Ask a new question

I have random BSOD at Windows start up

Hello,

I have been having trouble with windows 7 x64 starting, it does not happen all the time but it will happen maybe every other day, then not happen for a week very intermittent I'd say, when I power up my system, right after the UEFI bios loads, before windows gets a chance load I get a BSOD, I have collected a bunch of crash dump files and it seems to be the same issue with a file related to swmsflt.sys not sure what it means, I googled it and found that it seems to be maybe a driver or something corrupted but not sure, was wondering if there is software bug fix for this or something.

I have not made new hardware additions to my system so I don't think something like that is the problem, I have added 2 external USB HDD attached 24/7 but would that have issues they work fine.

I have made a system restore point with a utility to basically put my system back to just the raw os and sp1 but thought I would see if this is fixable before I took that step.

Here is the latest dump file analysis. 


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\082813-32448-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18205.amd64fre.win7sp1_gdr.130708-1532
Machine Name:
Kernel base = 0xfffff800`03254000 PsLoadedModuleList = 0xfffff800`034976d0
Debug session time: Wed Aug 28 10:31:31.123 2013 (UTC - 4:00)
System Uptime: 0 days 0:00:22.386
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, fffff800035365a4, fffff880050b14f8, fffff880050b0d50}

Unable to load image swmsflt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for swmsflt.sys
*** ERROR: Module load completed but symbols could not be loaded for swmsflt.sys
Probably caused by : swmsflt.sys ( swmsflt+153e )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800035365a4, The address that the exception occurred at
Arg3: fffff880050b14f8, Exception Record Address
Arg4: fffff880050b0d50, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!IoDeleteAllDependencyRelations+20
fffff800`035365a4 488b9d38010000  mov     rbx,qword ptr [rbp+138h]

EXCEPTION_RECORD:  fffff880050b14f8 -- (.exr 0xfffff880050b14f8)
ExceptionAddress: fffff800035365a4 (nt!IoDeleteAllDependencyRelations+0x0000000000000020)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000138
Attempt to read from address 0000000000000138

CONTEXT:  fffff880050b0d50 -- (.cxr 0xfffff880050b0d50)
rax=0000000000000001 rbx=0000000000000000 rcx=fffff800034cdb20
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800035365a4 rsp=fffff880050b1730 rbp=0000000000000000
 r8=fffffa80323288d0  r9=0000000000000000 r10=fffffa8031051760
r11=fffffa80323288e0 r12=fffffa8033655be0 r13=fffffa8033655e18
r14=fffffa8033655be0 r15=fffffa80336ecba8
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
nt!IoDeleteAllDependencyRelations+0x20:
fffff800`035365a4 488b9d38010000  mov     rbx,qword ptr [rbp+138h] ss:0018:00000000`00000138=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000138

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003501100
 0000000000000138 

FOLLOWUP_IP: 
swmsflt+153e
fffff880`04d6153e ??              ???

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff8000326cc73 to fffff800035365a4

STACK_TEXT:  
fffff880`050b1730 fffff800`0326cc73 : 00000000`00000000 fffffa80`33714180 00000000`00000000 00000000`00000000 : nt!IoDeleteAllDependencyRelations+0x20
fffff880`050b1760 fffff880`04d6153e : 00000000`00000001 fffffa80`33655e18 00000000`00000000 fffffa80`336ec3f0 : nt!IoDeleteDevice+0x23
fffff880`050b1790 00000000`00000001 : fffffa80`33655e18 00000000`00000000 fffffa80`336ec3f0 fffff880`050b18c0 : swmsflt+0x153e
fffff880`050b1798 fffffa80`33655e18 : 00000000`00000000 fffffa80`336ec3f0 fffff880`050b18c0 00000000`00000000 : 0x1
fffff880`050b17a0 00000000`00000000 : fffffa80`336ec3f0 fffff880`050b18c0 00000000`00000000 00000000`002a0028 : 0xfffffa80`33655e18


SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  swmsflt+153e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: swmsflt

IMAGE_NAME:  swmsflt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4adde5ae

STACK_COMMAND:  .cxr 0xfffff880050b0d50 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_swmsflt+153e

BUCKET_ID:  X64_0x7E_swmsflt+153e

Followup: MachineOwner



Answer
Answer
Hi,

I received the email, thanks a lot.

All of the latest attached DMP files are of the SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) bugcheck.

If we look at the call stack of the DMP's, we can see the following:

1: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`050b0528 fffff800`0363a584 : 00000000`0000007e ffffffff`c0000005 fffff800`035365a4 fffff880`050b14f8 : nt!KeBugCheckEx
fffff880`050b0530 fffff800`035f4be1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspUnhandledExceptionInSystemThread+0x24
fffff880`050b0570 fffff800`032f4cdc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x223d
fffff880`050b05a0 fffff800`032f475d : fffff800`0342c8a8 fffff880`050b1c00 00000000`00000000 fffff800`03254000 : nt!_C_specific_handler+0x8c
fffff880`050b0610 fffff800`032f3535 : fffff800`0342c8a8 fffff880`050b0688 fffff880`050b14f8 fffff800`03254000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`050b0640 fffff800`033044e1 : fffff880`050b14f8 fffff880`050b0d50 fffff880`00000000 00000000`00000005 : nt!RtlDispatchException+0x415
fffff880`050b0d20 fffff800`032c9202 : fffff880`050b14f8 00000000`00000000 fffff880`050b15a0 00000000`00000000 : nt!KiDispatchException+0x135
fffff880`050b13c0 fffff800`032c7d7a : 00000000`00000000 00000000`00000138 fffff880`009cb100 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`050b15a0 fffff800`035365a4 : fffffa80`336ec4f8 fffff800`032bf5d2 fffffa80`33697800 fffffa80`336ec3f0 : nt!KiPageFault+0x23a (TrapFrame @ fffff880`050b15a0)
fffff880`050b1730 fffff800`0326cc73 : 00000000`00000000 fffffa80`33714180 00000000`00000000 00000000`00000000 : nt!IoDeleteAllDependencyRelations+0x20
fffff880`050b1760 fffff880`04d6153e : 00000000`00000001 fffffa80`33655e18 00000000`00000000 fffffa80`336ec3f0 : nt!IoDeleteDevice+0x23
fffff880`050b1790 00000000`00000001 : fffffa80`33655e18 00000000`00000000 fffffa80`336ec3f0 fffff880`050b18c0 : swmsflt+0x153e
fffff880`050b1798 fffffa80`33655e18 : 00000000`00000000 fffffa80`336ec3f0 fffff880`050b18c0 00000000`00000000 : 0x1
fffff880`050b17a0 00000000`00000000 : fffffa80`336ec3f0 fffff880`050b18c0 00000000`00000000 00000000`002a0028 : 0xfffffa80`33655e18

We can see that swmsflt.sys is mentioned in the stack, as well as the failure bucket ID -

FAILURE_BUCKET_ID:  X64_0x7E_swmsflt+153e

swmsflt.sys is the Sierra Wireless USB Mass Storage Filter Driver. Check for an update here - http://www.sierrawireless.com/Support/Downloads.aspx

If no update is available, I recommend removing the software or device using this driver for temporary troubleshooting purposes.

If the above does not help, I would recommend removing SUPERAntispyware for temporary troubleshooting purposes as it may be causing conflicts.

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer
Answer
Hi,

In order to assist you, we will need the DMP files to analyze what exactly occurred at the time of the crash, etc.

If you don't know where DMP files are located, here's how to get to them:

 1.    Navigate to the %systemroot%\Minidump folder.
 2.    Copy any and all DMP files in the Minidump folder to your Desktop and then zip up these files.
 3.    Upload the zip containing the DMP files to Skydrive or a hosting site of your choice and paste in your reply.

If you are going to use Skydrive but don't know how to upload to it, please visit the following:

http://www.wikihow.com/Use-SkyDrive

Please note that any "cleaner" programs such as TuneUp Utilities, CCleaner, etc, by default will delete DMP files upon use.

If your computer is not generating DMP files, please do the following:

1. Start > type %systemroot% which should show the Windows folder, click on it. Once inside that folder, ensure there is a Minidump folder created. If not, CTRL-SHIFT-N to make a New Folder and name it Minidump.

2. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Performance > Settings > Advanced > Ensure there's a check-mark for 'Automatically manage paging file size for all drives'.

3. Windows key + Pause key. This should bring up System. Click Advanced System Settings on the left > Advanced > Startup and Recovery > Settings > System Failure > ensure there is a check mark next to 'Write an event to the system log' > Ensure 'Automatically restart' is un-checked.

Ensure Small Memory Dump is selected and ensure the path is %systemroot%\Minidump.

4. Double check that the WERS is ENABLED:

Start > Search > type services.msc > Under the name tab, find Windows Error Reporting Service > If the status of the service is not Started then right click it and select Start. Also ensure that under Startup Type it is set to Automatic rather than Manual. You can do this by right clicking it, selecting properties, and under General selecting startup type to 'Automatic', and then click Apply.

If you cannot get into normal mode to do any of this, please do this via Safe Mode.

Regards,

Patrick
Debugger/Reverse Engineer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated December 24, 2017 Views 431 Applies to: