Thanks!
We have many different bug checks:
SYSTEM_SERVICE_EXCEPTION (3b)
This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.
BugCheck 3B, {c0000005,
fffff80001129ccf, ffffd00027b33530, 0}
Code:
2: kd> ln fffff80001129ccf
(fffff800`01129ae0) [COLOR=#ff0000]dxgmms1!VIDMM_GLOBAL::DestroyOneAllocation+0x1ef[/COLOR] | (fffff800`0112a0f8) dxgmms1!VIDMM_GLOBAL::OpenAllocation
The exception occurred in
dxgmms1!VIDMM_GLOBAL: DestroyOneAllocation.
Code:
2: kd> k
Child-SP RetAddr Call Site
ffffd000`27b32c48 fffff802`76d657e9 nt!KeBugCheckEx
ffffd000`27b32c50 fffff802`76d650fc nt!KiBugCheckDispatch+0x69
ffffd000`27b32d90 fffff802`76d611ed nt!KiSystemServiceHandler+0x7c
ffffd000`27b32dd0 fffff802`76ce7595 nt!RtlpExecuteHandlerForException+0xd
ffffd000`27b32e00 fffff802`76ce845b nt!RtlDispatchException+0x455
ffffd000`27b33500 fffff802`76d658c2 nt!KiDispatchException+0x61f
ffffd000`27b33bf0 fffff802`76d64014 nt!KiExceptionDispatch+0xc2
ffffd000`27b33dd0 fffff800`01129ccf nt!KiPageFault+0x214
ffffd000`27b33f60 fffff800`0112992e dxgmms1!VIDMM_GLOBAL::DestroyOneAllocation+0x1ef
ffffd000`27b34130 fffff800`014378b5 dxgmms1!VIDMM_GLOBAL::DestroyAllocation+0x5a
ffffd000`27b34160 fffff800`0148ded7 dxgkrnl!VIDMM_EXPORT::VidMmDestroyAllocation+0x45
ffffd000`27b34190 fffff800`0149c5a2 dxgkrnl!DXGDEVICE::DestroyAllocations+0x7b7
ffffd000`27b34290 fffff800`0149c8cd dxgkrnl!DXGDEVICE::TerminateAllocations+0x572
ffffd000`27b34330 fffff800`0149d25b dxgkrnl!DXGDEVICE::DestroyAllocationInternal+0x12d
ffffd000`27b34380 fffff800`0149cda1 dxgkrnl!DxgkDestroyAllocationInternal+0x29b
ffffd000`27b34650 fffff802`76d654b3 dxgkrnl!DxgkDestroyAllocation+0x301
ffffd000`27b34a80 00000000`776a741a nt!KiSystemServiceCopyEnd+0x13
00000000`18fae828 00000000`00000000 0x776a741a
Various DirectX Kernel/MMS routines in the call stack.
KERNEL_SECURITY_CHECK_FAILURE (139)
This bug check indicates that the kernel has detected the corruption of a critical data structure.
BugCheck 139, {
3, ffffd00020a4f7a0, ffffd00020a4f6f8, 0}
The 1st parameter of the bugcheck is 3 which indicates that a LIST_ENTRY was corrupted. Code 3, LIST_ENTRY corruption. This type of bug check can be difficult to track down and indicates that an inconsistency has been introduced into a doubly-linked list (detected when an individual list entry element is added to or removed from the list).
NO_MORE_IRP_STACK_LOCATIONS (35)
This bug check occurs when the IoCallDriver packet has no more stack locations remaining.
A higher-level driver has attempted to call a lower-level driver through the
IoCallDriver interface, but there are no more stack locations in the packet. This will prevent the lower-level driver from accessing its parameters.
This is a disastrous situation, since the higher level driver is proceeding as if it has filled in the parameters for the lower level driver (as required). But since there is no stack location for the latter driver, the former has actually written off the end of the packet. This means that some other memory has been corrupted as well.
Code:
1: kd> k
Child-SP RetAddr Call Site
ffffd000`29348b38 fffff800`9276cc92 nt!KeBugCheckEx
ffffd000`29348b40 fffff800`9278872d nt!KiBugCheck3+0x12
ffffd000`29348b70 fffff800`010afac1 nt! ?? ::FNODOBFM::`string'+0xb58d
ffffd000`29348ba0 fffff800`010af29c CLASSPNP!ServiceTransferRequest+0x401
ffffd000`29348c40 fffff800`0045f14e CLASSPNP!ClassReadWrite+0x11c
ffffd000`29348d00 fffff800`00c1031d volmgr!VmReadWrite+0x13e
ffffd000`29348d40 fffff800`00c9415d fvevol!FveFilterRundownReadWrite+0x28d
ffffd000`29348e20 fffff800`00c9478b rdyboost!SmdProcessReadWrite+0x14d
ffffd000`29348ef0 fffff800`00201766 rdyboost!SmdDispatchReadWrite+0x8b
ffffd000`29348f20 fffff800`0081df2d volsnap!VolSnapReadFilter+0x116
ffffd000`29348f50 fffff800`927705f7 Ntfs!NtfsStorageDriverCallout+0x16
ffffd000`29348f80 fffff800`927705bd nt!KxSwitchKernelStackCallout+0x27
ffffd000`292a9bd0 00000000`00000000 nt!KiSwitchKernelStackContinue
Various different file system related routines in the call stack (Ntfs, volsnap, CLASSPNP, etc).
MEMORY_MANAGEMENT (1a)
This indicates that a severe memory management error occurred.
BugCheck 1A, {
41284, c4b43e9000, 15503, fffff58010804000}
- The 1st parameter of the bug check is
41284 which indicates a PTE or the working set list is corrupted.
REFERENCE_BY_POINTER (18)
This indicates that the reference count of an object is illegal for the current state of the object.
The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object, the driver calls a kernel routine to increase the reference count of the object by one. When the driver is done with the pointer, the driver calls another kernel routine to decrease the reference count by one.
Drivers must match calls to the routines that increase (reference) and decrease (dereference) the reference count. This bug check is caused by an inconsistency in the object's reference count. Typically, the inconsistency is caused by a driver that decreases the reference count of an object too many times, making extra calls that dereference the object. This bug check can occur because an object's reference count goes to zero while there are still open handles to the object. It might also occur when the object's reference count drops below zero, whether or not there are open handles to the object.
DRIVER_CORRUPTED_EXPOOL (c5)
This indicates that the system attempted to access invalid memory at a process IRQL that was too high.
1. AODDriver2.sys is listed and loaded in your modules list which is AMD Overdrive; also in EasyTune6 for Gigabyte motherboard. Known BSOD issues in Win7 & 8.
Please uninstall either software ASAP! If you cannot find either software to uninstall, or it's not installed, please navigate to the following filepath:
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
and rename AODDriver2.sys to AODDriver.2old
and then Restart.
2. You have a lot of problematic Asus software installed/listed, Asus PC Probe, etc. All of Asus' utility software is unnecessary bloatware that is known to cause issues. Please remove any and all Asus software.
3. If you're still crashing after the above, please enable Driver Verifier:
Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8/8.1, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 -
Restore Point - Create in Windows 8
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is
NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled, it is monitoring
all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do
not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods:
5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
They will be located in %systemroot%\Minidump
Any other questions can most likely be answered by this article:
Using Driver Verifier to identify issues with Windows drivers for advanced users
Regards,
Patrick
