BOSD caused by "c:\websymbols\ntkrpamp..."?


  1. Posts : 4
    windows 7
       #1

    BOSD caused by "c:\websymbols\ntkrpamp..."?


    I'm using Win7 Ultimate 32bit, and it crashed every 1 or 2 days. When the same computer runs Windows 2008 sp1 x64, it was very stable.
    Here is Windbg result, Thank you for your help!

    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Gavin\Desktop\071810-18267-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*Symbol information
    Executable search path is:
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0x84248000 PsLoadedModuleList = 0x84390810
    Debug session time: Sun Jul 18 07:50:49.962 2010 (UTC + 8:00)
    System Uptime: 0 days 0:53:16.024
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................
    Loading User Symbols
    Loading unloaded module list
    ......
    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    ATTEMPTED_SWITCH_FROM_DPC (b8)
    A wait operation, attach process, or yield was attempted from a DPC routine.
    This is an illegal operation and the stack track will lead to the offending
    code and original DPC routine.
    Arguments:
    Arg1: 860be5d8, Original thread which is the cause of the failure
    Arg2: 86316030, New thread
    Arg3: b0f2dfd0, Stack address of the original thread
    Arg4: 00000000

    Debugging Details:
    ------------------


    FAULTING_THREAD: 860be5d8

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    BUGCHECK_STR: 0xB8

    PROCESS_NAME: iexplore.exe

    CURRENT_IRQL: 2

    LAST_CONTROL_TRANSFER: from 842afcfd to 84324d10

    STACK_TEXT:
    99d17cc0 842afcfd 000000b8 860be5d8 86316030 nt!KeBugCheckEx+0x1e
    99d17cec 84216924 99d17d34 86951284 00200006 nt!SwapContext_XRstorEnd+0x105
    99d17d00 84216b29 84371c02 99d17d34 30a972d8 hal!HalpDispatchSoftwareInterrupt+0x5e
    99d17d18 84216cc3 86d55008 99d17d34 842874f3 hal!HalpCheckForSoftwareInterrupt+0x83
    99d17d24 842874f3 00000000 00000092 067cb728 hal!HalEndSystemInterrupt+0x67
    99d17d24 6abea617 00000000 00000092 067cb728 nt!KiChainedDispatch+0x73
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    067cb728 00000000 00000000 00000000 00000000 0x6abea617


    STACK_COMMAND: .thread 0xffffffff860be5d8 ; kb

    FOLLOWUP_IP:
    nt!SwapContext_XRstorEnd+105
    842afcfd c3 ret

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!SwapContext_XRstorEnd+105

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrpamp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cacf

    FAILURE_BUCKET_ID: 0xB8_nt!SwapContext_XRstorEnd+105

    BUCKET_ID: 0xB8_nt!SwapContext_XRstorEnd+105

    Followup: MachineOwner
    ---------

    0: kd> lmvm nt
    start end module name
    84248000 84658000 nt (pdb symbols) c:\websymbols\ntkrpamp.pdb\A0D85B412D774C83B08EF4AE749A8B582\ntkrpamp.pdb
    Loaded symbol image file: ntkrpamp.exe
    Mapped memory image file: c:\websymbols\ntkrnlpa.exe\4B88CACF410000\ntkrnlpa.exe
    Image path: ntkrpamp.exe
    Image name: ntkrpamp.exe
    Timestamp: Sat Feb 27 15:33:35 2010 (4B88CACF)
    CheckSum: 003C7867
    ImageSize: 00410000
    File version: 6.1.7600.16539
    Product version: 6.1.7600.16539
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 1.0 App
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Microsoft Corporation
    ProductName: Microsoft® Windows® Operating System
    InternalName: ntkrpamp.exe
    OriginalFilename: ntkrpamp.exe
    ProductVersion: 6.1.7600.16539
    FileVersion: 6.1.7600.16539 (win7_gdr.100226-1909)
    FileDescription: NT Kernel & System
    LegalCopyright: © Microsoft Corporation. All rights reserved.
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    thinkevd said:
    I'm using Win7 Ultimate 32bit, and it crashed every 1 or 2 days. When the same computer runs Windows 2008 sp1 x64, it was very stable.
    Here is Windbg result, Thank you for your help!

    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\Gavin\Desktop\071810-18267-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\websymbols*Symbol information
    Executable search path is:
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0x84248000 PsLoadedModuleList = 0x84390810
    Debug session time: Sun Jul 18 07:50:49.962 2010 (UTC + 8:00)
    System Uptime: 0 days 0:53:16.024
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................
    Loading User Symbols
    Loading unloaded module list
    ......
    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    ATTEMPTED_SWITCH_FROM_DPC (b8)
    A wait operation, attach process, or yield was attempted from a DPC routine.
    This is an illegal operation and the stack track will lead to the offending
    code and original DPC routine.
    Arguments:
    Arg1: 860be5d8, Original thread which is the cause of the failure
    Arg2: 86316030, New thread
    Arg3: b0f2dfd0, Stack address of the original thread
    Arg4: 00000000

    Debugging Details:
    ------------------


    FAULTING_THREAD: 860be5d8

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    BUGCHECK_STR: 0xB8

    PROCESS_NAME: iexplore.exe

    CURRENT_IRQL: 2

    LAST_CONTROL_TRANSFER: from 842afcfd to 84324d10

    STACK_TEXT:
    99d17cc0 842afcfd 000000b8 860be5d8 86316030 nt!KeBugCheckEx+0x1e
    99d17cec 84216924 99d17d34 86951284 00200006 nt!SwapContext_XRstorEnd+0x105
    99d17d00 84216b29 84371c02 99d17d34 30a972d8 hal!HalpDispatchSoftwareInterrupt+0x5e
    99d17d18 84216cc3 86d55008 99d17d34 842874f3 hal!HalpCheckForSoftwareInterrupt+0x83
    99d17d24 842874f3 00000000 00000092 067cb728 hal!HalEndSystemInterrupt+0x67
    99d17d24 6abea617 00000000 00000092 067cb728 nt!KiChainedDispatch+0x73
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    067cb728 00000000 00000000 00000000 00000000 0x6abea617


    STACK_COMMAND: .thread 0xffffffff860be5d8 ; kb

    FOLLOWUP_IP:
    nt!SwapContext_XRstorEnd+105
    842afcfd c3 ret

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!SwapContext_XRstorEnd+105

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntkrpamp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cacf

    FAILURE_BUCKET_ID: 0xB8_nt!SwapContext_XRstorEnd+105

    BUCKET_ID: 0xB8_nt!SwapContext_XRstorEnd+105

    Followup: MachineOwner
    ---------

    0: kd> lmvm nt
    start end module name
    84248000 84658000 nt (pdb symbols) c:\websymbols\ntkrpamp.pdb\A0D85B412D774C83B08EF4AE749A8B582\ntkrpamp.pdb
    Loaded symbol image file: ntkrpamp.exe
    Mapped memory image file: c:\websymbols\ntkrnlpa.exe\4B88CACF410000\ntkrnlpa.exe
    Image path: ntkrpamp.exe
    Image name: ntkrpamp.exe
    Timestamp: Sat Feb 27 15:33:35 2010 (4B88CACF)
    CheckSum: 003C7867
    ImageSize: 00410000
    File version: 6.1.7600.16539
    Product version: 6.1.7600.16539
    File flags: 0 (Mask 3F)
    File OS: 40004 NT Win32
    File type: 1.0 App
    File date: 00000000.00000000
    Translations: 0409.04b0
    CompanyName: Microsoft Corporation
    ProductName: Microsoft® Windows® Operating System
    InternalName: ntkrpamp.exe
    OriginalFilename: ntkrpamp.exe
    ProductVersion: 6.1.7600.16539
    FileVersion: 6.1.7600.16539 (win7_gdr.100226-1909)
    FileDescription: NT Kernel & System
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    We do appreciate the analysis but actually need the whole DMP file. Can you upload it to us?

    Ken
      My Computer


  3. Posts : 4
    windows 7
    Thread Starter
       #3

    the minidump? or memory.dmp file?
      My Computer


  4. Posts : 4
    windows 7
    Thread Starter
       #4

    I've tried to move or rename the folder "c:\websymbols", but it crashed every time after login , about 3~5 mins later.
    Thanks!
      My Computer


  5. Posts : 13,354
    Windows 7 Professional x64
       #5

    I see your BIOSTAR I2C I/O driver is outdated. See if you can find an update: BIOSTAR

    Code:
    
    BS_I2cIo.sys Sun Jun 15 21:02:32 2008¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
    
    Acronis is old and should be removed:
    Code:
    
    snapman.sys  Fri Oct 06 09:44:30 2006  
    
    ...Summary of the Dumps:
    Code:
    
    Built by: 7600.16539.x86fre.win7_gdr.100226-1909
    Debug session time: Sat Jul 17 19:50:49.962 2010 (UTC - 4:00)
    System Uptime: 0 days 0:53:16.024
    BUGCHECK_STR:  0xB8
    PROCESS_NAME:  iexplore.exe
      My Computer


  6. Posts : 4
    windows 7
    Thread Starter
       #6

    Thanks, Jonathan!
    I checked BIOSTAR support site, the drivers have no update since 2008. I think the problem is snapman, that caused BOSD serveral times before,When I found out "Acronis Disk Director Suite 10.0" has not supported on windows 7 yet, it has been removed. But there's another Acronis product:"Acronis Backup & Recovery 10". That should be OK?and I cannot find any "snapman.sys" in C:\ .
    here is another dump file below. (because of snapman.sys).
      My Computer


  7. Posts : 13,354
    Windows 7 Professional x64
       #7

    The driver is likely located in C:\Windows\System32\Drivers.

    Snapman.sys is a component of Acronis True Image. I would advise removing all Acronis products at least for the time being.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:09.
Find Us