Please help diagnosing daily Vista BSOD

**civi1ian** · October 7, 2008

I'm averaging a BSOD every day on my Vista Business machine. The problem started back in July but the blue screens weren't everyday then. They became more frequent in August and in September they were nearly daily. I haven't made any harware changes in more than 6 months. I've run a bunch of tests on my memory but it tests okay. I've also tried updating all of my drivers but that hasn't helped.

I'm having a hard time interpreting the minidumps. A couple are a little different but most are pretty much the same. Below are some of the highlights.

BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000007, Attempt to free pool which was already freed

Arg2: 0000110b, (reserved)

Arg3: 0a070203, Memory contents of the pool block

Arg4: 8f575670, Address of the block of pool being deallocated

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

Any help diagnosing this problem would be much appreciated.

Thanks!

Minidump.rar

**x-Shadow-x** · October 7, 2008

Looks like a memory error to me, try popping out all your ram and put one in at a time, booting each time you pop in a stick. If you only have one stick, see if you can borrow one from a friend/another computer you have. If its a corrupted stick, you will bsod, usualy...

Edited October 7, 2008 by x-Shadow-x

**cluberti** · October 8, 2008

You're getting two different bugchecks - BAD_POOL_CALLER (0xC2), SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e). The callstacks, however, are always one of these two:

7E:

0: kd> k
ChildEBP RetAddr  
8bd67af0 8219a897 nt!CmpFreeView+0x21
8bd67b04 8218d626 nt!CmpDestroyHiveViewList+0x86
8bd67b60 8218b224 nt!CmpInitializeHive+0x3de
8bd67bd8 821848c5 nt!CmpInitHiveFromFile+0x19e
8bd67c18 82182d4c nt!CmpCmdHiveOpen+0x36
8bd67d14 82182f81 nt!CmpFlushBackupHive+0x2fd
8bd67d38 8225deb7 nt!CmpSyncBackupHives+0x90
8bd67d44 8203c41d nt!CmpPeriodicBackupFlushWorker+0x32
8bd67d7c 821d9b18 nt!ExpWorkerThread+0xfd
8bd67dc0 82032a3e nt!PspSystemThreadStartup+0x9d
00000000 00000000 nt!KiThreadStartup+0x16

C2:

0: kd> k
ChildEBP RetAddr  
8bd5fa6c 8210500c nt!KeBugCheckEx+0x1e
8bd5fae0 821ad91b nt!ExFreePoolWithTag+0x17f
8bd5faf0 821ad897 nt!CmpFreeView+0x31
8bd5fb04 821a0626 nt!CmpDestroyHiveViewList+0x86
8bd5fb60 8219e224 nt!CmpInitializeHive+0x3de
8bd5fbd8 821978c5 nt!CmpInitHiveFromFile+0x19e
8bd5fc18 82195d4c nt!CmpCmdHiveOpen+0x36
8bd5fd14 82195f81 nt!CmpFlushBackupHive+0x2fd
8bd5fd38 82270eb7 nt!CmpSyncBackupHives+0x90
8bd5fd44 8204f41d nt!CmpPeriodicBackupFlushWorker+0x32
8bd5fd7c 821ecb18 nt!ExpWorkerThread+0xfd
8bd5fdc0 82045a3e nt!PspSystemThreadStartup+0x9d
00000000 00000000 nt!KiThreadStartup+0x16

Both are the result of a driver fault. I'd say that this is not a memory problem, as it's always the same callstacks, and always the same hive or pool tag. You have a misbehaving driver, but you're only gathering minidumps which are not helpful in this scenario. Please configure your system for a complete memory dump, then when you get your next crash you'll have something useful.

**civi1ian** · October 8, 2008

Thank you so much for your help.

I will go ahead and configure for a complete memory dump.

Thanks again!

**civi1ian** · October 9, 2008

Okay so I have a complete memory dump, 3.24 GB worth. What's next?

Thanks once again for your help cluberti!

**civi1ian** · October 9, 2008

I must have done something wrong. The dump is 3.24 GB yet this is all that comes up in the debugger:

Microsoft ® Windows Debugger Version 6.9.0003.113 X86

Loading Dump File [C:\Users\zioberd\Desktop\MEMORY.DMP]

Kernel Complete Dump File: Full address space is available

Symbol search path is: C:\symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930

Kernel base = 0x82019000 PsLoadedModuleList = 0x82130c70

Debug session time: Thu Oct 9 11:17:10.989 2008 (GMT-4)

System Uptime: 1 days 0:42:25.910

Loading Kernel Symbols

....................................................................................................

...................................................

Loading User Symbols

Loading unloaded module list

.....

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {c0000005, 821af90b, 8bd67a24, 8bd67720}

Probably caused by : ntkrpamp.exe ( nt!CmpFreeView+21 )

Followup: MachineOwner

---------

0: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: 821af90b, The address that the exception occurred at

Arg3: 8bd67a24, Exception Record Address

Arg4: 8bd67720, Context Record Address

Debugging Details:

------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:

nt!CmpFreeView+21

821af90b 897204 mov dword ptr [edx+4],esi

EXCEPTION_RECORD: 8bd67a24 -- (.exr 0xffffffff8bd67a24)

ExceptionAddress: 821af90b (nt!CmpFreeView+0x00000021)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000001

Parameter[1]: 00000004

Attempt to write to address 00000004

CONTEXT: 8bd67720 -- (.cxr 0xffffffff8bd67720)

eax=b72acdb8 ebx=bf47a9b8 ecx=bf47a688 edx=00000000 esi=b2d92c98 edi=00000000

eip=821af90b esp=8bd67aec ebp=8bd67b04 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286

nt!CmpFreeView+0x21:

821af90b 897204 mov dword ptr [edx+4],esi ds:0023:00000004=????????

Resetting default scope

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

WRITE_ADDRESS: 00000004

BUGCHECK_STR: 0x7E

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from 821af897 to 821af90b

STACK_TEXT:

8bd67af0 821af897 bf47ac4c 00000000 8bd67b60 nt!CmpFreeView+0x21

8bd67b04 821a2626 00000000 8bd67c60 80001864 nt!CmpDestroyHiveViewList+0x86

8bd67b60 821a0224 8bd67bb4 00000005 00000000 nt!CmpInitializeHive+0x3de

8bd67bd8 821998c5 8bd67c60 00000000 8bd67c4c nt!CmpInitHiveFromFile+0x19e

8bd67c18 82197d4c 8bd67c60 00000000 8bd67c7b nt!CmpCmdHiveOpen+0x36

8bd67d14 82197f81 00000005 8211159c 00000005 nt!CmpFlushBackupHive+0x2fd

8bd67d38 82272eb7 8211b13c 84b50580 8205141d nt!CmpSyncBackupHives+0x90

8bd67d44 8205141d 00000000 00000000 84b50580 nt!CmpPeriodicBackupFlushWorker+0x32

8bd67d7c 821eeb18 00000000 9e187ca6 00000000 nt!ExpWorkerThread+0xfd

8bd67dc0 82047a3e 82051320 00000001 00000000 nt!PspSystemThreadStartup+0x9d

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

FOLLOWUP_IP:

nt!CmpFreeView+21

821af90b 897204 mov dword ptr [edx+4],esi

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!CmpFreeView+21

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd71

STACK_COMMAND: .cxr 0xffffffff8bd67720 ; kb

FAILURE_BUCKET_ID: 0x7E_nt!CmpFreeView+21

BUCKET_ID: 0x7E_nt!CmpFreeView+21