locked
Win 7 64-bit Ultimate BSOD - memory related or.....? RRS feed

  • Question

  • Dear gentle readers,

    After a major system upgrade I'm getting several blue screens of death daily. I took a screen shot from BlueScreenView and have posted it here:

    https://6627197531699597932-a-1802744773732722657-s-sites.googlegroups.com/site/andrewcraigtupper/misc-1/BlueScreenView_29Dec2011.jpg

    The most common are SYSTEM_SERVICE_EXCEPTION, IRQL_NOT_LESS_OR_EQUAL, SYSTEM_SERVICE_EXCEPTION, and PAGE_FAULT_IN_NONPAGED_AREA.  The SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION error only happens when I am running Driver verifier.  I did do tests with this - firstly just using it for all Drivers and then just those that seemed to be responsible for the crashes, with the same result - lots of Blue Screens. All errors have the crash address ntoskrnl.exe+7cc40.

    What I've tried:

    - Back to the shop - it ran perfectly for them for several days, of course

    - New keyboard & mouse

    - Swapping memory modules in and out (BSODs with each module)

    - MemTest86 - no errors after many passes

    - Fresh Windows install

    - Scandisk

    Any help appreciated!

    Zip file of minidumps: https://sites.google.com/site/andrewcraigtupper/misc-1/Crashes.zip?attredirects=0&d=1

    System: AMD Phenom IIX4 840 Processor 3.2 GHz, 8 Gb RAM, 64-bit, Win 7 Ultimate SP1

    Thursday, December 29, 2011 5:35 AM

Answers

  • Hi,
     
    The verifier enabled dumps show hat this is due to gdrv.sys. This looks
    like it is potentially a tool from Gigabyte for your motherboard? You
    may want to see if this application can be disabled, or you could
    disable the driver and see if the blue screen errors continue,
     
     
    In the future, if you want to analyze the dumps with something other
    than BlueScrenView (as this and other tools do not always provide you
    with the correct information from the minidump files),
     
     *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    Use !analyze -v to get detailed debugging information.
     
    BugCheck C1, {fffff9800b3daff0, fffff9800b3daffc, c7000c, 24}
     
    Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for gdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
    Probably caused by : gdrv.sys ( gdrv+30c7 )
     
    Followup: MachineOwner
    ---------
     
    0: kd>  !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff9800b3daff0, address trying to free
    Arg2: fffff9800b3daffc, address where bits are corrupted
    Arg3: 0000000000c7000c, (reserved)
    Arg4: 0000000000000024, caller is freeing an address where bytes after the end of the allocation have been overwritten
     
    Debugging Details:
    ------------------
     BUGCHECK_STR:  0xC1_24
     
    SPECIAL_POOL_CORRUPTION_TYPE:  24
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
     
    PROCESS_NAME:  essvr.exe
     
    CURRENT_IRQL:  1
     
    IRP_ADDRESS:  fffff9804ec2af3b
     
    LAST_CONTROL_TRANSFER:  from fffff800041dcb54 to fffff800040dac40
     
    STACK_TEXT:
    fffff880`083724d8 fffff800`041dcb54 : 00000000`000000c1 fffff980`0b3daff0 fffff980`0b3daffc 00000000`00c7000c : nt!KeBugCheckEx
    fffff880`083724e0 fffff800`0420893b : fffff800`0405e000 00000000`20206f49 00000000`00039ba0 fffff980`16c4ef20 : nt!MmFreeSpecialPool+0x374
    fffff880`08372620 fffff800`040f009e : 00000000`00000000 fffff980`4ec2afb0 fffff980`0042aaf0 fffffa80`0a72ad70 : nt!ExDeferredFreePool+0xf33
    fffff880`083726d0 fffff800`040de34a : fffff980`4ec2afb3 00000000`00000001 00000000`00000001 fffff800`04197803 : nt!IopCompleteRequest+0x5ce
    fffff880`083727a0 fffff800`0457a19f : fffff980`4ec2aee0 fffff980`390f0e00 fffff980`4ec2af00 00000000`00000000 : nt!IopfCompleteRequest+0x66a
    fffff880`08372890 fffff880`0889d0c7 : fffff880`0889da50 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 : nt!IovCompleteRequest+0x19f
    fffff880`08372960 fffff880`0889da50 : 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 : gdrv+0x30c7
    fffff880`08372968 00000000`00000008 : 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 00000000`00000000 : gdrv+0x3a50
    fffff880`08372970 00000000`00000000 : fffff980`4ec2afb0 00000000`00000001 00000000`00000000 00000000`00000001 : 0x8
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    gdrv+30c7
    fffff880`0889d0c7 ??              ???
     
    SYMBOL_STACK_INDEX:  6
     
    SYMBOL_NAME:  gdrv+30c7
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: gdrv
     
    IMAGE_NAME:  gdrv.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  49b9d175
     
    FAILURE_BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
     
    BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
     
    Followup: MachineOwner
    ---------
     
    0: kd>  lmvm gdrv
    start             end                 module name
    fffff880`0889a000 fffff880`088a3000   gdrv     T (no symbols)
        Loaded symbol image file: gdrv.sys
        Image path: \??\C:\Windows\gdrv.sys
        Image name: gdrv.sys
        Timestamp:        Thu Mar 12 21:22:29 2009 (49B9D175)
        CheckSum:         000105CE
        ImageSize:        00009000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
     
     

    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Tuesday, January 3, 2012 9:08 AM
    Thursday, December 29, 2011 4:10 PM
  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff9800b3daff0, address trying to free
    Arg2: fffff9800b3daffc, address where bits are corrupted
    Arg3: 0000000000c7000c, (reserved)
    Arg4: 0000000000000024, caller is freeing an address where bytes after the end of the allocation have been overwritten
    Debugging Details:
    ------------------
    Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for gdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
    BUGCHECK_STR:  0xC1_24
    SPECIAL_POOL_CORRUPTION_TYPE:  24
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    PROCESS_NAME:  essvr.exe
    CURRENT_IRQL:  1
    IRP_ADDRESS:  fffff9804ec2af3b
    LAST_CONTROL_TRANSFER:  from fffff800041dcb54 to fffff800040dac40
    STACK_TEXT:  
    fffff880`083724d8 fffff800`041dcb54 : 00000000`000000c1 fffff980`0b3daff0 fffff980`0b3daffc 00000000`00c7000c : nt!KeBugCheckEx
    fffff880`083724e0 fffff800`0420893b : fffff800`0405e000 00000000`20206f49 00000000`00039ba0 fffff980`16c4ef20 : nt!MmFreeSpecialPool+0x374
    fffff880`08372620 fffff800`040f009e : 00000000`00000000 fffff980`4ec2afb0 fffff980`0042aaf0 fffffa80`0a72ad70 : nt!ExDeferredFreePool+0xf33
    fffff880`083726d0 fffff800`040de34a : fffff980`4ec2afb3 00000000`00000001 00000000`00000001 fffff800`04197803 : nt!IopCompleteRequest+0x5ce
    fffff880`083727a0 fffff800`0457a19f : fffff980`4ec2aee0 fffff980`390f0e00 fffff980`4ec2af00 00000000`00000000 : nt!IopfCompleteRequest+0x66a
    fffff880`08372890 fffff880`0889d0c7 : fffff880`0889da50 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 : nt!IovCompleteRequest+0x19f
    fffff880`08372960 fffff880`0889da50 : 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 : gdrv+0x30c7
    fffff880`08372968 00000000`00000008 : 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 00000000`00000000 : gdrv+0x3a50
    fffff880`08372970 00000000`00000000 : fffff980`4ec2afb0 00000000`00000001 00000000`00000000 00000000`00000001 : 0x8
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    gdrv+30c7
    fffff880`0889d0c7 ??              ???
    SYMBOL_STACK_INDEX:  6
    SYMBOL_NAME:  gdrv+30c7
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: gdrv
    IMAGE_NAME:  gdrv.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  49b9d175
    FAILURE_BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
    BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
    Followup: MachineOwner
    ---------
    0: kd> lmvm gdrv
    start             end                 module name
    fffff880`0889a000 fffff880`088a3000   gdrv     T (no symbols)           
        Loaded symbol image file: gdrv.sys
        Image path: \??\C:\Windows\gdrv.sys
        Image name: gdrv.sys
        Timestamp:        Fri Mar 13 04:22:29 2009 (49B9D175)
        CheckSum:         000105CE
        ImageSize:        00009000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    ------------------------------------------------------------------------------------------------
    As I see, gdrv.sys driver is the cause of the issue. It belongs to Gigabyte's Dynamic Energy Saver Advanced. 
    Since the driver have not been updated since 2009, I would recommend starting by installing.
    Uninstalling it should solve the issue if this driver is the cause of the BSOD but I would recommend going through updating it.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. 

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by Juke Chou Tuesday, January 3, 2012 9:08 AM
    Saturday, December 31, 2011 2:23 PM

All replies

  • Hi,
     
    The verifier enabled dumps show hat this is due to gdrv.sys. This looks
    like it is potentially a tool from Gigabyte for your motherboard? You
    may want to see if this application can be disabled, or you could
    disable the driver and see if the blue screen errors continue,
     
     
    In the future, if you want to analyze the dumps with something other
    than BlueScrenView (as this and other tools do not always provide you
    with the correct information from the minidump files),
     
     *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    Use !analyze -v to get detailed debugging information.
     
    BugCheck C1, {fffff9800b3daff0, fffff9800b3daffc, c7000c, 24}
     
    Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for gdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
    Probably caused by : gdrv.sys ( gdrv+30c7 )
     
    Followup: MachineOwner
    ---------
     
    0: kd>  !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
     
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff9800b3daff0, address trying to free
    Arg2: fffff9800b3daffc, address where bits are corrupted
    Arg3: 0000000000c7000c, (reserved)
    Arg4: 0000000000000024, caller is freeing an address where bytes after the end of the allocation have been overwritten
     
    Debugging Details:
    ------------------
     BUGCHECK_STR:  0xC1_24
     
    SPECIAL_POOL_CORRUPTION_TYPE:  24
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
     
    PROCESS_NAME:  essvr.exe
     
    CURRENT_IRQL:  1
     
    IRP_ADDRESS:  fffff9804ec2af3b
     
    LAST_CONTROL_TRANSFER:  from fffff800041dcb54 to fffff800040dac40
     
    STACK_TEXT:
    fffff880`083724d8 fffff800`041dcb54 : 00000000`000000c1 fffff980`0b3daff0 fffff980`0b3daffc 00000000`00c7000c : nt!KeBugCheckEx
    fffff880`083724e0 fffff800`0420893b : fffff800`0405e000 00000000`20206f49 00000000`00039ba0 fffff980`16c4ef20 : nt!MmFreeSpecialPool+0x374
    fffff880`08372620 fffff800`040f009e : 00000000`00000000 fffff980`4ec2afb0 fffff980`0042aaf0 fffffa80`0a72ad70 : nt!ExDeferredFreePool+0xf33
    fffff880`083726d0 fffff800`040de34a : fffff980`4ec2afb3 00000000`00000001 00000000`00000001 fffff800`04197803 : nt!IopCompleteRequest+0x5ce
    fffff880`083727a0 fffff800`0457a19f : fffff980`4ec2aee0 fffff980`390f0e00 fffff980`4ec2af00 00000000`00000000 : nt!IopfCompleteRequest+0x66a
    fffff880`08372890 fffff880`0889d0c7 : fffff880`0889da50 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 : nt!IovCompleteRequest+0x19f
    fffff880`08372960 fffff880`0889da50 : 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 : gdrv+0x30c7
    fffff880`08372968 00000000`00000008 : 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 00000000`00000000 : gdrv+0x3a50
    fffff880`08372970 00000000`00000000 : fffff980`4ec2afb0 00000000`00000001 00000000`00000000 00000000`00000001 : 0x8
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    gdrv+30c7
    fffff880`0889d0c7 ??              ???
     
    SYMBOL_STACK_INDEX:  6
     
    SYMBOL_NAME:  gdrv+30c7
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: gdrv
     
    IMAGE_NAME:  gdrv.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  49b9d175
     
    FAILURE_BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
     
    BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
     
    Followup: MachineOwner
    ---------
     
    0: kd>  lmvm gdrv
    start             end                 module name
    fffff880`0889a000 fffff880`088a3000   gdrv     T (no symbols)
        Loaded symbol image file: gdrv.sys
        Image path: \??\C:\Windows\gdrv.sys
        Image name: gdrv.sys
        Timestamp:        Thu Mar 12 21:22:29 2009 (49B9D175)
        CheckSum:         000105CE
        ImageSize:        00009000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
     
     

    -- Mike Burr
    Technology
    • Marked as answer by Juke Chou Tuesday, January 3, 2012 9:08 AM
    Thursday, December 29, 2011 4:10 PM
  • Mike, thanks very much for the quick reply.  I've got Gigabyte EasySaver and ON_OFF Charge on the system - I'll uninstall those and see how we go.

    Andrew

    Friday, December 30, 2011 5:33 AM
  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arguments:
    Arg1: fffff9800b3daff0, address trying to free
    Arg2: fffff9800b3daffc, address where bits are corrupted
    Arg3: 0000000000c7000c, (reserved)
    Arg4: 0000000000000024, caller is freeing an address where bytes after the end of the allocation have been overwritten
    Debugging Details:
    ------------------
    Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for gdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
    BUGCHECK_STR:  0xC1_24
    SPECIAL_POOL_CORRUPTION_TYPE:  24
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    PROCESS_NAME:  essvr.exe
    CURRENT_IRQL:  1
    IRP_ADDRESS:  fffff9804ec2af3b
    LAST_CONTROL_TRANSFER:  from fffff800041dcb54 to fffff800040dac40
    STACK_TEXT:  
    fffff880`083724d8 fffff800`041dcb54 : 00000000`000000c1 fffff980`0b3daff0 fffff980`0b3daffc 00000000`00c7000c : nt!KeBugCheckEx
    fffff880`083724e0 fffff800`0420893b : fffff800`0405e000 00000000`20206f49 00000000`00039ba0 fffff980`16c4ef20 : nt!MmFreeSpecialPool+0x374
    fffff880`08372620 fffff800`040f009e : 00000000`00000000 fffff980`4ec2afb0 fffff980`0042aaf0 fffffa80`0a72ad70 : nt!ExDeferredFreePool+0xf33
    fffff880`083726d0 fffff800`040de34a : fffff980`4ec2afb3 00000000`00000001 00000000`00000001 fffff800`04197803 : nt!IopCompleteRequest+0x5ce
    fffff880`083727a0 fffff800`0457a19f : fffff980`4ec2aee0 fffff980`390f0e00 fffff980`4ec2af00 00000000`00000000 : nt!IopfCompleteRequest+0x66a
    fffff880`08372890 fffff880`0889d0c7 : fffff880`0889da50 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 : nt!IovCompleteRequest+0x19f
    fffff880`08372960 fffff880`0889da50 : 00000000`00000008 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 : gdrv+0x30c7
    fffff880`08372968 00000000`00000008 : 00000000`00000000 fffff980`4ec2afb0 00000000`00000001 00000000`00000000 : gdrv+0x3a50
    fffff880`08372970 00000000`00000000 : fffff980`4ec2afb0 00000000`00000001 00000000`00000000 00000000`00000001 : 0x8
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    gdrv+30c7
    fffff880`0889d0c7 ??              ???
    SYMBOL_STACK_INDEX:  6
    SYMBOL_NAME:  gdrv+30c7
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: gdrv
    IMAGE_NAME:  gdrv.sys
    DEBUG_FLR_IMAGE_TIMESTAMP:  49b9d175
    FAILURE_BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
    BUCKET_ID:  X64_0xC1_24_VRFK_gdrv+30c7
    Followup: MachineOwner
    ---------
    0: kd> lmvm gdrv
    start             end                 module name
    fffff880`0889a000 fffff880`088a3000   gdrv     T (no symbols)           
        Loaded symbol image file: gdrv.sys
        Image path: \??\C:\Windows\gdrv.sys
        Image name: gdrv.sys
        Timestamp:        Fri Mar 13 04:22:29 2009 (49B9D175)
        CheckSum:         000105CE
        ImageSize:        00009000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    ------------------------------------------------------------------------------------------------
    As I see, gdrv.sys driver is the cause of the issue. It belongs to Gigabyte's Dynamic Energy Saver Advanced. 
    Since the driver have not been updated since 2009, I would recommend starting by installing.
    Uninstalling it should solve the issue if this driver is the cause of the BSOD but I would recommend going through updating it.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. 

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Marked as answer by Juke Chou Tuesday, January 3, 2012 9:08 AM
    Saturday, December 31, 2011 2:23 PM