memry error?

[rasczak]

i've been having a lot of bsods, and never tied to one driver, ntfs.sys, win.sys kfil.sys

here's what ive found thus far but i don t know what step to take next.

help




Loading Dump File [C:\WINDOWS\Minidump\Mini013108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Thu Jan 31 15:06:05.859 2008 (GMT-8)
System Uptime: 0 days 0:00:39.562
Loading Kernel Symbols
...................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c000001d, 805232b6, b9ee7a20, 0}



Probably caused by : memory_corruption ( nt!MiDeleteVirtualAddresses+196 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 805232b6, The address that the exception occurred at
Arg3: b9ee7a20, Trap Frame
Arg4: 00000000

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.

FAULTING_IP:
nt!MiDeleteVirtualAddresses+196
805232b6 0f861dffffff jbe nt!MiDeleteVirtualAddresses+0xb9 (805231d9)

TRAP_FRAME: b9ee7a20 -- (.trap 0xffffffffb9ee7a20)
ErrCode = 00000000
eax=00000000 ebx=c0010588 ecx=c0883000 edx=2de17867 esi=c0600080 edi=020b1000
eip=805232b6 esp=b9ee7a94 ebp=b9ee7b3c iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
nt!MiDeleteVirtualAddresses+0x196:
805232b6 0f861dffffff jbe nt!MiDeleteVirtualAddresses+0xb9 (805231d9) [br=1]
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: svchost.exe

LAST_CONTROL_TRANSFER: from 80519954 to 805232b6

FAILED_INSTRUCTION_ADDRESS:
nt!MiDeleteVirtualAddresses+196
805232b6 0f861dffffff jbe nt!MiDeleteVirtualAddresses+0xb9 (805231d9)

STACK_TEXT:
b9ee7b3c 80519954 00000008 020effff 00000000 nt!MiDeleteVirtualAddresses+0x196
b9ee7b58 805b1e24 020b0000 020effff b9ee7c10 nt!MiDeleteFreeVm+0x20
b9ee7bf8 8054086c ffffffff b9ee7cd4 b9ee7cd8 nt!NtFreeVirtualMemory+0x42e
b9ee7bf8 804ff8e1 ffffffff b9ee7cd4 b9ee7cd8 nt!KiFastCallEntry+0xfc
b9ee7c80 805d0e4e ffffffff b9ee7cd4 b9ee7cd8 nt!ZwFreeVirtualMemory+0x11
b9ee7d14 805d1150 00000000 00000000 861f1370 nt!PspExitThread+0x4e2
b9ee7d34 805d1490 861f1370 00000000 b9ee7d64 nt!PspTerminateThreadByPointer+0x52
b9ee7d54 8054086c 00000000 00000000 020effb4 nt!NtTerminateThread+0x70
b9ee7d54 7c90eb94 00000000 00000000 020effb4 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
020effb4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiDeleteVirtualAddresses+196
805232b6 0f861dffffff jbe nt!MiDeleteVirtualAddresses+0xb9 (805231d9)

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!MiDeleteVirtualAddresses+196

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9d

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x8E_BAD_IP_nt!MiDeleteVirtualAddresses+196

BUCKET_ID: 0x8E_BAD_IP_nt!MiDeleteVirtualAddresses+196

Followup: MachineOwner
---------

 

[robisbell]

get "The Ultimate Boot CD" and have it run memtest86+ for 6 hours, post the results.

 

[rasczak]

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini013108-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Thu Jan 31 20:27:42.250 2008 (GMT-8)
System Uptime: 0 days 0:00:28.953
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
..................................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4E, {8f, 35e57, 31e57, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : memory_corruption

Followup: memory_corruption
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000008f, The free or zeroed page listhead is corrupt
Arg2: 00035e57, new page
Arg3: 00031e57, old page
Arg4: 00000000, 0

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 0

BUGCHECK_STR: 0x4E_8f

PFN_PAGE_SINGLE_BIT_ERROR: Bugcheck args 2 and 3 differ by a bit, its hardware error.

MEMORY_CORRUPTOR: ONE_BIT

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

LAST_CONTROL_TRANSFER: from 8051bef0 to 804f9deb

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78a27f8 8051bef0 0000004e 0000008f 00035e57 nt+0x22deb
f78a2840 80696b94 87195358 00000000 00000044 nt+0x44ef0
f78a2dac 805ce84c 80087000 00000000 00000000 nt+0x1bfb94
f78a2ddc 8054532e 8069590c 80087000 00000000 nt+0xf784c
00000000 00000000 00000000 00000000 00000000 nt+0x6e32e


STACK_COMMAND: kb

FOLLOWUP_NAME: memory_corruption

MODULE_NAME: memory_corruption

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT

BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT

Followup: memory_corruption
---------

bad memory i guess. although i did memtest86 and i had no errors so i'm lost :/

 

[QueBert]

how long did you run memtest for? it can run for hours with no errors, let it run overnight to be sure.

 

[ForumMaster]

are you running the memory at stock speed? stock voltage? stock timings? try loosening the timings a bit and increase the voltage by one setting. then try again. this might make the memory more stable.

 

[rasczak]

Originally posted by: ForumMaster
are you running the memory at stock speed? stock voltage? stock timings? try loosening the timings a bit and increase the voltage by one setting. then try again. this might make the memory more stable.

I just noticed that my sticks were running DDR500, so i brought them back down to stock speed, as for stock voltage I'm not sure what that is for this board as i bought it used. I'll run memtest tonight and post my findings.

 

[rasczak]

ran prime95 and right after it gets to the third test i get a fatal error

"Rounding was 0.5, was expecting less than 0.4. Hardware failure detected consilt stress.txt file."

the file itself doesn't really tell me anything, so i'm kinda worried.

 

[robisbell]

get "The Ultimate Boot CD" and have it run memtest86+ for 6 hours, post the results.

 

[rasczak]

read the thread, i've already done memtest86.

 

[robisbell]

was it memtest86 or memtest86+?
how long did you run it for?

 

[ForumMaster]

well did you try lowering the speed? is your ram supposed to run at that speed? give us you specs.

 

[rasczak]

lowered my speed to ddr333 , memtest and it came out fine, but when i try to run prime 95 i still get this error ran prime95 and right after it gets to the third test i get a fatal error

"Rounding was 0.5, was expecting less than 0.4. Hardware failure detected consult stress.txt file."