Code:
Code: ---------
[list=1][*] Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64 Copyright © Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\TheJGits\Windows_NT6_BSOD_jcgriff2\022912-27409-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`03203000 PsLoadedModuleList = 0xfffff800`03448670 Debug session time: Wed Feb 29 20:08:46.691 2012 (UTC – 7:00) System Uptime: 0 days 15:42:42.111 Loading Kernel Symbols .............................................................. ............................................................... .................. Loading User Symbols Loading unloaded module list ......... *****************************************************************************
*****************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff96000158971, fffff88008bfb070, 0}
Probably caused by : win32k.sys ( win32k!FindTimer+59 )
Followup: MachineOwner
2: kd> !analyze -v
*****************************************************************************
*****************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff96000158971, Address of the instruction which caused the bugcheck Arg3: fffff88008bfb070, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 – The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP: win32k!FindTimer+59 fffff960`00158971 4c396b28 cmp qword ptr [rbx+28h],r13
CONTEXT: fffff88008bfb070 — (.cxr 0xfffff88008bfb070) rax=0000000000000001 rbx=ff90f96000384410 rcx=fffff960003840e0 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000 rip=fffff96000158971 rsp=fffff88008bfba50 rbp=ff90f96000384480
r8=0000000000000000 r9=0000000000000001 r10=fffff960001254d0 r11=fffff900c25d3010 r12=fffff96000384480 r13=fffff900c063b940 r14=0000000000000000 r15=0000000000000001 iopl=0 nv up ei ng nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287 win32k!FindTimer+0x59: fffff960`00158971 4c396b28 cmp qword ptr [rbx+28h],r13 ds:002b:ff90f960`00384438=???????????????? Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff96000125532 to fffff96000158971
STACK_TEXT: fffff880`08bfba50 fffff960`00125532 : 00000000`00000000 00000000`00000001 fffff880`08bfbb60 00000000`00000001 : win32k!FindTimer+0x59 fffff880`08bfbaa0 fffff800`0327eed3 : fffffa80`075919c0 00000000`00278cb0 00000000`00000101 00000000`002a70d8 : win32k!NtUserKillTimer+0x62 fffff880`08bfbae0 00000000`744e2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`027eeb78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x744e2e09
FOLLOWUP_IP: win32k!FindTimer+59 fffff960`00158971 4c396b28 cmp qword ptr [rbx+28h],r13
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!FindTimer+59
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f10ff24
STACK_COMMAND: .cxr 0xfffff88008bfb070 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!FindTimer+59
BUCKET_ID: X64_0x3B_win32k!FindTimer+59
Followup: MachineOwner ---------[*] Loading Dump File [D:\Kingston\BSODDmpFiles\TheJGits\Windows_NT6_BSOD_jcgriff2\022612-21091-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7600.16385.amd64fre.win7_rtm.090713-1255 Machine Name: Kernel base = 0xfffff800`02e56000 PsLoadedModuleList = 0xfffff800`03093e50 Debug session time: Sun Feb 26 20:20:05.989 2012 (UTC – 7:00) System Uptime: 0 days 0:02:59.004 Loading Kernel Symbols .............................................................. ............................................................... ................ Loading User Symbols Loading unloaded module list …
*****************************************************************************
*****************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff88009745238, fffff88009744a90, fffff80002ebc399}
Probably caused by : Ntfs.sys ( Ntfs!NtfsCommonWrite+da0 )
Followup: MachineOwner
2: kd> !analyze -v
*****************************************************************************
*****************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff88009745238 Arg3: fffff88009744a90 Arg4: fffff80002ebc399
Debugging Details:
EXCEPTION_RECORD: fffff88009745238 — (.exr 0xfffff88009745238) ExceptionAddress: fffff80002ebc399 (nt!CcGetVacbLargeOffset+0x0000000000000069)
ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2
Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff
CONTEXT: fffff88009744a90 — (.cxr 0xfffff88009744a90) rax=a2fdc3399a1a8882 rbx=0000000000000000 rcx=0000000000000019 rdx=0000000000000000 rsi=0000000000000001 rdi=00000000000000f0 rip=fffff80002ebc399 rsp=fffff88009745478 rbp=fffffa8006fc6010
r8=0000000000000019 r9=0000000000000001 r10=00000000fffffff9 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000001 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 nt!CcGetVacbLargeOffset+0x69: fffff800`02ebc399 488b04d0 mov rax,qword ptr [rax+rdx*8] ds:002b:a2fdc339`9a1a8882=???????????????? Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: SearchIndexer.
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 – The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 – The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fe0e0
ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsCommonWrite+da0 fffff880`01258f40 84c0 test al,al
FAULTING_IP: nt!CcGetVacbLargeOffset+69 fffff800`02ebc399 488b04d0 mov rax,qword ptr [rax+rdx*8]
BUGCHECK_STR: 0×24
LAST_CONTROL_TRANSFER: from fffff80002ee6a07 to fffff80002ebc399
STACK_TEXT: fffff880`09745478 fffff800`02ee6a07 : fffff680`00000002 00000000`00000000 fffffa80`04be8110 fffffa80`04c49040 : nt!CcGetVacbLargeOffset+0x69 fffff880`09745480 fffff800`02ef3dc6 : 00000000`00000000 00000000`00000000 fffff880`09745568 fffff880`09745548 : nt!CcGetVirtualAddress+0x147 fffff880`09745510 fffff800`02ef3bf4 : fffffa80`06fc6010 00000000`00df7720 fffff880`09745650 00000000`000000f0 : nt!CcMapAndCopyInToCache+0x146 fffff880`09745600 fffff880`01258f40 : 00000000`00000000 fffff880`09745880 fffffa80`09b38e40 fffff880`09745800 : nt!CcCopyWrite+0x194 fffff880`09745690 fffff880`0125d413 : fffffa80`09b38e40 fffffa80`070b7c10 fffff880`09745800 fffff880`09745800 : Ntfs!NtfsCommonWrite+0xda0 fffff880`09745850 fffff880`0104f23f : fffffa80`070b7fb0 fffffa80`070b7c10 fffffa80`0700c010 00000000`00000001 : Ntfs!NtfsFsdWrite+0x1c3 fffff880`09745910 fffff880`0104d6df : fffffa80`07c96de0 00000000`00000001 fffffa80`07c96d00 fffffa80`070b7c10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`097459a0 fffff800`031db929 : 00000000`00000001 fffffa80`06f628e0 00000000`00000001 fffffa80`070b7c10 : fltmgr!FltpDispatch+0xcf fffff880`09745a00 fffff800`031dc6c3 : fffffa80`070b7ff8 fffffa80`06fcf6a0 fffffa80`06f628e0 fffffa80`06f62954 : nt!IopSynchronousServiceTail+0xf9 fffff880`09745a70 fffff800`02ec7153 : fffffa80`06f6c001 00000000`00000420 00000000`00000000 00000000`00f4b718 : nt!NtWriteFile+0x7e2 fffff880`09745b70 00000000`76fdff3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00f4b608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76fdff3a
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Ntfs!NtfsCommonWrite+da0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc14f
STACK_COMMAND: .cxr 0xfffff88009744a90 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonWrite+da0
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonWrite+da0
We will start with the common problems first (see bold possible causes). Do the following steps and
. Post back your results after each step, and
and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
.