Jump to content
lx-s

Bluescreen during boot: bad_pool_caller -> kl1.sys

Recommended Posts

Hello!

 

I infrequently get a blue screen during Windows boot titled "BAD_POOL_CALLER" which is caused by kl1.sys

 

WinDbg gave me the following:

 

Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\Desktop\122411-17815-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*D:\Dev\SymbolCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e57000 PsLoadedModuleList = 0xfffff800`0309c670
Debug session time: Sat Dec 24 09:58:51.772 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:06.694
Loading Kernel Symbols
...............................................................
................................................................

Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 109b, 4050007, fffffa800a0448a0}

Unable to load image \SystemRoot\system32\DRIVERS\kl1.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kl1.sys
*** ERROR: Module load completed but symbols could not be loaded for kl1.sys
GetPointerFromAddress: unable to read from fffff80003106100
Probably caused by : kl1.sys ( kl1+77cb1 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 0000000004050007, Memory contents of the pool block
Arg4: fffffa800a0448a0, Address of the block of pool being deallocated

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'nsiproxy' and 'cdrom.sys' overlap

POOL_ADDRESS:  fffffa800a0448a0 

FREED_POOL_TAG:  KLN2

BUGCHECK_STR:  0xc2_7_KLN2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80003001be9 to fffff80002ed3c40

STACK_TEXT:  
fffff880`03d5bb88 fffff800`03001be9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`04050007 : nt!KeBugCheckEx
fffff880`03d5bb90 fffff880`01ce7cb1 : fffffa80`0a7d9000 00000000`00000000 fffffa80`0a0448a0 fffffa80`097ea040 : nt!ExDeferredFreePool+0x1201
fffff880`03d5bc40 fffffa80`0a7d9000 : 00000000`00000000 fffffa80`0a0448a0 fffffa80`097ea040 fffffa80`0a7d9090 : kl1+0x77cb1
fffff880`03d5bc48 00000000`00000000 : fffffa80`0a0448a0 fffffa80`097ea040 fffffa80`0a7d9090 fffff880`01cdae5b : 0xfffffa80`0a7d9000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
kl1+77cb1
fffff880`01ce7cb1 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  kl1+77cb1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: kl1

IMAGE_NAME:  kl1.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d70aec3

FAILURE_BUCKET_ID:  X64_0xc2_7_KLN2_kl1+77cb1

BUCKET_ID:  X64_0xc2_7_KLN2_kl1+77cb1

Followup: MachineOwner

 

 

If you want I also can provide the *.dmp File.

Share this post


Link to post
and... if the licence has espired? :unsure:

Renew the licence.

 

With thousands of new malicious files discovered every day, antiviruses should always be kept up-to-date in order to allow them to protect you against the newer threats.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.