Windows 8.1 Pro x64 DPC_WATCHDOG

[Triple Helix]

Hi everyone,

Can you have a look at this Minidump and the BSOD said DPC_WATCHDOG my system specs are listed in my profile! It's second time it has done it and when I turn on my VPN service IPVanish

TIA,

Daniel :thumbsup2:

 

[Jared]

0: kd> .bugcheck
Bugcheck code 00000133
Arguments 00000000`00000001 00000000`00001e00 00000000`00000000 00000000`00000000

0: kd> k
Child-SP          RetAddr           Call Site
fffff800`af15ac88 fffff800`ad3f1f7e nt!KeBugCheckEx
fffff800`af15ac90 fffff800`ad2c2f67 nt!KeAccumulateTicks+0xadbe
fffff800`af15ad20 fffff800`ad21e67f nt!KeClockInterruptNotify+0x787
fffff800`af15af40 fffff800`ad35d143 hal!HalpTimerClockInterrupt+0x4f
fffff800`af15af70 fffff800`ad3d812a nt!KiCallInterruptServiceRoutine+0xa3
fffff800`af15afb0 fffff800`ad3d850f nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffd000`23869360 fffff800`ad36fd85 nt!KiInterruptDispatchLBControl+0x11f
ffffd000`238694f0 fffff800`ad304555 nt!KiGenericCallDpcWorker+0xa5
ffffd000`23869550 fffff800`ad37ad23 nt!KeGenericProcessorCallback+0xf1
ffffd000`238696c0 fffff801`9a9155c8 nt!KeGenericCallDpc+0x27
ffffd000`23869700 fffff801`9a91740e NETIO!KfdCommitTransaction+0x48
ffffd000`23869800 fffff801`9b48d6bd NETIO!IoctlKfdCommitTransaction+0x6e
ffffd000`23869830 fffff800`ad6ab77f tcpip!KfdDispatchDevCtl+0x8d
ffffd000`23869880 fffff800`ad6aad22 nt!IopXxxControlFile+0xa4f
ffffd000`23869a20 fffff800`ad3e24b3 nt!NtDeviceIoControlFile+0x56
ffffd000`23869a90 00007ffc`cba0123a nt!KiSystemServiceCopyEnd+0x13
000000e6`5520e378 00000000`00000000 0x00007ffc`cba0123a

Not enough information to determine exactly which driver is at fault.
Looks like a Network ISR was taking too long to complete, thus holding up the system.

I would update your network driver and your VPN software/driver.

 

[Triple Helix]

Thanks and it's all up to date with Software and Drivers I checked before coming here.

Daniel :smile9:

 

[Jared]

Does it happen very often?
If it occurs when you open the VPN software only, then we can try driver verifier.
Or we can try looking through a Kernel memory dump, see what I can find.

The Kernel memory dump is in C:/Windows/MEMORY.dmp
Upload it to a third party website as it's too large to upload here.

 

[Triple Helix]

Thanks Jared,

Here are a new Mini and full Dump files and it only happened 3 times now. https://www.wetransfer.com/downloads/3fb96c9dca98a7b1c55d2249b45cb40a20150419175437/a005c22ca8a8a6cc9364c6d03b1a376220150419175437/aed1ac

Thanks,

Daniel :s3:

 

[Triple Helix]

Any news from the Dump Logs? Here are new Dump Files: https://www.wetransfer.com/downloads/1286f19b5427308c819e9573f307c82920150420170038/2df28b

Thanks,

Daniel

 

[Jared]

Sorry for the delay.

After doing some digging, and sometimes going round in circles, it seems we've found the cause.

//Again, IRQL was too high for too long, holding up the system

0: kd> .bugcheck
Bugcheck code 00000133
Arguments 00000000`00000001 00000000`00001e00 00000000`00000000 00000000`00000000

//A lot of DPCs holding up the system

0: kd> !dpcs
CPU Type      KDPC       Function
 0: Normal  : 0xffffe00053d0bca8 0xfffff800b1cd4714 HDAudBus!HdaController::NotificationDpc
 0: Normal  : 0xffffe000538cfc90 0xfffff800aed0103c Wdf01000!FxInterrupt::_InterruptDpcThunk
 0: Normal  : 0xffffd001c80a3280 0xfffff80090b218e0 nt!PopExecuteProcessorCallback
 0: Normal  : 0xffffe00053cfb768 0xfffff800af44ec70 NDIS!ndisInterruptDpc
 0: Normal  : 0xffffe000532fa5e0 0xfffff800b04f3b40 dxgkrnl!DpiFdoDpcForIsr
 0: Normal  : 0xfffff80090d82668 0xfffff80090b97424 nt!PpmPerfAction
 0: Normal  : 0xffffe00050628350 0xfffff800af0b08c0 iaStorA
 0: Normal  : 0xfffff80090d82c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine
 0: Normal  : 0xffffe00053cfb9a8 0xfffff800af44ec70 NDIS!ndisInterruptDpc
 0: Normal  : 0xffffe000530d8100 0xfffff800b1999690 igdkmd64!hybDriverEntry

 1: Normal  : 0xffffd001c596cc28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

 2: Normal  : 0xffffd001c59e6c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

 3: Normal  : 0xffffd001ca463c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

 4: Normal  : 0xffffd001ca5f4c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

 5: Normal  : 0xffffd001c5a88c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

 6: Normal  : 0xfffff80090d6a940 0xfffff80090ba5940 nt!PpmCheckPeriodicStart
 6: Normal  : 0xffffd001c5b05c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine
 6: Normal  : 0xfffff80090d5afc0 0xfffff80090b71e04 nt!KiBalanceSetManagerDeferredRoutine

 7: Normal  : 0xffffd001c5b85c28 0xfffff80090b77ce0 nt!KiEntropyDpcRoutine

//Thread that crashed the system

0: kd> !thread
THREAD ffffe00058149080  Cid 1930.1760  Teb: 000000007ffdb000 Win32Thread: fffff90141ba6010 RUNNING on processor 0
IRP List:
    ffffe0005749a280: (0006,01f0) Flags: 00060000  Mdl: ffffe00053eb4e70
Not impersonating
DeviceMap                 ffffc00176b9f450
Owning Process            ffffe000553738c0       Image:         openvpn.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      6644           Ticks: 7574 (0:00:01:58.343)
Context Switch Count      285            IdealProcessor: 2             
UserTime                  00:00:00.093
KernelTime                00:01:58.312
Win32 Start Address 0x00000000004014e0
Stack Init ffffd00023937c90 Current ffffd00023936d50
Base ffffd00023938000 Limit ffffd00023932000 Call 0
Priority 10 BasePriority 8 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff800`9295ac88 fffff800`90be5f7e : 00000000`00000133 00000000`00000001 00000000`00001e00 00000000`00000000 : nt!KeBugCheckEx
fffff800`9295ac90 fffff800`90ab6871 : 00000000`4feffffe 00000000`0000378a ffffe000`4e839848 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0xadbe
fffff800`9295ad20 fffff800`90a127b5 : 00000000`00000001 fffff800`90b51143 ffffd001`c678adc0 fffff800`90d7d180 : nt!KeClockInterruptNotify+0x91
fffff800`9295af40 fffff800`90b51143 : 00000000`00000011 ffffd000`23935e20 ffffd001`c5eab648 fffff800`90bcbd4a : hal!HalpTimerClockIpiRoutine+0x15
fffff800`9295af70 fffff800`90bcc12a : fffff800`90a5e800 fffff800`b0b3d678 ffffe000`573d4310 00000000`0000f88a : nt!KiCallInterruptServiceRoutine+0xa3
fffff800`9295afb0 fffff800`90bcc50f : 00000000`00000003 00000000`f891770c fffff800`b0b3d678 00000000`00000047 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea (TrapFrame @ fffff800`9295ae70)
ffffd000`23935da0 fffff800`90b52113 : 00000000`00000000 00000000`00000040 00000000`00000000 ffffe000`55b70890 : nt!KiInterruptDispatchLBControl+0x11f (TrapFrame @ ffffd000`23935da0)
ffffd000`23935f30 fffff800`b08f6ca2 : fffff800`b0b3d678 00000000`00000000 00000000`00000000 fffff800`b08f73b5 : nt!KxWaitForSpinLockAndAcquire+0x17 //Acquire spinlock at IRQL DISPATCH LEVEL or higher
ffffd000`23935f60 fffff800`b08f7252 : 00000000`00000000 00000000`000001bb 00000000`000000c6 ffffe000`573d0000 : bwcW8x64+0xfca2
ffffd000`23935fb0 fffff800`b08f7bc5 : 00000000`00000000 00000000`00000000 ffffe000`549c4a80 ffffe000`573d4310 : bwcW8x64+0x10252
ffffd000`23935fe0 fffff800`b08f80dd : ffffe000`573d4310 ffffe000`549c4a11 ffffe000`549c4a00 00000000`0000001c : bwcW8x64+0x10bc5
ffffd000`23936050 fffff800`b08f2bc5 : 00000000`00000000 ffffe000`573d4310 ffffe000`573d4310 00000000`00000000 : bwcW8x64+0x110dd
ffffd000`23936080 fffff800`af451cc1 : 00000000`00000000 ffffd000`239361e0 fffff800`b08f2ab0 ffffe000`573d4310 : bwcW8x64+0xbbc5 // Killer Bandwidth Control Filter Driver
ffffd000`239360e0 fffff800`afa7617b : ffffe000`55b6f620 ffffe000`573d4310 ffffe000`00000000 00000000`00000002 : NDIS!NdisSendNetBufferLists+0x261 //Send net buffer list
ffffd000`239362d0 fffff800`afa74bb4 : fffff800`afbef180 00000000`00000000 ffffe000`5659b900 ffffe000`4e740800 : tcpip!IppFragmentPackets+0x4cb
ffffd000`23936410 fffff800`afa74389 : fffff800`afbef180 00000000`00000000 00000000`00000000 00000000`00000324 : tcpip!IppDispatchSendPacketHelper+0x94
ffffd000`239365a0 fffff800`afa7291e : ffffd000`23936a60 ffffe000`52e4ab28 00000000`00000002 ffffd000`23936a40 : tcpip!IppPacketizeDatagrams+0x2d9
ffffd000`23936740 fffff800`afa58512 : 00000000`00000000 00000000`00008a04 fffff800`afbef180 ffffe000`5643ed70 : tcpip!IppSendDatagramsCommon+0x49e
ffffd000`23936920 fffff800`afa58caa : 00000000`00000000 00000000`00000000 ffffe000`57d48484 fffff800`afbef180 : tcpip!UdpSendMessagesOnPathCreation+0x482
ffffd000`23936d70 fffff800`afa59324 : 00000000`00000000 ffffe000`566afe50 00000000`00000000 00000000`00000000 : tcpip!UdpSendMessages+0x24a
ffffd000`239371b0 fffff800`90aec703 : 00000000`00000000 00000000`00000000 ffff0075`79fe0000 ffffc001`00000000 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
ffffd000`239371e0 fffff800`afa5a5ec : fffff800`afa59310 ffffd000`23937300 00000000`00000000 ffffe000`553738c0 : nt!KeExpandKernelStackAndCalloutInternal+0xf3
ffffd000`239372d0 fffff800`b0446719 : ffffe000`57d48010 ffffd000`23937b80 ffffe000`57d48010 ffffe000`57d48010 : tcpip!UdpTlProviderSendMessages+0x6c
ffffd000`23937350 fffff800`b042e0e5 : fffff680`0000ecd0 fffff6fb`40000070 fffff6fb`7da00000 fffff6fb`7dbed000 : afd!AfdFastDatagramSend+0x579
ffffd000`23937510 fffff800`90e9f27c : 00000000`00000000 ffffe000`55c55810 ffffe000`5749a280 00000000`00000004 : afd!AfdFastIoDeviceControl+0x10d6
ffffd000`23937880 fffff800`90e9ed22 : 00000000`00000000 00000000`77041b10 00000000`00000001 00000000`01d9a288 : nt!IopXxxControlFile+0x54c
ffffd000`23937a20 fffff800`90bd64b3 : 00000000`746c6644 ffffd000`23937b08 00000000`00000000 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`23937a90 00000000`77042352 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`23937b00)
00000000`0008ee08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77042352

0: kd> lmvm bwcW8x64
start             end                 module name
fffff800`b08e7000 fffff800`b0b43000   bwcW8x64   (no symbols)           
    Loaded symbol image file: bwcW8x64.sys
    Image path: \SystemRoot\system32\DRIVERS\bwcW8x64.sys
    Image name: bwcW8x64.sys
    Timestamp:        Thu Oct 16 23:21:16 2014 (544044DC) //Faily old driver, check for updates?
    CheckSum:         0001B440
    ImageSize:        0025C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

//Pending IRP waiting to perform work for work for the Ancillary Function Driver, the Kernel mode Winsock driver

0: kd> !irp ffffe0005749a280
Irp is active with 4 stacks 4 is current (= 0xffffe0005749a428)
 Mdl=ffffe00053eb4e70: No System Buffer: Thread ffffe00058149080:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
>[  e, 6]   5  1 ffffe00053206e50 ffffe00055c557c0 00000000-00000000    pending
	       \Driver\AFD
			Args: ffffe0005730a3f0 ffffe0005711be70 00000000 00000000

0: kd> !fileobj ffffe00055c557c0

\Endpoint

Device Object: 0xffffe00053206e50   \Driver\AFD
Vpb is NULL

Flags:  0x40000
	Handle Created

FsContext: 0xffffe00057568370	FsContext2: 0x00000000
Private Cache Map: 0xffffffffffffffff
CurrentByteOffset: 0

//Let's look at the Killer Network driver that we saw in the callstack

0: kd> !ndiskd.filterdriver ffffe00052f7ed80


FILTER DRIVER

    Killer Network Bandwidth Control

    Ndis handle        ffffe00052f7ed80
    Driver context     ffffe000532bd840
    Ndis API version   v6.30
    Driver version     v1.0
    Driver object      ffffe000532bd840
    Driver image       bwcW8x64.sys

    Filter type        [Unreadable value]
    Run type           [Unreadable value]
    Class              Cannot find field 'FilterClass' in '_NDIS_FILTER_DRIVER_BLOCK'
    References         9


FILTER MODULES

    Filter module                                                               
    ffffe00055cf4c70 - Microsoft Wi-Fi Direct Virtual Adapter-Killer Network Bandwidth Control-0000
    ffffe00055b5ec70 - Killer Wireless-n/a/ac 1525 Wireless Network Adapter-Killer Network Bandwidth Control-0000
    ffffe00053e03010 - Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)-Killer Network Bandwidth Control-0000
    ffffe0004e79f010 - TAP-Windows Adapter V9-Killer Network Bandwidth Control-0000

//Pending NBLs, not good

0: kd> !ndiskd.pendingnbls ffffe000533161a0

PHASE 1/3: Found 67 NBL pool(s).                 
PHASE 2/3: Found 674 freed NBL(s).                                    

    Pending Nbl        Currently held by                                        
    ffffe00057422cb0   ffffe000533161a0 - Killer Wireless-n/a/ac 1525 Wireless Network Adapter  [Miniport]                    
    ffffe00057d30500   ffffe000533161a0 - Killer Wireless-n/a/ac 1525 Wireless Network Adapter  [Miniport]                    
    ffffe00055e4b7a0   ffffe000533161a0 - Killer Wireless-n/a/ac 1525 Wireless Network Adapter  [Miniport]                    
                                                                                    

PHASE 3/3: Found 3 pending NBL(s) of 3850 total NBL(s).                      
Search complete.

0: kd> !ndiskd.nbl ffffe00057422cb0 -data
NET_BUFFER ffffe00057db8830
  MDL ffffe0005793ea90
    ffffe0005793eb10  08 01 00 80 7a 8d f7 4e-08 28 ac d1 b8 62 16 43  ····z··N·(···b·C
    ffffe0005793eb20  33 33 00 00 00 16 00 00-aa aa 03 00 00 00 86 dd  33··············
  MDL ffffe000574858e0
    ffffe00053a541f0  60 00 00 00 00 24 00 01-fe 80 00 00 00 00 00 00  `····$··········
    ffffe00053a54200  01 ba 8f c8 83 97 06 ee-ff 02 00 00 00 00 00 00  ················
    ffffe00053a54210  00 00 00 00 00 00 00 16                          ········
  MDL ffffe000541cf610
    ffffe00053a540ae  3a 00 05 02 00 00 01 00-8f 00 54 ff 00 00 00 01  :·········T·····
    ffffe00053a540be  03 00 00 00 ff 02 00 00-00 00 00 00 00 00 00 00  ················

0: kd> dt nt!_MDL ffffe0005793ea90
   +0x000 Next             : 0xffffe000`574858e0 _MDL
   +0x008 Size             : 0n56
   +0x00a MdlFlags         : 0n4
   +0x00c AllocationProcessorNumber : 0
   +0x00e Reserved         : 0
   +0x010 Process          : (null) 
   +0x018 MappedSystemVa   : 0xffffe000`5793ead0 Void
   +0x020 StartVa          : 0xffffe000`5793e000 Void
   +0x028 ByteCount        : 0x60
   +0x02c ByteOffset       : 0xad0

0: kd> !address ffffe000`5793e000
Mapping user range ...
Mapping system range ...
Mapping non addressable range ...
Mapping page tables...
Mapping hyperspace...
Mapping HAL reserved range...
Mapping User Probe Area...
Mapping system shared page...
Mapping system cache working set...
Mapping loader mappings...
Mapping system PTEs...
Mapping system paged pool...
Mapping session space...
Mapping dynamic system space...
Mapping PFN database...
Mapping non paged pool...
Mapping VAD regions...
Mapping module regions...
Mapping process, thread, and stack regions...
Mapping system cache regions...


Usage:                  
Base Address:           ffffd001`ccb8f000
End Address:            fffff680`00000000
Region Size:            0000267e`33471000
VA Type:                SystemRange
VAD Address:            0x406180
Commit Charge:          0x100000729
Protection:             0x7feebbdff88 []
Memory Usage:           Private
No Change:              yes
More info:              !vad 0xffffd001ccb8f000

//The Virtual Address Descriptor is for the openvpn.exe, which explains why the box crashes when opening that program

0: kd> !vad 406180
VAD             level      start      end    commit
ffffe00056e6b5f0 (-1)         400       4b0        15 Mapped  Exe  EXECUTE_WRITECOPY  \Program Files (x86)\IPVanish\OpenVPN\openvpn.exe

The network filter driver is clearly failing to perform work when initialising the VPN software, by failing to complete NBL packets, then waiting on a lock to meet specific conditions.
Is there an update for this driver?

To be honest, Killer network drivers don't really have any recent updates, from what I've found. The support provided by killer gaming is shocking, with their website being down for months at a time. I wouldn't recommend anybody to get any of their network cards, simply because of their drivers.

 

[Triple Helix]

Hi Jared,

Thanks for your hard work it's from my Brand New Alienware Laptop from Dell and that is the latest Driver Qualcomm Killer Wireless 1525 Driver Driver Details | Dell Canada so I will bug Alienware support for an updated Driver. In any Case my VPN service has given me a Manuel way of running a VPN in PPTP instead of using OpenVPN for the time being. So thanks again for your hard work!



Cheers,

Daniel :wink11a:

 

[Triple Helix]

Hi Jared,

Just to let you know it was a simple thing of manually adding my VPN in Windows Firewall as well OpenVPN.exe and all is fine now it wasn't even listed in Windows Firewall very odd as it was working for a week or so until the Locking up the System and BSOD's were coming!

Thanks again,

Daniel :thumbsup2:

 

[Jared]

That's excellent news.
Any more problems, don't hesitate to report back Daniel.

So it looks like it could have been the firewall blocking the net buffers being sent, which held up the system. Makes sense.
Good work on your half.

Regards,
Jared