Jump to content

BSOD: irql_not_less_than_equal

ZELLIS

By ZELLIS
in Windows Vista

 Share

Recommended Posts

ZELLIS

ZELLIS

Posted
Posted (edited)

HI,

im new here and have a vista ultimate 32 BSOD issue. the crash is random. here is the info that i know of:

I attached a minidump file from windows, but i don't know if it will actually help debug the problem. looks like it needs to be decompiled of something.

(file added)

BSOD: irql_not_less_than_equal

BCCode: a

BCP1: 0000010F

BCP2: 00000002

BCP3: 00000000

BCP4: 81CB4E19

OS Version: 6_0_6002

Service Pack: 2_0

Product: 256_1

Thank you in advanced. If there is any more information that i could provide that could help, please let me know and i will get it.

Mini011010_01.zip

Edited by ZELLIS

ZELLIS

ZELLIS

Posted
  • Author
Posted (edited)

Thanks guys.

i have read your instructions and set up my PC to grab a full memory dump. i am now just waiting for it to happen again. I do however have the kernel dump "i think". I have zipped the .dmp file and have attached it.

Mini011010_01.zip

Edited by ZELLIS
cluberti

cluberti

Posted
Posted

It's a minidump, and it's missing crucial info (like the ntkrnlpa.exe headers for starters). So, unfortunately, it's useless - here's what you get from it with sym noisy on:

0: kd> .reload /f nt
DBGHELP: C:\Symbols\ntoskrnl.exe\4A77FEB33b9000\ntoskrnl.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlup.exe\4A77FEB33b9000\ntkrnlup.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlpa.exe\4A77FEB33b9000\ntkrnlpa.exe - mismatched
DBGHELP: C:\Symbols\ntkrnlmp.exe\4A77FEB33b9000\ntkrnlmp.exe - mismatched
DBGHELP: C:\Symbols\ntkrpamp.exe\4A77FEB33b9000\ntkrpamp.exe - mismatched
DBGENG:  \SystemRoot\system32\ntkrnlpa.exe - Image mapping disallowed by non-local path.
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
DBGENG:  ntkrnlpa.exe - Partial symbol image load missing image info
DBGHELP: No header for ntkrnlpa.exe.  Searching for dbg file
DBGHELP: .\ntkrnlpa.dbg - file not found
DBGHELP: .\exe\ntkrnlpa.dbg - path not found
DBGHELP: .\symbols\exe\ntkrnlpa.dbg - path not found
DBGHELP: ntkrnlpa.exe missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for ntkrnlpa.pdb - no header information available
DBGHELP: ntkrnlpa.pdb - file not found
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
DBGHELP: nt - no symbols loaded

0: kd> kn
 # ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
00 8039decc 81cb4e19 nt+0x4dfb9
01 8039df88 81cb5615 nt+0xa9e19
02 8039dff4 81cb32d5 nt+0xaa615
03 8039dff8 bc6ced10 nt+0xa82d5
04 81cb32d5 00000000 0xbc6ced10

0: kd> dd eip
81c58fb9  9c843d83 0f0081d3 fffdd485 a03d83ff
81c58fc9  0081d3a2 fdc7850f ffb8ffff eb000000
81c58fd9  54a164be 64000000 005405c7 00000000
81c58fe9  45890000 e9e58b68 ffffd673 f700498d
81c58ff9  00007045 ???????? ???????? ????????
81c59009  ???????? ???????? ???????? ????????
81c59019  ???????? ???????? ???????? ????????
81c59029  ???????? ???????? ???????? ????????

ZELLIS

ZELLIS

Posted
  • Author
Posted

ok, my pc crashed again just after comming out of sleep mode with another IRQ_NOT_LESS_THAN_EQUAL.

when i hit <ctrl scroll scroll>, it started dumping mem to disk, however when it got to 40% it rebooted?? i have 4 gig or ram.. but with windows only addressing 2 to 3 gig... well maby i answered my own question.

here is my data

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.256.1

Locale ID: 1033

BCCode: a

BCP1: 0000010F

BCP2: 00000002

BCP3: 00000000

BCP4: 81CB4E19

OS Version: 6_0_6002

Service Pack: 2_0

Product: 256_1

sorry... im still looking for a site that will host a 1.6Gig file. I will have the dump up shortly.

Thanks again.

CoffeeFiend

CoffeeFiend

Posted
Posted
im still looking for a site that will host a 1.6Gig file.

Nobody will host that, and almost nobody would download something that huge either. Compress it first (try 7-zip using max compression), it'll be MUCH smaller then.

ZELLIS

ZELLIS

Posted
  • Author
Posted (edited)

Thanks for the pointers. I used 7zip as recommended and i have the file down to 950M. its still a monster but is uploading now. any other thoughts on getting the file size down.

is it essential that i use a full memory dump? im asking because i dont know. also 950 still seem alot to ask to have people DL, what do other people do

Edited by ZELLIS
cluberti

cluberti

Posted
Posted

Looks like we have kernel paged pool corruption - either a bum driver, or failure under load:

// The actual bugcheck thread:
0: kd> kb
ChildEBP RetAddr  Args to Child			  
bc8bd22c 89828fff 00000024 001904aa bc8bd758 nt!KeBugCheckEx+0x1e
bc8bd254 8989a23a bc8bdc28 bc8bd288 8981fbc8 Ntfs!NtfsExceptionFilter+0xad (FPO: [2,0,4])
bc8bd260 8981fbc8 00000000 bc8bdb80 89848528 Ntfs!NtfsCheckpointAllVolumesWorker+0x6d (FPO: [SEH])
bc8bd274 89827e65 00000000 00000000 00000000 Ntfs!_EH4_CallFilterFunc+0x12 (FPO: [Uses EBP] [0,0,4])
bc8bd29c 81ce2462 fffffffe bc8bdb70 bc8bd454 Ntfs!_except_handler4+0x8e (FPO: [4,5,4])
bc8bd2c0 81ce2434 bc8bd758 bc8bdb70 bc8bd454 nt!ExecuteHandler2+0x26
bc8bd378 81c608df bc8bd758 bc8bd454 7c0dd498 nt!ExecuteHandler+0x24
bc8bd73c 81c8483a bc8bd758 00000000 bc8bd7ac nt!KiDispatchException+0x170
bc8bd7a4 81c847ee bc8bd824 898afb24 badb0d00 nt!CommonDispatchException+0x4a (FPO: [0,20,0])
bc8bd824 898aff5c 8a1f6048 bc8bd844 bc8bd85c nt!Kei386EoiHelper+0x186
bc8bd854 898afc68 00000000 8bc654b0 00000070 Ntfs!LfsVerifyLogSpaceAvail+0x1c (FPO: [5,4,4])
bc8bd898 898923bc 8a1f6048 8bc654b0 00000000 Ntfs!LfsWriteLogRecordIntoLogPage+0x5a (FPO: [13,7,4])
bc8bd908 8989953e 8bc654b0 00000070 bc8bd96c Ntfs!LfsWriteRestartArea+0xe5 (FPO: [SEH])
bc8bdb2c 8989a203 bc8bdc28 86d860d8 00000000 Ntfs!NtfsCheckpointVolume+0x132c (FPO: [SEH])
bc8bdb80 89899f34 bc8bdc28 86d860d8 bc8bdd43 Ntfs!NtfsCheckpointAllVolumesWorker+0x3b (FPO: [SEH])
bc8bdbe0 8989a10e bc8bdc28 00000000 8989a1c4 Ntfs!NtfsForEachVcb+0xe6 (FPO: [SEH])
bc8bdd44 81cdee22 00000000 00000000 877a4c68 Ntfs!NtfsCheckpointAllVolumes+0xab (FPO: [1,79,4])
bc8bdd7c 81e0ec42 00000000 7c0dde64 00000000 nt!ExpWorkerThread+0xfd
bc8bddc0 81c77efe 81cded25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


// The thread that actually crashed in the LfsVerifyLogSpaceAvail helper callout:
0: kd> kb
ChildEBP RetAddr  Args to Child			  
bc8bd824 898aff5c 8a1f6048 bc8bd844 bc8bd85c Ntfs!LfsCurrentAvailSpace+0x32
bc8bd854 898afc68 00000000 8bc654b0 00000070 Ntfs!LfsVerifyLogSpaceAvail+0x1c
bc8bd898 898923bc 8a1f6048 8bc654b0 00000000 Ntfs!LfsWriteLogRecordIntoLogPage+0x5a
bc8bd908 8989953e 8bc654b0 00000070 bc8bd96c Ntfs!LfsWriteRestartArea+0xe5
bc8bdb2c 8989a203 bc8bdc28 86d860d8 00000000 Ntfs!NtfsCheckpointVolume+0x132c
bc8bdb80 89899f34 bc8bdc28 86d860d8 bc8bdd43 Ntfs!NtfsCheckpointAllVolumesWorker+0x3b
bc8bdbe0 8989a10e bc8bdc28 00000000 8989a1c4 Ntfs!NtfsForEachVcb+0xe6
bc8bdd44 81cdee22 00000000 00000000 877a4c68 Ntfs!NtfsCheckpointAllVolumes+0xab
bc8bdd7c 81e0ec42 00000000 7c0dde64 00000000 nt!ExpWorkerThread+0xfd
bc8bddc0 81c77efe 81cded25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


// Looking at kernel paged pool consumption, it's actually not that high at all:
0: kd> !vm
...
	PagedPool Usage:	   61788 (	247152 Kb)
	PagedPool Maximum:	523264 (   2093056 Kb)
...

// About 50% of used kernel pool is by Symantec (they use the SaEe tag for the Endpoint Protection product, along with SavE):
0: kd> !poolused 4
   Sorting by  Paged Pool Consumed

  Pool Used:
			NonPaged			Paged
 Tag	Allocs	 Used	Allocs	 Used
 SaEe		0		0	   699 103839768	UNKNOWN pooltag 'SaEe', please update pooltag.txt
 MmSt		0		0	 13007 36904176	Mm section object prototype ptes , Binary: nt!mm
....


So looking at the raw stack to see if anything came in after the LfsCheckpoint caller, but before the return was made...:
0: kd> dds bc8bd22c 
bc8bd22c  bc8bd254
bc8bd230  89828fff Ntfs!NtfsExceptionFilter+0xad
bc8bd234  00000024
bc8bd238  001904aa
bc8bd23c  bc8bd758
bc8bd240  bc8bd454
bc8bd244  898afb24 Ntfs!LfsCurrentAvailSpace+0x32
bc8bd248  00000000
bc8bd24c  00000000
bc8bd250  00000000
bc8bd254  bc8bdb80
bc8bd258  8989a23a Ntfs!NtfsCheckpointAllVolumesWorker+0x6d
bc8bd25c  bc8bdc28
bc8bd260  bc8bd288
bc8bd264  8981fbc8 Ntfs!_EH4_CallFilterFunc+0x12
bc8bd268  00000000
bc8bd26c  bc8bdb80
bc8bd270  89848528 Ntfs!__safe_se_handler_table+0x5248
bc8bd274  bc8bd29c
bc8bd278  89827e65 Ntfs!_except_handler4+0x8e
bc8bd27c  00000000
bc8bd280  00000000
bc8bd284  00000000
bc8bd288  bc8bd758
bc8bd28c  bc8bd454
bc8bd290  89848538 Ntfs!__safe_se_handler_table+0x5258
bc8bd294  00000001
bc8bd298  0084c8b0
bc8bd29c  bc8bd2c0
bc8bd2a0  81ce2462 nt!ExecuteHandler2+0x26
bc8bd2a4  fffffffe
bc8bd2a8  bc8bdb70
...
bc8bd504  bc8bd844
bc8bd508  bc8bd824
bc8bd50c  898afb24 Ntfs!LfsCurrentAvailSpace+0x32
bc8bd510  00000008
bc8bd514  00010293
...
// And there it is - Nvidia networking drivers hooked and modified the call:
bc8bd590  bc8bd58c
bc8bd594  00000000
bc8bd598  00000000
bc8bd59c  00000000
bc8bd5a0  bc8bd7c8
bc8bd5a4  bc8bd604
bc8bd5a8  8e71b289 nvm60x32!ADAPTER_GetStatistics+0x209
bc8bd5ac  8e770d40 nvm60x32!gAdapterContexts+0x16e8
bc8bd5b0  bc8bd7cc
bc8bd5b4  877a6d24
bc8bd5b8  bc8bda44
bc8bd5bc  877a7008
bc8bd5c0  00000000
bc8bd5c4  00000000
bc8bd5c8  00000000
bc8bd5cc  00000000
bc8bd5d0  00000000
bc8bd5d4  00000000
bc8bd5d8  00000000
bc8bd5dc  00000000
bc8bd5e0  00000001
bc8bd5e4  00000000
bc8bd5e8  ac65be40
bc8bd5ec  bc8bd618
bc8bd5f0  81cebaf5 nt!IoWithinStackLimits+0x56
bc8bd5f4  877a4c68
bc8bd5f8  00000000
bc8bd5fc  86d86020
bc8bd600  bc8bdc08
bc8bd604  bc8bd790
bc8bd608  8e717d4d nvm60x32!HMacdDefaultFunc+0x733
bc8bd60c  8e770d40 nvm60x32!gAdapterContexts+0x16e8
...
bc8bd614  00000098
bc8bd618  84d317e8
bc8bd61c  8e71848e nvm60x32!HMacdDefaultFunc+0xe74
bc8bd620  bc8bdc08
bc8bd624  00000020
bc8bd628  00000000
bc8bd62c  01010004
bc8bd630  bc8bd6ac
bc8bd634  8982344a Ntfs!NtfsFsdWrite+0x25
bc8bd638  bc8bd6ac
bc8bd63c  8981f9ea Ntfs!_SEH_epilog4_GS+0xa
bc8bd640  8982379b Ntfs!NtfsFsdWrite+0x36c
bc8bd644  350f0d66
bc8bd648  00000000
bc8bd64c  86d86020
bc8bd650  ac65bde0
bc8bd654  bc8bd6c0
bc8bd658  8220688b fltmgr!FltpPerformPreCallbacks+0x367
bc8bd65c  ac65bde0
bc8bd660  86d6f69c
bc8bd664  00000598
bc8bd668  bc8bd6f4
bc8bd66c  bc8bd690
bc8bd670  898b00e9 Ntfs!LfsTransferLogBytes+0x6b
bc8bd674  ccabc260
bc8bd678  ac9b0750
bc8bd67c  00000598
bc8bd680  8bc985c0
bc8bd684  a1b21d78
bc8bd688  00000260
...
bc8bd688  00000260
bc8bd68c  ac9b0750
bc8bd690  bc8bd6dc
bc8bd694  898afe2d Ntfs!LfsWriteLogRecordIntoLogPage+0x21f
bc8bd698  a1b21d78
bc8bd69c  bc8bd6d4
bc8bd6a0  00000000
bc8bd6a4  86d859e0
bc8bd6a8  86d859c8
bc8bd6ac  00000000
bc8bd6b0  bc8bd6d8
bc8bd6b4  86d859c8
bc8bd6b8  00000000
bc8bd6bc  86d85900
bc8bd6c0  bc8bd6d0
bc8bd6c4  81c0d70c hal!KfLowerIrql+0x64
bc8bd6c8  00000000
bc8bd6cc  86d85900
bc8bd6d0  bc8bd6f0
bc8bd6d4  81c0a0ed hal!KeReleaseQueuedSpinLock+0x2d
bc8bd6d8  81ce47c5 nt!ExpReleaseResourceForThreadLite+0x14a
bc8bd6dc  8bc60000
bc8bd6e0  00000000
bc8bd6e4  00000000
bc8bd6e8  86d859fc
bc8bd6ec  00000800
bc8bd6f0  bc8bd708
bc8bd6f4  81ce4673 nt!ExReleaseResourceLite+0xf
bc8bd6f8  00000002
bc8bd6fc  bc8bd710
bc8bd700  81cec06a nt!MiLocateAddress+0x41
bc8bd704  bc8bd70c


// Looking at the drivers you're using, they're from October 2006, which is actually before Vista went RTM (Vista went RTM in November 2006, and wasn't GA until January 2007):
0: kd> lmvm nvm60x32
start	end		module name
8e708000 8e7ca000   nvm60x32   (pdb symbols)		  d:\symbols\nvm60x32.pdb\82EBF586382C42C8B88EBD538670055E1\nvm60x32.pdb
	Loaded symbol image file: nvm60x32.sys
	Image path: \SystemRoot\system32\DRIVERS\nvm60x32.sys
	Image name: nvm60x32.sys
	Timestamp:		Sat Oct 07 00:30:59 2006 (45272D83)
	CheckSum:		 0006CB50
	ImageSize:		000C2000
	Translations:	 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Given the date, these are prior to the WHQL 15.00 release (which was the first officially supported driver set for Vista) - and from the October 2006 date, I'd say it's the nForce 11.06 driver set for 2000 and XP.

I would STRONGLY suggest upgrading these nforce drivers (and for good measure, Symantec Endpoint Protection) to the latest Vista certified releases to alleviate the issue.

RJARRRPCGP

RJARRRPCGP

Posted
Posted (edited)
HI,

im new here and have a vista ultimate 32 BSOD issue. the crash is random.

BSOD: irql_not_less_than_equal

BCCode: a

--> Looks like your processor is overclocked.

--> This bugcheck code, when ending with "A" or "a", usually means CPU data corrupted.

--> That's what happens when your processor is having computational issues, because of running at a frequency that your processor can't handle. Or your Vcore setting is wrong in the BIOS.

Reminds me of my bad T-Bird overclocks back in 2002.

I wouldn't be surprised if the Prime95 test fails on you.

*IF* the stop error code ends with "D1", then it's usually just a pesky driver issue.

Edited by RJARRRPCGP
Megaman_90

Megaman_90

Posted
Posted

The IRQ LESS THAN EQUAL BSOD can mean a lot of things. Usually its a bad driver, or a piece of hardware that is not functioning properly.

Check your PCI card connections.

RJARRRPCGP

RJARRRPCGP

Posted
Posted
The IRQ LESS THAN EQUAL BSOD can mean a lot of things. Usually its a bad driver, or a piece of hardware that is not functioning properly.

Check your PCI card connections.

There's a subcode, "D1", which does mean a bad driver. The more generic "a" variant always meant CPU corruption, when I received it.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...