New
#1
Random BSODs when waking from sleep and other
Hi
my PC is getting random BSODs , dumps and info in attached zip file. Happened few times when trying to wake computer from sleep, then randomly when browsing or playing games. All drivers should be updated to latest and I ran memtest and diskcheck with no errors.
I also ran windbg and captured some of analysis
Code:Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600 Machine Name: Kernel base = 0xfffff800`03068000 PsLoadedModuleList = 0xfffff800`032aa750 Debug session time: Sat Nov 25 09:24:23.500 2017 (UTC + 1:00) System Uptime: 0 days 0:33:56.514 Loading Kernel Symbols ............................................................... ................................................................ ..................................... Loading User Symbols PEB is paged out (Peb.Ldr = 000007ff`fffd4018). Type ".hh dbgerr001" for details Loading unloaded module list ........ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {1002000000, 2, 0, fffff800030e4a82} *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys Probably caused by : ntkrnlmp.exe ( nt!KiProcessExpiredTimerList+72 ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000001002000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff800030e4a82, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 0000001002000000 CURRENT_IRQL: 2 FAULTING_IP: nt!KiProcessExpiredTimerList+72 fffff800`030e4a82 803818 cmp byte ptr [rax],18h DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: svchost.exe ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre DPC_STACK_BASE: FFFFF8800324DFB0 TRAP_FRAME: fffff8800324d680 -- (.trap 0xfffff8800324d680) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000001002000000 rbx=0000000000000000 rcx=000000000b6e7103 rdx=fffffa800c187c80 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800030e4a82 rsp=fffff8800324d810 rbp=000000000001fdef r8=0000000000000008 r9=0000000000000000 r10=fffff80003068000 r11=fffffa800c67fe01 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc nt!KiProcessExpiredTimerList+0x72: fffff800`030e4a82 803818 cmp byte ptr [rax],18h ds:00000010`02000000=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800030d83a9 to fffff800030d8e00 STACK_TEXT: fffff880`0324d538 fffff800`030d83a9 : 00000000`0000000a 00000010`02000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`0324d540 fffff800`030d7020 : 00000000`00000000 00000000`00000001 fffff880`0324d6e0 fffffa80`09dfdef0 : nt!KiBugCheckDispatch+0x69 fffff880`0324d680 fffff800`030e4a82 : fffffa80`09dfdef0 fffffa80`0dbf3888 fffffa80`0dbf3888 00000000`00000102 : nt!KiPageFault+0x260 fffff880`0324d810 fffff800`030e49be : 00000004`bddb7f69 fffff880`0324de88 00000000`0001fdef fffff880`009b7368 : nt!KiProcessExpiredTimerList+0x72 fffff880`0324de60 fffff800`030e46ec : fffff880`009b31ea 00000000`0001fdef fffff880`00f14fc0 00000000`000000e8 : nt!KiTimerExpiration+0x1be fffff880`0324df00 fffff800`030db825 : 00000000`00000000 fffffa80`0bff9770 00000000`00000000 fffff800`03207580 : nt!KiRetireDpcList+0x1bc fffff880`0324dfb0 fffff800`030db63c : fffffa80`0ccb7cf0 fffffa80`00000001 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5 fffff880`064d7f90 fffff800`0312499c : fffffa80`078f9998 fffff880`009b3180 fffff880`009b3180 00000000`00000000 : nt!KiDispatchInterruptContinue fffff880`064d7fc0 fffff800`030dcd8a : 00000000`00000000 00000000`0000029c fffffa80`0b6b0f20 ffffffff`800009f8 : nt!KiDpcInterrupt+0xcc fffff880`064d8150 fffff880`01004903 : fffff880`00000000 fffff880`00000000 fffffa80`0bff9700 fffff800`030e56f8 : nt!KeSetEvent+0xea fffff880`064d81c0 fffff800`030dc0e1 : 00000000`000003f0 fffff880`02e7970f fffffa80`0cc29010 00000000`00000000 : fltmgr!FltpSynchronizedOperationCompletion+0x13 fffff880`064d81f0 fffff880`0146148c : fffffa80`0ccb7cf0 00000000`00000001 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x341 fffff880`064d82e0 fffff880`014f77b8 : fffffa80`0ccb7cf0 00000000`00000000 00000000`00000000 fffffa80`0b0ba820 : Ntfs+0x1148c fffff880`064d8320 fffff880`01002bcf : fffffa80`07233030 fffffa80`0b0ba820 00000000`00000000 00000000`00000000 : Ntfs+0xa77b8 fffff880`064d84d0 fffff880`010222b9 : fffffa80`0b0ba820 fffffa80`0722f010 fffffa80`0b0ba800 fffffa80`0713fa30 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`064d8560 fffff800`033de2bb : 00000000`00000005 00000000`00000840 fffffa80`0b623f20 00000000`00000000 : fltmgr!FltpCreate+0x2a9 fffff880`064d8610 fffff800`033d9dde : fffffa80`07115cd0 00000000`00000000 fffffa80`0e14ab10 fffff880`064d8801 : nt!IopParseDevice+0x14e2 fffff880`064d8770 fffff800`033da8c6 : 00000000`00000000 fffff880`064d88f0 fffff880`00000840 fffffa80`06a1fa30 : nt!ObpLookupObjectName+0x784 fffff880`064d8870 fffff800`033dc6bc : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByName+0x306 fffff880`064d8940 fffff800`033c57a8 : 00000000`0188f410 00000000`00100021 00000000`0188f498 00000000`0188f4c8 : nt!IopCreateFile+0x2bc fffff880`064d89e0 fffff800`030d8093 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtOpenFile+0x58 fffff880`064d8a70 00000000`77adc06a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0188f3b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77adc06a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiProcessExpiredTimerList+72 fffff800`030e4a82 803818 cmp byte ptr [rax],18h SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!KiProcessExpiredTimerList+72 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 59b946d1 IMAGE_VERSION: 6.1.7601.23915 FAILURE_BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+72 BUCKET_ID: X64_0xA_nt!KiProcessExpiredTimerList+72 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0xa_nt!kiprocessexpiredtimerlist+72 FAILURE_ID_HASH: {7384a8b8-ab8d-15fa-8c4d-f12bcbd789b8} Followup: MachineOwner --------- Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.23915.amd64fre.win7sp1_ldr.170913-0600 Machine Name: Kernel base = 0xfffff800`03052000 PsLoadedModuleList = 0xfffff800`03294750 Debug session time: Sun Dec 3 15:52:59.521 2017 (UTC + 1:00) System Uptime: 0 days 2:54:22.489 Loading Kernel Symbols ............................................................... ................................................................ ................................ Loading User Symbols PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1A, {5003, fffff90000812000, 36dd, 32d10000659e} Probably caused by : win32k.sys ( win32k!memset+80 ) Followup: MachineOwner --------- 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* MEMORY_MANAGEMENT (1a) # Any other values for parameter 1 must be individually examined. Arguments: Arg1: 0000000000005003, The subtype of the bugcheck. Arg2: fffff90000812000 Arg3: 00000000000036dd Arg4: 000032d10000659e Debugging Details: ------------------ BUGCHECK_STR: 0x1a_5003 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: E_IATIHAE.EXE CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre TRAP_FRAME: fffff8800a3c4660 -- (.trap 0xfffff8800a3c4660) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff900c282a000 rbx=0000000000000000 rcx=fffff900c2830000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff960001570d0 rsp=fffff8800a3c47f8 rbp=fffff900c0226578 r8=0000000000000038 r9=0000000000000338 r10=0000000000000034 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc win32k!memset+0x80: fffff960`001570d0 488911 mov qword ptr [rcx],rdx ds:fffff900`c2830000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80003130a0b to fffff800030c2e00 STACK_TEXT: fffff880`0a3c42f8 fffff800`03130a0b : 00000000`0000001a 00000000`00005003 fffff900`00812000 00000000`000036dd : nt!KeBugCheckEx fffff880`0a3c4300 fffff800`030e0d8e : 00000000`00000001 fffff900`c2830000 fffff880`0a3c4660 fffff6fc`80614180 : nt! ?? ::FNODOBFM::`string'+0x27cef fffff880`0a3c43f0 fffff800`030d0abb : 00000000`00000000 00000000`00000204 fffffa80`12302060 00000000`00001084 : nt!MiDispatchFault+0x8ce fffff880`0a3c4500 fffff800`030c0f2e : 00000000`00000001 fffff900`c2830000 fffffa80`12419e00 fffff900`c282a000 : nt!MmAccessFault+0xe1b fffff880`0a3c4660 fffff960`001570d0 : fffff960`00145e82 fffff880`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e fffff880`0a3c47f8 fffff960`00145e82 : fffff880`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!memset+0x80 fffff880`0a3c4800 fffff960`00147546 : fffff880`0a3c48c0 fffff880`0a3c49a0 fffff900`c0226578 00000000`00000001 : win32k!AllocateObject+0xf2 fffff880`0a3c4840 fffff960`0011db20 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x39a fffff880`0a3c4930 fffff960`0011d68f : 00000028`000001e0 fffff900`c3576630 00000000`01080030 00000000`000001e0 : win32k!hsurfCreateCompatibleSurface+0x3c4 fffff880`0a3c4a00 fffff800`030c2093 : fffffa80`12302060 fffff880`0a3c4b60 00000000`000001e0 000007fe`db9d1be0 : win32k!GreCreateCompatibleBitmap+0x25f fffff880`0a3c4ae0 000007fe`fef92e0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0024e1b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`fef92e0a STACK_COMMAND: kb FOLLOWUP_IP: win32k!memset+80 fffff960`001570d0 488911 mov qword ptr [rcx],rdx SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: win32k!memset+80 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5a0e642f IMAGE_VERSION: 6.1.7601.23963 FAILURE_BUCKET_ID: X64_0x1a_5003_win32k!memset+80 BUCKET_ID: X64_0x1a_5003_win32k!memset+80 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x1a_5003_win32k!memset+80 FAILURE_ID_HASH: {299262f4-3598-668c-30bf-f5ee54f49842} Followup: MachineOwner ---------
Will be grateful for any advice
Thanks
Last edited by Brink; 03 Dec 2017 at 15:34. Reason: code box