BSoD: "iastorv.sys" - Vista x64 SP2

B

bromberg

Member
Joined
May 25, 2013
Posts
22
Hi,
Suddenly I am receiving the BSoD on bootup and noted that "iastorv.sys" was at the bottom of the BSoD.
After a few boot attempts I am able to run with no problem but when I shutdown and reboot the BSoD takes over once again.
I am running Vista/sp2 and I attached the zip file created by your utility.
No new hardware has been added.

Any suggestions would be greatly appreciated.
Thanks,
Dan
 
Last edited by a moderator:
re: BSoD: "iastorv.sys" - Vista x64 SP2

Hi,

We have two DMP files and two different bug checks:

PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).

Another common cause is the installation of a faulty system service.

Antivirus software can also trigger this error, as can a corrupted NTFS volume.

Let's take a look at the call stack:
Code: 
1: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffffa60`005a4fc8 fffff800`032d1c06 : 00000000`00000050 fffffa81`064411c0 00000000`00000000 fffffa60`005a50b0 : nt!KeBugCheckEx
fffffa60`005a4fd0 fffff800`0326ccd9 : 00000000`00000000 fffffa80`0580d000 fffffa60`00020000 00000000`00002000 : nt! ?? ::FNODOBFM::`string'+0x2c4dd
fffffa60`005a50b0 fffffa60`011bb3f0 : fffffa60`011b60fa 00000000`00002000 00000000`00001000 00000000`fffff000 : nt!KiPageFault+0x119 (TrapFrame @ fffffa60`005a50b0)
fffffa60`005a5248 fffffa60`011b60fa : 00000000`00002000 00000000`00001000 00000000`fffff000 fffffa80`051c9d30 : [COLOR=#ff0000][I][B]ecache!memcpy+0xb0[/B][/I][/COLOR]
fffffa60`005a5250 fffffa60`011b6524 : 00000000`00000000 fffffa80`061a89e0 00000000`00000000 fffffa80`72436345 : [COLOR=#ff0000][I][B]ecache!EcCacheBlockCopyCompletionData+0x31a[/B][/I][/COLOR]
fffffa60`005a5310 fffffa60`011b524f : 00000bdb`0005e600 fffffa60`00004000 fffffa60`00100000 00000054`38d8c000 : [COLOR=#ff0000][I][B]ecache!EcCacheIoDereference+0x380[/B][/I][/COLOR]
fffffa60`005a5c60 fffff800`0347a227 : 00000000`01a13ae2 fffffa80`063aebb0 00000000`00000080 fffffa60`011c3fd0 : [I][COLOR=#ff0000][B]ecache!EcCacheIoWorker+0x7db[/B][/COLOR][/I]
fffffa60`005a5d50 fffff800`032ab456 : fffffa60`019d2180 fffffa80`063aebb0 fffffa80`051e4720 00000000`00000002 : nt!PspSystemThreadStartup+0x57
fffffa60`005a5d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16

We have a few ecache.sys routines being called (Special Memory Device Cache system driver).

Code: 
1: kd> .trap fffffa60`005a50b0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8008674000 rbx=0000000000000000 rcx=fffffa8008675000
rdx=00000000fddcc1c0 rsi=0000000000000000 rdi=0000000000000000
rip=fffffa60011bb3f0 rsp=fffffa60005a5248 rbp=fffffa8008675000
 r8=0000000000002000  r9=0000000000000100 r10=fffffa60005a5180
r11=fffffa8008675000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
[COLOR=#ff0000][I][B]ecache!memcpy+0xb0[/B][/I][/COLOR]

^^ memcpy is a function that copies the values of num bytes from the location pointed by source directly to the memory block pointed by destination.

SYSTEM_SERVICE_EXCEPTION (3b)

This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

BugCheck 3B, {c0000005, fffff8000326f6ef, fffffa600b965ed0, 0}

Let's go ahead and run a .cxr on the 3rd parameter of the bug check:

Code: 
1: kd> .cxr 0xfffffa600b965ed0
rax=fffffa800598dbb0 rbx=f7fffa8005890840 rcx=f7fffa8005890840
rdx=0000000000000101 rsi=fffffa8005afd010 rdi=fffffa800598dbb0
rip=fffff8000326f6ef rsp=fffffa600b966730 rbp=0000000000000001
 r8=0000000000000801  r9=fffff800033a3160 r10=fffffa60005ecd80
r11=0000000000000002 r12=fffffa600b9668b0 r13=fffffa600a108158
r14=fffffa8005afd248 r15=0000000000000002
iopl=0         nv up di ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010086
[COLOR=#ff0000][I][B]nt!ExAcquireResourceExclusiveLite+0x1f[/B][/I][/COLOR]

Let's run ln on the address of the instruction which caused the bugcheck (2nd parameter):

Code: 
1: kd> ln fffff8000326f6ef
(fffff800`0326f6d0)   [COLOR=#ff0000][I][B]nt!ExAcquireResourceExclusiveLite+0x1f[/B][/I][/COLOR]   |  (fffff800`03272e68)   nt!ExEnterPriorityRegionAndAcquireResourceExclusive

It appears the exception is consistently occurring in nt!ExAcquireResourceExclusiveLite+0x1f, which is a routine that acquires the given resource for exclusive access by the calling thread.


(I just discovered you can add horizontal lines... neat)

1. Remove and replace avast! with Microsoft Security Essentials for temporary troubleshooting purposes:

avast! removal - avast! Uninstall Utility | Download aswClear for avast! Removal

MSE - Microsoft Security Essentials - Microsoft Windows

2. hotcore3.sys - Tue Jul 29 17:58:17 2008

^^ HotBackup by Paragon Software Group. I would go ahead and uninstall this software (at least temporarily) as it may very well be causing conflicts.

3. Uninstall SmartDefrag ASAP. You may also want to know that IObit steals intellectual property - https://forums.malwarebytes.org/index.php?showtopic=29681

Regards,

Patrick
 
re: BSoD: "iastorv.sys" - Vista x64 SP2



(I just discovered you can add horizontal lines... neat)
Click to expand...

haha :thumbsup2:

Please also don't forget to test your hardware.

You may use Seatools (hard drive diagnostics) and Memtest86+ (memory diagnostics) You want the "Precompiled Bootable ISO (.zip)"

NOTE: It is recommended to run Memtest86+ for at least 8-10 passes for accurate results. And run the long test for Seatools.

You must burn these to separate CDs as an image you can use ImgBurn to do this. You must boot th PC from these CDs.

Please post if you need any assistance in doing this along side Patrick's suggestions.
 
re: BSoD: "iastorv.sys" - Vista x64 SP2

Patrick:

I don't want to speak too soon, but my BSoD issue seems to be solved!

I backed off the driver "iastorv.sys" that appeared at the bottom of the BSoD and ever since then no more BSoDs have appeared!?! Not sure why this driver was the culprit or how it got corrupted (Vista didn't say it was bad in the Device Manager screen) :huh: but all seems back to normal.

Thanks for your interest and suggestions.
Dan
 
Patrick:

Looks like I jinxed myself. No sooner do I tell you that all is well when all of a sudden my (Vista) Blue Screen woes are starting again (I was fine for 6 months after I inserted new memory) so I have a basic(?) question for you:

Before booting, I PF8 into a screen that allows me to choose "THE LAST KNOWN GOOD CONFIGURATION" and (so far) that allows
me to safely boot with no BSoD. My question is: how can I accept this last known config permanently - i.e. once I'm up and running,
how can I tell which "last configuration" I'm running with and then accept that going forward?


As always, thanks for your ideas.

Dan
 
Marked unsolved.

LKGK is a state that is saved from the very last time your system was able to boot without detecting any issues whatsoever, therefore it is whatever that specific timeframe is. I actually don't know how to tell.

Can you please attach the latest DMP files?

Regards,

Patrick
 
Patrick,

Attached is the requested Windows7_Vista_jcgriff2.zip file.
Do you know of any way I can request Windows to simply boot from the LKGC without me having to PF8 to it on each boot?
i.e., why can't it just remember it and save me the hassle?

Is the LKGC one of my restore points?

Thanks,
Dan
 
AFAIK there isn't a way, and LKGK =/= restore point(s).

Anyway, the attached DMP's are from 2/12, aka the ones we've already seen. This is probably because after every crash, you're having to use LKGK. When you do this, the dump that was just generated obviously does not exist. Have you tried booting to safe mode after a crash to see if you can, that way we can get the dump(s)?

Regards,

Patrick
 
Patrick,
Can you clarify why Avast! should be uninstalled? I've been using it fir over 7 years now and cannot believe it has anything to do with my BSoD woes.
Similarly, though I have Paragon products installed but they are never running and are not part of my Startup, so I'm confused why I should delete them.

In any event, I decided to do a system restore to a restore checkpoint from a few weeks ago, so I'll see if that helps.

As always, thanks for your suggestions.
Dan
 
Can you clarify why Avast! should be uninstalled?
Click to expand...

As we're troubleshooting crashes, we need to remove possible variables. Antiviruses are very complex software, and work deeply with the OS in different ways. Often, this causes conflicts and corruption. Antiviruses often also conflict with backup software by interfering with the process, blocking the software itself, etc.

Similarly, though I have Paragon products installed but they are never running and are not part of my Startup, so I'm confused why I should delete them.
Click to expand...

As I said above:

I would go ahead and uninstall this software (at least temporarily) as it may very well be causing conflicts.
Click to expand...

It's a backup software that works a lot with the file system, and in your case, you're getting 0x50 crashes. This is something that would be smart to remove from the equation, at least temporarily, to be sure it isn't causing any issues. It doesn't matter if something is on startup or not, if a driver is called for a specific reason, then that's all it takes.

Regards,

Patrick
 
Patrick,

Once again I am hopeful that by restoring my system I appear to have dodged the BSoD bullet (at least based on my last few boot-ups).
But before you close my issue (I am prepared to resort to my factory install disk if need be) please answer one last question:

Now that my system seems stable based on the 1/27/2014 restore point I used, I would like to make sure that this restore point does not "roll off" so I will have access to it, if need be. However, I no longer see it (and apparently the next earliest available restore point is now 2/3/2014) so if I cannot get back the 1/27 restore point how may I assure myself of at least not losing the 2/3 restore point (which though not tested I feel somewhat assured is close enough to 1/27 to recover my system) ?

Thanks for all your timely replies and interest in my problem!
Dan
 
As you restored to it, it's gone. You'll need to set another one - Vista - START | type rstrui - create a restore point

Regards,

Patrick
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top