[SOLVED] Unrepeatable BSOD, fixed few problems I think, more inside - Windows 8.1 x64

I did a clean install of windows. Changed the 7950 to a 270x. I got the same bluescreen twice in a row within 30 minutes. Here are the two dump files for that. Thanks for your help.
 

Attachments

I found this line in event viewer:

The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{1181d8f9-0596-11e4-8251-6805ca273b27}#0000000000100000.
 
This isn't making sense to me anymore. Here's a dump file for my intel ethernet adaptor that I literally just updated. I'm not sure what to do anymore, because it doesn't seem like I'm narrowing down the problem at all.
 

Attachments

Again, your network driver is at fault.

Code: 
BugCheck D1, {[COLOR=#ff0000]fffffffffffffff4[/COLOR], [COLOR=#0000ff]7[/COLOR], [COLOR=#ff8c00]1[/COLOR], fffff801ce14a323}

This bugcheck shows that an attempt to write to an invalid address at a high IRQL has taken place.

We can check that it's invalid by checking the Page Table Entries of that address.

Code: 
1: kd> [COLOR=#008000]!pte fffffffffffffff4
[/COLOR]                                           VA fffffffffffffff4
PXE at FFFFF6FB7DBEDFF8    PPE at FFFFF6FB7DBFFFF8    PDE at FFFFF6FB7FFFFFF8    PTE at FFFFF6FFFFFFFFF8
contains 0000000000E9F063  contains 0000000000EA0063  contains 00000000013D5063  contains 0000000000000000
pfn e9f       ---DA--KWEV  pfn ea0       ---DA--KWEV  pfn 13d5      ---DA--KWEV  [COLOR=#ff0000]not valid[/COLOR]

Code: 
ffffd001`0b937b98 fffff800`5fbe5ae9 : 00000000`0000000a ffffffff`fffffff4 00000000`00000007 00000000`00000001 : [COLOR=#0000ff]nt!KeBugCheckEx
[/COLOR]ffffd001`0b937ba0 fffff800`5fbe433a : 00000000`00000001 ffffe001`2d14e000 00000000`00000000 ffffd001`0b937ce0 : [COLOR=#0000ff]nt!KiBugCheckDispatch+0x69[/COLOR]
ffffd001`0b937ce0 fffff801`ce14a323 : 00000000`00000000 ffffd001`0b937f40 fffff801`ce149b9e ffffe001`2d14e000 : [COLOR=#800080]nt!KiPageFault+0x23a[/COLOR]
ffffd001`0b937e78 00000000`00000000 : ffffd001`0b937f40 fffff801`ce149b9e ffffe001`2d14e000 00000000`00000001 : [COLOR=#ff0000]e1q63x64+0x18323[/COLOR]

Here we can see that your Intel network driver caused a page fault which isn't allowed at an IRQL of 2 or above hence the bugcheck.
Even if the IRQL was lower than 2 a bugcheck would still appear as invalid memory was referenced.

Lets look at the page fault trap frame.

Code: 
1: kd> [COLOR=#008000].trap 0xffffd0010b937ce0[/COLOR]
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe0012cbb5f30
rdx=ffffe0012d256000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801ce14a323 rsp=ffffd0010b937e78 rbp=[COLOR=#ff8c00]0000000000000000[/COLOR]
 r8=0000000000000001  r9=ffffd0010b937f78 r10=ffffe0012cbb5f30
r11=00000000000002aa r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl nz ac pe cy
e1q63x64+0x18323:
fffff801`ce14a323 c645f401        [COLOR=#008000]mov[/COLOR]     byte ptr [[COLOR=#ff8c00]rbp[/COLOR]-0Ch],1 ss:0018:[COLOR=#ff0000]ffffffff`fffffff4[/COLOR]=??

We can't say for sure as not all the registers would have been saved but it looks like a null pointer.

Code: 
1: kd> [COLOR=#008000]lm vm e1q63x64[/COLOR]
start             end                 module name
fffff801`ce132000 fffff801`ce1a6000   e1q63x64 T (no symbols)           
    Loaded symbol image file: e1q63x64.sys
    Image path: e1q63x64.sys
    Image name: e1q63x64.sys
    Timestamp:        [COLOR=#ff0000]Wed Mar 27 17:12:50 2013[/COLOR] (51532892)
    CheckSum:         0007F55D
    ImageSize:        00074000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Is there no newer network driver version?
 
It's only a null pointer if it says it is, and it's not in this case. In this case, it's just due to the fact that it's an x64 system and all non-volatile registers seen as garbage.

Regardless, just from looking at it:

Code: 
[COLOR=#0000cd]fffffffffffffff4[/COLOR]

We can tell that's not exactly a valid memory address by any means. As you noted, the !pte also shows that.

The only thing I'm confused about is the driver that's causing the problem is:

Code: 
1: kd> lmvm e1q63x64
start             end                 module name
fffff801`ce132000 fffff801`ce1a6000   e1q63x64 T (no symbols)           
    Loaded symbol image file: [COLOR=#ff0000]e1q63x64.sys[/COLOR]
    Image path: [COLOR=#ff0000]e1q63x64.sys[/COLOR]
    Image name: [COLOR=#ff0000]e1q63x64.sys[/COLOR]
    Timestamp:        Wed Mar 27 13:12:50 2013

e1q63x64.sys is the Intel(R) Gigabit Adapter NDIS 6.x driver. According to your motherboard downloads page (MSI USA Z87-G45 GAMING), your LAN driver should be the Killer network driver. It looks like you may not have installed this driver, therefore Windows Update installed this driver instead? I can't tell. Either that or the Killer network driver is labeled this for some reason.

Regards,

Patrick
 
No sorry the intel network card is correct as I installed one a week ago to bypass the killer e2200 and see if that worked. It hasn't changed much in terms of
error frequency.

Just ran another memtest overnight and no errors over 10 passes.

The intel network card driver that I currently have is up to date from intels support page.
 
Ah, that's right! Thanks for clarifying that.

Can you enable Driver Verifier, please? I'd like to see if it ends up flagging the network drivers:

Driver Verifier:

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

Any other questions can most likely be answered by this article:

Using Driver Verifier to identify issues with Windows drivers for advanced users

Regards,

Patrick
 
Alright I enabled Driver Verifier exactly as you said. I'll have a chance to let it run while I'm at work today. Is it more effective if I leave my computer at desktop and not run any programs? Or should I try and force a crash by running League of Legends at the same time? The three crashes have all occurred during League running.
 
Do whatever you normally do to ensure the best possible outcome.
 
If you can reproduce the crash, go ahead and do so. Given it happens during LoL gameplay, I'd suggest a custom game so you don't end up getting suspended/banned for 'leaving' games.

Regards,

Patrick
 
Got one to happen. Happened on my second game around 20 minutes in. Beforehand it lasted a previous game of 35 minutes without crashing. Here's the dump file.

edit: Driver verifier was running during this. Do I have to do anything else aside from upload this current dump file?

Cheers.
 

Attachments

Code: 
1: kd> !verifier -f
fffff803d6ce8680: Unable to get verifier list.

It doesn't appear that way, although I of course don't doubt you. Can you try one more time?

Regards,

Patrick
 
Want me to get another one? Or re-upload it?

edit: Sorry I understand what you mean now. To my knowledge driver verifier is running. I uploaded a picture of it now. Is that not correct?
 
I just got another bluescreen but it didn't return me a dump file. The screen only showed up for maybe one second total.
 
Try once more as in let the system crash once more with verifier enabled, and then attach the dump.

Regards,

Patrick
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top