Bugcheck
Hi All,
I have the following issue with an Windows 2008 R2 VM. I am getting the following error.
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000021, 0xfffff900c0165000, 0x0000000000001050, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051214-14406-01.
The set-up are as follow: 2 Cluster Hyper-V on Windows 2012 server. All other Windows 2008 R2 VM's runs without any issues.
Any advise will be greatly appreciated.
Regards
Spyker78
Hi Spyker78,
Sorry for my delay.
Regarding to Bug Check 0x19, it indicates that a pool header is corrupt. For more details, please refer to
the following article.
Bug Check 0x19: BAD_POOL_HEADER
Can you remember which operation had been done before this issue occurred? Would you please let me confirm
whether change the Internet SCSI (iSCSI) configurations on the server and retrieve some iSCSI connection statistics by using WMI? If changed, there was a hotfix that may help you. For more details, please refer to the following KB.
Stop error message when you retrieve WMI connection statistics
for iSCSI after you change the iSCSI configurations on a computer that is running Windows Server 2008 R2 or Windows 7: "0x00000019 BAD_POOL_HEADER"
If no any change, please install all necessary updates and check if this issue still persists.
Troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. However, it is not effective for us to debug
the crash dump file here in the forum. You can refer to the following KB and analyze the dump file.
How to read the small memory dump file that is created by Windows if a crash occurs
If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist
with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu
Similar Messages
-
Multiple operating system crashes- the computer has rebooted from a bugcheck
For last couple of months I have been facing multiple crashes every day. Looking for help diagnose it. The memory dump file is 797 MB. Is there an option wherein I can make any sense out of it under guidance from community here- or should i simply try
a clean install of win 8.1Hi grensmoothie,
Any update here?
You may follow the guide posted by Team Zigzag (http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_update/warning-disabling-the-new-windows-update-ui-may/dc846517-eca0-4960-b0ff-1eb7227223f5),
For BSOD related issue, we do need the dump file to give a proper suggestion.
Besides, if you would like to debug the dump file by yourself, you may follow the WIKI article below:
Windows Bugcheck Analysis
Best regards
Michael Shao
TechNet Community Support -
indows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (12 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 6002.18327.amd64fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0xfffff800`01847000 PsLoadedModuleList = 0xfffff800`01a0bdd0
Debug session time: Mon Nov 3 05:27:34.976 2014 (UTC - 5:00)
System Uptime: 81 days 16:48:21.023
* Bugcheck Analysis *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600007f200, Address of the instruction which caused the bugcheck
Arg3: fffffa60155fff70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffa60155fff70 -- (.cxr 0xfffffa60155fff70)
rax=000000000002f6bc rbx=0000000000000000 rcx=fffff900c1fad250
rdx=fffffa82bc20a330 rsi=fffff900c327a940 rdi=fffffa6015600820
rip=fffff9600007f200 rsp=fffffa60156007d0 rbp=0000000000000000
r8=0000000000000000 r9=000000000003fb36 r10=0000000000000000
r11=fffffa82aa1d6bb0 r12=0000000000000000 r13=0000000000000000
r14=000000000000491f r15=0000000000000001
iopl=0 nv up ei pl nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010203
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`0002f6ec=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff96000244030 to fffff9600007f200
STACK_TEXT:
fffffa60`156007d0 fffff960`00244030 : 00000000`00000000 fffffa82`bc20a300 00000000`00000001 00000000`0000491f : win32k!PFEOBJ::vFreepfdg+0xe8
fffffa60`15600800 fffff960`0024e647 : 00000000`00000000 fffff900`c0092000 fffff900`c0010000 00000000`00000000 : win32k!RFONTOBJ::vDeleteRFONT+0x210
fffffa60`15600860 fffff960`0024e2ba : 00000000`00000000 fffff900`c1eb4010 fffff900`c1eb4010 fffff900`c2c773a0 : win32k!vRestartKillRFONTList+0xab
fffffa60`156008b0 fffff960`000f9bc2 : fffff900`c08ac998 fffff900`c2685350 00000000`00000000 fffff900`00000001 : win32k!PFTOBJ::bUnloadWorkhorse+0x196
fffffa60`15600930 fffff960`000fa7a1 : fffff900`c08ac910 00000000`00000000 00000000`00000001 00000000`00000001 : win32k!vCleanupPrivateFonts+0x72
fffffa60`15600970 fffff960`000eebc4 : 00000000`00000000 00000000`00000000 fffff900`c2621180 00000000`ffffffff : win32k!NtGdiCloseProcess+0x479
fffffa60`156009d0 fffff960`000ee42b : 00000000`00000000 fffff900`c2621180 00000000`00000000 00000000`00000000 : win32k!GdiProcessCallout+0x1f4
fffffa60`15600a50 fffff800`01afa77c : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa82`aa1d6bb0 : win32k!W32pProcessCallout+0x6f
fffffa60`15600a80 fffff800`01afcc7d : 00000000`00000000 fffffa82`aa1d6b01 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x41c
fffffa60`15600b70 fffff800`01aed942 : 00000000`00000000 00000000`0000000c 00000000`fffdd000 fffff880`0000000c : nt!PspTerminateThreadByPointer+0x4d
fffffa60`15600bc0 fffff800`018a0f33 : fffffa82`ab4eac10 fffffa82`aa1d6bb0 fffffa60`15600ca0 00000000`fffdd000 : nt!NtTerminateProcess+0xfa
fffffa60`15600c20 00000000`779d6e5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007ded8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x779d6e5a
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+e8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4de794fc
STACK_COMMAND: .cxr 0xfffffa60155fff70 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
Followup: MachineOwnerHi,
Would you please let me know whether had done any change before this issue occurred? For examples, install
any third-party application (chrome.exe) or any other? Meanwhile, would you please let me confirm whether this issue occurred regularly?
For Bug Check 0x3B, it indicates that an exception happened while executing a routine that transitions from
non-privileged code to privileged code. For more details, please refer to following article and check if can help you.
Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION
Please update drivers and install all necessary Windows Updates, then monitor the result. If this issue still
exists, please perform a
clean boot. Any difference?
By the way, it may be not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer
Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
Hi Guys,
Has anyone come across this BSOD error and found a fix, as I'm at a lost as to what is causing the BSOD
Please see Windows Debugger output below:-
Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Transfer\Minidumps\Mini051414-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 6002.23154.amd64fre.vistasp2_ldr.130707-1535
Machine Name:
Kernel base = 0xfffff800`01c18000 PsLoadedModuleList = 0xfffff800`01dd7e30
Debug session time: Wed May 14 12:01:16.178 2014 (UTC + 1:00)
System Uptime: 3 days 7:15:01.532
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9600030271e, fffffa603d967ec0, 0}
Probably caused by : win32k.sys ( win32k!PFFOBJ::pPvtDataMatch+12 )
Followup: MachineOwner
7: kd> !analyze -v
* Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600030271e, Address of the instruction which caused the bugcheck
Arg3: fffffa603d967ec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804 test byte ptr [rbx+8],4
CONTEXT: fffffa603d967ec0 -- (.cxr 0xfffffa603d967ec0)
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804 test byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960003009b1 to fffff9600030271e
STACK_TEXT:
fffffa60`3d968720 fffff960`003009b1 : 00000000`0000301f 00000000`00004fbc 00000000`00000000 fffffa80`3b6cdbb0 : win32k!PFFOBJ::pPvtDataMatch+0x12
fffffa60`3d968750 fffff960`001aacb6 : fffff900`c2ade350 fffff900`c3fa59e0 00000000`00000000 fffffa80`369f6680 : win32k!PFTOBJ::bUnloadWorkhorse+0x55
fffffa60`3d9687d0 fffff960`001ab8d8 : fffff900`c2ade2d0 00000000`00000000 00000000`00000001 00000000`00000001 : win32k!vCleanupPrivateFonts+0x72
fffffa60`3d968810 fffff960`0019fbc0 : 00000000`00000000 fffff800`01ebfe00 fffff900`c277dd10 fffffa80`38d5b800 : win32k!NtGdiCloseProcess+0x4a8
fffffa60`3d968870 fffff960`0019f423 : 00000000`00000000 fffff900`c277dd10 00000000`00000000 fffff800`01ebfe48 : win32k!GdiProcessCallout+0x1f4
fffffa60`3d9688f0 fffff800`01ecc924 : 00000000`00000000 00000000`00000000 fffff800`01db6ec0 00000000`00000000 : win32k!W32pProcessCallout+0x6f
fffffa60`3d968920 fffff800`01ebfe65 : fffffa60`00000000 fffff800`01c89701 fffffa80`57c73810 00000000`78457350 : nt!PspExitThread+0x41c
fffffa60`3d968a10 fffff800`01c89881 : fffffa60`3d968ad8 00000000`00000000 fffffa80`382fe430 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffffa60`3d968a40 fffff800`01c8d935 : fffffa60`3d968ca0 fffffa60`3d968ae0 fffff800`01ebfe74 00000000`00000001 : nt!KiDeliverApc+0x441
fffffa60`3d968ae0 fffff800`01c6721d : fffffa80`3b6cdbb0 00000000`0038f2f4 fffffa60`3d968bf8 fffffa80`597301e0 : nt!KiInitiateUserApc+0x75
fffffa60`3d968c20 00000000`74c93d09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xa2
00000000`000eebd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74c93d09
FOLLOWUP_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804 test byte ptr [rbx+8],4
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFFOBJ::pPvtDataMatch+12
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52f4cf4d
STACK_COMMAND: .cxr 0xfffffa603d967ec0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
Followup: MachineOwner
7: kd> lmvm win32k
start end module name
fffff960`000e0000 fffff960`0039a000 win32k (pdb symbols) c:\symbols\win32k.pdb\E3E9D4C3813E470A90F52FAEC6461A252\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\symbols\win32k.sys\52F4CF4D2ba000\win32k.sys
Image path: win32k.sys
Image name: win32k.sys
Timestamp: Fri Feb 07 12:19:25 2014 (52F4CF4D)
CheckSum: 002AD344
ImageSize: 002BA000
File version: 6.0.6002.23325
Product version: 6.0.6002.23325
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.0.6002.23325
FileVersion: 6.0.6002.23325 (vistasp2_ldr.140207-0038)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa603d967ec0
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804 test byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Thanks
JTGetting BSOD's pointing to this dll also. Started at around the same date as Jitinder's post. Maybe a new issue introduced has been introduced?
7: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600011fda0, Address of the instruction which caused the bugcheck
Arg3: fffffa6027acd1d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
"kernel32.dll" was not found in the image list.
Debugger will attempt to load "kernel32.dll" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffa6027acd1d0 -- (.cxr 0xfffffa6027acd1d0)
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960002e66d4 to fffff9600011fda0
STACK_TEXT:
fffffa60`27acda30 fffff960`002e66d4 : 00000000`00000000 fffffa80`2735ab50 00000000`00000001 00000000`746e6647 : win32k!PFEOBJ::vFreepfdg+0xe8
fffffa60`27acda60 fffff960`002f0cb7 : 00000000`00000000 fffff900`c008f000 fffff900`c0010000 00000000`00000000 : win32k!RFONTOBJ::vDeleteRFONT+0x210
fffffa60`27acdac0 fffff960`002f0926 : 00000000`00000000 fffff900`c2bfcca0 fffff900`c0ae4010 00000000`00000000 : win32k!vRestartKillRFONTList+0xab
fffffa60`27acdb10 fffff960`00275c79 : 00000000`00000000 00000000`00000001 fffffa80`235762b0 fffff900`00000002 : win32k!PFTOBJ::bUnloadWorkhorse+0x196
fffffa60`27acdb90 fffff960`002978e2 : fffffa80`2800a060 fffff900`c0b932a0 fffffa60`27acdca0 00000000`7457c444 : win32k!GreRemoveFontMemResourceEx+0xad
fffffa60`27acdbf0 fffff800`01a64173 : fffffa80`2800a060 fffffa60`27acdca0 00000000`7ee9f000 fffffa80`25803040 : win32k!NtGdiRemoveFontMemResourceEx+0x12
fffffa60`27acdc20 00000000`74513d09 : 00000000`74513cc5 00000023`77300682 00000000`00000023 00000000`00000202 : nt!KiSystemServiceCopyEnd+0x13
00000000`1539ed48 00000000`74513cc5 : 00000023`77300682 00000000`00000023 00000000`00000202 00000000`1767d5e0 : wow64cpu!CpupSyscallStub+0x9
00000000`1539ed50 00000000`7457ab36 : 00000000`77120000 00000000`1539fd20 00000000`60c8f022 00000000`1539f450 : wow64cpu!Thunk0Arg+0x5
00000000`1539edc0 00000000`7457a13a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wow64!RunCpuSimulation+0xa
00000000`1539edf0 00000000`771847c8 : 00000000`00000000 00000000`00000000 00000000`7efdf000 00000000`00000000 : wow64!Wow64LdrpInitialize+0x4b6
00000000`1539f350 00000000`771461be : 00000000`1539f450 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x1fba1
00000000`1539f400 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+e8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5202fc4d
STACK_COMMAND: .cxr 0xfffffa6027acd1d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
Followup: MachineOwner
7: kd> lmv m win32k
start end module name
fffff960`000d0000 fffff960`00389000 win32k (pdb symbols) c:\symcache\win32k.pdb\54B8C53009264F08A9D8CF1B4B56BCDC2\win32k.pdb
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Thu Aug 08 04:02:53 2013 (5202FC4D)
CheckSum: 002B126B
ImageSize: 002B9000
File version: 6.0.6002.18912
Product version: 6.0.6002.18912
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.0.6002.18912
FileVersion: 6.0.6002.18912 (vistasp2_gdr.130807-1537)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa6027acd1d0
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=???????? -
Bear with me here as there is a lot of technical data I need to present I believe so that I can help you all help me :)
I have a Server 2012 VM Guest running on Hyper-V on a Server 2012 host.
The VM is running my main Appassure core - I have a replicated core also but am having no issues with it at all.
The Host machine has 2 XEON E5540s, for a total of 8 cores. It has 48 GB of memory.
There is also another VM guest running on this host and that is a Server 2008 R2 that is my FSMO master and has no issues whatsoever.
Both guests are running Virtual Memory with starting memory of 512 and max of 49152.
Both VMs and the host each have their own GBe dedicated NIC.
The problem 2012 VM is setup with 4 virtual processors. The Server 2008 R2 (non-problem) VM is running on 8 Virtual processors.
Since the 2012 machine is running Appassure, I have an iSCSI connection to a NAS device. This is the same setup as the replicated Appassure core in every way except that the replicated core is a physical machine.
All integration services are installed and available.
For the most part, just before each bugcheck, I get a rapid succession of around 350 errors that happen within 2 minutes, then the crash...
I won't list them all, but here are the main ones:
EVENT 12293, VSS (I get 4 of these in a row.)
Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details IVssSnapshotProvider::QueryVolumesSupportedForSnapshots(ProviderId,8388617,...) [hr = 0x8000ffff, Catastrophic failure
Operation:
Query volumes supported by this provider
Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Snapshot Context: 8388617
Event 20, iScsiPrt
Connection to the target was lost. The initiator will attempt to retry the connection.
Event 7, iScsiPrt (2 of these)
The initiator could not send an iSCSI PDU. Error status is given in the dump data
Then another 12293, VSS error
EVENT 481, ESE
AppRecovery.ExchangeCheckHost (3840) DSM_JET_INSTANCE: An attempt to read from the file "C:\ProgramData\AppRecovery\MountPoints\064ab6b0-e8e9-4862-9756-e47f19ca248f\E__\Microsoft\Exchange Server\Mailbox\First Storage Group\Mailbox Database.edb" at
offset 7934615552 (0x00000001d8f0a000) for 8192 (0x00002000) bytes failed after 30 seconds with system error 121 (0x00000079): "The semaphore timeout period has expired. ". The read operation will fail with error -1022 (0xfffffc02). If
this error persists then the file may be damaged and may need to be restored from a previous backup.
Event 419, ESE
AppRecovery.ExchangeCheckHost (3840) DSM_JET_INSTANCE: Unable to read page 968580 of database C:\ProgramData\AppRecovery\MountPoints\064ab6b0-e8e9-4862-9756-e47f19ca248f\E__\Microsoft\Exchange Server\Mailbox\First Storage Group\Mailbox Database.edb. Error -1022.
EVENT 454, ESE
AppRecovery.ExchangeCheckHost (3840) DSM_JET_INSTANCE: Database recovery/restore failed with unexpected error -1022.
I then get about 6 more of the VSS errors 12293
Then comes the motherload - a flood of Ntfs errors. Here are some examples:
EVENT 55, Ntfs
A corruption was discovered in the file system structure on volume C:\ProgramData\AppRecovery\MountPoints\064ab6b0-e8e9-4862-9756-e47f19ca248f\E__.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x800000000050e. The name of the file is "<unable to determine file name>".
EVENT 131, Ntfs
The file system structure on volume C:\ProgramData\AppRecovery\MountPoints\064ab6b0-e8e9-4862-9756-e47f19ca248f\E__ cannot be corrected.
Please run the chkdsk utility on the volume C:\ProgramData\AppRecovery\MountPoints\064ab6b0-e8e9-4862-9756-e47f19ca248f\E__.
I then get about 300 more of the EVENT 55, Ntfs errors that are all exactly the same except that they reference a different 'File Reference Number'
Then the bugcheck happens.
Now, I ran WinDBG and it pretty much gave me an answer that didn't really help all that much:
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: fffffa8305c6e040, Object whose reference count is being lowered
Arg3: 0000000000000010, Reserved
Arg4: fffffa8301d642a1, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
Page 198c7b not present in the dump file. Type ".hh dbgerr004" for details
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: Core.Service.e
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80160a0c5ae to fffff80160868440
STACK_TEXT:
fffff880`05822418 fffff801`60a0c5ae : 00000000`00000018 00000000`00000000 fffffa83`05c6e040 00000000`00000010 : nt!KeBugCheckEx
fffff880`05822420 fffff801`608c4841 : fffffa83`01b92940 00000000`00000001 fffff880`05822800 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4bfe4
fffff880`058224c0 fffff801`608ad4d1 : fffffa83`0209ab68 fffffa83`01b92940 fffffa83`00000011 fffff801`00010224 : nt!ExpWaitForResource+0xa1
fffff880`05822550 fffff880`01960447 : 00000000`00000002 00000000`00000000 fffffa83`02099180 fffffa83`075ab010 : nt!ExAcquireResourceExclusiveLite+0x1e1
fffff880`058225c0 fffff880`01960809 : fffffa83`075ab010 fffffa83`02099180 ffff8975`f1909000 00000000`00000000 : Ntfs!NtfsVerifyCorruption+0x9b
fffff880`05822670 fffff880`0183b0b4 : fffffa83`075ab010 00000000`00000000 fffffa83`02513010 00000000`00000001 : Ntfs!NtfsProcessAttachedCorruptions+0x85
fffff880`058226e0 fffff880`0183b1c6 : fffffa83`00240000 fffffa83`075ab010 00000000`00000000 fffffa83`02513010 : Ntfs!NtfsCleanupIrpContext+0x574
fffff880`05822730 fffff880`018c07aa : 00000000`00000000 fffffa83`008c7f20 00000000`c0000022 00000000`00000000 : Ntfs!NtfsExtendedCompleteRequestInternal+0xd6
fffff880`05822770 fffff880`019276fb : fffffa83`075ab010 fffff8a0`01ff0e00 00000000`00000000 00000000`00000000 : Ntfs!NtfsLockVolume+0x2e9
fffff880`05822830 fffff880`01926f06 : fffffa83`02513010 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsUserFsRequest+0x547
fffff880`05822870 fffff880`00a83845 : fffffa83`04abb5c0 fffff801`60c40cc5 fffffa83`025131b8 fffffa83`02513010 : Ntfs!NtfsFsdFileSystemControl+0x126
fffff880`05822970 fffff801`60c3d6c7 : fffffa83`025131b8 fffffa83`02513010 fffff880`05822cc0 fffff880`02c62180 : fltmgr!FltpFsControl+0x165
fffff880`058229d0 fffff801`60c58fa6 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x7e5
fffff880`05822b60 fffff801`60867453 : 00000000`4273b7f8 00000000`4273b1e0 00000000`0807c568 00000001`80994dc8 : nt!NtFsControlFile+0x56
fffff880`05822bd0 000007fa`02ad2f7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`4273b198 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fa`02ad2f7a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4bfe4
fffff801`60a0c5ae cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4bfe4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5165e551
BUCKET_ID_FUNC_OFFSET: 4bfe4
FAILURE_BUCKET_ID: 0x18_nt!_??_::FNODOBFM::_string_
BUCKET_ID: 0x18_nt!_??_::FNODOBFM::_string_
Followup: MachineOwner
If you have made it this far, I thank you. I really have no idea where to go with this and am worried because obviously it involves my main backup so any help would be greatly appreciated.
It should be said that I am also creating a backup of this actual machine from within the machine itself, using AppAssure. Not sure why that matters much except that I am guessing the VSS errors are referring to the actual machine itself - not a protected external
machine.
Thanks again!
MikeI have done a chkdsk on our core and it still pulled this error today. It gives the 474 error:
Description: AppRecovery.ExchangeCheckHost (5648) DSM_JET_INSTANCE: The database page read from the file "C:\ProgramData\AppRecovery\MountPoints\6b27d60b-b8b3-4f79-9a4c-82ef68e71cba\H__\Microsoft\Exchange\IDP-EX01-JRNL1\IDP-EX01-JRNL1.edb" at offset 63335301120
(0x0000000ebf140000) (database page 1932839 (0x1D7E27)) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [714d714d506b3ced:6b1894e799aebc30:ed5612a95c689a54:cbbd3442bc4760a4] and the actual checksum
was [8fad7052506b3ced:6b1894e799ac3638:ed5612a95c6a105c:cbbd3442bc45eaac]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely
due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. -
Hello Guys,
I hope someone can help me with this error. I have been searching from forums but typically, causes and resolutions are generalized. This is the first time it happened on our Win 2008 Server and we have not installed any (hardware/Software/Drivers)
for the past 3 years.
We do install monthly security patches and that is it... This server of ours is running on VM (VMWARE).
I hope you can shed light as I do not understand crash dumps..
Thank you
===============================
Opened log file 'c:\debuglogrlo.txt'
3: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
3: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e3045048, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 819c02bf, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
READ_ADDRESS: e3045048
FAULTING_IP:
nt!CmpCheckKey+61b
819c02bf 394724 cmp dword ptr [edi+24h],eax
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) x86fre
TRAP_FRAME: 8d9bf9ec -- (.trap 0xffffffff8d9bf9ec)
.trap 0xffffffff8d9bf9ec
ErrCode = 00000000
eax=00000000 ebx=cecec024 ecx=3162f75f edx=00000035 esi=b52b1940 edi=e3045024
eip=819c02bf esp=8d9bfa60 ebp=8d9bfa8c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!CmpCheckKey+0x61b:
819c02bf 394724 cmp dword ptr [edi+24h],eax ds:0023:e3045048=????????
.trap
Resetting default scope
LAST_CONTROL_TRANSFER: from 81891de4 to 818dc292
STACK_TEXT:
8d9bf9d4 81891de4 00000000 e3045048 00000000 nt!MmAccessFault+0x10b
8d9bf9d4 819c02bf 00000000 e3045048 00000000 nt!KiTrap0E+0xdc
8d9bfa8c 819c681a 01000001 009c4020 009c3f70 nt!CmpCheckKey+0x61b
8d9bfabc 819c6e48 b52b1940 01000001 00000006 nt!CmpCheckRegistry2+0x8c
8d9bfb04 819c186e 01000001 8d9bfc60 80002f38 nt!CmCheckRegistry+0xf5
8d9bfb60 819c3fdd 8d9bfbb4 00000005 00000000 nt!CmpInitializeHive+0x4c1
8d9bfbd8 819c627d 8d9bfc60 00000000 8d9bfc4c nt!CmpInitHiveFromFile+0x19e
8d9bfc18 819bc4c5 8d9bfc60 00000000 8d9bfc7b nt!CmpCmdHiveOpen+0x36
8d9bfd14 819bc6fa 00000002 8193c5a0 00000002 nt!CmpFlushBackupHive+0x2fd
8d9bfd38 81a9bcbd 8194613c 84da3020 818e9d4a nt!CmpSyncBackupHives+0x90
8d9bfd44 818e9d4a 00000000 00000000 84da3020 nt!CmpPeriodicBackupFlushWorker+0x32
8d9bfd7c 81a1a01c 00000000 bcf90a9f 00000000 nt!ExpWorkerThread+0xfd
8d9bfdc0 81882eee 818e9c4d 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CmpCheckKey+61b
819c02bf 394724 cmp dword ptr [edi+24h],eax
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!CmpCheckKey+61b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 51da1840
IMAGE_VERSION: 6.0.6002.18881
FAILURE_BUCKET_ID: 0x50_nt!CmpCheckKey+61b
BUCKET_ID: 0x50_nt!CmpCheckKey+61b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x50_nt!cmpcheckkey+61b
FAILURE_ID_HASH: {b0c48432-dfba-c9e0-33fc-874f17d1f0e6}
Followup: MachineOwner
eax=8d948120 ebx=00000000 ecx=81944200 edx=000003f0 esi=8d94813c edi=00000000
eip=818dc292 esp=8d9bf960 ebp=8d9bf9d4 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!MmAccessFault+0x10b:
818dc292 8b03 mov eax,dword ptr [ebx] ds:0023:00000000=????????
ChildEBP RetAddr Args to Child
8d9bf9d4 81891de4 00000000 e3045048 00000000 nt!MmAccessFault+0x10b
8d9bf9d4 819c02bf 00000000 e3045048 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8d9bf9ec)
8d9bfa8c 819c681a 01000001 009c4020 009c3f70 nt!CmpCheckKey+0x61b
8d9bfabc 819c6e48 b52b1940 01000001 00000006 nt!CmpCheckRegistry2+0x8c
8d9bfb04 819c186e 01000001 8d9bfc60 80002f38 nt!CmCheckRegistry+0xf5
8d9bfb60 819c3fdd 8d9bfbb4 00000005 00000000 nt!CmpInitializeHive+0x4c1
8d9bfbd8 819c627d 8d9bfc60 00000000 8d9bfc4c nt!CmpInitHiveFromFile+0x19e
8d9bfc18 819bc4c5 8d9bfc60 00000000 8d9bfc7b nt!CmpCmdHiveOpen+0x36
8d9bfd14 819bc6fa 00000002 8193c5a0 00000002 nt!CmpFlushBackupHive+0x2fd
8d9bfd38 81a9bcbd 8194613c 84da3020 818e9d4a nt!CmpSyncBackupHives+0x90
8d9bfd44 818e9d4a 00000000 00000000 84da3020 nt!CmpPeriodicBackupFlushWorker+0x32 (FPO: [1,0,2])
8d9bfd7c 81a1a01c 00000000 bcf90a9f 00000000 nt!ExpWorkerThread+0xfd
8d9bfdc0 81882eee 818e9c4d 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
8060e000 80615000 kdcom kdcom.dll Sat Apr 11 14:25:29 2009 (49E037D9)
80615000 80685000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Apr 11 14:23:19 2009 (49E03757)
80685000 80696000 PSHED PSHED.dll Sat Apr 11 14:25:32 2009 (49E037DC)
80696000 8069e000 BOOTVID BOOTVID.dll Sat Jan 19 15:27:15 2008 (4791A653)
8069e000 806df000 CLFS CLFS.SYS Sat Apr 11 12:13:51 2009 (49E018FF)
806df000 807bf000 CI CI.dll Sat Apr 11 14:25:22 2009 (49E037D2)
807d7000 807e5000 WDFLDR WDFLDR.SYS Thu Jul 26 10:36:38 2012 (5010AD36)
807e5000 807fc000 dfsc dfsc.sys Thu Apr 14 22:59:03 2011 (4DA70BB7)
81811000 81844000 hal halmacpi.dll Sat Apr 11 12:13:13 2009 (49E018D9)
81844000 81bfe000 nt ntkrpamp.exe Mon Jul 08 09:39:12 2013 (51DA1840)
81e01000 81f0c000 NDIS NDIS.SYS Sat Apr 11 12:45:52 2009 (49E02080)
81f0c000 81f37000 msrpc msrpc.sys Sat Apr 11 12:37:32 2009 (49E01E8C)
81f37000 81f72000 NETIO NETIO.SYS Sat Apr 11 12:46:21 2009 (49E0209D)
81f72000 81ff3000 Wdf01000 Wdf01000.sys Sat Jun 22 10:29:37 2013 (51C50C11)
8c805000 8c84b000 acpi acpi.sys Sat Apr 11 12:19:03 2009 (49E01A37)
8c84b000 8c854000 WMILIB WMILIB.SYS Sat Jan 19 13:53:08 2008 (47919044)
8c854000 8c85c000 msisadrv msisadrv.sys Sat Jan 19 13:32:51 2008 (47918B83)
8c85c000 8c883000 pci pci.sys Sat Apr 11 12:19:16 2009 (49E01A44)
8c883000 8c892000 partmgr partmgr.sys Sat Apr 11 12:39:19 2009 (49E01EF7)
8c892000 8c894900 compbatt compbatt.sys Sat Jan 19 13:32:47 2008 (47918B7F)
8c895000 8c89f000 BATTC BATTC.SYS Sat Jan 19 13:32:45 2008 (47918B7D)
8c89f000 8c8ae000 volmgr volmgr.sys Sat Jan 19 13:49:51 2008 (47918F7F)
8c8ae000 8c8f8000 volmgrx volmgrx.sys Sat Apr 11 12:39:25 2009 (49E01EFD)
8c8f8000 8c8ff000 intelide intelide.sys Sat Jan 19 13:49:42 2008 (47918F76)
8c8ff000 8c90d000 PCIIDEX PCIIDEX.SYS Sat Apr 11 12:39:09 2009 (49E01EED)
8c90d000 8c91cb80 vmci vmci.sys Tue May 01 09:12:40 2012 (4F9F3888)
8c91d000 8c92d000 mountmgr mountmgr.sys Sat Jan 19 13:49:13 2008 (47918F59)
8c92d000 8c93a580 vsock vsock.sys Sat Sep 29 12:59:03 2012 (50668017)
8c93b000 8c943000 atapi atapi.sys Sat Apr 11 12:39:09 2009 (49E01EED)
8c943000 8c961000 ataport ataport.SYS Sat Apr 11 12:39:10 2009 (49E01EEE)
8c961000 8c979000 lsi_sas lsi_sas.sys Sat Jun 30 09:01:01 2007 (4685AB4D)
8c979000 8c9ba000 storport storport.sys Sat Apr 11 12:39:19 2009 (49E01EF7)
8c9ba000 8c9ec000 fltmgr fltmgr.sys Sat Apr 11 12:13:59 2009 (49E01907)
8ca0d000 8ca6c000 SYMDS SYMDS.SYS Tue Jul 24 06:57:53 2012 (500DD6F1)
8ca6c000 8ca95000 vsepflt vsepflt.sys Tue Oct 30 18:37:14 2012 (508FADDA)
8ca95000 8cb7d000 SYMEFA SYMEFA.SYS Thu Oct 04 02:59:21 2012 (506C8B09)
8cb7d000 8cbef000 ksecdd ksecdd.sys Sat Jun 02 05:56:07 2012 (4FC93A77)
8cc0a000 8ccf4000 tcpip tcpip.sys Fri Jul 05 10:08:19 2013 (51D62A93)
8ccf4000 8cd0f000 fwpkclnt fwpkclnt.sys Sat Apr 11 12:45:42 2009 (49E02076)
8cd0f000 8cd16e00 storflt storflt.sys Sun Nov 18 10:29:44 2007 (473FA398)
8cd17000 8cd2a000 i8042prt i8042prt.sys Sat Jan 19 13:49:17 2008 (47918F5D)
8cd2a000 8cd35000 mouclass mouclass.sys Sat Jan 19 13:49:14 2008 (47918F5A)
8cd35000 8cd4d000 parport parport.sys Sat Jan 19 13:49:32 2008 (47918F6C)
8cd4d000 8cd67000 serial serial.sys Sat Jan 19 13:49:34 2008 (47918F6E)
8cd67000 8cd71000 serenum serenum.sys Sat Jan 19 13:49:29 2008 (47918F69)
8cd71000 8cd7c000 fdc fdc.sys Sat Jan 19 13:49:37 2008 (47918F71)
8cd7c000 8cd94000 cdrom cdrom.sys Sat Apr 11 12:39:17 2009 (49E01EF5)
8cd94000 8cdc2000 vm3dmp vm3dmp.sys Fri Oct 19 02:55:17 2012 (50805095)
8cdc2000 8cdd8000 tdx tdx.sys Sat Apr 11 12:45:56 2009 (49E02084)
8cdd8000 8cdf6000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Oct 10 04:46:53 2013 (5255C0BD)
8ce09000 8cf19000 Ntfs Ntfs.sys Sun Mar 03 05:02:58 2013 (51326902)
8cf19000 8cf52000 volsnap volsnap.sys Thu Aug 16 21:53:34 2012 (502CFB5E)
8cf52000 8cf5a000 spldr spldr.sys Fri Jun 22 08:29:17 2007 (467B17DD)
8cf5a000 8cf69000 mup mup.sys Sat Apr 11 12:14:12 2009 (49E01914)
8cf69000 8cf7a000 disk disk.sys Sat Apr 11 12:39:14 2009 (49E01EF2)
8cf7a000 8cf9b000 CLASSPNP CLASSPNP.SYS Sat Apr 11 12:39:05 2009 (49E01EE9)
8cf9b000 8cfab000 agp440 agp440.sys Sat Jan 19 13:32:49 2008 (47918B81)
8cfab000 8cfb4000 crcdisk crcdisk.sys Sat Jan 19 13:50:29 2008 (47918FA5)
8cfe3000 8cfee000 tunnel tunnel.sys Sat Jan 19 13:55:50 2008 (479190E6)
8cfee000 8cff9000 kbdclass kbdclass.sys Sat Jan 19 13:49:14 2008 (47918F5A)
8cff9000 8cffa380 vmmouse vmmouse.sys Mon Jun 04 17:15:28 2012 (4FCC7CB0)
92404000 924a4000 dxgkrnl dxgkrnl.sys Thu Aug 01 09:31:36 2013 (51F9BA78)
924a4000 924b0000 watchdog watchdog.sys Sat Apr 11 12:22:43 2009 (49E01B13)
924b0000 924cd000 E1G60I32 E1G60I32.sys Wed Aug 08 00:14:13 2007 (46B89A55)
924cd000 924d0780 CmBatt CmBatt.sys Sat Jan 19 13:32:47 2008 (47918B7F)
924d1000 924e0000 intelppm intelppm.sys Sat Jan 19 13:27:20 2008 (47918A38)
924e0000 924e0c80 lmimirr lmimirr.sys Wed Apr 11 06:32:11 2007 (461C106B)
924e1000 92502000 VIDEOPRT VIDEOPRT.SYS Sat Jan 19 13:52:10 2008 (4791900A)
92502000 92531000 msiscsi msiscsi.sys Sat Apr 11 12:40:07 2009 (49E01F27)
92531000 9253c000 TDI TDI.SYS Sat Jan 19 13:57:10 2008 (47919136)
9253c000 92553000 rasl2tp rasl2tp.sys Sat Jan 19 13:56:33 2008 (47919111)
92553000 9255e000 ndistapi ndistapi.sys Sat Jan 19 13:56:24 2008 (47919108)
9255e000 92581000 ndiswan ndiswan.sys Sat Apr 11 12:46:31 2009 (49E020A7)
92581000 92590000 raspppoe raspppoe.sys Sat Apr 11 12:46:30 2009 (49E020A6)
92590000 925a4000 raspptp raspptp.sys Sat Jan 19 13:56:34 2008 (47919112)
925a4000 925b9000 rassstp rassstp.sys Sat Apr 11 12:46:40 2009 (49E020B0)
925b9000 925e3000 SYMEVENT SYMEVENT.SYS Wed Aug 22 13:32:47 2012 (50346EFF)
925e3000 925f1000 Npfs Npfs.SYS Sat Apr 11 12:14:01 2009 (49E01909)
92a0a000 92a93000 rdpdr rdpdr.sys Sat Apr 11 12:52:32 2009 (49E02210)
92a93000 92aa3000 termdd termdd.sys Sat Apr 11 12:51:14 2009 (49E021C2)
92aa3000 92aa4380 swenum swenum.sys Sat Jan 19 13:49:20 2008 (47918F60)
92aa5000 92acf000 ks ks.sys Sat Apr 11 12:38:47 2009 (49E01ED7)
92acf000 92ad9000 mssmbios mssmbios.sys Sat Jan 19 13:32:55 2008 (47918B87)
92ad9000 92ae6000 umbus umbus.sys Sat Jan 19 13:53:40 2008 (47919064)
92ae6000 92af0000 flpydisk flpydisk.sys Sat Jan 19 13:49:37 2008 (47918F71)
92af0000 92b01000 NDProxy NDProxy.SYS Sat Jan 19 13:56:28 2008 (4791910C)
92b01000 92b25000 ccSetx86 ccSetx86.sys Fri Aug 17 05:15:38 2012 (502D62FA)
92b25000 92bb8000 SRTSP SRTSP.SYS Fri Nov 02 04:14:38 2012 (5092D82E)
92bb8000 92bc8000 SRTSPX SRTSPX.SYS Wed Nov 16 06:27:18 2011 (4EC2E746)
92bc8000 92bf5000 Ironx86 Ironx86.SYS Tue Jul 24 08:34:17 2012 (500DED89)
93600000 93609000 rasacd rasacd.sys Sat Jan 19 13:56:31 2008 (4791910F)
93609000 93790e00 NAVEX15 NAVEX15.SYS Fri Aug 23 03:57:57 2013 (52166D45)
937a9000 937b7000 SymEPSecFlt SymEPSecFlt.sys Wed Mar 14 22:36:50 2012 (4F60AD02)
937b7000 937c0000 Fs_Rec Fs_Rec.SYS Wed Feb 29 21:32:36 2012 (4F4E28F4)
937c0000 937c7000 Null Null.SYS Sat Jan 19 13:49:12 2008 (47918F58)
937c7000 937ce000 Beep Beep.SYS Sat Jan 19 13:49:10 2008 (47918F56)
937ce000 937d5980 vmrawdsk vmrawdsk.sys Sat Mar 23 22:24:00 2013 (514DBB00)
937d6000 937e2000 vga vga.sys Sat Jan 19 13:52:06 2008 (47919006)
937e2000 937ea000 RDPCDD RDPCDD.sys Sat Jan 19 14:01:08 2008 (47919224)
937ea000 937f2000 rdpencdd rdpencdd.sys Sat Jan 19 14:01:09 2008 (47919225)
937f2000 937fd000 Msfs Msfs.SYS Sat Jan 19 13:28:08 2008 (47918A68)
97c0d000 97c69000 SYMTDIV SYMTDIV.SYS Sat Jul 21 10:01:00 2012 (500A0D5C)
97c69000 97c7d000 smb smb.sys Sat Apr 11 12:45:22 2009 (49E02062)
97c7d000 97cc5000 afd afd.sys Thu Apr 21 21:58:25 2011 (4DB03801)
97cc5000 97cf7000 netbt netbt.sys Sat Apr 11 12:45:35 2009 (49E0206F)
97cf7000 97d00000 ws2ifsl ws2ifsl.sys Sat Jan 19 13:56:49 2008 (47919121)
97d00000 97d16000 pacer pacer.sys Sat Apr 11 12:45:51 2009 (49E0207F)
97d16000 97d24000 netbios netbios.sys Sat Jan 19 13:55:45 2008 (479190E1)
97d24000 97d46700 vmhgfs vmhgfs.sys Sat Mar 23 22:17:43 2013 (514DB987)
97d47000 97d5a000 wanarp wanarp.sys Sat Jan 19 13:56:31 2008 (4791910F)
97d5a000 97d96000 rdbss rdbss.sys Sat Apr 11 12:14:26 2009 (49E01922)
97d96000 97da0000 nsiproxy nsiproxy.sys Sat Jan 19 13:55:50 2008 (479190E6)
97da0000 97dff000 eeCtrl eeCtrl.sys Thu Oct 10 04:46:53 2013 (5255C0BD)
9800e000 9811d000 BHDrvx86 BHDrvx86.sys Fri Mar 14 10:34:18 2014 (53226AAA)
9811d000 9812a000 crashdmp crashdmp.sys Sat Apr 11 12:39:12 2009 (49E01EF0)
9812a000 98134000 dump_diskdump dump_diskdump.sys Sat Apr 11 12:39:11 2009 (49E01EEF)
98134000 9814c000 dump_LSI_SAS dump_LSI_SAS.sys Sat Jun 30 09:01:01 2007 (4685AB4D)
9814c000 98156000 Dxapi Dxapi.sys Sat Jan 19 13:36:12 2008 (47918C4C)
98156000 98165000 monitor monitor.sys Sat Jan 19 13:52:19 2008 (47919013)
98165000 98180000 luafv luafv.sys Sat Jan 19 13:30:35 2008 (47918AFB)
98180000 981ab000 ofant ofant.sys Tue Nov 22 03:55:32 2011 (4ECAACB4)
981ab000 981b5000 LMIRfsDriver LMIRfsDriver.sys Tue Jul 15 00:26:22 2008 (487B7E2E)
9d440000 9d646000 win32k win32k.sys Fri Feb 07 18:38:29 2014 (52F4B7A5)
9d660000 9d669000 TSDDD TSDDD.dll Sat Jan 19 14:01:09 2008 (47919225)
9d680000 9d68e000 cdd cdd.dll Thu Aug 01 10:49:32 2013 (51F9CCBC)
a0606000 a06b6000 spsys spsys.sys Wed Mar 11 01:10:28 2009 (49B69F04)
a06b6000 a06c6000 lltdio lltdio.sys Sat Jan 19 13:55:03 2008 (479190B7)
a06c6000 a06d9000 rspndr rspndr.sys Sat Jan 19 13:55:03 2008 (479190B7)
a06d9000 a06f2000 bowser bowser.sys Tue Feb 22 21:23:54 2011 (4D63B8EA)
a06f2000 a0713000 mrxdav mrxdav.sys Sat Apr 11 12:14:39 2009 (49E0192F)
a0713000 a0732000 mrxsmb mrxsmb.sys Fri Apr 29 21:24:39 2011 (4DBABC17)
a0732000 a076b000 mrxsmb10 mrxsmb10.sys Wed Jul 06 23:31:46 2011 (4E147FE2)
a076b000 a0783000 mrxsmb20 mrxsmb20.sys Fri Apr 29 21:24:41 2011 (4DBABC19)
a0783000 a07f0000 HTTP HTTP.sys Sun Feb 21 04:53:31 2010 (4B804BCB)
a07f0000 a07f7000 parvdm parvdm.sys Sat Jan 19 13:49:28 2008 (47918F68)
a07f7000 a07f9080 vmmemctl vmmemctl.sys Sat Mar 23 22:23:46 2013 (514DBAF2)
a07fa000 a07fb800 RaInfo RaInfo.sys Sat Jan 05 02:57:12 2008 (477E8188)
a4808000 a48e6000 peauth peauth.sys Mon Oct 23 16:55:32 2006 (453C8384)
a48e6000 a48f0000 secdrv secdrv.SYS Wed Sep 13 21:18:32 2006 (45080528)
a48f0000 a490d000 srvnet srvnet.sys Fri Apr 29 21:25:08 2011 (4DBABC34)
a490d000 a4919000 tcpipreg tcpipreg.sys Wed Dec 09 01:26:18 2009 (4B1E8C3A)
a4919000 a491ce80 vstor2_mntapi10_shared vstor2-mntapi10-shared.sys Fri Nov 05 02:33:35 2010 (4CD2FC7F)
a491d000 a4945000 srv2 srv2.sys Fri Apr 29 21:25:09 2011 (4DBABC35)
a4945000 a4994000 srv srv.sys Fri Feb 18 22:03:28 2011 (4D5E7C30)
a4994000 a49aa000 cdfs cdfs.sys Sat Jan 19 13:28:02 2008 (47918A62)
a49aa000 a49b3000 asyncmac asyncmac.sys Sat Jan 19 13:56:29 2008 (4791910D)
a49b3000 a49c3000 fileinfo fileinfo.sys Sat Jan 19 13:34:27 2008 (47918BE3)
a49dd000 a49f2000 NAVENG NAVENG.SYS Fri Aug 23 03:59:23 2013 (52166D9B)
Unloaded modules:
a49c8000 a49dd000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49b3000 a49c8000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49dd000 a49f2000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49c8000 a49dd000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49b3000 a49c8000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49dd000 a49f2000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49c8000 a49dd000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
a49b3000 a49c8000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
93609000 93791000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
93794000 937a9000 NAVENG.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00015000
9360c000 93794000 NAVEX15.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00188000
8cfb4000 8cfc1000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000D000
8cfc1000 8cfcb000 dump_storport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000A000
8cfcb000 8cfe3000 dump_LSI_SAS.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00018000
807bf000 807d7000 sacdrv.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00018000
Closing open log file c:\debuglogrlo.txtHi,
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM
cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
Try the solution provided in this article:
Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023(v=vs.85).aspx
And this one:
Stop error message in Windows 7 or Windows Server 2008 R2: "Stop error code 0x0000007E (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED)" or "Stop error code 0x00000050 (PAGE_FAULT_IN_NONPAGED_AREA)"
http://support.microsoft.com/kb/979538
Hope this helps. -
In windows system events observed below bugcheck at the time of restart.
Hi,
It seems to be a system crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Unfortunately, it is not effective for us to debug the crash dump file here in the forum. I would like to suggest that you contact Microsoft
Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Hi! I've started to experience BSODs on a quite fresh, 2 week old, installation of Win7, that I'm hoping someone can help me with.
The first one was bugcheck 1A, with the following WinDbg output from minidump:
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 23f2e001, 185d9, fffff70001080000}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4ad3 )
Followup: MachineOwner
2: kd> !analyze -v
* Bugcheck Analysis *
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041284, A PTE or the working set list is corrupt.
Arg2: 0000000023f2e001
Arg3: 00000000000185d9
Arg4: fffff70001080000
Debugging Details:
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
LAST_CONTROL_TRANSFER: from fffff80002b28727 to fffff80002ad1bc0
STACK_TEXT:
fffff880`0bf2a7d8 fffff800`02b28727 : 00000000`0000001a 00000000`00041284 00000000`23f2e001 00000000`000185d9 : nt!KeBugCheckEx
fffff880`0bf2a7e0 fffff800`02b02ef0 : fffff700`01080000 dd900001`6a936867 ea900003`2a906c66 fffff680`001598d8 : nt! ?? ::FNODOBFM::`string'+0x4ad3
fffff880`0bf2a820 fffff800`02abe3df : fffffa80`00000000 00000000`240b8fff 00000000`00000000 00000000`00000000 : nt!MiDeleteVirtualAddresses+0x4e8
fffff880`0bf2a9e0 fffff800`02ad0e53 : ffffffff`ffffffff 00000000`030be2a0 00000000`030be268 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`0bf2aae0 00000000`77c2149a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`030be1d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c2149a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4ad3
fffff800`02b28727 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4ad3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035
IMAGE_VERSION: 6.1.7601.18247
FAILURE_BUCKET_ID: X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ad3
BUCKET_ID: X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ad3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1a_41284_nt!_??_::fnodobfm::_string_+4ad3
FAILURE_ID_HASH: {be05fdaa-4306-87c0-1518-88e378a4f79a}
Followup: MachineOwner
While chasing that one, I followed instructions at http://mikemstech.blogspot.com/2011/12/enable-driver-verifier-to-help-identify.html and installed verifier. When the next crash occurred (about 12 hours later), I got the following out of minidump:
4: kd> !analyze -v
* Bugcheck Analysis *
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff980a5f94a90, address trying to free
Arg2: fffff980a5f94355, address where one bit is corrupted
Arg3: 000000000023c578, (reserved)
Arg4: 0000000000000032, caller is freeing an address where nearby bytes within the same page have a single bit error
Debugging Details:
BUGCHECK_STR: 0xC1_32
SPECIAL_POOL_CORRUPTION_TYPE: 32
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
LAST_CONTROL_TRANSFER: from fffff80002b11cb3 to fffff80002a82bc0
STACK_TEXT:
fffff880`033475b8 fffff800`02b11cb3 : 00000000`000000c1 fffff980`a5f94a90 fffff980`a5f94355 00000000`0023c578 : nt!KeBugCheckEx
fffff880`033475c0 fffff800`02b8a903 : fffff6fc`c0535040 00000980`00000000 00000000`00000000 fffff980`a5f94e00 : nt!MiCheckSpecialPoolSlop+0x83
fffff880`03347600 fffff800`02bb5975 : 00000000`0000077f 00000000`4666744e ffffffff`e6c71d80 fffff980`a5f94a90 : nt!MmFreeSpecialPool+0x1d3
fffff880`03347740 fffff800`02f29a3b : fffff880`033478b0 00000000`00010282 fffff980`a5f94a90 fffff980`9eaf6e40 : nt!ExDeferredFreePool+0xf6d
fffff880`033477f0 fffff880`014c5f86 : fffff880`033478b0 00000000`00000000 fffff980`9eaf6e40 fffff980`9eaf6e40 : nt!VerifierExFreePool+0x1b
fffff880`03347820 fffff880`01442332 : fffff800`02c28280 fffff880`03347a01 fffff880`033478a1 fffff980`a5f94a90 : Ntfs!NtfsDeleteFcb+0x3f6
fffff880`03347880 fffff880`014c7a2c : fffff980`9eaf6e40 fffffa80`0ea6e180 fffff980`a5f94a90 fffff980`a5f94ed0 : Ntfs!NtfsTeardownFromLcb+0x1e2
fffff880`03347910 fffff880`0144aa52 : fffff980`9eaf6e40 fffff980`9eaf6e40 fffff980`a5f94a90 fffff800`02c28200 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`03347990 fffff880`014d72d3 : fffff980`9eaf6e40 fffff980`a5f94a90 fffff980`a5f94a90 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`033479d0 fffff880`01529d32 : fffff980`9eaf6e40 fffff980`a5f94bc0 fffff980`a5f94a90 fffffa80`0ea6e180 : Ntfs!NtfsCommonClose+0x353
fffff880`03347aa0 fffff800`02a8c261 : 00000000`00000000 fffff800`02d79101 fffffa80`0d608800 fffffa80`00000002 : Ntfs!NtfsFspCloseInternal+0x186
fffff880`03347b70 fffff800`02d1f2ea : 00000000`00000000 fffffa80`0d608850 00000000`00000080 fffffa80`0cb91240 : nt!ExpWorkerThread+0x111
fffff880`03347c00 fffff800`02a738e6 : fffff880`009b3180 fffffa80`0d608850 fffff880`009be040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03347c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiCheckSpecialPoolSlop+83
fffff800`02b11cb3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiCheckSpecialPoolSlop+83
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035
IMAGE_VERSION: 6.1.7601.18247
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xC1_32_VRF_nt!MiCheckSpecialPoolSlop+83
BUCKET_ID: X64_0xC1_32_VRF_nt!MiCheckSpecialPoolSlop+83
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xc1_32_vrf_nt!micheckspecialpoolslop+83
FAILURE_ID_HASH: {505f65de-e587-f68a-e712-37e9b5717292}
Followup: MachineOwner
At this point I'm stuck as I don't see the name of the offending driver, and can't figure out how to get one.
Please help!
Here is the link to the zip file containing both minidumps: https://onedrive.live.com/redir?resid=CF6086BD502CB79D!134&authkey=!AO5I1x3ruPUauCA&ithint=file%2c.zipLBm2sys
First we need the actual DMP file to examine (instructions below).
Second, you can change the set of drivers being examined to "all" to force the issue
Third, you may also want to run memtest to see if it is actually the RAM
We do need the actual DMP file as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
If you have any questions about the procedure please ask
If you are overclocking (pushing the components beyond their design) you should revert to default at least until the crashing is solved. If you don't
know what it is you probably are not overclocking.
Since it is more likely to be a driver please run verifier first.
1-Driver verifier (for complete directions see our wiki here)
If verifier does not find the issue we can move on to this.
2-Memtest. (You can read more about running memtest here)
Co-Authored by JMH3143
Wanikiya and Dyami--Team Zigzag -
Hi All
I formatted and installed Win8.1 (64-bit) recently on my PC but have constantly had BSOD with faults like:
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 27/11/2014 09:40:21
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC1
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8025714c975, 0xffffd001186a85f0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112714-32125-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-11-27T09:40:21.000000000Z" />
<EventRecordID>8488</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC1</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000003b (0x00000000c0000005, 0xfffff8025714c975, 0xffffd001186a85f0, 0x0000000000000000)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">112714-32125-01</Data>
</EventData>
</Event>
I've had others but this is the most recent. I ran the Nvidia scanner and loaded the video drivers it recommends (340.52). I've got two GeForce 8800GTX cards connected with SLI cable. I've tried turning SLI off as well. I also removed and re-seated the cards.
I also just replaced the RAM with another 4GB brand new from a supplier (240pin DDR2 DIMM UNBUFF.PC2 - 6400 CL6).
It crashed about once a day, totally randomly, sometimes when idle.
I zipped a copy of the DUMP file and MSINFO32 file to my OneDrive but I don't know if I need / how to share it (please advise if necessary).
I would be very grateful for a solution.
Regards
MarkOk, here is what I think. The MEMORY.DMP you provided was older and basically less helpful than what was recorded in the MSIinfo file. You are on the right track in your thinking that the crashes are related to
GeForce 8800GTX cards, so I am going to suggest an uninstall and "clean" reinstall of the current driver.
If no joy, try an older driver.
btw, apologies for the voluminous post...
25/11/2014 12:31 Windows Error Reporting Fault bucket
AV_nvlddmkm!CNvLChannelNonLegacy::pipelineGPFifoBlit, type 0
Event Name:
BlueScreen
Response:
http://wer.microsoft.com/responses/resredir.aspx?sid=10&Bucket=AV_nvlddmkm!CNvLChannelNonLegacy::pipelineGPFifoBlit&State=1&ID=e2e8a1cf-86d8-4a37-806c-7d971c8a16d6
Cab Id: e2e8a1cf-86d8-4a37-806c-7d971c8a16d6

Problem
signature:
P1: d1
P2: fffffffffffffff1
P3: 2
P4: 1
P5: fffff801ca3d1440
P6: 6_3_9600
P7: 0_0
P8:
768_1
P9: 
P10: 

Attached files:
C:\Windows\Minidump\112514-33906-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-95625-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WERCED4.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_d1_a7d30b578e595ab79ff817b74f971d37c1e8e_00000000_cab_10a9e058

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112514-33906-01
Report Status: 0
Hashed bucket:
24/11/2014 17:22 Windows Error Reporting Fault bucket AV_nvlddmkm!vblankCallback, type 0
Event Name: BlueScreen
Response:
http://wer.microsoft.com/responses/resredir.aspx?sid=10&Bucket=AV_nvlddmkm!vblankCallback&State=1&ID=f616ba0f-2c01-41f5-bfc4-82489997cecc
Cab Id: f616ba0f-2c01-41f5-bfc4-82489997cecc

Problem
signature:
P1: d1
P2: 5e
P3: 6
P4: 1
P5: fffff80075721912
P6: 6_3_9600
P7: 0_0
P8:
768_1
P9: 
P10: 

Attached files:
C:\Windows\Minidump\112314-37250-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-86718-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WER684A.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_d1_79675c223622dece3b44f5ae297e5b3f6af5349_00000000_cab_04d8b9c0

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112314-37250-01
Report Status: 0
Hashed bucket:
23/11/2014 18:03 Windows Error Reporting Fault bucket , type 0
Event Name:
BlueScreen
Response: Not available
Cab Id: 0

Problem signature:
P1: d1
P2: 5e
P3:
6
P4: 1
P5: fffff80075721912
P6: 6_3_9600
P7: 0_0
P8: 768_1
P9: 
P10: 

Attached
files:
C:\Windows\Minidump\112314-37250-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-86718-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WER684A.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_d1_79675c223622dece3b44f5ae297e5b3f6af5349_00000000_cab_0d89e73e

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112314-37250-01
Report Status: 100
Hashed bucket:
24/11/2014 17:22 Windows Error Reporting Fault bucket -421640870, type 5
Event Name:
PnPDeviceProblemCode
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2:
PCI\VEN_10DE&DEV_0191&SUBSYS_22501682&REV_A2
P3: {4d36e968-e325-11ce-bfc1-08002be10318}
P4: 0000001F
P5: BasicDisplay.sys
P6: 6.3.9600.16384
P7:
08-22-2013
P8: 
P9: 
P10: 

Attached files:
C:\Windows\Temp\DMID706.tmp.log.xml
C:\Windows\Temp\LOGD727.tmp
C:\Windows\Inf\display.inf

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_24eb8c9ed87f37eac11320981cbf81446b69288_00000000_cab_0764d745

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 54413262-6e57-11e4-824e-c58295c96ec1
Report Status: 8
Hashed bucket: adb5d63b7478974f8d85c5ec03d74566
Sorted by: Device ID
Device Id
Chip Description
Vendor Id
Vendor Name
0x0191
SIS191
0x1039
Silicon Integrated Systems
0x0191
NVIDIA GeForce 8800 GTX
0x10DE
NVIDIA
0x0660
HD Audio
0x10EC
Realtek Semiconductor Corp
0x0191
CMI 8738 8CH Sound Card
0x13F6
C-Media Electronics Inc. -
Hello,
A terminal server rebooted itself out of nowhere and I see the following error in the eventviewer:
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date:
11-9-2014 9:25:38
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVERNAME
Description:
The computer has rebooted from a bugcheck. The bugcheck was:
0x000000f4
(0x0000000000000003, 0xfffffa800a9f4130, 0xfffffa800a9f4410,
0xfffff80001be0270). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id:
091114-107781-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-11T07:25:38.000000000Z" />
<EventRecordID>450694</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>TERM-LYSIAS-02</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x000000f4 (0x0000000000000003, 0xfffffa800a9f4130, 0xfffffa800a9f4410, 0xfffff80001be0270)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">091114-107781-01</Data>
</EventData>
</Event>
Anyone who can help out here?
Thanks, RenseI analyzed the errors with BlueScreenViewer and noticed that the driver ntoskrnl.exe causes the server to reboot. A normal chkdsk or sfc /scannow couldn't find anything.
Using chkdsk /r /f gave me the following log:
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
So I can't check if this solved the problem, but I hope it did.
Rense -
Hi,
I have an issue in my with my one of my Windows 2012 Failover node. One server was rebooted unexpectedly and i found the event id 1001 BugChecks
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009e (0xfffffa8036f00980, 0x000000000000003c, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092614-45458-01.
Any solution ?
Regards
KrisHi Lotusnotes,
Please also refer to following article and check if can help you.
Why
is my Failover Clustering node blue screening with a Stop 0x0000009E?
In addition, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. You can refer to following articles
and check if can help you to analyze dump files.
Analyzing a Kernel-Mode Dump File
How to read the small memory dump file that is created by Windows if a crash occurs
Meanwhile, if this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional
can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
If any update, please feel free to let us know.
Hope this helps.
Best regards,
Justin Gu -
The computer has rebooted from a bugcheck. The bugcheck was: 0x0bad1001
I would like to know how to troubleshoot this issue.
The computer has rebooted from a bugcheck. The bugcheck was: 0x0bad1001 (0x00000000000d04fd, 0xffffd00022fb6388, 0xffffd00022fb5b90, 0xfffff803552f9916). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 070114-140796-01.
I'm not able to upload C:\WINDOWS\MEMORY.DMP because the file size is too big 1.41 GB
Any idea what is causing this proplem?
Thank in advance.Hi,
The dump file shows the message as below:
* Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck BAD1001, {d04fd, ffffd00022fb6388, ffffd00022fb5b90, fffff803552f9916}
Probably caused by : klvfs.sys ( klvfs+6044 )
Followup: MachineOwner
the klvfs.sys file is responsible for this, the file means a Kaspersky software is installed on your computer, in this case I suggest to remove this software to see the result, meanwhile I suggest to turn to Kaspersky for the compatibility with Windows 8
at:
http://support.kaspersky.com/
Regards
Wade Liu
TechNet Community Support -
I have a Virtual server that reboots several times a day with the following event:
Bugcheck Error:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000030, 0x0000000000000000, 0xfffff880009b8180, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061714-74859-01.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider
Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck"
/>
<EventID
Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated
SystemTime="2014-06-17T07:05:57.000000000Z" />
<EventRecordID>53764</EventRecordID>
<Correlation
/>
<Execution
ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CLOUDBOX17812</Computer>
<Security
/>
</System>
- <EventData>
<Data Name="param1">0x00000101 (0x0000000000000030,
0x0000000000000000, 0xfffff880009b8180, 0x0000000000000001)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">061714-74859-01</Data>
</EventData>
</Event>
Critical Kernel-Power:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider
Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated
SystemTime="2014-06-17T07:04:13.937500000Z" />
<EventRecordID>53765</EventRecordID>
<Correlation
/>
<Execution
ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>CLOUDBOX17812</Computer>
<Security
UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="BugcheckCode">257</Data>
<Data Name="BugcheckParameter1">0x30</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0xfffff880009b8180</Data>
<Data Name="BugcheckParameter4">0x1</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>
I searched on Google and most answers are about a HotFix for servers with a specific Intel Processor and Hyper-V installed, but this is a Virtual Server so Hyper-V is not installed obviously.
Any help is appreciated.
Regards,
Paul Ruedisueli
A.i Automatisering B.V.
The NetherlandsHi,
Thanks for your posting.
It seems to be system crash issue and we need to analyze the crash dump file to narrow down the root cause of the issue. Unfortunately, it is not effective for us to debug the crash dump file here in the forum.
I think you have read this kb article?
http://support.microsoft.com/kb/975530/en-au
Regards.
Vivian Wang -
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116
Every once in a while my computer will randomly hard restart its self in the middle of a game and when i check the event viewer it gives me this
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 3/18/2014 12:06:10 AM
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800d777250, 0xfffff88006d7f694, 0xffffffffc000009a, 0x0000000000000004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031814-15381-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-18T04:06:10.000000000Z" />
<EventRecordID>131951</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>GUARDIANTC-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x00000116 (0xfffffa800d777250, 0xfffff88006d7f694, 0xffffffffc000009a, 0x0000000000000004)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">031814-15381-01</Data>
</EventData>
</Event>Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription. This is a standard response I’ve written up in advance to help many people (thousands, really.)
who post their question in this forum in error, but please don’t ignore it. The links I share below I’ve collected to help you get right where you need to go with your issue.
For technical issues with Microsoft products that you would run into as an
end user of those products, one great source of info and help is
http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums are also here:
http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
For Technical issues with Microsoft products that you might have as an
IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
http://social.technet.microsoft.com/forums/en-us, and search for your product name.
For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
http://community.dynamics.com/
If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize! Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots
of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing.
If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have a forum just for you! It’s called the Where is the forum for…? forum and it’s here:
http://social.msdn.microsoft.com/forums/en-us/whatforum/
Moving to off topic.
Thanks, Mike
MSDN and TechNet Subscriptions Support <br/> Read the Subscriptions <a href="http://blogs.msdn.com/msdnsubscriptions">Blog! </a> -
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003cf33f7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041715-27750-01.
https://drive.google.com/file/d/0BzDs1bdKVqlAcU9CZ3BMY2M3Wnk5eVV0WkhFWG9kYmRsaEtz/view?usp=sharingMH
This was related to the NETwbw02.sys Intel® Wireless WiFi Link Driver from Intel Corporation. I would remove the current driver and install the newest driver available
If you continue to crash I would remove Kaspersky and use the built in defender.
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\zigza\Desktop\041715-27750-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.16384.amd64fre.winblue_rtm.130821-1623
Machine Name:
Kernel base = 0xfffff800`b7871000 PsLoadedModuleList = 0xfffff800`b7b389b0
Debug session time: Fri Apr 17 16:30:22.174 2015 (UTC - 4:00)
System Uptime: 0 days 0:00:10.822
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 0, fffff80003cf33f7}
*** WARNING: Unable to verify timestamp for NETwbw02.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwbw02.sys
Probably caused by : NETwbw02.sys ( NETwbw02+993f7 )
Followup: MachineOwner
0: kd> !analyze -v
* Bugcheck Analysis *
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80003cf33f7, address which referenced memory
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800b7bc1150
GetUlongFromAddress: unable to read from fffff800b7bc1208
0000000000000000 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
NETwbw02+993f7
fffff800`03cf33f7 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
DPC_STACK_BASE: FFFFF800B9C46FB0
TRAP_FRAME: fffff800b9c3f6b0 -- (.trap 0xfffff800b9c3f6b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00004f2ed70 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003cf33f7 rsp=fffff800b9c3f840 rbp=ffffe00004fd9890
r8=fffff800b9c3f890 r9=0000000000000000 r10=fffff800b7b62180
r11=fffff800b9c3f870 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
NETwbw02+0x993f7:
fffff800`03cf33f7 488b09 mov rcx,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800b79ccbe9 to fffff800b79c10a0
STACK_TEXT:
fffff800`b9c3f568 fffff800`b79ccbe9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`b9c3f570 fffff800`b79cb43a : 00000000`00000000 00000000`00000000 ffff4ce4`1dc3da00 fffff800`b9c3f6b0 : nt!KiBugCheckDispatch+0x69
fffff800`b9c3f6b0 fffff800`03cf33f7 : 00000000`00000285 00000000`00000000 00000000`00000000 ffffe000`05be4ca0 : nt!KiPageFault+0x23a
fffff800`b9c3f840 00000000`00000285 : 00000000`00000000 00000000`00000000 ffffe000`05be4ca0 fffff800`03e62df0 : NETwbw02+0x993f7
fffff800`b9c3f848 00000000`00000000 : 00000000`00000000 ffffe000`05be4ca0 fffff800`03e62df0 ffffe000`04fd9540 : 0x285
STACK_COMMAND: kb
FOLLOWUP_IP:
NETwbw02+993f7
fffff800`03cf33f7 488b09 mov rcx,qword ptr [rcx]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETwbw02+993f7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETwbw02
IMAGE_NAME: NETwbw02.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52a09c3a
FAILURE_BUCKET_ID: AV_NETwbw02+993f7
BUCKET_ID: AV_NETwbw02+993f7
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_netwbw02+993f7
FAILURE_ID_HASH: {1e0ec353-2360-690e-9374-7a77832276f2}
Followup: MachineOwner
Wanikiya and Dyami--Team Zigzag -
I had the following issue on Windows Server 2008 R2 Enterprise. I want to know if it's relarted with a specific driver in orider to avoid this happend again.
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffff80000003, 0xfffff80001a8d016, 0xfffff880029eb788, 0xfffff880029eafe0). A dump was saved
in: C:WindowsMEMORY.DMP. Report Id: .
The dump is uploaded to the following skydrive link:
https://skydrive.live.com/?cid=FE2E04A1A3CB9D1D&id=FE2E04A1A3CB9D1D%21150
Please Could someone help me to know to witch is related?
Regards.
Juan.thanks a lot for the answer!
the expeption code of the bugcheck is the following:
0x80000002: STATUS_DATATYPE_MISALIGNMENT indicates an unaligned data reference was encountered
I'm checking the drivers...maybe is related with some drivers installed in the system.
Is there any way to check the dump and confirm to witch driver is related?
Regards.
Juan.
Maybe you are looking for
-
How do i install mac os x v10.6 so I can update itunes for my iphone 5
So I have an older white macbook. I am using mac os x v10.5.8. I need to update my os version to 10.6 so I can install the newer version of itunes in order to plug my iphone 5 into itunes. I can't seem to find the 10.6 download. Please help.
-
ALV_GRID- check_changed_data not working properly?
DEV experts: In the PAI of my dialog screen (where I have an editable OO ALV): This code works when my table behind the alv is already populated, however, when it isn't populated and I put new values in and hit save. DATA : wl_refresh TYPE c VALUE 'X
-
550 5.7.1 Message rejected due to content restrictions
We're using forefront protection for exchange 2010 and every once in a while the Cloudmark anti-spam signatures will block important clients from sending us email. Reporting the emails to [email protected] doesn't always get the issue resolved, but w
-
Error when opening column of report region after upgrading app to APEX 3.1
Hi, I upgraded my application to APEX 3.1 and when trying to open a column of report region i get the following msg: ORA-20505: Error in DML: p_rowid=6290155934197181, p_alt_rowid=ID, p_rowid2=1478511314274023, p_alt_rowid2=SECURITY_GROUP_ID. ORA-205
-
pls help me to solve the following queries. will the swings work same as that of windows if not what i'm supposed to do pls tell me. then will j2se1.4 and j2ee1.3.1 works along with Linux thank you saju.m