Windows 7 Crashes unexpectedly

[newprouser]

Thank you cluberti, I'll upload it by tomorrow.

the compressed size of Memory.dmp comes to around ~240 Mb

[newprouser]

Got another BSOD today, a different one...

PFN_LIST_CORRUPT

STOP: 0x0000004E (0x0000009A, 0x00009E02, 0x00000002 , 0x00000000)

[newprouser]

guess i'll have to take age ol method of save,format & forget :'(

[cluberti]

Sorry, been dealing with a personal issue. I'll take a look tomorrow (March 23).

[newprouser]

no problem take your time. thanks for all the help

[cluberti]

In looking at your xperf trace, it appears that something running in kernel (the system process) is staying "alive" while you are shutting down - in fact, in the trace, system is the only process running for about 40 seconds before xperf kills it and restarts the machine, meaning there's a non-usermode driver here at fault. In looking at your BAD_POOL_CALLER bugcheck, I can see that there is a bad pool address indeed called from kernel:

// Pool block being freed is param 4, contents is param 3:
0: kd> .bugcheck
Bugcheck code 000000C2
Arguments 00000007 00001097 8af0bb64 852dd730

// Indeed, a double-free:
0: kd> kb
ChildEBP RetAddr  Args to Child          	
8af43c20 82e5be4a 852dd730 00000000 84ef4208 nt!ExFreePoolWithTag+0x1b1
8af43c6c 82e3b6f4 8512f1d8 8512f1d8 8512f1c0 nt!IopDeleteFile+0x18f
8af43c84 82c83040 00000000 88252070 00000000 nt!ObpRemoveObjectRoutine+0x59
8af43c98 82c82fb0 8512f1d8 82e4b9f5 8521bf10 nt!ObfDereferenceObjectWithTag+0x88
8af43ca0 82e4b9f5 8521bf10 8521bf38 82d84680 nt!ObfDereferenceObject+0xd
8af43ccc 82c45f29 8521bf10 00000000 00000000 nt!MiSegmentDelete+0x191
8af43d28 82c45e41 84eee638 00000000 00000000 nt!MiProcessDereferenceList+0xdb
8af43d50 82e2866d 00000000 aa33dc0e 00000000 nt!MiDereferenceSegmentThread+0xc5
8af43d90 82cda1d9 82c45d7a 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

0: kd> !pool 852dd730 
Pool page 852dd730 region is Nonpaged pool
852dd000 size:  230 previous size:	0  (Allocated)  NDCM
852dd230 size:   48 previous size:  230  (Free)   	NDwi
852dd278 size:   80 previous size:   48  (Allocated)  DkSt
852dd2f8 size:   80 previous size:   80  (Allocated)  SASC
852dd378 size:   80 previous size:   80  (Allocated)  DkSt
852dd3f8 size:   10 previous size:   80  (Free)   	WfpH
852dd408 size:   68 previous size:   10  (Allocated)  FMsl
852dd470 size:   68 previous size:   68  (Allocated)  FMsl
852dd4d8 size:   80 previous size:   68  (Allocated)  DkSt
852dd558 size:   b0 previous size:   80  (Free)   	File
852dd608 size:   68 previous size:   b0  (Free )  FMsl
852dd670 size:   98 previous size:   68  (Allocated)  SaSc
852dd708 size:   20 previous size:   98  (Allocated)  ReTa
852dd728 is not a valid large pool allocation, checking large session pool...
852dd728 is not a valid small pool allocation, checking large pool...
unable to get pool big page table - either wrong symbols or pool tagging is disabled
852dd728 is freed (or corrupt) pool
Bad previous allocation size @852dd728, last size was 4

0: kd> !poolval 852dd000
Pool page 852dd000 region is Nonpaged pool

Validating Pool headers for pool page: 852dd000
Pool page [ 852dd000 ] is __inVALID.

Analyzing linked list...
[ 852dd708 --> 852dd758 (size = 0x50 bytes)]: Corrupt region

Scanning for single bit errors...
None found

// Looking at the contents of the double-free'd block, it contains a pool tag I recognize:
0: kd> dc 852dd728 
852dd728  8af0bb64 58434f46 00000001 00000000  d...FOCX........
852dd738  00000000 00040001 00000000 852dd744  ............D.-.
852dd748  852dd744 00000000 852dd750 852dd750  D.-.....P.-.P.-.
852dd758  00010006 e56c6946 04060001 6e786454  ....Fil.....Tdxn
852dd768  856b3998 8322f330 00000010 852dd780  .9k.0.".......-.
852dd778  8715f320 85163620 0f000000 00060000   ... 6..........
852dd788  0138a8c0 00000000 04100006 43534153  ..8.........SASC
852dd798  00000000 85bf25b8 851b3400 8f6f30a4  .....%...4...0o.

// Searching to make sure that driver is loaded:
0: kd> !for_each_module s -a @#Base @#End "Tdxn"
8322653d  54 64 78 6e 56 89 03 ff-15 7c e1 22 83 8b c7 5f  TdxnV....|."..._
832271a4  54 64 78 6e 56 ff 15 7c-e1 22 83 8b 35 30 f3 22  TdxnV..|."..50."
8322779f  54 64 78 6e 50 52 ff 15-60 e1 22 83 8b d8 33 ff  TdxnPR..`."...3.
83227a49  54 64 78 6e 53 ff 15 7c-e1 22 83 eb 60 be 38 f3  TdxnS..|."..`.8.

// That range comes back to tdx.sys:
0: kd> lmvm tdx
start	end    	module name
8321e000 83235000   tdx    	(deferred)     		
	Image path: \SystemRoot\system32\DRIVERS\tdx.sys
	Image name: tdx.sys
	Timestamp:    	Mon Jul 13 19:12:10 2009 (4A5BBF4A)
	CheckSum: 		0001DB35
	ImageSize:    	00017000
	Translations: 	0000.04b0 0000.04e4 0409.04b0 0409.04e4

Which is a broadcom driver, and a version that I've seen cause other such issues (like random BSODs and sleep/hibernate issues) in Windows 7 on some Dell machines that I've run across. This is a similar chassis/motherboard setup to those Intel boards:

Chassis Type              	Desktop
  Version                                       		
  Serial Number                                         		
  Asset Tag Number                                          	
  Bootup State              	Safe
  Power Supply State        	Safe
  Thermal State         		Other
  Security Status       		Other
  OEM Defined           		0
[Onboard Devices Information (Type 10) - Length 6 - Handle 0012h]
  Number of Devices     		1
  01: Type                  	Video [enabled]
  01: Description       		Unknown Video Device
[Onboard Devices Information (Type 10) - Length 6 - Handle 0013h]
  Number of Devices     		1
  01: Type                  	Ethernet [enabled]
  01: Description       		Intel(R) 82566DC Gigabit Ethernet Device
[Onboard Devices Information (Type 10) - Length 6 - Handle 0014h]
  Number of Devices     		1
  01: Type                  	Sound [enabled]
  01: Description       		Intel(R) High Definition Audio Device
[Physical Memory Array (Type 16) - Length 15 - Handle 0017h]
  Location                  	03h - SystemBoard/Motherboard
  Use                   		03h - System Memory
  Memory Error Correction   	03h - None
  Maximum Capacity          	8388608KB
  Memory Error Inf Handle   	[Not Provided]
  Number of Memory Devices  	4
[Memory Device (Type 17) - Length 27 - Handle 0018h]
  Physical Memory Array Handle  0017h
  Memory Error Info Handle  	[Not Provided]
  Total Width           		64 bits
  Data Width                	64 bits
  Size                      	1024MB
  Form Factor           		09h - DIMM
  Device Set                	[None]
  Device Locator            	J1MY
  Bank Locator              	CHAN A DIMM 0
  Memory Type           		13h - Specification Reserved
  Type Detail           		0080h - Synchronous
  Speed                 		800MHz
  Manufacturer              	0x7F4F000000000000
  Serial Number                   		
  Asset Tag Number             		
  Part Number           		0x4A4D383030514C4A2D314720202020202020
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 0019h]
  Starting Address          	00000000h
  Ending Address            	000fffffh
  Memory Device Handle      	0018h
  Mem Array Mapped Adr Handle   001eh
  Partition Row Position    	01
  Interleave Position   		01
  Interleave Data Depth 		01
[Memory Device (Type 17) - Length 27 - Handle 001ah]
  Physical Memory Array Handle  0017h
  Memory Error Info Handle  	[Not Provided]
  Total Width           		0 bits
  Data Width                	0 bits
  Size                      	[Not Populated]
  Form Factor           		09h - DIMM
  Device Set                	[None]
  Device Locator            	J2MY
  Bank Locator              	CHAN A DIMM 1
  Memory Type           		13h - Specification Reserved
  Type Detail           		0000h -
  Speed                 		0MHz
  Manufacturer              	NO DIMM
  Serial Number                    	
  Asset Tag Number             		
  Part Number           		NO DIMM
[Memory Device (Type 17) - Length 27 - Handle 001bh]
  Physical Memory Array Handle  0017h
  Memory Error Info Handle  	[Not Provided]
  Total Width           		64 bits
  Data Width                	64 bits
  Size                      	1024MB
  Form Factor           		09h - DIMM
  Device Set                	[None]
  Device Locator            	J3MY
  Bank Locator              	CHAN B DIMM 0
  Memory Type           		13h - Specification Reserved
  Type Detail           		0080h - Synchronous
  Speed                 		800MHz
  Manufacturer              	0x7F4F000000000000
  Serial Number                   		
  Asset Tag Number             		
  Part Number           		0x4A4D383030514C4A2D314720202020202020
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 001ch]
  Starting Address          	00100000h
  Ending Address            	001fffffh
  Memory Device Handle      	001bh
  Mem Array Mapped Adr Handle   001eh
  Partition Row Position    	02
  Interleave Position   		02
  Interleave Data Depth 		01
[Memory Device (Type 17) - Length 27 - Handle 001dh]
  Physical Memory Array Handle  0017h
  Memory Error Info Handle  	[Not Provided]
  Total Width           		0 bits
  Data Width                	0 bits
  Size                      	[Not Populated]
  Form Factor           		09h - DIMM
  Device Set                	[None]
  Device Locator            	J4MY
  Bank Locator              	CHAN B DIMM 1
  Memory Type           		13h - Specification Reserved
  Type Detail           		0000h -
  Speed                 		0MHz
  Manufacturer              	NO DIMM
  Serial Number                    	
  Asset Tag Number             		
  Part Number           		NO DIMM
[Memory Array Mapped Address (Type 19) - Length 15 - Handle 001eh]
  Starting Address          	00000000h
  Ending Address            	001fffffh
  Memory Array Handle   		0017h
  Partition Width       		04

[newprouser]

Which is a broadcom driver, and a version that I've seen cause other such issues (like random BSODs and sleep/hibernate issues) in Windows 7 on some Dell machines that I've run across. This is a similar chassis/motherboard setup to those Intel boards:

wow, that's odd ! because there is no broadcom component in my hardware, so its unusual that particular driver has

been loaded by the OS in the first place.

btw will PFN_LIST_CORRUPT also be caused by the same issue ?

Edited March 24, 2010 by newprouser

[cluberti]

Could it be caused by the same driver? Sure. But they're totally different bugchecks with totally different reasons.

[cluberti]

Could it be caused by the same driver? Sure. But they're totally different bugchecks with totally different reasons.

As to tdx.sys, let me explain - that driver itself is the inbox Windows 7 driver (tdx.sys is the "front man" for network support, I just assumed it was Broadcom hiding behind it given the chipset). Given that and the kernel are in the pool alloc being double freed, the only (real) possibilities are a misbehaving network driver, or potentially an antivirus/antimalware or firewall driver (if you've got anything third party in there, that would also have potentially an LSP, I'd be suspicious). I can't dig further because !address doesn't work in this dump, but I'd start by upgrading your drivers (all of them) to the latest certified versions for Win7, and then I'd monitor for more issues.

[newprouser]

ok, i'll do that

thanks again for all the help

[newprouser]

I have one more query :

recently i started getting the above mentioned BSOD and also the bios reports an error. According to beep code

it is a parity error. So i want to know if it could indeed be caused bad drivers or it is a purely hardware problem.

[cluberti]

Bad drivers would not cause a BIOS error, no.

[Tripredacus]

I have one more query :

recently i started getting the above mentioned BSOD and also the bios reports an error. According to beep code

it is a parity error. So i want to know if it could indeed be caused bad drivers or it is a purely hardware problem.

Sounds like you have a stick of memory going bad. I had a parity error (personally) once where a stick of memory showed the wrong size than it was supposed to have.

[newprouser]

Well its driving me crazy because, today BIOS gave a different error code !

2 beeps - Parity Error

3 beeps - Base 64 K memory failure

Reseat the memory.

Make sure that the contacts on the memory and the socket are clean.

Try removing one bank of memory modules at a time. Note: Some systems might need to have a memory module in Bank 0.

Try using memory modules from the same manufacturer with the same part number and speed.

Check for a faulty memory module by trying the memory in a known good system.

Trying known good memory in the system.

Check the power supply and check for power fluctuations.

If the steps above do not resolve the problem, the desktop board may be defective. Try a different desktop board.

Next one of my HDD smart reported a problem as well (about 2 months back)

The drive found 3 bad sectors during its self test.

Problems occurred during the spin up of the disk. This can be caused by the disk itself or huge power load (weak power supply).

There are 3 weak sectors found on the disk surface. They may be remapped any time in the later use of the disk.

But still there are no reallocations done, which once again increases my doubt on the power supply which is an non-branded one.

And of-course , it could be the reason for the sleep/hibernation problem i mentioned in the beginning of this thread.

so I'm wondering if power supply is the overall culprit all along.

Edited July 27, 2010 by newprouser

[newprouser]

Sounds like you have a stick of memory going bad. I had a parity error (personally) once where a stick of memory showed the wrong size than it was supposed to have.

What actually happened when you got that error. For me, the screen suddenly got filled up with random characters, resembled the matrix movie kind of thing, and after a second the BSOD popped up. And once i was watching a movie, that time i heard a static noise before BSOD.