Regular Windows 7 64-bit crashes

P

PTylerGideonIT

Member
Joined
Oct 7, 2014
Posts
5
Location
Wirral
Many of the 30 PCs on our firm's network are blue screening on a fairly regular basis. All 30 were built from a standard image using Windows Deployment Server then their own unique video/sound/chipset drivers were installed using the latest versions from the manufacturer's website (where available) and they're kept current with OS patches via WSUS from our SBS2011 server.

Almost all crash with an issue with the same issue - although it does vary occasionally. I've run Memory Tests and Disk Checks and neither show any errors. I've run the Sysnative apps and am uploading the file here from the PC that crashed today.

Any pointers to where to look or better yet a solution would be gratefully received.

Thanks

Phil Tyler

View attachment 9712
 
Hi,

Wow! 197 views and not a single reply or suggestion! Is everyone stumped? LOL​
Click to expand...

No, just busy. Sorry for late reply. A lot of those views (most if not all, really) are guests/crawlers.

BAD_POOL_CALLER (c2)

This indicates that the current thread is making a bad pool request.

Code: 
0: kd> !pool fffff8a0112e3590
Pool page fffff8a0112e3590 region is Paged pool
 fffff8a0112e3000 size:  580 previous size:    0  (Allocated)  NtfF
*fffff8a0112e3580 size:   90 previous size:  580  (Free ) [COLOR=#ff0000]*NtFC[/COLOR]
        Pooltag NtFC : Create.c, Binary : [COLOR=#ff0000]ntfs.sys[/COLOR]
 fffff8a0112e3610 size:  220 previous size:   90  (Allocated)  CM  
 fffff8a0112e3830 size:   60 previous size:  220  (Allocated)  CMNb (Protected)
 fffff8a0112e3890 size:  220 previous size:   60  (Allocated)  CM  
 fffff8a0112e3ab0 size:   30 previous size:  220  (Free)       RxFc
 fffff8a0112e3ae0 size:  220 previous size:   30  (Allocated)  CM  
 fffff8a0112e3d00 size:  100 previous size:  220  (Allocated)  Ntfl
 fffff8a0112e3e00 size:  200 previous size:  100  (Allocated)  FMfn

Code: 
0: kd> k
Child-SP          RetAddr           Call Site
fffff880`02fbd958 fffff800`02db0be9 nt!KeBugCheckEx
fffff880`02fbd960 fffff880`012e3c4e [COLOR=#0000ff]nt!ExDeferredFreePool+0x1201[/COLOR]
fffff880`02fbda10 fffff880`012401c8 [COLOR=#ff0000]Ntfs!NtfsCommonCreate+0x2527[/COLOR]
fffff880`02fbdbe0 fffff800`02c87261 Ntfs!NtfsFspDispatch+0x248
fffff880`02fbdcb0 fffff800`02f1973a nt!ExpWorkerThread+0x111
fffff880`02fbdd40 fffff800`02c6e8e6 nt!PspSystemThreadStartup+0x5a
fffff880`02fbdd80 00000000`00000000 nt!KxStartSystemThread+0x16

The NT File System driver attempted to free pool which was previously freed. This is most likely being caused by AVG causing file system conflicts with SuperAntiSpyware, or just causing file system conflicts on its own (or vice-versa).

I'd actually remove SAS first and see if the crashes stop. If they do, you know it was a conflict. If they don't however, AVG is the prime suspect here and you'll need to replace it with something else. FWIW I've never seen AVG used as active protection in a corporate network.

Regards,

Patrick
 
Thanks for that! What is it about the dump information that makes you suspect either SAS or AVG or the combo of both? Or is it just the fact that they're both installed? I've had both on my laptop for years without a BSoD. I've removed SAS from the machine that crashed once yesterday and once the day before and I'll see if that sorts it and if not I'll temporarily replace AVG with AVAST Free or something. If it is AVG that's the cause my client won't be happy as they're just renewed their 35 PC licence for 3 years I think!
 
OK. On one of the PCs that I've updated ALL drivers to the latest available WHQL versions, removed SuperAntiSpyware and some other software that was no longer necessary (Epson Scan, AOMEI Backupper) I've had a BSoD with a full memory dump.

It's currently uploading the MSINFO32 output, the minidump and the kernel dump to DropBox (all in a 7Zip archive) - it should be done in about an hour.

Can anyone analyse this dump and let me know what is causing the NTFS driver to fail with a Bad Pool Caller error? I suspect AVG and have logged a support call with them but I have no proof.

The dropbox link to download the 7z file with the dumps in is as follows...

https://www.dropbox.com/sh/63bmujp998xv9j5/AADaCanN8fNNmN3MFUoexI0ra?dl=0
 
Can anyone analyse this dump and let me know what is causing the NTFS driver to fail with a Bad Pool Caller error?
Click to expand...

Impossible to confirm without a verifier enabled kernel dump.

I suspect AVG and have logged a support call with them but I have no proof.
Click to expand...

You could remove AVG as I noted and see if the crashes stop. That's all the proof you need.

Regards,

Patrick
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top