Getting random BSODs, WinDBG report faulty hardware

[Von_hohm]

A brief description of your problem (but you can also include the steps you tried)

Hello, English is not my native language, so sorry for any typo and grammar mistakes.


I've been getting random BSODs (and sometimes a instant reboot. i.e. PC goes straight to POST screen while using and NO dump files are generated) since I get my HP Elitebook 845g7 laptop 1.5 years ago. I think maybe it's related to the OEM installed software so I wiped the build-in OS and installed a Windows 10 Pro at some point on Oct. 2020. Since then, the frequency of BSOD is kinda low(once per week) so I just live with it. It is util March that the frequency of BSOD becames skyrocket. Here's a screenshot from eventviewer, after each BSOD kernel-power would report a critical error.

And I can't find other errors at the time of the BSOD in the eventlog.
Here's a screenshot of bluescreen view on the minidumps


Here's what I have done

• Disable the bulid-in NIC(Intel AX200) and use a external USB one, because sometimes the BSOD happens when I'm using Edge (or using the internet). But that didn't work —— The system still get BSODs on USB NICs.
• MemTest86+ 4 pass, no problem detected
• Windows memory dignoise, Extended mode, 11 pass, no problem.
• HP hardware dignoises on all components, no problems.
• Run SFC/scannow, no problems
• Run chkdsk, no problems
• At this point I'm desperate, so I post on reddit to ask for help(link:
  https://www.reddit.com/r/techsupport/comments/t2ewi9
  ). Following the instructions there, I've uninstalled the SangFor, which is a VPN used to access the internal resouces at my university, but that didn't work either
• I tried to swap memorys. My laptop run 2 RAM sticks(let's call then A、B) on 2 DIMM-Slots(let's call then 1,2). I tried running the computer with compositions on single RAM:1A、1B、2A、2B and double RAM:1A2B and 1B2A, which all crashes
• I enabled Driver verifier for all drivers on the system. Getting immediate BSOD after POST screen, Caught gvm leaking pooled allocation.(Full WinDBG log at Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64Copyright (c) Micr - Pastebin.com). But the system still get BSOD with Driver verifier enabled.
• WinDBG report the problem being hardware with a BUCKET_ID IP_MISALIGNED the most of time.

I realized it not something I couldn't handle, so I reinstall the system at 2022/04/03 (by Reset Windows 10, remove all apps while KEEPING files.). I've use DDU to uninstall the AMD drivers, and reinstall them afterwards, but the problem persists, I'm still getting BSODs. While I'm editing this post, I got another instant reboot.(I suspect it's a triple fault). Thankfully VSCode is able to recover the content.

I know the title states "A brief description", but as a CS majored student I think if I can provide what I've done and the corresponding consequence, it will help analyze the problem.
The output of speccy and attachment are taken from the reinstalled system
Thanks for anyone spend who spend precious their time reading this length post in advance.

System Manufacturer? HP
Laptop or Desktop? Laptop
Exact model number (if laptop, check label on bottom) HP Elitebook 845g7
OS ? (Windows 10, 8.1, 8, 7, Vista) Windows Pro 10.0.19044.1288
x86 (32bit) or x64 (64bit)? 64
(Only for Vista, Windows 7) Service pack?
What was original installed OS on system? Windows 10 Home
Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? It's a full retail version
Age of system? (hardware) 1.5 years
Age of OS installation? 2022-04-03
Have you re-installed the OS? Yes (Reset Windows 10, remove all apps while KEEPING files.)
CPU AMD Ryzen 7 PRO 4750U
RAM (brand, EXACT model, what slots are you using?) I remember it is Hynix, but can't recall the exact model. I'll inspect the RAM sticks and post a update here.
Video Card CPU-Integrated
MotherBoard - (if NOT a laptop)
Power Supply - brand & wattage (if laptop, skip this one)
Is driver verifier enabled or disabled? Disabled
What security software are you using? (Firewall, antivirus, antimalware, antispyware, and so forth) Windows defender
Are you using proxy, vpn, ipfilters or similar software? Yes, I use a proxy called Clash for Windows
Are you using Disk Image tools? (like daemon tools, alcohol 52% or 120%, virtual CloneDrive, roxio software) No
Are you currently under/overclocking? Are there overclocking software installed on your system? No

 

[Von_hohm]

Here's the output from speccy http://speccy.piriform.com/results/kniVzXPrF7jMhyzUzrVC02K

 

[Von_hohm]

Here's the minidump taken from the Previous OS(i.e. installed in Oct. 2020)

 

[x BlueRobot]

MemTest86+ is the older version and not recommended for newer systems. I would recommend that you run MemTest86 for at least 8 passes.

 

[Von_hohm]

MemTest86+ is the older version and not recommended for newer systems. I would recommend that you run MemTest86 for at least 8 passes.

Thanks for the reply! It seems I've confused MemTest86 and MemTest86+
My laptop only support UEFI so I actually used MemTest86. Nonetheless, I'll MemTest86 all day tomorrow.
Besides, I've been getting 3 hangs during the last 5 days. Not sure why that happened.
I've got another BSOD just now. It appears that the kernel mode driver FLTMGR referenced a user mode address and resulted in a page fault. Not sure why the value in cr2(000000008b4870d0) doesn't match the ones given by the instruction(add byte ptr [rbx+rcx*4+15h],cl ds:002b:ffff8388`818b10d9). Maybe the values in rbx and rcx is not saved in the exception context? Besides, WinDBG can't find valid previous instructions when trying to dump the content before the faulting instruction. Could this be the reason why WinDBG report IP_MISALIGNED?

||2:2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8075fb4af18, Address of the instruction which caused the BugCheck
Arg3: fffff601d8d6a530, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3780

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 56211

Key  : Analysis.Init.CPU.mSec
Value: 984

Key  : Analysis.Init.Elapsed.mSec
Value: 5274

Key  : Analysis.Memory.CommitPeak.Mb
Value: 154

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key  : WER.OS.Version
Value: 10.0.19041.1


FILE_IN_CAB:  041322-7937-01.dmp

BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff8075fb4af18

BUGCHECK_P3: fffff601d8d6a530

BUGCHECK_P4: 0

CONTEXT:  fffff601d8d6a530 -- (.cxr 0xfffff601d8d6a530)
rax=0000000000000000 rbx=ffff8388818b1080 rcx=0000000000000011
rdx=000000008b4870d0 rsi=000000008b4870d0 rdi=ffff8388818b16d0
rip=fffff8075fb4af18 rsp=fffff601d8d6af30 rbp=fffff8075fb43991
r8=fffff601d8d6af90  r9=7fff83888b4870d0 r10=fffff80763407c80
r11=fffff601d8d6afb0 r12=ffff838892337bb0 r13=ffff83888b487200
r14=fffff601d8d6b000 r15=fffff601d8d6b0d8
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
FLTMGR!FltGetInstanceContext+0x38:
fffff807`5fb4af18 004c8b15        add     byte ptr [rbx+rcx*4+15h],cl ds:002b:ffff8388`818b10d9=aa
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  sppsvc.exe

MISALIGNED_IP:
FLTMGR!FltGetInstanceContext+38
fffff807`5fb4af18 004c8b15        add     byte ptr [rbx+rcx*4+15h],cl

STACK_TEXT: 
fffff601`d8d6af30 00000000`8b487050     : ffff8388`8189d4e0 fffff807`5fb4af25 ffff8388`813708e0 fffff807`00000000 : FLTMGR!FltGetInstanceContext+0x38
fffff601`d8d6af70 ffff8388`8189d4e0     : fffff807`5fb4af25 ffff8388`813708e0 fffff807`00000000 ffff8388`00000000 : 0x8b487050
fffff601`d8d6af78 fffff807`5fb4af25     : ffff8388`813708e0 fffff807`00000000 ffff8388`00000000 00000000`8b487050 : 0xffff8388`8189d4e0
fffff601`d8d6af80 fffff807`6d39b0a1     : ffffb98d`ddee9050 fffff601`d8d6b018 00000000`00000000 ffff8388`8b487050 : FLTMGR!FltGetInstanceContext+0x45
fffff601`d8d6afc0 fffff807`6d39b029     : ffff8388`922c5b58 ffff8388`813708e0 00000000`00000000 ffff8388`00000000 : cldflt!HsmiFltPostECPCREATE+0x61
fffff601`d8d6b060 fffff807`5fb456c6     : 00000000`00000000 fffff807`6349ae1b fffff601`d8d6b1c9 fffff807`00000000 : cldflt!HsmFltPostCREATE+0x9
fffff601`d8d6b090 fffff807`5fb45116     : ffff8388`922c5a00 fffff807`6340ac00 ffff8388`00000001 00000000`00000000 : FLTMGR!FltpPerformPostCallbacksWorker+0x346
fffff601`d8d6b160 fffff807`5fb46cf2     : fffff601`d8d66000 fffff601`d8d6c000 ffffb98d`d7f44b80 00000000`00000000 : FLTMGR!FltpPassThroughCompletionWorker+0x456
fffff601`d8d6b230 fffff807`5fb7c284     : fffff601`d8d6b2e0 ffff8388`92337c08 00000000`00000000 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x322
fffff601`d8d6b2a0 fffff807`6348f6f5     : ffff8388`92337b00 ffff8388`8101a8f0 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
fffff601`d8d6b350 fffff807`63490ce4     : 00000000`00000000 ffff8388`92265270 ffff8388`81281bd0 fffff807`63547602 : nt!IofCallDriver+0x55
fffff601`d8d6b390 fffff807`6387700d     : fffff601`d8d6b650 ffff8388`8101a8f0 ffff8388`92337c48 fffff601`00000001 : nt!IoCallDriverWithTracing+0x34
fffff601`d8d6b3e0 fffff807`637f23ee     : ffff8388`8101a8f0 00000000`00000000 ffff8388`81ce3ac0 ffff8388`81ce3a01 : nt!IopParseDevice+0x117d
fffff601`d8d6b550 fffff807`6389473a     : ffff8388`81ce3a00 fffff601`d8d6b7b8 fffff601`00000840 ffff8388`79f37380 : nt!ObpLookupObjectName+0x3fe
fffff601`d8d6b720 fffff807`63816bd5     : 00000000`00000000 00000051`205fefd8 0000015c`5a502d38 00000051`205fefa8 : nt!ObOpenObjectByNameEx+0x1fa
fffff601`d8d6b850 fffff807`63608bb8     : 00000051`00000000 ffff8388`00000001 ffff8388`818b1080 00000000`00000000 : nt!NtQueryAttributesFile+0x1c5
fffff601`d8d6bb00 00007fff`bf54d514     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000051`205fef48 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`bf54d514


SYMBOL_NAME:  cldflt!HsmiFltPostECPCREATE+61

IMAGE_NAME:  hardware

IMAGE_VERSION:  10.0.19041.1288

STACK_COMMAND:  .cxr 0xfffff601d8d6a530 ; kb

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  IP_MISALIGNED

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {201b0e5d-db2a-63d2-77be-8ce8ff234750}

Followup:     MachineOwner
---------

||2:2: kd> .cxr 0xfffff601d8d6a530
rax=0000000000000000 rbx=ffff8388818b1080 rcx=0000000000000011
rdx=000000008b4870d0 rsi=000000008b4870d0 rdi=ffff8388818b16d0
rip=fffff8075fb4af18 rsp=fffff601d8d6af30 rbp=fffff8075fb43991
r8=fffff601d8d6af90  r9=7fff83888b4870d0 r10=fffff80763407c80
r11=fffff601d8d6afb0 r12=ffff838892337bb0 r13=ffff83888b487200
r14=fffff601d8d6b000 r15=fffff601d8d6b0d8
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
FLTMGR!FltGetInstanceContext+0x38:
fffff807`5fb4af18 004c8b15        add     byte ptr [rbx+rcx*4+15h],cl ds:002b:ffff8388`818b10d9=aa
||2:2: kd> !pte ffff8388`818b10d9
Levels not implemented for this platform
||2:2: kd> r @cr2
Last set context:
cr2=000000008b4870d0

||2:2: kd> uu fffff8075fb4af18
FLTMGR!FltGetInstanceContext+0x38:
fffff807`5fb4af18 004c8b15        add     byte ptr [rbx+rcx*4+15h],cl
fffff807`5fb4af1c f8              clc
fffff807`5fb4af1d 7202            jb      FLTMGR!FltGetInstanceContext+0x41 (fffff807`5fb4af21)
fffff807`5fb4af1f 00e8            add     al,ch
fffff807`5fb4af21 5b              pop     rbx
fffff807`5fb4af22 cd8b            int     8Bh
fffff807`5fb4af24 034c8b8f        add     ecx,dword ptr [rbx+rcx*4-71h]
fffff807`5fb4af28 8800            mov     byte ptr [rax],al
||2:2: kd> ub fffff8075fb4af18
^ Unable to find valid previous instruction for 'ub fffff8075fb4af18'

Browse full module list
start             end                 module name
fffff807`6d360000 fffff807`6d3df000   cldflt     (pdb symbols)          C:\ProgramData\Dbg\sym\cldflt.pdb\00A6506333729F1C5CAED2138BFD99101\cldflt.pdb
    Loaded symbol image file: cldflt.sys
Mapped memory image file: C:\ProgramData\Dbg\sym\cldflt.sys\78296F267f000\cldflt.sys
Image path: \SystemRoot\system32\drivers\cldflt.sys
Image name: cldflt.sys
Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        78296F26 (This is a reproducible build file hash, not a timestamp)
CheckSum:         00084B91
ImageSize:        0007F000
File version:     10.0.19041.1288
Product version:  10.0.19041.1288
File flags:       0 (Mask 3F)
File OS:          40004 NT Win32
File type:        3.7 Driver
File date:        00000000.00000000
Translations:     0409.04b0
Information from resource tables:
CompanyName:      Microsoft Corporation
ProductName:      Microsoft® Windows® Operating System
InternalName:     cldflt.sys
OriginalFilename: cldflt.sys
ProductVersion:   10.0.19041.1288
FileVersion:      10.0.19041.1288 (WinBuild.160101.0800)
FileDescription:  Cloud Files Mini Filter Driver
LegalCopyright:   © Microsoft Corporation. All rights reserved.

Oops, seems the text color is ignored in the editor's CODE fragment

Here's the update output of the BSOC collection app

 

[x BlueRobot]

Oops, seems the text color is ignored in the editor's CODE fragment

You need set the CODE tag to have the rich attribute otherwise when you edit your post it clears the colour. Don't worry, I learnt that the hard way as well

It'll be like this [code=rich][/code]

I've got another BSOD just now. It appears that the kernel mode driver FLTMGR referenced a user mode address and resulted in a page fault. Not sure why the value in cr2(000000008b4870d0) doesn't match the ones given by the instruction(add byte ptr [rbx+rcx*4+15h],cl ds:002b:ffff8388`818b10d9)

A page fault must have been caused after that call which would usually indicate some form of hardware issue hence why WinDbg is suggesting it as the most probable cause.

From the call stack with the context set to the thread:

2: kd> knL
 # Child-SP          RetAddr               Call Site
00 fffff601`d8d69c28 fffff807`63609169     nt!KeBugCheckEx
01 fffff601`d8d69c30 fffff807`636085bc     nt!KiBugCheckDispatch+0x69
02 fffff601`d8d69d70 fffff807`63600072     nt!KiSystemServiceHandler+0x7c
03 fffff601`d8d69db0 fffff807`634e6dd7     nt!RtlpExecuteHandlerForException+0x12
04 fffff601`d8d69de0 fffff807`634e59d6     nt!RtlDispatchException+0x297
05 fffff601`d8d6a500 fffff807`636092ac     nt!KiDispatchException+0x186
06 fffff601`d8d6abc0 fffff807`63605443     nt!KiExceptionDispatch+0x12c
07 fffff601`d8d6ada0 fffff807`5fb4af18     nt!KiPageFault+0x443 << Crash here! Set CR2 register
08 fffff601`d8d6af30 00000000`8b487050     FLTMGR!FltGetInstanceContext+0x38
09 fffff601`d8d6af70 ffff8388`8189d4e0     0x8b487050
0a fffff601`d8d6af78 fffff807`5fb4af25     0xffff8388`8189d4e0
0b fffff601`d8d6af80 fffff807`6d39b0a1     FLTMGR!FltGetInstanceContext+0x45
0c fffff601`d8d6afc0 fffff807`6d39b029     cldflt!HsmiFltPostECPCREATE+0x61
0d fffff601`d8d6b060 fffff807`5fb456c6     cldflt!HsmFltPostCREATE+0x9
0e fffff601`d8d6b090 fffff807`5fb45116     FLTMGR!FltpPerformPostCallbacksWorker+0x346
0f fffff601`d8d6b160 fffff807`5fb46cf2     FLTMGR!FltpPassThroughCompletionWorker+0x456
10 fffff601`d8d6b230 fffff807`5fb7c284     FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x322
11 fffff601`d8d6b2a0 fffff807`6348f6f5     FLTMGR!FltpCreate+0x324
12 fffff601`d8d6b350 fffff807`63490ce4     nt!IofCallDriver+0x55
13 fffff601`d8d6b390 fffff807`6387700d     nt!IoCallDriverWithTracing+0x34
14 fffff601`d8d6b3e0 fffff807`637f23ee     nt!IopParseDevice+0x117d
15 fffff601`d8d6b550 fffff807`6389473a     nt!ObpLookupObjectName+0x3fe
16 fffff601`d8d6b720 fffff807`63816bd5     nt!ObOpenObjectByNameEx+0x1fa
17 fffff601`d8d6b850 fffff807`63608bb8     nt!NtQueryAttributesFile+0x1c5
18 fffff601`d8d6bb00 00007fff`bf54d514     nt!KiSystemServiceCopyEnd+0x28
19 00000051`205fef48 00000000`00000000     0x00007fff`bf54d514

07 fffff601d8d6ada0 fffff8075fb4af18 nt!KiPageFault+443 
    Parameter[0] = 0000000000000011
    Parameter[1] = 000000008b4870d0
    Parameter[2] = fffff601d8d6af90
    Parameter[3] = 7fff83888b4870d0