Blue Screen after KB915597

  • Thread starter Thread starter lubosch
  • Start date Start date
L

lubosch

Half an hour ago, on 7:40 pm Central European Summer Time, June 1st,
2009, I routinely ran Windows Update on my PC with Windows Vista Home
Premium SP2 (yes, I have had the service pack, 6002.18005, before most
people).

The attempt to update the Windows Defender definitions, with the brand
new KB915597, ended up with a blue screen of death. I restarted the
computer, it worked fine, and attempted to reinstall the update.
Another blue screen. The update seems to be the likely reason now.

After the second BSOD, the Windows failed to boot up normally, so I
had to turn it off and the PC went (because recommended) through some
- fortunately harmless (it seems...) - System Restore procedure,
returning me pretty much where I was before.

Is it possible that the update has a bug? Or is it just incompatible
with Vista SP2? Or with Vista SP2 on Czech Vistas? Or something else?
I am afraid to connect to the Internet because once the PC realizes
that there are updates waiting, it will give me another blue screen,
right? ;-)

OK, I disabled automatic installation of updates now.

I hate them. Half a year ago, I would have 100 of them, including a
full system reinstall, suspecting all kinds of reasons, when I finally
realized that the CPU fan needed to be cleaned, for Speedfan to show
29 instead of 41 deg C when the computer is doing kind of nothing.

But this time, it seems to be software-driven.

Thanks
Lubos
 
Here is the debug of one of the memory.dmp files (the latest one,
ntkrnlmp memory related):

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause
of
the problem, and then special pool applied to the suspect tags or the
driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: a25d9218, The pool entry we were looking for within the page.
Arg3: a25d9230, The next pool entry.
Arg4: 0a030206, (reserved)

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Page 400cb not present in the dump file. Type ".hh dbgerr004" for
details
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_POOL_HEADER
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_POOL_HEADER
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_POOL_TRACKER_BIG_PAGES
***
***
***
*************************************************************************
Cannot get _POOL_TRACKER_BIG_PAGES type size
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************

MODULE_NAME: nt

FAULTING_MODULE: 81850000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 49e01996

BUGCHECK_STR: 0x19_20

POOL_ADDRESS: a25d9218

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

LAST_CONTROL_TRANSFER: from 81934c2c to 8190b899

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may
be wrong.
9d6f1354 81934c2c 00000019 00000020 a25d9218 nt!KeBugCheckEx+0x1e
9d6f13c8 823e7db6 a25d9220 00000000 823e7d86 nt!ExFreePoolWithTag
+0x17f
9d6f14e4 823c9dd5 854ab5c0 838eade0 1f53c2c4 fastfat+0x20db6
9d6f152c 8189617f 8562d900 838eade0 838eade0 fastfat+0x2dd5
9d6f1544 82381ba7 85638170 838eade0 00000000 nt!IofCallDriver+0x64
9d6f1568 82381d64 9d6f1588 85638170 00000000 fltmgr!FltGetIrpName
+0x1323
9d6f15a0 8189617f 85638170 838eade0 00006000 fltmgr!FltGetIrpName
+0x14e0
9d6f15b8 81888b0c 9d6f178c 9d6f15f8 00000000 nt!IofCallDriver+0x64
9d6f15cc 818d2a67 838dcd78 85638170 9d6f1668 nt!IoSynchronousPageWrite
+0x10b
9d6f16e4 818d2097 99a81490 99a81494 85637c88 nt!CcUninitializeCacheMap
+0x1156
9d6f1744 8190057e 8562db98 00001000 00000001 nt!CcUninitializeCacheMap
+0x786
9d6f176c 823d0d4a 8596ead0 8562d901 9d6f178c nt!CcUnpinRepinnedBcb
+0x8a
9d6f17b4 823d5862 854a9928 1f53ce24 00000000 fastfat+0x9d4a
9d6f19cc 823d5acc 854a98f8 8372c628 1f53cdf8 fastfat+0xe862
9d6f1a10 8189617f 0162d900 8372c628 8372c628 fastfat+0xeacc
9d6f1a28 82381ba7 8372c628 00000000 8372c824 nt!IofCallDriver+0x64
9d6f1a4c 82394643 9d6f1a6c 85638170 00000000 fltmgr!FltGetIrpName
+0x1323
9d6f1a98 8189617f 85638170 85520980 8375cfdc fltmgr!FltDeletePushLock
+0x1db7
9d6f1ab0 81a49a66 8c8d99bf 838469d4 851b1108 nt!IofCallDriver+0x64
9d6f1b80 81a434f2 851b1120 00000000 83846930 nt!SeExamineSacl+0x127e
9d6f1c10 81a43a82 00000000 9d6f1c68 00000040 nt!CcUnpinData+0x89f
9d6f1c70 81a4a9b1 0006f7b4 00000000 8375cf01 nt!ObOpenObjectByName
+0x13c
9d6f1ce4 81a64030 0006f7ec 00100001 0006f7b4 nt!
SeSetAccessStateGenericMapping+0x674
9d6f1d30 818a797a 0006f7ec 00100001 0006f7b4 nt!NtCreateFile+0x34
9d6f1d64 77b95e74 badb0d00 0006f77c 00000000 nt!ZwQueryLicenseValue
+0xbea
9d6f1d68 badb0d00 0006f77c 00000000 00000000 0x77b95e74
9d6f1d6c 0006f77c 00000000 00000000 00000000 0xbadb0d00
9d6f1d70 00000000 00000000 00000000 00000000 0x6f77c


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+17f
81934c2c cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+17f

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------
 
Sorry, the reason was hardware. My Microcenter USB 2GB flash drive got
kind of burned - as I noticed by seeing nonsensical file names on its
disk everywhere. Moreover, I probably had ReadyBoost, so its flaws
quickly went to the memory. Poor drive.

Best wishes
Lubos
 
Sorry, the reason was hardware. My Microcenter USB 2GB flash drive got
kind of burned - as I noticed by seeing nonsensical file names on its
disk everywhere. Moreover, I probably had ReadyBoost, so its flaws
quickly went to the memory. Poor drive.
Click to expand...

You can try formatting the USB and see if it comes back to normal.
Sometimes it works, sometimes not. I'm always hesitant to use them for
anything critical after a crash.
 
Back
Top