locked
Need help analyzing BSOD with winbg RRS feed

  • Question


  • Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: srv*
    Executable search path is: srv*
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
    Machine Name:
    Kernel base = 0xfffff800`02e07000 PsLoadedModuleList = 0xfffff800`0304a670
    Debug session time: Sat Jul  6 12:20:56.091 2013 (UTC - 7:00)
    System Uptime: 0 days 4:22:24.013
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 3B, {c0000005, fffff80002e9863c, fffff8800934c010, 0}

    Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectSafe+c )

    Followup: MachineOwner
    ---------

    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80002e9863c, Address of the instruction which caused the bugcheck
    Arg3: fffff8800934c010, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    FAULTING_IP: 
    nt!ObReferenceObjectSafe+c
    fffff800`02e9863c 498b02          mov     rax,qword ptr [r10]

    CONTEXT:  fffff8800934c010 -- (.cxr 0xfffff8800934c010)
    rax=0000000000000000 rbx=0000000000000000 rcx=effffa80056e8e60
    rdx=0000000000000011 rsi=fffffa800426b5b0 rdi=fffff8a0035786e0
    rip=fffff80002e9863c rsp=fffff8800934c9f0 rbp=effffa80056e8e60
     r8=000000000165f4f8  r9=0000000000010000 r10=effffa80056e8e30
    r11=fffff8a0035786e0 r12=fffff8800934cbd0 r13=fffff8a01700dd70
    r14=fffffa800426b7c0 r15=fffffa8007832310
    iopl=0         nv up ei ng nz na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
    nt!ObReferenceObjectSafe+0xc:
    fffff800`02e9863c 498b02          mov     rax,qword ptr [r10] ds:002b:effffa80`056e8e30=????????????????
    Resetting default scope

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    BUGCHECK_STR:  0x3B

    PROCESS_NAME:  iPodService.ex

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff8000318c912 to fffff80002e9863c

    STACK_TEXT:  
    fffff880`0934c9f0 fffff800`0318c912 : 00000000`00000019 00000000`00000000 00000000`00000000 fffff800`0315f11f : nt!ObReferenceObjectSafe+0xc
    fffff880`0934ca20 fffff800`0318a8a1 : 00000000`00010000 fffff8a0`1700dd68 00000000`00000001 ffffffff`ffffffff : nt!AlpcpDispatchNewMessage+0x82
    fffff880`0934ca80 fffff800`0317079f : 00000000`00000001 00000000`0165f4d0 00000000`00000000 00000000`00000001 : nt!AlpcpSendMessage+0x907
    fffff880`0934cb90 fffff800`02e7be93 : fffffa80`07832310 fffff880`0934cca0 fffffa80`0426b7c0 00000000`00000000 : nt!NtRequestPort+0x9f
    fffff880`0934cc20 00000000`7791274a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0165f4a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7791274a


    FOLLOWUP_IP: 
    nt!ObReferenceObjectSafe+c
    fffff800`02e9863c 498b02          mov     rax,qword ptr [r10]

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt!ObReferenceObjectSafe+c

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

    STACK_COMMAND:  .cxr 0xfffff8800934c010 ; kb

    FAILURE_BUCKET_ID:  X64_0x3B_nt!ObReferenceObjectSafe+c

    BUCKET_ID:  X64_0x3B_nt!ObReferenceObjectSafe+c

    Followup: MachineOwner
    ---------
    Saturday, July 6, 2013 7:58 PM

All replies

  • Hi,

    Can you provide more details about the circumstances lead to this failure? At first glance it looks like some memory which is not valid was used by OS but as said I need more details in order to be able to assist (e.g. .kb for stack trace etc...)

    Alon

    Sunday, July 7, 2013 1:11 PM