Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Aaron\Desktop\Mini072908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\debug*
http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18063.amd64fre.vistasp1_gdr.080425-1930
Kernel base = 0xfffff800`01e1a000 PsLoadedModuleList = 0xfffff800`01fdfdb0
Debug session time: Mon Jul 28 20:32:46.160 2008 (GMT-4)
System Uptime: 0 days 2:50:59.528
Loading Kernel Symbols
...............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff81801fab264, d, 0, fffff80001eeaca1}
Probably caused by : ntkrnlmp.exe ( nt!EtwGetKernelTraceTimestamp+31 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff81801fab264, memory referenced
Arg2: 000000000000000d, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001eeaca1, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002043080
fffff81801fab264
CURRENT_IRQL: d
FAULTING_IP:
nt!EtwGetKernelTraceTimestamp+31
fffff800`01eeaca1 8b0c81 mov ecx,dword ptr [rcx+rax*4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff80002fee950 -- (.trap 0xfffff80002fee950)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000028 rcx=fffff81801fab260
rdx=0000000020004000 rsi=000000000000000a rdi=fffffa6000dba2c4
rip=fffff80001eeaca1 rsp=fffff80002feeae0 rbp=fffff80001fab260
r8=fffff80001f93b80 r9=00000000000078e8 r10=0000000000000709
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
nt!EtwGetKernelTraceTimestamp+0x31:
fffff800`01eeaca1 8b0c81 mov ecx,dword ptr [rcx+rax*4] ds:f050:fffff818`01fab264=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001e6f12e to fffff80001e6f390
STACK_TEXT:
fffff800`02fee808 fffff800`01e6f12e : 00000000`0000000a fffff818`01fab264 00000000`0000000d 00000000`00000000 : nt!KeBugCheckEx
fffff800`02fee810 fffff800`01e6e00b : 00000000`00000000 fffffa80`0491f050 00000000`00000000 fffff800`02feeb30 : nt!KiBugCheckDispatch+0x6e
fffff800`02fee950 fffff800`01eeaca1 : fffffa80`0491f050 fffffa60`00da05ee fffffa80`0491ff00 fffffa60`00db321a : nt!KiPageFault+0x20b
fffff800`02feeae0 fffff800`01eead2f : fffff800`02feecb0 fffff800`02feebd0 fffffa80`0491ff00 fffffa60`00da0eee : nt!EtwGetKernelTraceTimestamp+0x31
fffff800`02feeb10 fffff800`01e70b1b : 00000000`00000000 00000000`ffffffff 00000000`00000000 fffff800`023405cb : nt!EtwGetInterruptTimeStamp+0x1f
fffff800`02feeb50 fffffa60`00d83062 : fffffa60`00d820d9 fffff800`00000001 fffff800`02feed50 fffff800`01f8e680 : nt!KiInterruptDispatchNoLock+0x13b
fffff800`02feece8 fffffa60`00d820d9 : fffff800`00000001 fffff800`02feed50 fffff800`01f8e680 fffff800`01e50979 : amdk8!C1Halt+0x2
fffff800`02feecf0 fffff800`01e8a7b8 : fffffa80`024a1bb0 fffff800`01f93b80 fffff800`02feedb0 fffff800`01e72a2d : amdk8!C1Idle+0x9
fffff800`02feed20 fffff800`01e79b31 : fffff800`01f8e680 00000000`00000709 00000000`00000000 00000000`00000000 : nt!PoIdle+0x148
fffff800`02feed80 fffff800`020475c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x21
fffff800`02feedb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!zzz_AsmCodeRange_End+0x4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!EtwGetKernelTraceTimestamp+31
fffff800`01eeaca1 8b0c81 mov ecx,dword ptr [rcx+rax*4]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!EtwGetKernelTraceTimestamp+31
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4812c3f7
FAILURE_BUCKET_ID: X64_0xA_nt!EtwGetKernelTraceTimestamp+31
BUCKET_ID: X64_0xA_nt!EtwGetKernelTraceTimestamp+31
Followup: MachineOwner
---------