BSOD BAD_POOL_HANDLER crashes - Windows 8 x64

S

stevenjw

Member
Joined
Apr 21, 2014
Posts
22
The following system crashes frequently with BSOD BAD_POOL_HANDLER:

HP-HDX-18 Premium Series laptop with SSD drive

OS Name Microsoft Windows 8 Pro
Version 6.2.9200 Build 9200
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name HP-HDX-18
System Manufacturer Hewlett-Packard
System Model HP HDX 18 Notebook PC
System Type x64-based PC
System SKU FJ927AV
Processor Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2267 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Hewlett-Packard F.34, 12/8/2010
SMBIOS Version 2.4
Embedded Controller Version 21.45
BIOS Mode Legacy
BaseBoard Manufacturer Quanta
BaseBoard Model Not Available
BaseBoard Name Base Board
Platform Role Mobile
Secure Boot State Unsupported
PCR7 Configuration Binding Not Possible
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.2.9200.16442"
User Name HP-HDX-18\Steve
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 4.00 GB
 
Hi,

BAD_POOL_HEADER (19)

This indicates that a pool header is corrupt.

BugCheck 19, {3, fffffa8006ece4c0, 0, fffffa8006ece4c0}

Code: 
Analyzing linked list...
[ fffffa8006ece000 ]: invalid previous size [ 0xdb ] should be [ 0x0 ]
[ fffffa8006ece000 --> fffffa8006ecef20 (size = 0xf20 bytes)]: Corrupt region

A 3rd party driver is corrupting the freelist.


1. wdcsam64.sys is listed and loaded which is the Western Digital SES (SCSI Enclosure Services) driver. Please remove this software ASAP as it's very troublesome and is also not necessary to the functionality of your system.

2.

Code: 
1: kd> lmvm enecir
start             end                 module name
fffff880`0389e000 fffff880`038ba000   enecir     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\enecir.sys
    Image name: enecir.sys
    Timestamp:        Thu Sep 04 05:47:58 [COLOR=#ff0000]2008[/COLOR]

ENE CIR Driver for eHome. This driver is incompatible with Windows 8/8.1, so either see if an update is available or uninstall the software + remove the device (if any) ASAP.

Regards,

Patrick
 
This bugcheck is very consistant in that a pool entry list is corrupt.
More specifically the forward link in the linked list is corrupt to the point where you can't read it.

Code: 
BugCheck 19, {3, fffffa80070f24c0, [COLOR="#FF0000"]ffffffffffffffff[/COLOR], fffffa80070f24c0}

All parameters except the first one should be the same but the flink is corrupt on multiple bugcheck.

The list entry is as follows but it's not very helpful as there isn't much information in it.

Code: 
0: kd> [COLOR="#008000"]dc fffffa80070f24c0[/COLOR]
fffffa80`070f24c0  070e0000 fffffa80 1cd007c0 fffff802  ................
fffffa80`070f24d0  ffffffff ffffffff ffffffff ffffffff  ................
fffffa80`070f24e0  02060003 4d52564e c4ab42a1 60b79782  ....NVRM.B.....`
fffffa80`070f24f0  0000000c ff020000 0703be70 fffffa80  ........p.......
fffffa80`070f2500  00000000 00000000 070f24f0 fffffa80  .........$......
fffffa80`070f2510  caf000b1 00000000 caf000b1 00000000  ................
fffffa80`070f2520  00000000 00000000 0706e608 fffffa80  ................
fffffa80`070f2530  070ecfc8 fffffa80 070f85a8 fffffa80  ................

The Nvidia driver is being flagged in one bugcheck but I feel it could be false and it's just being blamed.

I recommend Driver Verifier.

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.
 
Patrick,

I moved those two files to a save location and rebooted. I'll use the laptop and will know if this resolved the issue relatively soon since it would crash very frequently. Hopefully, I'll reply in a week that all is well now. Fingers crossed....

Thanks,
Steve
 
Jared,

I'm running Windows 8 Pro. I followed the instructions earlier in the "while you wait" section, issuing verifier and rebooting, but Windows wouldn't boot, so I did a restore back to previously saved checkpoint.

I can try again, but want to give Patrick's suggestions a try first.

Thanks,
Steve
 
Okay sure, you should go to the start menu.
Type in msconfig
Then go to startup and remove all programs from startup as one of those programs will be causing the bugchecks.
 
Still need help as it's crashed a few more times. I disabled everything in startup (under TaskMgr). I also tried setting "verifier" on with prescribed settings, but reboot failed to complete. It said it was saving data so I guess it saved a minidump. Hopefully, it captured some good info that can be used to troubleshoot further. I'm back up for now, but need more help. Is there anything else you need me to send up or try?

Just wondering if it's possible that this is a hardware error that pops up randomly or does BAD_POOL_HANDLE always point to a driver issue corrupting the flink?
 
Just wondering if it's possible that this is a hardware error that pops up randomly or does BAD_POOL_HANDLE always point to a driver issue corrupting the flink?
Click to expand...

We cannot say without crash dumps.

Can you please attach the latest crash DMP file that has since been generated with verifier enabled?

Regards,

Patrick
 
You disabled startup programs with Task Manager?
That's a bad as you could disable important services, they also come back on restart so you're wasting your time doing that.
Go to start and type in msconfig and disable startup items there.
 
Jared, on Windows 8/8.1, you no longer disable startup services through msconfig, but instead through Task Manager's new tab labeled Startup. For example, here's mine:

example.png

Regards,

Patrick
 
Oh...
My mistake, I've never actually used Windows 8 and I forgot you had it.
Sorry about that.
 
I'd be happy to upload it (assuming one was actually created), but I can't seem to locate it. Can you provide where I can find it under Windows 8? And also instructions on making sure that Windows 8 creates them going forward if there's none there.
 
Small Memory Dumps (the ones like in your original post) are found in C:\Windows\Minidump.

Alternatively you could also re-run the collection app.

Regards,

Patrick
 
I've zipped up the last seven minidumps which have occurred since 6:29 PM EST on 07/29/2014 and now. The latest two appear to be around the time that I ran verifier (I think). Hopefully, there'll be something in there that will point to the culprit.

Thanks again for the help!!!

Steve
 

Attachments

It seems your Nvidia driver is causing issues actually, Driver Verifier has caught an interesting driver.

Code: 
BugCheck 19, {3, fffffa8006ee34c0, [COLOR="#FF0000"]1000[/COLOR], fffffa8006ee34c0}

Okay, we're still getting corrupted pools, it seems the flink in the list is always getting corrupted.

The callstack appears to explain quite a lot of it.

Code: 
fffff880`0ecb35c8 fffff802`4e474540 : 00000000`00000019 00000000`00000003 fffffa80`06ee34c0 00000000`00001000 : [COLOR="#0000FF"]nt!KeBugCheckEx[/COLOR]
fffff880`0ecb35d0 fffff880`04a64ea9 : 00000000`00000000 fffff880`0ecb37b0 fffffa80`07484000 fffff880`00000000 : [COLOR="#FF0000"]nt!ExFreePool+0x3ec[/COLOR]
fffff880`0ecb36a0 00000000`00000000 : fffff880`0ecb37b0 fffffa80`07484000 fffff880`00000000 00000000`00000000 : [COLOR="#FF0000"]nvlddmkm+0x1d1ea9[/COLOR]

So the Nvidia driver is trying to free the pool but it doesn't look like it has done it properly and the system bugchecked, that's basically what it's saying in a nutshell.

Now for the verified bugcheck.

The bugcheck is just a 0xC4 where Driver Verifier crashed the system as it found a driver performing illegal operations.

The cause itself is obvious, your
JMicron JMB38X Memory Card Reader Driver is causing problems, it's out of date so an update should fix it if possible.

Code: 
1: kd> [COLOR="#008000"]lm vm jmcr[/COLOR]
start             end                 module name
fffff880`03a64000 fffff880`03a86000   jmcr     T (no symbols)           
    Loaded symbol image file: jmcr.sys
    Image path: \SystemRoot\System32\drivers\jmcr.sys
    Image name: jmcr.sys
    Timestamp:        [COLOR="#FF0000"]Mon Oct 20 10:31:04 2008[/COLOR] (48FC4FD8)
    CheckSum:         0001F75B
    ImageSize:        00022000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Update the driver here

http://www.jmicron.com/Driver.htm

Code: 
fffff880`02d2b258 fffff880`010c421f : 00000000`000000c4 00000000`00020011 fffff880`010c7d00 00000000`00000000 : nt!KeBugCheckEx
fffff880`02d2b260 fffff880`010bd581 : 00000000`00000000 fffff980`0569c980 fffff980`059169c8 fffffa80`0572d940 : [COLOR="#0000FF"]VerifierExt!SLIC_abort+0x47[/COLOR]
fffff880`02d2b2a0 fffff880`010bd5ac : 00000000`00000000 fffff801`9143dcd0 00000000`00000100 00000000`00000009 : [COLOR="#0000FF"]VerifierExt!KeInsertByKeyDeviceQueue_wrapper+0x6d[/COLOR]
fffff880`02d2b2d0 fffff880`03a65779 : fffff980`05916648 fffffa80`0572d940 fffffa80`0572d909 fffffa80`05579610 : [COLOR="#FF0000"]VerifierExt!KeInitializeTimerEx_wrapper+0x20[/COLOR]
fffff880`02d2b300 fffff980`05916648 : fffffa80`0572d940 fffffa80`0572d909 fffffa80`05579610 00000000`00000001 : [COLOR="#FF0000"]jmcr+0x1779[/COLOR]

So the cause is obvious, but the reason I love doing this is finding out why.
It crashed because of the routine KeInitializeTimerEx, this starts a timer object, I can't see what type as it's only a minidump but I would say it's a synchronization timer.
The reason I say this is that there are already synchronization routines in the callstack and there is a lock ready to be released.

Obviously the reaosn it crashed was due to the fact that the IRQL must be dispatch or below.

Code: 
1: kd> [COLOR="#008000"]!irql[/COLOR]
Debugger saved IRQL for processor 0x1 -- [COLOR="#FF0000"]9[/COLOR]

The IRQL is 9 which is way too high to start a timer object.

It looks like a synchronization object has been set and waiting for the thread to be released which then resets the timer but setting the timer is an illegal operation at an IRQL of 9 hence the bugcheck.
 
OK. It took a little searching, but I found and installed the latest JMicron JMB38X drivers for my HP HPX-18T-1100 laptop that support Windows 8: JMB38X_WinDrv_R1.00.76.01_WHQL. I have a recent driver (337.88) for my NVidia GeForce 9600M GT, but will now install the latest 340.52 and see what if it crashes again.
 
Well, the box has been stable for a while, but I got another BSOD with KERNAL_SECURITY_CHECK_FAILURE yesterday and another BAD_POOL_HANDLER crash just now. Can I get some help seeing what else is wrong?

Thanks!
Steve
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top