Jump to content

Random BSOD on Random Computers


Recommended Posts

Greetings, All.

 

I have had a lot of crashes lately and am at odds reading the minidumps.  If it was just one I would think is a hard drive going bad, or is the file system having issues but its happening on too many new and old machines to be that.

 

Here is the output of the minidump when I read it

 

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 109b, 8000004, fffff8a002488b50}

GetPointerFromAddress: unable to read from fffff8000330a100
GetUlongFromAddress: unable to read from fffff80003277a38
GetUlongFromAddress: unable to read from fffff80003277a38
Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+1951 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000008000004, Memory contents of the pool block
Arg4: fffff8a002488b50, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from fffff80003277a38
GetUlongFromAddress: unable to read from fffff80003277a38

POOL_ADDRESS:  fffff8a002488b50 

BUGCHECK_STR:  0xc2_7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80003204bf9 to fffff800030ce400

STACK_TEXT:  
fffff880`02ce3388 fffff800`03204bf9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`08000004 : nt!KeBugCheckEx
fffff880`02ce3390 fffff880`013c8353 : ffffffff`ffffffff 00000000`00000004 00000000`6e664d46 fffff8a0`200376f0 : nt!ExAllocatePoolWithTag+0x1951
fffff880`02ce3440 fffff880`013ca9e9 : ffffffff`ffffffff fffffa80`0b8e9190 fffffa80`07a1a010 fffffa80`0db81190 : fltmgr!DeleteNameCacheNodes+0x143
fffff880`02ce3480 fffff880`013d82bf : fffffa80`0b8e9190 fffffa80`0db81190 00000000`00000000 00000000`00000000 : fltmgr!PurgeStreamNameCache+0xa9
fffff880`02ce34c0 fffff880`013cfa10 : fffffa80`0e1f9990 fffffa80`07a1a010 00000000`00000000 00000000`00000000 : fltmgr!FltpPurgeVolumeNameCache+0x7f
fffff880`02ce3500 fffff880`013cab9b : fffffa80`07a1a010 00000000`00000000 fffffa80`0df2fa40 00000000`00000000 : fltmgr! ?? ::NNGAKEGL::`string'+0x1a04
fffff880`02ce3540 fffff880`013aaeca : fffffa80`07a12810 fffffa80`076528e0 fffffa80`00000000 00200077`00650000 : fltmgr!FltpReinstateNameCachingAllFrames+0x4b
fffff880`02ce3570 fffff800`030d1dc1 : 00000000`00000000 00000000`0000000f 00000000`00000000 ffffe472`0b27d59b : fltmgr!FltpPassThroughCompletion+0x8a
fffff880`02ce35b0 fffff880`0145284c : fffffa80`0bfb23c0 00000000`00000001 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x341
fffff880`02ce36a0 fffff880`014dd456 : fffffa80`0bfb23c0 fffffa80`0786e180 00000000`00000000 00000000`00000701 : Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
fffff880`02ce36e0 fffff880`0144ff54 : fffffa80`0bfb23c0 fffffa80`069f3bd0 fffff880`02ce3801 00000000`00000000 : Ntfs!NtfsCommonSetInformation+0xecd
fffff880`02ce37c0 fffff880`013a7bcf : fffffa80`069f3fb8 fffffa80`069f3bd0 fffffa80`0bfb23c0 fffff880`02ce37e8 : Ntfs!NtfsFsdSetInformation+0x124
fffff880`02ce3840 fffff880`013a66df : fffffa80`076528e0 00000000`00000000 fffffa80`07652800 fffffa80`069f3bd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`02ce38d0 fffff800`033b098a : fffffa80`069f4000 fffff880`02ce3b60 00000000`00000000 ffffffff`80000548 : fltmgr!FltpDispatch+0xcf
fffff880`02ce3930 fffff800`030cd693 : 00000000`00000d84 00000000`03adabe8 00000000`0b3f8d20 00000980`000000ba : nt!NtSetInformationFile+0xf24
fffff880`02ce3a70 00000000`77b2bfaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`03adab38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b2bfaa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExAllocatePoolWithTag+1951
fffff800`03204bf9 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExAllocatePoolWithTag+1951

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  57fcfdf3

FAILURE_BUCKET_ID:  X64_0xc2_7_nt!ExAllocatePoolWithTag+1951

BUCKET_ID:  X64_0xc2_7_nt!ExAllocatePoolWithTag+1951

Followup: MachineOwner
---------

0: kd> lmvm nt
start             end                 module name
fffff800`0305e000 fffff800`03644000   nt         (pdb symbols)          C:\ProgramData\dbg\sym\ntkrnlmp.pdb\A08016714A2A4278B80FDCD90CD5957B2\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\ProgramData\dbg\sym\ntoskrnl.exe\57FCFDF35e6000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Tue Oct 11 08:57:55 2016 (57FCFDF3)
    CheckSum:         00555228
    ImageSize:        005E6000
    File version:     6.1.7601.23572
    Product version:  6.1.7601.23572
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.1.7601.23572
    FileVersion:      6.1.7601.23572 (win7sp1_ldr.161011-0600)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
0: kd> .trap 0x77b2bfaa
Unable to read trap frame at 00000000`77b2bfaa
0: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`02ce3388 fffff800`03204bf9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`08000004 : nt!KeBugCheckEx
fffff880`02ce3390 fffff880`013c8353 : ffffffff`ffffffff 00000000`00000004 00000000`6e664d46 fffff8a0`200376f0 : nt!ExAllocatePoolWithTag+0x1951
fffff880`02ce3440 fffff880`013ca9e9 : ffffffff`ffffffff fffffa80`0b8e9190 fffffa80`07a1a010 fffffa80`0db81190 : fltmgr!DeleteNameCacheNodes+0x143
fffff880`02ce3480 fffff880`013d82bf : fffffa80`0b8e9190 fffffa80`0db81190 00000000`00000000 00000000`00000000 : fltmgr!PurgeStreamNameCache+0xa9
fffff880`02ce34c0 fffff880`013cfa10 : fffffa80`0e1f9990 fffffa80`07a1a010 00000000`00000000 00000000`00000000 : fltmgr!FltpPurgeVolumeNameCache+0x7f
fffff880`02ce3500 fffff880`013cab9b : fffffa80`07a1a010 00000000`00000000 fffffa80`0df2fa40 00000000`00000000 : fltmgr! ?? ::NNGAKEGL::`string'+0x1a04
fffff880`02ce3540 fffff880`013aaeca : fffffa80`07a12810 fffffa80`076528e0 fffffa80`00000000 00200077`00650000 : fltmgr!FltpReinstateNameCachingAllFrames+0x4b
fffff880`02ce3570 fffff800`030d1dc1 : 00000000`00000000 00000000`0000000f 00000000`00000000 ffffe472`0b27d59b : fltmgr!FltpPassThroughCompletion+0x8a
fffff880`02ce35b0 fffff880`0145284c : fffffa80`0bfb23c0 00000000`00000001 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x341
fffff880`02ce36a0 fffff880`014dd456 : fffffa80`0bfb23c0 fffffa80`0786e180 00000000`00000000 00000000`00000701 : Ntfs!NtfsExtendedCompleteRequestInternal+0x11c
fffff880`02ce36e0 fffff880`0144ff54 : fffffa80`0bfb23c0 fffffa80`069f3bd0 fffff880`02ce3801 00000000`00000000 : Ntfs!NtfsCommonSetInformation+0xecd
fffff880`02ce37c0 fffff880`013a7bcf : fffffa80`069f3fb8 fffffa80`069f3bd0 fffffa80`0bfb23c0 fffff880`02ce37e8 : Ntfs!NtfsFsdSetInformation+0x124
fffff880`02ce3840 fffff880`013a66df : fffffa80`076528e0 00000000`00000000 fffffa80`07652800 fffffa80`069f3bd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`02ce38d0 fffff800`033b098a : fffffa80`069f4000 fffff880`02ce3b60 00000000`00000000 ffffffff`80000548 : fltmgr!FltpDispatch+0xcf
fffff880`02ce3930 fffff800`030cd693 : 00000000`00000d84 00000000`03adabe8 00000000`0b3f8d20 00000980`000000ba : nt!NtSetInformationFile+0xf24
fffff880`02ce3a70 00000000`77b2bfaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02ce3ae0)
00000000`03adab38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b2bfaa
 

040317-15678-01.dmp

031317-16146-01.dmp

011917-17378-01.dmp

061416-15459-01.dmp

041216-12277-01.dmp

030816-14835-01.dmp

Link to post
Share on other sites

Please start by ensuring that your MBAM is updated to this version (as there's a fix for this type error in it): 

Then, if the BSOD's continue, Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum):  https://forums.malwarebytes.org/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

FYI - I don't often use the Perfmon report, so if it doesn't work please just let me know.
NOTE:  On problem systems it can take up to 20 minutes for the log files to complete.  Please be patient and let it run.

If you still have problems with it running, there's an alternate tool here (direct download link):  https://github.com/blueelvis/BSOD-Inspector/releases/download/1.0.5/BSODInspector-1.0.5.exe

NOTE:
Please zip up the (.ZIP) files - do not use .RAR, .7z or other compression utilities.
.ZIP is the type file that can be uploaded to the forums.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.