[Win7 x64] KERNEL_DATA_INPAGE_ERROR (7a) ntkrnlmp.exe

[1011]

Please help me this BSOD

I have got many BSOD yesterday and today I set Driver Verifier and wait for crash.
Yesterday I have got BSOD cause by SRTSP64.SYS (Norton Security driver) I uninstall Norton Security by Norton Remove tool. After remove old Norton Security, I installed new Norton Security with Backup. My PC run well.
Today I have got BSOD cause by ntkrnlmp.exe :sad:

WinDbg show:

Read More:

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.




Loading Dump File [D:\dump\MEMORY (2).DMP]
Kernel Summary Dump File: Kernel address space is available, User address space may not be available.




************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*Symbol information
Symbol search path is: SRV*C:\SymCache*Symbol information
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23392.amd64fre.win7sp1_ldr.160317-0600
Machine Name:
Kernel base = 0xfffff800`02e0f000 PsLoadedModuleList = 0xfffff800`03051730
Debug session time: Wed Apr 19 12:05:15.195 2017 (UTC + 7:00)
System Uptime: 0 days 4:13:12.195
Loading Kernel Symbols
...............................................................
......................................................Page 777ce not present in the dump file. Type ".hh dbgerr004" for details
..........
....Page 76978 not present in the dump file. Type ".hh dbgerr004" for details
....................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd7018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 7A, {fffff6fc5000bf20, ffffffffc000000e, 101710880, fffff8a0017e408e}


Page 777ce not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+3140a )


Followup: MachineOwner
---------


1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: fffff6fc5000bf20, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000000e, error status (normally i/o status code)
Arg3: 0000000101710880, current process (virtual address for lock type 3, or PTE)
Arg4: fffff8a0017e408e, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)


Debugging Details:
------------------


Page 777ce not present in the dump file. Type ".hh dbgerr004" for details


DUMP_CLASS: 1


DUMP_QUALIFIER: 401


BUILD_VERSION_STRING: 7601.23392.amd64fre.win7sp1_ldr.160317-0600


SYSTEM_MANUFACTURER: To be filled by O.E.M.


SYSTEM_PRODUCT_NAME: To be filled by O.E.M.


SYSTEM_SKU: To be filled by O.E.M.


SYSTEM_VERSION: To be filled by O.E.M.


BIOS_VENDOR: American Megatrends Inc.


BIOS_VERSION: BB3F1P13


BIOS_DATE: 12/17/2013


BASEBOARD_MANUFACTURER: Foxconn


BASEBOARD_PRODUCT: H61MXE/-S/-V/-K


BASEBOARD_VERSION: 1.3


DUMP_TYPE: 1


BUGCHECK_P1: fffff6fc5000bf20


BUGCHECK_P2: ffffffffc000000e


BUGCHECK_P3: 101710880


BUGCHECK_P4: fffff8a0017e408e


ERROR_CODE: (NTSTATUS) 0xc000000e - A device which does not exist was specified.


DISK_HARDWARE_ERROR: There was error with disk hardware


BUGCHECK_STR: 0x7a_c000000e


CPU_COUNT: 2


CPU_MHZ: b4d


CPU_VENDOR: GenuineIntel


CPU_FAMILY: 6


CPU_MODEL: 3a


CPU_STEPPING: 9


CPU_MICROCODE: 6,3a,9,0 (F,M,S,R) SIG: 12'00000000 (cache) 12'00000000 (init)


DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT


PROCESS_NAME: svchost.exe


CURRENT_IRQL: 0


ANALYSIS_SESSION_HOST: QTMK2-PC


ANALYSIS_SESSION_TIME: 04-19-2017 17:06:09.0499


ANALYSIS_VERSION: 10.0.10586.567 amd64fre


TRAP_FRAME: fffff880028dc330 -- (.trap 0xfffff880028dc330)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a0017e408c rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003150e1c rsp=fffff880028dc4c0 rbp=0000000000236088
r8=fffff8a0000326c0 r9=fffff880028dc6d0 r10=fffff8a00f1c6c18
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!CmpDoCompareKeyName+0x2c:
fffff800`03150e1c f6400220 test byte ptr [rax+2],20h ds:fffff8a0`017e408e=00
Resetting default scope


LAST_CONTROL_TRANSFER: from fffff80002ef3fd2 to fffff80002e7f380


STACK_TEXT:
fffff880`028dc018 fffff800`02ef3fd2 : 00000000`0000007a fffff6fc`5000bf20 ffffffff`c000000e 00000001`01710880 : nt!KeBugCheckEx
fffff880`028dc020 fffff800`02ea674f : fffffa80`049bc6b0 fffff880`028dc190 fffff800`030be600 fffffa80`049bc6b0 : nt! ?? ::FNODOBFM::`string'+0x3140a
fffff880`028dc100 fffff800`02e8c9c9 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`028dc2d0 : nt!MiIssueHardFault+0x28b
fffff880`028dc1d0 fffff800`02e7d4ae : 00000000`00000000 fffff8a0`017e408e 00000000`00f80000 00000000`0000001c : nt!MmAccessFault+0x1399
fffff880`028dc330 fffff800`03150e1c : fffff8a0`00023010 00000000`0000001c fffff8a0`000326c0 fffff800`0314fc48 : nt!KiPageFault+0x16e
fffff880`028dc4c0 fffff800`0314fd79 : 00000000`0000001c 00000000`ffffffff 00000000`0036215f 00000000`00000018 : nt!CmpDoCompareKeyName+0x2c
fffff880`028dc500 fffff800`031492a2 : fffff8a0`ffffffff fffff880`028dcad0 fffff880`028dc650 fffff880`00000000 : nt!CmpFindSubKeyByNameWithStatus+0x1b9
fffff880`028dc580 fffff800`0317cf9e : 00000000`00000040 00000000`00000001 fffffa80`07e52b10 00000000`00000001 : nt!CmpParseKey+0xf42
fffff880`028dc880 fffff800`0317da86 : 00000000`00000000 fffff880`028dca00 00000000`00000040 fffffa80`03700080 : nt!ObpLookupObjectName+0x784
fffff880`028dc980 fffff800`0314d6ec : 00000000`06ca1600 00000000`00000000 fffff8a0`0084cf01 fffff880`028dca68 : nt!ObOpenObjectByName+0x306
fffff880`028dca50 fffff800`0314fbaf : 00000000`0176df70 00000000`00000001 00000000`0176dff8 00000000`00000000 : nt!CmOpenKey+0x28a
fffff880`028dcba0 fffff800`02e7e613 : 00000000`00000008 00000000`76e2bc90 fffffa80`04bf1c01 00000000`00000000 : nt!NtOpenKeyEx+0xf
fffff880`028dcbe0 00000000`76e2ca8a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0176df08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e2ca8a




STACK_COMMAND: kb


THREAD_SHA1_HASH_MOD_FUNC: 14b57835ef0db1e2068a785e1099c8fcd66dc554


THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 55913ac85f907aac68e0cdb0d128e2ca4f8c97cb


THREAD_SHA1_HASH_MOD: fe34192f63d13620a8987d294372ee74d699cfee


FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+3140a
fffff800`02ef3fd2 cc int 3


FAULT_INSTR_CODE: 2444c7cc


SYMBOL_STACK_INDEX: 1


SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+3140a


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: nt


IMAGE_NAME: ntkrnlmp.exe


DEBUG_FLR_IMAGE_TIMESTAMP: 56eb24e6


IMAGE_VERSION: 6.1.7601.23392


FAILURE_BUCKET_ID: X64_0x7a_c000000e_VRF_nt!_??_::FNODOBFM::_string_+3140a


BUCKET_ID: X64_0x7a_c000000e_VRF_nt!_??_::FNODOBFM::_string_+3140a


PRIMARY_PROBLEM_CLASS: X64_0x7a_c000000e_VRF_nt!_??_::FNODOBFM::_string_+3140a


TARGET_TIME: 2017-04-19T05:05:15.000Z


OSBUILD: 7601


OSSERVICEPACK: 1000


SERVICEPACK_NUMBER: 0


OS_REVISION: 0


SUITE_MASK: 272


PRODUCT_TYPE: 1


OSPLATFORM_TYPE: x64


OSNAME: Windows 7


OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS


OS_LOCALE:


USER_LCID: 0


OSBUILD_TIMESTAMP: 2016-03-18 04:43:02


BUILDDATESTAMP_STR: 160317-0600


BUILDLAB_STR: win7sp1_ldr


BUILDOSVER_STR: 6.1.7601.23392.amd64fre.win7sp1_ldr.160317-0600


ANALYSIS_SESSION_ELAPSED_TIME: 63b


ANALYSIS_SOURCE: KM


FAILURE_ID_HASH_STRING: km:x64_0x7a_c000000e_vrf_nt!_??_::fnodobfm::_string_+3140a


FAILURE_ID_HASH: {e3fc7300-a520-eca2-f1fc-fbf812eda613}


Followup: MachineOwner
---------

I attached 2 file follow BSOD Posting Instructions.
I also upload both Memory.dmp (today and yesterday) files as zip file to google drive. Hope it useful.
MEMORY.DMP Yesterday 161Mb MEMORY yesterday.zip - Google Drive
MEMORY.DMP Today 88Mb MEMORY and mini today.zip - Google Drive


My PC:
CPU: Intel Pentium G2020
HDD WD 2500Mb
Main: Foxconn H61MXE-V
VGA card on-board
OS: Windows 7 SP1 x64 (retail version - installed by me)
Age of OS installation: about 2 yrs1
power supply: super deluxe SD_600



Thank you for considering my request.

 

[jcgriff2]

Re: [Windows 7 x64] KERNEL_DATA_INPAGE_ERROR (7a) ntkrnlmp.exe

Hi. . .

The bugcheck from your Windbg output (nice job, by the way!):

BugCheck [COLOR="#FF0000"]7A[/COLOR], {fffff6fc5000bf20, [COLOR="#FF0000"]ffffffffc000000e[/COLOR], 101710880, fffff8a0017e408e}

The 2 in RED are the important numbers.

0x7a data from the page file could not be read into RAM
0xc000000e - boot selection failed because a required device is inaccessible

These two together usually means that your hard drive is failing.

Run Seatools for DOS, LONG test - https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics.html

For info, ntkrnlmp.exe is the Windows kernel and is listed simply as a default. It is not the actual cause.

Regards. . .

jcgriff2

 

[1011]

Re: [Windows 7 x64] KERNEL_DATA_INPAGE_ERROR (7a) ntkrnlmp.exe

Hi jcgriff2
I have checked my HDD WD 250Gb by Seatools for DOS, LONG test and result is PASS. I try to run WD Data Lifeguard Diagnostics for Windows (EXTENDED test) and result is PASS.
Today Acronis Backup show a dialog about some data of Acronis program missing on RAM and address 0xc000000e and restart PC immediately, no BSOD so..I uninstalled Acronis. I also checked RAM by memtest but all PASS, I have 8Gb of RAM (4Gb x2 Gskill) I will run memtest to check each RAM and use win10PE to check HDD by WD Data Lifeguard Diagnostics again. I hope result is False.

I will update late :thumbsup2:

 

[1011]

Re: [Windows 7 x64] KERNEL_DATA_INPAGE_ERROR (7a) ntkrnlmp.exe

[problem solved]

No BSOD appear.
Uninstall Norton Security and install new Norton Security with backup.
Uninstall Acronis True Image 2015.
Run sfc /scannow (for sure).

Many thanks to jcgriff2