BSOD - Bug Analysis, help interpreting?

Deadbeat

Deadbeat

Deadbeat

Soldato
Joined
26 May 2009
Posts
5,415
Hey folks, having a few issues with the gf/s computer. It's been randomly not going to POST on start-up, and when it does boot up it occasionally BSODs on random tasks - opening documents, web browser and so forth. I've done a bit of hunting and unearthed how to read the dump files, but as to how to interpret it, well - not a clue. Anyone out there able to give me a heads-up?

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600017263d, Address of the instruction which caused the bugcheck
Arg3: fffff8800a465210, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
win32k!NtUserGetProp+3d
fffff960`0017263d 8b5104 mov edx,dword ptr [rcx+4]

CONTEXT: fffff8800a465210 -- (.cxr 0xfffff8800a465210)
rax=fffff900c0809ad0 rbx=0000000000000000 rcx=fff7f900c0812ac0
rdx=fffffa800a316360 rsi=0000000000000000 rdi=000000000000c048
rip=fffff9600017263d rsp=fffff8800a465bf0 rbp=fffff8800a465ca0
r8=fffff900c1f5d5e0 r9=0000000000000000 r10=fffff96000172600
r11=fffff900c1f5d5e0 r12=0000000000000069 r13=0000000000000001
r14=000000000391f2e0 r15=00000000ff8c1d38
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
win32k!NtUserGetProp+0x3d:
fffff960`0017263d 8b5104 mov edx,dword ptr [rcx+4] ds:002b:fff7f900`c0812ac4=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: explorer.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff8000308bed3 to fffff9600017263d

STACK_TEXT:
fffff880`0a465bf0 fffff800`0308bed3 : fffffa80`09fb4b50 00000000`0391f0f8 00000000`00000000 00000000`0000c048 : win32k!NtUserGetProp+0x3d
fffff880`0a465c20 00000000`76b888da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0391f148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76b888da


FOLLOWUP_IP:
win32k!NtUserGetProp+3d
fffff960`0017263d 8b5104 mov edx,dword ptr [rcx+4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!NtUserGetProp+3d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 50e64bda

STACK_COMMAND: .cxr 0xfffff8800a465210 ; kb

FAILURE_BUCKET_ID: X64_0x3B_win32k!NtUserGetProp+3d

BUCKET_ID: X64_0x3B_win32k!NtUserGetProp+3d

Followup: MachineOwner
---------
Click to expand...
 
Hey folks, she's really not sure what gear she has. I know it's an AMD processor and that she got some Crucial Ballistix 12800 RAM last year (https://www.overclockers.co.uk/showproduct.php?prodid=MY-132-CR - strangely, 31.19 in January last year and now £50 before discount :/). Updating her ATI drivers (Sapphire 5830) seemed to help last night, but this morninm another BSOD - this time with a 0x0000001E stop code. Can't boot it up to get the dump file, won't got to POST again, so now's a good a time as any to reseat the RAM, I suppose...

Edit: Booted, minidump appropriated and processed:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {0, 0, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.

FAULTING_IP:
+3937313133326239
00000000`00000000 ?? ???

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000000

ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0

BUGCHECK_STR: 0x1E_0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

EXCEPTION_RECORD: fffff88002f1bb48 -- (.exr 0xfffff88002f1bb48)
ExceptionAddress: fffff800030829c2 (nt!KiIdleLoop+0x00000000000000d2)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME: fffff88002f1bbf0 -- (.trap 0xfffff88002f1bbf0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000018c570 rbx=0000000000000000 rcx=0000000000000002
rdx=0000006600000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030829c2 rsp=fffff88002f1bd80 rbp=0000000000000000
r8=0000000000000000 r9=00000000002fe644 r10=00000000000178d0
r11=fffffa80073a51fe r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!KiIdleLoop+0xd2:
fffff800`030829c2 48014718 add qword ptr [rdi+18h],rax ds:00000000`00000018=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000308263e to fffff8000308ac10

STACK_TEXT:
fffff880`02f1ac28 fffff800`0308263e : fffffa80`0a429380 fffffa80`09cb7680 fffff880`02f1b3a0 fffff800`030b5b80 : nt!KeBugCheck
fffff880`02f1ac30 fffff800`030b584d : 00000000`0010001f fffff880`02f1b3a0 fffff880`02f1bbf0 fffff880`02f1bb48 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02f1ac60 fffff800`030b4625 : fffff800`031db008 fffff880`02f1acd8 fffff880`02f1bb48 fffff800`03015000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`02f1ac90 fffff800`030c55b1 : fffff880`02f1bb48 fffff880`02f1b3a0 fffff880`00000000 fff7f880`009f3f40 : nt!RtlDispatchException+0x415
fffff880`02f1b370 fffff800`0308a2c2 : fffff880`02f1bb48 fffff880`009e9180 fffff880`02f1bbf0 fffffa80`09c29060 : nt!KiDispatchException+0x135
fffff880`02f1ba10 fffff800`03088bca : 00000000`000000e8 00000000`000000f8 fffffa80`073a5150 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`02f1bbf0 fffff800`030829c2 : fffff880`009e9180 fffff880`00000000 00000000`00000000 fffff880`068d2588 : nt!KiGeneralProtectionFault+0x10a
fffff880`02f1bd80 00000000`00000000 : fffff880`02f1c000 fffff880`02f16000 fffff880`02f1bd40 00000000`00000000 : nt!KiIdleLoop+0xd2


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiKernelCalloutExceptionHandler+e
fffff800`0308263e 90 nop

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 50e79935

FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e

BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e

Followup: MachineOwner
---------

1: kd> lmvm nt
start end module name
fffff800`03015000 fffff800`035fc000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\B09DFEAFE5F546ECA785C4F8577A2CC02\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: c:\symbols\ntoskrnl.exe\50E799355e7000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Sat Jan 05 03:08:37 2013 (50E79935)
CheckSum: 0054E86D
ImageSize: 005E7000
File version: 6.1.7601.18044
Product version: 6.1.7601.18044
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.18044
FileVersion: 6.1.7601.18044 (win7sp1_gdr.130104-1431)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Click to expand...

Edit 2: Sorry, just to clarify no overclock at all
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom