V
VincentHardwick
Guest
Hi all,
I've been trying to revive an old Vista desktop (Compaq Presario SR5228UK) and am still being plagued by random and intermittent freeze-ups and BSODs.
The original issue was a BSOD about clfs.sys page_fault_in_nonpaged_area, which appeared every time you tried to boot. Managed to get into Vista by booting from installation media.
After recovering documents and files, I did a clean install of Vista SP1, updated the BIOS and graphics driver from the HP downloads page specific to that model, and have also run through several troubleshooting utilities:
- sfc /scannow in command prompt (no system file integrity problems)
- chkdsk /r from boot to fix any bad sectors
- performed 10 passes with memtest86+ running overnight, no errors found in the RAM
And yet I'm still getting regular freeze-ups and BSODs.
I've used WinDbg to analyze the crash dumps on three occasions, and each one appears to point to a different cause... hardware failure, driver corruption or RAM failure as far as I can make out. The minidump analyses are below.
Since this was a clean install of Vista, the only device I have installed a driver for since the install is a WiFi dongle. This is the latest driver available from the device manufacturer. The BSODs were happening before I started the rescue job and before I installed the dongle driver.
I suspect this is probably failure of one of the RAM sticks but I've never done BSOD troubleshooting and root cause analysis, or crashdump analyses, before.
Looking at the WinDbg analysis of the minidumps below, can anybody confirm this or offer any insight?
=========
Minidump 1:
=========
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini062516-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18538.x86fre.vistasp1_gdr.101014-0432
Machine Name:
Kernel base = 0x81a1a000 PsLoadedModuleList = 0x81b31c70
Debug session time: Sat Jun 25 19:55:24.571 2016 (UTC + 1:00)
System Uptime: 0 days 5:27:03.132
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck A, {73a96144, 2, 1, 81a5b45e}
Probably caused by : hardware ( nt!MiAccessCheck+8d )
Followup: MachineOwner
---------
1: kd> !analyze -v
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 73a96144, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81a5b45e, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81b51868
Unable to read MiSystemVaType memory at 81b31420
73a96144
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiAccessCheck+8d
81a5b45e c783e0f883f81075d664 mov dword ptr [ebx-77C0720h],64D67510h
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: TrustedInstalle
TRAP_FRAME: b5766b34 -- (.trap 0xffffffffb5766b34)
ErrCode = 00000002
eax=0000000a ebx=7b256864 ecx=00000000 edx=7b256864 esi=881a4350 edi=00000003
eip=81a5b45e esp=b5766ba8 ebp=b5766bc8 iopl=0 nv up ei pl nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010207
nt!MiAccessCheck+0x8d:
81a5b45e c783e0f883f81075d664 mov dword ptr [ebx-77C0720h],64D67510h ds:0023:73a96144=????????
Resetting default scope
MISALIGNED_IP:
nt!MiAccessCheck+8d
81a5b45e c783e0f883f81075d664 mov dword ptr [ebx-77C0720h],64D67510h
LAST_CONTROL_TRANSFER: from 81a5b45e to 81a74d54
STACK_TEXT:
b5766b34 81a5b45e badb0d00 7b256864 00000000 nt!KiTrap0E+0x2ac
b5766bc8 81aa1274 00000000 00000003 b5766d64 nt!MiAccessCheck+0x8d
b5766c08 81a9e96f 00000000 770f3e38 c03b8798 nt!MiResolveProtoPteFault+0x245
b5766cd0 81ac0fcf 770f3e38 881a4350 00000000 nt!MiDispatchFault+0x9a6
b5766d4c 81a74b84 00000000 770f3e38 00000001 nt!MmAccessFault+0x1fb7
b5766d4c 770998d3 00000000 770f3e38 00000001 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
01feeed4 00000000 00000000 00000000 00000000 0x770998d3
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiAccessCheck+8d
81a5b45e c783e0f883f81075d664 mov dword ptr [ebx-77C0720h],64D67510h
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiAccessCheck+8d
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: hardware
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
=========
Minidump 2=========
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini062516-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18538.x86fre.vistasp1_gdr.101014-0432
Machine Name:
Kernel base = 0x81a1c000 PsLoadedModuleList = 0x81b33c70
Debug session time: Sat Jun 25 20:00:58.870 2016 (UTC + 1:00)
System Uptime: 0 days 0:04:31.417
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffffffe, 0, 1, 81ac293b}
Probably caused by : hardware ( nt!KiTrap0E+2ac )
Followup: MachineOwner
---------
1: kd> !analyze -v
Bugcheck Analysis
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffe, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81ac293b, address which referenced memory
Debugging Details:
------------------
OVERLAPPED_MODULE: Address regions for 'nwifi' and 'bcmwlhigh6.s' overlap
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81b53868
Unable to read MiSystemVaType memory at 81b33420
fffffffe
CURRENT_IRQL: 0
FAULTING_IP:
nt!MmAccessFault+1923
81ac293b 8341feff add dword ptr [ecx-2],0FFFFFFFFh
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: TrustedInstalle
TRAP_FRAME: 898f888c -- (.trap 0xffffffff898f888c)
ErrCode = 00000000
eax=00000014 ebx=85c63024 ecx=83612198 edx=00000001 esi=8dc058b8 edi=02000000
eip=81ad5ee3 esp=898f8900 ebp=898f890c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!RtlpOwnerAcesPresent+0x22:
81ad5ee3 0fb77004 movzx esi,word ptr [eax+4] ds:0023:00000018=????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81ac293b to 81a76d54
MISALIGNED_IP:
nt!MmAccessFault+1923
81ac293b 8341feff add dword ptr [ecx-2],0FFFFFFFFh
STACK_TEXT:
898f879c 81ac293b badb0d00 00000000 88018aa8 nt!KiTrap0E+0x2ac
898f8874 81a76b84 00000000 00000018 00000000 nt!MmAccessFault+0x1923
898f8874 81ad5ee3 00000000 00000018 00000000 nt!KiTrap0E+0xdc
898f890c 81ad5aa0 00000000 a2b58540 85c63008 nt!RtlpOwnerAcesPresent+0x22
898f8930 81c20613 8dc05801 85c63024 00000001 nt!SeAccessCheck+0x12d
898f897c 81c20436 00000000 00000001 898f89b8 nt!CmpCheckKeyBodyAccess+0x112
898f89c0 81c30bd7 8a6f5640 009aea60 00000000 nt!CmpDoOpen+0x649
898f8b50 81c62468 b05a56f0 83681970 85c63008 nt!CmpParseKey+0x861
898f8be0 81c3a4a6 00000200 898f8c38 00000040 nt!ObpLookupObjectName+0x11e
898f8c40 81c03ef1 016beac0 83681970 00000001 nt!ObOpenObjectByName+0x13c
898f8d18 81c03fc4 016beda0 0002001f 016beac0 nt!CmCreateKey+0x2a3
898f8d40 81a73a2a 016beda0 0002001f 016beac0 nt!NtCreateKey+0x1f
898f8d40 77bd96f4 016beda0 0002001f 016beac0 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
016becb0 00000000 00000000 00000000 00000000 0x77bd96f4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+2ac
81a76d54 833d64acb48100 cmp dword ptr [nt!KiFreezeFlag (81b4ac64)],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+2ac
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
=========
Minidump 3
=========
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini062816-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18327.x86fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0x81a1b000 PsLoadedModuleList = 0x81b32c70
Debug session time: Mon Jun 27 16:26:58.450 2016 (UTC + 1:00)
System Uptime: 0 days 19:38:53.262
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
Unable to load image bcmwlhigh6.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for bcmwlhigh6.sys
*** ERROR: Module load completed but symbols could not be loaded for bcmwlhigh6.sys
Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {86d29035, 1, 80613c98, 0}
Could not read faulting driver name
Probably caused by : memory_corruption
Followup: memory_corruption
---------
0: kd> !analyze -v
Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 86d29035, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 80613c98, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81b52868
Unable to read MiSystemVaType memory at 81b32420
86d29035
FAULTING_IP:
Wdf01000!imp_WdfUsbTargetPipeFormatRequestForUrb+b3
80613c98 c86b78ff enter 786Bh,0FFh
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8ca1921f to 80613c98
STACK_TEXT:
86d3094c 8ca1921f 849cfdd0 7addfb20 7ade20f0 Wdf01000!imp_WdfUsbTargetPipeFormatRequestForUrb+0xb3
WARNING: Stack unwind information not available. Following frames may be wrong.
86d309a4 8ca19a3f 86d309d0 8ca15ea5 85749208 bcmwlhigh6+0xa21f
86d309ac 8ca15ea5 85749208 8563e968 8574bae0 bcmwlhigh6+0xaa3f
86d309d0 8ca163a6 00000000 00000000 859ccfac bcmwlhigh6+0x6ea5
86d309ec 8ca11d4e 8520fc10 859ccfac 859ccfac bcmwlhigh6+0x73a6
86d30a10 8ca12707 859ccfac 859ccfac 8574e920 bcmwlhigh6+0x2d4e
86d30a28 8ca1149a 8574bae0 859ccfac 8574bae0 bcmwlhigh6+0x3707
86d30a48 8ca6a3b1 8574e920 859ccfac 00000c00 bcmwlhigh6+0x249a
86d30a64 8ca6c398 8574e920 859ccfac 86d30a90 bcmwlhigh6+0x5b3b1
86d30aa0 8ca3697d 855eb490 85b5a02c 85b5a7ac bcmwlhigh6+0x5d398
86d30b30 8ca4dcdb 857b6720 85b5a7ac 85b5a000 bcmwlhigh6+0x2797d
86d30bb4 8ca4e967 8565dbe0 85b5a000 8574bae0 bcmwlhigh6+0x3ecdb
86d30bd4 8ca6d543 807b6720 85b5a7ac 859cdfac bcmwlhigh6+0x3f967
86d30ce8 8ca27bc2 851c2200 859cdfac 857e1bb0 bcmwlhigh6+0x5e543
86d30d08 8ca23500 851c2000 81b1d100 857d7380 bcmwlhigh6+0x18bc2
86d30d20 874a9432 857e1bb0 857e1b90 86d30d44 bcmwlhigh6+0x14500
86d30d30 81c28c49 857d7380 857e1b90 85821788 ndis!ndisDispatchIoWorkItem+0xf
86d30d44 81ac0e22 857e1b68 00000000 85821788 nt!IopProcessWorkItem+0x23
86d30d7c 81bf0f7a 857e1b68 d87eed65 00000000 nt!ExpWorkerThread+0xfd
86d30dc0 81a59efe 81ac0d25 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -db !Wdf01000
3 errors : !Wdf01000 (80613c28-80613cb8)
80613c20 ff 75 0c 56 6a 26 ff 35 *14 2c 67 80 ff 35 30 2c .u.Vj&.5.,g..50,
...
80613c90 00 8b 7d 18 8b 4d fc 57 *c8 6b 78 ff ff 85 c0 0f ..}..M.W.kx.....
...
80613cb0 08 8b 0f 85 c9 76 02 2b *e1 83 f8 10 73 5d 66 f7 .....v.+....s]f.
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: STRIDE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
BUCKET_ID: MEMORY_CORRUPTION_STRIDE
Followup: memory_corruption
Continue reading...