Various different errors, mostly false positive fault processes and some memory corruption. This is either driver related (we don't know yet) or memory related.
Three tests I'd like you to run:
Chkdsk:
- Open the "Computer" window
- Right-click on the drive in question
- Select the "Tools" tab
- In the Error-checking area, click <Check Now>.
Memtest:
Read the following to test your memory for errors.
Driver Verifier:
Read the following to enable Driver Verifier. Use Driver Second if Memtest finds nothing, as it's likely a software / driver issue, we just aren't being told what it is, and hopefully Driver Verifier will than force a crash if it finds the violating driver.
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc000001d, The exception code that was not handled
Arg2: fffff80001aaeea6, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: fffff70001080400, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.
FAULTING_IP:
nt!MiUpdateWsle+1b6
fffff800`01aaeea6 ff ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: fffff70001080400
ERROR_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.
BUGCHECK_STR: 0x1E_c000001d
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: NisSrv.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80001ae7588 to fffff80001a9bc40
FAILED_INSTRUCTION_ADDRESS:
nt!MiUpdateWsle+1b6
fffff800`01aaeea6 ff ???
STACK_TEXT:
fffff880`06dfce08 fffff800`01ae7588 : 00000000`0000001e ffffffff`c000001d fffff800`01aaeea6 00000000`00000000 : nt!KeBugCheckEx
fffff880`06dfce10 fffff800`01a9b2c2 : fffff880`06dfd5e8 000007fe`fac16001 fffff880`06dfd690 fffffa80`00dfb450 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`06dfd4b0 fffff800`01a9941f : fffff880`06dfd690 fffff880`06dfd600 fffff6fb`00002700 fffff6fb`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`06dfd690 fffff800`01aaeea6 : 000007fe`fad55001 000007fe`fac13001 fffff700`01080000 00000000`00000000 : nt!KiInvalidOpcodeFault+0x11f
fffff880`06dfd820 fffff800`01abae4d : 00000000`000005fe 00000000`01a81ff0 fffff700`01080000 fffff700`01080000 : nt!MiUpdateWsle+0x1b6
fffff880`06dfd890 fffff800`01aba53f : 5fe00000`4a917025 00000000`4a917121 fffffa80`000244e0 00000000`00000000 : nt!MiCompleteProtoPteFault+0x2cd
fffff880`06dfd920 fffff800`01ab9053 : 00000000`0004bf27 000007fe`fac169bc fffff683`ff7d60b0 fffffa80`040b13f8 : nt!MiResolveProtoPteFault+0x1cf
fffff880`06dfd9b0 fffff800`01aa8f19 : 0000718c`00000000 000007fe`fac169bc fffff880`06dfdb40 fffff680`00000000 : nt!MiDispatchFault+0x1c3
fffff880`06dfdac0 fffff800`01a99d6e : 00000000`00000008 000007fe`fac169bc 00000000`00aef501 00000000`01a91210 : nt!MmAccessFault+0x359
fffff880`06dfdc20 000007fe`fac169bc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`00aef0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fac169bc
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiUpdateWsle+1b6
fffff800`01aaeea6 ff ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!MiUpdateWsle+1b6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x1E_c000001d_BAD_IP_nt!MiUpdateWsle+1b6
BUCKET_ID: X64_0x1E_c000001d_BAD_IP_nt!MiUpdateWsle+1b6
Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88006e53fc8, fffff88006e53820, fffff80001a8fd87}
Probably caused by : Ntfs.sys ( Ntfs!NtfsNonCachedIo+23f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88006e53fc8
Arg3: fffff88006e53820
Arg4: fffff80001a8fd87
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88006e53fc8 -- (.exr 0xfffff88006e53fc8)
ExceptionAddress: fffff80001a8fd87 (nt!KiCommitThreadWait+0x0000000000000027)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000048
Attempt to read from address 0000000000000048
CONTEXT: fffff88006e53820 -- (.cxr 0xfffff88006e53820)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000007ff rsi=00000000000000c0 rdi=fffffa800399e060
rip=fffff80001a8fd87 rsp=fffff88006e54200 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=fffffa8001f347fa r12=0000000000000000 r13=00000000000007ff
r14=0000000000000000 r15=fffffa800399e168
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiCommitThreadWait+0x27:
fffff800`01a8fd87 0fb64348 movzx eax,byte ptr [rbx+48h] ds:002b:00000000`00000048=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: spoolsv.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000048
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001cbd100
0000000000000048
FOLLOWUP_IP:
Ntfs!NtfsNonCachedIo+23f
fffff880`012603ff 498b4d78 mov rcx,qword ptr [r13+78h]
FAULTING_IP:
nt!KiCommitThreadWait+27
fffff800`01a8fd87 0fb64348 movzx eax,byte ptr [rbx+48h]
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffff80001a9274f to fffff80001a8fd87
STACK_TEXT:
fffff880`06e54200 fffff800`01a9274f : fffff880`06e546d0 fffffa80`02473040 00000000`00000000 fffff880`06e54430 : nt!KiCommitThreadWait+0x27
fffff880`06e54290 fffff880`012603ff : fffffa80`0276ad00 00000000`00000000 fffff8a0`01ee8c00 fffff8a0`025e4000 : nt!KeWaitForSingleObject+0x19f
fffff880`06e54330 fffff880`01258fc6 : fffff880`06e546d0 fffffa80`04088010 fffff8a0`01ee8c70 00000000`00000000 : Ntfs!NtfsNonCachedIo+0x23f
fffff880`06e54500 fffff880`0125aa68 : fffff880`06e546d0 fffffa80`04088010 fffff880`06e54801 fffffa80`040c9001 : Ntfs!NtfsCommonRead+0x7a6
fffff880`06e546a0 fffff880`01009bcf : fffffa80`04088368 fffffa80`04088010 fffffa80`040c9010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`06e548b0 fffff880`010086df : fffffa80`0251b2c0 fffffa80`0399e001 fffffa80`0251b200 fffffa80`04088010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`06e54940 fffff800`01ab2bc5 : fffffa80`04088030 fffffa80`04198290 fffffa80`03ed07e0 fffff800`01c00e80 : fltmgr!FltpDispatch+0xcf
fffff880`06e549a0 fffff800`01ab2699 : 00000000`00000001 00000000`00000001 fffffa80`03ed0720 fffffa80`04180ad0 : nt!IoPageRead+0x255
fffff880`06e54a30 fffff800`01a9902a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255
fffff880`06e54ac0 fffff800`01a88d6e : 00000000`00000008 000007fe`f6f99a9c 00000000`77062501 00000000`002ee560 : nt!MmAccessFault+0x146a
fffff880`06e54c20 000007fe`f6f99a9c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`01d6ef88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`f6f99a9c
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Ntfs!NtfsNonCachedIo+23f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff88006e53820 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsNonCachedIo+23f
BUCKET_ID: X64_0x24_Ntfs!NtfsNonCachedIo+23f
Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {30, 2, 1, fffff80001ce8ed9}
Probably caused by : HTTP.sys ( HTTP!UlQueueWorkItem+e4 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000030, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001ce8ed9, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80001f15100
0000000000000030
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiDeferredReadyThread+219
fffff800`01ce8ed9 f0490fba6c243000 lock bts qword ptr [r12+30h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: chrome.exe
TRAP_FRAME: fffff80001a204d0 -- (.trap 0xfffff80001a204d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001ce8ed9 rsp=fffff80001a20660 rbp=0000000000000000
r8=0000000000000002 r9=0000000001ccf3cc r10=fffff80001c66000
r11=fffff88005a769c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiDeferredReadyThread+0x219:
fffff800`01ce8ed9 f0490fba6c243000 lock bts qword ptr [r12+30h],0 ds:0e88:00000000`00000030=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001ce21e9 to fffff80001ce2c40
STACK_TEXT:
fffff800`01a20388 fffff800`01ce21e9 : 00000000`0000000a 00000000`00000030 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`01a20390 fffff800`01ce0e60 : 00000000`00000000 00000000`00000001 00000000`00000000 fffff800`01e58e80 : nt!KiBugCheckDispatch+0x69
fffff800`01a204d0 fffff800`01ce8ed9 : fffff800`01e66c00 fffff800`01ce6ca6 fffff800`01e58e80 fffffa80`02d47610 : nt!KiPageFault+0x260
fffff800`01a20660 fffff800`01ce6d30 : 00000000`00000002 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KiDeferredReadyThread+0x219
fffff800`01a206e0 fffff880`05a310f4 : adfff800`00000000 ff000000`00000000 fffff800`01a20600 fffffa80`03bd2a58 : nt!KeSetEvent+0x190
fffff800`01a20750 fffff800`01cee5fc : fffff800`01a20830 00000000`00000000 00000000`00000001 00000000`00000002 : HTTP!UlQueueWorkItem+0xe4
fffff800`01a207a0 fffff800`01cee496 : fffff880`05a77ba0 00000000`000012bb 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
fffff800`01a20810 fffff800`01cee37e : 00000000`2c965b28 fffff800`01a20e88 00000000`000012bb fffff800`01e5c9e8 : nt!KiProcessExpiredTimerList+0xc6
fffff800`01a20e60 fffff800`01cee167 : fffff800`01e58ec1 fffffa80`000012bb fffffa80`01f2c050 00000000`000000bb : nt!KiTimerExpiration+0x1be
fffff800`01a20f00 fffff800`01ce5765 : 00000000`00000000 fffffa80`02d47610 00000000`00000000 fffff880`00e2ef5c : nt!KiRetireDpcList+0x277
fffff800`01a20fb0 fffff800`01ce557c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5
fffff880`07602be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
HTTP!UlQueueWorkItem+e4
fffff880`05a310f4 ebbd jmp HTTP!UlQueueWorkItem+0xa3 (fffff880`05a310b3)
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: HTTP!UlQueueWorkItem+e4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: HTTP
IMAGE_NAME: HTTP.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce793ce
FAILURE_BUCKET_ID: X64_0xA_HTTP!UlQueueWorkItem+e4
BUCKET_ID: X64_0xA_HTTP!UlQueueWorkItem+e4
Followup: MachineOwner
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80001a86d87, fffff88006b0bda0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiCommitThreadWait+27 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80001a86d87, Address of the instruction which caused the bugcheck
Arg3: fffff88006b0bda0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!KiCommitThreadWait+27
fffff800`01a86d87 0fb64348 movzx eax,byte ptr [rbx+48h]
CONTEXT: fffff88006b0bda0 -- (.cxr 0xfffff88006b0bda0)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000000007ff rsi=00000000000000c0 rdi=fffffa80050adb60
rip=fffff80001a86d87 rsp=fffff88006b0c780 rbp=0000000000000000
r8=fffffa800493c0e8 r9=0000000000000000 r10=fffffffffffffffe
r11=fffff80001bf7e80 r12=0000000000000000 r13=00000000000007ff
r14=0000000000000000 r15=fffffa80050adc68
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiCommitThreadWait+0x27:
fffff800`01a86d87 0fb64348 movzx eax,byte ptr [rbx+48h] ds:002b:00000000`00000048=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: McSvHost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80001a86d87
STACK_TEXT:
fffff880`06b0c780 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x27
FOLLOWUP_IP:
nt!KiCommitThreadWait+27
fffff800`01a86d87 0fb64348 movzx eax,byte ptr [rbx+48h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiCommitThreadWait+27
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff88006b0bda0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KiCommitThreadWait+27
BUCKET_ID: X64_0x3B_nt!KiCommitThreadWait+27
Followup: MachineOwner