Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Analysing .dmp for BSOD at work

19 Aug 2013   #1
Rickrollin

7 Professional 64-Bit
 
 
Analysing .dmp for BSOD at work

Hi Guys,

I'm a support analyst at a media company and i've been asked to help with a users BSOD, so i took the .dmp off and put into windows debugger

However I'm struggling to find anything of use, it did churn out win32chk.sys but i'm not sure thats the problem

Can i get a second opinion?

.dmp upload;

Download 081513-20186-01.dmp from Sendspace.com - send big files the easy way

Copy of some of my Debug Session;

*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: fffff80003056000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 0

DRVPOWERSTATE_SUBCODE: 4

FAULTING_THREAD: fffffa8009ddd730

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0x9F

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff88005561da0 to fffff800030cea8a

STACK_TEXT:
fffff880`05561e10 fffff880`05561da0 : 00001fa0`006a0005 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x78a8a
fffff880`05561e18 00001fa0`006a0005 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`05561da0
fffff880`05561e20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1fa0`006a0005


STACK_COMMAND: .thread 0xfffffa8009ddd730 ; kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_MMPTE ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_MMPTE ***
*** ***
*************************************************************************
fffff800030cedb2 - nt+78db2
[ 01:21 ]
fffff800030cee96 - nt+78e96 (+0xe4)
[ 09:29 ]
2 errors : !nt (fffff800030cedb2-fffff800030cee96)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

MEMORY_CORRUPTOR: ONE_BIT_LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

Followup: memory_corruption
---------

0: kd> !findthebuild
FindTheBuild service not found
0: kd> !findthebuild
FindTheBuild service not found
0: kd> !findthebuild -s
FindTheBuild service not found
0: kd> !findthebuild -s; reload
FindTheBuild service not found
^ Bad register error in '!findthebuild -s; reload'
0: kd> !reload
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
..........
0: kd> !loaddebugdata C:\Users\rwilliams\Desktop\Daniel Rawlings BSOD\081513-20186-01.dmp
No export loaddebugdata found
0: kd> !load C:\Users\rwilliams\Desktop\Daniel Rawlings BSOD\081513-20186-01.dmp
The call to LoadLibrary(C:\Users\rwilliams\Desktop\Daniel Rawlings BSOD\081513-20186-01.dmp) failed, Win32 error 0n193
"%1 is not a valid Win32 application."
Please check your debugger configuration and/or network access.
0: kd> !loaddebugdata
No export loaddebugdata found
0: kd> lmvm memory_corruption
start end module name
0: kd> lmvm nt
start end module name
fffff800`03056000 fffff800`0363c000 nt (pdb symbols) C:\Program Files\Debugging Tools for Windows (x64)\sym\ntkrnlmp.pdb\DC9628D1EDEC4D779EA56D2438A16F4E2\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x64)\sym\ntoskrnl.exe\51DB806A5e6000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Tue Jul 09 04:15:54 2013 (51DB806A)
CheckSum: 00556FD9
ImageSize: 005E6000
File version: 6.1.7601.18205
Product version: 6.1.7601.18205
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.1.7601.18205
FileVersion: 6.1.7601.18205 (win7sp1_gdr.130708-1532)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
subsystem.
Arg2: 0000000000000258, Timeout in seconds.
Arg3: fffffa8009ddd730, The thread currently holding on to the Pnp lock.
Arg4: fffff8000687b3d0

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys

DRVPOWERSTATE_SUBCODE: 4

FAULTING_THREAD: fffffa8009ddd730

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: CODE_CORRUPTION

BUGCHECK_STR: 0x9F

PROCESS_NAME: System

CURRENT_IRQL: 2

LOCK_ADDRESS: fffff800032cfbe0 -- (!locks fffff800032cfbe0)

Resource @ nt!PiEngineLock (0xfffff800032cfbe0) Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE:
Lock address : 0xfffff800032cfbe0
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0

LAST_CONTROL_TRANSFER: from fffff800030c15d2 to fffff800030cea8a

STACK_TEXT:
fffff880`05561e10 fffff800`030c15d2 : fffffa80`09ddd730 fffffa80`09ddd730 00000000`00000000 00000000`0000000d : nt!KiSwapContext+0x7a
fffff880`05561f50 fffff800`030d299f : fffffa80`1c8f75b0 fffffa80`1c42a660 fffffa80`00000000 fffff880`055624e8 : nt!KiCommitThreadWait+0x1d2
fffff880`05561fe0 fffff880`016b4dd1 : fffffa80`1bab5200 00000000`00000000 fffff880`05562400 fffffa80`1bab5200 : nt!KeWaitForSingleObject+0x19f
fffff880`05562080 fffff880`016b6961 : 00000000`00000000 fffff880`055624e0 000f0100`00000058 00080158`12060000 : storport!RaSendIrpSynchronous+0x71
fffff880`055620e0 fffff880`016ba191 : 00000000`00000000 fffff880`00000002 fffff880`05562380 fffff880`055624e8 : storport!RaidBusEnumeratorIssueSynchronousRequest+0x91
fffff880`055621f0 fffff880`016ba2be : fffffa80`1dc8c520 fffff880`00000002 fffff880`055622e0 fffff880`05562380 : storport!RaidBusEnumeratorIssueReportLuns+0x71
fffff880`05562240 fffff880`016c061b : 00000000`00000002 fffff880`00000002 00000000`00000002 fffff880`05562380 : storport!RaidBusEnumeratorGetLunListFromTarget+0xae
fffff880`055622c0 fffff880`016c0764 : 00000000`00fe0f01 fffffa80`00000002 00000000`00000000 00000000`00000000 : storport!RaidBusEnumeratorGetLunList+0x5b
fffff880`05562350 fffff880`016c0856 : fffffa80`0af9b1b0 00000000`00000001 00000000`00004000 fffffa80`0af9b1b0 : storport!RaidAdapterEnumerateBus+0x94
fffff880`055624c0 fffff880`016fe7f2 : fffffa80`0a6410f0 fffff880`016a7a01 fffffa80`09da30a8 00000000`000000ca : storport!RaidAdapterRescanBus+0x76
fffff880`055625d0 fffff880`016fea00 : fffffa80`1df0cb40 00000000`00000000 fffffa80`0af9b1b0 fffffa80`1df0cb40 : storport!RaidAdapterQueryDeviceRelationsIrp+0xa2
fffff880`05562610 fffff880`016feb94 : fffffa80`1df0cb40 fffff880`016c4110 fffffa80`0af9b060 fffff880`05562740 : storport!RaidAdapterPnpIrp+0x150
fffff880`05562670 fffff800`034884ae : fffffa80`1df0cb40 fffffa80`1bad5650 fffffa80`0af9b060 fffff880`009b3180 : storport!RaDriverPnpIrp+0x94
fffff880`055626b0 fffff800`0348881a : 00000000`00000000 fffffa80`1bad5650 fffff800`031cbec0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`055626f0 fffff800`0348ab67 : fffff800`032cf9a0 fffffa80`0af52610 00000000`00000002 00000000`00000558 : nt!PnpQueryDeviceRelations+0xfa
fffff880`055627b0 fffff800`034bb15c : fffffa80`0af52610 fffffa80`0af5003c fffffa80`0af52610 00000000`00000002 : nt!PipEnumerateDevice+0x117
fffff880`05562810 fffff800`034bb768 : fffff800`032cd560 00000000`00000000 00000000`00000001 fffff800`033386e8 : nt!PipProcessDevNodeTree+0x21c
fffff880`05562a80 fffff800`031ce817 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`05562ad0 fffff800`030d5261 : fffff800`031ce4f0 fffff800`033c3a01 fffffa80`09ddd700 fffff800`032712d8 : nt!PnpDeviceActionWorker+0x327
fffff880`05562b70 fffff800`03369bae : 00000000`00000000 fffffa80`09ddd730 00000000`00000080 fffffa80`09ce1990 : nt!ExpWorkerThread+0x111
fffff880`05562c00 fffff800`030bc8c6 : fffff880`0536d180 fffffa80`09ddd730 fffff880`053780c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`05562c40 00000000`00000000 : fffff880`05563000 fffff880`0555d000 fffff880`055628a0 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: .thread 0xfffffa8009ddd730 ; kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff800030cedb2 - nt!SwapContext_PatchXSave+2
[ 01:21 ]
fffff800030cee96 - nt!SwapContext_PatchXRstor+2 (+0xe4)
[ 09:29 ]
2 errors : !nt (fffff800030cedb2-fffff800030cee96)

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FOLLOWUP_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MEMORY_CORRUPTOR: ONE_BIT_LARGE

FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

BUCKET_ID: X64_MEMORY_CORRUPTION_ONE_BIT_LARGE

Followup: memory_corruption


My System SpecsSystem Spec
.
19 Aug 2013   #2
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Is it a HP Z620 Workstation desktop?

There are multiple issues there.
  • Display is failing. Display driver is of mid 2011... it needs to be updated.
  • Network is also failing ... the driver is older than Windows 7 RTM.
  • SATA/RAID driver is also failing .... that is of early 2012.
  • Network and storage both are failing ... and still McAfee is employed there. I dont recommend it.
But the main issue is the sleep-wake up power transition. That is being caused by the storage device and/ or driver. Hope there is enough free space for hiberfile.sys in the HDD. For a Desktop PC, Sleep and hibernation may be easily turned off ... it is not anything needed there. It will reduce the issue to half.

EDIT: From your analysis I got it ...
Code:
***    Your debugger is not using the correct symbols                 ***
You need to set the symbol path properly to do the analysis.
My System SpecsSystem Spec
19 Aug 2013   #3
Rickrollin

7 Professional 64-Bit
 
 

Thanks for your reply, yes it is.

Would it be possible if you told me how to set the symbol path properly? i followed some code that included +sympath from microsoft, but i wasnt sure how to reload the file once I used their code.
My System SpecsSystem Spec
.

19 Aug 2013   #4
YoYo155

Windows 10
 
 

Great work Arc !

Rickrollin, you can find and answer to all of your question about configuring the debugger in this thread:
My System SpecsSystem Spec
20 Aug 2013   #5
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Thanks YoYo And the same goes for you too
My System SpecsSystem Spec
Reply

 Analysing .dmp for BSOD at work




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Analysing Acronis Secure ZONE
I'm wanting to know the file sizes of some backups or of system images, but no success so far. How can I see the file sizes of everything in secure zone? PS No password protection in the zone so thats not the problem
Backup and Restore
Random, Regular BSOD - need help analysing
Hi all, I have recently started to get random BSODs - 5 year old dell, no hardware changes and no deliberate changes to drivers etc out side of standard windows updates. SFC ok CHKDSK Analysis ok memory check ok
BSOD Help and Support
Multiple BSODs - Help analysing dmp files
Hi there, My laptop is a clevo x7200 that I purchased on the 16th of December. Since the very first day I have been having BSODs at least every 3 days. Sometimes I have 2 or 3 of them in a day. I have run prime95 for 6h without any errors. I also run the extended windows memory test...
BSOD Help and Support
Need a BSOD analysing
So I've fixed most of my issues and i have freezing mainly going on now but i just get BSOD every so often so ill upload the latest minidump and you can give us an idea whether or not its driver related :) Thanks Guys
BSOD Help and Support
Need Help Analysing BSOF
Hi, My brother is getting some random BSODs on his laptop and it would be very helpful if anyone could analyse it and tell me what is the right way of path. I have zipped and attached the minidump files, but if you need anymore information, please let me know. Thank you in advance. ...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 23:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App