I've updated the graphics card driver to the latest version, and everything seemed to be running fine until just now, random BlueScreen (just browsing internet, nothing graphics-intensive). I attached the SF diagnostics log again. Thank you for your help so far x BlueRobot!
Debugging Analysis:
Code:BugCheck 1E, {0, 0, 0, 0} Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )Code:fffff88002f8da08 -- (.exr 0xfffff88002f8da08) ExceptionAddress: fffff80002e7b850 (nt!KiIdleLoop+0x0000000000000020) ExceptionCode: c0000096 ExceptionFlags: 00000000 NumberParameters: 0Okay, the nt!KiIdleLoop function call has executed a privileged instruction (Kernel Mode or Ring 0) in User Mode or Ring 3, which then resulted in the invalid operation code exception being raised and the exception handler interrupting the thread.Code:2: kd> !error c0000096 Error code: (NTSTATUS) 0xc0000096 (3221225622) - {EXCEPTION} Privileged instruction.
Code:2: kd> k Child-SP RetAddr Call Site fffff880`02f8cae8 fffff800`02e7b57e nt!KeBugCheck fffff880`02f8caf0 fffff800`02eae75d nt!KiKernelCalloutExceptionHandler+0xe fffff880`02f8cb20 fffff800`02ead535 nt!RtlpExecuteHandlerForException+0xd fffff880`02f8cb50 fffff800`02ebe4e1 nt!RtlDispatchException+0x415 fffff880`02f8d230 fffff800`02e83202 nt!KiDispatchException+0x135 fffff880`02f8d8d0 fffff800`02e8135f nt!KiExceptionDispatch+0xc2 fffff880`02f8dab0 fffff800`02e7b850 nt!KiInvalidOpcodeFault+0x11f fffff880`02f8dc40 00000000`00000000 nt!KiIdleLoop+0x20The last instruction which was called, was a simply copy some data from the cr8 register to the rcx register, this doesn't seem to be the problem. We need to disassemble the instruction to find more.Code:2: kd> r Last set context: rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002e7b850 rsp=fffff88002f8dc40 rbp=0000000000000000 r8=fffffa800c6e1bb8 r9=0000000000000000 r10=fffffffffffffffb r11=fffff88002f65101 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na po nc cs=0010 ss=0018 ds=0000 es=0000 fs=0000 gs=0000 efl=00010046 nt!KiIdleLoop+0x20: fffff800`02e7b850 440f22c1 mov cr8,rcx
The IOPL (I/O Privilege Level has been set to 0), and therefore once this has been set, the sti instruction can only be called from Ring 0. I believe this instruction sets interrupts to true.Code:2: kd> u nt!KiIdleLoop+0x20 nt!KiIdleLoop+0x20: fffff800`02e7b850 440f22c1 mov cr8,rcx fffff800`02e7b854 488bcb mov rcx,rbx fffff800`02e7b857 e884090100 call nt!PoIdle (fffff800`02e8c1e0) fffff800`02e7b85c fb sti <-- Problem may be here? fffff800`02e7b85d b902000000 mov ecx,2 fffff800`02e7b862 440f22c1 mov cr8,rcx fffff800`02e7b866 80630700 and byte ptr [rbx+7],0 fffff800`02e7b86a 803d41f9230000 cmp byte ptr [nt!HvlEnableIdleYield (fffff800`030bb1b2)],0
I know, the cs segment register contains the CPL (Current Privilege Level), which is supposedly the last two bits, but I'm not sure wherever this can be dumped properly. It was probably running at Ring 3, which would have caused the crash.
##############################################Code:2: kd> .formats 0010 Evaluate expression: Hex: 00000000`00000010 Decimal: 16 <-- 16 bits Octal: 0000000000000000000020 Binary: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00010000 Chars: ........ Time: Thu Jan 01 00:00:16 1970 Float: low 2.24208e-044 high 0 Double: 7.90505e-323
##############################################
I looked through the raw stack, and noticed a few drivers:
Your Atheros network adapter driver seems to be outdated and potentially causing problems, please update the driver from here - ATHEROS drivers for Microsoft Windows (Atheros?????)Code:2: kd> lmvm athrx start end module name fffff880`04c08000 fffff880`04fcf000 athrx T (no symbols) Loaded symbol image file: athrx.sys Image path: \SystemRoot\system32\DRIVERS\athrx.sys Image name: athrx.sys Timestamp: Thu Oct 25 03:31:15 2012 (5088A473) CheckSum: 003AF186 ImageSize: 003C7000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
MSINFO32 seems to point to this model - Qualcomm Atheros AR946x Wireless Network Adapter
You may need to check your motherboard or model support page too.
Your Intel(R) USB 3.0 eXtensible Host Controller Driver seems to be causing problems, check for updates or roll back to a previous driver. Check your motherboard or model support page too.Code:2: kd> lmvm iusb3xhc Browse full module list start end module name fffff880`0f000000 fffff880`0f0c3000 iusb3xhc T (no symbols) Loaded symbol image file: iusb3xhc.sys Image path: \SystemRoot\system32\DRIVERS\iusb3xhc.sys Image name: iusb3xhc.sys Timestamp: Fri Mar 29 12:36:19 2013 (51558AC3) CheckSum: 000C59AC ImageSize: 000C3000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Your also seem to have updated to the Beta driver, and not the WHQL driver.Code:2: kd> lmvm atikmdag start end module name fffff880`0f0c5000 fffff880`0fdb2000 atikmdag T (no symbols) Loaded symbol image file: atikmdag.sys Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys Image name: atikmdag.sys Timestamp: Thu Nov 07 16:47:15 2013 (527BC413) CheckSum: 00CA43A7 ImageSize: 00CED000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
WHQL
Release Date: September 18th 2013
Version: 13.9
In Device Manager: 13.152
I went to this page and entered my information (z-87-pro, Win7 64 bit). The wifi driver is the latest they have on there (V10.0.0.216) and I have the Intel USB 3.0 driver (added the ASmedia_u3_fw_update). I found the WHQL video card driver on this page but I'm not sure what I need to disable/uninstall so there isn't a conflict with the existing drivers. Do you know?
It should just install over the other version of the driver, but you could remove the current driver and then install it.
A couple more issues today. Back to back bluescreens with error codes system_service_exception and then bad_pool_header.
Code:BugCheck 19, {3, fffffa801094d6c0, fffffa801094d6c0, fffffa801095d6c0} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+cbb )The pool page doesn't seem corrupt itself, it's rather the pool freelist is corrupt. The pool freelist is a doubly linked list used to be track of pool allocations. The !poolval extension further illustrates my point.Code:3: kd> !pool fffffa801094d6c0 GetPointerFromAddress: unable to read from fffff800030b8100 Pool page fffffa801094d6c0 region is GetUlongFromAddress: unable to read from fffff800030b81c0 Nonpaged pool fffffa801094d000 size: 510 previous size: 0 (Allocated) Thre (Protected) fffffa801094d510 size: 40 previous size: 510 (Allocated) WfpH fffffa801094d550 size: 90 previous size: 40 (Allocated) Vad fffffa801094d5e0 size: d0 previous size: 90 (Allocated) CcBc *fffffa801094d6b0 size: 20 previous size: d0 (Free) *Ntfi Pooltag Ntfi : IRP_CONTEXT, Binary : ntfs.sys fffffa801094d6d0 size: 80 previous size: 20 (Free ) SeTl fffffa801094d750 size: 80 previous size: 80 (Free ) smMd fffffa801094d7d0 size: b0 previous size: 80 (Free) smMd fffffa801094d880 size: 50 previous size: b0 (Allocated) VadS fffffa801094d8d0 size: 90 previous size: 50 (Allocated) Vad fffffa801094d960 size: d0 previous size: 90 (Allocated) CcBc fffffa801094da30 size: d0 previous size: d0 (Allocated) CcBc fffffa801094db00 size: 20 previous size: d0 (Free) ViMm fffffa801094db20 size: 3b0 previous size: 20 (Allocated) Irp fffffa801094ded0 size: 90 previous size: 3b0 (Allocated) Vad fffffa801094df60 size: 20 previous size: 90 (Free) Io fffffa801094df80 size: 80 previous size: 20 (Allocated) Even (Protected)
As a side note, I managed to find out how to view the privilege field contained within the cs register.Code:3: kd> !poolval fffffa801094d6c0 Pool page fffffa801094d6c0 region is Nonpaged pool Validating Pool headers for pool page: fffffa801094d6c0 Pool page [ fffffa801094d000 ] is VALID.
Notice a single bit is corrupt, a link should always point to the next entry and the previous entry. This may be due to very acute problems with drivers or can be hardware.Code:Arguments: Arg1: 0000000000000003, the pool freelist is corrupt. Arg2: fffffa801094d6c0, the pool entry being checked. Arg3: fffffa801094d6c0, the read back flink freelist value (should be the same as 2). <-- Forward Link Arg4: fffffa801095d6c0, the read back blink freelist value (should be the same as 2). <-- Backwards Link
Attachment 294057
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:
InformationAdditional Help - Using Driver Verifier to identify issues with Drivers
Select Individual Settings, and select all the options, apart from the Low Resources Simulation.
Ok, so I ran Driver Verifier, and had some interesting problems. Every time I checked, it had crashed like this: https://i.imgur.com/Qyoqnk8.jpg
This happened without warning, usually within a few minutes of login. It would stay like that until I rebooted, then proceed to do the same thing. I have disabled Verifier now so I can post this. I don't know if it actually Bluescreen'd at all, but I created the attached log files anyways.
That's quite a common problem with Driver Verifier, and it does it seem to have crashed quite a few problems actually.
Code:BugCheck A, {3, 2, 0, fffff80002e86d49} Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+189 )I would roll back to an earlier version of this driver if available, and I know since Qualcomm took over Atheros their drivers haven't been the best.Code:0: kd> lmvm athrx start end module name fffff880`04806000 fffff880`04bcd000 athrx T (no symbols) Loaded symbol image file: athrx.sys Image path: \SystemRoot\system32\DRIVERS\athrx.sys Image name: athrx.sys Timestamp: Thu Oct 25 03:31:15 2012 (5088A473) CheckSum: 003AF186 ImageSize: 003C7000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Code:BugCheck 3B, {c0000005, fffff80002ecce94, fffff88006af8d60, 0} Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXRstor+0 )Code:2: kd> !error 0xc0000005 Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.The xrstor instruction seems to be causing problems here, and the memory address which it referenced was stored in the rcx register. The xrstor instruction is used to restore the processor from a extended processor state.Code:nt!SwapContext_PatchXRstor+0 fffff800`02ecce94 0fae29 xrstor [rcx]
A General Protection Fault can arise if the memory address is not aligned on a 64-byte boundary. x64 and x86 modes.
Ok I've installed a newer version of the athrx driver (version 10.0.0.255 replacing 10.0.0.216 I think) since I didn't have an older one to roll back on. Before I had a chance to do that however, it bluescreen'd at least twice again, attached are the files related to that.
EDIT: It happened again after updating that driver, SYSTEM_SERVICE_EXCEPTION. The _new .zip is the diagnostic files from after that.
Last edited by agentsmith24; 21 Nov 2013 at 00:09.
Ran Windows memory diagnostic for 2 passes with all optional tests just because, it didn't find anything. Shortly after that I had another crash, attached are yet more diagnostic files.
Quote