1. #1

    Join Date
    Aug 2015
    New York

    BSOD - shutdown and banana problems (I am going bananas)

    For a few days I thought I was winning the war, except had no ship to announce it from. (Bush)
    Yesterday I witnessed how my rig was struggling six minutes trying to shut down. (Six min is my new 180000 msec timeout now...) It hangs with HDDs running. When I push power it shuts down, will get an event that it was not shut down correctly, and it may or may not come up with a blue screen. For the first time I saw e1rexpress and e1dexpress warnings as the last thing before shutdown Intel Gigabit and Ethernet. Will try to make Event screenshot.
    The iastore.sys and ntoskrnl.exe are the usual culprit. Intel rapid is disabled. These are half of the bananas.
    For those who can't have enough:
    The Service control Manager in this case is for the Windows Color System failed to start... ...in a timely fashion, - and this is not true, because as I said I ratcheted to time limit to 180000 msec, and if I want to start the service manually from services, it shoots up this error window instantaneously, so most people could tell the difference between that and 6 minutes and I am one of those. I downloaded a new WCS into the registry, obviously that did not do a thing.
    Also with the Perflib and Perfnet I spent what I will recall as the best time of my youth wasted. Hopefully - because I am 65, - it would have to be from the proper perspective...
    So, I was looking for a "begging for help" icon, but you will just have to believe me without expressive visuals.

    PS: in the instructions: perfmon/report I understand does not exist in Win 8.1. (I mean the report part.)
    Thanks fellaws, George
    Attached Thumbnails Attached Thumbnails BSOD - shutdown and banana problems (I am going bananas)-event-viewer-jpg   BSOD - shutdown and banana problems (I am going bananas)-bluescreen-jpg  

    • Ad Bot



  2. #2

    Re: BSOD - shutdown and banana problems (I am going bananas)

    The problem in some of these dumps is hard to tell due to unloaded modules, but where the problems don't appear to come from the disk subsystem itself, it can clearly be seen the issue is webroot - given webroot works as a disk I/O filter driver, I'd wager this is probably the root cause and not the victim:

    10: kd> !thread
    GetPointerFromAddress: unable to read from fffff803e01d6000
    THREAD ffffe001ca049080  Cid 01f8.06dc  Teb: 000000007ed23000 Win32Thread: 0000000000000000 RUNNING on processor a
    IRP List:
        Unable to read nt!_IRP @ ffffcf80b7076a60
    Not impersonating
    GetUlongFromAddress: unable to read from fffff803e0123b00
    Owning Process            ffffe001c9d178c0       Image:         WRSA.exe
    Attached Process          N/A            Image:         N/A
    fffff78000000000: Unable to get shared data
    Wait Start TickCount      1951         
    Context Switch Count      2              IdealProcessor: 10             
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime                  00:00:00.000
    KernelTime                00:00:00.000
    Win32 Start Address 0x0000000000aca9d0
    Stack Init ffffd0002197ac90 Current ffffd0002197a5a0
    Base ffffd0002197b000 Limit ffffd00021975000 Call 0
    Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    ffffd000`21978f58 fffff803`dffd33e9 : 00000000`0000003b 00000000`80000003 fffff803`dffce4d8 ffffd000`21979810 : nt!KeBugCheckEx
    ffffd000`21978f60 fffff803`dffd2cfc : 00000000`00000000 fffff803`dffba683 ffffd000`2197ab00 fffff803`dfeeb2d7 : nt!KiBugCheckDispatch+0x69
    ffffd000`219790a0 fffff803`dffceded : ffffd000`21979810 00000000`00000000 ffffd000`2197a008 ffffd000`21979210 : nt!KiSystemServiceHandler+0x7c
    ffffd000`219790e0 fffff803`dfeeb01d : 00000000`00000001 fffff803`dfe79000 ffffd000`2197a001 00000011`00000000 : nt!RtlpExecuteHandlerForException+0xd
    ffffd000`21979110 fffff803`dfeef3de : ffffd000`2197a008 ffffd000`21979d10 ffffd000`2197a008 00000000`0000002f : nt!RtlDispatchException+0x1a5
    ffffd000`219797e0 fffff803`dffd34c2 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd000`2197a180 : nt!KiDispatchException+0x646
    ffffd000`21979ed0 fffff803`dffd2b33 : ffffd000`2197a181 00000000`00000000 00000000`21970100 6f6e2064`00000042 : nt!KiExceptionDispatch+0xc2
    ffffd000`2197a0b0 fffff803`dffce4d8 : fffff803`e008a4d1 ffffd000`2197a3a0 fffff803`dfef2b70 fffff801`af93ea80 : nt!KiDebugServiceTrap+0xf3 (TrapFrame @ ffffd000`2197a0b0)
    ffffd000`2197a248 fffff803`e008a4d1 : ffffd000`2197a3a0 fffff803`dfef2b70 fffff801`af93ea80 ffffe001`c6ea6000 : nt!DebugPrompt+0x18
    ffffd000`2197a250 fffff801`af968ae2 : fffff801`af93ea80 ffffe001`c6ea6000 fffff801`af968060 00000000`00000007 : nt!DbgPrompt+0x35
    ffffd000`2197a2a0 fffff801`af968c7c : 00000000`00000029 ffffe001`c6ebc530 ffffe001`bf0eefa0 fffff801`af9378f8 : fltmgr!FltpvPrintErrors+0x14e
    ffffd000`2197a510 fffff801`af96b1a6 : 00000000`00000000 ffffc000`95be12b0 fffff801`af91a000 ffffe001`c6ea6010 : fltmgr!FltpvUnlinkResourceFromFilter+0x104
    ffffd000`2197a560 fffff801`af9bb043 : ffffc000`95be1268 fffff801`af91f945 00000000`00000001 fffff803`dfed025a : fltmgr!FltvReleaseContext+0x1b
    ffffd000`2197a590 ffffc000`95be1268 : fffff801`af91f945 00000000`00000001 fffff803`dfed025a ffffc000`95be1250 : WRkrn+0x4043
    ffffd000`2197a598 fffff801`af91f945 : 00000000`00000001 fffff803`dfed025a ffffc000`95be1250 fffff801`af923b21 : 0xffffc000`95be1268
    ffffd000`2197a5a0 fffff801`af9468c5 : 00000000`00000000 fffff801`af91a000 00000000`00000000 ffffc000`95be1268 : fltmgr!TreeUnlinkMulti+0x113
    ffffd000`2197a5f0 fffff801`af91c4b2 : ffffe001`c9fdfca0 ffffd000`2197a6c9 ffffe001`c9cc6620 ffffe001`c49f92a0 : fltmgr!FltpDeleteContextList+0xb5
    ffffd000`2197a620 fffff801`af91d5ac : ffffd000`2197a830 fffff803`e0240600 00000000`00000000 00000000`00000002 : fltmgr!FltpPerformPreCallbacks+0x712
    ffffd000`2197a730 fffff801`af91b5ce : ffffe001`ca058010 ffffd000`2197a7a0 ffffcf80`b7076f68 00000000`00000000 : fltmgr!FltpPassThroughInternal+0x8c
    ffffd000`2197a760 fffff801`af91b0aa : ffffe001`c49f8830 00000000`00000002 ffffcf80`b7076a60 ffffe001`c6fadde0 : fltmgr!FltpPassThrough+0x2be
    ffffd000`2197a810 fffff803`e04ec911 : ffffcf80`b7076a60 00000000`00000002 00000000`00000001 fffff803`dff07501 : fltmgr!FltpDispatch+0x9a
    ffffd000`2197a870 fffff803`e02406b8 : ffffe001`c9fdfca0 ffffe001`c49fa030 ffffcf80`b7076a60 ffffe001`c6fadd40 : nt!IovCallDriver+0x3cd
    ffffd000`2197a8c0 fffff803`e024451c : 00000000`00000000 ffffe001`c9fdfca0 ffffe001`bc2879a0 ffffe001`c9fdfc70 : nt!IopDeleteFile+0x128
    ffffd000`2197a940 fffff803`dfed244f : 00000000`00000000 ffffd000`2197aa99 ffffe001`c9fdfca0 ffffe001`c9fdfc70 : nt!ObpRemoveObjectRoutine+0x64
    ffffd000`2197a9a0 fffff803`e023f995 : ffffe001`bc2879a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0x8f
    ffffd000`2197a9e0 fffff803`dffd30b3 : 00000000`00000008 00000000`000006e4 00000000`044cfdb0 00000000`0450fcfc : nt!NtClose+0x205
    ffffd000`2197ab00 00000000`77ad2352 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`2197ab00)
    00000000`044ced78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ad2352
    10: kd> lmvm WRkrn
    start             end                 module name
    fffff801`af9b7000 fffff801`af9d6000   WRkrn    T (no symbols)           
        Loaded symbol image file: WRkrn.sys
        Image path: \SystemRoot\System32\drivers\WRkrn.sys
        Image name: WRkrn.sys
        Timestamp:        Wed Jul 22 08:20:08 2015 (55AFB4A8)
        CheckSum:         0002B71A
        ImageSize:        0001F000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Webroot's own forums have (unsolved, I might add) posts about this particular driver causing bugchecks going back to 2012 - if you completely uninstall and remove WebRoot, does the problem persist? Given the behaviors your describe, the only thing in common would be a filter driver, and this most certainly is a filter driver causing an exception in the filter manager subsystem at times...
    jcgriff2 and Jared say thanks for this.
    MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8

  3. #3

    Join Date
    Dec 2014

    Re: BSOD - shutdown and banana problems (I am going bananas)

    the reason might be overclocking among suspected drivers loaded

    [CPU Information]
    ~MHz = REG_DWORD 4250
    Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
    Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
    Identifier = REG_SZ Intel64 Family 6 Model 63 Stepping 2
    ProcessorNameString = REG_SZ Intel(R) Core(TM) i7-5930K CPU @ 3.50GHz
    Update Status = REG_DWORD 0
    VendorIdentifier = REG_SZ GenuineIntel
    MSR8B = REG_QWORD 2e00000000

    Processor may be overclocked!
    Expected Frequency: 3500
    Actual Frequency: 4250
    Overclock Ratio: 1.21
    found in 122915-24031-01.dmp

    and this
    fffff800`45b47000 fffff800`45b50000 CorsairVHidDriver CorsairVHidDriver.sys Wed May 06 15:10:41 2015 (554A12D1)

    isn't the best Idea too
    something to fix i think.


  4. #4

    Re: BSOD - shutdown and banana problems (I am going bananas)

    Good catch - the i7 5930K turbos up to 3.7GHz, not 4.25GHz. There's a fairly interesting overclock going on here as that's a pretty aggressive overclock for that part if voltage isn't being regulated properly (at least).
    jcgriff2 says thanks for this.
    MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8

Similar Threads

  1. [SOLVED] Win7 BSOD problems
    By pmljr in forum BSOD, Crashes, Kernel Debugging
    Replies: 7
    Last Post: 04-26-2015, 09:08 AM
  2. 0x9f BSOD on each shutdown-Windows 8.1 x64
    By 5460 in forum BSOD, Crashes, Kernel Debugging
    Replies: 6
    Last Post: 12-21-2014, 03:36 AM
  3. BSOD Problems - Windows 7 x 64
    By Gravesbucket in forum BSOD, Crashes, Kernel Debugging
    Replies: 9
    Last Post: 04-06-2014, 08:31 PM
  4. Frequent BSOD Problems.
    By JohnAbyss in forum BSOD, Crashes, Kernel Debugging
    Replies: 5
    Last Post: 01-27-2014, 06:24 AM
  5. Shutdown and Program installation problems on Windows Vista
    By maxdagba in forum Windows 7 | Windows Vista
    Replies: 1
    Last Post: 12-13-2013, 07:34 PM

Log in

Log in