BSOD Minidump
Ahoj všem,
řeším BSOD u známého. Konfigurace typu AMD Phenom X4 960, grafika AMD5770, nic zvláštního, v poslední době žádný HW upgrade... Výpis minidumpu z MS Debug Tool:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Jenda\Documents\Documents\xxx\041212-22760-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: I:\Symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17790.x86fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xe323d000 PsLoadedModuleList = 0xe33864d0
Debug session time: Thu Apr 12 16:57:36.038 2012 (GMT+2)
System Uptime: 0 days 0:11:36.334
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: c285e5b8, The pool entry we were looking for within the page.
Arg3: c285e6f0, The next pool entry.
Arg4: 18270000, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from e33a6848
Unable to read MiSystemVaType memory at e3385e20
c285e5b8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 1
IRP_ADDRESS: 00060348
LAST_CONTROL_TRANSFER: from e32be131 to e335dc6b
STACK_TEXT:
dccdd9e8 e32be131 c285e5c0 00000000 f678dd1a nt!ExFreePoolWithTag+0x1b1
dccdda34 e32ee746 00060388 dccdda60 dccdda6c nt!IopCompleteRequest+0xe6
dccdda84 e32bb665 00000000 00000000 00000000 nt!KiDeliverApc+0x111
dccddac8 e32ba4d7 c53a7bf8 c4450d48 c4450e44 nt!KiSwapThread+0x24e
dccddaf0 e32b64a4 c4450d48 c4450e08 00000000 nt!KiCommitThreadWait+0x1df
dccddc68 dcf7e556 00000002 c445e520 00000001 nt!KeWaitForMultipleObjects+0x535
WARNING: Stack unwind information not available. Following frames may be wrong.
dccddcc0 dcef5a06 00000001 c445e520 dcefeb2e win32k+0x9e556
dccddd04 dcefd7b1 c445e520 00000001 dd102bc0 win32k+0x15a06
dccddd18 dcfb3dbd 00000004 012afe54 dccddd34 win32k+0x1d7b1
dccddd28 e327b20a 00000004 012afe94 77c77094 win32k+0xd3dbd
dccddd28 77c77094 00000004 012afe94 77c77094 nt!KiFastCallEntry+0x12a
012afe94 00000000 00000000 00000000 00000000 0x77c77094
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k+9e556
dcf7e556 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: win32k+9e556
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b5a5e
FAILURE_BUCKET_ID: 0x19_20_win32k+9e556
BUCKET_ID: 0x19_20_win32k+9e556
Followup: MachineOwner
---------
stejny uzivatel, jiny minidump analyza z MSDT:
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: e324a000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79850
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
FAULTING_IP:
+6832952f04afdf60
d017ebd4 766b jbe d017ec41
TRAP_FRAME: c91d7c28 -- (.trap 0xffffffffc91d7c28)
Unable to read trap frame at c91d7c28
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e32ca35f to d017d3f6
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
e3371c98 e32ca35f c6523030 e337e380 e3374c00 0xd017d3f6
e3371d20 e32c1e0d 00000000 0000000e 00000000 nt+0x8035f
e3371d24 00000000 0000000e 00000000 00000000 nt+0x77e0d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+8035f
e32ca35f ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt+8035f
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntkrnlpa.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Díky za rady a názory.
řeším BSOD u známého. Konfigurace typu AMD Phenom X4 960, grafika AMD5770, nic zvláštního, v poslední době žádný HW upgrade... Výpis minidumpu z MS Debug Tool:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Jenda\Documents\Documents\xxx\041212-22760-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: I:\Symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17790.x86fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xe323d000 PsLoadedModuleList = 0xe33864d0
Debug session time: Thu Apr 12 16:57:36.038 2012 (GMT+2)
System Uptime: 0 days 0:11:36.334
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: c285e5b8, The pool entry we were looking for within the page.
Arg3: c285e6f0, The next pool entry.
Arg4: 18270000, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: GetPointerFromAddress: unable to read from e33a6848
Unable to read MiSystemVaType memory at e3385e20
c285e5b8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 1
IRP_ADDRESS: 00060348
LAST_CONTROL_TRANSFER: from e32be131 to e335dc6b
STACK_TEXT:
dccdd9e8 e32be131 c285e5c0 00000000 f678dd1a nt!ExFreePoolWithTag+0x1b1
dccdda34 e32ee746 00060388 dccdda60 dccdda6c nt!IopCompleteRequest+0xe6
dccdda84 e32bb665 00000000 00000000 00000000 nt!KiDeliverApc+0x111
dccddac8 e32ba4d7 c53a7bf8 c4450d48 c4450e44 nt!KiSwapThread+0x24e
dccddaf0 e32b64a4 c4450d48 c4450e08 00000000 nt!KiCommitThreadWait+0x1df
dccddc68 dcf7e556 00000002 c445e520 00000001 nt!KeWaitForMultipleObjects+0x535
WARNING: Stack unwind information not available. Following frames may be wrong.
dccddcc0 dcef5a06 00000001 c445e520 dcefeb2e win32k+0x9e556
dccddd04 dcefd7b1 c445e520 00000001 dd102bc0 win32k+0x15a06
dccddd18 dcfb3dbd 00000004 012afe54 dccddd34 win32k+0x1d7b1
dccddd28 e327b20a 00000004 012afe94 77c77094 win32k+0xd3dbd
dccddd28 77c77094 00000004 012afe94 77c77094 nt!KiFastCallEntry+0x12a
012afe94 00000000 00000000 00000000 00000000 0x77c77094
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k+9e556
dcf7e556 ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: win32k+9e556
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f2b5a5e
FAILURE_BUCKET_ID: 0x19_20_win32k+9e556
BUCKET_ID: 0x19_20_win32k+9e556
Followup: MachineOwner
---------
stejny uzivatel, jiny minidump analyza z MSDT:
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: e324a000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79850
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
FAULTING_IP:
+6832952f04afdf60
d017ebd4 766b jbe d017ec41
TRAP_FRAME: c91d7c28 -- (.trap 0xffffffffc91d7c28)
Unable to read trap frame at c91d7c28
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e32ca35f to d017d3f6
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
e3371c98 e32ca35f c6523030 e337e380 e3374c00 0xd017d3f6
e3371d20 e32c1e0d 00000000 0000000e 00000000 nt+0x8035f
e3371d24 00000000 0000000e 00000000 00000000 nt+0x77e0d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt+8035f
e32ca35f ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt+8035f
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntkrnlpa.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
Díky za rady a názory.
Podle výpisu zásobníku bych v první řadě podezíral paměť. Prověř moduly pomocí GoldMemory (bohužel shareware verze otestuje korektně max. 3GB paměti, pokud je osazeno více, musíš použít Memtest86+, nebo Memtest86).
