BSOD Windows blue-screens when 100% cpu, and some randoms

Page 2 of 3 FirstFirst 123 LastLast

  1. Vir Gnarus
    Posts : 1,314
    Windows 7 64-bit
       New #11

    Your wifi driver (RTL8192su.sys;Realtek) was doing most of the workload for the thread that caused that single crash. While I can't tell anything beyond this tiny minidump, that's where we can start with. I saw the driver dated from Aug 2011, so you may wanna check for an update with it, also checking an update for your BIOS as well since that can interfere as well. I assume this is a USB wifi dongle given that I'm seeing USB activity in the stack as well, and I know from experience those wifi dongles can sometimes be a little iffy in stability when it comes to drivers.

    If none of the previous recommendations fixes anything, I recommend you turn on Driver Verifier, let it crash the system some, and then send us the crashdumps.

    Oh, and don't rule out the CA Antivirus here. I've seen it cause stability issues with people, so it wouldn't be any exception here. However, as of now it is not a prime suspect given the current (albeit sparse) data.

    Analysts:

    One of the first items to look at in a crashdump is the raw stack of the faulting thread. I'll forgo using Niemiro's tidy little extension he's made for Windbg for such an occasion and demonstrate how to do so without:

    Code:
    1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000100000023, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800033b624c, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

TRAP_FRAME:  fffff8800311a640 -- (.trap 0xfffff8800311a640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000ffffffff rbx=0000000000000000 rcx=fffffa800afe9ed1
rdx=fffffa8007c937c1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033b624c rsp=fffff8800311a7d8 rbp=fffffa8000000000
 r8=0000000000000801  r9=fffff8000320c000 r10=fffff880009eab20
r11=fffff8800311a9b8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x16c:
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h] ds:00000001`00000023=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000328a569 to fffff8000328afc0

STACK_TEXT:  
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExAllocatePoolWithTag+16c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be

FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+16c

BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+16c

Followup: MachineOwner
---------

1: kd> !thread
GetPointerFromAddress: unable to read from fffff800034ba000
THREAD fffff880009f50c0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
Not impersonating
GetUlongFromAddress: unable to read from fffff800033f9ba4
Owning Process            fffff8000340c180       Image:         <Unknown>
Attached Process          fffffa80066dd040       Image:         System
fffff78000000000: Unable to get shared data
Wait Start TickCount      1022583      
Context Switch Count      1095647        IdealProcessor: 1             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff80003282c70)
Stack Init fffff8800311bc70 Current fffff8800311bc00
Base fffff8800311c000 Limit fffff88003116000 Call 0
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0311a640)
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c

1: kd> dps fffff88003116000 fffff8800311c000     //start of range is Limit, end of range is Base, since stacks grow backwards.
fffff880`03116000  ????????`????????
fffff880`03116008  ????????`????????
fffff880`03116010  ????????`????????    //Currently unused portion of stack
fffff880`03116018  ????????`????????
fffff880`03116020  ????????`????????
fffff880`03116028  ????????`????????

...

fffff880`03119ff0  ????????`????????
fffff880`03119ff8  ????????`????????
fffff880`0311a000  00000000`00000000     //Current top of stack
fffff880`0311a008  00000000`00000000
fffff880`0311a010  00000000`37383138
fffff880`0311a018  fffff800`0328afc0 nt!KeBugCheckEx
fffff880`0311a020  00000000`00000000
fffff880`0311a028  00000000`00000000
fffff880`0311a030  00000000`00000000

...

fffff880`0311a938  fffffa80`0c4a6000
fffff880`0311a940  fffff880`0311a9c8
fffff880`0311a948  fffff880`0d2d0392 RTL8192su+0xe392
fffff880`0311a950  00000000`00000000
fffff880`0311a958  00000000`00000000

...

fffff880`0311b4d0  00000068`06938100
fffff880`0311b4d8  fffff880`0d338618 RTL8192su+0x76618
fffff880`0311b4e0  fffffa80`0c5c8000
fffff880`0311b4e8  fffff880`07d4cd8f usbhub!UsbhPdoInternalDeviceControl+0x373
fffff880`0311b4f0  00000000`00000000     //Current bottom of stack. Notice USB activity in stack.
fffff880`0311b4f8  ????????`????????
fffff880`0311b500  ????????`????????
      My Computer
    Quote Quote

  3. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #12

    I just forced the BSOD, it was about 10 minuts ago, did run the diagnotic tool again, and i will post it here. There are a few files more her than in the first post. Hope this wll helps. By the way, The BSOD was something like driver irg not less or equal. and the first codeline was ending at 0002, but the time was to short to write it down all.

    Thank you all.
      My Computer
    Quote Quote

  4. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #13

    Vir Gnarus said:
    Your wifi driver (RTL8192su.sys;Realtek) was doing most of the workload for the thread that caused that single crash. While I can't tell anything beyond this tiny minidump, that's where we can start with. I saw the driver dated from Aug 2011, so you may wanna check for an update with it, also checking an update for your BIOS as well since that can interfere as well. I assume this is a USB wifi dongle given that I'm seeing USB activity in the stack as well, and I know from experience those wifi dongles can sometimes be a little iffy in stability when it comes to drivers.

    If none of the previous recommendations fixes anything, I recommend you turn on Driver Verifier, let it crash the system some, and then send us the crashdumps.

    Oh, and don't rule out the CA Antivirus here. I've seen it cause stability issues with people, so it wouldn't be any exception here. However, as of now it is not a prime suspect given the current (albeit sparse) data.

    Analysts:

    One of the first items to look at in a crashdump is the raw stack of the faulting thread. I'll forgo using Niemiro's tidy little extension he's made for Windbg for such an occasion and demonstrate how to do so without:

    Code:
    1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000100000023, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800033b624c, address which referenced memory
 
Debugging Details:
------------------
 
TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
 
BUGCHECK_STR:  0xC5_2
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h]
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
 
PROCESS_NAME:  System
 
TRAP_FRAME:  fffff8800311a640 -- (.trap 0xfffff8800311a640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000ffffffff rbx=0000000000000000 rcx=fffffa800afe9ed1
rdx=fffffa8007c937c1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033b624c rsp=fffff8800311a7d8 rbp=fffffa8000000000
 r8=0000000000000801  r9=fffff8000320c000 r10=fffff880009eab20
r11=fffff8800311a9b8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x16c:
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h] ds:00000001`00000023=????????
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff8000328a569 to fffff8000328afc0
 
STACK_TEXT:  
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
nt!ExAllocatePoolWithTag+16c
fffff800`033b624c 8b4824          mov     ecx,dword ptr [rax+24h]
 
SYMBOL_STACK_INDEX:  3
 
SYMBOL_NAME:  nt!ExAllocatePoolWithTag+16c
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
IMAGE_NAME:  ntkrnlmp.exe
 
DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be
 
FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+16c
 
BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+16c
 
Followup: MachineOwner
---------
 
1: kd> !thread
GetPointerFromAddress: unable to read from fffff800034ba000
THREAD fffff880009f50c0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
Not impersonating
GetUlongFromAddress: unable to read from fffff800033f9ba4
Owning Process            fffff8000340c180       Image:         <Unknown>
Attached Process          fffffa80066dd040       Image:         System
fffff78000000000: Unable to get shared data
Wait Start TickCount      1022583      
Context Switch Count      1095647        IdealProcessor: 1             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address nt!KiIdleLoop (0xfffff80003282c70)
Stack Init fffff8800311bc70 Current fffff8800311bc00
Base fffff8800311c000 Limit fffff88003116000 Call 0
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0311a4f8 fffff800`0328a569 : 00000000`0000000a 00000001`00000023 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0311a500 fffff800`032891e0 : fffff880`0311a970 00000000`ee795b35 fffffa80`072f36d0 fffffa80`07c937b0 : nt!KiBugCheckDispatch+0x69
fffff880`0311a640 fffff800`033b624c : fffff880`026f20de fffffa80`08ecc7f0 fffff880`016c64e0 fffff880`0272d5c0 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0311a640)
fffff880`0311a7d8 00000000`00000000 : 00000000`00000000 00000000`37383138 fffff880`0747e0c7 fffff880`0747f340 : nt!ExAllocatePoolWithTag+0x16c
 
1: kd> dps fffff88003116000 fffff8800311c000     //start of range is Limit, end of range is Base, since stacks grow backwards.
fffff880`03116000  ????????`????????
fffff880`03116008  ????????`????????
fffff880`03116010  ????????`????????    //Currently unused portion of stack
fffff880`03116018  ????????`????????
fffff880`03116020  ????????`????????
fffff880`03116028  ????????`????????
 
...
 
fffff880`03119ff0  ????????`????????
fffff880`03119ff8  ????????`????????
fffff880`0311a000  00000000`00000000     //Current top of stack
fffff880`0311a008  00000000`00000000
fffff880`0311a010  00000000`37383138
fffff880`0311a018  fffff800`0328afc0 nt!KeBugCheckEx
fffff880`0311a020  00000000`00000000
fffff880`0311a028  00000000`00000000
fffff880`0311a030  00000000`00000000
 
...
 
fffff880`0311a938  fffffa80`0c4a6000
fffff880`0311a940  fffff880`0311a9c8
fffff880`0311a948  fffff880`0d2d0392 RTL8192su+0xe392
fffff880`0311a950  00000000`00000000
fffff880`0311a958  00000000`00000000
 
...
 
fffff880`0311b4d0  00000068`06938100
fffff880`0311b4d8  fffff880`0d338618 RTL8192su+0x76618
fffff880`0311b4e0  fffffa80`0c5c8000
fffff880`0311b4e8  fffff880`07d4cd8f usbhub!UsbhPdoInternalDeviceControl+0x373
fffff880`0311b4f0  00000000`00000000     //Current bottom of stack. Notice USB activity in stack.
fffff880`0311b4f8  ????????`????????
fffff880`0311b500  ????????`????????
    Hi. I will check for the realtec drivers, and will update them, and the bios to. I already downloaded the newest bios, I will install it on next restart. You are right about the USB WIFI Dongle for internet connection. I will disconnect this one and use a cable. When i was writing the previous post with the new sf tool data files i saw the message from you. So the sf tool log files are before i did anything that you advised me about.

    I'll let you know very soon. Thanks so far
      My Computer
    Quote Quote

  6. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #14

    A little update. I did a bios update, and did run the latest driver for the RTL8192su But the latest drivers fot my usb wifi dongle are from march 2010, so it not been updated ever. As soon as possible i will install a cable for my internet connection using the onboard LAN port, and i will remove the usb dongle. Then i will run the driver verifier as told, and will try to force a BSOD again, so that you will have some more data. When it happens i post here again.

    Thanks
    Last edited by Leon; 22 Jan 2013 at 19:09.
      My Computer
    Quote Quote

  7. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #15

    Hi

    Another little update. Pc has been running for 9 hours, and did just reboot for the uninstallation of CA Antivirus. You said that it was not the primary suspect, but i want to make it as easy as possible for you guys to id the problem. I installed MS security essentials, because i read something about that in another threat. Still using the USB wifi dongle, but its morning over here, so i will buy some utp cable and connect the pc with it, and i will start driver verifier as told, and will try to get BSOD.

    Thanks so far
      My Computer
    Quote Quote

  8. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #16

    Here Again.

    I did install a network cable for internet connection. I have done all the things said. But now i have a problem with driver verifier. I used the link shortcut to set the options right, but at step 6 wher jou have to select all the drivers that are not supported bij microsoft, there are 2 items in that list, but both are supported by microsoft. See image attached here. I tried to continiue, but i have to select at least one.

    Thanks
      My Computer
    Quote Quote

  10. Vir Gnarus
    Posts : 1,314
    Windows 7 64-bit
       New #17

    Are you trying to do this all in a diagnostic startup or safe mode? Either of those will greatly reduce the amount of drivers loaded during startup. Driver Verifier will only present drivers that it sees are currently loaded.
      My Computer
    Quote Quote

  11. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #18

    Just had a BSOD like 10 minuts ago. I was forcing the BSOD. Full downloading and was playing Far cry 3 for 1 hour and 6 minutes, see zip file attached. I checked for the startupmode in msconfig It's on the third on. You have normal mode, diagnostic and selective. Mine was on selective, but all boxes are checked. I have set it on normal mode, and will reboot system, than i will try driver verifier again.
      My Computer
    Quote Quote

  12. Leon
    Posts : 21
    Windows 7 Ultimate X64
    Thread Starter
       New #19

    Leon said:
    Just had a BSOD like 10 minuts ago. I was forcing the BSOD. Full downloading and was playing Far cry 3 for 1 hour and 6 minutes, see zip file attached. I checked for the startupmode in msconfig It's on the third on. You have normal mode, diagnostic and selective. Mine was on selective, but all boxes are checked. I have set it on normal mode, and will reboot system, than i will try driver verifier again.
    I did a normal mode restart, and have run driver verifier again, but it makes no difference in the outcome, still the same two results i can check. Or am i doing somthing wrong.

    Thanks
      My Computer
    Quote Quote

  13. Vir Gnarus
    Posts : 1,314
    Windows 7 64-bit
       New #20

    This is very unusual behavior. Either you incidentally omitted drivers from starting up, or something is causing Driver Verifier to not see the loaded module list properly, which I can't think of anything outside of malware doing that. Have you ran through any procedures to get your system scanned for malware?

    I'm seeing hardware-related problems in some of the new crashdumps, especially stuff like IP misalignments which are commonly caused by hardware failure.

    I'm curious, is your system stable without the wifi dongle connected, or are you waiting to get that cable first before you decide to test it that way?
      My Computer
    Quote Quote

 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Hello . For about 2 months i am having BSOD in my pc . That problem occurs in both HDD that run win 7 individually .The win 7 os in one of HDD'S during a start up mentioned a registry problem and that i can't correct with os cd fix tool and the other HDD after a while shows a blue screen...
BSOD crash and blue screens
in BSOD Help and Support

I am getting blue screen or crash with black screen if I am getting black screen I need to restart it my self or its restarding itself. I used whocrashed to see what happend and I got: crash dump file: C:\Windows\memory.dmp This was probably caused by the following module: win32k.sys...
Hello. I finally gave up all hope trying to solve my problem by myself. I just built a new computer early last month and everything was fine til a week later when I started getting very random blue screens mostly blaming ntoskrnl, or other windows services. These blue screens didn't seem...
Rogue Blue screens/Black screens
in BSOD Help and Support

And I'm back again giving you another annoying dilemma to help me with. Okay, the problems are on my main pc. The specs are below: Windows 7 Ult. 64bit Gigabyte 880GA-UD3H AMD Phenom II X6 1100T 4GB DDR3 PNY RAM 500GB Seagate HDD Dynex 400 Watt Power Supply
Hello I am getting random blue screens, while playing games (All kind, not a specific game) and even while just browsing the net. I really don't know what is causing them, What I did was first opening the case and making sure everything seem OK there, tried reseating the GFX and the memory as...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 08:41.
Find Us