newprouser

Windows 7 Crashes unexpectedly

31 posts in this topic

I'm using a windows 7 Ultimate, x86 which stops working randomly without any reason.

since the problem always occured when i was away from the desktop i'm not able to tell

what exactly happened . I just leave windows is running, and return back to find that

the monitor has gone into power saving mode and i found that the CPU was still powered

on but there was no HDD usage at all.

There is no response to any keyboard or mouse activity.

Initially i felt it could have been because the PC had gone into sleep because of power

options, but then the CPU is still on.

Upon on pressing power switch it INSTANTLY shuts down.

--

I doubt this could be due to 3rd party software incompatibility, because i haven't installed

anything new in the past few days.

0

Share this post


Link to post
Share on other sites

Most problems with Windows are usually present longer than you'd expect. Things do not typically "just happen" out of nowhere. Your first place to look for clues would be in the Event Viewer.

0

Share this post


Link to post
Share on other sites

Most problems with Windows are usually present longer than you'd expect. Things do not typically "just happen" out of nowhere. Your first place to look for clues would be in the Event Viewer.

I couldn't find any significant error in even viewer. one thing though it has correctly

recorded the time when i switched off the PC, even though the PC seemed like it had

crashed...

0

Share this post


Link to post
Share on other sites

After it shuts down, if you power it back on does it give you the "recovery" menu (start windows normally, safe mode, etc. options), or does Windows boot normally? If it's the latter, it sounds more like the system is failing to go into a power-saving state properly (probably hibernation failure, as is common with BIOS power-saving issues). Running "powercfg -h off" might change things, and is worth a try if this is the case.

0

Share this post


Link to post
Share on other sites

After it shuts down, if you power it back on does it give you the "recovery" menu (start windows normally, safe mode, etc. options), or does Windows boot normally? If it's the latter, it sounds more like the system is failing to go into a power-saving state properly (probably hibernation failure, as is common with BIOS power-saving issues). Running "powercfg -h off" might change things, and is worth a try if this is the case.

yes, it gives the safe mode and other options, and also the event viewer report states:

"SleepInProgress - false "

Edited by newprouser
0

Share this post


Link to post
Share on other sites

OK, so it is a failure to sleep, although the immediate shutdown is the wildcard. Assuming you have the latest motherboard BIOS for your system, and it implements the S1 and S3 states properly, it might be best to test to get a trace of this and see what's happening, as it seems something (driver, perhaps) is causing the failure to sleep.

0

Share this post


Link to post
Share on other sites

OK, i will try it out.

is there any alternative to the microsoft debugging tool + symbols cache for debugging

memory dumps ?

0

Share this post


Link to post
Share on other sites

Not really.

0

Share this post


Link to post
Share on other sites

I ran the trace for hibernate mode, and the trace dump is about 81 Mb (~20 compressed) ,

do you want me to host it somewhere and pm the link ?

---

btw i forgot to mention that sometimes i've had issues when resuming from

standby - the monitor would be on , but will only display an entirely black

screen. so i'd usually put it to standby again and resume it, it would be

fine.

so your guess of a driver issue seems highly probable.

Edited by newprouser
0

Share this post


Link to post
Share on other sites

Yes, please post it somewhere we can download it.

0

Share this post


Link to post
Share on other sites

Bad Pool Caller would be a driver issue, so more fuel on the fire. If you want to compress and post the .dmp file it created, that'd be good too.

0

Share this post


Link to post
Share on other sites

well for some reason i had previously set a full memory dump, so its a ~2 GB dump now :(

could you tell me what i've to do to analyze it ? i do that and post the results...

--

meanwhile should i change dump setting to minimal or kernel dump , just in case

the BSOD happens again i could post the kind of dump which you want.

0

Share this post


Link to post
Share on other sites

You can try analyze it yourself using the Debugger tools for Windows. You also need to get the symbols for your OS. Even then it can be confusing if you don't know what you are looking at.

http://www.microsoft.com/whdc/devtools/debugging/default.mspx

If you can upload the dump file, there are a couple users here that can read it for you.

0

Share this post


Link to post
Share on other sites

well for some reason i had previously set a full memory dump, so its a ~2 GB dump now sad.gif

could you tell me what i've to do to analyze it ? i do that and post the results...

--

meanwhile should i change dump setting to minimal or kernel dump , just in case

the BSOD happens again i could post the kind of dump which you want.

PM sent.

0

Share this post


Link to post
Share on other sites

Thank you cluberti, I'll upload it by tomorrow.

the compressed size of Memory.dmp comes to around ~240 Mb :)

0

Share this post


Link to post
Share on other sites

Got another BSOD today, a different one...

PFN_LIST_CORRUPT

STOP: 0x0000004E (0x0000009A, 0x00009E02, 0x00000002 , 0x00000000)

0

Share this post


Link to post
Share on other sites

guess i'll have to take age ol method of save,format & forget :'(

0

Share this post


Link to post
Share on other sites

Sorry, been dealing with a personal issue. I'll take a look tomorrow (March 23).

0

Share this post


Link to post
Share on other sites

In looking at your xperf trace, it appears that something running in kernel (the system process) is staying "alive" while you are shutting down - in fact, in the trace, system is the only process running for about 40 seconds before xperf kills it and restarts the machine, meaning there's a non-usermode driver here at fault. In looking at your BAD_POOL_CALLER bugcheck, I can see that there is a bad pool address indeed called from kernel:

// Pool block being freed is param 4, contents is param 3:
0: kd> .bugcheck
Bugcheck code 000000C2
Arguments 00000007 00001097 8af0bb64 852dd730

// Indeed, a double-free:
0: kd> kb
ChildEBP RetAddr Args to Child
8af43c20 82e5be4a 852dd730 00000000 84ef4208 nt!ExFreePoolWithTag+0x1b1
8af43c6c 82e3b6f4 8512f1d8 8512f1d8 8512f1c0 nt!IopDeleteFile+0x18f
8af43c84 82c83040 00000000 88252070 00000000 nt!ObpRemoveObjectRoutine+0x59
8af43c98 82c82fb0 8512f1d8 82e4b9f5 8521bf10 nt!ObfDereferenceObjectWithTag+0x88
8af43ca0 82e4b9f5 8521bf10 8521bf38 82d84680 nt!ObfDereferenceObject+0xd
8af43ccc 82c45f29 8521bf10 00000000 00000000 nt!MiSegmentDelete+0x191
8af43d28 82c45e41 84eee638 00000000 00000000 nt!MiProcessDereferenceList+0xdb
8af43d50 82e2866d 00000000 aa33dc0e 00000000 nt!MiDereferenceSegmentThread+0xc5
8af43d90 82cda1d9 82c45d7a 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

0: kd> !pool 852dd730
Pool page 852dd730 region is Nonpaged pool
852dd000 size: 230 previous size: 0 (Allocated) NDCM
852dd230 size: 48 previous size: 230 (Free) NDwi
852dd278 size: 80 previous size: 48 (Allocated) DkSt
852dd2f8 size: 80 previous size: 80 (Allocated) SASC
852dd378 size: 80 previous size: 80 (Allocated) DkSt
852dd3f8 size: 10 previous size: 80 (Free) WfpH
852dd408 size: 68 previous size: 10 (Allocated) FMsl
852dd470 size: 68 previous size: 68 (Allocated) FMsl
852dd4d8 size: 80 previous size: 68 (Allocated) DkSt
852dd558 size: b0 previous size: 80 (Free) File
852dd608 size: 68 previous size: b0 (Free ) FMsl
852dd670 size: 98 previous size: 68 (Allocated) SaSc
852dd708 size: 20 previous size: 98 (Allocated) ReTa
852dd728 is not a valid large pool allocation, checking large session pool...
852dd728 is not a valid small pool allocation, checking large pool...
unable to get pool big page table - either wrong symbols or pool tagging is disabled
852dd728 is freed (or corrupt) pool
Bad previous allocation size @852dd728, last size was 4

0: kd> !poolval 852dd000
Pool page 852dd000 region is Nonpaged pool

Validating Pool headers for pool page: 852dd000
Pool page [ 852dd000 ] is __inVALID.

Analyzing linked list...
[ 852dd708 --> 852dd758 (size = 0x50 bytes)]: Corrupt region

Scanning for single bit errors...
None found

// Looking at the contents of the double-free'd block, it contains a pool tag I recognize:
0: kd> dc 852dd728
852dd728 8af0bb64 58434f46 00000001 00000000 d...FOCX........
852dd738 00000000 00040001 00000000 852dd744 ............D.-.
852dd748 852dd744 00000000 852dd750 852dd750 D.-.....P.-.P.-.
852dd758 00010006 e56c6946 04060001 6e786454 ....Fil.....Tdxn
852dd768 856b3998 8322f330 00000010 852dd780 .9k.0.".......-.
852dd778 8715f320 85163620 0f000000 00060000 ... 6..........
852dd788 0138a8c0 00000000 04100006 43534153 ..8.........SASC
852dd798 00000000 85bf25b8 851b3400 8f6f30a4 .....%...4...0o.

// Searching to make sure that driver is loaded:
0: kd> !for_each_module s -a @#Base @#End "Tdxn"
8322653d 54 64 78 6e 56 89 03 ff-15 7c e1 22 83 8b c7 5f TdxnV....|."..._
832271a4 54 64 78 6e 56 ff 15 7c-e1 22 83 8b 35 30 f3 22 TdxnV..|."..50."
8322779f 54 64 78 6e 50 52 ff 15-60 e1 22 83 8b d8 33 ff TdxnPR..`."...3.
83227a49 54 64 78 6e 53 ff 15 7c-e1 22 83 eb 60 be 38 f3 TdxnS..|."..`.8.

// That range comes back to tdx.sys:
0: kd> lmvm tdx
start end module name
8321e000 83235000 tdx (deferred)
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Timestamp: Mon Jul 13 19:12:10 2009 (4A5BBF4A)
CheckSum: 0001DB35
ImageSize: 00017000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Which is a broadcom driver, and a version that I've seen cause other such issues (like random BSODs and sleep/hibernate issues) in Windows 7 on some Dell machines that I've run across. This is a similar chassis/motherboard setup to those Intel boards:

Chassis Type              	Desktop
Version
Serial Number
Asset Tag Number
Bootup State Safe
Power Supply State Safe
Thermal State Other
Security Status Other
OEM Defined 0
[Onboard Devices Information (Type 10) - Length 6 - Handle 0012h]
Number of Devices 1
01: Type Video [enabled]
01: Description Unknown Video Device
[Onboard Devices Information (Type 10) - Length 6 - Handle 0013h]
Number of Devices 1
01: Type Ethernet [enabled]
01: Description Intel(R) 82566DC Gigabit Ethernet Device
[Onboard Devices Information (Type 10) - Length 6 - Handle 0014h]
Number of Devices 1
01: Type Sound [enabled]
01: Description Intel(R) High Definition Audio Device
[Physical Memory Array (Type 16) - Length 15 - Handle 0017h]
Location 03h - SystemBoard/Motherboard
Use 03h - System Memory
Memory Error Correction 03h - None
Maximum Capacity 8388608KB
Memory Error Inf Handle [Not Provided]
Number of Memory Devices 4
[Memory Device (Type 17) - Length 27 - Handle 0018h]
Physical Memory Array Handle 0017h
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 1024MB
Form Factor 09h - DIMM
Device Set [None]
Device Locator J1MY
Bank Locator CHAN A DIMM 0
Memory Type 13h - Specification Reserved
Type Detail 0080h - Synchronous
Speed 800MHz
Manufacturer 0x7F4F000000000000
Serial Number
Asset Tag Number
Part Number 0x4A4D383030514C4A2D314720202020202020
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 0019h]
Starting Address 00000000h
Ending Address 000fffffh
Memory Device Handle 0018h
Mem Array Mapped Adr Handle 001eh
Partition Row Position 01
Interleave Position 01
Interleave Data Depth 01
[Memory Device (Type 17) - Length 27 - Handle 001ah]
Physical Memory Array Handle 0017h
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 09h - DIMM
Device Set [None]
Device Locator J2MY
Bank Locator CHAN A DIMM 1
Memory Type 13h - Specification Reserved
Type Detail 0000h -
Speed 0MHz
Manufacturer NO DIMM
Serial Number
Asset Tag Number
Part Number NO DIMM
[Memory Device (Type 17) - Length 27 - Handle 001bh]
Physical Memory Array Handle 0017h
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 1024MB
Form Factor 09h - DIMM
Device Set [None]
Device Locator J3MY
Bank Locator CHAN B DIMM 0
Memory Type 13h - Specification Reserved
Type Detail 0080h - Synchronous
Speed 800MHz
Manufacturer 0x7F4F000000000000
Serial Number
Asset Tag Number
Part Number 0x4A4D383030514C4A2D314720202020202020
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 001ch]
Starting Address 00100000h
Ending Address 001fffffh
Memory Device Handle 001bh
Mem Array Mapped Adr Handle 001eh
Partition Row Position 02
Interleave Position 02
Interleave Data Depth 01
[Memory Device (Type 17) - Length 27 - Handle 001dh]
Physical Memory Array Handle 0017h
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 09h - DIMM
Device Set [None]
Device Locator J4MY
Bank Locator CHAN B DIMM 1
Memory Type 13h - Specification Reserved
Type Detail 0000h -
Speed 0MHz
Manufacturer NO DIMM
Serial Number
Asset Tag Number
Part Number NO DIMM
[Memory Array Mapped Address (Type 19) - Length 15 - Handle 001eh]
Starting Address 00000000h
Ending Address 001fffffh
Memory Array Handle 0017h
Partition Width 04

0

Share this post


Link to post
Share on other sites
Which is a broadcom driver, and a version that I've seen cause other such issues (like random BSODs and sleep/hibernate issues) in Windows 7 on some Dell machines that I've run across. This is a similar chassis/motherboard setup to those Intel boards:

wow, that's odd ! because there is no broadcom component in my hardware, so its unusual that particular driver has

been loaded by the OS in the first place.

btw will PFN_LIST_CORRUPT also be caused by the same issue ?

Edited by newprouser
0

Share this post


Link to post
Share on other sites

Could it be caused by the same driver? Sure. But they're totally different bugchecks with totally different reasons.

0

Share this post


Link to post
Share on other sites

Could it be caused by the same driver? Sure. But they're totally different bugchecks with totally different reasons.

As to tdx.sys, let me explain - that driver itself is the inbox Windows 7 driver (tdx.sys is the "front man" for network support, I just assumed it was Broadcom hiding behind it given the chipset). Given that and the kernel are in the pool alloc being double freed, the only (real) possibilities are a misbehaving network driver, or potentially an antivirus/antimalware or firewall driver (if you've got anything third party in there, that would also have potentially an LSP, I'd be suspicious). I can't dig further because !address doesn't work in this dump, but I'd start by upgrading your drivers (all of them) to the latest certified versions for Win7, and then I'd monitor for more issues.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.