Mini-Dump 9/20/2014

1.  
2. Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
3. Copyright (c) Microsoft Corporation. All rights reserved.
4.  
5.  
6. Loading Dump File [C:\Windows\Minidump\121813-45708-01.dmp]
7. Mini Kernel Dump File: Only registers and stack trace are available
8.  
9. Symbol search path is: *** Invalid ***
10. ****************************************************************************
11. * Symbol loading may be unreliable without a symbol search path. *
12. * Use .symfix to have the debugger choose a symbol path. *
13. * After setting your symbol path, use .reload to refresh symbol locations. *
14. ****************************************************************************
15. Executable search path is:
16. *********************************************************************
17. * Symbols can not be loaded because symbol path is not initialized. *
18. * *
19. * The Symbol Path can be set by: *
20. * using the _NT_SYMBOL_PATH environment variable. *
21. * using the -y <symbol_path> argument when starting the debugger. *
22. * using .sympath and .sympath+ *
23. *********************************************************************
24. Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
25. *** WARNING: Unable to verify timestamp for ntoskrnl.exe
26. *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
27. Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
28. Product: WinNt, suite: TerminalServer SingleUserTS
29. Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
30. Machine Name:
31. Kernel base = 0xfffff800`02e1b000 PsLoadedModuleList = 0xfffff800`0305e6d0
32. Debug session time: Wed Dec 18 09:00:14.631 2013 (UTC - 7:00)
33. System Uptime: 0 days 7:46:43.269
34. *********************************************************************
35. * Symbols can not be loaded because symbol path is not initialized. *
36. * *
37. * The Symbol Path can be set by: *
38. * using the _NT_SYMBOL_PATH environment variable. *
39. * using the -y <symbol_path> argument when starting the debugger. *
40. * using .sympath and .sympath+ *
41. *********************************************************************
42. Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
43. *** WARNING: Unable to verify timestamp for ntoskrnl.exe
44. *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
45. Loading Kernel Symbols
46. ...............................................................
47. ................................................................
48. .....................
49. Loading User Symbols
50. Loading unloaded module list
51. ......
52. *******************************************************************************
53. * *
54. * Bugcheck Analysis *
55. * *
56. *******************************************************************************
57.  
58. Use !analyze -v to get detailed debugging information.
59.  
60. BugCheck 50, {14ef0000, 0, fffff960000c5ae0, 8}
61.  
62. ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
63.  
64. *************************************************************************
65. *** ***
66. *** ***
67. *** Your debugger is not using the correct symbols ***
68. *** ***
69. *** In order for this command to work properly, your symbol path ***
70. *** must point to .pdb files that have full type information. ***
71. *** ***
72. *** Certain .pdb files (such as the public OS symbols) do not ***
73. *** contain the required information. Contact the group that ***
74. *** provided you with these symbols if you need this command to ***
75. *** work. ***
76. *** ***
77. *** Type referenced: nt!_KPRCB ***
78. *** ***
79. *************************************************************************
80. *** WARNING: Unable to verify timestamp for win32k.sys
81. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
82. *************************************************************************
83. *** ***
84. *** ***
85. *** Your debugger is not using the correct symbols ***
86. *** ***
87. *** In order for this command to work properly, your symbol path ***
88. *** must point to .pdb files that have full type information. ***
89. *** ***
90. *** Certain .pdb files (such as the public OS symbols) do not ***
91. *** contain the required information. Contact the group that ***
92. *** provided you with these symbols if you need this command to ***
93. *** work. ***
94. *** ***
95. *** Type referenced: nt!_KPRCB ***
96. *** ***
97. *************************************************************************
98. *************************************************************************
99. *** ***
100. *** ***
101. *** Your debugger is not using the correct symbols ***
102. *** ***
103. *** In order for this command to work properly, your symbol path ***
104. *** must point to .pdb files that have full type information. ***
105. *** ***
106. *** Certain .pdb files (such as the public OS symbols) do not ***
107. *** contain the required information. Contact the group that ***
108. *** provided you with these symbols if you need this command to ***
109. *** work. ***
110. *** ***
111. *** Type referenced: nt!_KPRCB ***
112. *** ***
113. *************************************************************************
114. Probably caused by : win32k.sys ( win32k+c5ae0 )
115.  
116. Followup: MachineOwner
117. ---------
118.  
119. 0: kd> .reload
120. Loading Kernel Symbols
121. ...............................................................
122. ................................................................
123. .....................
124. Loading User Symbols
125. Loading unloaded module list
126. ......
127. 0: kd> !analyze -v
128. *******************************************************************************
129. * *
130. * Bugcheck Analysis *
131. * *
132. *******************************************************************************
133.  
134. PAGE_FAULT_IN_NONPAGED_AREA (50)
135. Invalid system memory was referenced. This cannot be protected by try-except,
136. it must be protected by a Probe. Typically the address is just plain bad or it
137. is pointing at freed memory.
138. Arguments:
139. Arg1: 0000000014ef0000, memory referenced.
140. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
141. Arg3: fffff960000c5ae0, If non-zero, the instruction address which referenced the bad memory
142. address.
143. Arg4: 0000000000000008, (reserved)
144.  
145. Debugging Details:
146. ------------------
147.  
148.  
149. Could not read faulting driver name
150.  
151. READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c8100
152. 0000000014ef0000
153.  
154. FAULTING_IP:
155. win32k!memcpy+b0
156. fffff960`000c5ae0 488b040a mov rax,qword ptr [rdx+rcx]
157.  
158. MM_INTERNAL_CODE: 8
159.  
160. CUSTOMER_CRASH_COUNT: 1
161.  
162. DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
163.  
164. BUGCHECK_STR: 0x50
165.  
166. PROCESS_NAME: firefox.exe
167.  
168. CURRENT_IRQL: 0
169.  
170. TRAP_FRAME: fffff8800ac49370 -- (.trap 0xfffff8800ac49370)
171. NOTE: The trap frame does not contain all registers.
172. Some register values may be zeroed or incorrect.
173. rax=ffb5ffffff000063 rbx=0000000000000000 rcx=00000000147cafc8
174. rdx=0000000000725038 rsi=0000000000000000 rdi=0000000000000000
175. rip=fffff960000c5ae0 rsp=fffff8800ac49508 rbp=fffff8800ac495e0
176. r8=0000000000001578 r9=000000000000007b r10=ffffffffffffffff
177. r11=00000000147ca9c8 r12=0000000000000000 r13=0000000000000000
178. r14=0000000000000000 r15=0000000000000000
179. iopl=0 nv up ei pl nz na po nc
180. win32k!memcpy+0xb0:
181. fffff960`000c5ae0 488b040a mov rax,qword ptr [rdx+rcx] ds:00000000`14ef0000=????????????????
182. Resetting default scope
183.  
184. LAST_CONTROL_TRANSFER: from fffff80002e2a12b to fffff80002e90bc0
185.  
186. STACK_TEXT:
187. fffff880`0ac49208 fffff800`02e2a12b : 00000000`00000050 00000000`14ef0000 00000000`00000000 fffff880`0ac49370 : nt!KeBugCheckEx
188. fffff880`0ac49210 fffff800`02e8ecee : 00000000`00000000 00000000`14ef0000 00000000`00000000 00000000`14eefa00 : nt! ?? ::FNODOBFM::`string'+0x45955
189. fffff880`0ac49370 fffff960`000c5ae0 : fffff960`0008d391 00000000`00000000 00000000`00000000 fffff900`c0828cd8 : nt!KiPageFault+0x16e
190. fffff880`0ac49508 fffff960`0008d391 : 00000000`00000000 00000000`00000000 fffff900`c0828cd8 00000000`00000000 : win32k!memcpy+0xb0
191. fffff880`0ac49510 fffff960`00087449 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`0ac498e0 : win32k!vSrcCopyS32D32Identity+0x71
192. fffff880`0ac49540 fffff960`001fa12c : fffff900`c0828cd8 fffff900`c079c028 fffff900`c3a62e90 fffff900`c06f7b10 : win32k!EngCopyBits+0x915
193. fffff880`0ac49850 fffff960`0018fba8 : 00000000`34010e4e 00000000`00000000 00000000`00000000 00000000`74010ef5 : win32k!NtGdiBitBltInternal+0xc94
194. fffff880`0ac49a30 fffff880`040e9321 : fffff8a0`11471000 00000116`0000055e fffff8a0`11eb7f10 fffff8a0`0e1f2610 : win32k!DxgkEngBltViaGDI+0x588
195. fffff880`0ac49ba0 fffff880`040e5fbb : fffff8a0`40006300 fffff8a0`0000055e fffff880`0ac49f00 fffff880`0ac49f30 : dxgkrnl!DXGCONTEXT::Present+0x2d5d
196. fffff880`0ac49ec0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dxgkrnl!DxgkPresent+0x543
197.  
198.  
199. STACK_COMMAND: kb
200.  
201. FOLLOWUP_IP:
202. dxgkrnl!DXGCONTEXT::Present+2d5d
203. fffff880`040e9321 413bc6 cmp eax,r14d
204.  
205. SYMBOL_STACK_INDEX: 8
206.  
207. SYMBOL_NAME: dxgkrnl!DXGCONTEXT::Present+2d5d
208.  
209. FOLLOWUP_NAME: MachineOwner
210.  
211. MODULE_NAME: dxgkrnl
212.  
213. IMAGE_NAME: dxgkrnl.sys
214.  
215. DEBUG_FLR_IMAGE_TIMESTAMP: 51fa153d
216.  
217. FAILURE_BUCKET_ID: X64_0x50_dxgkrnl!DXGCONTEXT::Present+2d5d
218.  
219. BUCKET_ID: X64_0x50_dxgkrnl!DXGCONTEXT::Present+2d5d
220.  
221. Followup: MachineOwner
222. ---------