WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows 7 x64

C

chulett

Member
Joined
Jun 2, 2015
Posts
12
I'm in the process of starting to gather the information you want to help figure out why I'm getting the crash noted in the subject on my main PC that is not the one I'm posting from. Short version - I can run programs that don't seem to require 3D acceleration like Outlook or Agent or QuickBooks but when I start a browser or a game (even just tried to view a jpeg) my screen goes a solid color, black or blue or light orange (who knows) does not seem to respond to the keyboard and then eventually my computer will restart. I have it set to NOT automatically restart on a BSOD and create a full dump but it simply restarts and sometimes I can only find a mini-dump. This when I get an alert on the desktop stating "Windows has recovered from an unexpected situation" or something similar. Most times lately I give up and hold the power button in until it recycles and restarts without creating a dump.

Thought it was a problem with my high-end video card but had it replaced by the vendor under warranty, however it did not change / solve the problem behavior. So that doesn't seem to be the "hardware" that is triggering the failure.

My problem right now is your SysnativeBSODcollectionApp causes the 'crash' as well. It also didn't like the fact that I had TEMP/TMP set to a long filename with a space in it and would not run until I shorted it and removed the space. Was pretty proud of myself until it cranked up, got part way through the collection and then triggered my issue. Perfmon ran just fine, for whatever that is worth.

From what I've read here, that 124 hardware crash can't be solved with a mini-dump. What can I do / run to get you what you would need to work this with me? Thanks.

-craig

OS: Windows 7 Home Premium 64bit
Retail copy, home built desktop system about 6 years old, never reinstalled
Intel i7@2.8GHz, 6GB RAM
EVGA GTX780 FTW video card
ASUS P6X58D Premium mobo
Twin 600W PSUs in an Antec tower
 
re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

From what I've read here, that 124 hardware crash can't be solved with a mini-dump.
Click to expand...

That's 0x101.

Although it's true you can gather more information from an 0x124 kernel-dump as well, it's not necessary to determining what's the story as far as your crashes go.
 
re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

OK, fair enough. Should I start with an upload of a mini-dump or two and the perfmon report? Anything else that would help?
 
re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Running the collection app is really all we need.
 
re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Understood but you must have missed the part in my post where I noted your collection app causes my error so it doesn't seem to have completed normally. I can find the .bat file that was run in my TEMP directory and after poking around found the folder it had created in my user's Documents with 21 files in it but it didn't get a chance to zip anything up and thus probably didn't dump everything you were expecting. I can zip up what is there and post it if you like, unless there's something else you'd like me to try.
 
re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Code: 
3: kd> .bugcheck
Bugcheck code 00000124
Arguments 00000000`00000000 fffffa80`0779a798 00000000`00000000 00000000`00000000

Dumping the WER structure:

Code: 
===============================================================================
Section 2     : x86/x64 MCA
-------------------------------------------------------------------------------
Descriptor    @ fffffa800779a8a8
Section       @ fffffa800779aa30
Offset        : 664
Length        : 264
Flags         : 0x00000000
Severity      : Fatal

Error         : Internal timer (Proc 0 Bank 5)
  Status      : 0xfe00000000800400
  Address     : 0x0000388004de2e96
  Misc.       : 0x0000000000007fff

Internal CPU timer failure, specifically core 0 (main core) and cache bank 5.

Code: 
5: kd> .bugcheck
Bugcheck code 00000001
Arguments 00000000`72c3169a 00000000`00000000 00000000`0000ffff fffff880`0c0cbca0

3rd argument is - 000000000000ffff, which implies that Special and Kernel APCs were disabled and never re-enabled. Given both were disabled, the thread:

Code: 
5: kd> !thread
GetPointerFromAddress: unable to read from fffff80003b08000
THREAD fffffa800a076b50  Cid 1850.1b20  Teb: 000000007efdb000 Win32Thread: fffff900c25e1010 RUNNING on processor 5
Not impersonating
GetUlongFromAddress: unable to read from fffff80003a46bf0
Owning Process            fffffa800a084b10       Image:         dxdiag.exe
Attached Process          N/A            Image:         N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount      6329         
Context Switch Count      1482           IdealProcessor: 4                 LargeStack
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime                  00:00:00.000
KernelTime                00:00:00.000
Win32 Start Address 0x00000000004cea76
Stack Init fffff8800c0cbdb0 Current fffff8800c0c9d10
Base fffff8800c0cc000 Limit fffff8800c0c3000 Call 0
Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0c0cbad8 fffff800`038cae69 : 00000000`00000001 00000000`72c3169a 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0c0cbae0 fffff800`038cada0 : 00000000`00000008 00000000`72c17b98 00000000`0029d101 00000000`001fe9c4 : nt!KiBugCheckDispatch+0x69
fffff880`0c0cbc20 00000000`72c3169a : 00000000`72c17c91 00000000`7efdd000 00000000`72c549d0 00000000`8000000d : nt!KiSystemServiceExit+0x245 (TrapFrame @ fffff880`0c0cbc20)
00000000`0027df68 00000000`72c17c91 : 00000000`7efdd000 00000000`72c549d0 00000000`8000000d 00000000`001feecc : 0x72c3169a
00000000`0027df70 00000000`7efdd000 : 00000000`72c549d0 00000000`8000000d 00000000`001feecc 00000000`400002c0 : 0x72c17c91
00000000`0027df78 00000000`72c549d0 : 00000000`8000000d 00000000`001feecc 00000000`400002c0 0000000e`00000238 : 0x7efdd000
00000000`0027df80 00000000`8000000d : 00000000`001feecc 00000000`400002c0 0000000e`00000238 00000000`0000000e : 0x72c549d0
00000000`0027df88 00000000`001feecc : 00000000`400002c0 0000000e`00000238 00000000`0000000e 00000000`004a0000 : 0x8000000d
00000000`0027df90 00000000`400002c0 : 0000000e`00000238 00000000`0000000e 00000000`004a0000 00000000`00003000 : 0x1feecc
00000000`0027df98 0000000e`00000238 : 00000000`0000000e 00000000`004a0000 00000000`00003000 00000000`00500000 : 0x400002c0
00000000`0027dfa0 00000000`0000000e : 00000000`004a0000 00000000`00003000 00000000`00500000 00000000`00000400 : 0x0000000e`00000238
00000000`0027dfa8 00000000`004a0000 : 00000000`00003000 00000000`00500000 00000000`00000400 00000000`00510000 : 0xe
00000000`0027dfb0 00000000`00003000 : 00000000`00500000 00000000`00000400 00000000`00510000 00000000`00000800 : 0x4a0000
00000000`0027dfb8 00000000`00500000 : 00000000`00000400 00000000`00510000 00000000`00000800 00000000`00000000 : 0x3000
00000000`0027dfc0 00000000`00000400 : 00000000`00510000 00000000`00000800 00000000`00000000 00000000`00000000 : 0x500000
00000000`0027dfc8 00000000`00510000 : 00000000`00000800 00000000`00000000 00000000`00000000 00000000`00000000 : 0x400
00000000`0027dfd0 00000000`00000800 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x510000
00000000`0027dfd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x800

entered a Guarded Region as opposed to its originally intended Critical Region, since no APCs are executed in a Guarded Region.

Normally this is caused by drivers and lock issues, so I'd like to check that. The issue is since we have an 0x124, I am concerned that the CPU is faulty and failing to switch regions for the threads, but we'll see.

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Thanks Patrick! I'll hopefully get some time this weekend for the driver verification process and will update the thread.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Enabled "verifier" as per the instructions and got a BSOD before I would log on. It went thru "Staring Windows" and displaying the logon prompt but hung on the last note of the startup music and then crashed. Tested twice to be sure it was reproducible and then /reset. Back in no problem, but now I have a 400MB MEMORY.DMP file (and a mini-dump) that I assume would be too large to attach to my post? How do I get it to you?

FYI, compressed to 80MB.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Thanks.

Code: 
4: kd> .bugcheck
Bugcheck code 0000001E
Arguments ffffffff`c0000005 fffff800`03888fd6 00000000`00000000 00000000`00000000

Code: 
4: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffff880`03760cd8 fffff800`03908602 nt!KeBugCheckEx
01 fffff880`03760ce0 fffff800`03887f42 nt! ?? ::FNODOBFM::`string'+0x47f5d
02 fffff880`03761380 fffff800`0388684a nt!KiExceptionDispatch+0xc2
03 fffff880`03761560 fffff800`03888fd6 nt!KiGeneralProtectionFault+0x10a
04 fffff880`037616f8 fffff800`0394c533 nt!RtlCaptureContext+0x86
05 fffff880`03761708 fffff800`0394db43 nt!RtlpWalkFrameChain+0xa3
06 fffff880`03761da8 fffff800`0394e9cb nt!RtlWalkFrameChain+0x63
07 fffff880`03761dd8 fffff800`03d2a20c nt!RtlCaptureStackBackTrace+0x4b
08 fffff880`03761e08 fffff800`03d2c1ca nt!IovpLogStackCallout+0x1c
09 fffff880`03761e38 fffff800`03d2ec86 nt!ViPoolLogStackTrace+0x8a
0a fffff880`03761e68 fffff800`03d2ee11 nt!VeAllocatePoolWithTagPriority+0x2b6
0b fffff880`03761ed8 fffff880`08f3763f nt!VerifierIoAllocateMdl+0x71
0c fffff880`03761f38 00000000`5a313622 acedrv11+0x5363f
0d fffff880`03761f40 fffff880`037620d0 0x5a313622
0e fffff880`03761f48 fffff880`08f36970 0xfffff880`037620d0
0f fffff880`03761f50 fffff880`03761f60 acedrv11+0x52970
10 fffff880`03761f58 00000000`00000000 0xfffff880`03761f60

So verifier was enabled, and thanks to it, we can see what went wrong. ProtectDisc's driver was allocating an MDL and presumably referencing it to the IRP for the driver. Somewhere along our kernel run-time functions, we go off the rails - nt!RtlCaptureContext+0x86.

Code: 
4: kd> .fnent nt!RtlCaptureContext
Debugger function entry 00000054`fe3c5f68 for:
(fffff800`03888f50)   nt!RtlCaptureContext   |  (fffff800`03889080)   nt!RtlRestoreContext
Exact matches:
    nt!RtlCaptureContext (<no parameter info>)

BeginAddress      = 00000000`00074f50
EndAddress        = 00000000`00075070
UnwindInfoAddress = 00000000`001c7eb4

Unwind info at fffff800`039dbeb4, 6 bytes
  version 1, flags 0, prolog 2, codes 1
  00: offs 2, unwind op 2, op info 0    UWOP_ALLOC_SMALL.

Code: 
4: kd> lmvm acedrv11
start             end                 module name
fffff880`08ee4000 fffff880`08f3e000   acedrv11   (no symbols)           
    Loaded symbol image file: acedrv11.sys
    Image path: \??\C:\Windows\system32\drivers\acedrv11.sys
    Image name: acedrv11.sys
    Timestamp:        Wed Feb 24 05:20:17 2010 (4B84FD61)
    CheckSum:         0003BF8E
    ImageSize:        0005A000
    File version:     11.0.0.14
    Product version:  9.2.0.0
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Protect Software GmbH
    ProductName:      ProtectDisc x64/x86 Hybrid Driver
    InternalName:     acedrv.sys
    OriginalFilename: acedrv.sys
    ProductVersion:   9.2.0.0
    FileVersion:      11.0.0.14 built by: WinDDK
    FileDescription:  ProtectDisc x64/x86 Hybrid Driver
    LegalCopyright:   Copyright (C) 1995-2010 Protect Software GmbH

~5 year old driver, get rid of the software.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Thanks Patrick. Now if I just had a clue what in the heck that was and how it got on my system. Found it as something installed in May of 2013 and on that same day I see I installed three games. Seems to be some kind of copy protection, guessing one of them stealth loaded it back then. Not sure why it took this long to go sideways but I will nuke it and see what happens next! Thanks again.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

So while it may have been a problem, its removal didn't change the ongoing problematic behavior that brought me here. I will setup the Driver Verifier again and see if we're now past the initial BSOD and perhaps move onto another. Thanks for bearing with me.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

With driver verifier on I'm not getting blue screen crashes like with the issue it turned up right away. What I have is a crash/restart without any BSOD involved as it doesn't stop during the process. Specifically, I'm doing something like letting Steam do a 'hardware survey' and when it goes to scan the system my screen goes 'blank' again and I don't have any ability to intervene, it would seem. I sat and waited to see what would show and after maybe 10 minutes of sitting there all my wireless connections drop as the LAN goes down (this is the main PC with the cable modem). Then a couple of minutes later it reboots and I allow it to boot normally. Once I log on, Windows tells me it has "recovered from an unexpected shutdown" with the details showing the same 124 error as before. I earned myself a couple more mini-dumps but no full dump since there was no BSOD. I'll attach them here for grins but I'll wager they aren't any different than the originals.

Wondering now if I should widen the scope of the verifier, let it monitor the Microsoft drivers as well just in case one of them is corrupted or other wise problematic? Or does this point back to the CPU?

View attachment Mini-dumps.zip
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

FYI - made a change to Driver Verifier to include all MS drivers and other than to cause it to run like it was knee deep in mud it didn't change any other behaviors. Also wanted to note I found the system seemingly locked up again but with my network and wireless still intact. When I cycled power and checked the details of the "unexpected shutdown" I was expecting to see yet another 124 but this time it showed a 7e. I'm attaching the mini-dump from it. Thanks.

View attachment 061215-13213-01.dmp.zip
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

I'll take a look at all the recent stuff when I get home.
 
Re: WHEA_UNCORRECTABLE_ERROR (0x124) Crash - Windows7 x64

Thanks Patrick. I appreciate all of the information so far. I'm at a point where I'm about to pull the trigger on a much delayed replacement system and will be parting out bits of this one to flesh out the new one - secondary drives, mostly. Monitor. The rest I'll sell off or give away or recycle. So I'm wondering if there is anything new to be found in the dumps, especially the "7e" crash which to be honest I didn't look up, to know if there really is a 'hardware problem' somewhere or not.

Thanks again.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top