Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer BSODs on network usage it seems


  • Please log in to reply
6 replies to this topic

#1 jerseph

jerseph

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2014 - 11:09 AM

Hello. So, I've encountered a rather interesting BSOD problem on my new custom built computer. I've had problems with BSODs before, but nothing that I haven't been able to fix myself. But this really mystifies me.

About a week ago this new computer started getting BSODs when doing network intensive tasks(when dowloading games, streaming videos etc.). I have googled my BSODs and it seemed to be the built in killer network adapter that was causing these problems. And since then I've tried a lot of things, including updating the driver and installing the standalone driver without the killer software suitem, updating bios, etc. Still the BSODs keep coming.. And since I am not by any means a computer software expert I thought I would try this forum.

I used dm log collector to collect my data and will be attaching them to this post.

Any help will be greatly appreciated. It seems I won't be able to fix this problem myself.

Thanks in advance.

Joseph

Attached Files



BC AdBot (Login to Remove)

 


#2 jerseph

jerseph
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2014 - 11:12 AM

Results from mintoolbox as well:

Attached Files



#3 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:03:20 PM

Posted 12 September 2014 - 12:09 PM

1: kd> .cxr 0xfffff8800331ac30;r
rax=0000000000000000 rbx=f7fffa80101533e0 rcx=f7fffa80101533e0
rdx=0000000000000030 rsi=0000000000000030 rdi=0000000000000001
rip=fffff8800f67519e rsp=fffff8800331b610 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000000 r10=fffff8800f7d8300
r11=fffff8800331b670 r12=fffff8800331b7f0 r13=fffffa800f8cfa58
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nvlddmkm+0x1b719e:
fffff880`0f67519e 395110          cmp     dword ptr [rcx+10h],edx ds:002b:f7fffa80`101533f0=????????

Your older dump file form a couple of days ago points your Nvidia driver being the cause, it's failing to compare the values within the edx register to an address calculated by adding the rcx value with 10.

It's a 0x3D bugcheck which is so uncommon that there is no documentation for it.

 

Given the IRQL was at 6 which is a device IRQL that's probably why we got this bugcheck.

1: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0f4be000 fffff880`1014c000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Wed Jul 02 18:42:02 2014 (53B4446A)
    CheckSum:         00C4C7C9
    ImageSize:        00C8E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I've had problems with this driver version actually, try updating it to the latest version or rolling back.

0: kd> lmvm e22w7x64
start             end                 module name
fffff880`0f400000 fffff880`0f427000   e22w7x64 T (no symbols)           
    Loaded symbol image file: e22w7x64.sys
    Image path: \SystemRoot\system32\DRIVERS\e22w7x64.sys
    Image name: e22w7x64.sys
    Timestamp:        Wed Mar 20 21:35:41 2013 (514A2BAD)
    CheckSum:         00031967
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Ekiller network driver is still fairly outdated, can you update it any more, via device manager or manually?



#4 jerseph

jerseph
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2014 - 12:20 PM

1: kd> .cxr 0xfffff8800331ac30;r
rax=0000000000000000 rbx=f7fffa80101533e0 rcx=f7fffa80101533e0
rdx=0000000000000030 rsi=0000000000000030 rdi=0000000000000001
rip=fffff8800f67519e rsp=fffff8800331b610 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000000 r10=fffff8800f7d8300
r11=fffff8800331b670 r12=fffff8800331b7f0 r13=fffffa800f8cfa58
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nvlddmkm+0x1b719e:
fffff880`0f67519e 395110          cmp     dword ptr [rcx+10h],edx ds:002b:f7fffa80`101533f0=????????

Your older dump file form a couple of days ago points your Nvidia driver being the cause, it's failing to compare the values within the edx register to an address calculated by adding the rcx value with 10.

It's a 0x3D bugcheck which is so uncommon that there is no documentation for it.

 

Given the IRQL was at 6 which is a device IRQL that's probably why we got this bugcheck.

1: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0f4be000 fffff880`1014c000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Wed Jul 02 18:42:02 2014 (53B4446A)
    CheckSum:         00C4C7C9
    ImageSize:        00C8E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I've had problems with this driver version actually, try updating it to the latest version or rolling back.

0: kd> lmvm e22w7x64
start             end                 module name
fffff880`0f400000 fffff880`0f427000   e22w7x64 T (no symbols)           
    Loaded symbol image file: e22w7x64.sys
    Image path: \SystemRoot\system32\DRIVERS\e22w7x64.sys
    Image name: e22w7x64.sys
    Timestamp:        Wed Mar 20 21:35:41 2013 (514A2BAD)
    CheckSum:         00031967
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Your Ekiller network driver is still fairly outdated, can you update it any more, via device manager or manually?

 

 

 

Hello, thank you for your assistance.

I will try another nvidia driver, since I'm using the latest one I guess I'll have to download an older one?

 

About the network driver, I downloaded the latest one and had that installed along with their suite of (crap)programs, and I still got a BSOD, so I found a standalone one, which I guess is old, is there any use in reinstalling the newest one again since I still BSOD when I had it installed?

 

Thanks!

 


Edited by jerseph, 12 September 2014 - 12:26 PM.


#5 jerseph

jerseph
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2014 - 12:44 PM

Just to follow up, I rolled back to an earlier nvidia driver, then uninstalled the killer network driver, and installed the latest driver again. That's where I'm at right now.



#6 jerseph

jerseph
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2014 - 12:55 PM

And what happened, just got a new BSOD, looks to be almost identical to my latest one, what do you think?

 

This is ridiculous.

 

attaching the new dmp file.

Attached Files



#7 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:03:20 PM

Posted 12 September 2014 - 06:33 PM

0: kd> .trap 0xfffff80000b9c290
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000008 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa80108cf0d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cc7861 rsp=fffff80000b9c420 rbp=fdfffa80108cf0d8
 r8=fffff80002e3d001  r9=0000000000000007 r10=0000000000000068
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!KiTimerWaitTest+0x171:
fffff800`02cc7861 488b6d00        mov     rbp,qword ptr [rbp] ss:0018:fdfffa80`108cf0d8=????????????????

So we have a timer waiting and trying to copy data from the memory location being pointed to by a pointer stored in rbp to rbp which doesn't work.

0: kd> !pte fdfffa80`108cf0d8
                                           VA fdfffa80108cf0d8
PXE at FFFFF6FB7DBEDFA8    PPE at FFFFF6FB7DBF5000    PDE at FFFFF6FB7EA00420    PTE at FFFFF6FD40084678
Unable to get PXE FFFFF6FB7DBEDFA8
WARNING: noncanonical VA, accesses will fault !

The address will always generate a fault when accessed if noncanonical.

fffff800`00b9b2c8 fffff800`02cb75be : fffff800`00b9b850 fffff800`00b9b398 fffff800`00b9ba40 fffff800`02ceaa90 : nt!KeBugCheck
fffff800`00b9b2d0 fffff800`02cea75d : fffff800`02ece380 fffff800`02e0b260 fffff800`02c4a000 fffff800`00b9c1e8 : nt!KiKernelCalloutExceptionHandler+0xe
fffff800`00b9b300 fffff800`02ce9535 : fffff800`02e0f038 fffff800`00b9b378 fffff800`00b9c1e8 fffff800`02c4a000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`00b9b330 fffff800`02cfa4c1 : fffff800`00b9c1e8 fffff800`00b9ba40 fffff800`00000000 fffffa80`108cf0d0 : nt!RtlDispatchException+0x415
fffff800`00b9ba10 fffff800`02cbf242 : fffff800`00b9c1e8 fffffa80`108cf0d8 fffff800`00b9c290 fffffa80`108cf090 : nt!KiDispatchException+0x135
fffff800`00b9c0b0 fffff800`02cbda12 : fffff880`033d7180 fffff880`033d9300 fffff800`00b90002 fffffa80`0f2b88a0 : nt!KiExceptionDispatch+0xc2
fffff800`00b9c290 fffff800`02cc7861 : 00000000`00000002 fffff800`02cca85c fffff800`00b9c4c0 fffff800`00b9c4c0 : nt!KiStackFault+0x112
fffff800`00b9c420 fffff800`02cca69d : fffffa80`108cf0d0 fffffa80`1105cc58 00000000`00000000 00000000`00000000 : nt!KiTimerWaitTest+0x171
fffff800`00b9c4a0 fffff800`02cca5de : 00000000`0a7dc3dd fffff800`00b9cb18 00000000`00000468 fffff800`02e3df88 : nt!KiProcessExpiredTimerList+0x6d
fffff800`00b9caf0 fffff800`02cca3c7 : 00000000`03af39c6 00000000`00000468 00000000`03af39cc 00000000`00000068 : nt!KiTimerExpiration+0x1be
fffff800`00b9cb90 fffff800`02cb78ca : fffff800`02e3ae80 fffff800`02e48cc0 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a

So again, it looks like a driver using a bad instruction pointer.

 

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
 Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot%[B] and labeled [B]MEMORY.DMP.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users