Hallo,
ein Kumpel von mir hat letztens ein paar neue Hardware teile in seinen Pc eingebaut. Leider hat es dann ca. 2 Tage später mit Bluescreens angefangen. Da ich aus den Crashdumps nicht wirklich schlau werde wollte ich mal hier um Hilfe bitten.
Hardware:
Hardware:
ASRock 970 Extreme4, 970 (dual PC3-14900U DDR3) (neu)
Xigmatek Gaia SD1283 (neu)
AMD Phenom II X4 960T Black Edition, 4x 3.00GHz, boxed (neu)
Geforce 8600 (soll noch in 2-3 Monaten nachgerüstet werden)
Corsair ValueSelect DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333) (neu)
Win7 Ultimate x64
500 Watt Netzteil
Bluescreens:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffffa80096aab60
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002d39f73 to fffff80002cd6c40
STACK_TEXT:
fffff880`0a7ba218 fffff800`02d39f73 : 00000000`000000c4 00000000`00000091 00000000`00000002 fffffa80`096aab60 : nt!KeBugCheckEx
fffff880`0a7ba220 fffff880`0168c202 : fffff880`0168ba60 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1f123
fffff880`0a7ba300 fffff880`015770eb : fffffa80`0891e460 00000000`00000000 fffffa80`085911a0 fffffa80`09c16000 : tcpip!FlReceiveNetBufferListChain+0xb2
fffff880`0a7ba370 fffff880`01540ad6 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff880`0a7ba3e0 fffff880`014b9cc1 : fffffa80`085911a0 00000000`00000002 00000000`00000001 00000000`00003404 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff880`0a7ba860 fffff880`06e21170 : fffffa80`088cc000 fffffa80`08baa0c0 fffffa80`088cc620 00000000`00000000 : ndis!NdisMIndicateReceiveNetBufferLists+0xc1
fffff880`0a7ba8b0 fffffa80`088cc000 : fffffa80`08baa0c0 fffffa80`088cc620 00000000`00000000 00000000`00000001 : Rt64win7+0x16170
fffff880`0a7ba8b8 fffffa80`08baa0c0 : fffffa80`088cc620 00000000`00000000 00000000`00000001 00001f80`0000020b : 0xfffffa80`088cc000
fffff880`0a7ba8c0 fffffa80`088cc620 : 00000000`00000000 00000000`00000001 00001f80`0000020b 00000000`00000000 : 0xfffffa80`08baa0c0
fffff880`0a7ba8c8 00000000`00000000 : 00000000`00000001 00001f80`0000020b 00000000`00000000 00000001`00000001 : 0xfffffa80`088cc620
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt64win7+16170
fffff880`06e21170 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: Rt64win7+16170
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt64win7
IMAGE_NAME: Rt64win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4db07445
FAILURE_BUCKET_ID: X64_0xc4_91_Rt64win7+16170
BUCKET_ID: X64_0xc4_91_Rt64win7+16170
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88009392238
Arg3: fffff88009391a90
Arg4: fffff80002cee7a5
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88009392238 -- (.exr 0xfffff88009392238)
ExceptionAddress: fffff80002cee7a5 (nt!MmUnmapViewInSystemCache+0x00000000000000c5)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88009391a90 -- (.cxr 0xfffff88009391a90)
rax=0000058000000000 rbx=fffffa80080e8610 rcx=fffff68000000000
rdx=0000000fffffffff rsi=0000000000000000 rdi=fffff6fcc00df600
rip=fffff80002cee7a5 rsp=fffff88009392470 rbp=fffffa8009c88760
r8=0000000000000000 r9=fffff9801bec0000 r10=fffffa80091aa8d8
r11=ffbff8a008b91ce0 r12=0000000000000000 r13=0000000000000000
r14=fffffa8005528c40 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!MmUnmapViewInSystemCache+0xc5:
fffff800`02cee7a5 498b4328 mov rax,qword ptr [r11+28h] ds:002b:ffbff8a0`08b91d08=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efd100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsDeleteInternalAttributeStream+ea
fffff880`0110f182 48397b10 cmp qword ptr [rbx+10h],rdi
FAULTING_IP:
nt!MmUnmapViewInSystemCache+c5
fffff800`02cee7a5 498b4328 mov rax,qword ptr [r11+28h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80002fdbc39 to fffff80002cee7a5
STACK_TEXT:
fffff880`09392470 fffff800`02fdbc39 : fffff980`1bec0000 ffbff8a0`08b91ce0 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemCache+0xc5
fffff880`09392750 fffff800`02cee42b : 00000000`00000000 fffffa80`06d1abb0 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0x5d
fffff880`09392790 fffff800`02d0fa08 : fffff8a0`08401701 fffffa80`09abb070 fffffa80`09f55a00 00000000`00000000 : nt!CcUnmapVacbArray+0x1bb
fffff880`09392820 fffff800`02ce46f9 : fffffa80`09f55a80 fffffa80`080e8610 fffffa80`09abb070 00000000`00000000 : nt!CcDeleteSharedCacheMap+0x154
fffff880`09392880 fffff880`0110f182 : fffffa80`095f5180 fffff8a0`07c33140 00000000`00000001 00000000`00000000 : nt!CcUninitializeCacheMap+0x389
fffff880`09392900 fffff880`010dfd42 : 00000000`00000000 fffff800`02e6b200 00000000`00000001 fffff8a0`07c33140 : Ntfs!NtfsDeleteInternalAttributeStream+0xea
fffff880`09392950 fffff880`0105885c : fffff8a0`07c33040 fffff8a0`07c33140 fffff800`02e6b200 fffff8a0`08420b70 : Ntfs!NtfsRemoveScb+0xe2
fffff880`09392990 fffff880`01057a3f : fffff8a0`07c33010 fffff800`02e6b260 fffff880`09392b01 fffffa80`0794e940 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`093929c0 fffff880`010dd63c : fffffa80`0794e940 fffffa80`095f5180 fffff8a0`08420b40 fffff8a0`08420ed8 : Ntfs!NtfsTeardownFromLcb+0x2af
fffff880`09392a50 fffff880`0105f0e2 : fffffa80`0794e940 fffffa80`0794e940 fffff8a0`08420b40 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`09392ad0 fffff880`010ed193 : fffffa80`0794e940 fffff800`02e6b260 fffff8a0`08420b40 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`09392b10 fffff880`010dc357 : fffffa80`0794e940 fffff8a0`08420c70 fffff8a0`08420b40 fffffa80`095f5180 : Ntfs!NtfsCommonClose+0x353
fffff880`09392be0 fffff800`02cd5001 : 00000000`00000000 fffff800`02fc1900 fffff800`02ecc801 00000000`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`09392cb0 fffff800`02f65fee : 00000000`044a6a0d fffffa80`09c88760 00000000`00000080 fffffa80`06cb3b30 : nt!ExpWorkerThread+0x111
fffff880`09392d40 fffff800`02cbc5e6 : fffff800`02e40e80 fffffa80`09c88760 fffffa80`06e26040 fffff880`0105ecb0 : nt!PspSystemThreadStartup+0x5a
fffff880`09392d80 00000000`00000000 : fffff880`09393000 fffff880`0938d000 fffff880`093929e0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: Ntfs!NtfsDeleteInternalAttributeStream+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9
STACK_COMMAND: .cxr 0xfffff88009391a90 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteInternalAttributeStream+ea
BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteInternalAttributeStream+ea
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c88a4c, Address of the instruction which caused the bugcheck
Arg3: fffff8800af9dbc0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
FAULTING_IP:
nt!ObfDereferenceObject+2c
fffff800`02c88a4c f0480fc11f lock xadd qword ptr [rdi],rbx
CONTEXT: fffff8800af9dbc0 -- (.cxr 0xfffff8800af9dbc0)
rax=0000000000000000 rbx=ffffffffffffffff rcx=ff3ff8a008f57f40
rdx=00000000000001ff rsi=ff3ff8a008f57f40 rdi=ff3ff8a008f57f10
rip=fffff80002c88a4c rsp=fffff8800af9e5a0 rbp=fffffa80094ff000
r8=000000000000434c r9=0000000000000004 r10=00000000000043ac
r11=0000000000000007 r12=fffff8a0069606a0 r13=0000000000000001
r14=0000000000000001 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!ObfDereferenceObject+0x2c:
fffff800`02c88a4c f0480fc11f lock xadd qword ptr [rdi],rbx ds:002b:ff3ff8a0`08f57f10=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: plugin-contain
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c88a4c
STACK_TEXT:
fffff880`0af9d2f8 fffff800`02c7e1e9 : 00000000`0000003b 00000000`c0000005 fffff800`02c88a4c fffff880`0af9dbc0 : nt!KeBugCheckEx
fffff880`0af9d300 fffff800`02c7db3c : fffff880`0af9d540 fffff880`11ca9e6d fffff880`11cb1e9c fffff880`0af9e930 : nt!KiBugCheckDispatch+0x69
fffff880`0af9d440 fffff800`02caa4fd : fffff960`002ef84c fffff960`002b575c fffff960`00000000 fffff880`0af9e368 : nt!KiSystemServiceHandler+0x7c
fffff880`0af9d480 fffff800`02ca92d5 : fffff800`02dc9788 fffff880`0af9d4f8 fffff880`0af9e368 fffff800`02c02000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0af9d4b0 fffff800`02cba361 : fffff880`0af9e368 fffff880`0af9dbc0 fffff880`00000000 ff3ff8a0`08f57f10 : nt!RtlDispatchException+0x415
fffff880`0af9db90 fffff800`02c7e2c2 : fffff880`0af9e368 ffffffff`ffffffff fffff880`0af9e410 ff3ff8a0`08f57f40 : nt!KiDispatchException+0x135
fffff880`0af9e230 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSystemServiceHandler+7c
fffff800`02c7db3c b801000000 mov eax,1
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceHandler+7c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x3B_nt!KiSystemServiceHandler+7c
BUCKET_ID: X64_0x3B_nt!KiSystemServiceHandler+7c
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002cdaa20, Address of the instruction which caused the bugcheck
Arg3: fffff8800a03a130, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
FAULTING_IP:
nt!KeWaitForSingleObject+470
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al
CONTEXT: fffff8800a03a130 -- (.cxr 0xfffff8800a03a130)
rax=0000000000000000 rbx=0000001334c35931 rcx=0000000000000002
rdx=fffffa80074aae11 rsi=fffffa800756c160 rdi=ffbffa8007e6c350
rip=fffff80002cdaa20 rsp=fffff8800a03ab10 rbp=0000000000000000
r8=fffffa8008f1a340 r9=0000000000000001 r10=fffffa8006d80e01
r11=fffffa80083dd180 r12=0000000000000000 r13=0000000000000001
r14=fffff8800a03ab38 r15=fffffa8007e6c458
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!KeWaitForSingleObject+0x470:
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al ds:002b:ffbffa80`07e6c4b6=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: javaw.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002fc944e to fffff80002cdaa20
STACK_TEXT:
fffff880`0a03ab10 fffff800`02fc944e : 00000000`753a2400 00000000`00000006 00000000`00000001 fffff880`0a03ac01 : nt!KeWaitForSingleObject+0x470
fffff880`0a03abb0 fffff800`02cd1ed3 : fffffa80`07e6c350 00000000`00000000 fffff880`0a03abf8 fffffa80`0756c160 : nt!NtWaitForSingleObject+0xde
fffff880`0a03ac20 00000000`753a2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0860f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x753a2e09
FOLLOWUP_IP:
nt!KeWaitForSingleObject+470
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KeWaitForSingleObject+470
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800a03a130 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KeWaitForSingleObject+470
BUCKET_ID: X64_0x3B_nt!KeWaitForSingleObject+470
Followup: MachineOwner
---------
Würde mich über Hilfe deswegen freuen.
ein Kumpel von mir hat letztens ein paar neue Hardware teile in seinen Pc eingebaut. Leider hat es dann ca. 2 Tage später mit Bluescreens angefangen. Da ich aus den Crashdumps nicht wirklich schlau werde wollte ich mal hier um Hilfe bitten.
Hardware:
Hardware:
ASRock 970 Extreme4, 970 (dual PC3-14900U DDR3) (neu)
Xigmatek Gaia SD1283 (neu)
AMD Phenom II X4 960T Black Edition, 4x 3.00GHz, boxed (neu)
Geforce 8600 (soll noch in 2-3 Monaten nachgerüstet werden)
Corsair ValueSelect DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333) (neu)
Win7 Ultimate x64
500 Watt Netzteil
Bluescreens:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000002
Arg3: fffffa80096aab60
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002d39f73 to fffff80002cd6c40
STACK_TEXT:
fffff880`0a7ba218 fffff800`02d39f73 : 00000000`000000c4 00000000`00000091 00000000`00000002 fffffa80`096aab60 : nt!KeBugCheckEx
fffff880`0a7ba220 fffff880`0168c202 : fffff880`0168ba60 00000000`00000000 00000000`00000002 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1f123
fffff880`0a7ba300 fffff880`015770eb : fffffa80`0891e460 00000000`00000000 fffffa80`085911a0 fffffa80`09c16000 : tcpip!FlReceiveNetBufferListChain+0xb2
fffff880`0a7ba370 fffff880`01540ad6 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff880`0a7ba3e0 fffff880`014b9cc1 : fffffa80`085911a0 00000000`00000002 00000000`00000001 00000000`00003404 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff880`0a7ba860 fffff880`06e21170 : fffffa80`088cc000 fffffa80`08baa0c0 fffffa80`088cc620 00000000`00000000 : ndis!NdisMIndicateReceiveNetBufferLists+0xc1
fffff880`0a7ba8b0 fffffa80`088cc000 : fffffa80`08baa0c0 fffffa80`088cc620 00000000`00000000 00000000`00000001 : Rt64win7+0x16170
fffff880`0a7ba8b8 fffffa80`08baa0c0 : fffffa80`088cc620 00000000`00000000 00000000`00000001 00001f80`0000020b : 0xfffffa80`088cc000
fffff880`0a7ba8c0 fffffa80`088cc620 : 00000000`00000000 00000000`00000001 00001f80`0000020b 00000000`00000000 : 0xfffffa80`08baa0c0
fffff880`0a7ba8c8 00000000`00000000 : 00000000`00000001 00001f80`0000020b 00000000`00000000 00000001`00000001 : 0xfffffa80`088cc620
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt64win7+16170
fffff880`06e21170 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: Rt64win7+16170
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt64win7
IMAGE_NAME: Rt64win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4db07445
FAILURE_BUCKET_ID: X64_0xc4_91_Rt64win7+16170
BUCKET_ID: X64_0xc4_91_Rt64win7+16170
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88009392238
Arg3: fffff88009391a90
Arg4: fffff80002cee7a5
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88009392238 -- (.exr 0xfffff88009392238)
ExceptionAddress: fffff80002cee7a5 (nt!MmUnmapViewInSystemCache+0x00000000000000c5)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88009391a90 -- (.cxr 0xfffff88009391a90)
rax=0000058000000000 rbx=fffffa80080e8610 rcx=fffff68000000000
rdx=0000000fffffffff rsi=0000000000000000 rdi=fffff6fcc00df600
rip=fffff80002cee7a5 rsp=fffff88009392470 rbp=fffffa8009c88760
r8=0000000000000000 r9=fffff9801bec0000 r10=fffffa80091aa8d8
r11=ffbff8a008b91ce0 r12=0000000000000000 r13=0000000000000000
r14=fffffa8005528c40 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!MmUnmapViewInSystemCache+0xc5:
fffff800`02cee7a5 498b4328 mov rax,qword ptr [r11+28h] ds:002b:ffbff8a0`08b91d08=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efd100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsDeleteInternalAttributeStream+ea
fffff880`0110f182 48397b10 cmp qword ptr [rbx+10h],rdi
FAULTING_IP:
nt!MmUnmapViewInSystemCache+c5
fffff800`02cee7a5 498b4328 mov rax,qword ptr [r11+28h]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80002fdbc39 to fffff80002cee7a5
STACK_TEXT:
fffff880`09392470 fffff800`02fdbc39 : fffff980`1bec0000 ffbff8a0`08b91ce0 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemCache+0xc5
fffff880`09392750 fffff800`02cee42b : 00000000`00000000 fffffa80`06d1abb0 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0x5d
fffff880`09392790 fffff800`02d0fa08 : fffff8a0`08401701 fffffa80`09abb070 fffffa80`09f55a00 00000000`00000000 : nt!CcUnmapVacbArray+0x1bb
fffff880`09392820 fffff800`02ce46f9 : fffffa80`09f55a80 fffffa80`080e8610 fffffa80`09abb070 00000000`00000000 : nt!CcDeleteSharedCacheMap+0x154
fffff880`09392880 fffff880`0110f182 : fffffa80`095f5180 fffff8a0`07c33140 00000000`00000001 00000000`00000000 : nt!CcUninitializeCacheMap+0x389
fffff880`09392900 fffff880`010dfd42 : 00000000`00000000 fffff800`02e6b200 00000000`00000001 fffff8a0`07c33140 : Ntfs!NtfsDeleteInternalAttributeStream+0xea
fffff880`09392950 fffff880`0105885c : fffff8a0`07c33040 fffff8a0`07c33140 fffff800`02e6b200 fffff8a0`08420b70 : Ntfs!NtfsRemoveScb+0xe2
fffff880`09392990 fffff880`01057a3f : fffff8a0`07c33010 fffff800`02e6b260 fffff880`09392b01 fffffa80`0794e940 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`093929c0 fffff880`010dd63c : fffffa80`0794e940 fffffa80`095f5180 fffff8a0`08420b40 fffff8a0`08420ed8 : Ntfs!NtfsTeardownFromLcb+0x2af
fffff880`09392a50 fffff880`0105f0e2 : fffffa80`0794e940 fffffa80`0794e940 fffff8a0`08420b40 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`09392ad0 fffff880`010ed193 : fffffa80`0794e940 fffff800`02e6b260 fffff8a0`08420b40 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`09392b10 fffff880`010dc357 : fffffa80`0794e940 fffff8a0`08420c70 fffff8a0`08420b40 fffffa80`095f5180 : Ntfs!NtfsCommonClose+0x353
fffff880`09392be0 fffff800`02cd5001 : 00000000`00000000 fffff800`02fc1900 fffff800`02ecc801 00000000`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`09392cb0 fffff800`02f65fee : 00000000`044a6a0d fffffa80`09c88760 00000000`00000080 fffffa80`06cb3b30 : nt!ExpWorkerThread+0x111
fffff880`09392d40 fffff800`02cbc5e6 : fffff800`02e40e80 fffffa80`09c88760 fffffa80`06e26040 fffff880`0105ecb0 : nt!PspSystemThreadStartup+0x5a
fffff880`09392d80 00000000`00000000 : fffff880`09393000 fffff880`0938d000 fffff880`093929e0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: Ntfs!NtfsDeleteInternalAttributeStream+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9
STACK_COMMAND: .cxr 0xfffff88009391a90 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteInternalAttributeStream+ea
BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteInternalAttributeStream+ea
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002c88a4c, Address of the instruction which caused the bugcheck
Arg3: fffff8800af9dbc0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
FAULTING_IP:
nt!ObfDereferenceObject+2c
fffff800`02c88a4c f0480fc11f lock xadd qword ptr [rdi],rbx
CONTEXT: fffff8800af9dbc0 -- (.cxr 0xfffff8800af9dbc0)
rax=0000000000000000 rbx=ffffffffffffffff rcx=ff3ff8a008f57f40
rdx=00000000000001ff rsi=ff3ff8a008f57f40 rdi=ff3ff8a008f57f10
rip=fffff80002c88a4c rsp=fffff8800af9e5a0 rbp=fffffa80094ff000
r8=000000000000434c r9=0000000000000004 r10=00000000000043ac
r11=0000000000000007 r12=fffff8a0069606a0 r13=0000000000000001
r14=0000000000000001 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
nt!ObfDereferenceObject+0x2c:
fffff800`02c88a4c f0480fc11f lock xadd qword ptr [rdi],rbx ds:002b:ff3ff8a0`08f57f10=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: plugin-contain
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c88a4c
STACK_TEXT:
fffff880`0af9d2f8 fffff800`02c7e1e9 : 00000000`0000003b 00000000`c0000005 fffff800`02c88a4c fffff880`0af9dbc0 : nt!KeBugCheckEx
fffff880`0af9d300 fffff800`02c7db3c : fffff880`0af9d540 fffff880`11ca9e6d fffff880`11cb1e9c fffff880`0af9e930 : nt!KiBugCheckDispatch+0x69
fffff880`0af9d440 fffff800`02caa4fd : fffff960`002ef84c fffff960`002b575c fffff960`00000000 fffff880`0af9e368 : nt!KiSystemServiceHandler+0x7c
fffff880`0af9d480 fffff800`02ca92d5 : fffff800`02dc9788 fffff880`0af9d4f8 fffff880`0af9e368 fffff800`02c02000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0af9d4b0 fffff800`02cba361 : fffff880`0af9e368 fffff880`0af9dbc0 fffff880`00000000 ff3ff8a0`08f57f10 : nt!RtlDispatchException+0x415
fffff880`0af9db90 fffff800`02c7e2c2 : fffff880`0af9e368 ffffffff`ffffffff fffff880`0af9e410 ff3ff8a0`08f57f40 : nt!KiDispatchException+0x135
fffff880`0af9e230 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSystemServiceHandler+7c
fffff800`02c7db3c b801000000 mov eax,1
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceHandler+7c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x3B_nt!KiSystemServiceHandler+7c
BUCKET_ID: X64_0x3B_nt!KiSystemServiceHandler+7c
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002cdaa20, Address of the instruction which caused the bugcheck
Arg3: fffff8800a03a130, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
FAULTING_IP:
nt!KeWaitForSingleObject+470
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al
CONTEXT: fffff8800a03a130 -- (.cxr 0xfffff8800a03a130)
rax=0000000000000000 rbx=0000001334c35931 rcx=0000000000000002
rdx=fffffa80074aae11 rsi=fffffa800756c160 rdi=ffbffa8007e6c350
rip=fffff80002cdaa20 rsp=fffff8800a03ab10 rbp=0000000000000000
r8=fffffa8008f1a340 r9=0000000000000001 r10=fffffa8006d80e01
r11=fffffa80083dd180 r12=0000000000000000 r13=0000000000000001
r14=fffff8800a03ab38 r15=fffffa8007e6c458
iopl=0 nv up ei ng nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283
nt!KeWaitForSingleObject+0x470:
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al ds:002b:ffbffa80`07e6c4b6=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: javaw.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002fc944e to fffff80002cdaa20
STACK_TEXT:
fffff880`0a03ab10 fffff800`02fc944e : 00000000`753a2400 00000000`00000006 00000000`00000001 fffff880`0a03ac01 : nt!KeWaitForSingleObject+0x470
fffff880`0a03abb0 fffff800`02cd1ed3 : fffffa80`07e6c350 00000000`00000000 fffff880`0a03abf8 fffffa80`0756c160 : nt!NtWaitForSingleObject+0xde
fffff880`0a03ac20 00000000`753a2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0860f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x753a2e09
FOLLOWUP_IP:
nt!KeWaitForSingleObject+470
fffff800`02cdaa20 888766010000 mov byte ptr [rdi+166h],al
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KeWaitForSingleObject+470
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800a03a130 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KeWaitForSingleObject+470
BUCKET_ID: X64_0x3B_nt!KeWaitForSingleObject+470
Followup: MachineOwner
---------
Würde mich über Hilfe deswegen freuen.
Zuletzt bearbeitet: