BSOD (with WinDbg Analysis provided)

M

Maniac17

New Member
Hello,

So I've been having a problem with constant BSOD's (it happens basically everyday) whenever I shut down the computer.

It hangs at the Vista logoff/shut down screen for roughly 20 minutes then goes to BSOD (which states DRIVER_POWER_STATE_FAILURE)


I ran the WinDbg tool and here's the analysis of the minidump.


Code: 
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
 
Loading Dump File [C:\Windows\Minidump\Mini091010-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Machine Name:
Kernel base = 0xfffff800`0200f000 PsLoadedModuleList = 0xfffff800`021d3dd0
Debug session time: Fri Sep 10 14:11:03.836 2010 (UTC - 4:00)
System Uptime: 0 days 1:27:58.832
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000009F, {4, 258, fffffa8009d2d720, 0}
Unable to load image \SystemRoot\system32\drivers\RTSTOR64.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for RTSTOR64.SYS
*** ERROR: Module load completed but symbols could not be loaded for RTSTOR64.SYS
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
 subsystem.
Arg2: 0000000000000258, Timeout in seconds.
Arg3: fffffa8009d2d720, The thread currently holding on to the Pnp lock.
Arg4: 0000000000000000
Debugging Details:
------------------
 
DRVPOWERSTATE_SUBCODE:  4
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x9F
PROCESS_NAME:  System
CURRENT_IRQL:  2
STACK_TEXT:  
fffffa60`01db6510 fffff800`0206b6fa : fffffa80`0e550580 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x7f
fffffa60`01db6650 fffff800`020603db : 00000000`00000002 fffffa80`0e550060 00000000`00000002 fffff800`02069480 : nt!KiSwapThread+0x13a
fffffa60`01db66c0 fffffa60`0469e94d : fffffa80`00000000 fffffa80`00000000 fffffa80`0e998000 fffffa80`0e998200 : nt!KeWaitForSingleObject+0x2cb
fffffa60`01db6750 fffffa80`00000000 : fffffa80`00000000 fffffa80`0e998000 fffffa80`0e998200 00000000`00000000 : RTSTOR64+0x494d
fffffa60`01db6758 fffffa80`00000000 : fffffa80`0e998000 fffffa80`0e998200 00000000`00000000 fffffa80`09d2d720 : 0xfffffa80`00000000
fffffa60`01db6760 fffffa80`0e998000 : fffffa80`0e998200 00000000`00000000 fffffa80`09d2d720 00000000`00000270 : 0xfffffa80`00000000
fffffa60`01db6768 fffffa80`0e998200 : 00000000`00000000 fffffa80`09d2d720 00000000`00000270 fffff800`022d3eb4 : 0xfffffa80`0e998000
fffffa60`01db6770 00000000`00000000 : fffffa80`09d2d720 00000000`00000270 fffff800`022d3eb4 fffff880`00000070 : 0xfffffa80`0e998200
 
STACK_COMMAND:  kb
SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME:  Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP:  0
FAILURE_BUCKET_ID:  X64_0x9F_4_ANALYSIS_INCONCLUSIVE
BUCKET_ID:  X64_0x9F_4_ANALYSIS_INCONCLUSIVE
Followup: MachineOwner
---------

Any ideas? (Since all I see is analysis_inconclusive and vista_driver_fault)
 

My Computer

System One

Generally we prefer to have the memory dump files uploaded along with the information in this pinned topic: http://www.vistax64.com/crashes-debugging/282419-blue-screen-death-bsod-posting-instructions.html

But, in this case, there's a couple of things that probably point to the problem.

First is the STOP error:
Code: 
DRIVER_POWER_STATE_FAILURE (9f) 
A driver is causing an inconsistent power state. 
Arguments: 
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp  subsystem. Arg2: 0000000000000258, Timeout in seconds. 
Arg3: fffffa8009d2d720, The thread currently holding on to the Pnp lock. 
Arg4: 0000000000000000
This tells us that the error is caused by a driver, and it's due to a timeout while waiting to do stuff (which is what you're seeing with the delayed shutdown).

Next is this:
Code: 
Unable to load image \SystemRoot\system32\drivers\RTSTOR64.SYS, Win32 error 0n2 
*** WARNING: Unable to verify timestamp for RTSTOR64.SYS 
*** ERROR: Module load completed but symbols could not be loaded for RTSTOR64.SYS
IMO the debugger wouldn't have mentioned RTSTOR64.SYS unless it was needed for the analysis - so it's suspect.

Next is the Stack Text:
Code: 
STACK_TEXT:   
fffffa60`01db6510 fffff800`0206b6fa : fffffa80`0e550580 00000000`00000000 00000000`00000000 00000000`00000000 : [COLOR=Red]nt[/COLOR]!KiSwapContext+0x7f 
fffffa60`01db6650 fffff800`020603db : 00000000`00000002 fffffa80`0e550060 00000000`00000002 fffff800`02069480 : [COLOR=Red]nt[/COLOR]!KiSwapThread+0x13a 
fffffa60`01db66c0 fffffa60`0469e94d : fffffa80`00000000 fffffa80`00000000 fffffa80`0e998000 fffffa80`0e998200 : [COLOR=Red]nt[/COLOR]!KeWaitForSingleObject+0x2cb 
fffffa60`01db6750 fffffa80`00000000 : fffffa80`00000000 fffffa80`0e998000 fffffa80`0e998200 00000000`00000000 : [COLOR=Red]RTSTOR64[/COLOR]+0x494d 
fffffa60`01db6758 fffffa80`00000000 : fffffa80`0e998000 fffffa80`0e998200 00000000`00000000 fffffa80`09d2d720 : 0xfffffa80`00000000 
fffffa60`01db6760 fffffa80`0e998000 : fffffa80`0e998200 00000000`00000000 fffffa80`09d2d720 00000000`00000270 : 0xfffffa80`00000000 
fffffa60`01db6768 fffffa80`0e998200 : 00000000`00000000 fffffa80`09d2d720 00000000`00000270 fffff800`022d3eb4 : 0xfffffa80`0e998000 
fffffa60`01db6770 00000000`00000000 : fffffa80`09d2d720 00000000`00000270 fffff800`022d3eb4 fffff880`00000070 : 0xfffffa80`0e998200
In this we can see that RTSTOR64.sys is the only 3rd party drive mentioned (in most cases, the stuff below it represents stuff from user mode that's not considered in a BSOD analysis of this type). So we have more evidence to suspect RTSTOR64.sys

Finally, I'd suggest running the lmtsmn command in the debugger to list the loaded drivers. First check the date stamp on the RTSTOR64.sys driver, and then check the date stamps on the rest of the drivers. Any very old drivers can be a clue as to further issues with the system (but it gets complicated with Vista - so it's best to just post them for us to have a look at).

So, we think that RTSTOR64.sys is the culprit - so what do we do?
First, we look it up at my website here: Driver Reference
And we find that it's your Realtek card reader device
So go to the link for the Realtek card reader and you'll be able to download the driver.

Then uninstall the currently installed Card Reader driver
Then install the freshly downloaded driver (this procedure helps to ensure the removal of corrupted drivers before replacing them)

Then test to see if that has stopped the BSOD's. Be sure to exercise (use) the card reader to be sure.

Good luck!
 

My Computer

System One

You must log in or register to reply here.
Back
Top