We help IT Professionals succeed at work.

BSOD vista pool corruption

Medium Priority
Last Modified: 2012-05-06
My vista business machine is crashing randomly while idle.  I have put the minidump through windbg and this is the result.  Can anyone help with interpreting this and suggest a cause for the crash?

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [Z:\Mini021109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81e09000 PsLoadedModuleList = 0x81f20c70
Debug session time: Wed Feb 11 22:15:05.592 2009 (GMT+0)
System Uptime: 0 days 14:41:25.745
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck C5, {0, 2, 1, 81ef6218}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+213 )

Followup: Pool_corruption

2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 81ef6218, address which referenced memory

Debugging Details:



81ef6218 893b            mov     dword ptr [ebx],edi




TRAP_FRAME:  8c3bfaf4 -- (.trap 0xffffffff8c3bfaf4)
ErrCode = 00000002
eax=c325b73f ebx=00000000 ecx=000001ff edx=00000011 esi=c325af3f edi=00000000
eip=81ef6218 esp=8c3bfb68 ebp=8c3bfba0 iopl=0         nv up ei ng nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010297
81ef6218 893b            mov     dword ptr [ebx],edi  ds:0023:00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 81ef6218 to 81e63d24

8c3bfaf4 81ef6218 badb0d00 00000011 00000000 nt!KiTrap0E+0x2ac
8c3bfba0 81ef76e0 81f0b6e0 00000001 81f04c80 nt!ExDeferredFreePool+0x213
8c3bfc08 81e461bc 87ff8808 00000000 87ff8808 nt!ExFreePoolWithTag+0x852
8c3bfc24 81e0de69 87ff8808 c15746e0 00000000 nt!IopFreeIrp+0x56
8c3bfc40 81e0ddf8 87ff889f 87ff8808 00000000 nt!PopFreeIrp+0x60
8c3bfc54 81e4310c 00000000 87ff8808 c1574602 nt!PopRequestCompletion+0x54
8c3bfc88 82aeede8 81f0b13c 84af3828 85408ca0 nt!IopfCompleteRequest+0x11d
8c3bfd34 82ad7013 85408c98 87fae438 8c3bfd7c ndis!ndisDevicePowerOn+0x474
8c3bfd44 81e41445 85408c98 00000000 84af3828 ndis!ndisWorkItemHandler+0xe
8c3bfd7c 81fdeb18 85408c98 1f9eded8 00000000 nt!ExpWorkerThread+0xfd
8c3bfdc0 81e37a2e 81e41348 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


81ef6218 893b            mov     dword ptr [ebx],edi


SYMBOL_NAME:  nt!ExDeferredFreePool+213

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption


MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+213

BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+213

Followup: Pool_corruption
Watch Question


An attempt occurred to touch invalid memory at a process IRQL that is too high. This is almost always caused by drivers that have corrupted the system pool. If youve recently installed any new software, check to see if its properly installed; and check for updated drivers on the manufacturers web site.

* I would go into Device Manager and see if there are any conflicts.

* Update your drivers to the latest.

Somewhere a driver is in conflict by attempting to access an IRQL that is has no right to do thus causing your crashes.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
John GriffithConsultant

For bugcheck 0xc5 run the driver verifier to help ID the bad kernel-mode driver.  Instructions in code box.
If the Driver Verifier finds a violation, it will result in a BSOD.  To see the status of Verifier - type verifier - select the last option on the first screen - "Display information about the currently verified drivers..".  To turn Driver Verifier off - verifier /reset - then re-boot.
BSOD will result in verifier-enabled mini kernel dump w/ additional stack text information.  Instead of clicking on "!analyze -v" use "!analyze -v;r;kv;lmtn" at the kd> command line.  This will produce loaded driver listing making it very easy to check driver timestamps.

START | type cmd.exe | right-click on cmd.exe uptop under programs | Run as Administrator | type VERIFIER - hit enter | do the following:
1. Select 2nd option - Create custom settings (for code developers)
2. Select 2nd option - Select individual settings from a full list.
3. Check the boxes
    " Special Pool 
    " Pool Tracking 
    " Force IRQL checking
4. Select last option - Select driver names from a list 
5. Click on the Provider heading - sorts list by Provider
6. Check ALL boxes where Microsoft is not the Provider
7. Click on Finish 
8. Re-boot

Open in new window

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.