BAD_POOL_HEADER BSOD on Hibernate Resume

[BNaughty]

Hello,

After an excursion with Windows 8, I have downgraded back to Windows 7 Ultimate and experience a BAD_POOL_HEADER BSOD out of Hibernate. I've tried 5 fresh Windows installs and use the drivers from the Asus website, except for the nVidia driver, it's more up-to-date on their site. Very minimal installation of programs I don't run much stuff. Before trying 8 I never had this issue. Here is the required info and thanks in advance.

View attachment 243577

 

[Arc]

Welcome aboard.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.
[COLOR=Red]
BugCheck 19[/COLOR], {20, fffff8a010402410, fffff8a0104025f0, 51e020e}

GetPointerFromAddress: unable to read from fffff800036fc100
GetUlongFromAddress: unable to read from fffff800036fc1c0
Probably caused by : ntkrnlmp.exe ( nt!RtlpNewSecurityObject+924 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

[COLOR=Red]BAD_POOL_HEADER (19)[/COLOR]
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and [B][COLOR=Red]then special pool applied to the suspect tags or the driver
verifier to a suspect driver.[/COLOR][/B]
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a010402410, The pool entry we were looking for within the page.
Arg3: fffff8a0104025f0, The next pool entry.
Arg4: 00000000051e020e, (reserved)

Debugging Details:
------------------


BUGCHECK_STR:  0x19_20

POOL_ADDRESS:  fffff8a010402410 Paged pool

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  lsass.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800035f7cae to fffff800034ccfc0

STACK_TEXT:  
fffff880`081f8378 fffff800`035f7cae : 00000000`00000019 00000000`00000020 fffff8a0`10402410 fffff8a0`104025f0 : nt!KeBugCheckEx
fffff880`081f8380 fffff800`037d70c4 : fffff8a0`1071f060 fffff8a0`0a4fc334 fffff880`63416553 fffff8a0`01ea8830 : nt!ExDeferredFreePool+0x12da
fffff880`081f8430 fffff800`037b4012 : fffff880`081f87a0 fffff880`081f89e8 fffffa80`187dadf0 fffff800`037b3785 : nt!RtlpNewSecurityObject+0x924
fffff880`081f86c0 fffff800`037b2ee2 : 00000000`00000000 fffffa80`18c66500 fffff880`081f89e8 00000000`00000000 : nt!ObpAssignSecurity+0x82
fffff880`081f8730 fffff800`0379c6d9 : 00000000`00000000 00000000`0131ea80 00000000`00000001 fffffa80`1d9c0480 : nt!ObInsertObjectEx+0x1e2
fffff880`081f8980 fffff800`0379c915 : fffffa80`1d9c0480 fffff880`0000000a 00000000`00000001 00000000`00000000 : nt!NtOpenThreadTokenEx+0x379
fffff880`081f8aa0 fffff800`034cc253 : fffffa80`1d9c0480 00000000`00000000 00000000`00000000 fffffa80`196e2e60 : nt!NtOpenThreadToken+0x11
fffff880`081f8ae0 00000000`77cd155a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0131ea38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77cd155a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!RtlpNewSecurityObject+924
fffff800`037d70c4 85db            test    ebx,ebx

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!RtlpNewSecurityObject+924

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be

FAILURE_BUCKET_ID:  X64_0x19_20_nt!RtlpNewSecurityObject+924

BUCKET_ID:  X64_0x19_20_nt!RtlpNewSecurityObject+924

Followup: MachineOwner
---------

In such a situation, it is better to enable Driver Verifier to monitor the drivers.

Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier. With verifier enabled, do the most crash prone actions, hibernate and resume. Let the computer crash.

Let us know the results, with the subsequent crash dumps, if any.

 

[BNaughty]

Thank you very much for your help. I enabled Driver Verifier and on bootup, immediately blue screened with information about pbfilter.sys

I booted twice more to the same result.

Here are the dump files:

View attachment 243579

A quick google search shows that pbfilter.sys is PeerBlock

I run PeerBlock on startup, set to update automatically on startup... Is this my issue when coming out of Hibernate?

 

[Arc]

Not only that, but also it is too old.

lmvm pbfilter
start             end                 module name
fffff880`0eb76000 fffff880`0eb7f000   pbfilter T (no symbols)           
    Loaded symbol image file: pbfilter.sys
    Image path: \??\C:\Program Files\PeerBlock\pbfilter.sys
   [COLOR=Red] Image name: pbfilter.sys
    Timestamp:        Sun Nov 07 07:53:54 2010 [/COLOR](4CD60DBA)
    CheckSum:         0000D4D3
    ImageSize:        00009000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I dont know why and how much this program is necessary for you, but if you really want to use it, update it's version.

Better, if you think, stop using it.

 

[BNaughty]

It's the latest one still... I'll either quit using it, limit its use, or find a replacement... Super thanks for your help finding the issue, put up a donate button I'll send you a 12pack... and great forum too been browsing for a while, lots of good stuff... :thumbup:

 

[Arc]

Nice to know that you want to donate. You wish to support us, that is a big support.

Let us know if there is any further problem.

 

[BNaughty]

I thought this was solved but unfortunately it's not... different error this time though... FML...

View attachment 243803

 

[Arc]

fffff880`03b1d6f8  fffff880`0104d066 fileinfo!FILockExclusiveRelease+0xaNtfs!NtfsExtendedCompleteRequestInternal+0x114
fffff880`03b1d768  fffff880`0163461d Ntfs!NtfsQueueClose+0x99
fffff880`03b1d798  fffff880`016d4a20 Ntfs!NtfsFsdClose+0x640

Do some disc checks

1. Update your SSD's Firmware (skip it, if it is not a SSD)
2. Re-seat the sata and power.
3. Run chkdsk /f/r, following the option two of the tutorial Disk Check
4. Seatool for dos: SeaTools | Seagate download
   Burn it in a blank cd. boot from the CD, click on "Accept", wait for it to finish detecting the drives, then in the upper left corner select "Basic Tests", then select "Long Test" and let it run.

 

[BNaughty]

fffff880`03b1d6f8  fffff880`0104d066 fileinfo!FILockExclusiveRelease+0xaNtfs!NtfsExtendedCompleteRequestInternal+0x114
fffff880`03b1d768  fffff880`0163461d Ntfs!NtfsQueueClose+0x99
fffff880`03b1d798  fffff880`016d4a20 Ntfs!NtfsFsdClose+0x640

Do some disc checks

1. Update your SSD's Firmware (skip it, if it is not a SSD)
2. Re-seat the sata and power.
3. Run chkdsk /f/r, following the option two of the tutorial Disk Check
4. Seatool for dos: SeaTools | Seagate download
   Burn it in a blank cd. boot from the CD, click on "Accept", wait for it to finish detecting the drives, then in the upper left corner select "Basic Tests", then select "Long Test" and let it run.

Thanks for the reply... Yes it's a Samsung 830 512GB SSD, so I'll update the firmware and run the tests... Thanks again...

 

[Arc]

OK Let us know the results.

 

[BNaughty]

Went to perform what you said... SSD firmware was already up to date... before running the Disc tests, I got a completely different BSOD about memory management... Are the two related? Thanks...

View attachment 244477

 

[Arc]

No, these two are not related, and the last one is not saying anything why it crashed at all.

I think you need to enable driver verifier now.

Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

Let us know the results, with the subsequent crash dumps, if any.

 

[BNaughty]

No, these two are not related, and the last one is not saying anything why it crashed at all.

I think you need to enable driver verifier now.

Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

Let us know the results, with the subsequent crash dumps, if any.

I've got it enabled... I don't notice any lag like others have mentioned... but I did build a beast of a laptop...

 

[BNaughty]

No BSOD yet... It only happens on Hibernate Resume... FWIW, I am running 32gb RAM 1600Mhz when the manufacturer states 16gb is the max...

 

[Arc]

With DV enabled, hibernate it and then resume. Let it crash. The crash dump will help us to reach to the reason.

 

[BNaughty]

With DV enabled, hibernate it and then resume. Let it crash. The crash dump will help us to reach to the reason.

The BSOD has ceased... hopefully for good... Prior to this, I updated both my graphics and sound drivers...

 

[Arc]

Good
Now Disable DV and use the computer normally. If there is any further crash, let us know.

 

[BNaughty]

Thanks again for the help man... Admins need to allow donate buttons, I'd send you something... Other sites do... Yall are basically saving someone from seeing a repair professional and getting hit with a huge charge (although I don't do that)......

 

[Arc]

Your wish to support us is the largest support for us

Let us know if there is any further problems.