Hi,
I have recently been having some trouble with an image that is deployed out to several models of dell laptops
After around 4-5 days they all start to BSOD with the image name as ntkrpamp.exe
I have recovered and analyzed the BSOD dump files from these however am unable to make heads or tails on them
Below is one BSOD
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 00000000, Object type of the object whose reference count is being lowered
Arg2: 86953d48, Object whose reference count is being lowered
Arg3: 00000002, Reserved
Arg4: ffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This bugcheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object’s reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x18
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 82ccbd22 to 82d31f2c
STACK_TEXT:
8e7c7bc4 82ccbd22 00000018 00000000 86953d48 nt!KeBugCheckEx+0x1e
8e7c7be8 82ccbcd0 86953d48 82d09501 82d94ba0 nt!ObfDereferenceObjectWithTag+0x4b
8e7c7bf0 82d09501 82d94ba0 85ad9020 82d8e3f8 nt!ObfDereferenceObject+0xd
8e7c7bf4 82d94ba0 85ad9020 82d8e3f8 82cd0aab nt!PspReaper+0x75
8e7c7c50 82e5bf64 00000002 ab926faa 00000000 nt!PsReaperWorkItem
8e7c7c90 82d04219 82cd099e 00000002 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObfDereferenceObjectWithTag+4b
82ccbd22 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ObfDereferenceObjectWithTag+4b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fd753
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_nt!ObfDereferenceObjectWithTag+4b
BUCKET_ID: 0x18_OVER_DEREFERENCE_nt!ObfDereferenceObjectWithTag+4b
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
82c53000 83065000 nt (pdb symbols) c:\symcache\ntkrpamp.pdb\C820DD65C4BC4499A56D7610BE16FD082\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Mapped memory image file: c:\symcache\ntkrnlpa.exe\4D9FD753412000\ntkrnlpa.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Sat Apr 09 04:49:39 2011 (4D9FD753)
CheckSum: 003D8569
ImageSize: 00412000
File version: 6.1.7601.17592
Product version: 6.1.7601.17592
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 6.1.7601.17592
FileVersion: 6.1.7601.17592 (win7sp1_gdr.110408-1631)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.