New
#21
And last night I got another BSoD. It didn't dump (and it doesn't appear to have written to the log), it said something about memory issues. I don't recall the exact message, but if I see the message I'd reconise it.
And last night I got another BSoD. It didn't dump (and it doesn't appear to have written to the log), it said something about memory issues. I don't recall the exact message, but if I see the message I'd reconise it.
Ran the memory tester again for 20 hours, with the lid closed and internal cooling only; this way, if the issue was from RAM and thermal-related, I would get failures. Result ended up as 11 pass and 0 fail, while I've had the BSoDs occur in less time with less processor load. I'm convinced that whatever driver is causing this gave Windows a false positive for bad memory in the most recent BSoD.
Quick update, just enabled Verifier again, set to only monitor the special pool (which is what triggered the previous Verifier dump). Hopefully this will have a minimal impact on preformance, compared to several of the other options.
EDIT: Quick side question, any way to get Windows to run a program with access to MEMORY.DMP on boot (not login)? I want to throw something quick together which will compress the MEMORY.DMPs automatically, or at least move them out of the way in case there is another crash before I grab the dump.
No, because during boot Windows checks for the presence of a dump file header in pagefile.sys, and renames it memory.dmp (and recreates pagefile.sys if so) - assuming you're not using DedicatedDumpFile, of course. Note if you uncheck the "overwrite any existing file" in the dump options window, it will automatically rename .dmp files - it's not compression, but it will keep multiple .dmp files instead of constantly overwriting memory.dmp.
BSoD, PAGE_FAULT_IN_NONPAGED_AREA:
Dump is at http://cdusto.selfip.com/7f_dump_05.zipCode:PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff96000bd02a8, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff960000cd22a, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000002, (reserved) (...) STACK_TEXT: fffff880`02af0788 fffff800`035465e4 : 00000000`00000050 fffff960`00bd02a8 00000000`00000000 fffff880`02af08f0 : nt!KeBugCheckEx fffff880`02af0790 fffff800`034c7cee : 00000000`00000000 fffff960`00bd02a8 00000000`40000100 fffff900`c0408a00 : nt! ?? ::FNODOBFM::`string'+0x43836 fffff880`02af08f0 fffff960`000cd22a : 00000000`0dc5fd20 fffffa80`09cb9630 fffff880`02af0b60 00000000`00022f78 : nt!KiPageFault+0x16e fffff880`02af0a80 fffff960`000e2a2d : 00000000`000a05c0 00000000`fff5c000 00000000`0dc5fd20 00000000`fff5c000 : win32k!ValidateHwnd+0xda fffff880`02af0ab0 fffff800`034c8e53 : fffffa80`09cb9630 00000000`0f44f1d8 00000000`00000000 00000000`0000c028 : win32k!NtUserGetProp+0x25 fffff880`02af0ae0 00000000`72a7feba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0dc5e5f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72a7feba
Still waiting on a new Verifier bugcheck.
How does it rename the dump files? I just searched through the Windows/ tree, I don't see them, and there should be at least 2 from the past 24 hours...
(please note that I have the Cygwin find(1) in my %PATH% before the Windows find.exe)Code:c:\Windows>find | grep -i dmp$ find: `./Logs/SystemRestore': Permission denied ./LiveKernelReports/WATCHDOG/WD-20141129-2203.dmp ./LiveKernelReports/WATCHDOG/WD-20141214-2115.dmp ./LiveKernelReports/WATCHDOG/WD-20150103-1632.dmp ./LiveKernelReports/WATCHDOG/WD-20150105-1726.dmp ./LiveKernelReports/WATCHDOG/WD-20150108-2305.dmp ./LiveKernelReports/WATCHDOG/WD-20150116-1849.dmp ./LiveKernelReports/WATCHDOG/WD-20150124-1206.dmp ./LiveKernelReports/WATCHDOG/WD-20150125-1442.dmp ./LiveKernelReports/WATCHDOG/WD-20150130-0126.dmp find: `./Logs/WindowsBackup': Permission denied ./MEMORY.DMP find: `./PCHEALTH/ERRORREP/QHEADLES': Permission denied find: `./PCHEALTH/ERRORREP/QSIGNOFF': Permission denied ./Minidump/020715-34133-01.dmp ./Minidump/020815-27768-01.dmp ./Minidump/020815-28516-01.dmp ./Minidump/020815-29016-01.dmp ./Minidump/020915-25802-01.dmp ./Minidump/021215-34944-01.dmp find: `./Prefetch': Permission denied ./ServiceProfiles/LocalService/AppData/Local/CrashDumps/svchost.exe.1076.dmp ./ServiceProfiles/LocalService/AppData/Local/CrashDumps/svchost.exe.1980.dmp ./System32/com/dmp find: `./System32/LogFiles/HTTPERR': Permission denied ./System32/LogFiles/WUDF/WudfHost_ext__1508.dmp ./SysWOW64/com/dmp find: `./Temp/72ACDBDC-322C-447D-988B-A292E804BEC4-Sigs': Permission denied find: `./Temp/SDIAG_3034da67-67e4-4a91-bbed-f5bb7d7602f9': Permission denied ./winsxs/amd64_microsoft-windows-icm-profiles_31bf3856ad364e35_6.1.7600.16385_none_f5547dd01f628131/wscRGB.cdmp ./winsxs/amd64_microsoft-windows-icm-profiles_31bf3856ad364e35_6.1.7600.16385_none_f5547dd01f628131/wsRGB.cdmp
The file should be (by default) stored in %windir%\memory.dmp. When Windows crashes, the contents of memory (small, kernel, or full, depending on type) are written to the paging file. On reboot, there's a process that runs during system init that checks the paging file to see if it contains memory dump headers - if so, the paging file is renamed to memory.dmp (and potentially a number in parenthesis afterwards, if a file with that name already exists) and then a new paging file is created. Once that completes, Windows continues booting.
Well, it doesn't appear to be doing that for some reason, and it is set to NOT overwrite the file. I might also note that the modification date is set to the 12th, so it would appear that it isn't writing the full dumps now. Setting it back to overwrite dumps.
You might need to delete the original memory.dmp file if it existed before you checked that box for it to work...
Just started playing X Rebirth, which is a memory and CPU hog. I say memory hog since running it tends to cause everything else to swap out.
Well, it just hung on a Wait:WrPageIn, and is unable to be killed. I have Process Explorer dumping it right now, but a quick search indicates that it might be a driver problem. However, I'm unable to get a debugger attached to the kernel (but I did just `bcdedit -debug on`), so I can't really track the issue right now. I'm additionally unable to get a stack trace via Process Explorer ("Error accessing thread"), so I'm pretty much stuck right now, and going to have to reboot manually.
I should have kernel debug availible afterwards, though, so if I get this hang again, it might be possible to track down the driver. Unless, of course, this issue just now arose because of memory corruption...