Code:
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\051411-17472-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e61000 PsLoadedModuleList = 0xfffff800`030a6650
Debug session time: Fri May 13 22:15:17.400 2011 (UTC - 7:00)
System Uptime: 0 days 13:21:01.226
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88007dfe6e8, fffff88007dfdf40, fffff880012b73bb}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonCleanup+9db )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88007dfe6e8
Arg3: fffff88007dfdf40
Arg4: fffff880012b73bb
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88007dfe6e8 -- (.exr 0xfffff88007dfe6e8)
ExceptionAddress: fffff880012b73bb (Ntfs!NtfsCommonCleanup+0x00000000000009db)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88007dfdf40 -- (.cxr 0xfffff88007dfdf40)
rax=ffbff8a00b5ec200 rbx=fffff8a00afe8010 rcx=fffffa80064e4dd0
rdx=00000000000c0042 rsi=fffff8a00afe8140 rdi=fffff88006f5b504
rip=fffff880012b73bb rsp=fffff88007dfe920 rbp=fffff88006f5b980
r8=01cc11f5e9cbca32 r9=0000000000000003 r10=0000000000000000
r11=fffff8a00afe8140 r12=fffffa80064e4dd0 r13=0000000000000000
r14=fffff8a00afe83a8 r15=fffff8a00b3fa010
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
Ntfs!NtfsCommonCleanup+0x9db:
fffff880`012b73bb f6404103 test byte ptr [rax+41h],3 ds:002b:ffbff8a0`0b5ec241=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: fsx.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003110100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsCommonCleanup+9db
fffff880`012b73bb f6404103 test byte ptr [rax+41h],3
FAULTING_IP:
Ntfs!NtfsCommonCleanup+9db
fffff880`012b73bb f6404103 test byte ptr [rax+41h],3
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff88001226cc9 to fffff880012b73bb
STACK_TEXT:
fffff880`07dfe920 fffff880`01226cc9 : fffffa80`03d1ab30 fffffa80`079f3220 fffff880`06f5b690 fffffa80`0771d180 : Ntfs!NtfsCommonCleanup+0x9db
fffff880`07dfed30 fffff800`02ed8817 : fffff880`06f5b690 00000000`0000040b 00000000`001c6850 00000000`00207398 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`07dfed60 fffff800`02ed87d1 : 00000000`00000000 00000000`00000000 fffff880`07dff000 fffff800`02eed832 : nt!KxSwitchKernelStackCallout+0x27
fffff880`06f5b560 fffff800`02eed832 : fffffa80`066c34d0 00000000`00000002 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
fffff880`06f5b580 fffff880`01226d42 : fffff880`01226cb0 00000000`00000000 fffff880`06f5b900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0x2a2
fffff880`06f5b660 fffff880`012c5a04 : fffff880`06f5b730 fffff880`06f5b730 fffff880`06f5b730 00000000`00000000 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`06f5b6d0 fffff880`00c02bcf : fffff880`06f5b730 fffffa80`079f3220 fffffa80`079f35c0 fffffa80`08125b30 : Ntfs!NtfsFsdCleanup+0x144
fffff880`06f5b940 fffff880`00c016df : fffffa80`04a2fde0 00000000`00000000 fffffa80`048e4300 fffffa80`079f3220 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`06f5b9d0 fffff800`031e809f : fffffa80`079f3220 fffffa80`07c206d0 00000000`00000000 fffffa80`064e4dd0 : fltmgr!FltpDispatch+0xcf
fffff880`06f5ba30 fffff800`031d7844 : 00000000`00000000 fffffa80`07c206d0 fffff880`00c201b0 fffffa80`07873d10 : nt!IopCloseFile+0x11f
fffff880`06f5bac0 fffff800`031d7601 : fffffa80`07c206d0 fffffa80`00000001 fffff8a0`04cc7b60 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`06f5bb40 fffff800`031d7bc4 : 00000000`00001c5c fffffa80`07c206d0 fffff8a0`04cc7b60 00000000`00001c5c : nt!ObpCloseHandleTableEntry+0xb1
fffff880`06f5bbd0 fffff800`02edff93 : fffffa80`0771d180 fffff880`06f5bca0 00000000`7efad000 00000000`000000d3 : nt!ObpCloseHandle+0x94
fffff880`06f5bc20 00000000`7796140a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0356e808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7796140a
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCommonCleanup+9db
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9
STACK_COMMAND: .cxr 0xfffff88007dfdf40 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+9db
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonCleanup+9db
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\052111-15740-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e01000 PsLoadedModuleList = 0xfffff800`03046650
Debug session time: Fri May 20 22:14:58.061 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:17.247
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+3131643136653635
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff8800318b328 -- (.exr 0xfffff8800318b328)
ExceptionAddress: fffff80002e86f69 (nt!KiDeferredReadyThread+0x0000000000000249)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff8800318b3d0 -- (.trap 0xfffff8800318b3d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e86f69 rsp=fffff8800318b560 rbp=0000000000000002
r8=000000000000000e r9=0000000000000003 r10=fffff80002e01000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiDeferredReadyThread+0x249:
fffff800`02e86f69 498b8cc2c80f1f00 mov rcx,qword ptr [r10+rax*8+1F0FC8h] ds:ffff:fffff800`02ff1fc8=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e786be to fffff80002e80cd0
STACK_TEXT:
fffff880`0318a408 fffff800`02e786be : fffff880`0318a578 fffff880`0169d30b fffff880`0318ab80 fffff800`02eac890 : nt!KeBugCheck
fffff880`0318a410 fffff800`02eac55d : fffff800`03087968 fffff800`02fc4cbc fffff800`02e01000 fffff880`0318b328 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`0318a440 fffff800`02eab335 : fffff800`02fc80fc fffff880`0318a4b8 fffff880`0318b328 fffff800`02e01000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0318a470 fffff800`02ebc3b1 : fffff880`0318b328 fffff880`0318ab80 fffff880`00000000 fffffa80`04acd970 : nt!RtlDispatchException+0x415
fffff880`0318ab50 fffff800`02e80382 : fffff880`0318b328 fffff880`03163180 fffff880`0318b3d0 fffff880`03163180 : nt!KiDispatchException+0x135
fffff880`0318b1f0 fffff800`02e7ec8a : fffff880`031d4180 fffff880`0318b450 fffffa80`04a0bb60 fffff880`03163180 : nt!KiExceptionDispatch+0xc2
fffff880`0318b3d0 fffff800`02e86f69 : fffff800`02ff3e80 fffffa80`0678e060 00000000`00000000 fffffa80`063149a0 : nt!KiGeneralProtectionFault+0x10a
fffff880`0318b560 fffff800`02e8c587 : fffffa80`04acda30 fffffa80`04acda78 fffffa80`04acda78 fffffa80`04a0bc00 : nt!KiDeferredReadyThread+0x249
fffff880`0318b5e0 fffff800`02e8c3de : 00000000`0a47c77e fffff880`0318bc58 00000000`00000451 fffff880`03165fa8 : nt!KiProcessExpiredTimerList+0x157
fffff880`0318bc30 fffff800`02e8c1c7 : 00000000`03ad12c2 00000000`00000451 00000000`03ad12e0 00000000`00000051 : nt!KiTimerExpiration+0x1be
fffff880`0318bcd0 fffff800`02e78a2a : fffff880`03163180 fffff880`0316dfc0 00000000`00000000 fffff880`043c1480 : nt!KiRetireDpcList+0x277
fffff880`0318bd80 00000000`00000000 : fffff880`0318c000 fffff880`03186000 fffff880`0318bd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`02e786be 90 nop
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b
FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\052511-15054-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e4d000 PsLoadedModuleList = 0xfffff800`03092650
Debug session time: Wed May 25 14:15:35.954 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:15.624
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff88003940fff, 0, fffff88001b64a83, 0}
Could not read faulting driver name
Probably caused by : rdyboost.sys ( rdyboost!memcpy+223 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88003940fff, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88001b64a83, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fc100
fffff88003940fff
FAULTING_IP:
rdyboost!memcpy+223
fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff880039468f0 -- (.trap 0xfffff880039468f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0016b30000000032 rbx=0000000000000000 rcx=fffffa8005d1ecf3
rdx=fffffdfffdc2230c rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001b64a83 rsp=fffff88003946a88 rbp=fffffa8004a01860
r8=001fffffffffa438 r9=0000000000000000 r10=00067d4000000000
r11=fffffa8005d248bc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
rdyboost!memcpy+0x223:
fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx] ds:fffff880`03940fff=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e78a0c to fffff80002eccd00
STACK_TEXT:
fffff880`03946788 fffff800`02e78a0c : 00000000`00000050 fffff880`03940fff 00000000`00000000 fffff880`039468f0 : nt!KeBugCheckEx
fffff880`03946790 fffff800`02ecae2e : 00000000`00000000 fffff880`03940fff 00000000`00000000 fffffa80`05d248bc : nt! ?? ::FNODOBFM::`string'+0x4621f
fffff880`039468f0 fffff880`01b64a83 : fffff880`01b58bb9 00000000`00000000 00000000`000172d3 fffffa80`04ae0130 : nt!KiPageFault+0x16e
fffff880`03946a88 fffff880`01b58bb9 : 00000000`00000000 00000000`000172d3 fffffa80`04ae0130 fffffa80`0671c3c4 : rdyboost!memcpy+0x223
fffff880`03946a90 fffff880`01b57499 : 00000000`00000000 fffff880`08156000 00000000`c0000225 00000000`00000005 : rdyboost!B_TREE<_SMD_STORE_KEY,ST_STORE<SMD_TRAITS>::_ST_PAGE_ENTRY,4096,NP_CONTEXT>::BTreeInsertEx+0x2d5
fffff880`03946ae0 fffff880`01b55782 : fffffa80`04ae0118 fffff880`08156000 00000000`00000005 fffffa80`065a62c0 : rdyboost!ST_STORE<SMD_TRAITS>::StDmpSinglePageInsert+0x75
fffff880`03946b60 fffff880`01b54773 : fffffa80`064f9900 fffffa80`061d3ad0 fffffa80`064f9900 fffffa80`04ae0118 : rdyboost!ST_STORE<SMD_TRAITS>::StDmpSinglePageAdd+0x212
fffff880`03946c20 fffff880`01b5462e : fffffa80`064f9900 00000000`00005000 00000000`00000080 fffffa80`04ae00b0 : rdyboost!ST_STORE<SMD_TRAITS>::StDmPageAdd+0xe3
fffff880`03946c80 fffff880`01b5341a : fffffa80`064f9900 00000000`00000080 00000000`00000080 fffffa80`04ae0f88 : rdyboost!ST_STORE<SMD_TRAITS>::StWorkItemProcess+0x23a
fffff880`03946ce0 fffff800`0316932e : 00000000`00000000 fffff880`00000000 fffffa80`049dd8c0 fffffa80`039ce040 : rdyboost!SMKM_STORE<SMD_TRAITS>::SmStWorker+0x152
fffff880`03946d40 fffff800`02ebe666 : fffff880`03163180 fffffa80`049dd8c0 fffff880`0316dfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03946d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
rdyboost!memcpy+223
fffff880`01b64a83 8a040a mov al,byte ptr [rdx+rcx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: rdyboost!memcpy+223
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdyboost
IMAGE_NAME: rdyboost.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7982e
FAILURE_BUCKET_ID: X64_0x50_rdyboost!memcpy+223
BUCKET_ID: X64_0x50_rdyboost!memcpy+223
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\052511-14055-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e14000 PsLoadedModuleList = 0xfffff800`03059650
Debug session time: Wed May 25 15:08:09.716 2011 (UTC - 7:00)
System Uptime: 0 days 0:51:16.386
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 109b, 0, fffff8a00b495640}
GetPointerFromAddress: unable to read from fffff800030c3100
GetUlongFromAddress: unable to read from fffff80003031a18
GetUlongFromAddress: unable to read from fffff80003031a18
Probably caused by : ntkrnlmp.exe ( nt!ObpCaptureObjectName+216 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000000000000, Memory contents of the pool block
Arg4: fffff8a00b495640, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongFromAddress: unable to read from fffff80003031a18
GetUlongFromAddress: unable to read from fffff80003031a18
POOL_ADDRESS: fffff8a00b495640
BUGCHECK_STR: 0xc2_7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Core Temp.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fbebe9 to fffff80002e93d00
STACK_TEXT:
fffff880`096197f8 fffff800`02fbebe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`00000000 : nt!KeBugCheckEx
fffff880`09619800 fffff800`0318f8d7 : 00000000`000000f8 00000000`00000000 00000000`00000000 00000000`a0000003 : nt!ExDeferredFreePool+0x1201
fffff880`096198b0 fffff800`0318ce2b : fffffa80`040a30b0 00000000`0420fad0 fffff8a0`00004801 fffffa80`04c9bdd0 : nt!ObpCaptureObjectName+0x216
fffff880`09619930 fffff800`0318ee9b : fffffa80`040a3010 fffffa80`03a0b8e0 00000000`00000000 00000000`00000000 : nt!ObpCaptureObjectCreateInformation+0x279
fffff880`096199b0 fffff800`031909ec : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`00000001 : nt!ObOpenObjectByName+0xbb
fffff880`09619a80 fffff800`0319b608 : 00000000`0420fa98 fffff8a0`c0100080 00000000`0420fae8 00000000`0420faa8 : nt!IopCreateFile+0x2bc
fffff880`09619b20 fffff800`02e92f93 : fffff880`09619ca0 fffffa80`0710f5e0 00000000`00000000 00000000`0420fb00 : nt!NtCreateFile+0x78
fffff880`09619bb0 00000000`7743186a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0420fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7743186a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObpCaptureObjectName+216
fffff800`0318f8d7 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!ObpCaptureObjectName+216
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fdd5b
FAILURE_BUCKET_ID: X64_0xc2_7_nt!ObpCaptureObjectName+216
BUCKET_ID: X64_0xc2_7_nt!ObpCaptureObjectName+216
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\111111-21044-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e0a000 PsLoadedModuleList = 0xfffff800`0304f670
Debug session time: Fri Nov 11 09:32:15.786 2011 (UTC - 7:00)
System Uptime: 1 days 11:55:58.066
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {8, 2, 0, fffff880018de02b}
Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880018de02b, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b9100
0000000000000008
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Plex Media Ser
TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80043c3080 rbx=0000000000000000 rcx=fffff8800379ccd0
rdx=fffff88001723140 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880018de02b rsp=fffff8800379ccb0 rbp=0000000000000000
r8=fffff8800171b720 r9=fffffa8008486590 r10=fffffa8004979d80
r11=fffffa8004679030 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!IppLoopbackTransmit+0x14b:
fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8] ds:4550:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e861e9 to fffff80002e86c40
STACK_TEXT:
fffff880`0379c9d8 fffff800`02e861e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0379c9e0 fffff800`02e84e60 : fffffa80`043c3d00 fffff880`0379cba0 fffff880`01a199a0 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0379cb20 fffff880`018de02b : fffffa80`0498ee80 fffffa80`0000907e fffff880`000089c8 fffff880`037989c8 : nt!KiPageFault+0x260
fffff880`0379ccb0 fffff800`02e7e757 : fffff880`01a199a0 00000000`00000006 00000000`00000000 00000000`00000000 : tcpip!IppLoopbackTransmit+0x14b
fffff880`0379cd60 fffff800`02e7e711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`091ec720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`018de02b 488b4308 mov rax,qword ptr [rbx+8]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948
FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\121911-17191-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03064000 PsLoadedModuleList = 0xfffff800`032a9670
Debug session time: Mon Dec 19 13:09:24.393 2011 (UTC - 7:00)
System Uptime: 6 days 15:09:07.063
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {10, 2, 0, fffff800030e595d}
Probably caused by : ntkrnlmp.exe ( nt!KeWaitForMultipleObjects+794 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800030e595d, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003313100
0000000000000010
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeWaitForMultipleObjects+794
fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: AvastSvc.exe
TRAP_FRAME: fffff88009de0040 -- (.trap 0xfffff88009de0040)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800468c198 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa800697bcc8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030e595d rsp=fffff88009de01d0 rbp=fffffa8006f0d060
r8=0020000000000000 r9=fffff88003163180 r10=0000000000000002
r11=fffffa800697bc68 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeWaitForMultipleObjects+0x794:
fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h] ds:3a80:00000000`00000010=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030e01e9 to fffff800030e0c40
STACK_TEXT:
fffff880`09ddfef8 fffff800`030e01e9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09ddff00 fffff800`030dee60 : 31313436`33633538 64653433`33623662 00000000`00000000 0000053a`2ff0a1c4 : nt!KiBugCheckDispatch+0x69
fffff880`09de0040 fffff800`030e595d : fffffa80`06a83a80 fffffa80`04ada080 000008fe`0000001b 00000014`00000006 : nt!KiPageFault+0x260
fffff880`09de01d0 fffff800`033d777f : 00000000`00000002 fffff880`09de0520 00000000`00000000 00000000`00000006 : nt!KeWaitForMultipleObjects+0x794
fffff880`09de0490 fffff800`034044cd : 00000000`00000001 00000000`00000000 00000000`00000000 fffff800`03109101 : nt!ObpWaitForMultipleObjects+0x294
fffff880`09de0960 fffff800`030dfed3 : fffff880`09de0ca0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWaitForMultipleObjects32+0xec
fffff880`09de0bb0 00000000`75052e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01cdf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75052e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeWaitForMultipleObjects+794
fffff800`030e595d 488b4110 mov rax,qword ptr [rcx+10h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeWaitForMultipleObjects+794
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KeWaitForMultipleObjects+794
BUCKET_ID: X64_0xA_nt!KeWaitForMultipleObjects+794
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\minidump\123011-28298-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03065000 PsLoadedModuleList = 0xfffff800`032aa670
Debug session time: Fri Dec 30 10:31:50.720 2011 (UTC - 7:00)
System Uptime: 3 days 21:11:40.015
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {8, 2, 0, fffff880018e502b}
Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880018e502b, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003314100
0000000000000008
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Plex Media Ser
TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80071d7440 rbx=0000000000000000 rcx=fffff8800379ccd0
rdx=fffff8800179c140 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880018e502b rsp=fffff8800379ccb0 rbp=0000000000000000
r8=fffff88001794720 r9=fffffa80041f5d70 r10=fffffa800497be00
r11=fffffa8003be5450 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!IppLoopbackTransmit+0x14b:
fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8] ds:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030e11e9 to fffff800030e1c40
STACK_TEXT:
fffff880`0379c9d8 fffff800`030e11e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0379c9e0 fffff800`030dfe60 : fffff880`00000002 fffff880`01900d3a 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0379cb20 fffff880`018e502b : fffffa80`04993900 fffffa80`0000907e fffff880`000073dd fffff880`037973dd : nt!KiPageFault+0x260
fffff880`0379ccb0 fffff800`030d9757 : fffff880`01a209a0 fcfcc789`48fbb606 00000000`00000000 90000007`9fe95341 : tcpip!IppLoopbackTransmit+0x14b
fffff880`0379cd60 fffff800`030d9711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`09359720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`018e502b 488b4308 mov rax,qword ptr [rbx+8]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948
FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
Followup: MachineOwner
---------
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\tpattgeek\minidump\011112-18158-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03067000 PsLoadedModuleList = 0xfffff800`032ac670
Debug session time: Wed Jan 11 18:15:07.891 2012 (UTC - 7:00)
System Uptime: 1 days 3:58:26.561
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
..............................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {8, 2, 0, fffff8800189c02b}
Probably caused by : tcpip.sys ( tcpip!IppLoopbackTransmit+14b )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800189c02b, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003316100
0000000000000008
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Plex Media Ser
TRAP_FRAME: fffff8800379cb20 -- (.trap 0xfffff8800379cb20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800468d6c0 rbx=0000000000000000 rcx=fffff8800379ccd0
rdx=fffffa80064d2821 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800189c02b rsp=fffff8800379ccb0 rbp=0000000000000000
r8=fffffa80064d2820 r9=0000000000000000 r10=fffffa800495de00
r11=fffffa8003fcb850 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
tcpip!IppLoopbackTransmit+0x14b:
fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8] ds:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030e31e9 to fffff800030e3c40
STACK_TEXT:
fffff880`0379c9d8 fffff800`030e31e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0379c9e0 fffff800`030e1e60 : 00000002`00600b2d fffff880`08907720 fffffa80`0495fd30 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0379cb20 fffff880`0189c02b : fffffa80`04974930 fffffa80`0000d9eb fffff880`0000907e fffff880`0379907e : nt!KiPageFault+0x260
fffff880`0379ccb0 fffff800`030db757 : fffff880`019d79a0 01ca043e`75759506 00000000`00000000 005c0073`00200000 : tcpip!IppLoopbackTransmit+0x14b
fffff880`0379cd60 fffff800`030db711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`08900720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
tcpip!IppLoopbackTransmit+14b
fffff880`0189c02b 488b4308 mov rax,qword ptr [rbx+8]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: tcpip!IppLoopbackTransmit+14b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tcpip
IMAGE_NAME: tcpip.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e83e948
FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
BUCKET_ID: X64_0xD1_tcpip!IppLoopbackTransmit+14b
Followup: MachineOwner
---------
That set did include another AVAST related crash. I also note the following problem. a. Click Start Menu
b. Click My Computer
c. Go to C:\WIndows\System32\drivers\
d. Verify that the ASACPI.SYS file is dated 2009 or newer (2010,etc.)