A
AndreiPoliakov
Hi All,
BSOD happens on restart or machine startup.
I am fairly certain it has to do with my USB audio interface - Focusrite 2i4, since when its not plugged in, there seems to be no such issues.
The interface has it's latest driver installed, and seems to only give me issues when I set Sample Rate to anything higher than 48Khz, but I digress.
I would like to try and get as close as possible to what exactly is taking place during the blue screen.
I collected the auto Memory dump and Sysinfo capture.
As well as , I ran WinDBG analysis, which I will post here.
=================================
Please let me know if I should upload the Memory dump and System info, or there is anything that you can pick up for the below output:
Thanks
-----------------------------------------------------------------------------
WinDBG:
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G:\DOWNLOADS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 18362 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff806`2ee00000 PsLoadedModuleList = 0xfffff806`2f2461b0
Debug session time: Wed Oct 14 21:06:10.522 2020 (UTC - 7:00)
System Uptime: 0 days 0:00:06.175
Loading Kernel Symbols
...............................................Page 200405a9a too large to be in the dump file.
................
................................................................
........
Loading User Symbols
Loading unloaded module list
...
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffffffffffffc7, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff8062f439373, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DBGHELP: Timeout to store: C:\Windows\symbol_cache*Symbol information
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: Z270X-Gaming K5
SYSTEM_SKU: Default string
SYSTEM_VERSION: Default string
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: F9c
BIOS_DATE: 03/09/2018
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: Z270X-Gaming K5
BASEBOARD_VERSION: x.x
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffffffffc7
BUGCHECK_P2: 2
BUGCHECK_P3: fffff8062f439373
BUGCHECK_P4: 2
READ_ADDRESS: ffffffffffffffc7
FAULTING_IP:
nt!_PnpGetObjectProperty+10f
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax
MM_INTERNAL_CODE: 2
CPU_COUNT: 4
CPU_MHZ: ed0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: 9
CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: B4'00000000 (cache) B4'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: NOSTROMO
ANALYSIS_SESSION_TIME: 10-14-2020 21:22:54.0189
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: fffff3046e04f660 -- (.trap 0xfffff3046e04f660)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff3046e04f924 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8062f439373 rsp=fffff3046e04f7f0 rbp=0000000000000008
r8=0000000000000001 r9=000000000000000b r10=fffff8062f430b20
r11=fffff3046e04f7c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!_PnpGetObjectProperty+0x10f:
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax ss:0018:ffffffff`ffffffc7=????????
Resetting default scope
LOCK_ADDRESS: fffff8062f260a00 -- (!locks fffff8062f260a00)
Resource @ nt!PiEngineLock (0xfffff8062f260a00) Exclusively owned
Contention Count = 2
NumberOfExclusiveWaiters = 1
Threads: ffff8907c0b7a600-01<*>
Threads Waiting On Exclusive Access:
ffff8907c0b78640
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8062f260a00
Thread Count : 1
Thread address: 0xffff8907c0b7a600
Thread wait : 0x185
LAST_CONTROL_TRANSFER: from fffff8062ee36d8d to fffff8062efc9a26
STACK_TEXT:
fffff304`6e04f3b8 fffff806`2f00819e : 00000000`00000050 ffffffff`ffffffc7 00000000`00000002 fffff304`6e04f660 : nt!KeBugCheckEx
fffff304`6e04f3c0 fffff806`2ee9559f : 00000004`00000000 00000000`00000002 00000000`00000000 ffffffff`ffffffc7 : nt!MiSystemFault+0x19dcee
fffff304`6e04f4c0 fffff806`2efd0d5e : ffffe088`ba738db0 fffff806`2ee31b00 00000000`00000000 fffff304`6e04f920 : nt!MmAccessFault+0x34f
fffff304`6e04f660 fffff806`2f439373 : fffff304`6e04f9e8 ffffe088`baa5ccf0 00000000`00000008 ffffe088`ba738db0 : nt!KiPageFault+0x35e
fffff304`6e04f7f0 fffff806`2f51b4e9 : fffff304`6e04f9e8 00000000`00000000 ffffe088`baa5ccf0 a2e302ad`66418d7e : nt!_PnpGetObjectProperty+0x10f
fffff304`6e04f8c0 fffff806`2f440d07 : ffffe088`baa5ccf0 00000000`0180600a ffffe088`00000000 fffff806`00000004 : nt!PiUEventDeviceNeedsInstall+0x141
fffff304`6e04f950 fffff806`2f43fb85 : ffffe088`baa5cc50 ffffe088`baa5cc00 ffffe088`bd0b4720 00000000`00000000 : nt!PiUEventNotifyUserMode+0x1f3
fffff304`6e04f9e0 fffff806`2ee4f0c5 : ffff8907`bd669570 ffff8907`c22e85c0 ffff8907`bd669570 ffff8907`00002000 : nt!PnpDeviceEventWorker+0x2a5
fffff304`6e04fa70 fffff806`2ef31a85 : ffff8907`c22e85c0 00000000`00000080 ffff8907`bd66f080 000024ef`bd9bbfff : nt!ExpWorkerThread+0x105
fffff304`6e04fb10 fffff806`2efca2e8 : ffffb681`4cb39180 ffff8907`c22e85c0 fffff806`2ef31a30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffff304`6e04fb60 00000000`00000000 : fffff304`6e050000 fffff304`6e049000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
THREAD_SHA1_HASH_MOD_FUNC: 5a2d5c3fd7f49fe64d5556ebfeb4decab79513c7
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a6b46845e33372382d57291b709d2d59877db794
THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c
FOLLOWUP_IP:
nt!_PnpGetObjectProperty+10f
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax
FAULT_INSTR_CODE: 41bf4589
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!_PnpGetObjectProperty+10f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.1139
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 10f
FAILURE_BUCKET_ID: AV_INVALID_nt!_PnpGetObjectProperty
BUCKET_ID: AV_INVALID_nt!_PnpGetObjectProperty
PRIMARY_PROBLEM_CLASS: AV_INVALID_nt!_PnpGetObjectProperty
TARGET_TIME: 2020-10-15T04:06:10.000Z
OSBUILD: 18362
OSSERVICEPACK: 1139
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: a2e3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_nt!_pnpgetobjectproperty
FAILURE_ID_HASH: {d41636d0-8f74-c44f-ded9-84564e2015b0}
Followup: MachineOwner
---------
2: kd> lmvm nt
Browse full module list
start end module name
fffff806`2ee00000 fffff806`2f8b5000 nt (pdb symbols) c:\windows\symbol_cache\ntkrnlmp.pdb\98FFA847A530B3749C7619DA64CD3D4C1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: D6925B99 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00978ED1
ImageSize: 00AB5000
File version: 10.0.18362.1139
Product version: 10.0.18362.1139
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.18362.1139
FileVersion: 10.0.18362.1139 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Continue reading...
BSOD happens on restart or machine startup.
I am fairly certain it has to do with my USB audio interface - Focusrite 2i4, since when its not plugged in, there seems to be no such issues.
The interface has it's latest driver installed, and seems to only give me issues when I set Sample Rate to anything higher than 48Khz, but I digress.
I would like to try and get as close as possible to what exactly is taking place during the blue screen.
I collected the auto Memory dump and Sysinfo capture.
As well as , I ran WinDBG analysis, which I will post here.
=================================
Please let me know if I should upload the Memory dump and System info, or there is anything that you can pick up for the below output:
Thanks
-----------------------------------------------------------------------------
WinDBG:
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [G:\DOWNLOADS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*Symbol information
Symbol search path is: SRV*C:\Windows\symbol_cache*Symbol information
Executable search path is:
Windows 10 Kernel Version 18362 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff806`2ee00000 PsLoadedModuleList = 0xfffff806`2f2461b0
Debug session time: Wed Oct 14 21:06:10.522 2020 (UTC - 7:00)
System Uptime: 0 days 0:00:06.175
Loading Kernel Symbols
...............................................Page 200405a9a too large to be in the dump file.
................
................................................................
........
Loading User Symbols
Loading unloaded module list
...
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffffffffffffc7, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff8062f439373, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
DBGHELP: Timeout to store: C:\Windows\symbol_cache*Symbol information
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: Z270X-Gaming K5
SYSTEM_SKU: Default string
SYSTEM_VERSION: Default string
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: F9c
BIOS_DATE: 03/09/2018
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: Z270X-Gaming K5
BASEBOARD_VERSION: x.x
DUMP_TYPE: 1
BUGCHECK_P1: ffffffffffffffc7
BUGCHECK_P2: 2
BUGCHECK_P3: fffff8062f439373
BUGCHECK_P4: 2
READ_ADDRESS: ffffffffffffffc7
FAULTING_IP:
nt!_PnpGetObjectProperty+10f
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax
MM_INTERNAL_CODE: 2
CPU_COUNT: 4
CPU_MHZ: ed0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: 9
CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: B4'00000000 (cache) B4'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: NOSTROMO
ANALYSIS_SESSION_TIME: 10-14-2020 21:22:54.0189
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: fffff3046e04f660 -- (.trap 0xfffff3046e04f660)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff3046e04f924 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8062f439373 rsp=fffff3046e04f7f0 rbp=0000000000000008
r8=0000000000000001 r9=000000000000000b r10=fffff8062f430b20
r11=fffff3046e04f7c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!_PnpGetObjectProperty+0x10f:
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax ss:0018:ffffffff`ffffffc7=????????
Resetting default scope
LOCK_ADDRESS: fffff8062f260a00 -- (!locks fffff8062f260a00)
Resource @ nt!PiEngineLock (0xfffff8062f260a00) Exclusively owned
Contention Count = 2
NumberOfExclusiveWaiters = 1
Threads: ffff8907c0b7a600-01<*>
Threads Waiting On Exclusive Access:
ffff8907c0b78640
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff8062f260a00
Thread Count : 1
Thread address: 0xffff8907c0b7a600
Thread wait : 0x185
LAST_CONTROL_TRANSFER: from fffff8062ee36d8d to fffff8062efc9a26
STACK_TEXT:
fffff304`6e04f3b8 fffff806`2f00819e : 00000000`00000050 ffffffff`ffffffc7 00000000`00000002 fffff304`6e04f660 : nt!KeBugCheckEx
fffff304`6e04f3c0 fffff806`2ee9559f : 00000004`00000000 00000000`00000002 00000000`00000000 ffffffff`ffffffc7 : nt!MiSystemFault+0x19dcee
fffff304`6e04f4c0 fffff806`2efd0d5e : ffffe088`ba738db0 fffff806`2ee31b00 00000000`00000000 fffff304`6e04f920 : nt!MmAccessFault+0x34f
fffff304`6e04f660 fffff806`2f439373 : fffff304`6e04f9e8 ffffe088`baa5ccf0 00000000`00000008 ffffe088`ba738db0 : nt!KiPageFault+0x35e
fffff304`6e04f7f0 fffff806`2f51b4e9 : fffff304`6e04f9e8 00000000`00000000 ffffe088`baa5ccf0 a2e302ad`66418d7e : nt!_PnpGetObjectProperty+0x10f
fffff304`6e04f8c0 fffff806`2f440d07 : ffffe088`baa5ccf0 00000000`0180600a ffffe088`00000000 fffff806`00000004 : nt!PiUEventDeviceNeedsInstall+0x141
fffff304`6e04f950 fffff806`2f43fb85 : ffffe088`baa5cc50 ffffe088`baa5cc00 ffffe088`bd0b4720 00000000`00000000 : nt!PiUEventNotifyUserMode+0x1f3
fffff304`6e04f9e0 fffff806`2ee4f0c5 : ffff8907`bd669570 ffff8907`c22e85c0 ffff8907`bd669570 ffff8907`00002000 : nt!PnpDeviceEventWorker+0x2a5
fffff304`6e04fa70 fffff806`2ef31a85 : ffff8907`c22e85c0 00000000`00000080 ffff8907`bd66f080 000024ef`bd9bbfff : nt!ExpWorkerThread+0x105
fffff304`6e04fb10 fffff806`2efca2e8 : ffffb681`4cb39180 ffff8907`c22e85c0 fffff806`2ef31a30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
fffff304`6e04fb60 00000000`00000000 : fffff304`6e050000 fffff304`6e049000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
THREAD_SHA1_HASH_MOD_FUNC: 5a2d5c3fd7f49fe64d5556ebfeb4decab79513c7
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a6b46845e33372382d57291b709d2d59877db794
THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c
FOLLOWUP_IP:
nt!_PnpGetObjectProperty+10f
fffff806`2f439373 8945bf mov dword ptr [rbp-41h],eax
FAULT_INSTR_CODE: 41bf4589
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!_PnpGetObjectProperty+10f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.18362.1139
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 10f
FAILURE_BUCKET_ID: AV_INVALID_nt!_PnpGetObjectProperty
BUCKET_ID: AV_INVALID_nt!_PnpGetObjectProperty
PRIMARY_PROBLEM_CLASS: AV_INVALID_nt!_PnpGetObjectProperty
TARGET_TIME: 2020-10-15T04:06:10.000Z
OSBUILD: 18362
OSSERVICEPACK: 1139
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: a2e3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_nt!_pnpgetobjectproperty
FAILURE_ID_HASH: {d41636d0-8f74-c44f-ded9-84564e2015b0}
Followup: MachineOwner
---------
2: kd> lmvm nt
Browse full module list
start end module name
fffff806`2ee00000 fffff806`2f8b5000 nt (pdb symbols) c:\windows\symbol_cache\ntkrnlmp.pdb\98FFA847A530B3749C7619DA64CD3D4C1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: D6925B99 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00978ED1
ImageSize: 00AB5000
File version: 10.0.18362.1139
Product version: 10.0.18362.1139
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.18362.1139
FileVersion: 10.0.18362.1139 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Continue reading...