Diagnose Windows 8 Pro crashes generated by Kernel symbols
My Windows 8 Pro 64-bit crashes randomly at least once per day.
The memory dump for that crash says:
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16581.amd64fre.win8_gdr.130410-1505
Machine Name:
Kernel base = 0xfffff802`92417000 PsLoadedModuleList = 0xfffff802`926e3a20
Debug session time: Sat May 25 14:36:35.216 2013 (UTC + 3:00)
System Uptime: 0 days 1:01:49.888
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`fe238018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff802924bb182, 0, ffffffffffffffff}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : ntkrnlmp.exe ( nt!PsReturnProcessNonPagedPoolQuota+42a )
Followup: MachineOwner
---------
The memory dump can be downloaded from here: http://sdrv.ms/11iYaqT
The System Error logs in Event Viewer share the following entries related to the reboot:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000504, 0x0000000000000503, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052613-19359-01.
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
The previous system shutdown at 12:49:39 on 26/05/2013 was unexpected.
I have studied the more recent crashes and they always show up when the system is not really used. For example, I leave Winamp playing and I do something else around the house. It is as if the computer is having troubles when switching to more lower power states. Again, there's little detail provided in the Event logs.
I really don't understand this dump and what can I do to fix things.
Appreciate any input you might have, to get me started.
2 Answers
Thanks for your suggestions and ideas. In the end I made an experiment to see what device is the actual culprit. It was clear to me that some component or driver is causing these random but frequent issues.
I looked at my hardware configuration and three components seemed like plausible suspects: the SSD, my Creative X-Fi XtremeGamer Fatal1ty Pro sound card or the AverMedia Live Game video capture card.
First, I looked at the SDD and noticed that a firmware update was available. It said it fixed issues with the drive not being able to enter correctly more low powered states. The firmware promised to solve problems that were awfully similar to those experienced by me. Unfortunately, minutes after the firmware was updated, the crashes continued.
Then, I disabled the video capture card. No improvement.
Lastly, I disabled the sound card and used the on-board audio. 48 hours after doing this, no crashes. My system works perfectly.
Unfortunately, Creative are being nasty again and not giving a crap about their clients. Even though my sound card is literally awesome, they decided to discontinue their driver support for it. They have a crappy driver available and it is not going to be updated anytime soon. My only solution is to buy another card. They pulled the same stunt when Windows 7 was launched. :(
I hope this discussion will help others with similar issues. If you have a Creative sound card that was not bought in the last year, year and a half, their poor driver support might cause similar frustration.
Corporate Geekthe Windows file win32k.sys is corrupted on your HDD. Run sfc /scannow or DISM /Online /Cleanup-Image /RestoreHealth to repair the damaged files.
Now look if you get new crashes.
magicandre1981User contributions licensed under CC BY-SA 3.0