Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Etwgetkerneltracetimestamp And Bsod


  • Please log in to reply
12 replies to this topic

#1 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 09 March 2007 - 12:04 PM

After trying to decipher a bunch of minidumps it seems like it is EtwGetKernelTraceTimestamp which is causing my IRQL_NOT_LESS_OR_EQUAL, but I can't seem to find anything about it. Anybody got any ideas of where to look?
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 09 March 2007 - 04:54 PM

Could you post a bit more from the dump file?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 10 March 2007 - 07:54 AM

I found this, but have no clue about what it's saying (way over my head!): http://www.osronline.com/showthread.cfm?link=102490

I'm starting to think that the Etw has something to do with Event Tracing in Windows (from this google: http://www.google.com/search?hl=en&cli...amp;btnG=Search )

Still doesn't point to a particular driver, or any particular hardware tho'.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:08:44 PM

Posted 10 March 2007 - 08:18 AM

I think you were on the right track in your first reply usama.
There should be more info in the dump file to go on.
There are at least a half dozen issues with vista and nvidia chips\chipsets.
Anybody using them with vista should get the latest bios update, motherboard chipset drivers and nvidia graphics drivers, in that order, then go from there. There are also a few patches that should be applied.

#5 Mr Alpha

Mr Alpha
  • Topic Starter

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 11 March 2007 - 04:30 AM

More dump coming up.
*******************************************************************************

*																			 *

*						Bugcheck Analysis									*

*																			 *

*******************************************************************************



IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high.  This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 00000008, memory referenced

Arg2: 00000004, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 81c70dc9, address which referenced memory



Debugging Details:

------------------





WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac

Unable to read MiSystemVaType memory at 81d11780

 00000008 



CURRENT_IRQL:  4



FAULTING_IP: 

nt!EtwGetKernelTraceTimestamp+77

81c70dc9 894608		  mov	 dword ptr [esi+8],eax



CUSTOMER_CRASH_COUNT:  1



DEFAULT_BUCKET_ID:  VISTA_RC



BUGCHECK_STR:  0xA



PROCESS_NAME:  Idle



TRAP_FRAME:  8786ec10 -- (.trap ffffffff8786ec10)

ErrCode = 00000002

eax=3afa7075 ebx=8786ecc8 ecx=00800063 edx=00000044 esi=00000000 edi=8786ecbc

eip=81c70dc9 esp=8786ec84 ebp=8786ec84 iopl=0		 nv up ei pl nz ac pe cy

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000			 efl=00010217

nt!EtwGetKernelTraceTimestamp+0x77:

81c70dc9 894608		  mov	 dword ptr [esi+8],eax ds:0023:00000008=????????

Resetting default scope



LAST_CONTROL_TRANSFER:  from 81c70dc9 to 81c8fc44



STACK_TEXT:  

8786ec10 81c70dc9 badb0d00 00000044 8787e000 nt!KiTrap0E+0x2ac

8786ec84 81c70d2d 20004000 84415780 8787e000 nt!EtwGetKernelTraceTimestamp+0x77

8786ecac 81c908ad 83c29008 00000002 ffffffff nt!EtwGetInterruptTimeStamp+0x1c

8786ecd0 81c907b9 81faba02 00000052 81cf8740 nt!KiChainedDispatch2ndLvl+0xb1

8786ecd0 81fb42a6 81faba02 00000052 81cf8740 nt!KiChainedDispatch+0x29

8786ed50 81c91272 00000000 0000000e 00000000 hal!HalProcessorIdle+0x2

8786ed54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa





STACK_COMMAND:  kb



FOLLOWUP_IP: 

nt!EtwGetKernelTraceTimestamp+77

81c70dc9 894608		  mov	 dword ptr [esi+8],eax



SYMBOL_STACK_INDEX:  1



FOLLOWUP_NAME:  MachineOwner



MODULE_NAME: nt



IMAGE_NAME:  ntkrpamp.exe



DEBUG_FLR_IMAGE_TIMESTAMP:  4549ae00



SYMBOL_NAME:  nt!EtwGetKernelTraceTimestamp+77



FAILURE_BUCKET_ID:  0xA_W_nt!EtwGetKernelTraceTimestamp+77



BUCKET_ID:  0xA_W_nt!EtwGetKernelTraceTimestamp+77



Followup: MachineOwner

---------

"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 11 March 2007 - 06:23 AM

Could you run the debugger with the !analyze -v option? That'd give some more info on what was in memory at the time.

I haven't seen the HAL item before (in your stack trace) - so it's looking more like an incompatibility than a driver. But that's just speculation at this point (also looking at what I presume to be attempts to kill an idle loop).

So, on with the usual questions...
Have you added any new hardware?
Have you added/modified any drivers?
How's about any Windows Updates?
Have you added/changed anything else that might have caused this?
Is there anything that you're thinking might have caused it?

Finally, I haven't tried them in Vista yet, but have you tried verifier.exe and sigverif.exe to see if you can identify a suspicious driver from there? Also, you may want to check one of the sites like DriverMax to see what it says are "outdated" drivers.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 Mr Alpha

Mr Alpha
  • Topic Starter

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 11 March 2007 - 06:57 AM

Could you run the debugger with the !analyze -v option? That'd give some more info on what was in memory at the time.

That is the result of the !analyze -v option.

I haven't seen the HAL item before (in your stack trace) - so it's looking more like an incompatibility than a driver. But that's just speculation at this point (also looking at what I presume to be attempts to kill an idle loop).

So, on with the usual questions...
Have you added any new hardware?
Have you added/modified any drivers?
How's about any Windows Updates?
Have you added/changed anything else that might have caused this?
Is there anything that you're thinking might have caused it?

The Vista installation is pretty fresh so absolutely everything is new.

Finally, I haven't tried them in Vista yet, but have you tried verifier.exe and sigverif.exe to see if you can identify a suspicious driver from there? Also, you may want to check one of the sites like DriverMax to see what it says are "outdated" drivers.

Will do.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 13 March 2007 - 09:34 AM

That's the -v output! Wow! It seems pretty short to me! I'll have to do a bit more looking around!

With a new install, you're pretty much limited to:
1) Failing hardware
2) Bad/incompatible drivers
3) Corrupt Windows files

Are you running on the drivers that Vista supplied? Any others that you've installed? With the limited availability of Vista drivers it should be an easy matter to remove and reinstall the one's that didn't come with Vista. And, if that doesn't fix it, that leaves the built in drivers as suspect.

After that it would be a matter of stripping all the "not needed" hardware out and then trying each remaining driver until you either eliminate the problem - or confirm that it's not a driver issue.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 Mr Alpha

Mr Alpha
  • Topic Starter

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 15 March 2007 - 01:09 PM

I just had another one:
*******************************************************************************

*																			 *

*						Bugcheck Analysis									*

*																			 *

*******************************************************************************



IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high.  This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 00000008, memory referenced

Arg2: 00000005, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 81c70dc9, address which referenced memory



Debugging Details:

------------------





WRITE_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac

Unable to read MiSystemVaType memory at 81d11780

 00000008 



CURRENT_IRQL:  5



FAULTING_IP: 

nt!EtwGetKernelTraceTimestamp+77

81c70dc9 894608		  mov	 dword ptr [esi+8],eax



CUSTOMER_CRASH_COUNT:  1



DEFAULT_BUCKET_ID:  VISTA_RC



BUGCHECK_STR:  0xA



PROCESS_NAME:  Idle



TRAP_FRAME:  82605c10 -- (.trap ffffffff82605c10)

ErrCode = 00000002

eax=f6d9ea6e ebx=82605cc8 ecx=0080005b edx=00000002 esi=00000000 edi=82605cbc

eip=81c70dc9 esp=82605c84 ebp=82605c84 iopl=0		 nv up ei pl nz ac po cy

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000			 efl=00010213

nt!EtwGetKernelTraceTimestamp+0x77:

81c70dc9 894608		  mov	 dword ptr [esi+8],eax ds:0023:00000008=????????

Resetting default scope



LAST_CONTROL_TRANSFER:  from 81c70dc9 to 81c8fc44



STACK_TEXT:  

82605c10 81c70dc9 badb0d00 00000002 82605c30 nt!KiTrap0E+0x2ac

82605c84 81c70d2d 20004000 85e24280 82615000 nt!EtwGetKernelTraceTimestamp+0x77

82605cac 81c908ad 85650d08 00000002 81c7fe8f nt!EtwGetInterruptTimeStamp+0x1c

82605cd0 81c907b9 81faba02 00000063 81cf8740 nt!KiChainedDispatch2ndLvl+0xb1

82605cd0 81fb42a6 81faba02 00000063 81cf8740 nt!KiChainedDispatch+0x29

82605d50 81c91272 00000000 0000000e 35003900 hal!HalProcessorIdle+0x2

82605d54 00000000 0000000e 35003900 45004500 nt!KiIdleLoop+0xa





STACK_COMMAND:  kb



FOLLOWUP_IP: 

nt!EtwGetKernelTraceTimestamp+77

81c70dc9 894608		  mov	 dword ptr [esi+8],eax



SYMBOL_STACK_INDEX:  1



FOLLOWUP_NAME:  MachineOwner



MODULE_NAME: nt



IMAGE_NAME:  ntkrpamp.exe



DEBUG_FLR_IMAGE_TIMESTAMP:  4549ae00



SYMBOL_NAME:  nt!EtwGetKernelTraceTimestamp+77



FAILURE_BUCKET_ID:  0xA_W_nt!EtwGetKernelTraceTimestamp+77



BUCKET_ID:  0xA_W_nt!EtwGetKernelTraceTimestamp+77



Followup: MachineOwner

---------
One of the problems with troubleshooting this BSOD is that I get it only about once a week.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#10 Mr Alpha

Mr Alpha
  • Topic Starter

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 18 March 2007 - 07:38 AM

This is what I've done so far to diagnose the problem:
  • Ran Windows Memory diagnostics: Everything fine.
  • Ran System File Scanner: Everything fine.
  • Ran Spinrite: Everything fine.
  • Happens even in Diagnostic Startup mode: Rules our keyboard, mouse, sound and PhysX drivers plus all extra background programs and services.
Another thing I noticed is that it only happens when the computer is under load, like when playing a game.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 18 March 2007 - 08:14 AM

Hmm, with a fresh install of Vista it's likely to be either an incompatibility or a driver. Has anything revealed itself in the Event Viewer?

I'd suggest:
1) Removing any hardware that you don't need
2) Updating all drivers to the latest Vista version. For any drivers that don't have a Vista version, run the installation in XP SP2 compatibility mode and Run as Administrator.
3) Checking each piece of hardware against the HCL to see if anything pops out.

This is a shotgun approach and should eliminate the drivers as an issue - which would then lead me to wonder about a hardware problem (since it fails under load).

Edited by usasma, 18 March 2007 - 08:16 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 Mr Alpha

Mr Alpha
  • Topic Starter

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 AM

Posted 18 March 2007 - 09:01 AM

1) I'm already down to the essentials.
2) All drivers are updated.
3) HLC?

In the event viewer there are a couple errors I don't know what to make of. Under system there is this:

Source: ACPI
Event ID: 6
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0. Please contact your system vendor for technical assistance.

I get the same error at the same time for PCI slots 12, 11 and 14. Under application there is this:

Source: SibeBySide
Event ID: 33
Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

There is always two of these at the same time.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:09:44 PM

Posted 18 March 2007 - 10:13 AM

HCL = Hardware Compatibility List

From the Event Viewer errors, I'm starting to think that this is your motherboard drivers or an incompatibility with your mobo. Try this tool to see what it gets you: http://www.microsoft.com/technet/solutiona...wv/default.mspx

Also, I got some more info on this from my visit to Microsoft this week. They promised me that the slides would be online - so I didn't take notes :huh:

Anywho, there are also tools in the ACT 5.0 release that will monitor errors related to compatibility and report back to you - but since I don't have the slides, I don't have the details.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users