Random BSOD - ntoskrnl.exe to blame?

Hi,

I have been experiencing some BSOD issues lately. They seem to happen randomly. I have also been noticing that my computer is have some slow hangs at periods, but it's rare and I can't pinpoint as to when it happens.

I have attached the zipped contents of my C:\Windows\Minidump folder. I looked at a few files and ntoskrnl.exe was to blame for two to the crashes and wininit.exe was to blame for the third.

Also, for the past several months I have been having rare issues with high DPC latency. It seems to happen when I'm playing an online game and the system sound will start stuttering and the computer will slow down. When this happens, if I continue playing eventually the entire system will crash and if I exit the game I avoid the crash, but latency is still high. I was using this program to check DPC latency: DPC Latency Checker

I don't know if that is related to these BSODs.

I noticed in the system health report that it's showing no antivirus software. I am currently running Avira and my firewall is COMODO.

I am using 64 bit Windows 7 Professional, full retail. My system is about 2 years old and my Windows 7 install is about 1 - 1.5 years old.

Thanks!

LtDrebin said:

Hi,

I have been experiencing some BSOD issues lately. They seem to happen randomly. I have also been noticing that my computer is have some slow hangs at periods, but it's rare and I can't pinpoint as to when it happens.

I have attached the zipped contents of my C:\Windows\Minidump folder. I looked at a few files and ntoskrnl.exe was to blame for two to the crashes and wininit.exe was to blame for the third.

Also, for the past several months I have been having rare issues with high DPC latency. It seems to happen when I'm playing an online game and the system sound will start stuttering and the computer will slow down. When this happens, if I continue playing eventually the entire system will crash and if I exit the game I avoid the crash, but latency is still high. I was using this program to check DPC latency: DPC Latency Checker

I don't know if that is related to these BSODs.

I noticed in the system health report that it's showing no antivirus software. I am currently running Avira and my firewall is COMODO.

I am using 64 bit Windows 7 Professional, full retail. My system is about 2 years old and my Windows 7 install is about 1 - 1.5 years old.

Thanks!

Disk Controller problem please run chkdsk

A- CHKDSK /R /F:

Run CHKDSK /R /F from an elevated (Run as administrator) Command Prompt.

Do this for each hard drive on your system.

When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter.

Then reboot and let the test run.

It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors.

See "CHKDSK LogFile" below in order to check the results of the test.


B- Elevated Command Prompt:

Go to Start and type in "cmd.exe" (without the quotes)

At the top of the Search Box, right click on Cmd.exe and select "Run as administrator"


C-CHKDSK LogFile:

Go to Start and type in "eventvwr.msc" (without the quotes) and press Enter

Expand the Windows logs heading, then select the Application log file entry.

Double click on the Source column header.

Scroll down the list until you find the Chkdsk entry (wininit for Win7) (winlogon for XP).

Copy/paste the results into your next post.

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\Windows_NT6_BSOD_jcgriff2\051311-27487-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16792.amd64fre.win7_gdr.110408-1633
Machine Name:
Kernel base = 0xfffff800`02e12000 PsLoadedModuleList = 0xfffff800`0304fe50
Debug session time: Fri May 13 22:48:03.604 2011 (GMT-4)
System Uptime: 2 days 19:13:59.650
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
...............................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7A, {fffff6fc5004dd28, ffffffffc000009c, 38af1820, fffff8a009ba581c}

Probably caused by : discache.sys ( discache!DisQueryObjectIndex+b3 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc5004dd28, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000009c, error status (normally i/o status code)
Arg3: 0000000038af1820, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a009ba581c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'spsys' and 'hiber_atapor' overlap

ERROR_CODE: (NTSTATUS) 0xc000009c - STATUS_DEVICE_DATA_ERROR

DISK_HARDWARE_ERROR: There was error with disk hardware

BUGCHECK_STR:  0x7a_c000009c

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88008cc3cd0 -- (.trap 0xfffff88008cc3cd0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000006972 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003158786 rsp=fffff88008cc3e60 rbp=fffff8a0089dc010
 r8=fffff8a0089f61c0  r9=fffff88008cc401c r10=0000000000000001
r11=fffff88008cc3ed8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!CmpFindSubKeyByNameWithStatus+0x86:
fffff800`03158786 663907          cmp     word ptr [rdi],ax ds:00000000`00000000=????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ef7278 to fffff80002e82700

STACK_TEXT:  
fffff880`08cc39b8 fffff800`02ef7278 : 00000000`0000007a fffff6fc`5004dd28 ffffffff`c000009c 00000000`38af1820 : nt!KeBugCheckEx
fffff880`08cc39c0 fffff800`02e7454b : fffffa80`0a817bd0 fffff880`08cc3b30 fffff800`0300eb40 fffff880`08cc3fc2 : nt! ?? ::FNODOBFM::`string'+0x34bce
fffff880`08cc3aa0 fffff800`02e9d5c4 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff6fc`50044fb0 : nt!MiIssueHardFault+0x28b
fffff880`08cc3b70 fffff800`02e807ee : 00000000`00000000 00000000`c0000034 11df5d6d`42d55600 63696e6f`6e8022bc : nt!MmAccessFault+0x11c4
fffff880`08cc3cd0 fffff800`03158786 : fffff8a0`089dc010 00000000`c0000034 fffff8a0`089f61c0 00000000`00000018 : nt!KiPageFault+0x16e
fffff880`08cc3e60 fffff800`0315b64f : fffff8a0`089dc010 fffff880`08cc43e0 fffff880`08cc3fa0 fffff880`00000000 : nt!CmpFindSubKeyByNameWithStatus+0x86
fffff880`08cc3ee0 fffff800`0317aa84 : fffff800`0315a840 00000000`00000001 fffffa80`0a70d520 00000000`00000000 : nt!CmpParseKey+0xe0f
fffff880`08cc41b0 fffff800`0317fa5d : fffffa80`0a70d520 fffff880`08cc4310 00000000`00000240 fffffa80`05526270 : nt!ObpLookupObjectName+0x585
fffff880`08cc42b0 fffff800`0315e94c : fffffa80`09216fb0 00000000`00000000 fffff880`08cc4400 fffff880`0112ebe9 : nt!ObOpenObjectByName+0x1cd
fffff880`08cc4360 fffff800`03161b4a : fffff880`08cc46c8 fffff8a0`000f003f fffff880`08cc46e0 fffff6fc`00000000 : nt!CmOpenKey+0x28a
fffff880`08cc44b0 fffff800`02e81953 : fffff880`08cc46d0 fffff6fb`7e280220 00120089`00000000 00000000`00000000 : nt!NtOpenKey+0x12
fffff880`08cc44f0 fffff800`02e7def0 : fffff880`03c9e8c3 fffff8a0`089d0e18 ffffffff`80002160 fffff8a0`0280cc00 : nt!KiSystemServiceCopyEnd+0x13
fffff880`08cc4688 fffff880`03c9e8c3 : fffff8a0`089d0e18 ffffffff`80002160 fffff8a0`0280cc00 fffff8a0`00000240 : nt!KiServiceLinkage
fffff880`08cc4690 fffff880`03c9cb09 : 00000000`c0000225 ffffffff`80001654 00010000`0005d4cf 00000000`00000000 : discache!DisQueryObjectIndex+0xb3
fffff880`08cc4800 fffff880`03c98b9d : 00000000`c0000225 00000000`00000002 fffff800`03176cb0 fffff8a0`14b7b000 : discache!DisCreateFileObjectRecord+0x139
fffff880`08cc4950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : discache!ScQueryAttributeInformation+0x215


STACK_COMMAND:  kb

FOLLOWUP_IP: 
discache!DisQueryObjectIndex+b3
fffff880`03c9e8c3 413bc4          cmp     eax,r12d

SYMBOL_STACK_INDEX:  d

SYMBOL_NAME:  discache!DisQueryObjectIndex+b3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: discache

IMAGE_NAME:  discache.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc52e

FAILURE_BUCKET_ID:  X64_0x7a_c000009c_discache!DisQueryObjectIndex+b3

BUCKET_ID:  X64_0x7a_c000009c_discache!DisQueryObjectIndex+b3

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in.  Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc5004dd28, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000009c, error status (normally i/o status code)
Arg3: 0000000038af1820, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a009ba581c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'spsys' and 'hiber_atapor' overlap

ERROR_CODE: (NTSTATUS) 0xc000009c - STATUS_DEVICE_DATA_ERROR

DISK_HARDWARE_ERROR: There was error with disk hardware

BUGCHECK_STR:  0x7a_c000009c

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88008cc3cd0 -- (.trap 0xfffff88008cc3cd0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000006972 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003158786 rsp=fffff88008cc3e60 rbp=fffff8a0089dc010
 r8=fffff8a0089f61c0  r9=fffff88008cc401c r10=0000000000000001
r11=fffff88008cc3ed8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!CmpFindSubKeyByNameWithStatus+0x86:
fffff800`03158786 663907          cmp     word ptr [rdi],ax ds:00000000`00000000=????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ef7278 to fffff80002e82700

STACK_TEXT:  
fffff880`08cc39b8 fffff800`02ef7278 : 00000000`0000007a fffff6fc`5004dd28 ffffffff`c000009c 00000000`38af1820 : nt!KeBugCheckEx
fffff880`08cc39c0 fffff800`02e7454b : fffffa80`0a817bd0 fffff880`08cc3b30 fffff800`0300eb40 fffff880`08cc3fc2 : nt! ?? ::FNODOBFM::`string'+0x34bce
fffff880`08cc3aa0 fffff800`02e9d5c4 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff6fc`50044fb0 : nt!MiIssueHardFault+0x28b
fffff880`08cc3b70 fffff800`02e807ee : 00000000`00000000 00000000`c0000034 11df5d6d`42d55600 63696e6f`6e8022bc : nt!MmAccessFault+0x11c4
fffff880`08cc3cd0 fffff800`03158786 : fffff8a0`089dc010 00000000`c0000034 fffff8a0`089f61c0 00000000`00000018 : nt!KiPageFault+0x16e
fffff880`08cc3e60 fffff800`0315b64f : fffff8a0`089dc010 fffff880`08cc43e0 fffff880`08cc3fa0 fffff880`00000000 : nt!CmpFindSubKeyByNameWithStatus+0x86
fffff880`08cc3ee0 fffff800`0317aa84 : fffff800`0315a840 00000000`00000001 fffffa80`0a70d520 00000000`00000000 : nt!CmpParseKey+0xe0f
fffff880`08cc41b0 fffff800`0317fa5d : fffffa80`0a70d520 fffff880`08cc4310 00000000`00000240 fffffa80`05526270 : nt!ObpLookupObjectName+0x585
fffff880`08cc42b0 fffff800`0315e94c : fffffa80`09216fb0 00000000`00000000 fffff880`08cc4400 fffff880`0112ebe9 : nt!ObOpenObjectByName+0x1cd
fffff880`08cc4360 fffff800`03161b4a : fffff880`08cc46c8 fffff8a0`000f003f fffff880`08cc46e0 fffff6fc`00000000 : nt!CmOpenKey+0x28a
fffff880`08cc44b0 fffff800`02e81953 : fffff880`08cc46d0 fffff6fb`7e280220 00120089`00000000 00000000`00000000 : nt!NtOpenKey+0x12
fffff880`08cc44f0 fffff800`02e7def0 : fffff880`03c9e8c3 fffff8a0`089d0e18 ffffffff`80002160 fffff8a0`0280cc00 : nt!KiSystemServiceCopyEnd+0x13
fffff880`08cc4688 fffff880`03c9e8c3 : fffff8a0`089d0e18 ffffffff`80002160 fffff8a0`0280cc00 fffff8a0`00000240 : nt!KiServiceLinkage
fffff880`08cc4690 fffff880`03c9cb09 : 00000000`c0000225 ffffffff`80001654 00010000`0005d4cf 00000000`00000000 : discache!DisQueryObjectIndex+0xb3
fffff880`08cc4800 fffff880`03c98b9d : 00000000`c0000225 00000000`00000002 fffff800`03176cb0 fffff8a0`14b7b000 : discache!DisCreateFileObjectRecord+0x139
fffff880`08cc4950 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : discache!ScQueryAttributeInformation+0x215


STACK_COMMAND:  kb

FOLLOWUP_IP: 
discache!DisQueryObjectIndex+b3
fffff880`03c9e8c3 413bc4          cmp     eax,r12d

SYMBOL_STACK_INDEX:  d

SYMBOL_NAME:  discache!DisQueryObjectIndex+b3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: discache

IMAGE_NAME:  discache.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc52e

FAILURE_BUCKET_ID:  X64_0x7a_c000009c_discache!DisQueryObjectIndex+b3

BUCKET_ID:  X64_0x7a_c000009c_discache!DisQueryObjectIndex+b3

Followup: MachineOwner
---------

Thanks. I had a suspicion it might be related to my drive, as one of the BSODs said baddisk somewhere in there, but a chkdsk run revealed just a few bad sectors and that's it.

I'll run these tests in the next few days; I can't get to them today.

LtDrebin said:

Thanks. I had a suspicion it might be related to my drive, as one of the BSODs said baddisk somewhere in there, but a chkdsk run revealed just a few bad sectors and that's it.

I'll run these tests in the next few days; I can't get to them today.

Let us know if we can help

Hi again,

My computer BSODed this time and I was able to see the screen. It was a STOP code of 7A (KERNEL_DATA_INPAGE_ERROR). I am unable to start Windows now and it is going through the Startup Recovery mode. This actually happened to me a couple of weeks ago. From what I gathered doing some searches online, this error is due to either the HDD or the RAM.

I will be trying to run your full chkdsk runs and other tests you mentioned in your post above when my PC is back up. In the meantime, this is giving me a good excuse to go out and look at some solid state drives :)

Thanks again!

Update. I cannot start Windows at all now. It's taking forever to load, pictures are missing, and I'm getting error messages like C:\Users is missing or corrupted.

Can anyone tell me how to run chkdsk on startup without going into Windows first?

LtDrebin said:

Update. I cannot start Windows at all now. It's taking forever to load, pictures are missing, and I'm getting error messages like C:\Users is missing or corrupted.

Can anyone tell me how to run chkdsk on startup without going into Windows first?

Boot from the win 7 DVD. Hit shift +F10 while in BIOS. A cmd window should open run chkdsk there from an elevated prompt

zigzag3143 said:

Boot from the win 7 DVD. Hit shift +F10 while in BIOS. A cmd window should open run chkdsk there from an elevated prompt

After several restarts, Windows somehow booted up, both in safe mode and not. However, many things are missing. For instance, C:\Users and C:\Program Files (x86) are listed as corrupt and inaccessible, among other folders.

I am not able to run chkdsk. Doing so yields the error "Cannot open volume for direct access" and it says afterwards to try using System Restore first. However, when I try to use System Restore, it says that my HDD is corrupt and chkdsk needs to be run first...

I'm no expert, but this is telling me that my HDD is trashed. I don't know how it happened, but at least some of my files are accessible, though most of my data is in Program Files (x86), which is listed as corrupt.

Thanks for the help zigzag!

LT

This error Cannot open volume for direct access means that it will run a chkdsk the next boot because the OS has locked the volume now.

zigzag3143 said:

LT

This error Cannot open volume for direct access means that it will run a chkdsk the next boot because the OS has locked the volume now.

I was getting that error when chkdsk is run straight from a boot. I wasn't able to run it at all unless it was at boot.