Problems getting BSOD, no idea why

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630
I have been getting some BSOD when playing games for the past day. Specifically Overwatch, but it also happened once in Total War: Warhammer as well.

It happened for one of two days in the beta period for overwatch, but none of the others for whatever reason (when I did a system restore). I do not know what is causing it again. Other games like League of legends have been fine, as have normal things such as using the internet and skype.

I should also say that after the first time, I updated some drivers, including my display driver, but only the drivers that detected updates, nothing manual.


I uploaded a DMP file and a couple of the mini dumps, but I have no idea what to do with them or how to figure anything out.

Also, the error codes I have been getting have been varying. one was
KERNAL_SECURITY_CHECK_FAILURE
and there was one that was
IRQL_NOT_LESS_OR_EQUAL
I also believe I had one that was
page fault in nonpaged area





Here are some shared links from my google drive of the files

The big dump file
https://drive.google.com/open?id=0BxR3UGEFfjttVXBxMl9WNWI0Wnc

One mini dump
https://drive.google.com/open?id=0BxR3UGEFfjttWnpncDVuanVmN0k

Other mini dump
https://drive.google.com/open?id=0BxR3UGEFfjttTFJicWdlcEltVXc





Thank you for anyone who is able to help me. I wish I could figure this out myself, but honestly I do not know where to even start because looking up the errors and trying to fix a couple things have not helped.
 
Solution
-the kernel memory dump provided was corrupted and could not be read via the windows debugger.
see if you can get a new one.


from what I can see, something is corrupting the table that maps what is currently in memory to what is in virtual memory (pagefile.sys)

for this type of problem, I would update the motherboard BIOS and Sata drivers, I would update any SSD firmware, delete the pagefile.sys reboot and create a new one. I would make sure there was plenty of free space on the storage. I would download and run crystaldiskinfo.exe to check the drive that has the pagefile for errors and to check the firmware version.

next I would download and run rammap.exe and clear the working set from the menu options. run rammap.exe...

Colif

Win 11 Master
Moderator
try running a program like Driver Booster, it will find all the drivers that aren't up to date.

most of the errors you mentioned are driver related. I can't read the error logs myself, I have just seen the errors before.
 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630


Ok, downloaded it and am running it. I was unaware of this program. It has a few things that are outdated which match an ethernet driver that was mentioned somewhere else when I looked up one of the errors. If I am lucky, this is the only issue, if I continue to have issues tomorrow, I will have to post again to see if there is any other issue.
 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630
After updating everything, I got another crash, this time it was
kmode_exception_not_handled


I don't know what to do now :/

All I did was instal the drivers via that program to update all the stuff it said was out of date, then restarted.
 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630
Here is a second memory dump. If there is anyone who is able to decipher there, I would be incredibly thankful.

https://drive.google.com/open?id=0BxR3UGEFfjttX1AtRFNFeEpQQ1k



Here is one of the dumps from windows debugger. I tried to make sense of it, but I don't understand it.

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10586.306.amd64fre.th2_release_sec.160422-1850
Machine Name:
Kernel base = 0xfffff802`69c12000 PsLoadedModuleList = 0xfffff802`69ef0cd0
Debug session time: Wed May 25 00:22:40.558 2016 (UTC - 4:00)
System Uptime: 0 days 0:47:59.182
Loading Kernel Symbols
............................................................Page 10e24b not present in the dump file. Type ".hh dbgerr004" for details
...
................................................................
......................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000ae`ea0a6018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff801de96b79a, ffffd00023307148, ffffd00023306960}

Page 10cd5e not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : NTFS.sys ( NTFS!NtfsFlushVolume+36a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff801de96b79a, The address that the exception occurred at
Arg3: ffffd00023307148, Parameter 0 of the exception
Arg4: ffffd00023306960, Parameter 1 of the exception

Debugging Details:
------------------

Page 10cd5e not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 10586.306.amd64fre.th2_release_sec.160422-1850

SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.

SYSTEM_SKU: To Be Filled By O.E.M.

SYSTEM_VERSION: To Be Filled By O.E.M.

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: P1.40

BIOS_DATE: 08/13/2015

BASEBOARD_MANUFACTURER: ASRock

BASEBOARD_PRODUCT: Z170 Pro4S

BASEBOARD_VERSION:

DUMP_TYPE: 1

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff801de96b79a

BUGCHECK_P3: ffffd00023307148

BUGCHECK_P4: ffffd00023306960

WRITE_ADDRESS: ffffd00023306960

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

FAULTING_IP:
NTFS!NtfsFlushVolume+36a
fffff801`de96b79a 4183baf000000020 cmp dword ptr [r10+0F0h],20h

EXCEPTION_PARAMETER1: ffffd00023307148

EXCEPTION_PARAMETER2: ffffd00023306960

BUGCHECK_STR: 0x1E_c0000005

CPU_COUNT: 4

CPU_MHZ: db0

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: VSSVC.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DESKTOP-P8O2A15

ANALYSIS_SESSION_TIME: 05-25-2016 02:04:00.0238

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

EXCEPTION_RECORD: ffffc0009683a018 -- (.exr 0xffffc0009683a018)
ExceptionAddress: 0000000100000001
ExceptionCode: 00014aa8
ExceptionFlags: 00010000
NumberParameters: 1
Parameter[0]: ffffc0009683a450

TRAP_FRAME: ffffd000233071a0 -- (.trap 0xffffd000233071a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
Unable to get program counter
rax=ffffc0009683a168 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000011000 rsp=ffffc0009683a0c5 rbp=0000000000011000
r8=fffff80269d5d87d r9=ffffc0009683a150 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=1 nv up di pl nz na pe nc
1000:1000 ?? ???
Resetting default scope

BAD_STACK_POINTER: ffffc0009683a0c5

IP_IN_FREE_BLOCK: 0

UNALIGNED_STACK_POINTER: ffffc0009683a0c5

LAST_CONTROL_TRANSFER: from fffff80269dd1b2b to fffff80269d54780

STACK_TEXT:
ffffd000`23306108 fffff802`69dd1b2b : 00000000`0000001e ffffffff`c0000005 fffff801`de96b79a ffffd000`23307148 : nt!KeBugCheckEx
ffffd000`23306110 fffff802`69d640f6 : ffffd000`23307610 fffff801`de9df04a 00000000`00000000 00000000`00000000 : nt!KiFatalFilter+0x1f
ffffd000`23306150 fffff802`69d4407f : ffffd000`23307148 ffffd000`23306960 fffff801`de96b79a ffffd000`23306960 : nt! ?? ::FNODOBFM::`string'+0xff6
ffffd000`23306190 fffff802`69d5a82d : 00000000`00000000 ffffd000`23306330 00000000`00000085 ffffd000`23306800 : nt!_C_specific_handler+0x9f
ffffd000`23306200 fffff802`69cacc19 : 00000000`00000000 00000000`00000019 ffffd000`23306800 fffff802`69c7bf36 : nt!RtlpExecuteHandlerForException+0xd
ffffd000`23306230 fffff802`69cab028 : ffffd000`23307148 ffffd000`23306e60 ffffd000`23307148 ffffe001`00000001 : nt!RtlDispatchException+0x429
ffffd000`23306930 fffff802`69d5f3c2 : ffffc000`9683a018 ffffc000`9683a010 ffffd000`233071a0 fffff801`de963443 : nt!KiDispatchException+0x144
ffffd000`23307010 fffff802`69d5d87d : ffffc000`9683a150 00000000`00000000 00000000`00000000 ffffe001`41541f40 : nt!KiExceptionDispatch+0xc2
ffffd000`233071f0 fffff801`de96b79a : ffffe001`39b40dc8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0xfd
ffffd000`23307380 fffff801`de935511 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`38a46180 : NTFS!NtfsFlushVolume+0x36a
ffffd000`23307500 fffff801`de932b09 : ffffe001`39b40dc8 ffffe001`41fa2bd0 ffffd000`23307600 ffffe001`38a46180 : NTFS!NtfsCommonFlushBuffers+0x74d
ffffd000`23307610 fffff802`69cb8e95 : ffffd000`233076c0 ffffd000`233076c0 00000000`00000000 fffff801`dde66eb2 : NTFS!NtfsCommonFlushBuffersCallout+0x19
ffffd000`23307640 fffff801`de9933ea : 00000000`00000000 ffffe001`41fa2bd0 ffffe001`39b40dc8 ffffd000`23307728 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffd000`23307690 fffff801`de993339 : 00000000`00000000 ffffe001`41fa2bd0 ffffe001`41fa2b01 ffffe001`39eb0b10 : NTFS!NtfsCommonFlushBuffersOnNewStack+0x52
ffffd000`23307700 fffff801`dde67895 : ffffe001`3a03f010 ffffe001`41fa2bd0 ffffe001`39b40dc8 ffffd000`23307728 : NTFS!NtfsFsdFlushBuffers+0xb9
ffffd000`23307770 fffff801`dde65816 : ffffe001`3a2b7c80 00000000`00000000 ffffe001`00000001 ffffe001`3a2c2540 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a5
ffffd000`23307800 fffff802`69ff2ed6 : ffffe001`39e62bc0 ffffd000`233078e1 00000000`00000000 ffffd000`23307970 : FLTMGR!FltpDispatch+0xb6
ffffd000`23307860 fffff802`6a0b5efb : ffffe001`00000001 ffffe001`3e2c7804 ffffe001`3d935840 ffffe001`3e2c7860 : nt!IopSynchronousServiceTail+0x176
ffffd000`23307930 fffff802`6a0b5d52 : ffffe001`3d935840 00000000`00000000 00000299`00020040 00007ff6`1b21c380 : nt!NtFlushBuffersFileEx+0x1a3
ffffd000`233079c0 fffff802`69d5efa3 : ffffe001`3d935840 00000000`00000002 00000000`00000000 ffffe001`39c17bc0 : nt!NtFlushBuffersFile+0x16
ffffd000`23307a00 00007ff9`4a385a44 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000ae`ea8ff478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`4a385a44


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 535b0e3cb5da51ccae2f451ac681fc72055b3c05

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e187e33f37f4c080d539817981fe26a37ab3b2f4

THREAD_SHA1_HASH_MOD: 533da96dac22786673974dce58b48f3c8fc39942

FOLLOWUP_IP:
NTFS!NtfsFlushVolume+36a
fffff801`de96b79a 4183baf000000020 cmp dword ptr [r10+0F0h],20h

FAULT_INSTR_CODE: f0ba8341

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: NTFS!NtfsFlushVolume+36a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NTFS

IMAGE_NAME: NTFS.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 56fa1d8d

IMAGE_VERSION: 10.0.10586.212

BUCKET_ID_FUNC_OFFSET: 36a

FAILURE_BUCKET_ID: 0x1E_c0000005_STACKPTR_ERROR_NTFS!NtfsFlushVolume

BUCKET_ID: 0x1E_c0000005_STACKPTR_ERROR_NTFS!NtfsFlushVolume

PRIMARY_PROBLEM_CLASS: 0x1E_c0000005_STACKPTR_ERROR_NTFS!NtfsFlushVolume

TARGET_TIME: 2016-05-25T04:22:40.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-23 00:04:21

BUILDDATESTAMP_STR: 160422-1850

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.306.amd64fre.th2_release_sec.160422-1850

ANALYSIS_SESSION_ELAPSED_TIME: 11b1

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1e_c0000005_stackptr_error_ntfs!ntfsflushvolume

FAILURE_ID_HASH: {40f0db83-8e5b-9b35-200f-1de92d816999}

Followup: MachineOwner
---------

1: kd> .exr 0xffffc0009683a018
ExceptionAddress: 0000000100000001
ExceptionCode: 00014aa8
ExceptionFlags: 00010000
NumberParameters: 1
Parameter[0]: ffffc0009683a450
 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630


Ok, found something with a name like that in my programs and features area and removed it. Not sure if it was that as I have no idea where on my computer this would actually be located. Going to play some games now and I guess I will see if it is any better at all.

 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630
Ok, Immediately got a BSOD IRQL_NOT_LESS_OR_EQUAL about a minute after opening the game.

Here is the crash dump

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10586.306.amd64fre.th2_release_sec.160422-1850
Machine Name:
Kernel base = 0xfffff800`ad078000 PsLoadedModuleList = 0xfffff800`ad356cd0
Debug session time: Wed May 25 21:58:20.173 2016 (UTC - 4:00)
System Uptime: 0 days 0:12:55.797
Loading Kernel Symbols
............................................................Page 10fc00 not present in the dump file. Type ".hh dbgerr004" for details
...
................................................................
...................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00382018). Type ".hh dbgerr001" for details
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffff5802080ee08, 2, 0, fffff800ad106de3}

Page 10dc71 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : memory_corruption ( nt!MiRemoveWorkingSetPages+1b3 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff5802080ee08, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800ad106de3, address which referenced memory

Debugging Details:
------------------

Page 10dc71 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 10586.306.amd64fre.th2_release_sec.160422-1850

SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.

SYSTEM_SKU: To Be Filled By O.E.M.

SYSTEM_VERSION: To Be Filled By O.E.M.

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: P1.40

BIOS_DATE: 08/13/2015

BASEBOARD_MANUFACTURER: ASRock

BASEBOARD_PRODUCT: Z170 Pro4S

BASEBOARD_VERSION:

DUMP_TYPE: 1

BUGCHECK_P1: fffff5802080ee08

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff800ad106de3

READ_ADDRESS: fffff5802080ee08

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRemoveWorkingSetPages+1b3
fffff800`ad106de3 4a8b040a mov rax,qword ptr [rdx+r9]

CPU_COUNT: 4

CPU_MHZ: db0

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: nvxdsync.exe

ANALYSIS_SESSION_HOST: DESKTOP-P8O2A15

ANALYSIS_SESSION_TIME: 05-25-2016 22:07:10.0430

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

TRAP_FRAME: ffffd001dabb33e0 -- (.trap 0xffffd001dabb33e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000fffffffff rbx=0000000000000000 rcx=0000000000001558
rdx=000000001000aab8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800ad106de3 rsp=ffffd001dabb3570 rbp=00000000000013c3
r8=0000000002001557 r9=fffff58010804350 r10=000000000000143e
r11=fffff58010804000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!MiRemoveWorkingSetPages+0x1b3:
fffff800`ad106de3 4a8b040a mov rax,qword ptr [rdx+r9] ds:fffff580`2080ee08=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800ad1c52e9 to fffff800ad1ba780

STACK_TEXT:
ffffd001`dabb3298 fffff800`ad1c52e9 : 00000000`0000000a fffff580`2080ee08 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd001`dabb32a0 fffff800`ad1c3ac7 : ffffe001`462f1a40 00000000`00000000 ffffd001`dabb3610 00000000`00000003 : nt!KiBugCheckDispatch+0x69
ffffd001`dabb33e0 fffff800`ad106de3 : 00000000`0000166d 00000000`0000166d 00000000`000014d8 00000000`0000166e : nt!KiPageFault+0x247
ffffd001`dabb3570 fffff800`ad09b1cd : fffff580`10805000 00000000`00000016 00000000`00000000 00000000`00002bb2 : nt!MiRemoveWorkingSetPages+0x1b3
ffffd001`dabb35e0 fffff800`ad1e5a00 : ffffe001`462f1a40 ffffe001`402192a0 ffffe001`462f1a40 fffff800`00000000 : nt!MiEmptyWorkingSet+0xf1
ffffd001`dabb3700 fffff800`ad0db83b : 00000000`00000004 ffffd001`00000080 ffffd001`dabb38b0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1c900
ffffd001`dabb37b0 fffff800`ad07fc4b : fffff800`ad374c40 00000000`00000001 00000000`00000108 00000000`00000002 : nt!MiProcessWorkingSets+0x1fb
ffffd001`dabb3960 fffff800`ad19dac9 : 00000000`00000002 00000000`00000003 00000000`ffffffff 00000000`00000001 : nt!MiWorkingSetManager+0xa7
ffffd001`dabb3a20 fffff800`ad165b65 : ffffe001`40347040 00000000`00000080 fffff800`ad19d87c 00000000`00000000 : nt!KeBalanceSetManager+0x24d
ffffd001`dabb3b10 fffff800`ad1bf926 : ffffd001`daa40180 ffffe001`40347040 fffff800`ad165b24 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffd001`dabb3b60 00000000`00000000 : ffffd001`dabb4000 ffffd001`dabad000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 23338266cb6a7ea321f023fd5ea627b8417d06d0

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ba3b19b278fbb03240fc967d6061054fa9d30335

THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c

FOLLOWUP_IP:
nt!MiRemoveWorkingSetPages+1b3
fffff800`ad106de3 4a8b040a mov rax,qword ptr [rdx+r9]

FAULT_INSTR_CODE: a048b4a

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!MiRemoveWorkingSetPages+1b3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 571af445

IMAGE_NAME: memory_corruption

BUCKET_ID_FUNC_OFFSET: 1b3

FAILURE_BUCKET_ID: AV_nt!MiRemoveWorkingSetPages

BUCKET_ID: AV_nt!MiRemoveWorkingSetPages

PRIMARY_PROBLEM_CLASS: AV_nt!MiRemoveWorkingSetPages

TARGET_TIME: 2016-05-26T01:58:20.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-23 00:04:21

BUILDDATESTAMP_STR: 160422-1850

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.306.amd64fre.th2_release_sec.160422-1850

ANALYSIS_SESSION_ELAPSED_TIME: ab7

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_nt!miremoveworkingsetpages

FAILURE_ID_HASH: {d9169e88-5536-d147-6890-b44595a45812}

Followup: MachineOwner
---------
 

scorpmrat

Distinguished
Aug 14, 2006
62
0
18,630
Another, this time when I was just about to start a fairly large battle in Total War:Warhammer
This was the first time I got a Memory_management error

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041793, The subtype of the bugcheck.
Arg2: fffff680002d0328
Arg3: 0000000000000009
Arg4: 0000000000000008

Debugging Details:
------------------

Page 10f341 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details
Page 1080 not present in the dump file. Type ".hh dbgerr004" for details

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 10586.306.amd64fre.th2_release_sec.160422-1850

SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.

SYSTEM_SKU: To Be Filled By O.E.M.

SYSTEM_VERSION: To Be Filled By O.E.M.

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: P1.40

BIOS_DATE: 08/13/2015

BASEBOARD_MANUFACTURER: ASRock

BASEBOARD_PRODUCT: Z170 Pro4S

BASEBOARD_VERSION:

DUMP_TYPE: 1

BUGCHECK_P1: 41793

BUGCHECK_P2: fffff680002d0328

BUGCHECK_P3: 9

BUGCHECK_P4: 8

BUGCHECK_STR: 0x1a_41793

CPU_COUNT: 4

CPU_MHZ: db0

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-P8O2A15

ANALYSIS_SESSION_TIME: 05-26-2016 00:22:47.0075

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff8033b768c39 to fffff8033b747780

STACK_TEXT:
ffffd000`24b782a8 fffff803`3b768c39 : 00000000`0000001a 00000000`00041793 fffff680`002d0328 00000000`00000009 : nt!KeBugCheckEx
ffffd000`24b782b0 fffff803`3b669de4 : 00000000`00000001 ffffd000`00000000 00000000`00000000 00000000`53646156 : nt! ?? ::FNODOBFM::`string'+0x12b39
ffffd000`24b784b0 fffff803`3b9c5096 : 00000000`00000000 ffffe001`b5375900 ffffe001`baa6d080 ffffe001`bad71340 : nt!MiDeleteVad+0x4b4
ffffd000`24b785e0 fffff803`3b9c4ef6 : 00000000`00040000 ffffe001`baa6d080 00000000`00000001 ffffe001`bad71340 : nt!MmCleanProcessAddressSpace+0xea
ffffd000`24b78640 fffff803`3ba46973 : ffffe001`bad71340 ffffc001`dc7fd060 ffffd000`24b78700 ffffe001`baa6d080 : nt!PspRundownSingleProcess+0x1be
ffffd000`24b786c0 fffff803`3baaf072 : ffffd001`c0000005 ffffe001`baa6d080 ffffd000`24b78a00 ffffe001`baa6d128 : nt!PspExitThread+0x4f7
ffffd000`24b78800 fffff803`3b6867e2 : fffffff6`00000000 00000001`ffffffff 00000000`00000005 00000000`00000001 : nt!KiSchedulerApcTerminate+0x2e
ffffd000`24b78830 fffff803`3b74ab10 : 00000000`00000000 fffff803`3b682b19 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x2f2
ffffd000`24b788c0 fffff803`3b75204a : ffffe001`baa6d080 00000000`00000000 ffffe001`00000000 ffffe001`b53836a0 : nt!KiInitiateUserApc+0x70
ffffd000`24b78a00 00000000`6c3e21bc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
00000000`0395f188 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6c3e21bc


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 22b0af9cdd086caecd07c3d791624298afddde4c

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 47dc119cc9116f814d0cf742b857d2ef278f474a

THREAD_SHA1_HASH_MOD: bc100a5647b828107ac4e18055e00abcbe1ec406

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+12b39
fffff803`3b768c39 cc int 3

FAULT_INSTR_CODE: 4f8b44cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+12b39

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 571af445

BUCKET_ID_FUNC_OFFSET: 12b39

FAILURE_BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

PRIMARY_PROBLEM_CLASS: 0x1a_41793_nt!_??_::FNODOBFM::_string_

TARGET_TIME: 2016-05-26T04:19:20.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-23 00:04:21

BUILDDATESTAMP_STR: 160422-1850

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.306.amd64fre.th2_release_sec.160422-1850

ANALYSIS_SESSION_ELAPSED_TIME: af7

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41793_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {2bb49b32-09fa-a96d-8b93-292cf7a50b3f}

Followup: MachineOwner
---------


Another one, this one actually happened a couple of minutes after exiting a game. In between these, I also uninstalled all of my Nvidia drivers and reinstalled the graphics driver.

This dump file is after changing it to a kernel dump or something of that nature
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41793, fffff68000035040, 9, 8}

Page 10d123 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+12b39 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041793, The subtype of the bugcheck.
Arg2: fffff68000035040
Arg3: 0000000000000009
Arg4: 0000000000000008

Debugging Details:
------------------

Page 10d123 not present in the dump file. Type ".hh dbgerr004" for details

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 10586.306.amd64fre.th2_release_sec.160422-1850

SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.

SYSTEM_SKU: To Be Filled By O.E.M.

SYSTEM_VERSION: To Be Filled By O.E.M.

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: P1.40

BIOS_DATE: 08/13/2015

BASEBOARD_MANUFACTURER: ASRock

BASEBOARD_PRODUCT: Z170 Pro4S

BASEBOARD_VERSION:

DUMP_TYPE: 1

BUGCHECK_P1: 41793

BUGCHECK_P2: fffff68000035040

BUGCHECK_P3: 9

BUGCHECK_P4: 8

BUGCHECK_STR: 0x1a_41793

CPU_COUNT: 4

CPU_MHZ: db0

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: mscorsvw.exe

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-P8O2A15

ANALYSIS_SESSION_TIME: 05-26-2016 02:14:18.0245

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff803d2369c39 to fffff803d2348780

STACK_TEXT:
ffffd000`59101568 fffff803`d2369c39 : 00000000`0000001a 00000000`00041793 fffff680`00035040 00000000`00000009 : nt!KeBugCheckEx
ffffd000`59101570 fffff803`d226acd3 : ffffd000`59101a00 ffffd000`591017c0 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x12b39
ffffd000`59101770 fffff803`d2213079 : 00000000`06a0ffff 00000000`06a0ffff 00000000`06a00000 ffffe000`767d45d0 : nt!MiDeleteVad+0x3a3
ffffd000`591018a0 fffff803`d25edf6d : 00000000`00000000 00000000`06a00000 00000000`00000000 ffffd000`00000002 : nt!MiFreeVadRange+0x4d
ffffd000`591018e0 fffff803`d2352fa3 : ffffe000`75ae16c0 00000000`00000000 ffffd000`591019d8 ffffe000`76755c20 : nt!NtFreeVirtualMemory+0x2bd
ffffd000`59101a00 00007ff8`a09b54a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008df78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`a09b54a4


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 91e42194dfe184cbe5fd65b85df2b22c122486ba

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 811646fd99d03f127a1535d0150d21ebee971697

THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+12b39
fffff803`d2369c39 cc int 3

FAULT_INSTR_CODE: 4f8b44cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+12b39

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 571af445

BUCKET_ID_FUNC_OFFSET: 12b39

FAILURE_BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

PRIMARY_PROBLEM_CLASS: 0x1a_41793_nt!_??_::FNODOBFM::_string_

TARGET_TIME: 2016-05-26T06:11:54.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-04-23 00:04:21

BUILDDATESTAMP_STR: 160422-1850

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.306.amd64fre.th2_release_sec.160422-1850

ANALYSIS_SESSION_ELAPSED_TIME: a8f

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41793_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {2bb49b32-09fa-a96d-8b93-292cf7a50b3f}

Followup: MachineOwner
---------
 
-the kernel memory dump provided was corrupted and could not be read via the windows debugger.
see if you can get a new one.


from what I can see, something is corrupting the table that maps what is currently in memory to what is in virtual memory (pagefile.sys)

for this type of problem, I would update the motherboard BIOS and Sata drivers, I would update any SSD firmware, delete the pagefile.sys reboot and create a new one. I would make sure there was plenty of free space on the storage. I would download and run crystaldiskinfo.exe to check the drive that has the pagefile for errors and to check the firmware version.

next I would download and run rammap.exe and clear the working set from the menu options. run rammap.exe (microsoft utility)
http://superuser.com/questions/403487/empty-working-set-option-in-rammap
info from the link:
"■ Empty Working Sets Removes memory from all user-mode and system working sets to the Standby or Modified page lists. Note that by the time you refresh RAMMap’s data, processes that run any code will necessarily populate their working sets to do so.

■ Empty System Working Set Removes memory from the system cache working set.

"
i generally just select to empty all the working sets and standby lists.

windows tracks what you have loaded into memory and tries to load them before you actually run something. it help performances but you might have some problems or a hack that is modifying the data in memory.
Good reason to run malwarebytes and also
cmd.exe as an admin then
run
dism.exe /online /cleanup-image /restorehealth
(fixes the case where your storage controller is infected with malware)


you will
 
Solution