Saturday, October 25, 2014

windows - ntoskrnl.exe!_misaligned_access eats a lot of CPU when idle


Please advise what might be causing the unnecessary cpu use described below.


Symptoms:



  • When the computer is left idle, a system process starts to eat about 30% of the CPU. If any key is pressed or the mouse moved, this stops in a second. This is annoying, since this is a rather thin notebook, and the cooling is not designed for sustained high CPU usage and gets loud.

  • Does not happen when on battery.

  • Does not seem to be related to antivirus or indexing reladted stuff, since they have their easily distinguishable processes.


What I found so far:



  • The process is System, the PID is always 4, the description is NT Kernel and System.

  • When examining this process with Process Hacker (right click/properties, then Threads tab), it turns out, that there is a thread in it called ntoskrnl.exe!_misaligned_access+0x3f0 which is responsible for all of this unnecessary CPU usage. The same can be found with other process explorer applications. The address in the process' name changes every reboot, but stays the same between them.



    • Actually, there are mutliple threads with these properties, but always the same does use the CPU (same PID).

    • Right click and inspect gives this stack for this thread


      0, ntoskrnl.exe!KeIsAttachedProcess+0x92e


      1, ntoskrnl.exe!KeWaitForMultipleObjects+0x140f


      2, ntoskrnl.exe!KeWaitForMultipleObjects+0xcb9


      3, ntoskrnl.exe!_misaligned_access+0x5fd


      4, ntoskrnl.exe!RtlGetCompressionWorkSpaceSize+0x1f0


      5, ntoskrnl.exe!KeSynchronizeExecution+0x59d6



  • There is a Handles tab in the same process' properties window. There is this row, which might be connected the thread above, since the handle is the same as the address in the misbehaving thread:



    • Type: SymbolicLink, Name: \GLOBAL??\USB#VID_8087&PID_8000#5&47f868&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}, Handle: 0x3f0


  • Looked up the device (VID 8087 and PID 8000) in device manager, and it is Intel Generic USB Hub


  • I have no further idea what to look for.



Environment details:



  • Dell E7440, with some of Dell's tons of software installed. I know, that the problem might be that some component/driver is missing, but I still do not want to install all of the possible listed stuff. Device manager does not show any devices with no drivers.

  • Windows 8.1 Enterprise 64 bit, not hacked, with all possible updates. Installed about a month ago from official iso, not much crap is installed on it, no errors or BSODs since then.

  • No antivirus, besides windows' built in Security Essentials.


Answer



The CPU usage is by design. It comes from the function ntoskrnl.exe!RtlScrubMemory / ntoskrnl.exe!RtlpGenericRandomPatternWorker / ntoskrnl.exe!RtlpTestMemoryRandomUp.


enter image description here


This function write random patterns to the RAM to test the RAM for errors. Windows does this during the Idle Maintenance task to optimize Windows (cleanup of WinSxS, optimizing .net files with ngen)


Run the Task Scheduler, go to Microsoft -> Windows -> Task Scheduler, select Idle Maintenance,


enter image description here


do a right click and select disable.


enter image description here


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...