[SOLVED] Random BSODS on freshly installed Win7 x64 SP1

P

Pablo

Well-known member
Joined
May 9, 2014
Posts
73
Location
Argentina
This is a client's PC, I just formatted and installed Windows 7 x64 SP1, with all the official drivers provided by Gigabyte (mobo) and MSI (video card). It randomly crashes, I've already tried updating the BIOS (because it even crashed installing windows).

As I write this the computer is running with a new RAM stick for testing purposes, If it stops failing then the culrpit would be the client's RAM...

Meanwhile, can you guys analyse these dumps? perhaps you give me a clue.

View attachment Minidump oberlin.rar

Thanks in advance,

Pablo
 
Honestly, it's looking like a bad CPU.

Code: 
2: kd> !thread fffffa8005509060
GetPointerFromAddress: unable to read from fffff80002cd0000
THREAD fffffa8005509060  Cid 031c.032c  Teb: 000007fffffd7000 Win32Thread: 0000000000000000 RUNNING on processor 2
Not impersonating
GetUlongFromAddress: unable to read from fffff80002c0ebf0
Owning Process            fffffa8005563900       Image:         svchost.exe
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      1288         
Context Switch Count      9              IdealProcessor: 3             
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x000007fefe0ea808
Stack Init fffff880029a8db0 Current fffff880029a8080
Base fffff880029a9000 Limit fffff880029a3000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`02f6ad68 fffff800`02a92e69 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f6ad70 fffff800`02a91332 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f6aeb0 fffff800`02abdb2e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 (TrapFrame @ fffff880`02f6aeb0)
fffff880`029a2b00 fffff800`02acee81 : fffff880`029a39b8 fffff880`029a3710 fffff880`029a3a60 00000000`00000000 : nt!RtlDispatchException+0x2e
fffff880`029a31e0 fffff800`02a92f42 : fffff880`029a39b8 00000000`038f1860 fffff880`029a3a60 00000000`00000008 : nt!KiDispatchException+0x135
fffff880`029a3880 fffff800`02a91aba : 00000000`00000000 00000000`1a850f0c 00000000`00000000 00000000`038f1860 : nt!KiExceptionDispatch+0xc2
fffff880`029a3a60 fffff800`02aa1475 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a (TrapFrame @ fffff880`029a3a60)
fffff880`029a3bf0 fffff800`02a919ee : 00000000`00000000 fffff880`012f13b0 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0xcd5
fffff880`029a3d50 fffff800`02abdc22 : fffff880`012f13b0 fffff880`029a3f28 fffff880`029a4d98 fffff800`02a1f000 : nt!KiPageFault+0x16e (TrapFrame @ fffff880`029a3d50)
fffff880`029a3ee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlDispatchException+0x122



Code: 
1: kd> .bugcheck
Bugcheck code 0000003B
Arguments 00000000`c0000094 fffff880`08038801 fffff880`09e39620 00000000`00000000

1: kd> !error fffffffc0000094
Error code: (NTSTATUS) 0xc0000094 (3221225620) - {EXCEPTION}  Integer division by zero.



Code: 
3: kd> knL
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr           Call Site
00 fffff880`03332500 fffff800`02a7c762 nt!KiInsertTimerTable+0x13b
01 fffff880`03332560 fffff800`02a7ea12 nt!KiCommitThreadWait+0x332
02 fffff880`033325f0 fffff880`018e4128 nt!KeDelayExecutionThread+0x186
03 fffff880`03332660 fffff800`02d12456 rdyboost!SmdRBMemoryWatchdogThread+0x258
04 fffff880`03332d40 fffff800`02a6a2c6 nt!PspSystemThreadStartup+0x5a
05 fffff880`03332d80 00000000`00000000 nt!KxStartSystemThread+0x16

You've got bugchecks all over the place, from Windows functions calling division by zero exception faults, to double faults, thread boosting and timer table insertion errors.
All of which heavily involves CPU arithmetic to complete.

One dump points to the Realtek network driver, but I'm not confident that it is the sole cause.
The rest, as displayed, show multiple types of CPU errors.
If it's still under warranty, then I would seriously recommend you RMA it.
 
Considering the context wasn't saved regarding the 0x1E bug check either in addition to the double faults, I'd also say it's a CPU.

I'd run memtest to be sure on the RAM.
 
Wow... bad CPU... 10 years working on this, and it's the first time this kind of errors are caused by CPU failure...
@Patrick: I forgot to add that memtest ran for over 3hrs and NO error appeared.
@Jared: It's a 2 years old PC, forget RMA....

So definitive diagnostic is CPU guys?


thanks a lot
 
It's not definitive, but it's the best we're going to get at the moment, unless you can provide us with a larger dump file.
From C:\Windows\memory.dmp

It doesn't look like anything else.
 
haha are you clones or something?

I'll config windows to create full memory dump, as soon as i get new BSOD i'll post it
 
Code: 
1: kd> !thread fffffa8006866b50
THREAD fffffa8006866b50  Cid 1340.1100  Teb: 000007fffffd4000 Win32Thread: 0000000000000000 RUNNING on processor 1
IRP List:
    fffffa8006812430: (0006,0118) Flags: 00060000  Mdl: 00000000
Not impersonating
DeviceMap                 fffff8a001d9b1e0
Owning Process            fffffa8006804a10       Image:         sppsvc.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      6338           Ticks: 0
Context Switch Count      116            IdealProcessor: 1             
UserTime                  00:00:00.171
KernelTime                00:00:00.374
Win32 Start Address 0x000000007704f480
Stack Init fffff88009e3adb0 Current fffff88009e3a5f0
Base fffff88009e3b000 Limit fffff88009e35000 Call 0
Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`09e38d58 fffff800`02a79e69 : 00000000`0000003b 00000000`c0000094 fffff880`08038801 fffff880`09e39620 : nt!KeBugCheckEx
fffff880`09e38d60 fffff800`02a797bc : fffff880`09e39dc8 fffff880`09e39620 00000000`00000000 fffff800`02aa6630 : nt!KiBugCheckDispatch+0x69
fffff880`09e38ea0 fffff800`02aa613d : fffff800`02ca2df8 fffff800`02bc8748 fffff800`02a06000 fffff880`09e39dc8 : nt!KiSystemServiceHandler+0x7c
fffff880`09e38ee0 fffff800`02aa4f15 : fffff800`02bce31c fffff880`09e38f58 fffff880`09e39dc8 fffff800`02a06000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`09e38f10 fffff800`02ab5e81 : fffff880`09e39dc8 fffff880`09e39620 fffff880`00000000 00000000`00000005 : nt!RtlDispatchException+0x415
fffff880`09e395f0 fffff800`02a79f42 : fffff880`09e39dc8 04040403`ffffe781 fffff880`09e39e70 00000000`03f5d490 : nt!KiDispatchException+0x135
fffff880`09e39c90 fffff800`02a77734 : 00000000`4ce481af fffff880`080352d8 00000000`1382a290 fffff880`0d67781f : nt!KiExceptionDispatch+0xc2
fffff880`09e39e70 fffff880`08038801 : fffff880`09e3bfbb 09e3a868`00000002 fffff880`09e3bfaf 00000000`00000004 : nt!KiDivideErrorFault+0xf4 (TrapFrame @ fffff880`09e39e70)
fffff880`09e3a000 fffff880`08038842 : 00000000`00000000 00000000`03f5d490 fffff880`09e3bfaf 00000000`00000008 : spsys!SPVersion+0x26401
fffff880`09e3a040 fffff880`08028b3f : fffff880`09e3bfdb ffff0000`00000009 fffff880`09e3bfbb fffff880`00000005 : spsys!SPVersion+0x26442
fffff880`09e3a070 fffff880`08050913 : fffff8a0`03f5d478 fffff8a0`03855930 fffff880`09e3bfbb fffff880`00000007 : spsys!SPVersion+0x1673f
fffff880`09e3a0b0 fffff880`0804fb5b : fffff880`09e3bfaf fffff8a0`03f3eee0 fffff8a0`03855930 fffff880`00000008 : spsys!SPVersion+0x3e513
fffff880`09e3a0f0 fffff880`0804b705 : fffff8a0`03855930 00000000`00000098 fffff8a0`0263bd5f 00000000`00000000 : spsys!SPVersion+0x3d75b
fffff880`09e3a290 fffff880`080497a6 : 00000000`00000037 fffff8a0`037dd490 fffff8a0`00000037 00000000`00000006 : spsys!SPVersion+0x39305
fffff880`09e3a610 fffff880`08052b00 : fffff8a0`00000000 fffff880`08048100 fffff8a0`03855928 fffff8a0`03617bc0 : spsys!SPVersion+0x373a6
fffff880`09e3a690 fffff880`08048268 : 00000000`00000000 00000000`00e2ef58 fffff8a0`037dd490 00000000`00000024 : spsys!SPVersion+0x40700
fffff880`09e3a730 fffff880`080455f2 : 00000000`00000000 fffff880`09e3aca0 00000000`00e2ee18 00000000`00000001 : spsys!SPVersion+0x35e68
fffff880`09e3a810 fffff880`08043ee6 : fffffa80`066b1610 01d0b36c`c6cf21fc 00000000`00e2ee18 fffffa80`06812500 : spsys!SPVersion+0x331f2
fffff880`09e3a990 fffff880`0193b2aa : 00000000`00e2ee18 00000000`00000050 00000000`00000000 00000000`00000001 : spsys!SPVersion+0x31ae6
fffff880`09e3a9d0 fffff800`02d95e47 : fffffa80`06849f20 fffffa80`06812430 fffffa80`06849f20 fffffa80`06812430 : spldr+0x52aa
fffff880`09e3aa10 fffff800`02d966a6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`09e3ab40 fffff800`02a79b53 : fffffa80`06866b50 0000007f`ffffffff fffff880`09e3abc8 00000980`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`09e3abb0 00000000`7707dc2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`09e3ac20)
00000000`00e2ec88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7707dc2a

//Current IRP for the thread currently executing

1: kd> !irp fffffa8006812430
Irp is active with 1 stacks 1 is current (= 0xfffffa8006812500)
 No Mdl: No System Buffer: Thread fffffa8006866b50:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
>[  e, 0]   4  0 fffffa80049d9ce0 fffffa8006849f20 00000000-00000000    
	       \Driver\spldr
			Args: 00000004 00000050 8000a013 00e2ee18

1: kd> !fileobj fffffa8006849f20



Device Object: 0xfffffa80049d9ce0   \Driver\spldr
Vpb is NULL

Flags:  0x40002
	Synchronous IO
	Handle Created

File Object is currently busy and has 0 waiters.

CurrentByteOffset: 0



1: kd> .frame /r 8
08 fffff880`09e3a000 fffff880`08038842 spsys!SPVersion+0x26401
rax=0000000000000404 rbx=04040403ffffe781 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000003f5d490 rdi=00000000000014b0
rip=fffff88008038801 rsp=fffff88009e3a000 rbp=0000000007ebd42c
 r8=0000000000000404  r9=fffff8a003f50000 r10=fffff8a003f6b991
r11=0000000000000000 r12=0000000000000000 r13=fffff88009e3a300
r14=fffff88009e3a340 r15=fffff8a003ee8e60
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000286
spsys!SPVersion+0x26401:
fffff880`08038801 f7f1            div     eax,ecx

//Context not saved for any of the two registers involved

1: kd> u @eax
00000000`09e38e60 ??              ???
            ^ Memory access error in 'u @eax'
1: kd> u @ecx
00000000`0000003b ??              ???
            ^ Memory access error in 'u @ecx'

//Associated device object with the driver that caused the fault

1: kd> !devobj fffffa80049d9ce0
Device object (fffffa80049d9ce0) is for:
 SPDevice \Driver\spldr DriverObject fffffa80049d2c20
Current Irp 00000000 RefCount 2 Type 00000022 Flags 00000044
Dacl fffff9a10023bc91 DevExt 00000000 DevObjExt fffffa80049d9e30 
ExtensionFlags (0000000000)  
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
Device queue is not busy.

1: kd> !devstack fffffa80049d9ce0
  !DevObj           !DrvObj            !DevExt           ObjectName
> fffffa80049d9ce0  \Driver\spldr      00000000  SPDevice

It looks like that the only thing involved is the Windows Security Processor driver, and nothing else.
Meaning, Windows itself caused a division by zero error.
Still looks like a failing CPU to me.
Most likely ecx was null, but we can't check for sure.
If Windows was the cause and not the processor, I'm sure we'd get more of these errors, but I've never seen it before, so it looks like a machine dependent variable, ie your CPU.
 
I think it was the client's RAM... but it's SO strange.... it had 4gb DDR3 1333 kingston kit of two (2gb each)... I tested the system with a spare 2gb ddr3 1333 kingston stick and one of the client's sticks, it failed, tried with the other stick of the client and mine: it failed... now its running with my stick only... up to now i got no errors (4 hours of AIDA64 stress test).

I also tried changing AV, all the erros seemed to be related to disk access...


I'll keep it running with my RAM, will post any news
 
Bad RAM can certainly manifest issues/errors like this too, so that's entirely possible. If you find that the issue occurs after playing with RAM, then it's CPU.
 
Definitely the problem was a bad memory. Almost 3 months have passed with absolutely no problem. Threw away those devilish sticks....

Solved guys, thanks a lot
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top