Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD : with error code 0x7e and argument 0xC0000005 on Windows XP SP3


  • Please log in to reply
5 replies to this topic

#1 AshishS

AshishS

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 January 2012 - 08:35 AM

Hi,

I am facing in-consistent BSOD with error code 0x7e and argument 0xC0000005 on Windows XP SP3. Pasting WinDbg log as instructed in BSOD posting instruction.
I am using Windows XP SP3 on core 2 duo machine.


log 1 :
-----------------------------------------------------------------------------------------------------------
Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [E:\AshishS_MemoryDump\MEMORY_2_Jan_19\MEMORY_2_Jan_19.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: E:\mss
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer EmbeddedNT SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0xe0b66000 PsLoadedModuleList = 0xe0bf24c0
Debug session time: Tue Jan 10 01:28:10.359 2012 (UTC + 5:30)
System Uptime: 0 days 0:42:08.042
Loading Kernel Symbols
...............................................................
................................................................
....
Loading User Symbols

Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {c0000005, f677668f, acfecc7c, acfec978}

*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
Probably caused by : iaStor.sys ( iaStor+1e68f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f677668f, The address that the exception occurred at
Arg3: acfecc7c, Exception Record Address
Arg4: acfec978, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
iaStor+1e68f
f677668f 039830010000 add ebx,dword ptr [eax+130h]

EXCEPTION_RECORD: acfecc7c -- (.exr 0xffffffffacfecc7c)
ExceptionAddress: f677668f (iaStor+0x0001e68f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000012f
Attempt to read from address 0000012f

CONTEXT: acfec978 -- (.cxr 0xffffffffacfec978)
eax=ffffffff ebx=0010d6a0 ecx=00000000 edx=00000001 esi=f6d7f8a0 edi=00000000
eip=f677668f esp=acfecd44 ebp=acfecdac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
iaStor+0x1e68f:
f677668f 039830010000 add ebx,dword ptr [eax+130h] ds:0023:0000012f=????????
Resetting default scope

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 0000012f

READ_ADDRESS: 0000012f

FOLLOWUP_IP:
iaStor+1e68f
f677668f 039830010000 add ebx,dword ptr [eax+130h]

BUGCHECK_STR: 0x7E

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from e0c0472b to f677668f

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
acfecdac e0c0472b f6d7f8a0 00000000 00000000 iaStor+0x1e68f
acfecddc e0b7b6c9 f6776668 f6d7f8a0 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: iaStor+1e68f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: iaStor

IMAGE_NAME: iaStor.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4cd505bd

STACK_COMMAND: .cxr 0xffffffffacfec978 ; kb

FAILURE_BUCKET_ID: 0x7E_iaStor+1e68f

BUCKET_ID: 0x7E_iaStor+1e68f

Followup: MachineOwner
---------

0: kd> !process
PROCESS fad28020 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 06800000 ObjectTable: e1c03e08 HandleCount: 138981.
Image: System
VadRoot fad4d160 Vads 5 Clone 0 Private 3. Modified 3570. Locked 0.
DeviceMap e1c030f0
Token e1c00af8
ElapsedTime 00:42:08.042
UserTime 00:00:00.000
KernelTime 00:23:59.296
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (56, 0, 345) (224KB, 0KB, 1380KB)
PeakWorkingSetSize 1525
VirtualSize 1 Mb
PeakVirtualSize 6 Mb
PageFaultCount 12465
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 7

THREAD fad28da8 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
e0bf6e30 SynchronizationEvent
e0bf7ea0 NotificationTimer

THREAD fad28550 Cid 0004.0010 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95c0 Unknown

THREAD fad282d8 Cid 0004.0014 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95c0 Unknown

THREAD fad27020 Cid 0004.0018 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95c0 Unknown

THREAD fad27da8 Cid 0004.001c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95c0 Unknown

THREAD fad27b30 Cid 0004.0020 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95c0 Unknown

THREAD fad278b8 Cid 0004.0024 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad27640 Cid 0004.0028 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad273c8 Cid 0004.002c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad26020 Cid 0004.0030 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad26da8 Cid 0004.0034 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad26b30 Cid 0004.0038 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad268b8 Cid 0004.003c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
e0bf95fc Unknown

THREAD fad26640 Cid 0004.0040 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
e0bf9638 Unknown

THREAD fad263c8 Cid 0004.0044 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f6d8fd78 NotificationTimer
e0bf95a0 SynchronizationEvent
e0bf9590 SynchronizationEvent

THREAD fad24900 Cid 0004.0048 Teb: 00000000 Win32Thread: 00000000 STANDBY
THREAD fad24688 Cid 0004.004c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
e0bf69f0 NotificationEvent
e0bf2420 NotificationEvent

THREAD fad1f6c8 Cid 0004.0050 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f6d9bd7c NotificationTimer
e0bf69e0 SynchronizationEvent

THREAD fad1f310 Cid 0004.0054 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrVirtualMemory) KernelMode Non-Alertable
e0bf65a0 NotificationEvent

THREAD fad1e020 Cid 0004.0058 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
e0bf1370 SynchronizationEvent

THREAD fad1e490 Cid 0004.005c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
e0bef5c0 Unknown

THREAD fad4c020 Cid 0004.0060 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
e0bef5e8 Unknown

THREAD fad09020 Cid 0004.0064 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f68eaf90 NotificationEvent
f68eaf80 NotificationEvent

THREAD fac3d458 Cid 0004.0068 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f6895aa0 Semaphore Limit 0x7fffffff

THREAD facc3520 Cid 0004.006c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f6837184 NotificationEvent

THREAD fac47020 Cid 0004.0070 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
fac2390c NotificationEvent
fac2392c NotificationEvent

THREAD fac475a0 Cid 0004.0074 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
fac24bf4 NotificationEvent
fac24c14 NotificationEvent

THREAD fac47328 Cid 0004.0078 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
facd5bd0 NotificationEvent

THREAD fac22da8 Cid 0004.007c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
facd5548 NotificationEvent

THREAD fac22b30 Cid 0004.0080 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
facd5c60 NotificationEvent

THREAD fac228b8 Cid 0004.0084 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
facd5b40 NotificationEvent

THREAD f962e3c8 Cid 0004.0228 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
f66433dc Unknown

THREAD fac6b1d0 Cid 0004.0490 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
efb65c48 Unknown

THREAD f95b31c8 Cid 0004.0494 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
efb65b10 Unknown

THREAD fac583d8 Cid 0004.0498 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
efb65bac Unknown

THREAD fac655a0 Cid 0004.049c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
efb65c9c NotificationEvent
fac65690 NotificationTimer

THREAD f95ac1d0 Cid 0004.04a0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
f95c2604 NotificationEvent

THREAD f959ac40 Cid 0004.0510 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f6a36900 SynchronizationEvent
f6a368e0 SynchronizationEvent

THREAD f959a9c8 Cid 0004.0514 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f959d200 SynchronizationEvent
f959d210 SynchronizationEvent

THREAD f959a750 Cid 0004.0518 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f959d238 SynchronizationEvent
f959d248 SynchronizationEvent

THREAD f917f020 Cid 0004.0578 Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
f95cd604 NotificationEvent

THREAD f917f308 Cid 0004.057c Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
fac4a604 NotificationEvent

THREAD f8ef2560 Cid 0004.05b0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
fac59604 NotificationEvent

THREAD f8eebb88 Cid 0004.05b4 Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
fac4d604 NotificationEvent

THREAD f8ee6da8 Cid 0004.05b8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Non-Alertable
f9601604 NotificationEvent

THREAD f8ef3b98 Cid 0004.05bc Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8eedab8 SynchronizationEvent
f8eedac8 SynchronizationEvent
f962d350 NotificationEvent

THREAD f8ef68a8 Cid 0004.05c0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8eeda90 SynchronizationEvent
f8eedaa0 SynchronizationEvent
f960fc78 NotificationEvent

THREAD f8ef6420 Cid 0004.05c4 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8ef7310 SynchronizationEvent
f8ef7320 SynchronizationEvent
fad45fd8 NotificationEvent

THREAD f8ee46f8 Cid 0004.05c8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8ef7298 SynchronizationEvent
f8ef72a8 SynchronizationEvent
f8ef4290 NotificationEvent

THREAD f8ee5910 Cid 0004.05cc Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8ef41f8 SynchronizationEvent
f8ef4208 SynchronizationEvent
f8ed0b88 NotificationEvent

THREAD f8ee5698 Cid 0004.05d0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8ef6fe0 SynchronizationEvent
f8ef6ff0 SynchronizationEvent
f8ed0ae8 NotificationEvent

THREAD f8ecfda8 Cid 0004.05d4 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8ef6f18 SynchronizationEvent
f8ef6f28 SynchronizationEvent
f8ef6f60 NotificationEvent

THREAD f8ecf920 Cid 0004.05d8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
fac790a8 SynchronizationEvent
fac790b8 SynchronizationEvent
fac790f0 NotificationEvent

THREAD f91675b8 Cid 0004.05dc Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
fac79080 SynchronizationEvent
fac79090 SynchronizationEvent
f8edfb68 NotificationEvent

THREAD f8ecf020 Cid 0004.05e0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
fad0acb8 SynchronizationEvent
fad0acc8 SynchronizationEvent
fad0acd8 SynchronizationEvent
fad0ace8 SynchronizationEvent
fad0acf8 SynchronizationEvent
fad0ad08 SynchronizationEvent
fad0ad18 SynchronizationEvent
fad0ad28 SynchronizationEvent
fad0ad38 SynchronizationEvent
fad0ad48 SynchronizationEvent
fad0ad58 SynchronizationEvent
f8ec98c0 NotificationEvent

THREAD f8cf47a0 Cid 0004.05e4 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8e996b8 NotificationEvent
f8e996c8 SynchronizationEvent

THREAD f8cf4528 Cid 0004.05e8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f8e996fc NotificationEvent
f8e99720 SynchronizationTimer

THREAD f8eed6a8 Cid 0004.05ec Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
efa50330 NotificationEvent

THREAD f8c39618 Cid 0004.06a4 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ade02168 Unknown

THREAD f8c36b30 Cid 0004.06ac Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ade020cc Unknown

THREAD f8c368b8 Cid 0004.06b0 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ade021bc NotificationEvent
f8c369a8 NotificationTimer

THREAD f8c2a020 Cid 0004.06cc Teb: 00000000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
f8c2d468 Semaphore Limit 0x7fffffff

THREAD f8986b30 Cid 0004.1b48 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ad731a88 Unknown

THREAD f89868b8 Cid 0004.1b4c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ad731950 Unknown

THREAD f8982da8 Cid 0004.1b50 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ad7319ec Unknown

THREAD f8982b30 Cid 0004.1b54 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad731adc NotificationEvent
f8982c20 NotificationTimer

THREAD f89802c0 Cid 0004.1be8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad730f40 NotificationTimer

THREAD f89697b0 Cid 0004.1cf8 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f95e9670 NotificationEvent

THREAD f895d2e0 Cid 0004.1eac Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f89a7158 SynchronizationEvent

THREAD f88d1da8 Cid 0004.2330 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
f89d2904 Unknown

THREAD f88e4868 Cid 0004.2334 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
f89d2b44 Unknown

THREAD f88ef6a8 Cid 0004.2338 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Non-Alertable
ad359f64 Unknown

THREAD f88042c0 Cid 0004.2f40 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0ea8 SynchronizationEvent

THREAD f87ff5f0 Cid 0004.2f44 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0ee8 SynchronizationEvent

THREAD f8801ad8 Cid 0004.2f48 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0f28 SynchronizationEvent

THREAD f8801860 Cid 0004.2f4c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0f68 SynchronizationEvent

THREAD f88015e8 Cid 0004.2f50 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0fa8 SynchronizationEvent

THREAD f8800da8 Cid 0004.2f54 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e0fe8 SynchronizationEvent

THREAD f87fe3c8 Cid 0004.2f64 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
ad1e32a0 NotificationEvent
ad1e3290 NotificationEvent
fad24478 NotificationEvent
ad1e32b0 NotificationEvent

THREAD fadec640 Cid 0004.82fb8 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
ade02030 Unknown
fadec730 NotificationTimer

THREAD fe85a318 Cid 0004.88160 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0



log 1 :
-----------------------------------------------------------------------------------------------------------

Microsoft ® Windows Debugger Version 6.12.0002.633 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [E:\AshishS_MemoryDump\Mini011812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: E:\mss
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer EmbeddedNT SingleUserTS
Machine Name:
Kernel base = 0xe0b66000 PsLoadedModuleList = 0xe0bf24c0
Debug session time: Wed Jan 18 10:24:05.109 2012 (UTC + 5:30)
System Uptime: 0 days 0:01:43.652
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 44, {f8ab9808, d64, 0, 0}

*** WARNING: Unable to verify timestamp for mssmbios.sys
Unable to load image iaStor.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iaStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStor.sys
Probably caused by : iaStor.sys ( iaStor+233af )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: f8ab9808, Address of the IRP
Arg2: 00000d64
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


IRP_ADDRESS: f8ab9808

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x44

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from e0baf814 to e0bc6672

STACK_TEXT:
f6dbfcd8 e0baf814 00000044 f8ab9808 00000d64 nt!MiRemoveUnusedSegments+0x3db
f6dbfd10 f677b3af f95d1650 fac31000 e0b47830 nt!MiSetSystemCodeProtection+0x138
WARNING: Stack unwind information not available. Following frames may be wrong.
f6dbfd28 f6789976 f8ab9808 f95d1650 fac3192c iaStor+0x233af
f6dbfd7c f6789b66 00c31000 00000000 facae508 iaStor+0x31976
f6dbfda0 f6789d46 00c31000 f6dbfddc e0c0472b iaStor+0x31b66
f6dbfdac e0c0472b fac31000 00000000 00000000 iaStor+0x31d46
f6dbfddc e0b7b6c9 f6789d32 fac31000 00000000 nt!PsRevertThreadToSelf+0x9
00000000 00000000 00000000 00000000 00000000 nt!Magic86400000+0x1f1


STACK_COMMAND: kb

FOLLOWUP_IP:
iaStor+233af
f677b3af ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: iaStor+233af

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: iaStor

IMAGE_NAME: iaStor.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4cd505bd

FAILURE_BUCKET_ID: 0x44_iaStor+233af

BUCKET_ID: 0x44_iaStor+233af

Followup: MachineOwner
---------

1: kd> !process
GetPointerFromAddress: unable to read from e0bf6ed4
PROCESS fad28020 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 06840000 ObjectTable: e1c03e08 HandleCount: <Data Not Accessible>
Image: System
VadRoot fad4d158 Vads 5 Clone 0 Private 3. Modified 1742. Locked 0.
DeviceMap e1c030f0
Token e1c00af8
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
ffdf0000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (56, 0, 345) (224KB, 0KB, 1380KB)
PeakWorkingSetSize 1525
VirtualSize 1 Mb
PeakVirtualSize 6 Mb
PageFaultCount 12415
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 7

*** Error in reading nt!_ETHREAD @ fad28da8

BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:54 AM

Posted 20 January 2012 - 09:10 AM

Please do the following if you will:

Edit your above post and delete the entire log - it takes too much space and isn't what we need. Instead,
Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

#3 AshishS

AshishS
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 23 January 2012 - 02:06 AM

Hi Allan,


Please find below the log of bluescreenview.exe

==================================================
Dump File : Mini011812-01.dmp
Crash Time : 01-18-2012 5:54:37 AM
Bug Check String : MULTIPLE_IRP_COMPLETE_REQUESTS
Bug Check Code : 0x00000044
Parameter 1 : 0xf8ab9808
Parameter 2 : 0x00000d64
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+233af
File Description : Intel Rapid Storage Technology driver - x86
Product Name : Intel Rapid Storage Technology driver
Company : Intel Corporation
File Version : 10.1.0.1008
Processor : 32-bit
Crash Address : ntoskrnl.exe+60672
Stack Address 1 : ntoskrnl.exe+49814
Stack Address 2 : iaStor.sys+233af
Stack Address 3 : iaStor.sys+31976
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 73,728
==================================================

Regards,
Ashish

#4 Allan

Allan

  • BC Advisor
  • 8,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:54 AM

Posted 23 January 2012 - 07:55 AM

That is an EXTREMELY difficult error to diagnose. Please do the following:

1) Look in device manager - any yellow or red symbols?

2) Update your major drivers (sound, video, NIC & WiFi if applicable). Get the drivers from the oem websites, not from Windows Updates

3) If the BSOD continues you should post in the Am I Infected forum. The file in question (iastor.sys) is often a target of malware.

#5 AshishS

AshishS
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 23 January 2012 - 08:27 AM

Hi Allan,

Thanks for your reply,

Well for #1 there are no yelloe or red symbols in device manager.

#2 Will all of the listed drivers are updated but will check again from OEM websites.

#3 Will post in "Am i Infected" forum if after #2 BSOD continues.


Again thanks for your valuable help.

Regards,
Ashish

#6 Allan

Allan

  • BC Advisor
  • 8,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:54 AM

Posted 23 January 2012 - 08:29 AM

You're welcome. Please post back and let us know how things resolve.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users