question

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 asked TRMoon-4172 answered

Persistent BSoD crashes, random cause

Windows10 OS, random BSoDs with different error codes. Issues have been ongoing for over 18 months.

Troubleshooting done so far:
OS and Drivers kept up to date on a weekly basis
Video card replaced - no change
Power supply replaced - no change
Motherboard, RAM, CPU replaced - no change
Hard drives were replaced and whole system reimaged to a fresh Windows 10 install, as per MS support -- no change.

At this point the whole machine has been replaced with the exception of the case and apparently like the Ship of Thesus it's the same ship with the same problems.

minidump below:

Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\admin\OneDrive\Desktop\051022-8375-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`7b400000 PsLoadedModuleList = 0xfffff802`7c02a290
Debug session time: Tue May 10 23:49:45.081 2022 (UTC - 7:00)
System Uptime: 0 days 12:56:34.772
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........
Loading User Symbols
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`7b7f7d50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff88d`b7d3a320=000000000000003b
1: kd> !analyze -v



  •                      Bugcheck Analysis                                    *
    



SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffffc59b18eaa48, Address of the instruction which caused the BugCheck
Arg3: fffff88db7d3ac20, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:




KEY_VALUES_STRING: 1

 Key  : Analysis.CPU.mSec
 Value: 3093

 Key  : Analysis.DebugAnalysisManager
 Value: Create

 Key  : Analysis.Elapsed.mSec
 Value: 10756

 Key  : Analysis.Init.CPU.mSec
 Value: 515

 Key  : Analysis.Init.Elapsed.mSec
 Value: 15202

 Key  : Analysis.Memory.CommitPeak.Mb
 Value: 105

 Key  : WER.OS.Branch
 Value: vb_release

 Key  : WER.OS.Timestamp
 Value: 2019-12-06T14:06:00Z

 Key  : WER.OS.Version
 Value: 10.0.19041.1


FILE_IN_CAB: 051022-8375-01.dmp

BUGCHECK_CODE: 3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffffc59b18eaa48

BUGCHECK_P3: fffff88db7d3ac20

BUGCHECK_P4: 0

CONTEXT: fffff88db7d3ac20 -- (.cxr 0xfffff88db7d3ac20)
rax=00000000000000de rbx=fffffc24c433d3c0 rcx=fffffc24c5fc1010
rdx=0000000000000064 rsi=fffffc24c433c0a8 rdi=0000000000000200
rip=fffffc59b18eaa48 rsp=fffff88db7d3b620 rbp=fffffc24c433d408
r8=0000000000000000 r9=ffffc50b1efecdc8 r10=ffffc50b1efece44
r11=fffffc24c5f2dd20 r12=00000000000000de r13=000000000000000a
r14=fffffc24c433d3f4 r15=fffffc24c433d3f0
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
win32kfull!TimersProc+0x1e8:
fffffc59`b18eaa48 8b8a10040000 mov ecx,dword ptr [rdx+410h] ds:002b:00000000`00000474=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: csrss.exe

STACK_TEXT:
fffff88d`b7d3b620 fffffc59`b18ea546 : 00000000`0000000f 00000000`02c6facd 00000000`00000001 00000000`00000004 : win32kfull!TimersProc+0x1e8
fffff88d`b7d3b6b0 fffffc59`b167fc14 : ffffc50b`201e0080 ffffc50b`201e0080 00000000`00000000 00000000`00000005 : win32kfull!RawInputThread+0x7f6
fffff88d`b7d3b870 fffffc59`b1974a21 : ffffc50b`201e0080 00000000`00000000 00000000`00000005 00000000`00000005 : win32kbase!xxxCreateSystemThreads+0xc4
fffff88d`b7d3b9a0 fffffc59`b1f7474e : ffffc50b`201e0080 ffffc50b`201e0080 00000000`00000000 00000000`00000000 : win32kfull!NtUserCallNoParam+0x71
fffff88d`b7d3b9d0 fffff802`7b8096b5 : ffffc50b`00000005 00000000`00000005 000001ef`63004fe0 00000000`00000480 : win32k!NtUserCallNoParam+0x16
fffff88d`b7d3ba00 00007ffd`17da10e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000005`cd03f9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`17da10e4


SYMBOL_NAME: win32kfull!TimersProc+1e8

MODULE_NAME: win32kfull

IMAGE_NAME: win32kfull.sys

IMAGE_VERSION: 10.0.19041.1645

STACK_COMMAND: .cxr 0xfffff88db7d3ac20 ; kb

BUCKET_ID_FUNC_OFFSET: 1e8

FAILURE_BUCKET_ID: AV_win32kfull!TimersProc

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {4204da86-0e34-a6fb-28f3-793ac186b089}

Followup: MachineOwner



1: kd> .cxr 0xfffff88db7d3ac20
rax=00000000000000de rbx=fffffc24c433d3c0 rcx=fffffc24c5fc1010
rdx=0000000000000064 rsi=fffffc24c433c0a8 rdi=0000000000000200
rip=fffffc59b18eaa48 rsp=fffff88db7d3b620 rbp=fffffc24c433d408
r8=0000000000000000 r9=ffffc50b1efecdc8 r10=ffffc50b1efece44
r11=fffffc24c5f2dd20 r12=00000000000000de r13=000000000000000a
r14=fffffc24c433d3f4 r15=fffffc24c433d3f0
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
win32kfull!TimersProc+0x1e8:
fffffc59`b18eaa48 8b8a10040000 mov ecx,dword ptr [rdx+410h] ds:002b:00000000`00000474=????????
1: kd> dx
@$debuggerRootNamespace
Debugger
Sessions
Settings
State
Utility
1: kd> dx KiBugCheckDriver
Unimplemented error for KiBugCheckDriver
Error: Unable to bind name 'KiBugCheckDriver'
1: kd> !error 00000000c0000005
Error code: (NTSTATUS) 0xc0000005 (3221225477) - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
1: kd> kb
*** Stack trace for last set context - .thread/.cxr resets it
# RetAddr : Args to Child : Call Site
00 fffffc59`b18ea546 : 00000000`0000000f 00000000`02c6facd 00000000`00000001 00000000`00000004 : win32kfull!TimersProc+0x1e8
01 fffffc59`b167fc14 : ffffc50b`201e0080 ffffc50b`201e0080 00000000`00000000 00000000`00000005 : win32kfull!RawInputThread+0x7f6
02 fffffc59`b1974a21 : ffffc50b`201e0080 00000000`00000000 00000000`00000005 00000000`00000005 : win32kbase!xxxCreateSystemThreads+0xc4
03 fffffc59`b1f7474e : ffffc50b`201e0080 ffffc50b`201e0080 00000000`00000000 00000000`00000000 : win32kfull!NtUserCallNoParam+0x71
04 fffff802`7b8096b5 : ffffc50b`00000005 00000000`00000005 000001ef`63004fe0 00000000`00000480 : win32k!NtUserCallNoParam+0x16
05 00007ffd`17da10e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
06 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`17da10e4

windows-hardware
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

Run the V2 log collector and post a share link into this thread using one drive, drop box, or google drive.

https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html

https://www.elevenforum.com/t/bsod-posting-instructions.103/


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 answered

@Docs-4663

https://1drv.ms/u/s!AgtzSzLdIuLHiimC2Gg4nY_jHK1t?e=jl0Xmo

Package available to copy but not edit. Will delete once you've verified you have it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

1) Please make a new restore point:

https://www.tenforums.com/tutorials/4571-create-system-restore-point-windows-10-a.html


2) Read this link on Windows Driver Verifier (WDV):

https://www.tenforums.com/tutorials/5470-enable-disable-driver-verifier-windows-10-a.html


Learn the methods to recover from using the tool in safe mode by running the commands:

verifier /reset

or

verifier /bootmode resetonbootfail


3) Insert all drives including flash drives


4) Run: HD Sentinel (free or trial version)
https://www.hdsentinel.com/
Post share links for results on these tabs
a) Overview
b) Temperature
c) SMART


5) When you're comfortable with the instructions on how to use WDV you can start the tool

If there is no immediate BSOD then open administrative command prompt and type or copy and paste:

verifier /querysettings

Post a share link into this thread.

For any BSOD run the V2 log collector and post the share link into the newest post.


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 answered

@Docs-4663
https://1drv.ms/u/s!AgtzSzLdIuLHiipzraHwuYp4nufE?e=Fd91jt

Ran instructions as requested. System was stable after reboot. Had to force a recreation of a BSOD by running one of the problem games.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered Docs-4663 edited

If there were no performance problems or very slow boot please modify the WDV customized tests to:


 [ ] 0x00000001 Special pool.
 [ ] 0x00000002 Force IRQL checking.
 [ ] 0x00000008 Pool tracking.
 [ ] 0x00000010 I/O verification.
 [ ] 0x00000020 Deadlock detection.
 [ ] 0x00000080 DMA checking.
 [ ] 0x00000100 Security checks.
 [ ] 0x00000800 Miscellaneous checks.
 [ ] 0x00020000 DDI compliance checking.
 [ ] 0x00000200 Force pending I/O requests.
 [ ] 0x00000400 IRP logging.
 [ ] 0x00080000 DDI compliance checking (additional).


If there is no immediate BSOD then post a new verifier /querysettings


If after two hours there are no BSOD and no performance problems or very slow boot then add these customized settings:


 [ ] 0x00002000 Invariant MDL checking for stack.
 [ ] 0x00004000 Invariant MDL checking for driver.
 [ ] 0x00008000 Power framework delay fuzzing.
 [ ] 0x00010000 Port/miniport interface checking.
 [ ] 0x00040000 Systematic low resources simulation.
 [ ] 0x00200000 NDIS/WIFI verification.
 [ ] 0x00800000 Kernel synchronization delay fuzzing.
 [ ] 0x01000000 VM switch verification.
 [ ] 0x02000000 Code integrity checks.


If there is no immediate BSOD then post a new verifier /querysettings

Run all of the above customized tests for 24 to 48 hours.

For any BSOD post a new V2.


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 answered

@Docs-4663
https://1drv.ms/u/s!AgtzSzLdIuLHiisgZOE95wrpsgwe?e=yNDBYP

BSOD didn't happen on reboot, but I was able to recreate it with the same game as before.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered Docs-4663 edited

Uninstall all Avast software using the applicable uninstall tool:

https://support.avast.com/en-us/article/10/

https://www.avast.com/en-us/uninstall-utility#pc

Avast Free Antivirus 22.4.6011 Avast Software





If there were no performance problems or very slow boot then select all customized tests except:

[ ] 0x00000004 Randomized low resources simulation.


Run these customized tests for approximately 24 hours.



If there is no immediate BSOD then post results for verifier /querysettings


For any BSOD post a new V2 into the newest post.


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 answered

@Docs-4663
https://1drv.ms/u/s!AgtzSzLdIuLHiiw8pC7skg3UBCOU?e=zZTnMt

So, followed instructions and got a hard BSOD on reboot.
DRIVER_VERIFIER_DETECTED_VIOLATION
Referencing AsIO2.sys.

On review I found an article suggesting Asus AI suite and EZUpdate is the culprit, so I uninstalled it.

Should I follow the same steps as the last post and verify the issue is resolved? Despite the uninstall and reboot Verifier is still seeing the sys file as available to test.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

Uninstall the Asus software related to asio2.sys.

asusgio2 Asusgio2 \??\c:\windows\system32\drivers\asio2.sys


Restart WDV to check for additional misbehaving drivers.


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post there is /\ with a number: click = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TRMoon-4172 avatar image
0 Votes"
TRMoon-4172 answered

@Docs-4663
https://1drv.ms/u/s!AgtzSzLdIuLHii2ruXqwnHlQEJ-6?e=1QRdG4

Took a bit, but I was able to get another crash.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.