Question
148 views

BSOD help please

Jack-C asked on
Windows 7 Pro, Intel i7 3770K 3.5G, Asus P8Z77-V motherboard, Crucial 8GB 1866MHZ DDR3 ELITE (16GB), EVGA GEFORCE GTX660TI 2GB PCIE, CRUCIAL M4 256GB SSD (Full System details in link below to bsod files)

Hello,
This is a pretty new computer with only standard use, no gaming, overclocking, etc. So it's frustrating to see this happen without warning!

There have been 7 or 8 BSOD incidents in the last few days. No new programs. The only one I've actually seen at the exact time it was happening was after doing a windows update (11 updates). When Windows finished updating, it required a restart. BSOD occurred as the restart was happening. Makes me wonder if my system didn't like one of the updates. (I had the updates to do because of my restoring the system to a state of a couple of weeks previously, I suppose.)

I tried sfc /scannow  from administrative command prompt: no help.
I also tried system restore going back about two weeks, several times with different restore points: no help.

I have uploaded the .dmp files and also the msinfo32.nfo file. I have no idea how to interpret the dmp files.

Many thanks for any suggestions.

https://jmclarke.sharefile.com/d/sf1f61bdb73d4642b

Jack

1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on
Hi Jack,

We have two bug checks:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

If we take a look at the call stack:

1: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0331b4a8 fffff800`030f9169 : 00000000`0000000a 00000000`00000478 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0331b4b0 fffff800`030f7de0 : fffff880`0331b600 00000000`00000055 00000000`00000000 fffffa80`0f9d6620 : nt!KiBugCheckDispatch+0x69
fffff880`0331b5f0 fffff880`01cb5a27 : 00000000`00000001 00000000`00000001 00000000`00000001 fffffa80`0cfe38e0 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0331b5f0)
fffff880`0331b780 fffff800`03003713 : 00000000`00000000 fffffa80`0fcccba0 00000000`00000001 fffffa80`0c752000 : CLASSPNP!TransferPktComplete+0x27
fffff880`0331b800 00000000`00000000 : fffffa80`0fcccba0 00000000`00000001 fffffa80`0c752000 00000000`00000000 : nt_fffff80003000000+0x3713


We can see we have a CLASSPNP.sys (SCSI Class System Dll) routine calling into a page fault.

QUOTA_UNDERFLOW (21)

This indicates that quota charges have been mishandled by returning more quota to a particular block than was previously charged.

BugCheck 21, {fffffa800ca3c4c0, 2, 7fa801324fd10, 7fa801322dc65}

^^ The 1st parameter of the bug check is the process (if any) that was initially charged. Let's see what it was:

7: kd> !process fffffa800ca3c4c0
GetPointerFromAddress: unable to read from fffff800032d8000
PROCESS fffffa800ca3c4c0
    SessionId: none  Cid: 129c    Peb: 7efdf000  ParentCid: 02ec
    DirBase: 324181000  ObjectTable: 00000000  HandleCount:   0.
    Image: daemonu.exe
    VadRoot fffffa800ca2b320 Vads 97 Clone 0 Private 12. Modified 4. Locked 0.
    DeviceMap fffff8a00dca2b00
    Token                             fffff8a00dc86860
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (17, 50, 345) (68KB, 200KB, 1380KB)
    PeakWorkingSetSize                1990
    VirtualSize                       64 Mb
    PeakVirtualSize                   70 Mb
    PageFaultCount                    2199
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      725


^^ It was daemonu.exe which is the nVidia Settings Update Manager.

----------------

1. Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your card a try.

2. Update the BIOS to the latest version to improve system stability - https://www.asus.com/Motherboards/P8Z77V_LX/#support

3. If you're still crashing after the above, enable Driver Verifier. This is likely a hardware issue, but I'd like to be sure:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick
Debugger/Reverse Engineer.
1 person found this helpful

Abuse history


progress