BSOD involving Memory Management

[espatcho]

Crash happened as I was removing an avi file from the playlist on WMP. Here are the dump files, if someone could take a look, that would be awesome.


View attachment 80912

 

[Lordbob75]

Hello espatcho.

The first thing is that the mscorsvw.exe process crashed, causing one of the BSoDs. That process is part of the .NET framework compiler, so it would point to a program that was using .NET framework (WMP?).

You should also update your NVidia Network card driver.

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\Temp1_Dump files.zip\Dump files\062410-17628-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a56000 PsLoadedModuleList = 0xfffff800`02c93e50
Debug session time: Thu Jun 24 01:58:43.005 2010 (UTC - 7:00)
System Uptime: 0 days 14:00:04.751
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff80002bfb0f3, fffff88002ff58b8, fffff88002ff5120}

Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+43 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002bfb0f3, The address that the exception occurred at
Arg3: fffff88002ff58b8, Exception Record Address
Arg4: fffff88002ff5120, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ExFreePoolWithTag+43
fffff800`02bfb0f3 418b45f0        mov     eax,dword ptr [r13-10h]

EXCEPTION_RECORD:  fffff88002ff58b8 -- (.exr 0xfffff88002ff58b8)
ExceptionAddress: fffff80002bfb0f3 (nt!ExFreePoolWithTag+0x0000000000000043)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000ffffffae
Attempt to read from address 00000000ffffffae

CONTEXT:  fffff88002ff5120 -- (.cxr 0xfffff88002ff5120)
rax=0000000000000000 rbx=fffff8a0066f3cc0 rcx=00000000ffffffbe
rdx=0000000000000000 rsi=0000000000000000 rdi=00000000ffffffbf
rip=fffff80002bfb0f3 rsp=fffff88002ff5af0 rbp=00000000ffffffff
 r8=fffffa8003cedb60  r9=0000000000000800 r10=fffff88002ff5c80
r11=fffff8a0066f3a80 r12=0000000000000000 r13=00000000ffffffbe
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
nt!ExFreePoolWithTag+0x43:
fffff800`02bfb0f3 418b45f0        mov     eax,dword ptr [r13-10h] ds:002b:00000000`ffffffae=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000ffffffae

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfe0e0
 00000000ffffffae 

FOLLOWUP_IP: 
nt!ExFreePoolWithTag+43
fffff800`02bfb0f3 418b45f0        mov     eax,dword ptr [r13-10h]

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from fffff80002dfce51 to fffff80002bfb0f3

STACK_TEXT:  
fffff880`02ff5af0 fffff800`02dfce51 : 00000000`00000000 fffff880`02ff5c00 00000000`00000004 fffff880`02ff5c74 : nt!ExFreePoolWithTag+0x43
fffff880`02ff5ba0 fffff800`02dbb69b : fffff8a0`066f3cc0 fffff880`02ff5c44 00000000`00000003 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x10391
fffff880`02ff5bd0 fffff800`02d1f52e : fffff8a0`066f3cc0 fffff880`02ff5c8c 00000000`00000004 fffff880`02c34bf0 : nt!CmpCleanUpKcbCacheWithLock+0x2b
fffff880`02ff5c00 fffff800`02ad3861 : fffff800`02d1f1f4 fffff800`02c6b5f8 fffffa80`03cedb60 00000000`00000000 : nt!CmpDelayCloseWorker+0x33a
fffff880`02ff5cb0 fffff800`02d6ba86 : 00000001`0046a990 fffffa80`03cedb60 00000000`00000080 fffffa80`03c6d840 : nt!ExpWorkerThread+0x111
fffff880`02ff5d40 fffff800`02aa4b06 : fffff880`009e4180 fffffa80`03cedb60 fffff880`009eef40 0016ed88`0016edb0 : nt!PspSystemThreadStartup+0x5a
fffff880`02ff5d80 00000000`00000000 : fffff880`02ff6000 fffff880`02ff0000 fffff880`02ff59f0 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ExFreePoolWithTag+43

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

STACK_COMMAND:  .cxr 0xfffff88002ff5120 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_nt!ExFreePoolWithTag+43

BUCKET_ID:  X64_0x7E_nt!ExFreePoolWithTag+43

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\Temp1_Dump files.zip\Dump files\062310-17409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c43e50
Debug session time: Wed Jun 23 11:56:27.759 2010 (UTC - 7:00)
System Uptime: 0 days 0:49:03.475
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80005d79e0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80005d79e0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  mscorsvw.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002ae9ede to fffff80002a76600

STACK_TEXT:  
fffff880`094c6828 fffff800`02ae9ede : 00000000`0000001a 00000000`00041790 fffffa80`005d79e0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`094c6830 fffff800`02aa9cc9 : 00000000`00000000 00000000`74151fff fffffa80`00000000 fffffa80`04196060 : nt! ?? ::FNODOBFM::`string'+0x33946
fffff880`094c69f0 fffff800`02d90170 : fffffa80`0684a670 0007ffff`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`094c6b10 fffff800`02d9057b : 00000980`00000000 00000000`74120000 fffffa80`00000001 fffffa80`06856730 : nt!MiUnmapViewOfSection+0x1b0
fffff880`094c6bd0 fffff800`02a75853 : 00000000`00000000 00000000`74120000 fffffa80`04196060 fffffa80`06327200 : nt!NtUnmapViewOfSection+0x5f
fffff880`094c6c20 00000000`76eb015a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0012c628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76eb015a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+33946
fffff800`02ae9ede cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+33946

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\David\AppData\Local\Temp\Temp1_Dump files.zip\Dump files\062310-20763-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a19000 PsLoadedModuleList = 0xfffff800`02c56e50
Debug session time: Wed Jun 23 10:53:40.251 2010 (UTC - 7:00)
System Uptime: 0 days 0:36:15.013
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 1097, 7e15f2, fffff8a006272310}

GetPointerFromAddress: unable to read from fffff80002cc10e0
Probably caused by : fileinfo.sys ( fileinfo!FIStreamLogForNL+203 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001097, (reserved)
Arg3: 00000000007e15f2, Memory contents of the pool block
Arg4: fffff8a006272310, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS:  fffff8a006272310 

FREED_POOL_TAG:  FMfn

BUGCHECK_STR:  0xc2_7_FMfn

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002bbc60e to fffff80002a89600

STACK_TEXT:  
fffff880`07a777a8 fffff800`02bbc60e : 00000000`000000c2 00000000`00000007 00000000`00001097 00000000`007e15f2 : nt!KeBugCheckEx
fffff880`07a777b0 fffff880`010848e3 : fffff8a0`06272360 fffff8a0`062861e0 00000000`00000000 00000000`00000246 : nt!ExFreePool+0xccb
fffff880`07a77860 fffff880`01084b4f : 00000000`0000000e fffff880`07a779e8 fffff880`07a779e0 fffff880`07a779d8 : fileinfo!FIStreamLogForNL+0x203
fffff880`07a77940 fffff880`01081716 : fffffa80`067662f0 00000000`000af040 fffffa80`0000000e 00000000`03740f40 : fileinfo!FIIterate+0x24b
fffff880`07a779d0 fffff800`02da56b7 : fffffa80`068fd140 fffffa80`068fd140 fffffa80`06766408 fffffa80`067662f0 : fileinfo!FIControlDispatch+0x156
fffff880`07a77a10 fffff800`02da5f16 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`07a77b40 fffff800`02a88853 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff800`02d557f5 : nt!NtDeviceIoControlFile+0x56
fffff880`07a77bb0 00000000`7757ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0287b0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7757ff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
fileinfo!FIStreamLogForNL+203
fffff880`010848e3 41017500        add     dword ptr [r13],esi

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  fileinfo!FIStreamLogForNL+203

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME:  fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc481

FAILURE_BUCKET_ID:  X64_0xc2_7_FMfn_fileinfo!FIStreamLogForNL+203

BUCKET_ID:  X64_0xc2_7_FMfn_fileinfo!FIStreamLogForNL+203

Followup: MachineOwner
---------

~Lordbob

 

[ttran]

I couldn't see much from the minidump files,
You have some old drivers that I would suggest you to update them:
nvm62x64.sys, which is nVidia Ethernet Networking Driver (nForce chipset driver)

nvm62x64 nvm62x64.sys Sat Oct 18 04:01:06 2008 (48F8FD12)

Please update your Conexant SoftK56 Modem Driver
http://www.conexant.com/support/

fffff880`03ba4000 fffff880`03bf6000   VSTAZL6  VSTAZL6.SYS  Thu Oct 16 07:53:42 2008 (48F69096)
fffff880`0586c000 fffff880`05937000   VSTCNXT6 VSTCNXT6.SYS Thu Oct 16 07:52:22 2008 (48F69046)
fffff880`0565a000 fffff880`057ce000   VSTDPV6  VSTDPV6.SYS  Thu Oct 16 07:57:45 2008 (48F69189)

There is an exception code fffffffc00005 that suggest memorry corruption, I would download third party called memtest86, burn it to CD and let it run for at least 5,6 passes

BugCheck 1000007E, {ffffffffc0000005, fffff80002bfb0f3, fffff88002ff58b8, fffff88002ff5120}
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+43 )
Followup: MachineOwner
---------

~Tuan

 

[zigzag3143]

Crash happened as I was removing an avi file from the playlist on WMP. Here are the dump files, if someone could take a look, that would be awesome.


View attachment 80912

These had two primary causes. Old drivers and memory management. I would update all the drivers listed below, and would download a 3rd party app called memtestx86, burn it to a cd, and run it for at least 7 passes.

Let us know if you need help
Ken

Bugchecks

Bugcheck code 0000001A
Bugcheck code 1000007E
Bugcheck code 0000001A
Bugcheck code 000000C2

old drivers that need updating

fffff880`03a00000 fffff880`03a52000   VSTAZL6  VSTAZL6.SYS  Wed Oct 15 20:53:42 2008 (48F69096)
fffff880`03b0f000 fffff880`03b72d80   nvm62x64 nvm62x64.sys Fri Oct 17 17:01:06 2008 (48F8FD12)
fffff880`05663000 fffff880`057d7000   VSTDPV6  VSTDPV6.SYS  Wed Oct 15 20:57:45 2008 (48F69189)
fffff880`058ca000 fffff880`05995000   VSTCNXT6 VSTCNXT6.SYS Wed Oct 15 20:52:22 2008 (48F69046)

 

[espatcho]

Thank you guys for your help, unfortunately I don't know much about reading codes and stuff. If you could tell me which drivers I need to update and where to find the proper updates, I would be grateful. I have been plagued with this problem for far too long.

 

[espatcho]

Also where do I download this memtest86 and what does it do?

 

[ttran]

Ok, you can download nVidia Ethernet Networking Driver at:
http://www.nvidia.com/Download/index.aspx

For the Conexant SoftK56 modem driver, please download them here:
http://www.conexant.com/support/

For the memtest86, please this instruction to know what to do:
Memory Diagnostics

Regard
Tuan

PS: Looking for drivers is time consuming stuff, please go around the website and you will know what to do. Otherwise, you can go to manufacture website of your computer and search for modem driver

 

[espatcho]

I'm sorry ttran...are these video card, audio card or chipset drivers for motherboard? And with regards to Conexant SoftK56 modem driver, I don't even know what that is but I could'nt find anything in device manager that looked like that

 

[espatcho]

will any of these be any good to me:
Software & Driver Downloads HP G60-348CA Notebook PC - HP technical support (South Africa - English)

 

[ttran]

The first driver, nVidia Ethernet Networking Driver--> (nForce chipset driver)<---
is your wired internet driver
You can try to go to your machine's manufacture site, type in your computer model number and search for that driver, I guess it under category "modem". The link that you provide me, if it belong to your computer's drivers-->Go ahead and install them
After updating the driver, please follow the memtest that I gave you the instructionL
http://www.carrona.org/memdiag.html

Tuan

 

[Lordbob75]

I'm sorry ttran...are these video card, audio card or chipset drivers for motherboard? And with regards to Conexant SoftK56 modem driver, I don't even know what that is but I could'nt find anything in device manager that looked like that

Memtest86+ - Advanced Memory Diagnostic Tool
Simply download it, burn the ISO to a CD, and boot into the CD.
The nvm62x64 nvm62x64.sys Fri Oct 17 17:01:06 2008 driver is the driver for the NVidia network cards. Tuan gave the link to that. This is most likely a built in card on the motherboard, so you could also just download your motherboard drivers.

Tuan, these drivers are the built in drivers. They are not from Conexant.

VSTAZL6  VSTAZL6.SYS  Thu Oct 16 07:53:42 2008
VSTCNXT6 VSTCNXT6.SYS Thu Oct 16 07:52:22 2008
VSTDPV6  VSTDPV6.SYS  Thu Oct 16 07:57:45 2008

~Lordbob

 

[espatcho]

Ok, so I'm running memtest86 right now, but I need to know what I'm supposed to do or does this fix my memory, do I have to save anything? Sorry guys I'm clueless when it come to this stuff.

 

[Lordbob75]

Ok, so I'm running memtest86 right now, but I need to know what I'm supposed to do or does this fix my memory, do I have to save anything? Sorry guys I'm clueless when it come to this stuff.

It just tests your memory, it will tell you if it is bad or not.

~Lordbob

 

[espatcho]

And what does it mean do seven passes? When I burned it to disc, I restarted my comp and pressed esc and everything else was automatic. It's says now that there are 857 errors and pass is only at 56%. Will it stop on it's own and restart the comp or will I have to do something.

 

[Lordbob75]

And what does it mean do seven passes? When I burned it to disc, I restarted my comp and pressed esc and everything else was automatic. It's says now that there are 857 errors and pass is only at 56%. Will it stop on it's own and restart the comp or will I have to do something.

Don't bother. Your RAM is bad and needs to be replaced.

~Lordbob

 

[espatcho]

And we know this because of the errors, yes? And there's no way around it... Just have to get new ram?

 

[Lordbob75]

And we know this because of the errors, yes? And there's no way around it... Just have to get new ram?

Yes and Yes.

~Lordbob

 

[espatcho]

Sorry bud, will this thing just keep on running or do I have to stop it and if so, what do I do

 

[Lordbob75]

Sorry bud, will this thing just keep on running or do I have to stop it and if so, what do I do

You will have to stop it. Should have the info on the screen.

~Lordbob

 

[espatcho]

I think I answered my own question...so looking at this, there's no doubt heyView attachment 81015