Question Request for Windows dump file analysis

Savage One

Distinguished
Apr 2, 2016
153
4
18,595
Hi guys, if someone could take a look at these dump files I'd be very grateful. They're from my little brother's machine who lives quite a ways from me, so I can't do hands on troubleshooting. He was having several BSODs a day, seemingly randomly. From the crash codes I've seen, it seems to be either driver or RAM related, but I guess that's what the dump files would tell us.

I'm going to attach two files, the first file was after a "random" crash, the most recent one. The second was after this, when I had him run driver verifier on windows and he got stuck in a BSOD loop on startup, which I've since gotten him out of. If you choose to help, I'll let you determine which, if not both, are more worthy of taking to time to analyze.

First dump file, last "random" one : https://www.dropbox.com/scl/fi/mk9y...ey=03j5zvweghfnv1ap4swhdl5df&st=fqdn4490&dl=0

Second dump file, when driver verifier was causing BSOD death loop: https://www.dropbox.com/scl/fi/k788...ey=v3b71v81qsp1z5sfrfagcwpjx&st=ddxpof5k&dl=0


Thanks
 
Solution
The Driver Verifier enabled dump wasn't triggered by Driver Verifier specifically, it's a regular SYSTEM_THREAD_EXCEPTION_NOT_HANDLED. That just indicates that an exception in the kernel wasn't able to be handled by the error handing routines and so we had a BSOD.

The earlier dump is a DPC_WATCHDOG_VIOLATION, that indicates that a DPC (the back-end of device interrupt processing) ran for longer than allowed (the DPC code is in the device driver).

In both cases the device being accessed is a USB\VID_046D&PID_C232. You can see this in both dumps...
Code:
....
f870f20c06b18 : 0xfffff80547fe7cb0 : nt!IovpInternalCompletionTrap
0xffff870f20c06b20 : 0x0044003600340030 :  !du "046D&PID_C232\1&1a590e2c"
0xffff870f20c06b28 : 0x0044004900500026...

ubuysa

Distinguished
The Driver Verifier enabled dump wasn't triggered by Driver Verifier specifically, it's a regular SYSTEM_THREAD_EXCEPTION_NOT_HANDLED. That just indicates that an exception in the kernel wasn't able to be handled by the error handing routines and so we had a BSOD.

The earlier dump is a DPC_WATCHDOG_VIOLATION, that indicates that a DPC (the back-end of device interrupt processing) ran for longer than allowed (the DPC code is in the device driver).

In both cases the device being accessed is a USB\VID_046D&PID_C232. You can see this in both dumps...
Code:
....
f870f20c06b18 : 0xfffff80547fe7cb0 : nt!IovpInternalCompletionTrap
0xffff870f20c06b20 : 0x0044003600340030 :  !du "046D&PID_C232\1&1a590e2c"
0xffff870f20c06b28 : 0x0044004900500026 :  !du "&PID_C232\1&1a590e2c"
0xffff870f20c06b30 : 0x003300320043005f :  !du "_C232\1&1a590e2c"
0xffff870f20c06b38 : 0x00260031005c0032 :  !du "2\1&1a590e2c"
0xffff870f20c06b40 : 0x0039003500610031 :  !du "1a590e2c"
0xffff870f20c06c08 : 0xfffff80547975414 : nt!RtlpxVirtualUnwind+0x104
0xffff870f20c06c10 : 0xfffff80547614000 : "nt!VrpRegistryString <PERF> (nt+0x0)"
0xffff870f20c06c58 : 0xfffff80548264d40 : nt!MiSystemPartition
....
The USB device with VID_046D and PID_C232 is the Logitech Gaming Virtual Keyboard. I confess that I have no idea what that is, but from the name is sounds like a virtual device. It's certainly a Logitech construct. The three Logitech drivers that were loaded at dumnp time are a couple of years old...
Code:
8: kd> lmDvmlogi_joy_bus_enum
Browse full module list
start             end                 module name
fffff80c`1ac50000 fffff80c`1ac5c000   logi_joy_bus_enum   (deferred)           
    Image path: \SystemRoot\system32\drivers\logi_joy_bus_enum.sys
    Image name: logi_joy_bus_enum.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:46 2022 (631269D6)
    CheckSum:         00013052
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
8: kd> lmDvmlogi_joy_vir_hid
Browse full module list
start             end                 module name
fffff805`62bb0000 fffff805`62bb9000   logi_joy_vir_hid   (deferred)           
    Image path: \SystemRoot\system32\drivers\logi_joy_vir_hid.sys
    Image name: logi_joy_vir_hid.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:50 2022 (631269DA)
    CheckSum:         00009F14
    ImageSize:        00009000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
8: kd> lmDvmlogi_joy_xlcore
Browse full module list
start             end                 module name
fffff80c`1ac60000 fffff80c`1ac73000   logi_joy_xlcore   (deferred)           
    Image path: \SystemRoot\system32\drivers\logi_joy_xlcore.sys
    Image name: logi_joy_xlcore.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:45 2022 (631269D5)
    CheckSum:         00021AEE
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
I would suggest looking for updated Logitech drivers and find out what the 'gaming virtual keyboard' device actually is and whether your brother really needs it. It would be worth disabling/deleting it as a test in any case to see whether the BSODs stop.

You can deactivate Drive Verifier for now, if we need it activating again I'll give you some detailed instructions on which options to use.
 
Solution

Savage One

Distinguished
Apr 2, 2016
153
4
18,595
The Driver Verifier enabled dump wasn't triggered by Driver Verifier specifically, it's a regular SYSTEM_THREAD_EXCEPTION_NOT_HANDLED. That just indicates that an exception in the kernel wasn't able to be handled by the error handing routines and so we had a BSOD.

The earlier dump is a DPC_WATCHDOG_VIOLATION, that indicates that a DPC (the back-end of device interrupt processing) ran for longer than allowed (the DPC code is in the device driver).

In both cases the device being accessed is a USB\VID_046D&PID_C232. You can see this in both dumps...
Code:
....
f870f20c06b18 : 0xfffff80547fe7cb0 : nt!IovpInternalCompletionTrap
0xffff870f20c06b20 : 0x0044003600340030 :  !du "046D&PID_C232\1&1a590e2c"
0xffff870f20c06b28 : 0x0044004900500026 :  !du "&PID_C232\1&1a590e2c"
0xffff870f20c06b30 : 0x003300320043005f :  !du "_C232\1&1a590e2c"
0xffff870f20c06b38 : 0x00260031005c0032 :  !du "2\1&1a590e2c"
0xffff870f20c06b40 : 0x0039003500610031 :  !du "1a590e2c"
0xffff870f20c06c08 : 0xfffff80547975414 : nt!RtlpxVirtualUnwind+0x104
0xffff870f20c06c10 : 0xfffff80547614000 : "nt!VrpRegistryString <PERF> (nt+0x0)"
0xffff870f20c06c58 : 0xfffff80548264d40 : nt!MiSystemPartition
....
The USB device with VID_046D and PID_C232 is the Logitech Gaming Virtual Keyboard. I confess that I have no idea what that is, but from the name is sounds like a virtual device. It's certainly a Logitech construct. The three Logitech drivers that were loaded at dumnp time are a couple of years old...
Code:
8: kd> lmDvmlogi_joy_bus_enum
Browse full module list
start             end                 module name
fffff80c`1ac50000 fffff80c`1ac5c000   logi_joy_bus_enum   (deferred)          
    Image path: \SystemRoot\system32\drivers\logi_joy_bus_enum.sys
    Image name: logi_joy_bus_enum.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:46 2022 (631269D6)
    CheckSum:         00013052
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
8: kd> lmDvmlogi_joy_vir_hid
Browse full module list
start             end                 module name
fffff805`62bb0000 fffff805`62bb9000   logi_joy_vir_hid   (deferred)          
    Image path: \SystemRoot\system32\drivers\logi_joy_vir_hid.sys
    Image name: logi_joy_vir_hid.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:50 2022 (631269DA)
    CheckSum:         00009F14
    ImageSize:        00009000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
8: kd> lmDvmlogi_joy_xlcore
Browse full module list
start             end                 module name
fffff80c`1ac60000 fffff80c`1ac73000   logi_joy_xlcore   (deferred)          
    Image path: \SystemRoot\system32\drivers\logi_joy_xlcore.sys
    Image name: logi_joy_xlcore.sys
    Browse all global symbols  functions  data
    Timestamp:        Fri Sep  2 23:38:45 2022 (631269D5)
    CheckSum:         00021AEE
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
I would suggest looking for updated Logitech drivers and find out what the 'gaming virtual keyboard' device actually is and whether your brother really needs it. It would be worth disabling/deleting it as a test in any case to see whether the BSODs stop.

You can deactivate Drive Verifier for now, if we need it activating again I'll give you some detailed instructions on which options to use.
I thank you tremendously. After looking into that, the "VID_046D and PID_C232" are part of Logitech G Hub, which is required for driver support over the Logitech peripherals. I too, have those after looking. What is strange is that he doesn't use a Logitech keyboard, just the mouse. Nonetheless, I had him uninstall and reinstall G Hub, which seemed to get his drivers updated. While he was looking at device manager I noticed a warning for "pci encryption decryption controller". Looking into that, it seemed his chipset drivers for his motherboard were acting up. I had him manage those as wells. In conjunction, it seems the BSODs have stopped for now. Not sure which it was precisely, but at the very least you got me to look closer at his device manager.

I'll consider this resolved for now. Thanks for taking the time to analyze those for me.
 
  • Like
Reactions: ubuysa