Jump to content

BSOD: irql_not_less_than_equal


ZELLIS

Recommended Posts

HI,

im new here and have a vista ultimate 32 BSOD issue. the crash is random. here is the info that i know of:

I attached a minidump file from windows, but i don't know if it will actually help debug the problem. looks like it needs to be decompiled of something.

(file added)

BSOD: irql_not_less_than_equal

BCCode: a

BCP1: 0000010F

BCP2: 00000002

BCP3: 00000000

BCP4: 81CB4E19

OS Version: 6_0_6002

Service Pack: 2_0

Product: 256_1

Thank you in advanced. If there is any more information that i could provide that could help, please let me know and i will get it.

Mini011010_01.zip

Edited by ZELLIS
Link to comment
Share on other sites


Thanks guys.

i have read your instructions and set up my PC to grab a full memory dump. i am now just waiting for it to happen again. I do however have the kernel dump "i think". I have zipped the .dmp file and have attached it.

Mini011010_01.zip

Edited by ZELLIS
Link to comment
Share on other sites

It's a minidump, and it's missing crucial info (like the ntkrnlpa.exe headers for starters). So, unfortunately, it's useless - here's what you get from it with sym noisy on:

0: kd> .reload /f nt
DBGHELP: C:\Symbols\ntoskrnl.exe\4A77FEB33b9000\ntoskrnl.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlup.exe\4A77FEB33b9000\ntkrnlup.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlpa.exe\4A77FEB33b9000\ntkrnlpa.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlmp.exe\4A77FEB33b9000\ntkrnlmp.exe - mismatched
DBGHELP: C:\Symbols\ntkrpamp.exe\4A77FEB33b9000\ntkrpamp.exe - mismatched
DBGENG: \SystemRoot\system32\ntkrnlpa.exe - Image mapping disallowed by non-local path.
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
DBGENG: ntkrnlpa.exe - Partial symbol image load missing image info
DBGHELP: No header for ntkrnlpa.exe. Searching for dbg file
DBGHELP: .\ntkrnlpa.dbg - file not found
DBGHELP: .\exe\ntkrnlpa.dbg - path not found
DBGHELP: .\symbols\exe\ntkrnlpa.dbg - path not found
DBGHELP: ntkrnlpa.exe missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for ntkrnlpa.pdb - no header information available
DBGHELP: ntkrnlpa.pdb - file not found
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
DBGHELP: nt - no symbols loaded

0: kd> kn
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 8039decc 81cb4e19 nt+0x4dfb9
01 8039df88 81cb5615 nt+0xa9e19
02 8039dff4 81cb32d5 nt+0xaa615
03 8039dff8 bc6ced10 nt+0xa82d5
04 81cb32d5 00000000 0xbc6ced10

0: kd> dd eip
81c58fb9 9c843d83 0f0081d3 fffdd485 a03d83ff
81c58fc9 0081d3a2 fdc7850f ffb8ffff eb000000
81c58fd9 54a164be 64000000 005405c7 00000000
81c58fe9 45890000 e9e58b68 ffffd673 f700498d
81c58ff9 00007045 ???????? ???????? ????????
81c59009 ???????? ???????? ???????? ????????
81c59019 ???????? ???????? ???????? ????????
81c59029 ???????? ???????? ???????? ????????

Link to comment
Share on other sites

ok, my pc crashed again just after comming out of sleep mode with another IRQ_NOT_LESS_THAN_EQUAL.

when i hit <ctrl scroll scroll>, it started dumping mem to disk, however when it got to 40% it rebooted?? i have 4 gig or ram.. but with windows only addressing 2 to 3 gig... well maby i answered my own question.

here is my data

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.256.1

Locale ID: 1033

BCCode: a

BCP1: 0000010F

BCP2: 00000002

BCP3: 00000000

BCP4: 81CB4E19

OS Version: 6_0_6002

Service Pack: 2_0

Product: 256_1

sorry... im still looking for a site that will host a 1.6Gig file. I will have the dump up shortly.

Thanks again.

Link to comment
Share on other sites

Thanks for the pointers. I used 7zip as recommended and i have the file down to 950M. its still a monster but is uploading now. any other thoughts on getting the file size down.

is it essential that i use a full memory dump? im asking because i dont know. also 950 still seem alot to ask to have people DL, what do other people do

Edited by ZELLIS
Link to comment
Share on other sites

Looks like we have kernel paged pool corruption - either a bum driver, or failure under load:

// The actual bugcheck thread:
0: kd> kb
ChildEBP RetAddr Args to Child
bc8bd22c 89828fff 00000024 001904aa bc8bd758 nt!KeBugCheckEx+0x1e
bc8bd254 8989a23a bc8bdc28 bc8bd288 8981fbc8 Ntfs!NtfsExceptionFilter+0xad (FPO: [2,0,4])
bc8bd260 8981fbc8 00000000 bc8bdb80 89848528 Ntfs!NtfsCheckpointAllVolumesWorker+0x6d (FPO: [SEH])
bc8bd274 89827e65 00000000 00000000 00000000 Ntfs!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
bc8bd29c 81ce2462 fffffffe bc8bdb70 bc8bd454 Ntfs!_except_handler4+0x8e (FPO: [4,5,4])
bc8bd2c0 81ce2434 bc8bd758 bc8bdb70 bc8bd454 nt!ExecuteHandler2+0x26
bc8bd378 81c608df bc8bd758 bc8bd454 7c0dd498 nt!ExecuteHandler+0x24
bc8bd73c 81c8483a bc8bd758 00000000 bc8bd7ac nt!KiDispatchException+0x170
bc8bd7a4 81c847ee bc8bd824 898afb24 badb0d00 nt!CommonDispatchException+0x4a (FPO: [0,20,0])
bc8bd824 898aff5c 8a1f6048 bc8bd844 bc8bd85c nt!Kei386EoiHelper+0x186
bc8bd854 898afc68 00000000 8bc654b0 00000070 Ntfs!LfsVerifyLogSpaceAvail+0x1c (FPO: [5,4,4])
bc8bd898 898923bc 8a1f6048 8bc654b0 00000000 Ntfs!LfsWriteLogRecordIntoLogPage+0x5a (FPO: [13,7,4])
bc8bd908 8989953e 8bc654b0 00000070 bc8bd96c Ntfs!LfsWriteRestartArea+0xe5 (FPO: [SEH])
bc8bdb2c 8989a203 bc8bdc28 86d860d8 00000000 Ntfs!NtfsCheckpointVolume+0x132c (FPO: [SEH])
bc8bdb80 89899f34 bc8bdc28 86d860d8 bc8bdd43 Ntfs!NtfsCheckpointAllVolumesWorker+0x3b (FPO: [SEH])
bc8bdbe0 8989a10e bc8bdc28 00000000 8989a1c4 Ntfs!NtfsForEachVcb+0xe6 (FPO: [SEH])
bc8bdd44 81cdee22 00000000 00000000 877a4c68 Ntfs!NtfsCheckpointAllVolumes+0xab (FPO: [1,79,4])
bc8bdd7c 81e0ec42 00000000 7c0dde64 00000000 nt!ExpWorkerThread+0xfd
bc8bddc0 81c77efe 81cded25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


// The thread that actually crashed in the LfsVerifyLogSpaceAvail helper callout:
0: kd> kb
ChildEBP RetAddr Args to Child
bc8bd824 898aff5c 8a1f6048 bc8bd844 bc8bd85c Ntfs!LfsCurrentAvailSpace+0x32
bc8bd854 898afc68 00000000 8bc654b0 00000070 Ntfs!LfsVerifyLogSpaceAvail+0x1c
bc8bd898 898923bc 8a1f6048 8bc654b0 00000000 Ntfs!LfsWriteLogRecordIntoLogPage+0x5a
bc8bd908 8989953e 8bc654b0 00000070 bc8bd96c Ntfs!LfsWriteRestartArea+0xe5
bc8bdb2c 8989a203 bc8bdc28 86d860d8 00000000 Ntfs!NtfsCheckpointVolume+0x132c
bc8bdb80 89899f34 bc8bdc28 86d860d8 bc8bdd43 Ntfs!NtfsCheckpointAllVolumesWorker+0x3b
bc8bdbe0 8989a10e bc8bdc28 00000000 8989a1c4 Ntfs!NtfsForEachVcb+0xe6
bc8bdd44 81cdee22 00000000 00000000 877a4c68 Ntfs!NtfsCheckpointAllVolumes+0xab
bc8bdd7c 81e0ec42 00000000 7c0dde64 00000000 nt!ExpWorkerThread+0xfd
bc8bddc0 81c77efe 81cded25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


// Looking at kernel paged pool consumption, it's actually not that high at all:
0: kd> !vm
...
PagedPool Usage: 61788 ( 247152 Kb)
PagedPool Maximum: 523264 ( 2093056 Kb)
...

// About 50% of used kernel pool is by Symantec (they use the SaEe tag for the Endpoint Protection product, along with SavE):
0: kd> !poolused 4
Sorting by Paged Pool Consumed

Pool Used:
NonPaged Paged
Tag Allocs Used Allocs Used
SaEe 0 0 699 103839768 UNKNOWN pooltag 'SaEe', please update pooltag.txt
MmSt 0 0 13007 36904176 Mm section object prototype ptes , Binary: nt!mm
....


So looking at the raw stack to see if anything came in after the LfsCheckpoint caller, but before the return was made...:
0: kd> dds bc8bd22c
bc8bd22c bc8bd254
bc8bd230 89828fff Ntfs!NtfsExceptionFilter+0xad
bc8bd234 00000024
bc8bd238 001904aa
bc8bd23c bc8bd758
bc8bd240 bc8bd454
bc8bd244 898afb24 Ntfs!LfsCurrentAvailSpace+0x32
bc8bd248 00000000
bc8bd24c 00000000
bc8bd250 00000000
bc8bd254 bc8bdb80
bc8bd258 8989a23a Ntfs!NtfsCheckpointAllVolumesWorker+0x6d
bc8bd25c bc8bdc28
bc8bd260 bc8bd288
bc8bd264 8981fbc8 Ntfs!_EH4_CallFilterFunc+0x12
bc8bd268 00000000
bc8bd26c bc8bdb80
bc8bd270 89848528 Ntfs!__safe_se_handler_table+0x5248
bc8bd274 bc8bd29c
bc8bd278 89827e65 Ntfs!_except_handler4+0x8e
bc8bd27c 00000000
bc8bd280 00000000
bc8bd284 00000000
bc8bd288 bc8bd758
bc8bd28c bc8bd454
bc8bd290 89848538 Ntfs!__safe_se_handler_table+0x5258
bc8bd294 00000001
bc8bd298 0084c8b0
bc8bd29c bc8bd2c0
bc8bd2a0 81ce2462 nt!ExecuteHandler2+0x26
bc8bd2a4 fffffffe
bc8bd2a8 bc8bdb70
...
bc8bd504 bc8bd844
bc8bd508 bc8bd824
bc8bd50c 898afb24 Ntfs!LfsCurrentAvailSpace+0x32
bc8bd510 00000008
bc8bd514 00010293
...
// And there it is - Nvidia networking drivers hooked and modified the call:
bc8bd590 bc8bd58c
bc8bd594 00000000
bc8bd598 00000000
bc8bd59c 00000000
bc8bd5a0 bc8bd7c8
bc8bd5a4 bc8bd604
bc8bd5a8 8e71b289 nvm60x32!ADAPTER_GetStatistics+0x209
bc8bd5ac 8e770d40 nvm60x32!gAdapterContexts+0x16e8
bc8bd5b0 bc8bd7cc
bc8bd5b4 877a6d24
bc8bd5b8 bc8bda44
bc8bd5bc 877a7008
bc8bd5c0 00000000
bc8bd5c4 00000000
bc8bd5c8 00000000
bc8bd5cc 00000000
bc8bd5d0 00000000
bc8bd5d4 00000000
bc8bd5d8 00000000
bc8bd5dc 00000000
bc8bd5e0 00000001
bc8bd5e4 00000000
bc8bd5e8 ac65be40
bc8bd5ec bc8bd618
bc8bd5f0 81cebaf5 nt!IoWithinStackLimits+0x56
bc8bd5f4 877a4c68
bc8bd5f8 00000000
bc8bd5fc 86d86020
bc8bd600 bc8bdc08
bc8bd604 bc8bd790
bc8bd608 8e717d4d nvm60x32!HMacdDefaultFunc+0x733
bc8bd60c 8e770d40 nvm60x32!gAdapterContexts+0x16e8
...
bc8bd614 00000098
bc8bd618 84d317e8
bc8bd61c 8e71848e nvm60x32!HMacdDefaultFunc+0xe74
bc8bd620 bc8bdc08
bc8bd624 00000020
bc8bd628 00000000
bc8bd62c 01010004
bc8bd630 bc8bd6ac
bc8bd634 8982344a Ntfs!NtfsFsdWrite+0x25
bc8bd638 bc8bd6ac
bc8bd63c 8981f9ea Ntfs!_SEH_epilog4_GS+0xa
bc8bd640 8982379b Ntfs!NtfsFsdWrite+0x36c
bc8bd644 350f0d66
bc8bd648 00000000
bc8bd64c 86d86020
bc8bd650 ac65bde0
bc8bd654 bc8bd6c0
bc8bd658 8220688b fltmgr!FltpPerformPreCallbacks+0x367
bc8bd65c ac65bde0
bc8bd660 86d6f69c
bc8bd664 00000598
bc8bd668 bc8bd6f4
bc8bd66c bc8bd690
bc8bd670 898b00e9 Ntfs!LfsTransferLogBytes+0x6b
bc8bd674 ccabc260
bc8bd678 ac9b0750
bc8bd67c 00000598
bc8bd680 8bc985c0
bc8bd684 a1b21d78
bc8bd688 00000260
...
bc8bd688 00000260
bc8bd68c ac9b0750
bc8bd690 bc8bd6dc
bc8bd694 898afe2d Ntfs!LfsWriteLogRecordIntoLogPage+0x21f
bc8bd698 a1b21d78
bc8bd69c bc8bd6d4
bc8bd6a0 00000000
bc8bd6a4 86d859e0
bc8bd6a8 86d859c8
bc8bd6ac 00000000
bc8bd6b0 bc8bd6d8
bc8bd6b4 86d859c8
bc8bd6b8 00000000
bc8bd6bc 86d85900
bc8bd6c0 bc8bd6d0
bc8bd6c4 81c0d70c hal!KfLowerIrql+0x64
bc8bd6c8 00000000
bc8bd6cc 86d85900
bc8bd6d0 bc8bd6f0
bc8bd6d4 81c0a0ed hal!KeReleaseQueuedSpinLock+0x2d
bc8bd6d8 81ce47c5 nt!ExpReleaseResourceForThreadLite+0x14a
bc8bd6dc 8bc60000
bc8bd6e0 00000000
bc8bd6e4 00000000
bc8bd6e8 86d859fc
bc8bd6ec 00000800
bc8bd6f0 bc8bd708
bc8bd6f4 81ce4673 nt!ExReleaseResourceLite+0xf
bc8bd6f8 00000002
bc8bd6fc bc8bd710
bc8bd700 81cec06a nt!MiLocateAddress+0x41
bc8bd704 bc8bd70c


// Looking at the drivers you're using, they're from October 2006, which is actually before Vista went RTM (Vista went RTM in November 2006, and wasn't GA until January 2007):
0: kd> lmvm nvm60x32
start end module name
8e708000 8e7ca000 nvm60x32 (pdb symbols) d:\symbols\nvm60x32.pdb\82EBF586382C42C8B88EBD538670055E1\nvm60x32.pdb
Loaded symbol image file: nvm60x32.sys
Image path: \SystemRoot\system32\DRIVERS\nvm60x32.sys
Image name: nvm60x32.sys
Timestamp: Sat Oct 07 00:30:59 2006 (45272D83)
CheckSum: 0006CB50
ImageSize: 000C2000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Given the date, these are prior to the WHQL 15.00 release (which was the first officially supported driver set for Vista) - and from the October 2006 date, I'd say it's the nForce 11.06 driver set for 2000 and XP.

I would STRONGLY suggest upgrading these nforce drivers (and for good measure, Symantec Endpoint Protection) to the latest Vista certified releases to alleviate the issue.

Link to comment
Share on other sites

HI,

im new here and have a vista ultimate 32 BSOD issue. the crash is random.

BSOD: irql_not_less_than_equal

BCCode: a

--> Looks like your processor is overclocked.

--> This bugcheck code, when ending with "A" or "a", usually means CPU data corrupted.

--> That's what happens when your processor is having computational issues, because of running at a frequency that your processor can't handle. Or your Vcore setting is wrong in the BIOS.

Reminds me of my bad T-Bird overclocks back in 2002.

I wouldn't be surprised if the Prime95 test fails on you.

*IF* the stop error code ends with "D1", then it's usually just a pesky driver issue.

Edited by RJARRRPCGP
Link to comment
Share on other sites

The IRQ LESS THAN EQUAL BSOD can mean a lot of things. Usually its a bad driver, or a piece of hardware that is not functioning properly.

Check your PCI card connections.

There's a subcode, "D1", which does mean a bad driver. The more generic "a" variant always meant CPU corruption, when I received it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...