Question

Q: Multiple BSODs daily since Creators fall update—DRIVER_IRQL_NOT_LESS_OR_EQUAL, error in tcpip.sys

This has gone on for a month now, and my patience has worn thin.

Since Creators fall, my PC BSODs multiple times a day—between three and six is the norm. I had hoped that with the seriousness of this bug—one where I have lost hours of work—one of your subsequent updates would address it. That has not happened.

The error is DRIVER_IRQL_NOT_LESS_OR_EQUAL, and the error is in tcpip.sys.

I have tried the usual SFC scannow and the routine copy-and-paste stuff I see on this forum. Drivers are all up to date and I have even gone to individual manufacturers’ sites to download theirs.

My suspicion is that there is some USB incompatibility between Windows 10 Creators fall update and the Asus motherboard I have, but Asus has no new drivers.

I say this as the system BSODs often when I use Explorer to browse files. The moment Explorer tries to access other hard drives, it can BSOD. One time my partner unplugged her phone and managed to BSOD the PC.

I have made sure that in the power settings, none of the drives are on a power-saving mode, but that has made no difference.

After running Windbg on the dump file, I get this:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck D1, {3c, 2, 1, fffff8042c893f90}
 
Probably caused by : NETIO.SYS ( NETIO!StreamInjectRequestsToStack+239 )
 
Followup:     MachineOwner
---------

In more depth:

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000000003c, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80a5f3a3f90, address which referenced memory
 
Debugging Details:
------------------
 
 
DUMP_CLASS: 1
 
DUMP_QUALIFIER: 400
 
BUILD_VERSION_STRING:  10.0.16299.98 (WinBuild.160101.0800)
 
SYSTEM_MANUFACTURER:  System manufacturer
 
SYSTEM_PRODUCT_NAME:  System Product Name
 
SYSTEM_SKU:  SKU
 
SYSTEM_VERSION:  System Version
 
BIOS_VENDOR:  American Megatrends Inc.
 
BIOS_VERSION:  1002
 
BIOS_DATE:  08/23/2011
 
BASEBOARD_MANUFACTURER:  ASUSTeK Computer INC.
 
BASEBOARD_PRODUCT:  P8H67-M LE
 
BASEBOARD_VERSION:  Rev X.0x
 
DUMP_TYPE:  2
 
BUGCHECK_P1: 3c
 
BUGCHECK_P2: 2
 
BUGCHECK_P3: 1
 
BUGCHECK_P4: fffff80a5f3a3f90
 
WRITE_ADDRESS: fffff8035de7d380: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
 000000000000003c 
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
tcpip!TcpBeginTcbSend+2c0
fffff80a`5f3a3f90 f0ff403c        lock inc dword ptr [rax+3Ch]
 
CPU_COUNT: 4
 
CPU_MHZ: cdd
 
CPU_VENDOR:  GenuineIntel
 
CPU_FAMILY: 6
 
CPU_MODEL: 2a
 
CPU_STEPPING: 7
 
CPU_MICROCODE: 6,2a,7,0 (F,M,S,R)  SIG: 29'00000000 (cache) 29'00000000 (init)
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
BUGCHECK_STR:  AV
 
PROCESS_NAME:  System
 
ANALYSIS_SESSION_HOST:  GLADIATOR
 
ANALYSIS_SESSION_TIME:  12-11-2017 22:13:31.0160
 
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
 
TRAP_FRAME:  ffffee875b741090 -- (.trap 0xffffee875b741090)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=00000000f9cf9bc2
rdx=ffffb28e04104530 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80a5f3a3f90 rsp=ffffee875b741220 rbp=ffffee875b741320
 r8=0000000000000000  r9=ffffb28e04104470 r10=ffffb28e04104470
r11=ffffee875b7411c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
tcpip!TcpBeginTcbSend+0x2c0:
fffff80a`5f3a3f90 f0ff403c        lock inc dword ptr [rax+3Ch] ds:00000000`0000003c=????????
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff8035dbf49e9 to fffff8035dbe90e0
 
STACK_TEXT:  
ffffee87`5b740f48 fffff803`5dbf49e9 : 00000000`0000000a 00000000`0000003c 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffee87`5b740f50 fffff803`5dbf2d7d : 00000000`00000014 ffffb28e`041f0798 fffff80a`5f514000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffee87`5b741090 fffff80a`5f3a3f90 : 00000000`00000001 ffffb28e`04195cc0 ffffb28d`fb86cb2c ffffb28e`00000014 : nt!KiPageFault+0x23d
ffffee87`5b741220 fffff80a`5f3a2fcd : ffffb28e`00e96000 ffffee87`5b7416f0 fffff80a`5f514000 00000000`00000000 : tcpip!TcpBeginTcbSend+0x2c0
ffffee87`5b7414a0 fffff80a`5f3a2c05 : ffffb28e`04195cc0 00000000`00000001 00000000`000002bb ffffb28d`fbb2a280 : tcpip!TcpTcbSend+0x2fd
ffffee87`5b741820 fffff80a`5f3a28b7 : 00000000`009a2b39 ffffee87`5b741a00 00000000`0031100b 00000000`00000000 : tcpip!TcpEnqueueTcbSendOlmNotifySendComplete+0xc5
ffffee87`5b741850 fffff80a`5f44dee8 : ffffb28d`fec27080 00000000`00000000 00000000`00004000 ffffb28e`04069440 : tcpip!TcpEnqueueTcbSend+0x2b7
ffffee87`5b741960 fffff80a`5e391201 : fffff80a`00000002 00000000`00000000 ffffee87`5b741a78 fffff80a`5f514000 : tcpip!InetInspectInjectSend+0x18
ffffee87`5b741990 fffff80a`5e391833 : ffffb28d`fbfb9970 ffffb28e`04195cc0 00000000`00000000 00000000`000000cd : NETIO!StreamInjectRequestsToStack+0x239
ffffee87`5b741a70 fffff80a`5e391966 : 00000000`00000000 ffffb28e`00a9f770 00000000`00000002 ffffb28e`04069440 : NETIO!StreamPermitDataHelper+0x5f
ffffee87`5b741aa0 fffff803`5db8114b : ffffb28e`010374f0 ffffb28e`01037400 ffffb28d`fc1fba70 ffffb28e`0132b080 : NETIO!StreamPermitRemoveDataWorkerRoutine+0xe6
ffffee87`5b741b10 fffff803`5dac1e05 : ffffb28d`faede2b0 ffffb28e`04069300 fffff803`5db81050 00000000`00000000 : nt!IopProcessWorkItem+0xfb
ffffee87`5b741b80 fffff803`5daadf87 : 00000000`00000000 00000000`00000080 ffffb28d`faed6040 ffffb28e`04069300 : nt!ExpWorkerThread+0xf5
ffffee87`5b741c10 fffff803`5dbee676 : ffffc381`67c9d180 ffffb28e`04069300 fffff803`5daadf40 00000000`00000246 : nt!PspSystemThreadStartup+0x47
ffffee87`5b741c60 00000000`00000000 : ffffee87`5b742000 ffffee87`5b73c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
 
 
THREAD_SHA1_HASH_MOD_FUNC:  4e774be22ad200b119eaec04d36c9254793a847f
 
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  780a68c2aa88c766cab280656d1c86148905a881
 
THREAD_SHA1_HASH_MOD:  ca9ed088408d7268e0908bb3357cdf1d0f735a18
 
FOLLOWUP_IP: 
NETIO!StreamInjectRequestsToStack+239
fffff80a`5e391201 8bf0            mov     esi,eax
 
FAULT_INSTR_CODE:  33df08b
 
SYMBOL_STACK_INDEX:  8
 
SYMBOL_NAME:  NETIO!StreamInjectRequestsToStack+239
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: NETIO
 
IMAGE_NAME:  NETIO.SYS
 
DEBUG_FLR_IMAGE_TIMESTAMP:  302c3e5d
 
IMAGE_VERSION:  10.0.16299.64
 
STACK_COMMAND:  .thread ; .cxr ; kb
 
BUCKET_ID_FUNC_OFFSET:  239
 
FAILURE_BUCKET_ID:  AV_NETIO!StreamInjectRequestsToStack
 
BUCKET_ID:  AV_NETIO!StreamInjectRequestsToStack
 
PRIMARY_PROBLEM_CLASS:  AV_NETIO!StreamInjectRequestsToStack
 
TARGET_TIME:  2017-12-11T22:04:40.000Z
 
OSBUILD:  16299
 
OSSERVICEPACK:  98
 
SERVICEPACK_NUMBER: 0
 
OS_REVISION: 0
 
SUITE_MASK:  784
 
PRODUCT_TYPE:  1
 
OSPLATFORM_TYPE:  x64
 
OSNAME:  Windows 10
 
OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal
 
OS_LOCALE:  
 
USER_LCID:  0
 
OSBUILD_TIMESTAMP:  2017-11-26 11:49:20
 
BUILDDATESTAMP_STR:  160101.0800
 
BUILDLAB_STR:  WinBuild
 
BUILDOSVER_STR:  10.0.16299.98
 
ANALYSIS_SESSION_ELAPSED_TIME:  d91
 
ANALYSIS_SOURCE:  KM
 
FAILURE_ID_HASH_STRING:  km:av_netio!streaminjectrequeststostack
 
FAILURE_ID_HASH:  {c1b2a924-d392-26d5-b3a7-c0515a6a6bac}
 
Followup:     MachineOwner

---------

I believe there is a serious bug here, one that did not exist with Creators spring, which worked reasonably well. I honestly have not seen this number of BSODs per day since a faulty machine was running Vista. This far exceeds anything I have experienced with 3·1, 95, 2000, XP or 7. 

Indeed, going back through the number of posts I have made since 10 was released, I have to conclude this OS has been a real lemon. Please fix this—whatever you did with fall and the USB control, change it back!



* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

We need the dump files for a better analysis of the problem. Instructions can be found here:

http://answers.microsoft.com/en-us/windows/wiki/windows_other-system/blue-screen-of-death-bsod/1939df35-283f-4830-a4dd-e95ee5d8669d

Sumit
Windows Insider MVP 2018-2019
Do not shoot the messenger

Did this solve your problem?

Sorry this didn't help.


Thank you, Sumit.

Here is the Speccy output:

http://speccy.piriform.com/results/nXXDEIWOoo0UCVix1QLbHyP

The computer BSODed during compilation of the msinfo32 but I managed to get that NFO file after it rebooted:

http://www.filedropper.com/computer_4

The dumps are here:

http://www.filedropper.com/010318-6765-01

Hope you can spot something among these.

Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.


Looks like it is something related to the Network driver.

First of all, a newer version of BIOS is available is here:

https://www.asus.com/Motherboards/P8H67M_LE/HelpDesk_BIOS/

After updating that, 

No drivers were named in the crashes, so our next step would be to find the offending driver if any. 

Enable Driver Verifier:

http://answers.microsoft.com/en-us/windows/wiki/windows_other-system/driver-verifier-tracking-down-a-mis-behaving/f5cb4faf-556b-4b6d-95b3-c48669e4c983

Upload the newer dumps when you get Driver_Verifier_detected_voilation.

Please note that the system might crash before you reach the desktop-if it does please let us know so that we can guide you to disable Verifier.



Sumit
Windows Insider MVP 2018-2019
Do not shoot the messenger

Did this solve your problem?

Sorry this didn't help.

2 people were helped by this reply


Thank you, Sumit. I see the BIOS update is from 2014. Unless you’ve seen something to the contrary, I have had this done at the computer shop where I bought the PC (an earlier Windows 10 update bricked this computer). 

I will run the driver verifier when I get some time and report back. An earlier attempt at running it caused this:

Stop code: DRIVER_VERIFIER_DETECTED_VIOLATION
What failed: avgntflt.sys

I understand this is an Avira file. I have removed it before, then reinstalled.

Things may have changed since I ran driver verifier in December—I will come back when I have more. 

Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.


Hi Sumit, here is the dump file from the driver verifier. The PC actually crashed twice on start-up after verifier was turned on, but only one dump file from that time can be found. (However, there are six dump files from today alone, which gives you an idea of the frequency of BSODs since the fall update. I am happy to supply all six if required.)

https://ufile.io/dkngm

In case this helps, Sumit, here is what Windbg reveals. I have never heard of Mozy Change Monitor Filter Driver and don’t know what it would have come with.


Microsoft (R) Windows Debugger Version 10.0.16299.15 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\011618-9765-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 16299.15.amd64fre.rs3_release.170928-1534
Machine Name:
Kernel base = 0xfffff801`98815000 PsLoadedModuleList = 0xfffff801`98b7bfd0
Debug session time: Tue Jan 16 22:17:59.913 2018 (UTC + 0:00)
System Uptime: 0 days 0:00:02.645
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
.......
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {2000, fffff80b80a42252, 0, 726c5346}

*** WARNING: Unable to verify timestamp for MOBK.sys
*** ERROR: Module load completed but symbols could not be loaded for MOBK.sys
Probably caused by : MOBK.sys ( MOBK+12252 )

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80b80a42252, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 00000000726c5346, Pool Tag (if provided).

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.16299.192 (WinBuild.160101.0800)

DUMP_TYPE:  2

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff80b80a42252

BUGCHECK_P3: 0

BUGCHECK_P4: 726c5346

BUGCHECK_STR:  0xc4_2000

CPU_COUNT: 4

CPU_MHZ: cdd

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 2a

CPU_STEPPING: 7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  GLADIATOR

ANALYSIS_SESSION_TIME:  01-16-2018 22:34:36.0934

ANALYSIS_VERSION: 10.0.16299.15 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80198fbf2d3 to fffff8019898a6e0

STACK_TEXT:  
ffffc089`2ca05f88 fffff801`98fbf2d3 : 00000000`000000c4 00000000`00002000 fffff80b`80a42252 00000000`00000000 : nt!KeBugCheckEx
ffffc089`2ca05f90 fffff801`98a8910f : fffff801`98b6ba7c 00000000`00002000 fffff80b`80a42252 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0xdf
ffffc089`2ca05fd0 fffff801`98fb740c : 00000000`726c5346 fffff801`98b6ba7c fffff80b`80a42252 fffff801`98a2bd1e : nt!VfReportIssueWithOptions+0x103
ffffc089`2ca06020 fffff801`98fcda7a : 00000000`00000000 00000000`00000001 00000000`00000460 ffffc089`2ca060c0 : nt!VfCheckPoolType+0x90
ffffc089`2ca06060 fffff80b`80a42252 : 00000000`00000001 ffffc089`2ca06a40 ffffaf87`aa767ce0 00000000`00000000 : nt!VerifierExInitializeNPagedLookasideList+0x5a
ffffc089`2ca060e0 00000000`00000001 : ffffc089`2ca06a40 ffffaf87`aa767ce0 00000000`00000000 00000000`00000460 : MOBK+0x12252
ffffc089`2ca060e8 ffffc089`2ca06a40 : ffffaf87`aa767ce0 00000000`00000000 00000000`00000460 00000000`726c5346 : 0x1
ffffc089`2ca060f0 ffffaf87`aa767ce0 : 00000000`00000000 00000000`00000460 00000000`726c5346 00000000`00000064 : 0xffffc089`2ca06a40
ffffc089`2ca060f8 00000000`00000000 : 00000000`00000460 00000000`726c5346 00000000`00000064 00000000`00000000 : 0xffffaf87`aa767ce0


THREAD_SHA1_HASH_MOD_FUNC:  4af57eff14eb5f6ed77f2a21c16c6886750edd88

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8f533416cdd906c8ba031562452fe0cb710b2d56

THREAD_SHA1_HASH_MOD:  40d8abd062b06340b37b690972941c25cdbae66b

FOLLOWUP_IP: 
MOBK+12252
fffff80b`80a42252 4c8d442440      lea     r8,[rsp+40h]

FAULT_INSTR_CODE:  24448d4c

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  MOBK+12252

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: MOBK

IMAGE_NAME:  MOBK.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b3d69e7

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  12252

FAILURE_BUCKET_ID:  0xc4_2000_VRF_MOBK!unknown_function

BUCKET_ID:  0xc4_2000_VRF_MOBK!unknown_function

PRIMARY_PROBLEM_CLASS:  0xc4_2000_VRF_MOBK!unknown_function

TARGET_TIME:  2018-01-16T22:17:59.000Z

OSBUILD:  16299

OSSERVICEPACK:  192

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-01-01 11:07:05

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.16299.192

ANALYSIS_SESSION_ELAPSED_TIME:  10ba

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_2000_vrf_mobk!unknown_function

FAILURE_ID_HASH:  {2b8fe052-f36b-2dfc-2f57-77a628de46d8}

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80b80a42252, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 00000000726c5346, Pool Tag (if provided).

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.16299.192 (WinBuild.160101.0800)

DUMP_TYPE:  2

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff80b80a42252

BUGCHECK_P3: 0

BUGCHECK_P4: 726c5346

BUGCHECK_STR:  0xc4_2000

CPU_COUNT: 4

CPU_MHZ: cdd

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 2a

CPU_STEPPING: 7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  GLADIATOR

ANALYSIS_SESSION_TIME:  01-16-2018 22:34:41.0220

ANALYSIS_VERSION: 10.0.16299.15 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80198fbf2d3 to fffff8019898a6e0

STACK_TEXT:  
ffffc089`2ca05f88 fffff801`98fbf2d3 : 00000000`000000c4 00000000`00002000 fffff80b`80a42252 00000000`00000000 : nt!KeBugCheckEx
ffffc089`2ca05f90 fffff801`98a8910f : fffff801`98b6ba7c 00000000`00002000 fffff80b`80a42252 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0xdf
ffffc089`2ca05fd0 fffff801`98fb740c : 00000000`726c5346 fffff801`98b6ba7c fffff80b`80a42252 fffff801`98a2bd1e : nt!VfReportIssueWithOptions+0x103
ffffc089`2ca06020 fffff801`98fcda7a : 00000000`00000000 00000000`00000001 00000000`00000460 ffffc089`2ca060c0 : nt!VfCheckPoolType+0x90
ffffc089`2ca06060 fffff80b`80a42252 : 00000000`00000001 ffffc089`2ca06a40 ffffaf87`aa767ce0 00000000`00000000 : nt!VerifierExInitializeNPagedLookasideList+0x5a
ffffc089`2ca060e0 00000000`00000001 : ffffc089`2ca06a40 ffffaf87`aa767ce0 00000000`00000000 00000000`00000460 : MOBK+0x12252
ffffc089`2ca060e8 ffffc089`2ca06a40 : ffffaf87`aa767ce0 00000000`00000000 00000000`00000460 00000000`726c5346 : 0x1
ffffc089`2ca060f0 ffffaf87`aa767ce0 : 00000000`00000000 00000000`00000460 00000000`726c5346 00000000`00000064 : 0xffffc089`2ca06a40
ffffc089`2ca060f8 00000000`00000000 : 00000000`00000460 00000000`726c5346 00000000`00000064 00000000`00000000 : 0xffffaf87`aa767ce0


THREAD_SHA1_HASH_MOD_FUNC:  4af57eff14eb5f6ed77f2a21c16c6886750edd88

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8f533416cdd906c8ba031562452fe0cb710b2d56

THREAD_SHA1_HASH_MOD:  40d8abd062b06340b37b690972941c25cdbae66b

FOLLOWUP_IP: 
MOBK+12252
fffff80b`80a42252 4c8d442440      lea     r8,[rsp+40h]

FAULT_INSTR_CODE:  24448d4c

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  MOBK+12252

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: MOBK

IMAGE_NAME:  MOBK.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b3d69e7

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  12252

FAILURE_BUCKET_ID:  0xc4_2000_VRF_MOBK!unknown_function

BUCKET_ID:  0xc4_2000_VRF_MOBK!unknown_function

PRIMARY_PROBLEM_CLASS:  0xc4_2000_VRF_MOBK!unknown_function

TARGET_TIME:  2018-01-16T22:17:59.000Z

OSBUILD:  16299

OSSERVICEPACK:  192

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-01-01 11:07:05

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.16299.192

ANALYSIS_SESSION_ELAPSED_TIME:  11a4

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_2000_vrf_mobk!unknown_function

FAILURE_ID_HASH:  {2b8fe052-f36b-2dfc-2f57-77a628de46d8}

Followup:     MachineOwner
---------

Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.


I see the driver relates to Change Monitor Filter Driver having http://mozy.force.com/support/ as the website.

Any similar software you use? You need to uninstall that.

I can look at the dump if you cannot figure out what Software Mobk.sys relates to.

Sumit
Windows Insider MVP 2018-2019
Do not shoot the messenger

Did this solve your problem?

Sorry this didn't help.

2 people were helped by this reply


Hi Sumit, I have never heard of this program. I looked at the driver file and notice that it’s a 2010 version, installed in 2012. 

I have gone into safe mode and deleted the driver altogether—I don’t think it will affect anything and I can see nothing in my installed programs’ or drivers’ lists from Mozy, Inc. I’ll report back if any problems occur but I think this might be the solution—thank you.
Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.

2 people were helped by this reply


Looks like I spoke too soon. Despite a stable 24-plus hours, I’ve just had another crash, same error message.
Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.


Hi Sumit, here is the latest. Looks like it’s now the Oracle VM I have to run Windows XP apps. It is an older version, but newer ones always created an error, so I stuck with this. I might remove and reinstall.


Microsoft (R) Windows Debugger Version 10.0.16299.15 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\011818-8906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 16299 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 16299.15.amd64fre.rs3_release.170928-1534
Machine Name:
Kernel base = 0xfffff802`8ec04000 PsLoadedModuleList = 0xfffff802`8ef6afd0
Debug session time: Thu Jan 18 00:32:41.007 2018 (UTC + 0:00)
System Uptime: 0 days 0:00:05.739
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
...........................
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {2000, fffff80b8fad1763, 0, 54525049}

*** WARNING: Unable to verify timestamp for VBoxDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for VBoxDrv.sys
Probably caused by : VBoxDrv.sys ( VBoxDrv+21763 )

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff80b8fad1763, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000054525049, Pool Tag (if provided).

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  10.0.16299.192 (WinBuild.160101.0800)

DUMP_TYPE:  2

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff80b8fad1763

BUGCHECK_P3: 0

BUGCHECK_P4: 54525049

BUGCHECK_STR:  0xc4_2000

CPU_COUNT: 4

CPU_MHZ: cdd

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 2a

CPU_STEPPING: 7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  GLADIATOR

ANALYSIS_SESSION_TIME:  01-18-2018 00:42:50.0358

ANALYSIS_VERSION: 10.0.16299.15 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8028f3ae2d3 to fffff8028ed796e0

STACK_TEXT:  
fffffd0f`38c066b8 fffff802`8f3ae2d3 : 00000000`000000c4 00000000`00002000 fffff80b`8fad1763 00000000`00000000 : nt!KeBugCheckEx
fffffd0f`38c066c0 fffff802`8ee7810f : fffff802`8ef5aa7c 00000000`00002000 fffff80b`8fad1763 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0xdf
fffffd0f`38c06700 fffff802`8f3a640c : 00000000`54525049 fffff802`8ef5aa7c fffff80b`8fad1763 00000000`00000000 : nt!VfReportIssueWithOptions+0x103
fffffd0f`38c06750 fffff802`8f3a41c1 : 00000000`54525049 fffffd0f`38c06a40 00000000`00000000 00000000`00000010 : nt!VfCheckPoolType+0x90
fffffd0f`38c06790 fffff80b`8fad1763 : 00000000`00000028 fffffd0f`38c06850 fffff80b`8fadd1b0 fffff80b`8face6b7 : nt!VerifierExAllocatePoolEx+0x21
fffffd0f`38c067e0 00000000`00000028 : fffffd0f`38c06850 fffff80b`8fadd1b0 fffff80b`8face6b7 fffff80b`8fae66f8 : VBoxDrv+0x21763
fffffd0f`38c067e8 fffffd0f`38c06850 : fffff80b`8fadd1b0 fffff80b`8face6b7 fffff80b`8fae66f8 fffff80b`8fac7490 : 0x28
fffffd0f`38c067f0 fffff80b`8fadd1b0 : fffff80b`8face6b7 fffff80b`8fae66f8 fffff80b`8fac7490 00000000`00000002 : 0xfffffd0f`38c06850
fffffd0f`38c067f8 fffff80b`8face6b7 : fffff80b`8fae66f8 fffff80b`8fac7490 00000000`00000002 ffffaa85`e07539c0 : VBoxDrv+0x2d1b0
fffffd0f`38c06800 fffff80b`8fae66f8 : fffff80b`8fac7490 00000000`00000002 ffffaa85`e07539c0 fffff80b`8fadd470 : VBoxDrv+0x1e6b7
fffffd0f`38c06808 fffff80b`8fac7490 : 00000000`00000002 ffffaa85`e07539c0 fffff80b`8fadd470 00000000`00000000 : VBoxDrv+0x366f8
fffffd0f`38c06810 00000000`00000002 : ffffaa85`e07539c0 fffff80b`8fadd470 00000000`00000000 fffff802`8d82f180 : VBoxDrv+0x17490
fffffd0f`38c06818 ffffaa85`e07539c0 : fffff80b`8fadd470 00000000`00000000 fffff802`8d82f180 fffff80b`8fac33da : 0x2
fffffd0f`38c06820 fffff80b`8fadd470 : 00000000`00000000 fffff802`8d82f180 fffff80b`8fac33da fffff80b`8fadd4d0 : 0xffffaa85`e07539c0
fffffd0f`38c06828 00000000`00000000 : fffff802`8d82f180 fffff80b`8fac33da fffff80b`8fadd4d0 49656e69`756e6547 : VBoxDrv+0x2d470


THREAD_SHA1_HASH_MOD_FUNC:  6de1c39a9fdb46991e6ddf4b51e05083a4e870b5

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  3ee5850b542a0f47f5a3a02387b3fde42f793443

THREAD_SHA1_HASH_MOD:  8258fd669c9df5d06222a1f394374242dbf2dcf4

FOLLOWUP_IP: 
VBoxDrv+21763
fffff80b`8fad1763 4885c0          test    rax,rax

FAULT_INSTR_CODE:  75c08548

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  VBoxDrv+21763

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: VBoxDrv

IMAGE_NAME:  VBoxDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5375fedb

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  21763

FAILURE_BUCKET_ID:  0xc4_2000_VRF_VBoxDrv!unknown_function

BUCKET_ID:  0xc4_2000_VRF_VBoxDrv!unknown_function

PRIMARY_PROBLEM_CLASS:  0xc4_2000_VRF_VBoxDrv!unknown_function

TARGET_TIME:  2018-01-18T00:32:41.000Z

OSBUILD:  16299

OSSERVICEPACK:  192

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-01-01 11:07:05

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.16299.192

ANALYSIS_SESSION_ELAPSED_TIME:  34b3

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_2000_vrf_vboxdrv!unknown_function

FAILURE_ID_HASH:  {5d8b1cf7-9c60-f2fe-dd09-bd217e8c537e}

Followup:     MachineOwner
---------

Jack Yan
jackyan.com

Did this solve your problem?

Sorry this didn't help.


Looks like you forgot to turn off the Verifier:

First of all, type in 

Verifier /Reset

in Admin Command Prompt 

To disable Driver Verifier.

Then proceed with Reinstalling Virtualbox.

Sumit
Windows Insider MVP 2018-2019
Do not shoot the messenger

Did this solve your problem?

Sorry this didn't help.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
Question Info

Views: 230 Last updated: March 12, 2018 Applies to: