My work computer start restarting for few days now. Today I was able to see the blue screen for a fraction of a second and the reboot.
This is what I got from the minidump file in WinDbg:
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 806e694f, f78dec30, f78de92c}
Probably caused by : ntkrpamp.exe ( nt!FsRtlRemovePerStreamContext+1e )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806e694f, The address that the exception occurred at
Arg3: f78dec30, Exception Record Address
Arg4: f78de92c, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
hal!ExAcquireFastMutex+f
806e694f f0ff09 lock dec dword ptr [ecx]
EXCEPTION_RECORD: f78dec30 -- (.exr 0xfffffffff78dec30)
ExceptionAddress: 806e694f (hal!ExAcquireFastMutex+0x0000000f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 0067006e
Attempt to write to address 0067006e
CONTEXT: f78de92c -- (.cxr 0xfffffffff78de92c)
eax=0000003d ebx=88134e7c ecx=0067006e edx=f78ded28 esi=e5c65008 edi=87a94300
eip=806e694f esp=f78decf8 ebp=f78ded08 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
hal!ExAcquireFastMutex+0xf:
806e694f f0ff09 lock dec dword ptr [ecx] ds:0023:0067006e=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 0067006e
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
LAST_CONTROL_TRANSFER: from 804ed978 to 806e694f
STACK_TEXT:
f78decf4 804ed978 87a94300 88134e7c 87a942f8 hal!ExAcquireFastMutex+0xf
f78ded08 f71edb6c e5c65008 88134c20 e5c65008 nt!FsRtlRemovePerStreamContext+0x1e
f78ded34 f71ef0ba 88134c20 89d26828 8897ece8 fltmgr!FltpDeleteAllStreamListCtrls+0x62
f78ded50 f71e18f7 88134ca4 00000008 89d26828 fltmgr!FltpFreeVolume+0xa4
f78ded68 f71e564e 8897ece8 00000008 8056485c fltmgr!FltpCleanupDeviceObject+0x61
f78ded7c 8053879d 89d26828 00000000 8a7e18b8 fltmgr!FltpFastIoDetachDeviceWorker+0x14
f78dedac 805cff62 89d26828 00000000 00000000 nt!ExpWorkerThread+0xef
f78deddc 8054612e 805386ae 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
nt!FsRtlRemovePerStreamContext+1e
804ed978 8b5510 mov edx,dword ptr [ebp+10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!FsRtlRemovePerStreamContext+1e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4bd6e0e8
STACK_COMMAND: .cxr 0xfffffffff78de92c ; kb
FAILURE_BUCKET_ID: 0x7E_nt!FsRtlRemovePerStreamContext+1e
BUCKET_ID: 0x7E_nt!FsRtlRemovePerStreamContext+1e
Followup: MachineOwner
---------
What can be the culprit ? Thank You
This is what I got from the minidump file in WinDbg:
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 806e694f, f78dec30, f78de92c}
Probably caused by : ntkrpamp.exe ( nt!FsRtlRemovePerStreamContext+1e )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806e694f, The address that the exception occurred at
Arg3: f78dec30, Exception Record Address
Arg4: f78de92c, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
hal!ExAcquireFastMutex+f
806e694f f0ff09 lock dec dword ptr [ecx]
EXCEPTION_RECORD: f78dec30 -- (.exr 0xfffffffff78dec30)
ExceptionAddress: 806e694f (hal!ExAcquireFastMutex+0x0000000f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 0067006e
Attempt to write to address 0067006e
CONTEXT: f78de92c -- (.cxr 0xfffffffff78de92c)
eax=0000003d ebx=88134e7c ecx=0067006e edx=f78ded28 esi=e5c65008 edi=87a94300
eip=806e694f esp=f78decf8 ebp=f78ded08 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
hal!ExAcquireFastMutex+0xf:
806e694f f0ff09 lock dec dword ptr [ecx] ds:0023:0067006e=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 0067006e
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: STRING_DEREFERENCE
LAST_CONTROL_TRANSFER: from 804ed978 to 806e694f
STACK_TEXT:
f78decf4 804ed978 87a94300 88134e7c 87a942f8 hal!ExAcquireFastMutex+0xf
f78ded08 f71edb6c e5c65008 88134c20 e5c65008 nt!FsRtlRemovePerStreamContext+0x1e
f78ded34 f71ef0ba 88134c20 89d26828 8897ece8 fltmgr!FltpDeleteAllStreamListCtrls+0x62
f78ded50 f71e18f7 88134ca4 00000008 89d26828 fltmgr!FltpFreeVolume+0xa4
f78ded68 f71e564e 8897ece8 00000008 8056485c fltmgr!FltpCleanupDeviceObject+0x61
f78ded7c 8053879d 89d26828 00000000 8a7e18b8 fltmgr!FltpFastIoDetachDeviceWorker+0x14
f78dedac 805cff62 89d26828 00000000 00000000 nt!ExpWorkerThread+0xef
f78deddc 8054612e 805386ae 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
nt!FsRtlRemovePerStreamContext+1e
804ed978 8b5510 mov edx,dword ptr [ebp+10h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!FsRtlRemovePerStreamContext+1e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4bd6e0e8
STACK_COMMAND: .cxr 0xfffffffff78de92c ; kb
FAILURE_BUCKET_ID: 0x7E_nt!FsRtlRemovePerStreamContext+1e
BUCKET_ID: 0x7E_nt!FsRtlRemovePerStreamContext+1e
Followup: MachineOwner
---------
What can be the culprit ? Thank You