BSOD - a clock interrupt was not received

P

phazed

Member
Joined
Jul 29, 2017
Posts
13
So while playing games i randomly get this BSOD. it will freeze and make a weird sound than crash to BSOD, and it says a a clock interrupt was not received on a secondary processor within the allocated time interval.

whenever i use a bluescreenviewer i get a lot of ntoskml.exe

· windows 7
· 64
· systems about 3 years old
· installed windows 7 3 years ago

· skylake i7-6700
· zodac gtx 1080
· sli plus z170a
· corsair 550w
desktop
 

Attachments

We'll need a full kernel dump to analyze; upload a zipped copy of C:\Windows\MEMORY.DMP to a 3rd party hosting site (it will be too large to upload here). I recommend OneDrive or Dropbox.

In the meantime, start testing your hardware, specifically the CPU and memory.

Prime95 Hardware Stress Testing + Intel CPU Test (make sure to scroll down to post #2 to obtain the Intel diagnostic tool and run Prime95 and the Intel diagnostic tool)

Test RAM With Memtest86+
 
writhziden said:
We'll need a full kernel dump to analyze; upload a zipped copy of C:\Windows\MEMORY.DMP to a 3rd party hosting site (it will be too large to upload here). I recommend OneDrive or Dropbox.

In the meantime, start testing your hardware, specifically the CPU and memory.
Prime95 Hardware Stress Testing + Intel CPU Test (make sure to scroll down to post #2 to obtain the Intel diagnostic tool and run Prime95 and the Intel diagnostic tool)

Test RAM With Memtest86+
Click to expand...

Here you go, Dropbox - MEMORY.zip i hope i did this right.
 
Code: 
[COLOR=#ff0000]BugCheck 101[/COLOR], {19, 0, [COLOR=#008000]fffff880030a5180[/COLOR], [COLOR=#0000cd]5[/COLOR]}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

I've highlighted the most interesting parameters of the bugcheck.

Code: 
0: kd> [COLOR=#008000]r $bug_param3[/COLOR]
$bug_param3=[COLOR=#ff0000]fffff880030a5180[/COLOR]

The address of the PRCB of the hung processor, we'll use the !prcb extension with this address in a moment.

Code: 
0: kd> [COLOR=#008000]r $bug_param4[/COLOR]
$bug_param4=000000000000000[COLOR=#ff0000]5[/COLOR]

The processor index which has become hung, the PRCB will have the same index number.

Let's dump the call stack and examine what is happening:

Code: 
0: kd> [COLOR=#008000]knL[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`0334d3e8 fffff800`02ee0b79 nt!KeBugCheckEx
01 fffff880`0334d3f0 fffff800`02e90be7 nt! ?? ::FNODOBFM::`string'+0x4e3e
02 fffff880`0334d480 fffff800`03407895 nt!KeUpdateSystemTime+0x377
03 fffff880`0334d580 fffff800`02e82953 [COLOR=#ff0000]hal!HalpHpetClockInterrupt+0x8d[/COLOR]
04 fffff880`0334d5b0 fffff800`02e8bee0 nt!KiInterruptDispatchNoLock+0x163
05 fffff880`0334d740 fffff800`02ecbb6c [COLOR=#ff0000]nt!KeFlushMultipleRangeTb+0x260[/COLOR]
06 fffff880`0334d810 fffff800`02ec89a1 nt!MmSetAddressRangeModified+0x2b0
07 fffff880`0334d910 fffff800`02ecc2f6 [COLOR=#ff0000]nt!CcFlushCache+0x561[/COLOR]
08 fffff880`0334da10 fffff800`02ecccc4 nt!CcWriteBehind+0x1c6
09 fffff880`0334dac0 fffff800`02e90749 nt!CcWorkerThread+0x1c8
0a fffff880`0334db70 fffff800`0311ebc6 nt!ExpWorkerThread+0x111
0b fffff880`0334dc00 fffff800`02e786a6 nt!PspSystemThreadStartup+0x5a
0c fffff880`0334dc40 00000000`00000000 nt!KxStartSystemThread+0x16

The call stack is a standard call stack where you would see a TLB flush take place. The cache is requested to be flushed, this in turn results in the TLB of each processor core to be flushed as well. This activity is typically handled by an inter-processor interrupt. The inter-processor interrupt was sent by Processor 0 to all the other processors in the system. We can examine this using the !ipi debugger extension:

Code: 
5: kd> [COLOR=#008000]!ipi[/COLOR]
IPI State for Processor 0

    As a sender, awaiting IPI completion from processor(s) 4, [COLOR=#ff0000]5[/COLOR], 6, 7.

    TargetCount          4  PacketBarrier        1  IpiFrozen     0 [Running]


IPI State for Processor 1

    As a sender, awaiting IPI completion from processor(s) 6, 7.

    TargetCount          2  PacketBarrier        1  IpiFrozen     2 [Frozen]


IPI State for Processor 2

    As a sender, awaiting IPI completion from processor(s) 6, 7.

    TargetCount          2  PacketBarrier        1  IpiFrozen     2 [Frozen]


IPI State for Processor 3
    TargetCount          0  PacketBarrier        0  IpiFrozen     2 [Frozen]


IPI State for Processor 4

    As a receiver, unhandled requests are pending from processor(s) 0.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)

IPI State for Processor 5

    As a receiver, unhandled requests are pending from processor(s) 0.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: [COLOR=#ff0000]flush multiple range[/COLOR]
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)

IPI State for Processor 6

    As a receiver, unhandled requests are pending from processor(s) 0, 1, 2.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)
    From processor 1, active request of type: packet ready
        WorkerRoutine fffff80002e78bd0 (nt!xHalReferenceHandler)
        Parameter[0] 0  Parameter[1] 0  Parameter[2] 0
    From processor 2, active request of type: flush all

IPI State for Processor 7

    As a receiver, unhandled requests are pending from processor(s) 0, 1, 2.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)
    From processor 1, active request of type: packet ready
        WorkerRoutine fffff80002e78bd0 (nt!xHalReferenceHandler)
        Parameter[0] 0  Parameter[1] 0  Parameter[2] 0
    From processor 2, active request of type: flush all

As we can see, Processor 5 still has a pending request from Processor 0. Let's dump the current IRQL level of Processor 5:

Code: 
5: kd> [COLOR=#008000]!irql[/COLOR]
Debugger saved IRQL for processor 0x5 -- 0 ([COLOR=#ff0000]LOW_LEVEL[/COLOR])

The IRQL level doesn't appear to be saved for this processor, otherwise the interrupt should have been handled easily.

Let's dump the currently executing thread on the processor:

Code: 
5: kd> [COLOR=#008000]!thread[/COLOR]
THREAD fffffa801084aad0  Cid 0758.1a1c  Teb: 000007ffffecc000 Win32Thread: fffff900c223f660 RUNNING on processor 5
Not impersonating
DeviceMap                 fffff8a0018f1750
Owning Process            fffffa8011f52a30       Image:         [COLOR=#ff0000]TslGame.exe[/COLOR]
Attached Process          N/A            Image:         N/A
Wait Start TickCount      1251225        Ticks: 408 (0:00:00:06.364)
Context Switch Count      21104743       IdealProcessor: 0                 LargeStack
UserTime                  04:13:50.096
KernelTime                00:03:01.210
Win32 Start Address 0x000000013fbb53f0
Stack Init fffff880086d9c70 Current fffff880086d9960
Base [COLOR=#800080]fffff880086da000[/COLOR] Limit [COLOR=#0000cd]fffff880086d2000[/COLOR] Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0

We'll use the dps command to dump the raw stack of the thread.

I've attempted to reconsruct parts of the raw stack into a call stack, however, it may be incomplete or just wrong:

Code: 
5: kd> [COLOR=#008000]k= fffff880`086d63b0 fffff880`0ff6f749 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`086d63b0 fffff880`0ff69411 dxgmms1!VidSchiUpdateCurrentIsrFrameTime+0x95
01 fffff880`086d63e0 fffff880`0ff69097 dxgmms1!VidSchiProcessIsrVSync+0xc9
02 fffff880`086d6470 fffffa80`10757010 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
03 fffff880`086d64c0 fffff880`086d6740 0xfffffa80`10757010
04 fffff880`086d64c8 fffff880`0ff69097 0xfffff880`086d6740
05 fffff880`086d64d0 fffff880`0ff68f96 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
06 fffff880`086d6520 fffff880`03c0313f dxgmms1!VidSchDdiNotifyInterrupt+0x9e
07 fffff880`086d6550 fffff880`0f14d233 dxgkrnl!DxgNotifyInterruptCB+0x83
08 fffff880`086d6580 fffff880`0f14df37 nvlddmkm+0xfc233
09 fffff880`086d6610 fffff880`0f0aa808 nvlddmkm+0xfcf37
0a fffff880`086d66c0 fffffa80`10757010 nvlddmkm+0x59808
0b fffff880`086d67a0 fffff880`086d6a20 0xfffffa80`10757010
0c fffff880`086d67a8 fffff880`0ff69097 0xfffff880`086d6a20
0d fffff880`086d67b0 fffff880`0ff68f96 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
0e fffff880`086d6800 fffff880`03c0313f dxgmms1!VidSchDdiNotifyInterrupt+0x9e
0f fffff880`086d6830 fffff880`0f14d233 dxgkrnl!DxgNotifyInterruptCB+0x83

I made another attempt in a different part of the stack too:

Code: 
5: kd> [COLOR=#008000]k= fffff880`086d93f8 fffff800`02ea9fe0 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`086d93f8 fffff880`07e5a4dc nt!PsGetCurrentProcessId
01 fffff880`086d9400 00000000`00000000 [COLOR=#ff0000]BEDaisy+0x4a4dc[/COLOR]

I would consider removing the following driver from your system or finding an update for it.

Code: 
5: kd> [COLOR=#008000]lmvm BEDaisy[/COLOR]

start             end                 module name
fffff880`07e10000 fffff880`07ebf000   BEDaisy    (no symbols)           
    Loaded symbol image file: BEDaisy.sys
    Image path: \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys
    Image name: BEDaisy.sys
    Timestamp:        [COLOR=#ff0000]Wed Jan 11 03:01:10 2017 [/COLOR](58759FF6)
    CheckSum:         00071812
    ImageSize:        000AF000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

The driver belongs to your Battleeye anti-cheat program.

The Interrupt Flag was disabled, although, are IPIs maskable?

Code: 
5: kd> [COLOR=#008000]r @if[/COLOR]
if=[COLOR=#ff0000]0[/COLOR]
 
From my understanding of the Intel docs, it seems that all interrupts are maskable apart from NMI. Here's the IDT:

Code: 
0: kd> [COLOR=#008000]!idt[/COLOR]

Dumping IDT: fffff80003800080

00:    fffff80002e83180 nt!KiDivideErrorFault
01:    fffff80002e83280 nt!KiDebugTrapOrFault
02:    fffff80002e83440 nt!KiNmiInterrupt    Stack = 0xFFFFF80003812000
03:    fffff80002e837c0 nt!KiBreakpointTrap
04:    fffff80002e838c0 nt!KiOverflowTrap
05:    fffff80002e839c0 nt!KiBoundFault
06:    fffff80002e83ac0 nt!KiInvalidOpcodeFault
07:    fffff80002e83d00 nt!KiNpxNotAvailableFault
08:    fffff80002e83dc0 nt!KiDoubleFaultAbort    Stack = 0xFFFFF80003810000
09:    fffff80002e83e80 nt!KiNpxSegmentOverrunAbort
0a:    fffff80002e83f40 nt!KiInvalidTssFault
0b:    fffff80002e84000 nt!KiSegmentNotPresentFault
0c:    fffff80002e84140 nt!KiStackFault
0d:    fffff80002e84280 nt!KiGeneralProtectionFault
0e:    fffff80002e843c0 nt!KiPageFault
10:    fffff80002e84780 nt!KiFloatingErrorFault
11:    fffff80002e84900 nt!KiAlignmentFault
12:    fffff80002e84a00 nt!KiMcheckAbort    Stack = 0xFFFFF80003814000
13:    fffff80002e84d80 nt!KiXmmException
1f:    fffff80002ed1e90 nt!KiApcInterrupt
2c:    fffff80002e84f40 nt!KiRaiseAssertion
2d:    fffff80002e85040 nt!KiDebugServiceTrap
2f:    fffff80002ed2170 nt!KiDpcInterrupt
37:    fffff8000342d090 hal!HalpApicSpuriousService (KINTERRUPT fffff8000342d000)

3f:    fffff8000342d130 hal!HalpApicSpuriousService (KINTERRUPT fffff8000342d0a0)

50:    fffff8000342d270 hal!HalpCmciService (KINTERRUPT fffff8000342d1e0)

61:    fffffa800db332d0 serial!SerialCIsrSw (KINTERRUPT fffffa800db33240)

72:    fffffa800db33a50 HDAudBus!HdaController::Isr (KINTERRUPT fffffa800db339c0)

90:    fffffa800db33090 TeeDriverx64+0xfb94 (KMDF) (KINTERRUPT fffffa800db33000)

92:    fffffa800db33ed0 ataport!IdePortInterrupt (KINTERRUPT fffffa800db33e40)

                     ataport!IdePortInterrupt (KINTERRUPT fffffa800db33d80)

                     ataport!IdePortInterrupt (KINTERRUPT fffffa800db33cc0)

                     ataport!IdePortInterrupt (KINTERRUPT fffffa800db33c00)

                     ataport!IdePortInterrupt (KINTERRUPT fffffa800db33b40)

                     ataport!IdePortInterrupt (KINTERRUPT fffffa800db33a80)

                     HDAudBus!HdaController::Isr (KINTERRUPT fffffa800db33180)

                     dxgkrnl!DpiFdoLineInterruptRoutine (KINTERRUPT fffffa800db330c0)

a0:    fffffa800db33810 asmtxhci+0x53c7c (KINTERRUPT fffffa800db33780)

a8:    fffffa800db33990 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33900)

a9:    fffffa800db338d0 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33840)

aa:    fffffa800db33750 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db336c0)

ab:    fffffa800db33690 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33600)

ac:    fffffa800db335d0 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33540)

ad:    fffffa800db33510 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33480)

ae:    fffffa800db33450 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db333c0)

af:    fffffa800db33390 iusb3xhc+0x1b68 (KINTERRUPT fffffa800db33300)

b0:    fffffa800e891f90 ndis!ndisMiniportMessageIsr (KINTERRUPT fffffa800e891f00)

b1:    fffffa800db33f90 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT fffffa800db33f00)

c1:    fffff8000342d450 hal!HalpBroadcastCallService (KINTERRUPT fffff8000342d3c0)

d1:    fffff8000342d4f0 hal!HalpHpetClockInterrupt (KINTERRUPT fffff8000342d460)

d2:    fffff8000342d590 hal!HalpHpetRolloverInterrupt (KINTERRUPT fffff8000342d500)

df:    fffff8000342d3b0 hal!HalpApicRebootService (KINTERRUPT fffff8000342d320)

[COLOR=#0000cd]e1[/COLOR]:    fffff80002e90e60 [COLOR=#ff0000]nt!KiIpiInterrupt[/COLOR]
e2:    fffff8000342d310 hal!HalpDeferredRecoveryService (KINTERRUPT fffff8000342d280)

e3:    fffff8000342d1d0 hal!HalpLocalApicErrorService (KINTERRUPT fffff8000342d140)

fd:    fffff8000342d630 hal!HalpProfileInterrupt (KINTERRUPT fffff8000342d5a0)

fe:    fffff8000342d6d0 hal!HalpPerfInterrupt (KINTERRUPT fffff8000342d640)

ff:    0000000000000000
 
x BlueRobot said:
Code: 
[COLOR=#ff0000]BugCheck 101[/COLOR], {19, 0, [COLOR=#008000]fffff880030a5180[/COLOR], [COLOR=#0000cd]5[/COLOR]}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

I've highlighted the most interesting parameters of the bugcheck.

Code: 
0: kd> [COLOR=#008000]r $bug_param3[/COLOR]
$bug_param3=[COLOR=#ff0000]fffff880030a5180[/COLOR]

The address of the PRCB of the hung processor, we'll use the !prcb extension with this address in a moment.

Code: 
0: kd> [COLOR=#008000]r $bug_param4[/COLOR]
$bug_param4=[URL="tel:000000000000000"]000000000000000[/URL][COLOR=#ff0000]5[/COLOR]

The processor index which has become hung, the PRCB will have the same index number.

Let's dump the call stack and examine what is happening:

Code: 
0: kd> [COLOR=#008000]knL[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`0334d3e8 fffff800`02ee0b79 nt!KeBugCheckEx
01 fffff880`0334d3f0 fffff800`02e90be7 nt! ?? ::FNODOBFM::`string'+0x4e3e
02 fffff880`0334d480 fffff800`03407895 nt!KeUpdateSystemTime+0x377
03 fffff880`0334d580 fffff800`02e82953 [COLOR=#ff0000]hal!HalpHpetClockInterrupt+0x8d[/COLOR]
04 fffff880`0334d5b0 fffff800`02e8bee0 nt!KiInterruptDispatchNoLock+0x163
05 fffff880`0334d740 fffff800`02ecbb6c [COLOR=#ff0000]nt!KeFlushMultipleRangeTb+0x260[/COLOR]
06 fffff880`0334d810 fffff800`02ec89a1 nt!MmSetAddressRangeModified+0x2b0
07 fffff880`0334d910 fffff800`02ecc2f6 [COLOR=#ff0000]nt!CcFlushCache+0x561[/COLOR]
08 fffff880`0334da10 fffff800`02ecccc4 nt!CcWriteBehind+0x1c6
09 fffff880`0334dac0 fffff800`02e90749 nt!CcWorkerThread+0x1c8
0a fffff880`0334db70 fffff800`0311ebc6 nt!ExpWorkerThread+0x111
0b fffff880`0334dc00 fffff800`02e786a6 nt!PspSystemThreadStartup+0x5a
0c fffff880`0334dc40 00000000`00000000 nt!KxStartSystemThread+0x16

The call stack is a standard call stack where you would see a TLB flush take place. The cache is requested to be flushed, this in turn results in the TLB of each processor core to be flushed as well. This activity is typically handled by an inter-processor interrupt. The inter-processor interrupt was sent by Processor 0 to all the other processors in the system. We can examine this using the !ipi debugger extension:

Code: 
5: kd> [COLOR=#008000]!ipi[/COLOR]
IPI State for Processor 0

    As a sender, awaiting IPI completion from processor(s) 4, [COLOR=#ff0000]5[/COLOR], 6, 7.

    TargetCount          4  PacketBarrier        1  IpiFrozen     0 [Running]


IPI State for Processor 1

    As a sender, awaiting IPI completion from processor(s) 6, 7.

    TargetCount          2  PacketBarrier        1  IpiFrozen     2 [Frozen]


IPI State for Processor 2

    As a sender, awaiting IPI completion from processor(s) 6, 7.

    TargetCount          2  PacketBarrier        1  IpiFrozen     2 [Frozen]


IPI State for Processor 3
    TargetCount          0  PacketBarrier        0  IpiFrozen     2 [Frozen]


IPI State for Processor 4

    As a receiver, unhandled requests are pending from processor(s) 0.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)

IPI State for Processor 5

    As a receiver, unhandled requests are pending from processor(s) 0.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: [COLOR=#ff0000]flush multiple range[/COLOR]
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)

IPI State for Processor 6

    As a receiver, unhandled requests are pending from processor(s) 0, 1, 2.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)
    From processor 1, active request of type: packet ready
        WorkerRoutine fffff80002e78bd0 (nt!xHalReferenceHandler)
        Parameter[0] 0  Parameter[1] 0  Parameter[2] 0
    From processor 2, active request of type: flush all

IPI State for Processor 7

    As a receiver, unhandled requests are pending from processor(s) 0, 1, 2.

    TargetCount          0  PacketBarrier        0  IpiFrozen     5 [Target Freeze]

    From processor 0, active request of type: flush multiple range
        Flush Count 1  Flush List fffff8800334d838  (dp fffff8800334d838 l1)
    From processor 1, active request of type: packet ready
        WorkerRoutine fffff80002e78bd0 (nt!xHalReferenceHandler)
        Parameter[0] 0  Parameter[1] 0  Parameter[2] 0
    From processor 2, active request of type: flush all

As we can see, Processor 5 still has a pending request from Processor 0. Let's dump the current IRQL level of Processor 5:

Code: 
5: kd> [COLOR=#008000]!irql[/COLOR]
Debugger saved IRQL for processor 0x5 -- 0 ([COLOR=#ff0000]LOW_LEVEL[/COLOR])

The IRQL level doesn't appear to be saved for this processor, otherwise the interrupt should have been handled easily.

Let's dump the currently executing thread on the processor:

Code: 
5: kd> [COLOR=#008000]!thread[/COLOR]
THREAD fffffa801084aad0  Cid 0758.1a1c  Teb: 000007ffffecc000 Win32Thread: fffff900c223f660 RUNNING on processor 5
Not impersonating
DeviceMap                 fffff8a0018f1750
Owning Process            fffffa8011f52a30       Image:         [COLOR=#ff0000]TslGame.exe[/COLOR]
Attached Process          N/A            Image:         N/A
Wait Start TickCount      [URL="tel:1251225"]1251225[/URL]        Ticks: 408 (0:00:00:06.364)
Context Switch Count      21104743       IdealProcessor: 0                 LargeStack
UserTime                  04:13:50.096
KernelTime                00:03:01.210
Win32 Start Address 0x000000013fbb53f0
Stack Init fffff880086d9c70 Current fffff880086d9960
Base [COLOR=#800080]fffff880086da000[/COLOR] Limit [COLOR=#0000cd]fffff880086d2000[/COLOR] Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0

We'll use the dps command to dump the raw stack of the thread.

I've attempted to reconsruct parts of the raw stack into a call stack, however, it may be incomplete or just wrong:

Code: 
5: kd> [COLOR=#008000]k= fffff880`086d63b0 fffff880`0ff6f749 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`086d63b0 fffff880`0ff69411 dxgmms1!VidSchiUpdateCurrentIsrFrameTime+0x95
01 fffff880`086d63e0 fffff880`0ff69097 dxgmms1!VidSchiProcessIsrVSync+0xc9
02 fffff880`086d6470 fffffa80`10757010 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
03 fffff880`086d64c0 fffff880`086d6740 0xfffffa80`10757010
04 fffff880`086d64c8 fffff880`0ff69097 0xfffff880`086d6740
05 fffff880`086d64d0 fffff880`0ff68f96 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
06 fffff880`086d6520 fffff880`03c0313f dxgmms1!VidSchDdiNotifyInterrupt+0x9e
07 fffff880`086d6550 fffff880`0f14d233 dxgkrnl!DxgNotifyInterruptCB+0x83
08 fffff880`086d6580 fffff880`0f14df37 nvlddmkm+0xfc233
09 fffff880`086d6610 fffff880`0f0aa808 nvlddmkm+0xfcf37
0a fffff880`086d66c0 fffffa80`10757010 nvlddmkm+0x59808
0b fffff880`086d67a0 fffff880`086d6a20 0xfffffa80`10757010
0c fffff880`086d67a8 fffff880`0ff69097 0xfffff880`086d6a20
0d fffff880`086d67b0 fffff880`0ff68f96 dxgmms1!VidSchDdiNotifyInterruptWorker+0xef
0e fffff880`086d6800 fffff880`03c0313f dxgmms1!VidSchDdiNotifyInterrupt+0x9e
0f fffff880`086d6830 fffff880`0f14d233 dxgkrnl!DxgNotifyInterruptCB+0x83

I made another attempt in a different part of the stack too:

Code: 
5: kd> [COLOR=#008000]k= fffff880`086d93f8 fffff800`02ea9fe0 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`086d93f8 fffff880`07e5a4dc nt!PsGetCurrentProcessId
01 fffff880`086d9400 00000000`00000000 [COLOR=#ff0000]BEDaisy+0x4a4dc[/COLOR]

I would consider removing the following driver from your system or finding an update for it.

Code: 
5: kd> [COLOR=#008000]lmvm BEDaisy[/COLOR]

start             end                 module name
fffff880`07e10000 fffff880`07ebf000   BEDaisy    (no symbols)           
    Loaded symbol image file: BEDaisy.sys
    Image path: \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys
    Image name: BEDaisy.sys
    Timestamp:        [COLOR=#ff0000]Wed Jan 11 03:01:10 2017 [/COLOR](58759FF6)
    CheckSum:         [URL="tel:00071812"]00071812[/URL]
    ImageSize:        000AF000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

The driver belongs to your Battleeye anti-cheat program.

The Interrupt Flag was disabled, although, are IPIs maskable?

Code: 
5: kd> [COLOR=#008000]r @if[/COLOR]
if=[COLOR=#ff0000]0[/COLOR]
Click to expand...

The battleeye anti cheat is part of a game and i have no control over that. And i dont understand the rest of what you said
 
I'll try to explain a few things, my apologies if there are things you already understand.


PRCB stands for processor control block, it is information that is used to process something.
Process control block - Wikipedia

Inter-processor interrupt is interrupting another processor to handle operations that require attention from another processor, like flushing the cache.
Inter-processor interrupt - Wikipedia

IRQL stands for Interrupt ReQuest Level, basically an order used by the processor to process things. The higher the IRQL the sooner it needs to be processed (in comparison with other IRQL actions) with a limit of 13 for x64 and I believe 23 for x86.
IRQL (Windows) - Wikipedia

Stack is a data structure that is being used to, basically, keep track of the activity that has been happening from the bottom to the top. This can be used to debug issues in software.
For example, KxStartSystemThread called PspSystemThreadStartup, PspSystemThreadStartup called ExpWorkerThread, etc.
Code: 
0: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffff880`0334d3e8 fffff800`02ee0b79 nt!KeBugCheckEx
01 fffff880`0334d3f0 fffff800`02e90be7 nt! ?? ::FNODOBFM::`string'+0x4e3e
02 fffff880`0334d480 fffff800`03407895 nt!KeUpdateSystemTime+0x377
03 fffff880`0334d580 fffff800`02e82953 hal!HalpHpetClockInterrupt+0x8d
04 fffff880`0334d5b0 fffff800`02e8bee0 nt!KiInterruptDispatchNoLock+0x163
05 fffff880`0334d740 fffff800`02ecbb6c nt!KeFlushMultipleRangeTb+0x260
06 fffff880`0334d810 fffff800`02ec89a1 nt!MmSetAddressRangeModified+0x2b0
07 fffff880`0334d910 fffff800`02ecc2f6 nt!CcFlushCache+0x561
08 fffff880`0334da10 fffff800`02ecccc4 nt!CcWriteBehind+0x1c6
09 fffff880`0334dac0 fffff800`02e90749 nt!CcWorkerThread+0x1c8
0a fffff880`0334db70 fffff800`0311ebc6 nt!ExpWorkerThread+0x111
0b fffff880`0334dc00 fffff800`02e786a6 nt!PspSystemThreadStartup+0x5a
0c fffff880`0334dc40 00000000`00000000 nt!KxStartSystemThread+0x16
Stack (abstract data type) - Wikipedia

TLB stands for Translating Look-aside Buffer, a memory cache that is used to reduce time to access a memory location.
Translation lookaside buffer - Wikipedia


Hopefully this post cleared up a few things and helped you understand more about what x BlueRobot posted :smile9:
If there are things you would like to know more about, or if I've forgotten something, please ask us.
Added links for extra explanation
 
x BlueRobot said:
Thanks axe!

@phazed

Has there been any patches released for the game recently?
Click to expand...

it gets updated all the time. But it would bsod even on other games. Its not just this one. It did it once wven when in a menu. And its random. It will do it once a day. Or maybe twice.
 
axe0 said:
I'll try to explain a few things, my apologies if there are things you already understand.


PRCB stands for processor control block, it is information that is used to process something.
Process control block - Wikipedia

Inter-processor interrupt is interrupting another processor to handle operations that require attention from another processor, like flushing the cache.
Inter-processor interrupt - Wikipedia

IRQL stands for Interrupt ReQuest Level, basically an order used by the processor to process things. The higher the IRQL the sooner it needs to be processed (in comparison with other IRQL actions) with a limit of 13 for x64 and I believe 23 for x86.
IRQL (Windows) - Wikipedia

Stack is a data structure that is being used to, basically, keep track of the activity that has been happening from the bottom to the top. This can be used to debug issues in software.
For example, KxStartSystemThread called PspSystemThreadStartup, PspSystemThreadStartup called ExpWorkerThread, etc.
Code: 
0: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffff880`0334d3e8 fffff800`02ee0b79 nt!KeBugCheckEx
01 fffff880`0334d3f0 fffff800`02e90be7 nt! ?? ::FNODOBFM::`string'+0x4e3e
02 fffff880`0334d480 fffff800`03407895 nt!KeUpdateSystemTime+0x377
03 fffff880`0334d580 fffff800`02e82953 hal!HalpHpetClockInterrupt+0x8d
04 fffff880`0334d5b0 fffff800`02e8bee0 nt!KiInterruptDispatchNoLock+0x163
05 fffff880`0334d740 fffff800`02ecbb6c nt!KeFlushMultipleRangeTb+0x260
06 fffff880`0334d810 fffff800`02ec89a1 nt!MmSetAddressRangeModified+0x2b0
07 fffff880`0334d910 fffff800`02ecc2f6 nt!CcFlushCache+0x561
08 fffff880`0334da10 fffff800`02ecccc4 nt!CcWriteBehind+0x1c6
09 fffff880`0334dac0 fffff800`02e90749 nt!CcWorkerThread+0x1c8
0a fffff880`0334db70 fffff800`0311ebc6 nt!ExpWorkerThread+0x111
0b fffff880`0334dc00 fffff800`02e786a6 nt!PspSystemThreadStartup+0x5a
0c fffff880`0334dc40 00000000`00000000 nt!KxStartSystemThread+0x16
Stack (abstract data type) - Wikipedia

TLB stands for Translating Look-aside Buffer, a memory cache that is used to reduce time to access a memory location.
Translation lookaside buffer - Wikipedia


Hopefully this post cleared up a few things and helped you understand more about what x BlueRobot posted :smile9:
If there are things you would like to know more about, or if I've forgotten something, please ask us.
Added links for extra explanation
Click to expand...

Oh i thought he was telling me a fix and i didnt understand
 
If that is the case, have you attempted to boot into Safe Mode and seeing if the system crashes there?
 
x BlueRobot said:
Does the system crash with every game you play, or just that particular game?
Click to expand...

it depends, the more taxing of a game the more it happens more, but it will happen sometimes on just about any game. It happened twice today in about 2 hours than didnt do it for the rest of the day.

by any chance could this be a heating issue? or were you able to figure anything out in my dump files. whenever i use a bsod viewer it always says its because of driver ntoskml.exe
 
It appears to be a driver-related issue, I would consider finding an update for your graphics card driver; what game were you playing in the two hours that the system crashed?

Could you please upload the additional dump files too?

BlueScreenView will only provide you with the bugcheck stop code and its parameters, as well as, a call stack of the last running thread. We use WinDbg.
 
x BlueRobot said:
It appears to be a driver-related issue, I would consider finding an update for your graphics card driver; what game were you playing in the two hours that the system crashed?

Could you please upload the additional dump files too?

BlueScreenView will only provide you with the bugcheck stop code and its parameters, as well as, a call stack of the last running thread. We use WinDbg.
Click to expand...

my video card drivers are fully updated. iv updated multiple times over the past two years and still get BSOD, even when i built this computer it was doing bsod pretty much a week into the new build.. im mostly playing pubg recently but if i stream overwatch it does it too sometimes. and the game 'for honor' it does it on too sometimes.

here is the new memory file
Dropbox - MEMORY.zip
 
Code: 
[COLOR=#ff0000]BugCheck 101[/COLOR], {19, 0, [COLOR=#008000]fffff88002fb4180[/COLOR], [COLOR=#0000ff]3[/COLOR]}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Let's dump the stack quickly with any associated parameters:

Code: 
0: kd> [COLOR=#008000]!load cmkd[/COLOR]
0: kd> [COLOR=#008000]!stack -p[/COLOR]
Call Stack : 15 frames
## Stack-Pointer    Return-Address   Call-Site       
00 fffff880035c8f98 fffff80002f2eb79 nt!KeBugCheckEx+0 
    Parameter[0] = (unknown)       
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
01 fffff880035c8fa0 fffff80002edebe7 nt!KeAccumulateTicks+64259 (perf)
    Parameter[0] = fffff80003053e80
    Parameter[1] = fffffa801597e310
    Parameter[2] = 0000000000000000
    Parameter[3] = 000000000000000c
02 fffff880035c9030 fffff80002e26895 nt!KeUpdateSystemTime+377 
    Parameter[0] = fffff880035c9160
    Parameter[1] = fffff80003053e80
    Parameter[2] = 000000000000000c
    Parameter[3] = (unknown)       
03 fffff880035c9130 fffff80002ed0953 hal!HalpHpetClockInterrupt+8d 
    Parameter[0] = fffff80002e4c460
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
04 fffff880035c9160 fffff80002ed9ee0 nt!KiInterruptDispatchNoLock+163 
    Parameter[0] = fffff880035c9330
    Parameter[1] = fffff880035c9400
    Parameter[2] = fffff880035c9400
    Parameter[3] = 0000000000000001
05 fffff880035c92f0 fffff80002ef4d71 nt!KeFlushMultipleRangeTb+260 (perf)
    Parameter[0] = 0000000000000001
    Parameter[1] = fffff880035c93f8
    Parameter[2] = 0000000000000000
    Parameter[3] = 0000000000000001
06 fffff880035c93c0 fffff80002ef77e8 nt!MiFlushTbAsNeeded+1d1 
    Parameter[0] = fffff6fc50070730
    Parameter[1] = 0000000000000003
    Parameter[2] = 0000000000000000
    Parameter[3] = (unknown)       
07 fffff880035c94d0 fffff80003009f86 nt!MiAllocatePagedPoolPages+4cc 
    Parameter[0] = (unknown)       
    Parameter[1] = 0000000000000003
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
08 fffff880035c95f0 fffff80002ef54e0 nt!MiAllocatePoolPages+906 
    Parameter[0] = 0000000000000001
    Parameter[1] = 0000000000002030
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
09 fffff880035c9730 fffff8000300c90e nt!ExpAllocateBigPool+b0 (perf)
    Parameter[0] = 0000000000000000
    Parameter[1] = 0000000000000009
    Parameter[2] = 0000000000002030
    Parameter[3] = 000000006d4e624f
0a fffff880035c9820 fffff80002ee8485 [COLOR=#ff0000]nt!ExAllocatePoolWithTag+82e[/COLOR] (perf)
    Parameter[0] = 0000000000000009
    Parameter[1] = 0000000000002030
    Parameter[2] = 00000000[COLOR=#0000ff]6d4e624f[/COLOR]
    Parameter[3] = (unknown)       
0b fffff880035c9910 fffff800031f37c3 nt!ExAllocatePoolWithQuotaTag+55 (perf)
    Parameter[0] = 0000000000000009
    Parameter[1] = (unknown)       
    Parameter[2] = 000000006d4e624f
    Parameter[3] = (unknown)       
0c fffff880035c9960 fffff80002ed3693 nt!NtQueryDirectoryObject+8b
    Parameter[0] = 0000000000000001
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
0d fffff880035c9a70 0000000076eacc6a nt!KiSystemServiceCopyEnd+13 
    Parameter[0] = 0000000000000104
    Parameter[1] = 00000000010d1e20
    Parameter[2] = 0000000000000001
    Parameter[3] = 0000000000f4f678

I was curious to see what the pool allocation was for, the third parameter contains the string literal for the pool tag. Let's dump the tag:

Code: 
3: kd> [COLOR=#008000].formats 6d4e624f[/COLOR]
Evaluate expression:
  Hex:     00000000`6d4e624f
  Decimal: 1833853519
  Octal:   0000000000015523461117
  Binary:  00000000 00000000 00000000 00000000 01101101 01001110 01100010 01001111
  Chars:   ....[COLOR=#ff0000]mNbO[/COLOR]
  Time:    Fri Feb 11 03:45:19 2028
  Float:   low 3.99205e+027 high 0
  Double:  9.06044e-315

If we reverse the string, we find the pool tag to be ObNm:

Code: 
0: kd> [COLOR=#008000]!pooltag ObNm[/COLOR]
Pooltag [COLOR=#ff0000]ObNm[/COLOR]
Description: object names
Driver!Module: nt!ob

We'll dump the hung processor PRCB:

Code: 
0: kd> [COLOR=#008000]~3[/COLOR]
3: kd> [COLOR=#008000]!prcb[/COLOR]
PRCB for Processor 3 at fffff88002fb4180:
Current IRQL -- [COLOR=#ff0000]0[/COLOR]
Threads--  Current fffff88002fbf0c0 Next 0000000000000000 Idle fffff88002fbf0c0
Processor Index 3 Number (0, 3) GroupSetMember 8
Interrupt Count -- 0079f53e
Times -- Dpc    00000000 Interrupt 0000007e 
         Kernel 0001d806 User      00015113

The IRQL likely isn't saved for this processor, I've also checked the CR8 register which also appears to be the same.

Code: 
3: kd> [COLOR=#008000]!thread[/COLOR]
THREAD fffff88002fbf0c0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
Not impersonating
DeviceMap                 fffff8a000008e00
Owning Process            fffff80003062180       Image:         Idle
Attached Process          fffffa800d67d040       Image:         System
Wait Start TickCount      0              Ticks: 207584 (0:00:53:58.331)
Context Switch Count      14239361       IdealProcessor: 3             
UserTime                  00:00:00.000
KernelTime                00:28:47.523
Win32 Start Address nt!KiIdleLoop (0xfffff80002ecc0b0)
Stack Init fffff88002fdcc70 Current fffff88002fdcc00
Base[COLOR=#800080] fffff88002fdd000[/COLOR] Limit [COLOR=#0000cd]fffff88002fd7000[/COLOR] Call 0
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP          RetAddr           : Args to Child                                                           : Call Site
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0

Our partial call stack for the thread:

Code: 
3: kd> [COLOR=#008000]k=fffff880`02fdb5c0 fffff880`0441c027 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`02fdb5c0 fffffa80`0e4a8cb0 e1d62x64!DriverEntry+0x18583
01 fffff880`02fdb6b0 fffffa80`0e7aa000 0xfffffa80`0e4a8cb0
02 fffff880`02fdb6b8 fffffa80`1382f1c0 0xfffffa80`0e7aa000
03 fffff880`02fdb6c0 fffff880`02fdb759 0xfffffa80`1382f1c0
04 fffff880`02fdb6c8 fffff880`0441c027 0xfffff880`02fdb759
05 fffff880`02fdb6d0 fffff880`0441c027 e1d62x64!DriverEntry+0x18583
06 fffff880`02fdb7c0 fffff880`0441ae12 e1d62x64!DriverEntry+0x18583
07 fffff880`02fdb8b0 fffff880`044187b9 e1d62x64!DriverEntry+0x1736e
08 fffff880`02fdb8e0 fffff800`02e2062f e1d62x64!DriverEntry+0x14d15
09 fffff880`02fdb920 fffff880`014645e0 hal!HalBuildScatterGatherList+0x203
0a fffff880`02fdb990 fffff880`0441b849 ndis!NdisMAllocateNetBufferSGList+0x110
0b fffff880`02fdba30 fffff880`0441bcc6 [COLOR=#ff0000]e1d62x64[/COLOR]!DriverEntry+0x17da5
0c fffff880`02fdba80 fffff880`044187de e1d62x64!DriverEntry+0x18222
0d fffff880`02fdbad0 fffff880`015214f1 e1d62x64!DriverEntry+0x14d3a
0e fffff880`02fdbb10 fffff880`014644b4 ndis!ndisMSendNBLToMiniport+0xb1
0f fffff880`02fdbb70 fffff880`043d5ab7 ndis!NdisFSendNetBufferLists+0x64

Code: 
3: kd> [COLOR=#008000]lmvm e1d62x64[/COLOR]

start             end                 module name
fffff880`04400000 fffff880`0447e000   e1d62x64   (export symbols)       e1d62x64.sys
    Loaded symbol image file: e1d62x64.sys
    Image path: \SystemRoot\system32\DRIVERS\e1d62x64.sys
    Image name: e1d62x64.sys
    Timestamp:        [COLOR=#ff0000]Thu Aug 13 10:05:40 2015[/COLOR] (55CC5DE4)
    CheckSum:         00086CA6
    ImageSize:        0007E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I would consider updating your Intel NDIS network driver using the Intel Driver Update tool - Drivers & Software
 
x BlueRobot said:
Code: 
[COLOR=#ff0000]BugCheck 101[/COLOR], {19, 0, [COLOR=#008000]fffff88002fb4180[/COLOR], [COLOR=#0000ff]3[/COLOR]}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Let's dump the stack quickly with any associated parameters:

Code: 
0: kd> [COLOR=#008000]!load cmkd[/COLOR]
0: kd> [COLOR=#008000]!stack -p[/COLOR]
Call Stack : 15 frames
## Stack-Pointer    Return-Address   Call-Site       
00 fffff880035c8f98 fffff80002f2eb79 nt!KeBugCheckEx+0 
    Parameter[0] = (unknown)       
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
01 fffff880035c8fa0 fffff80002edebe7 nt!KeAccumulateTicks+64259 (perf)
    Parameter[0] = fffff80003053e80
    Parameter[1] = fffffa801597e310
    Parameter[2] = 0000000000000000
    Parameter[3] = 000000000000000c
02 fffff880035c9030 fffff80002e26895 nt!KeUpdateSystemTime+377 
    Parameter[0] = fffff880035c9160
    Parameter[1] = fffff80003053e80
    Parameter[2] = 000000000000000c
    Parameter[3] = (unknown)       
03 fffff880035c9130 fffff80002ed0953 hal!HalpHpetClockInterrupt+8d 
    Parameter[0] = fffff80002e4c460
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
04 fffff880035c9160 fffff80002ed9ee0 nt!KiInterruptDispatchNoLock+163 
    Parameter[0] = fffff880035c9330
    Parameter[1] = fffff880035c9400
    Parameter[2] = fffff880035c9400
    Parameter[3] = 0000000000000001
05 fffff880035c92f0 fffff80002ef4d71 nt!KeFlushMultipleRangeTb+260 (perf)
    Parameter[0] = 0000000000000001
    Parameter[1] = fffff880035c93f8
    Parameter[2] = 0000000000000000
    Parameter[3] = 0000000000000001
06 fffff880035c93c0 fffff80002ef77e8 nt!MiFlushTbAsNeeded+1d1 
    Parameter[0] = fffff6fc50070730
    Parameter[1] = 0000000000000003
    Parameter[2] = 0000000000000000
    Parameter[3] = (unknown)       
07 fffff880035c94d0 fffff80003009f86 nt!MiAllocatePagedPoolPages+4cc 
    Parameter[0] = (unknown)       
    Parameter[1] = 0000000000000003
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
08 fffff880035c95f0 fffff80002ef54e0 nt!MiAllocatePoolPages+906 
    Parameter[0] = 0000000000000001
    Parameter[1] = 0000000000002030
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
09 fffff880035c9730 fffff8000300c90e nt!ExpAllocateBigPool+b0 (perf)
    Parameter[0] = 0000000000000000
    Parameter[1] = 0000000000000009
    Parameter[2] = 0000000000002030
    Parameter[3] = 000000006d4e624f
0a fffff880035c9820 fffff80002ee8485 [COLOR=#ff0000]nt!ExAllocatePoolWithTag+82e[/COLOR] (perf)
    Parameter[0] = 0000000000000009
    Parameter[1] = 0000000000002030
    Parameter[2] = 00000000[COLOR=#0000ff]6d4e624f[/COLOR]
    Parameter[3] = (unknown)       
0b fffff880035c9910 fffff800031f37c3 nt!ExAllocatePoolWithQuotaTag+55 (perf)
    Parameter[0] = 0000000000000009
    Parameter[1] = (unknown)       
    Parameter[2] = 000000006d4e624f
    Parameter[3] = (unknown)       
0c fffff880035c9960 fffff80002ed3693 nt!NtQueryDirectoryObject+8b
    Parameter[0] = 0000000000000001
    Parameter[1] = (unknown)       
    Parameter[2] = (unknown)       
    Parameter[3] = (unknown)       
0d fffff880035c9a70 0000000076eacc6a nt!KiSystemServiceCopyEnd+13 
    Parameter[0] = 0000000000000104
    Parameter[1] = 00000000010d1e20
    Parameter[2] = 0000000000000001
    Parameter[3] = 0000000000f4f678

I was curious to see what the pool allocation was for, the third parameter contains the string literal for the pool tag. Let's dump the tag:

Code: 
3: kd> [COLOR=#008000].formats 6d4e624f[/COLOR]
Evaluate expression:
  Hex:     00000000`6d4e624f
  Decimal: 1833853519
  Octal:   0000000000015523461117
  Binary:  00000000 00000000 00000000 00000000 01101101 01001110 01100010 01001111
  Chars:   ....[COLOR=#ff0000]mNbO[/COLOR]
  Time:    Fri Feb 11 03:45:19 2028
  Float:   low 3.99205e+027 high 0
  Double:  9.06044e-315

If we reverse the string, we find the pool tag to be ObNm:

Code: 
0: kd> [COLOR=#008000]!pooltag ObNm[/COLOR]
Pooltag [COLOR=#ff0000]ObNm[/COLOR]
Description: object names
Driver!Module: nt!ob

We'll dump the hung processor PRCB:

Code: 
0: kd> [COLOR=#008000]~3[/COLOR]
3: kd> [COLOR=#008000]!prcb[/COLOR]
PRCB for Processor 3 at fffff88002fb4180:
Current IRQL -- [COLOR=#ff0000]0[/COLOR]
Threads--  Current fffff88002fbf0c0 Next 0000000000000000 Idle fffff88002fbf0c0
Processor Index 3 Number (0, 3) GroupSetMember 8
Interrupt Count -- 0079f53e
Times -- Dpc    00000000 Interrupt 0000007e 
         Kernel 0001d806 User      00015113

The IRQL likely isn't saved for this processor, I've also checked the CR8 register which also appears to be the same.

Code: 
3: kd> [COLOR=#008000]!thread[/COLOR]
THREAD fffff88002fbf0c0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
Not impersonating
DeviceMap                 fffff8a000008e00
Owning Process            fffff80003062180       Image:         Idle
Attached Process          fffffa800d67d040       Image:         System
Wait Start TickCount      0              Ticks: 207584 (0:00:53:58.331)
Context Switch Count      14239361       IdealProcessor: 3             
UserTime                  00:00:00.000
KernelTime                00:28:47.523
Win32 Start Address nt!KiIdleLoop (0xfffff80002ecc0b0)
Stack Init fffff88002fdcc70 Current fffff88002fdcc00
Base[COLOR=#800080] fffff88002fdd000[/COLOR] Limit [COLOR=#0000cd]fffff88002fd7000[/COLOR] Call 0
Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
Child-SP          RetAddr           : Args to Child                                                           : Call Site
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0

Our partial call stack for the thread:

Code: 
3: kd> [COLOR=#008000]k=fffff880`02fdb5c0 fffff880`0441c027 10[/COLOR]
 # Child-SP          RetAddr           Call Site
00 fffff880`02fdb5c0 fffffa80`0e4a8cb0 e1d62x64!DriverEntry+0x18583
01 fffff880`02fdb6b0 fffffa80`0e7aa000 0xfffffa80`0e4a8cb0
02 fffff880`02fdb6b8 fffffa80`1382f1c0 0xfffffa80`0e7aa000
03 fffff880`02fdb6c0 fffff880`02fdb759 0xfffffa80`1382f1c0
04 fffff880`02fdb6c8 fffff880`0441c027 0xfffff880`02fdb759
05 fffff880`02fdb6d0 fffff880`0441c027 e1d62x64!DriverEntry+0x18583
06 fffff880`02fdb7c0 fffff880`0441ae12 e1d62x64!DriverEntry+0x18583
07 fffff880`02fdb8b0 fffff880`044187b9 e1d62x64!DriverEntry+0x1736e
08 fffff880`02fdb8e0 fffff800`02e2062f e1d62x64!DriverEntry+0x14d15
09 fffff880`02fdb920 fffff880`014645e0 hal!HalBuildScatterGatherList+0x203
0a fffff880`02fdb990 fffff880`0441b849 ndis!NdisMAllocateNetBufferSGList+0x110
0b fffff880`02fdba30 fffff880`0441bcc6 [COLOR=#ff0000]e1d62x64[/COLOR]!DriverEntry+0x17da5
0c fffff880`02fdba80 fffff880`044187de e1d62x64!DriverEntry+0x18222
0d fffff880`02fdbad0 fffff880`015214f1 e1d62x64!DriverEntry+0x14d3a
0e fffff880`02fdbb10 fffff880`014644b4 ndis!ndisMSendNBLToMiniport+0xb1
0f fffff880`02fdbb70 fffff880`043d5ab7 ndis!NdisFSendNetBufferLists+0x64

Code: 
3: kd> [COLOR=#008000]lmvm e1d62x64[/COLOR]

start             end                 module name
fffff880`04400000 fffff880`0447e000   e1d62x64   (export symbols)       e1d62x64.sys
    Loaded symbol image file: e1d62x64.sys
    Image path: \SystemRoot\system32\DRIVERS\e1d62x64.sys
    Image name: e1d62x64.sys
    Timestamp:        [COLOR=#ff0000]Thu Aug 13 10:05:40 2015[/COLOR] (55CC5DE4)
    CheckSum:         00086CA6
    ImageSize:        0007E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I would consider updating your Intel NDIS network driver using the Intel Driver Update tool - Drivers & Software
Click to expand...

when i use intels driver updater tool it says no drivers were detected for your product
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top