca3ac0 00000000`00000001 00000000`00000000 : dxgmms1!VIDMM_PROCESS_HEAP::Free+0xa2
fffff880`07b622c0 fffff880`11d8f523 : fffffa80`063c5010 00000000`00000000 fffff8a0`07599930 00000000`00000000 : dxgmms1!VIDMM_GLOBAL::CloseLocalAllocation+0x112
fffff880`07b62370 fffff880`11d75ecc : fffff8a0`00000000 fffffa80`00000000 00000000`00000000 00000000`00000000 : dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+0x19b
fffff880`07b62440 fffff880`11037ccc : 00000000`00000000 fffff8a0`015fc000 fffff8a0`015fc000 00000000`00000001 : dxgmms1!VidMmCloseAllocation+0x44
fffff880`07b62470 fffff880`1104a784 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`00000799 : dxgkrnl!DXGDEVICE::DestroyAllocations+0x248
fffff880`07b62560 fffff880`1102f815 : 00000000`fffffeda fffff8a0`079d10e0 fffff8a0`015fc000 fffffa80`05c5c000 : dxgkrnl!DXGDEVICE::~DXGDEVICE+0x19c
fffff880`07b625d0 fffff880`1106de4a : 00000000`00000010 fffffa80`05c5c000 fffff8a0`079d10e0 fffff8a0`079d1160 : dxgkrnl!DXGADAPTER::DestroyDevice+0x1c9
fffff880`07b62600 fffff880`1106d7e0 : fffff900`c077cce0 00000000`00000000 00000000`00000001 fffff900`c077cce0 : dxgkrnl!DXGPROCESS::Destroy+0xba
fffff880`07b626b0 fffff960`00165ec4 : 00000000`000001b0 fffff900`c077cce0 00000000`00000000 fffff900`c077cce0 : dxgkrnl!DxgkProcessCallout+0x268
fffff880`07b62740 fffff960`001655af : 00000000`00000000 fffff880`07b62ae0 fffffa80`0442bb60 00000000`00000000 : win32k!GdiProcessCallout+0x244
fffff880`07b627c0 fffff800`0319da81 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0442bb00 : win32k!W32pProcessCallout+0x6b
fffff880`07b627f0 fffff800`0318109d : 00000000`20010000 00000000`20010001 fffffa80`78457300 fffffa80`05eecb60 : nt!PspExitThread+0x4d1
fffff880`07b628f0 fffff800`02ebb3fa : 00000000`00000100 fffffa80`0442bc20 00000000`00000001 fffff800`02ecd13d : nt!PsExitSpecialApc+0x1d
fffff880`07b62920 fffff800`02ebb740 : 00000000`00000246 fffff880`07b629a0 fffff800`03181010 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`07b629a0 fffff800`02ec6f77 : fffffa80`0442bb60 00000000`0000041c 00000000`00000000 fffffa80`04626ee0 : nt!KiInitiateUserApc+0x70
fffff880`07b62ae0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiBadShareCount+4c
fffff800`02f50d7c cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiBadShareCount+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-23493-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e5b000 PsLoadedModuleList = 0xfffff800`030a0670
Debug session time: Mon Jan 9 12:37:21.523 2012 (UTC - 7:00)
System Uptime: 0 days 0:06:37.100
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {31, fffffa8003ba3500, fffff88005550000, fffff8a0070d0afd}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000031, The subtype of the bugcheck.
Arg2: fffffa8003ba3500
Arg3: fffff88005550000
Arg4: fffff8a0070d0afd
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_31
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003134b25 to fffff80002ed7c40
STACK_TEXT:
fffff880`093f1398 fffff800`03134b25 : 00000000`0000001a 00000000`00000031 fffffa80`03ba3500 fffff880`05550000 : nt!KeBugCheckEx
fffff880`093f13a0 fffff800`031afc37 : 00000000`00000000 fffffa80`03d3e660 00000000`0000002d fffff8a0`070d0580 : nt! ?? ::NNGAKEGL::`string'+0x7271
fffff880`093f1400 fffff800`02f076eb : ffffffff`ffffffff fffff880`093f1570 00000000`00001800 00000000`00000000 : nt!MiRelocateImagePfn+0xf7
fffff880`093f1460 fffff800`02e72b64 : fffffa80`04be9ad0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x7ef
fffff880`093f1540 fffff800`03131e7a : 00000000`00000000 fffffa80`061d2900 00000000`00000001 fffffa80`061d2900 : nt!MiPfCompletePrefetchIos+0x54
fffff880`093f1570 fffff800`0333504d : 00000000`00000005 00000000`00000005 fffffa80`061d2900 fffff880`093f1638 : nt!MmPrefetchPages+0x13a
fffff880`093f15d0 fffff800`0333d06e : fffff8a0`00000000 fffff8a0`00000000 fffff8a0`000001af 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`093f16d0 fffff800`0333dc07 : 00000000`00000000 fffff880`093f1b60 fffff880`093f18c8 fffff8a0`01a956c0 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`093f1820 fffff800`0334a1de : fffff880`093f18c8 00000000`00000001 fffffa80`064f2240 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`093f1890 fffff800`0334ea0a : 00000000`00000000 00000000`0000004f 00000000`00000000 fffffa80`063b7b01 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`093f1970 fffff800`02ed6ed3 : fffffa80`03d3e660 00000000`00000000 00000000`00000001 00000000`00000001 : nt!NtSetSystemInformation+0xc8d
fffff880`093f1ae0 00000000`77c72a0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00cef668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c72a0a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+7271
fffff800`03134b25 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+7271
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-18252-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e52000 PsLoadedModuleList = 0xfffff800`03097670
Debug session time: Mon Jan 9 14:54:22.826 2012 (UTC - 7:00)
System Uptime: 0 days 0:24:34.387
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800b4b7b18, fffff8800b4b7370, fffff8800104f8ad}
Probably caused by : Ntfs.sys ( Ntfs!NtfsAcquireFcbWithPaging+12d )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800b4b7b18
Arg3: fffff8800b4b7370
Arg4: fffff8800104f8ad
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800b4b7b18 -- (.exr 0xfffff8800b4b7b18)
ExceptionAddress: fffff8800104f8ad (Ntfs!NtfsAcquireFcbWithPaging+0x000000000000012d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800b4b7370 -- (.cxr 0xfffff8800b4b7370)
rax=0000000000000000 rbx=0000000000000003 rcx=01ca044465b3f749
rdx=0000000000000000 rsi=0000000000000002 rdi=fffffa8003fe32b0
rip=fffff8800104f8ad rsp=fffff8800b4b7d50 rbp=0000000000000002
r8=0000000000000702 r9=0000000000000002 r10=fffffa8003fe32b0
r11=fffff8a002d00172 r12=fffff8a00c75e5c0 r13=00000000c00000d8
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
Ntfs!NtfsAcquireFcbWithPaging+0x12d:
fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h] ds:002b:01ca0444`65b3f7a1=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: rstrui.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003101100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsAcquireFcbWithPaging+12d
fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h]
FAULTING_IP:
Ntfs!NtfsAcquireFcbWithPaging+12d
fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880010ea777 to fffff8800104f8ad
STACK_TEXT:
fffff880`0b4b7d50 fffff880`010ea777 : 00000000`00000000 fffff8a0`0c75ea00 fffff8a0`02d0022c 00000000`00000000 : Ntfs!NtfsAcquireFcbWithPaging+0x12d
fffff880`0b4b7db0 fffff880`010e8fd2 : fffffa80`03fe32b0 fffffa80`0495b350 fffff8a0`00157bc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x44e
fffff880`0b4b7ee0 fffff880`010e6911 : fffffa80`03fe32b0 fffffa80`04285c10 fffff880`0b4b80b0 fffff880`0b4b8100 : Ntfs!NtfsFindStartingNode+0x452
fffff880`0b4b7fb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreate+0x3e1
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsAcquireFcbWithPaging+12d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff8800b4b7370 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireFcbWithPaging+12d
BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireFcbWithPaging+12d
Followup: MachineOwner
---------
Start by running a