[SOLVED] BSOD - NTOSKRNL.exe

[Paranoid01]

Hello everybody,

I'm coming with an issue I have been having for months now.

I have a random BSOD that can happen very randomly (but at least once a week) on what seems to me on random situations. Sometimes when I'm playing games, watching a video and even sometimes while the computer was idle (but very rare). I'm thinking perhaps it's my video card ?

I have had different errors for those:
KERNEL_SECURITY_CHECK_FAILURE
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
SYSTEM_SERVICE_EXCEPTION
DRIVER_IRQL_NOT_LESS_OR_EQUAL (much rarer lately)

Here are my specs:

CPU: AMD R7 1700
GPU: AMD V64 - V: 19.7.2 (I have done several times the DDU on safe mode uninstall + clean install)
Motherboard: Asrock Taichi x370 - Bios v 5.10
RAM: G.Skill FlareX @ 3200 MHz - 2x8 Go


And here are the last reports from who crashed:

On Sun 25/08/2019 14:49:09 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\082519-15484-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1BFCC0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF8077B1CF882, 0xFFFFA20CF35DAF30, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 25/08/2019 14:28:36 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\082519-16421-01.dmp
This was probably caused by the following module: hardware.sys (hardware)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80761E4390D, 0xFFFFA70D5CCC0F20, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hardware.sys .
Google query: hardware.sys SYSTEM_SERVICE_EXCEPTION



On Sun 25/08/2019 14:28:36 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\MEMORY.DMP
This was probably caused by the following module: hardware.sys (hardware)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80761E4390D, 0xFFFFA70D5CCC0F20, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hardware.sys .
Google query: hardware.sys SYSTEM_SERVICE_EXCEPTION



On Tue 20/08/2019 15:25:54 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\082019-16312-01.dmp
This was probably caused by the following module: atikmdag.sys (0xFFFFF8052AD3C42F)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF8052AD3C42F, 0xFFFFB40AE68C0E98, 0xFFFFB40AE68C06E0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\System32\DriverStore\FileRepository\u0344727.inf_amd64_77a3ed2bd62fd231\B344591\atikmdag.sys
product: ATI Radeon Family
company: Advanced Micro Devices, Inc.
description: ATI Radeon Kernel Mode Driver
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, Advanced Micro Devices, Inc.).
Google query: atikmdag.sys Advanced Micro Devices, Inc. SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M



On Sun 18/08/2019 13:49:51 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\081819-16343-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1BFCC0)
Bugcheck code: 0x139 (0x2, 0xFFFFFE06EEF41850, 0xFFFFFE06EEF417A8, 0x0)
Error: KERNEL_SECURITY_CHECK_FAILURE
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: The kernel has detected the corruption of a critical data structure.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 13/08/2019 20:46:42 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\081319-18625-01.dmp
This was probably caused by the following module: hidclass.sys (0xFFFFF8051EABA6D5)
Bugcheck code: 0xD1 (0xFFFFDD0BF27FE690, 0x2, 0x0, 0xFFFFF8051EABA6D5)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\drivers\hidclass.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hid Class Library
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.


Any help is very appreciated.

Thank you

 

[Colif]

can you go to C:\WINDOWS\Minidump
copy the files from here to another folder
upload copies to a file sharing website and show a link to them here

atikmdag.sys = AMD display drivers.
most blame windows kernel. ntoskrnl = nt os kernel. WIndows cannot function without it. Whocrashed blames it but all it really shows is what crashed, it doesn't show why. Dumps should

Have you run the Asrock app store to make sure you have latest motherboard drivers? https://www.asrock.com/mb/AMD/X370 Taichi/index.asp#Download
many of the BSOD are driver, I don't think they all caused by GPU drivers.

 

[Paranoid01]

Hi,

Thank you for your reply.

I did recently upgrade the motherboard from 4.40 to 5.10. The BSOD frequency is roughly the same I believe. The versions above are mostly for new gen Ryzen I believe and I'm not sure I need them since they specifically say to upgrade the drivers if the system runs normally.

Here are the dump files:
https://www.mediafire.com/file/7wrij6roxfgw3sj/minidump.7z/file

 

[Colif]

@PC Tailor can you have a look at these dumps while you around?

 

[PC Tailor]

I've run the dump files and you can see the reports here -these are ordered from most recent to oldest.

Dump 1: https://pste.eu/p/RJ32.html SYSTEM_SERVICE_EXCEPTION (ntkrnlmp.exe)

Dump 2: https://pste.eu/p/RzRc.html SYSTEM_SERVICE_EXCEPTION (hardware)

Dump 3: https://pste.eu/p/qPGN.html SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (atikmdag.sys) THIRD PARTY DRIVER FOUND - AMD VIDEO DRIVERS

Dump 4: https://pste.eu/p/4C5z.html KERNEL_SECURITY_CHECK_FAILURE (win32kbase.sys)

Dump 5: https://pste.eu/p/Fknl.html DRIVER_IRQL_NOT_LESS_OR_EQUAL (HIDCLASS.SYS)

You can view the full reports for detail on each stop error and actions that can be taken.

Some things to consider:

• 3rd dump file identified ATIKMDAG as a potential misbehaving driver, these are your AMD Video Drivers, upon inspection they may be out of date.
• There are multiple newer BIOS versions. But don't not update until advised to do so.
• If you are running any overclock or XMP, disable it.
• I couldn't find reference to the Apogee drivers, @Colif do you know these?
• Always worth looking at the intel Wifi an ethernet drivers.
• Scarlet crush driver was also present which is a known BSOD.
• MSI Afterburner/Rivatuner was present, may need to disable.

You can disable drivers using autoruns (linked in reports)
and update your MB/Chipset drivers here: https://www.asrock.com/mb/AMD/X370 Taichi/index.asp#Download

 

[Paranoid01]

Hello,

Apogee are the drivers from my Amplifier, the full name is Apogee Groove. Probably not the cause because I have for a few weeks and BSOD were happening before getting it.

I do have an XMP running to get my RAM at 3200 MHz...

I'll look into what you provided and come back to you

 

[Colif]

gameflt.sys isn't MIcrosoft Gambling Filter, its Microsoft Gaming Filesystem Driver

Apogee is unclear, I can find results but nothing that is 100%. Possibly audio. Possibly something to do with Siemens

This is getting a little old

BazisVirtualCDBus.sys

27/09/2015

Bazis Inc

WinCDEmu Virtual CD ROM driver

ScpVBus.sys = scarlet Crush. This is used for Playstation controllers, and driver hasn't been updated for 3 years, its a known cause of BSOD. I would remove it and see if it helps reduce bsod.

HIDCLASS.SYS- HID stands for Human Interface Device, and that translates into Keyboards, Mouse and other input devices - possibly scarlet crush caused the 1st BSOD (or 5th, depending how you look at order, since dump 5 is 13th Aug

 

[PC Tailor]

Apogee are the drivers from my Amplifier, the full name is Apogee Groove.

Thank you my friend, I have updated my software accordingly. No longer shall Apogee go unrecognised!

gameflt.sys isn't MIcrosoft Gambling Filter, its Microsoft Gaming Filesystem Driver

Thank you for the clarification, I knew it couldn't be right, thus the ??? around it - I have updated.

Complete agreed with Colif and out thoughts overlap - we've seen Scarlet Crush cause multiple issues in the past. The VirtualCDBus is also a good shout. I'd disable the drivers first, then if no luck, disable your XMP and we'll continue working through the drivers, as we just have to make sure RAM is not causing any strange instability, which it often can.

It's just an easy thing to leave off whilst we diagnose the issue.

 

[Colif]

how to disable drivers from running without uininstalling them - https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

i didn't believe MS had a gambling filter, hence my confusion. its also showing as a 3rd party driver

 

[Paranoid01]

Hello guys,

Thank you all for the help.

I have uninstalled and disabled SCP on autoruns (just uncheck it right ?) I am using another PS controller anyway so it will be fine.
I find it weird that even after uninstall the driver is still there.

Did the same for BazisVirtualCDBus.sys.

Now wait and see for a new BSOD I guess. I will let you know once something happens again (or not)

 

[Colif]

i don't have a lot of experience with AMD gpu errors, majority of driver errors i see are from Nvidia. I don't think what we have done is enough to stop them crashing.

Did you remove afterburner? if crashes are in GPU drivers it might be cause.

scarlet crush can be hard to remove. not surprised it didn't go away.

 

[Paranoid01]

I disabled Afterburner in Autorun as well.

However, I quite like using it, would be bummed if it was the issue.

 

[Colif]

Autoruns just disables the files at startup. If a program needs to run it, it can start it up. Running afterburner manually will start the driver up. Same as for any of the files you stopped.

so if BSOD stop, you can enable it and see if they come back or not.

 

[Paranoid01]

Hello again,

I just had another BSOD. It did happened earlier than I thought.

I guess it's time to remove the XMP profile ?

Here is the minidump file if you want to take a look:

https://www.mediafire.com/file/8dmgs8yr8047o9e/082619-16968-01.dmp/file

 

[PC Tailor]

I have ran the dump file and you can see the full report here: https://pste.eu/p/DOrH.html

Summary of findings:

BugCheck 3B
Probably caused by : memory_corruption

Bugcheck Description:
SYSTEM_SERVICE_EXCEPTION
"This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

The stop code indicates that executing code had an exception and the thread that was it, is a system thread.

The exception information returned in parameter one is listed in NTSTATUS Values and is also available in the ntstatus.h file located in the inc directory of the Windows Driver Kit."

About your bugcheck:
"This is typically driver based and therefore you should reference the third party modules loaded to check which ones may be misbehaving. If any are out of date, try updating or disabling them.

Look at the STACK TEXT for clues on what was running when the failure occurred. If multiple dump files are available, compare information to look for common code that is in the stack"

Some things to consider:
I would highly advise you to view the full report above, as this will contain much more detail as to the bugcheck and modules running at the time.

Due to the bugcheck suggestion being from memory corruption - I would run memtest for at least 4 passes to verify the integrity of your RAM modules. With this I would also disable your XMP for now.

It would appear afterburner may still be running - or RivaTuner?

I'd be tempted to also look at network drivers - are you able to recreate the BSOD or is it completely random and may not occur for a few days?

 

[Colif]

@Rogue Leader are there any known good Vega drivers?
if you disabled MSI Afterburner, something started it up after startup as its running again.

try looking at 2nd post in this thread and think about running driver verifer, it should point to the bad driver instead of us guessing on what it might be - https://forums.tomshardware.com/thr...nclude-in-blue-screen-of-death-posts.3468965/

 

[Rogue Leader]

@Rogue Leader are there any known good Vega drivers?
if you disabled MSI Afterburner, something started it up after startup as its running again.

I've been using the latest AMD Drivers they have been solid. 0 issues.

 

[Colif]

just thought i check

 

[Paranoid01]

Hi Guys.

I have removed the XMP Profile and started doing a memtest. I did only one pass with no errors but it took 1.45h lol and it's already late here. I will do 4 passes tomorrow during the day while I am at work and see if I get more accurate results.

@Colif: For MSI, it seems to have not disabled itself actually. When I checked in Autoruns it was still checked. It's settled now
As for the driver verifier, I will probably do it this weekend as it will probably take time too (Not as long as memtest I hope )

I'll let you know once I have done the memtest first then the Driver Verifier later this week.

Thanks again for all the recommendations, I hope to get to the bottom of it.

 

[Colif]

driver verifer runs in background, it will slow pc down but you should be able to use pc while its working unless/until it causes a BSOD

 

[Paranoid01]

Alright, after running memtest all day without the XMP profile there has been no errors after 4 passes. Although my RAM runs at 2400 MHz now. Should I leave the XMP off until we find the source of the issue ?

Tomorrow I'll do the driver verifier and report back

 

[PC Tailor]

Alright, after running memtest all day without the XMP profile there has been no errors after 4 passes. Although my RAM runs at 2400 MHz now. Should I leave the XMP off until we find the source of the issue ?

Tomorrow I'll do the driver verifier and report back

May as well leave it off till you do driver verifier. Means you know any error isn't due to instability then. And you can still run perfectly fine at 2400.

 

[Paranoid01]

Hi guys,

I am currently the Driver verifier, so far so good after 2hours.

Am I really supposed to let it run 36h uninterrupted ?

 

[Colif]

if it hasn't crashed in 8 or so hours there is a good chance its not a driver causing problem. So I would stop it and um... i have to look through thread again and see what we haven't tried

 

[Colif]

right click start button
choose powershell (admin)
type SFC /scannow and press enter
once its completed, copy/paste this command into same window:
Repair-WindowsImage -Online -RestoreHealth and press enter
SFC fixes system files, second command cleans image files, re run SFC if it failed to fix all files and restart PC

run this and check CPU - - https://www.mersenne.org/download/

run these on GPU (not at same time)
https://geeks3d.com/furmark/
https://benchmark.unigine.com/heaven

download the trial version of HD Sentinel and look on the disk tab, run any tests you can on drives - https://www.hdsentinel.com/hard_disk_sentinel_trial.php

See if you find anything in those parts, the only parts leftt then are PSU & Motherboard and they best left till end.

The BSOD that mentions hardware.sys also mentioned IP_Misalined

the debugger reported IP_MISALIGNED (instruction pointer is how the CPU knows what CPU instruction to execute next)

this could be a power problem to the CPU or a overheating problem or malware infecting something (maybe)

https://forums.tomshardware.com/threads/win-10-blue-screen.2699817/

what PSU do you have?
Have you tried a malwarescan?