# BSOD 0x109 CRITICAL_STRUCTURE_CORRUPTION



## Rains (Jul 9, 2010)

Hello.

Windows Server 2008 x64 retail
CPU: Intel Pentium Dual-Core E6500 (2.93 GHz, SLGUH, Wolfdale)
Motherboard: GA-EQ45M-S2 (Intel Q45 chipset, integrated GFX X4500)
RAM: Mushkin 2x2GB DDR2 PC2-6400 800MHz CL5 1.8V (996760)
PSU: 400W Chieftec
Age of HW and OS: 4 months

I recently started getting random BSODs on the above setup. One I remember was IRQ_NOT_LESS_OR_EQUAL and two I remember were CRITICAL_STRUCTURE_CORRUPTION type ones and the latest which just happened was PAGE_FAULT_IN_NONPAGED_AREA 0x00000050.

It ran OK for 4 months without hardware changes so I suspect it is some driver.

I also ran a MemTest utility from within Windows and let it run 5 passes and it reported 0 rerrors.

I zipped up a few of the latest minidumps and hopefully somebody can analyze them and help me find the cause.

Thank you.


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

Four kernel dumps; four different bugchecks - 

*0x50* = invalid memory referenced
*0x109* = kernel detected corruption
*0xa* = driver attempted to access pageable (or bad) memory when it should not have
*0xd1* = basically same as 0xa

The 0xd1 BSOD lists the Microsoft networking component driver *tcpip.sys* as the probable cause. This is a default of sorts.

The 0x50 listed vmware-authd.exe as the process running on CPUx at the time of BSOD. VMWare has had BSOD issues under Vista & Windows 7.

See if updating these drivers helps calm BSODs - 

```
[font=lucida console]
rminiv3.sys  Fri Aug 17 16:53:11 2007 (46C60AB7) - Ricoh Media driver

Rtnic64.sys  Fri Jun 30 14:15:42 2006 (44A56A4E) - Realtek Ethernet - http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2

tifsfilt.sys Thu Oct 11 03:24:46 2007 (470DCFBE) - Acronis
timntr.sys   Thu Oct 11 03:27:41 2007 (470DD06D) - Acronis

vmci.sys     Tue Oct 28 20:57:29 2008 (4907B4F9)
VMkbd.sys    Tue Oct 28 22:36:36 2008 (4907CC34)
VMNET.SYS    Thu May 22 06:33:54 2008 (48354C12)
vmnetadapter.sys Thu May 22 06:33:57 2008 (48354C15)
vmnetbridge.sys Thu May 22 06:34:05 2008 (48354C1D)
vmnetuserif.sys Tue Oct 28 21:40:59 2008 (4907BF2B)
vmx86.sys    Tue Oct 28 23:04:03 2008 (4907D2A3)
vstor2-ws60.sys Thu Oct 02 21:04:32 2008 (48E56FA0) 
[/font]
```
 
Realtek Ethernet --> http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2 

Acronis version you are running is 2007. Its kernel mode drivers may be clashing with updated Server2008 6002 (Vista SP2) drivers. Update program installation or remove it.

Additional system information needed --> BSOD Posting Instructions

Attach the resulting zip files to your next post.

Then run the --> DRIVER VERIFIER - Windows 7 & Vista 

If software is the cause of the BSODs, Driver Verifier should help ID the culprit. If D/V flags a driver, it WILL BSOD YOUR SYSTEM. Multiple bugchecks are usually indicative of hardware failure; however, VMWare can be a wild card here.

Windbg Logs
--> http://jcgriff2.com/dbug_logs/_99-dbug_Rains_Server2008x64-6002_07-09-2010_jcgriff2_.txt
-->http://jcgriff2.com/dbug_logs/_99-dbug_Rains_Server2008x64-6002_07-09-2010_jcgriff2_.txt.zip

Regards. . .

jcgriff2

.


BSOD BUGCHECK SUMMARY

```
[font=lucida console]
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Debug session time: Fri Jul  9 10:58:35.899 2010 (GMT-4)
System Uptime: 0 days 0:31:21.715
BugCheck 50, {fffff8810827d6f8, 1, fffff80001f4b16b, 5}
Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+49b )
BUGCHECK_STR:  0x50
PROCESS_NAME:  vmware-authd.ex
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Debug session time: Fri Jul  9 06:27:49.662 2010 (GMT-4)
System Uptime: 0 days 0:03:57.384
BugCheck 109, {a3a039d898ef972e, 0, bb33eac9929627ad, 101}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
BUGCHECK_STR:  0x109
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Debug session time: Fri Jul  9 06:07:10.246 2010 (GMT-4)
System Uptime: 1 days 15:54:32.089
BugCheck A, {fffffa810776b530, c, 1, fffff80001e654ff}
Probably caused by : ntkrnlmp.exe ( nt!KiTimerListExpire+40f )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18209.amd64fre.vistasp2_gdr.100218-0019
Debug session time: Wed Jul  7 14:05:06.271 2010 (GMT-4)
System Uptime: 4 days 4:12:51.374
BugCheck D1, {fffffa8107787ed8, 2, 0, fffffa60157a40bb}
*** WARNING: Unable to verify timestamp for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
Probably caused by : ipnat.sys ( ipnat!NatLookupReverseMapping+77 )
BUGCHECK_STR:  0xD1
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  
  
 

by [color=navy]jcgriff2     
             
         J. C. Griffith, Microsoft MVP[/color]   
             
           [url=https://mvp.support.microsoft.com/profile/Griffith][color=#000055]https://mvp.support.microsoft.com/profile/Griffith[/color][/url]   
             
           [url=www.jcgriff2.com][color=#000055]www.jcgriff2.com[/color][/url] 


¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨


  [/font]
```


----------



## Rains (Jul 9, 2010)

Here I am attaching the full ZIP with required info. Also note that the system info files may not list all the drivers that were present at the time of all crashes since I removed at least one of them (a multimedia device driver STK1160 or DC60).


----------



## Rains (Jul 9, 2010)

Three (not four) months ago I upgraded the hardware and it was running fine until the last couple of days when BSODs started appearing very often (if I got 1 BDOS yesterday, I got 5 today). The software (OS, Acronis, WMware, ...) was the same for a year on the old hardware and never caused any bluescreen. So I presume the versions I use are capable of living together unless some other driver interferes, like chipset, network or graphics driver (which is what is new compared to the old setup). Otherwise no other software was installed, except Windows updates.

As I said, since the upgrade 3 months ago it was running fine until lets say 10 days ago.

P.S.: It just crashed twice again within 2 minutes, after I installed another program which I removed earlier today (InfoBar). Please see if there is anything new in these two new minidumps.


----------



## Rains (Jul 9, 2010)

One other question ...

In the explanation of the CRITICAL_STRUCTURE_CORRUPTION (109) error (I mostly get these), it says:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

In case this happens, does it mean that the damage is permanent, requiring OS reinstall, or would deinstalling the driver solve the problem ?

Also, could a CRITICAL_STRUCTURE_CORRUPTION (109) error be caused by a failing RAM or an motherboard/RAM incompatibility ?


----------



## jcgriff2 (Sep 30, 2007)

Rains said:


> One other question ...
> 
> In the explanation of the CRITICAL_STRUCTURE_CORRUPTION (109) error (I mostly get these), it says:
> 1) A driver has inadvertently or deliberately modified critical kernel code
> ...



Hi - 

You are right about 0x109 and its likely association with failing hardware. If RAM cannot handle kernel code in a stable manner because of hardware failure, bugcheck 0x109 can definitely appear.

0x109 can also be caused by a rogue 3rd party driver that has attempted/ managed to patch the kernel. Only Windows Updates and Hotfixes from Microsoft are permitted to modify kernel code. The Driver Verifier can help detect such a rogue driver, assuming one exists. It would of course have to be a boot or kernel mode driver; hence the reason I mentioned Acronis. The level of possible OS damage given 0x109 is unknown. SFC should be of help if software issue caused 0x109 -

SFC --> http://jcgriff2.com/sfc.html

Check the Reliability Monitor for a daily synopsis of installation/ other activity -
START | type *perfmon /rel*

Regards. . .

jcgriff2

.


----------

