[SOLVED] BSOD Corrupt CBS log files? Windows 8.1 x64

P

Peeta

Member
Joined
Mar 11, 2014
Posts
7
Location
Earth
Hello, I am quite new to this site but I've seen some of your threads and wondered if you could help me with my computer problem? The problem started when I got a BSOD which told me "Diver IRQL Not Less or Equal (igdkmd64.sys)". I wasnt sure of the real problem and was suggested to do a sfc/scannow. The scan revealed I had some corrupted CBS log files that were unable to fix. I am not very good with computers and this problem is pretty new to me so could you assist me? :huh:
Thanks.

Edit: I have an Asus Ultrabook S46C running Windows 8.
 
@Patrick,

We've cleared the SFC scan in the Windows Update forum. It was a very common corruption caused by a buggy update. It has no relation to any BSOD problems, and nor is there any indication of hardware failure in our logs.

Richard
 
BSOD - Diver IRQL Not Less or Equal (igdkmd64.sys)

Hello,
First off, thank you for helping me with the SFC problems in the other thread! :smile9: However, I still require some assistance regarding this BSOD that I sometimes get which tells me the culprit is "Diver IRQL Not Less or Equal (igdkmd64.sys)". I've downloaded 2 files in the instructions but not sure what to do with file A. There seems to be a bug with Windows 8.1 where it does not display any results after using "perfmon /report" but instead shows an error saying that "the operator or administrator has refused this request" even though I am the administrator of this laptop.

Attached is the information requested (File B)
View attachment Windows7_Vista_jcgriff2.zip

· OS - Windows 8.1
· x64
· What was original installed OS on system? Windows 8 x64
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? Came pre-installed on system
· Age of system (hardware) -
· Age of OS installation - have you re-installed the OS? 12/22/2013

· CPU - i5 - 3317 U @ 1.7 GHz
· Video Card - Intel(R) HD Graphics 4000
· MotherBoard - ASUSTek Computer INC, K46CA

Laptop.
 
Great, let's get to work!

We have two bug checks:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

If we take a look at the call stack:

Code: 
2: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd000`215d4dd8 fffff803`017717e9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`215d4de0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69

We can see that there's relatively no useful information, only that the bugcheck was dispatched (which we already know anyway because...well... we're looking at a dump file)!

With this said, we'll need to dump the raw stack to see what's going on:

Code: 
2: kd> !thread
GetPointerFromAddress: unable to read from fffff80301965000
THREAD ffffe000056ff880  Cid 016c.01b0  Teb: 00007ff61137a000 Win32Thread: fffff9014065a440 RUNNING on processor 2
Not impersonating
GetUlongFromAddress: unable to read from fffff803018b4310
Owning Process            ffffe00005c62900       Image:         dwm.exe
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      891030       
Context Switch Count      442350             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x00007ffead07de9c
Stack Init ffffd000215d5c90 Current ffffd000215d5550
Base [COLOR=#006400]ffffd000215d6000 [/COLOR]Limit [COLOR=#4b0082]ffffd000215d0000 [/COLOR]Call 0
Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd000`215d4dd8 fffff803`017717e9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd000`215d4de0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69

Alright, so I am going to break this down one by one and in pieces:

Code: 
ffffd000`215d4dd8  fffff803`017717e9 nt!KiBugCheckDispatch+0x69
ffffd000`215d4de0  00000000`0000000a
ffffd000`215d4de8  00000000`00000028
ffffd000`215d4df0  00000000`00000002
ffffd000`215d4df8  00000000`00000000
ffffd000`215d4e00  fffff800`02117c47 igdkmd64+0x62c47
ffffd000`215d4e08  00000001`04070400
ffffd000`215d4e10  00000000`00000000
ffffd000`215d4e18  00000000`00000000
ffffd000`215d4e20  00000000`00000000
ffffd000`215d4e28  00000000`00000000
ffffd000`215d4e30  00000000`00000000
ffffd000`215d4e38  00000000`00000000
ffffd000`215d4e40  00000000`00000000
ffffd000`215d4e48  00000000`00000000
ffffd000`215d4e50  00000000`00000000
ffffd000`215d4e58  00000000`00000000
ffffd000`215d4e60  00000000`00000000
ffffd000`215d4e68  00000000`00000000
ffffd000`215d4e70  00000000`00000000
ffffd000`215d4e78  00000000`00000000
ffffd000`215d4e80  00000000`00000000
ffffd000`215d4e88  00000000`00000000
ffffd000`215d4e90  00000000`00000000
ffffd000`215d4e98  00000000`00000000
ffffd000`215d4ea0  00000000`00000000
ffffd000`215d4ea8  00000000`00000000
ffffd000`215d4eb0  fffff6fb`40000000
ffffd000`215d4eb8  fffff680`00000000
ffffd000`215d4ec0  ffffa92a`ce6c4c9c
ffffd000`215d4ec8  fffff800`020f00fe igdkmd64+0x3b0fe
ffffd000`215d4ed0  ffffd000`215d5090
ffffd000`215d4ed8  fffff800`02375022 igdkmd64+0x2c0022
ffffd000`215d4ee0  00000000`93380000
ffffd000`215d4ee8  00000000`ffffffff
ffffd000`215d4ef0  ffffe000`02382000
ffffd000`215d4ef8  00000000`00000000
ffffd000`215d4f00  ffffe000`02382000
ffffd000`215d4f08  00000000`00000000
ffffd000`215d4f10  ffffc000`0d32fa60
ffffd000`215d4f18  fffff803`0177003a nt!KiPageFault+0x23a

Read from bottom > top.

We have a pagefault which was triggered by igdkmd64.sys (Intel Graphics driver), then we have another igdkmd64 call, and then another, and then a 3rd igdkmd64 call, and then nt!KiBugCheckDispatch is called. So, right away, it looks like the Intel Graphics driver is up to no good.

Let's keep looking after the bugcheck is dispatched:

Code: 
ffffd000`215d4ce8  fffff800`01c012ea dxgmms1!ExAllocateFromPagedLookasideList+0x12
ffffd000`215d4cf0  00000000`00001d00
ffffd000`215d4cf8  ffff2217`000000b0
ffffd000`215d4d00  ffffd000`215d4d38
ffffd000`215d4d08  ffffd000`207ec180
ffffd000`215d4d10  ffffc000`0fc72b10
ffffd000`215d4d18  fffff800`01c2edcb dxgmms1!VIDMM_LINEAR_POOL::AllocateBlock+0x27
ffffd000`215d4d20  ffffe000`071138e0
ffffd000`215d4d28  ffffc000`0ae19360
ffffd000`215d4d30  ffffe000`02312f68
ffffd000`215d4d38  ffffc000`0fc907f0
ffffd000`215d4d40  00000000`0006a000
ffffd000`215d4d48  fffff800`01c2ec3a dxgmms1!VIDMM_LINEAR_POOL::SplitBlock+0x6a
ffffd000`215d4d50  ffffc000`0fc72b10
ffffd000`215d4d58  00000000`00796000
ffffd000`215d4d60  ffffc000`0d32fa60
ffffd000`215d4d68  00000000`00000000
ffffd000`215d4d70  ffffe000`02382000
ffffd000`215d4d78  00000000`00000000
ffffd000`215d4d80  00000000`ffffffff
ffffd000`215d4d88  ffffe000`02382000
ffffd000`215d4d90  ffffd000`215d4fa0
ffffd000`215d4d98  fffff803`01765da4 nt!KeBugCheckEx+0x104
ffffd000`215d4da0  00000000`93380000
ffffd000`215d4da8  ffffe000`0230d000
ffffd000`215d4db0  ffffd000`215d5200
ffffd000`215d4db8  ffffe000`22828010
ffffd000`215d4dc0  fffff800`02117c47 igdkmd64+0x62c47

Right after the bugcheck is dispatched, we have a igdkmd64 call, and then the actual bugcheck itself (brings down the system safely so no data corruption occurs). However, what's incredibly interesting to me is after the bugcheck was called, the system didn't stop, it kept going through with various Direct X MMS routines.

Alright, let's keep going, because as of right now, this is strange:

Code: 
ffffd000`215d4688  fffff803`017edcb8 nt!KeBugCheck2+0xb68
ffffd000`215d4690  fffff803`018bd500 nt!EtwpBugCheckCallback
ffffd000`215d4698  fffff803`018e3d30 nt!KeBugCheckReasonCallbackListHead
ffffd000`215d46a0  fffff803`018e3d30 nt!KeBugCheckReasonCallbackListHead
ffffd000`215d46a8  00000000`0000000a
ffffd000`215d46b0  fffff800`02117c47 igdkmd64+0x62c47
ffffd000`215d46b8  ffffd000`215d4810
ffffd000`215d46c0  ffffe000`056ff880
ffffd000`215d46c8  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d46d0  ffffd000`215d4800
ffffd000`215d46d8  fffff803`018ca100 nt!MmPagedPoolInfo
ffffd000`215d46e0  01000100`01000001
ffffd000`215d46e8  00000000`00000000
ffffd000`215d46f0  000002d0`00000500
ffffd000`215d46f8  00000000`0000000a
ffffd000`215d4700  00000000`00000000
ffffd000`215d4708  00000002`00000000
ffffd000`215d4710  ffffe000`056ff880
ffffd000`215d4718  ffffe000`0027a2f0
ffffd000`215d4720  ffff3324`00000003
ffffd000`215d4728  ffffd000`207ec180
ffffd000`215d4730  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d4738  ffffd000`215d0000
ffffd000`215d4740  ffffd000`215d6000
ffffd000`215d4748  00000000`00000000
ffffd000`215d4750  fffff803`0195de80 nt!MmPagedPoolWs
ffffd000`215d4758  00000000`c0000016
ffffd000`215d4760  00000000`00140001
ffffd000`215d4768  00000000`0000000b
ffffd000`215d4770  ffffe000`056ff880
ffffd000`215d4778  ffffd000`215d47c0
ffffd000`215d4780  00000000`00000111
ffffd000`215d4788  00000000`00000000
ffffd000`215d4790  fffff803`0195de80 nt!MmPagedPoolWs
ffffd000`215d4798  ffffd000`215d48b0
ffffd000`215d47a0  00000000`00000000
ffffd000`215d47a8  ffffd000`215d4808
ffffd000`215d47b0  00000000`00000000
ffffd000`215d47b8  fffff803`0195de80 nt!MmPagedPoolWs
ffffd000`215d47c0  ffff3324`669c2e00
ffffd000`215d47c8  fffff803`0195de80 nt!MmPagedPoolWs
ffffd000`215d47d0  00000000`00000002
ffffd000`215d47d8  00000000`00000000
ffffd000`215d47e0  00001000`0054d9fa
ffffd000`215d48d8  fffff800`02117c47 igdkmd64+0x62c47
ffffd000`215d48e0  ffffd000`215d4ea8
ffffd000`215d48e8  00000000`00000000
ffffd000`215d48f0  ffffe000`02382000
ffffd000`215d48f8  00000000`00000000
ffffd000`215d4900  ffffc000`0d32fa60
ffffd000`215d4908  fffff803`01765ca0 nt!KeBugCheckEx

Again, we start with the bugcheck itself being called, but it doesn't bring the system down, instead calls igdkmd64 again. We then have several MmPagedPoolWs calls, which essentially as of Windows 7 is a working set of MmSystemCacheWs. This essentially is a system variable that works with the cache, paged pool, pageable code, and system mapped views. Given we're seeing it here, it's like referring to this for information to write to the crash dump.

We then have a nt!KiBugCheckProgress call, and then a page pool info call, and then another nt!KiBugCheckProgress call. So at this point, why the heck has the system not actually bugchecked and brought down the system? Well, if we look a bit higher in the stack, we can see nt!KeBugCheckReasonCallbackListHead. When I saw this, I went 'oooooooooooh!' :o)

Essentially, drivers can register callback routines that the system executes when it issues a bugcheck. What this attempts to do is reset the device the driver is using back to a known-working state.

Also, a neat thing to know, we can see the nt!KeBugCheck2 function at the top of the stack here, which is used to paint the actual blue color we see in thje 'blue screen'!

So, with that, let's go forward in the raw stack:

Code: 
ffffd000`215d4018  fffff800`01901f58Unable to load image \SystemRoot\System32\Drivers\dump_iaStorA.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for dump_iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iaStorA.sys
 dump_iaStorA+0x76f58
ffffd000`215d4020  ffffe000`003223e0
ffffd000`215d4028  ffffe000`02400b98
ffffd000`215d4030  00000000`00000001
ffffd000`215d4038  fffff800`018f9973 dump_iaStorA+0x6e973
ffffd000`215d4040  ffffe000`003223e0
ffffd000`215d4048  ffffd000`207ec180
ffffd000`215d4050  00000000`00000000
ffffd000`215d4058  fffff803`017f0784 nt!KiCheckStall+0x2c
ffffd000`215d4060  ffffd000`207ec180
ffffd000`215d4068  00000000`0019464a
ffffd000`215d4070  ffffe000`003223e0
ffffd000`215d4078  ffffd000`23caa160
ffffd000`215d4080  00000000`00000000
ffffd000`215d4088  fffff803`01d9e312 hal!KeStallExecutionProcessor+0x114
ffffd000`215d4090  00000000`0019464a
ffffd000`215d4098  ffffe000`00322018
ffffd000`215d40a0  00000000`00000000
ffffd000`215d40a8  ffffd000`215d4140
ffffd000`215d40b0  ffffe000`003223e0
ffffd000`215d40b8  fffff800`018f94cf dump_iaStorA+0x6e4cf
ffffd000`215d40c0  ffffe000`003223e0
ffffd000`215d40c8  ffffd000`215d4101
ffffd000`215d4108  00000000`00000000
ffffd000`215d4110  00000000`00000002
ffffd000`215d4118  fffff800`0336ecf4 dump_diskdump!ExecuteSrb+0xfc
ffffd000`215d4120  ffffe000`00322018
ffffd000`215d4128  ffffe000`00322018
ffffd000`215d4130  00000000`00000004
ffffd000`215d4138  ffffd000`20112000
ffffd000`215d4140  ffffe000`003223e0
ffffd000`215d4148  ffffd000`215d4280
ffffd000`215d4150  00000000`00000000
ffffd000`215d4158  fffff800`0336f09e dump_diskdump!DiskDumpWrite+0x1b6
ffffd000`215d4160  ffffe000`00322000
ffffd000`215d4168  ffffe000`00322018
ffffd000`215d4170  ffffd000`215d41b0
ffffd000`215d4178  ffffd000`215d4201
ffffd000`215d4180  ffffe000`000000ac
ffffd000`215d4188  ffffd000`00000100
ffffd000`215d4190  00000000`00000000
ffffd000`215d4198  00000000`00000000
ffffd000`215d41a0  fffff800`015b820a crashdmp!StrDumpComplete+0xa
ffffd000`215d41a8  00000000`00001000
ffffd000`215d41b0  00000000`00000000
ffffd000`215d41b8  00000000`00001000
ffffd000`215d41c0  00000000`00000000
ffffd000`215d41c8  00000000`38f0a000
ffffd000`215d41d0  ffffd000`215d4248
ffffd000`215d41d8  fffff800`015ae049 crashdmp!CrashdmpWriteRoutine+0x49
ffffd000`215d41e0  ffff3324`00000008
ffffd000`215d41e8  00000000`100253d0
ffffd000`215d41f0  ffffe000`002536b0
ffffd000`215d41f8  ffffd000`215d4280
ffffd000`215d4200  00000000`38f0a000
ffffd000`215d4208  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d4210  00000000`38f0a000
ffffd000`215d4218  fffff800`015b3579 crashdmp!WritePageSpanToDisk+0x1e9
ffffd000`215d4220  00000001`470f6000
ffffd000`215d4228  ffffd000`215d4320
ffffd000`215d4230  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d4238  ffffd000`00000002
ffffd000`215d4240  00000000`00000000
ffffd000`215d4248  0000001f`b197a000
ffffd000`215d4250  fffff800`015ae000 crashdmp!CrashdmpWriteRoutine
ffffd000`215d4258  fffff800`015b3770 crashdmp!CrashdmpWritePendingRoutine
ffffd000`215d4260  00000000`00000000
ffffd000`215d4268  00000000`00001000
ffffd000`215d4270  00000000`001047c2
ffffd000`215d4278  fffff803`00080004
ffffd000`215d4280  00000000`00000000
ffffd000`215d4288  00000000`20030000
ffffd000`215d4290  00000000`00000000
ffffd000`215d4298  ffffd000`20112000
ffffd000`215d42a0  ffffd000`20112000
ffffd000`215d42a8  00000000`00001000
ffffd000`215d42b0  00000000`001047c2
ffffd000`215d42b8  00000000`00000000
ffffd000`215d42c0  00000000`00000000
ffffd000`215d42c8  00000000`00000000
ffffd000`215d42d0  00000000`00000000
ffffd000`215d42d8  00000000`00000000
ffffd000`215d42e0  00000000`00000000
ffffd000`215d42e8  00000000`00000000
ffffd000`215d42f0  00000000`00000000
ffffd000`215d42f8  00000000`00000000
ffffd000`215d4300  00000000`00000000
ffffd000`215d4308  00000000`00000000
ffffd000`215d4310  00000000`00000000
ffffd000`215d4318  00000000`00000000
ffffd000`215d4320  00000000`00000000
ffffd000`215d4328  00000000`00000000
ffffd000`215d4330  00000000`00000000
ffffd000`215d4338  fffff800`015b521e crashdmp!FindNextSetBitRange64+0xc2
ffffd000`215d4340  ffff8e03`3b2799f7
ffffd000`215d4348  00000000`001047c2
ffffd000`215d4350  00000000`00000001
ffffd000`215d4358  00000000`001047c2
ffffd000`215d4360  00000000`00000000
ffffd000`215d4368  00000000`00038ed4
ffffd000`215d4370  00000000`00000000
ffffd000`215d4378  00000000`00000001
ffffd000`215d4380  00000000`00010fcc
ffffd000`215d4388  fffff800`015b26a7 crashdmp!WriteBitmapDump+0x16b
ffffd000`215d4390  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d4398  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d43a0  ffffe000`05523030
ffffd000`215d4408  00000000`0005e97c
ffffd000`215d4410  00000000`00000000
ffffd000`215d4418  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d4420  fffff803`018e7e20 nt!IopTriageDumpDataBlocks
ffffd000`215d4428  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d4430  00000000`00000000
ffffd000`215d4438  fffff800`015b8200 crashdmp!StrDumpComplete
ffffd000`215d4440  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d4448  fffff800`015b1b04 crashdmp!DumpWrite+0x1c0
ffffd000`215d4450  fffff800`015b8280 crashdmp!Context+0x30
ffffd000`215d4458  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d4460  fffff800`00000001
ffffd000`215d4468  ffffd000`00038ed4
ffffd000`215d4470  fffff803`018e7e20 nt!IopTriageDumpDataBlocks
ffffd000`215d4478  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d4480  ffffd000`215d4810
ffffd000`215d4488  fffff800`015b140a crashdmp!CrashdmpWrite+0xb6
ffffd000`215d4490  00000000`00000000
ffffd000`215d4498  ffffd000`215d4790
ffffd000`215d44a0  fffff800`015b82f0 crashdmp!Context+0xa0
ffffd000`215d44a8  fffff803`017ee18c nt!KiBugCheckProgress
ffffd000`215d44b0  00000000`00000001
ffffd000`215d44b8  fffff803`017e455a nt!IoWriteCrashDump+0x6d2

We have various routines regarding writing a crash dump, what to dump to it, etc. We can see that the bugcheck was stalled to write/dump information regarding iaStorA.sys, but it stopped there. That was the last thing that occurred. Does this mean Intel Rapid Storage is the issue? Possibly not, but it's worth nothing.

What occurred, or what appears to have occurred, is the Intel Graphics driver attempted to reset its device to a 'working-state' before letting the system bugcheck. If the screen went black a few times, and restored, that may be why. It couldn't do so successfully, so the system kept writing to the crash dump and bugchecked eventually. What's interesting is that we got an 0xD1 and not a 0x116. I'm honestly not sure, this is the first time I've dumped the raw stack for an 0xD1.

----------------------

1. Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you have already experimented with the latest video card driver and many previous versions, please give the beta driver for your card a try.

2.

Code: 
2: kd> lmvm iastora
start             end                 module name
fffff800`00815000 fffff800`00ae0000   iaStorA    (deferred)             
    Image path: \SystemRoot\System32\drivers\iaStorA.sys
    Image name: iaStorA.sys
    Timestamp:        Sat Sep 01 21:01:24 [COLOR=#ff0000]2012 [/COLOR]

^^ Your IRST is dated ~2012, but the latest is from 2013.01.30 via Asus' website. Update ASAP - https://www.asus.com/Notebooks_Ultrabooks/K46CA/#support

-- There is no W8.1 version, so select Windows 8, and then drop-down Utilities to find it.

Regards,

Patrick
 
Last edited:
Hello Patrick,
Thanks for such a detailed explanation! I wouldn't say I understood the whole thing in depth but I do understand what you were trying to say and the information provided here. I have finished updating my driver (although it did take awhile - had to uninstall the old one till I had the basic graphics driver). I've also finished updating the IRST which I believe you meant to say it was in the "others" category? That was where I found it. :) So, does this mean that my BSOD problem is fixed?
 
My pleasure, thank you very much for the update. Glad to hear!

Thanks to Richard as well for sorting out any CBS issues you had : )

Regards,

Patrick
 
Back
Top