Internmittant BSOD, no clear trigger

cschodt

New Member
Messages
8
Hi folks,

So I've been having occasional BSOD issues. Not sure what is setting it off. So far it's happened on startup, while the computer is just sitting there, while playing games, and while browsing with Firefox. Probably every ~2 weeks.


Thanks!
 
Hi cschodt ^_^,

I have analyzed your dump files and below has been provided for informative purposes :-
Code:
5: kd> .cxr 0xffffd00027a7b890;rrax=0000000000000000 rbx=0000000000000000 rcx=ffffd00027a7c310
rdx=0800000000000000 rsi=ffffe000d36815c0 rdi=ffffd00027a7c310
rip=fffff8019e362040 rsp=ffffd00027a7c2c0 rbp=ffffd00027a7c330
 r8=ffffd00027a7c360  r9=0000000000000000 r10=ffffc000a1424a20
r11=ffffd00027a7c418 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
nt!KxWaitForLockOwnerShipWithIrql+0x14:
fffff801`9e362040 48890a          mov     qword ptr [rdx],rcx ds:002b:08000000`00000000=????????????????
Last set context:
rax=0000000000000000 rbx=0000000000000000 rcx=ffffd00027a7c310
rdx=0800000000000000 rsi=ffffe000d36815c0 rdi=ffffd00027a7c310
rip=fffff8019e362040 rsp=ffffd00027a7c2c0 rbp=ffffd00027a7c330
 r8=ffffd00027a7c360  r9=0000000000000000 r10=ffffc000a1424a20
r11=ffffd00027a7c418 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010046
nt!KxWaitForLockOwnerShipWithIrql+0x14:
fffff801`9e362040 48890a          mov     qword ptr [rdx],rcx ds:002b:[B][COLOR=#0000ff]08000000`00000000[/COLOR][/B]=????????????????
5: kd> !pte 08000000`00000000
                                           VA 0800000000000000
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000000    PTE at FFFFF68000000000
contains 017000013C06D867  contains 0180000162B6E867  contains 0000000000000000
GetUlongFromAddress: unable to read from fffff8019e5c7104
pfn 13c06d    ---DA--UWEV  pfn 162b6e    ---DA--UWEV  not valid


[COLOR=#ff0000][B]WARNING: noncanonical VA, accesses will fault ![/B][/COLOR]
So, according to this dump file, some driver is probably using bad pointers. The driver was waiting for the Lock Ownership while the Bugcheck happened.
Now, let us check the latest dump file which is a Driver_Power_State_Failure with the first parameter as 3. If we run !irp on the last argument we get the below :-
Code:
0: kd> !irp ffffe001d736b010Irp is active with 14 stacks 12 is current (= 0xffffe001d736b3f8)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    


			Args: 00000000 00000000 00000000 00000000
>[ 16, 2]   0 e1 ffffe001dc942bc0 00000000 fffff8011dc07950-00000000 Success Error Cancel pending
	       \Driver\USBHUB3	[COLOR=#ff0000][B]USBSTOR!USBSTOR_FdoSetPowerD0Completion[/B][/COLOR]
			Args: 00041100 00000001 00000001 00000002
 [ 16, 2]   0 e1 ffffe001dc836690 00000000 fffff802395a7fd8-ffffe001e40e8390 Success Error Cancel pending
	       \Driver\USBSTOR	nt!PopRequestCompletion
			Args: 00041100 00000001 00000001 00000002
 [  0, 0]   0  0 00000000 00000000 00000000-ffffe001e40e8390    


			Args: 00000000 00000000 00000000 00000000
As we can see from the above dump file, the USBSTOR.sys which is USB Mass Storage Driver from Windows caused the error but the chance of it being at fault is really low so it means that some other component was at fault here.

Below is a list of 3rd party drivers present on your system :-
Code:
**************************Thu Sep 25 13:49:21.712 2014 (UTC + 5:30)**************************
[U][B]DDCDrv.sys                  Tue Apr  8 13:20:11 2008 (47FB23B3)[/B][/U]
[U][B]ctac32k.sys                 Wed Jul  2 14:08:22 2008 (486B3E7E)[/B][/U]
[U][B]LGVirHid.sys                Tue Nov 24 07:06:48 2009 (4B0B38B0)[/B][/U]
[U][B]LGBusEnum.sys               Tue Nov 24 07:06:48 2009 (4B0B38B0)[/B][/U]
[U][B]AsUpIO.sys                  Tue Aug  3 08:17:59 2010 (4C57835F)[/B][/U]
[U][B]CLVirtualDrive.sys          Mon Dec 26 18:56:47 2011 (4EF87617)[/B][/U]
[U][B]PxHlpa64.sys                Tue Apr 24 22:56:29 2012 (4F96E245)[/B][/U]
[U][B]SXSUDFMF.sys                Tue Jul 24 10:50:20 2012 (500E3094)[/B][/U]
[U][B]SXSUDFS.sys                 Tue Jul 24 10:50:44 2012 (500E30AC)[/B][/U]
[U][B]AsIO.sys                    Wed Aug 22 15:24:47 2012 (5034AC67)[/B][/U]
[U][B]usbfilter.sys               Wed Aug 29 06:57:12 2012 (503D6FF0)[/B][/U]
[U][B]emupia2k.sys                Tue Oct 30 13:47:39 2012 (508F8D23)[/B][/U]
[U][B]ctsfm2k.sys                 Tue Oct 30 13:47:48 2012 (508F8D2C)[/B][/U]
[U][B]ctoss2k.sys                 Tue Oct 30 13:48:10 2012 (508F8D42)[/B][/U]
[U][B]ha20x22k.sys                Tue Oct 30 13:51:18 2012 (508F8DFE)[/B][/U]
[U][B]ctaud2k.sys                 Tue Oct 30 13:52:05 2012 (508F8E2D)[/B][/U]
[U][B]ctprxy2k.sys                Tue Oct 30 13:52:11 2012 (508F8E33)[/B][/U]
[U][B]CTHWIUT.SYS                 Tue Oct 30 13:53:01 2012 (508F8E65)[/B][/U]
[U][B]CTEXFIFX.SYS                Tue Oct 30 13:53:42 2012 (508F8E8E)[/B][/U]
[U][B]CT20XUT.SYS                 Tue Oct 30 13:53:48 2012 (508F8E94)[/B][/U]
sscbfs3.sys                 Thu Jan 31 02:41:31 2013 (51098C83)
LGSHidFilt.Sys              Thu May 30 20:46:33 2013 (51A76D51)
Rt630x64.sys                Fri Jul 26 12:31:35 2013 (51F21ECF)
dump_storahci.sys           Thu Aug 22 17:10:39 2013 (5215F8B7)
AODDriver2.sys              Thu Sep 12 09:06:40 2013 (523136C8)
asstor64.sys                Mon Jan 27 15:00:34 2014 (52E6273A)
AMDACPKSL.SYS               Wed Mar 12 05:19:44 2014 (531FA118)
AtihdWB6.sys                Wed Mar 12 05:20:02 2014 (531FA12A)
xb1usb.sys                  Tue May 27 13:43:13 2014 (53844919)
atikmpag.sys                Sat Jul  5 06:56:52 2014 (53B7545C)
atikmdag.sys                Sat Jul  5 07:09:13 2014 (53B75741)
http://www.carrona.org/drivers/driver.php?id=DDCDrv.sys
http://www.carrona.org/drivers/driver.php?id=ctac32k.sys
http://www.carrona.org/drivers/driver.php?id=LGVirHid.sys
http://www.carrona.org/drivers/driver.php?id=LGBusEnum.sys
http://www.carrona.org/drivers/driver.php?id=AsUpIO.sys
http://www.carrona.org/drivers/driver.php?id=CLVirtualDrive.sys
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
SXSUDFMF.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
SXSUDFS.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=AsIO.sys
http://www.carrona.org/drivers/driver.php?id=usbfilter.sys
http://www.carrona.org/drivers/driver.php?id=emupia2k.sys
http://www.carrona.org/drivers/driver.php?id=ctsfm2k.sys
http://www.carrona.org/drivers/driver.php?id=ctoss2k.sys
http://www.carrona.org/drivers/driver.php?id=ha20x22k.sys
http://www.carrona.org/drivers/driver.php?id=ctaud2k.sys
http://www.carrona.org/drivers/driver.php?id=ctprxy2k.sys
http://www.carrona.org/drivers/driver.php?id=CTHWIUT.SYS
http://www.carrona.org/drivers/driver.php?id=CTEXFIFX.SYS
http://www.carrona.org/drivers/driver.php?id=CT20XUT.SYS
http://www.carrona.org/drivers/driver.php?id=sscbfs3.sys
http://www.carrona.org/drivers/driver.php?id=LGSHidFilt.Sys
http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
http://www.carrona.org/drivers/driver.php?id=dump_storahci.sys
http://www.carrona.org/drivers/driver.php?id=AODDriver2.sys
http://www.carrona.org/drivers/driver.php?id=asstor64.sys
http://www.carrona.org/drivers/driver.php?id=AMDACPKSL.SYS
http://www.carrona.org/drivers/driver.php?id=AtihdWB6.sys
http://www.carrona.org/drivers/driver.php?id=xb1usb.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys

At this point I would suggest you to remove any USB Device connected to the system and then check for system stability. Furthermore, there are lots of drivers which are extremely old. I have highlighted the older drivers which you need to update.

If you are still getting the BSOD's after updating the drivers and removing the USB Devices, please upload a complete dump file located at "C:\Windows\Memory.dmp" as there is a Plug N Play Triage lock which cannot be analyzed due to the nature of a minidump file.
The complete dump file would be large in size so PLEASE make sure that you ZIP IT UP before uploading it to a host like Mediafire or OneDrive so that it could be analyzed.

Let me know how it goes ^_^
 
Thank you very much for your help! It looks like a lot of those old drivers relate to my sound card, keyboard, or motherboard, but unfortunately there don't seem to be newer versions available of most of them. Is there any sort of tool or utility you can recommend to see what drivers are installed/in use? Maybe I can remove some of the offending ones.

In the meantime, I have removed a few USB devices, and if I get more BSOD's, I'll upload an update.

Thank you again.
 
Just had another BSOD.... quickest between 2 events so far. I've attached the minidump file, but I can't find the memory.dmp Is there a way to ensure that my computer generates one? A setting I have to change?

Thank you again!
 
Hi Cschodt ^_^,

I have analysed your dump files and below has been provided an analysis of the same for informative purposes :-
Code:
0: kd> !irp ffffe0019cd59330
Irp is active with 14 stacks 12 is current (= 0xffffe0019cd59718)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    
   Args: 00000000 00000000 00000000 00000000
>[ 16, 2]   0 e1 ffffe001a544d060 00000000 fffff8001d3cb950-00000000 Success Error Cancel pending
        \Driver\[COLOR=#ff0000][B]USBHUB3[/B][/COLOR] USBSTOR!USBSTOR_FdoSetPowerD0Completion
   Args: 00041100 00000001 00000001 00000002
 [ 16, 2]   0 e1 ffffe001a55523b0 00000000 fffff803df99dfd8-ffffe001a8bdf6f0 Success Error Cancel pending
        \Driver\USBSTOR nt!PopRequestCompletion
   Args: 00041100 00000001 00000001 00000002
 [  0, 0]   0  0 00000000 00000000 00000000-ffffe001a8bdf6f0    
   Args: 00000000 00000000 00000000 00000000
Apparently, a USB Device Driver is causing trouble.
Code:
0: kd> !devobj ffffe001a544d060
Device object (ffffe001a544d060) is for:
 Cannot read info offset from nt!ObpInfoMaskToOffset
 \Driver\USBHUB3 DriverObject ffffe0019fbe1350
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003044
DevExt ffffe001a5451e70 DevObjExt ffffe001a544d1d8 DevNode [COLOR=#0000ff][B]ffffe001a5552d30 [/B][/COLOR]
ExtensionFlags (0000000000)  
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
AttachedDevice (Upper) ffffe001a57d25b0Unable to load image usbfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for usbfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for usbfilter.sys
 \Driver\usbfilter
Device queue is not busy.
If we run !devnode on the blue address, we get the below output :-
Code:
0: kd> !devnode [COLOR=#0000ff][B]ffffe001a5552d30[/B][/COLOR]
DevNode 0xffffe001a5552d30 for PDO 0xffffe001a544d060
  Parent 0xffffe0019f822890   Sibling 0000000000   Child 0xffffe001a57a8d30   
  InstancePath is "USB\[COLOR=#ff8c00][B]VID_0BC2[/B][/COLOR]&PID_A0A5\NA5JTZBA"
  ServiceName is "USBSTOR"
  State = DeviceNodeStarted (0x308)
  Previous State = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[09] = DeviceNodeEnumerateCompletion (0x30d)
  StateHistory[08] = DeviceNodeEnumeratePending (0x30c)
  StateHistory[07] = DeviceNodeStarted (0x308)
  StateHistory[06] = DeviceNodeStartPostWork (0x307)
  StateHistory[05] = DeviceNodeStartCompletion (0x306)
  StateHistory[04] = DeviceNodeStartPending (0x305)
  StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
  StateHistory[02] = DeviceNodeDriversAdded (0x303)
  StateHistory[01] = DeviceNodeInitialized (0x302)
  StateHistory[00] = DeviceNodeUninitialized (0x301)
  StateHistory[19] = Unknown State (0x0)
  StateHistory[18] = Unknown State (0x0)
  StateHistory[17] = Unknown State (0x0)
  StateHistory[16] = Unknown State (0x0)
  StateHistory[15] = Unknown State (0x0)
  StateHistory[14] = Unknown State (0x0)
  StateHistory[13] = Unknown State (0x0)
  StateHistory[12] = Unknown State (0x0)
  StateHistory[11] = Unknown State (0x0)
  StateHistory[10] = Unknown State (0x0)
  Flags (0x2c000130)  DNF_ENUMERATED, DNF_IDS_QUERIED, 
                      DNF_NO_RESOURCE_REQUIRED, DNF_NO_LOWER_DEVICE_FILTERS, 
                      DNF_NO_LOWER_CLASS_FILTERS, DNF_NO_UPPER_DEVICE_FILTERS
  CapabilityFlags (0x00000650)  Removable, UniqueID, 
                                SurpriseRemovalOK, WakeFromD0
We can see that the StateHistory is in Unknown State in many cases. Furthermore, if we search the Vendor ID of the highlighted device (ORANGE), I found that it is FreeAgent Go Flex from Seagate.

Could you please remove this Device till the time we are troubleshooting?
Also, if the BSOD's don't stop, please remove your Creative SB X Fi USB Device as well.

One more thing you should try doing is, try plugging all of your USB Devices in the USB 2.0 ports and check if you are getting any BSOD's or not.

Let me know how it goes ^_^
 
Last edited:
This is extremely helpful. That's my backup drive, and I've problems getting it to connect properly, but I didn't realize it could cause a BSOD. I've removed the drive, and we'll see what happens.

In the meantime, is there any way to fix or rehabilitate that external drive? In other words, is this a software or filesystem problem I can fix, or is it likely a physical problem with the drive?

Many thanks, this has been very helpful.
 
Hi Cschodt ^_^,

I apologize for my late reply as I have been out of town :(

Let me know how it goes with the BSOD Problems. If you are experiencing problems connecting the drive then it could possibly mean that the disk is dying.

I would suggest you to backup the data inside it immediately. See if the drive fails any test in the Drive Diagnostics over **HERE**.

Let me know how it goes ^_^
 
Back
Top