[SOLVED] Various random BSODs – mostly ntoskrnl.exe - Windows 8.1 x64

F

fitasny

New member
Joined
Jun 25, 2015
Posts
2
Hi everybody,

On January I created my new PC and since then I have completely random BSODs. From my old PC I keep a power supply and RAM. I reinstalled Windows three times, checked RAM (Memtest86+ - 24h - not a single error), checked every single cable on my PC. I also uninstalled Razer Synapse drivers. I’m not OC anything.

Crashes are completely random. They occur when I’m playing games/watching twitch or YT/doing absolutely nothing. Every crash is somehow connected with ntoskrnl.exe.
I can’t run PERFMON System Health Report. I get error: An error occurred while attempting to generate the report. The operator or administrator has refused the request. I sure, that I’m running CMD prompt as Administrator. I tried different method and I’m posting results here.

Other information:
Desktop:
OS: Windows 8.1 x64 – 2-month-old (legal, full version, installed from USB stick from official ISO)
CPU: Intel Core i7-4790K – 6-month-old
GPU: ASUS Strix GeForce GTX 980 – 6-month-old
Mobo: MSI Z97 GAMING 7 – 6-month-old
RAM: A-Data Gaming 4 x 2 GB 2000 MHz DDR3 - 5-year-old
SSD: Crucial M550 - 6-months-old, Crucial M4 - 2-year-old
HDD: WD Blue 1 TB, Seagate Barracuda ST1000DM003 1TB – 6-month-old
Soundcard: ESI Prodigy 7.1e X-Fi NRG - 4-year-old
Wireless Adapter: ASUS PCE-AC68 – 6-month-old
PSU: Antec TruePower New 650W - 5-year-old
Cooler: Thermalright SilverArrow SB-E Extreme – 2-year-old + new thermal paste
BIOS: 1.A
View attachment 13689View attachment SysnativeFileCollectionApp.zip
 
Code: 
4: kd> .bugcheck
Bugcheck code 1000007E
Arguments ffffffff`c0000005 fffff803`b2aaffb3 ffffd001`a5e467d8 ffffd001`a5e45fe0

Code: 
4: kd> .exr 0xffffd001a5e467d8
ExceptionAddress: fffff803b2aaffb3 (nt!SeDefaultObjectMethod+0x00000000000000c7)
   ExceptionCode: c0000005 (Access violation)

The reason for the crash was an access violation occurring nt!SeDefaultObjectMethod.

Code: 
4: kd> .cxr 0xffffd001a5e45fe0;r
rax=ffffd001a5e46ae0 rbx=ffffe00086139300 rcx=ffffe00086139300
rdx=0000000000000000 rsi=0000000000000000 rdi=000000000000000d
rip=fffff803b2aaffb3 rsp=ffffd001a5e46a10 rbp=ffffe00086139300
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=ffffd001a5e46ad8 r12=0000000000000000 r13=fffff803b2936240
r14=feffc000f1f93750 r15=ffffe00080a2f180
iopl=0         nv up ei ng nz na po cy
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010287
nt!SeDefaultObjectMethod+0xc7:
fffff803`b2aaffb3 498b4610        mov     rax,qword ptr [r14+10h] ds:002b:feffc000`f1f93760=????????????????

Looking at the trapframe for the unhandled exception (access violation) regarding nt!SeDefaultObjectMethod, we can see it was setting rax to the value at address r14+10.

Code: 
4: kd> !pte r14
                                           VA feffc000f1f93750
PXE at FFFFF6FB7DBEDC00    PPE at FFFFF6FB7DB80018    PDE at FFFFF6FB70003C78    PTE at FFFFF6E00078FC98
Unable to get PXE FFFFF6FB7DBEDC00
WARNING: noncanonical VA, accesses will fault !

Checking r14's contents, we can see it's a noncanonical virtual address, which is bad.

As for what's causing this to happen, good question, maybe a driver. Let's enable verifier and find out:


Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users
 
I bought new RAM and problem has gone. There was definitely a RAM-MOBO compatibility issue. Thank you very much for professional help Patrik :)
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top