Bsod caused by csrss.exe?

sharifal

Member
I just started having this problem out of no where. I have gotten two different bsods but both are related to pool corruption. can anyone clearly tell me what are the possible causes for "pool corruptions" or what is causing the bsods? from what im gathering from the dump file it states that csrss is causing the problem. is this correct?

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 81935759, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+1be
81935759 891e mov dword ptr [esi],ebx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

PROCESS_NAME: csrss.exe

IRP_ADDRESS: 86d41428

TRAP_FRAME: 9232fa3c -- (.trap 0xffffffff9232fa3c)
ErrCode = 00000002
eax=84b55c20 ebx=00000000 ecx=000001ff edx=00000000 esi=00000000 edi=81948ea0
eip=81935759 esp=9232fab0 ebp=9232fae8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x1be:
81935759 891e mov dword ptr [esi],ebx ds:0023:00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 81935759 to 818aacb9

STACK_TEXT:
9232fa3c 81935759 badb0d00 00000000 9ba03200 nt!KiTrap0E+0x2e1
9232fae8 8193529d 81948ea0 00000001 00000000 nt!ExDeferredFreePool+0x1be
9232fb50 818c6763 86a95218 00000000 b350416d nt!ExFreePoolWithTag+0x7ef
9232fb9c 818ca13f 86d41468 9232fbc8 9232fbd4 nt!IopCompleteRequest+0xd3
9232fbf4 818bb9a6 00000000 00000000 00000000 nt!KiDeliverApc+0xce
9232fc44 818b89d9 866055a0 818b8499 ff858268 nt!KiSwapThread+0x456
9232fc98 9b88f4dc 00000002 850fca30 00000001 nt!KeWaitForMultipleObjects+0x53d
9232fcf0 9b82c5fe 00000001 850fca30 9b83a7a4 win32k!xxxMsgWaitForMultipleObjects+0xcb
9232fd34 9b82b265 850fca30 00000001 9ba03260 win32k!xxxDesktopThread+0x1a8
9232fd48 9b8e6b2e 00000004 003efd64 9232fd64 win32k!xxxCreateSystemThreads+0x54
9232fd58 818a797a 00000004 003efda4 775c5e74 win32k!NtUserCallNoParam+0x1b
9232fd58 775c5e74 00000004 003efda4 775c5e74 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
003efda4 00000000 00000000 00000000 00000000 0x775c5e74


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+1be
81935759 891e mov dword ptr [esi],ebx

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExDeferredFreePool+1be

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+1be

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+1be

Followup: Pool_corruption
---------


here is what the debugging program says. anyone got any ideas on what the cause is?im not a guru or anything which is why im trying to figure it out :P.
 

My Computer

usasma

Old and cranky
Vista Guru
The dump file points to core Windows files - which is not likely (if it was, you'd be having many more problems than just the occasional BSOD).

So, please do this so we can "massage" the memory dump file:
Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service - then post the link to it.
Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): Set MiniDump
Then, because it's a Pool Corruption BSOD - please run Driver Verifier according to these directions:
Using Driver Verifier is an iffy proposition. Most times it'll crash and it'll tell you what the driver is. But sometimes it'll crash and won't tell you the driver. Other times it'll crash before you can log in to Windows. If you can't get to Safe Mode, then you'll have to resort to offline editing of the registry to disable Driver Verifier.

So, I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Win7 Startup Repair feature).

Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and press Enter
- Select "Create custom settings (for code developers)" and click "Next"
- Select "Select individual settings from a full list" and click "Next"
- Select everything EXCEPT FOR "Low Resource Simulation" and click "Next"
- Select "Select driver names from a list" and click "Next"
Then select all drivers NOT provided by Microsoft and click "Next"
- Select "Finish" on the next page.

Reboot the system and wait for it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out.

Reboot into Windows (after the crash) and turn off Driver Verifier by going back in and selecting "Delete existing settings" on the first page, then locate and zip up the memory dump file and upload it with your next post.

If you can't get into Windows because it crashes too soon, try it in Safe Mode.
If you can't get into Safe Mode, try using System Restore from your installation DVD to set the system back to the previous restore point that you created.
If that doesn't work, post back and we'll have to see about fixing the registry entry off-line.

More info on this at this link: Using Driver Verifier to identify issues with Windows drivers for advanced users
 

My Computer

sharifal

Member
here are the two dump files I have, these are the only ones i have. debugger wasnt able to interpret the symbols for the first dump file ( which i s 11610)

I hope this helps trying to figure out whats going on.

thanks again
 

Attachments

My Computer

sharifal

Member
also, as soon as I did the whole verifying thing, my sound through my headset seems to be like static. could that possibly be indicating that the sound card drivers are foobared?
 

My Computer

sharifal

Member
no bsods from while using/running the verifier. static was all i had gotten from my headset while using the verifier.

ive tried this since yesterday and nothing has happened.
 

My Computer

usasma

Old and cranky
Vista Guru
Pool corruptions are one of the reasons that Driver Verifier works so well.
As such, you should be getting BSOD's due to the pool corruption.
If not, then it's either a Windows corruption (less likely) or a hardware problem (more likely).

Please try these hardware diagnostics:
H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
Memory Diagnostics (read the details at the link)
HD Diagnostic (read the details at the link)

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: Malware (read the details at the link)
The dump files that you uploaded seem to blame Rthl86.sys - a component of your Realtek 8101/8168/8169 Networking 32-bit Driver This is further supported by the date of the driver (Rtlh86.sys Tue Sep 26 07:20:27 2006).
Please:
- download the appropriate driver from this link: Realtek
- uninstall the current driver from your system
- install the freshly downloaded driver
- monitor for further BSOD's

Here's a summary of the BSOD's:
Code:
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Debug session time: Sat Jan 16 02:42:25.323 2010 (GMT-5)
System Uptime: 10 days 8:32:59.290
BugCheck C2, {7, 110b, 360003, 84895bf0}
*** WARNING: Unable to verify timestamp for Rtlh86.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for nvBridge.kmd
*** ERROR: Module load completed but symbols could not be loaded for nvBridge.kmd
*** WARNING: Unable to verify timestamp for ha20x2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha20x2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for CTHWIUT.SYS
*** ERROR: Module load completed but symbols could not be loaded for CTHWIUT.SYS
*** WARNING: Unable to verify timestamp for CT20XUT.SYS
*** ERROR: Module load completed but symbols could not be loaded for CT20XUT.SYS
*** WARNING: Unable to verify timestamp for DefragFS.SYS
*** ERROR: Module load completed but symbols could not be loaded for DefragFS.SYS
*** WARNING: Unable to verify timestamp for CTEXFIFX.SYS
*** ERROR: Module load completed but symbols could not be loaded for CTEXFIFX.SYS
*** WARNING: Unable to verify timestamp for Fs_Rec.SYS
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.SYS
*** WARNING: Unable to verify timestamp for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** WARNING: Unable to verify timestamp for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for TSDDD.dll
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spsys.sys
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
Probably caused by : NETIO.SYS ( NETIO!NetioFreeNetBufferAndNetBufferList+e )
DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO
PROCESS_NAME:  System
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Debug session time: Sun Jan 17 23:28:24.143 2010 (GMT-5)
System Uptime: 1 days 18:56:41.760
BugCheck C5, {0, 2, 1, 81935759}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1be )
DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO
PROCESS_NAME:  csrss.exe
 

My Computer

Top