BSOD with kernel power while playing Diablo 3


  1. Posts : 2
    Windows 7 Ultimate x64
       #1

    BSOD with kernel power while playing Diablo 3


    Hi guys, my new rig specs as follows:

    CPU: Intel i5 3570k with Asrock extreme 6
    GFX: Palit GTX670
    PSU: Corsair AX850
    SSD Crucial m4 256gb
    RAM: Gskill 8gb
    OS: Win7 Ultimate 64bit

    Everything running on stock.

    While i was playing Diablo 3, it suddenly BSOD, and i checked the event viewer, there was a Kernel power error:
    BugcheckCode 194
    BugcheckParameter1 0x7
    BugcheckParameter2 0x109b
    BugcheckParameter3 0x4060016
    BugcheckParameter4 0xfffffa800c569650
    SleepInProgress false
    PowerButtonTimestamp 0

    After that when playing again, i notice artifacts in D3 time to time.

    Drivers and windows updated to latest version.

    Attached is the minidump.

    Would really appreciate inputs.

    Thanks in advance!
      My Computer


  2. Posts : 1,314
    Windows 7 64-bit
       #2

    It looks like Avast filter driver for IPSec (aswrdr2.sys) is responsible, but given that this BSOD was caused by the driver trying to free pooled memory after it's already been pooled, it may either be Avast erroneously attempting to free the pooled memory a second time, or something else snuck in (most certainly another firewall, AV or other IPSec software/driver) and freed the pool, then Avast attempted to do so again and the system bugged out cuz of it. This can occur if you have multiple firewall or other AV and security software installed and running simultaneously. You should only have one firewall solution and one AV solution. If the AV solution includes firewall, it'll bump into your dedicated firewall software, and vice versa.

    Unfortunately, this minidump cannot serve us further beyond this speculation. There are some related items I could check that could give us really good clues as to what may have freed this pool prior, but that data is not retained in a minidump.

    If you wish, you can turn on Driver Verifier and let it crash again and send us the resulting minidump, since DV catch the problem earlier. For checks to select, do not select Force Pending I/O Requests, Low Resource Sim, or IRP Logging. You may select the rest of the checks. Remember to restart PC after everything is set up.

    As for any potential solutions to this, aside from cleaning up your AV and firewall stuff, make sure to update both your network drivers and Avast. I see that the filter driver for Avast is pretty new, May 6, but there's always a chance a bug got introduced recently and Avast has already gone and fixed it.

    Analysts:

    !analyze -v output:

    Code:
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000007, Attempt to free pool which was already freed
    Arg2: 000000000000109b, (reserved)
    Arg3: 0000000004060016, Memory contents of the pool block
    Arg4: fffffa800c569650, Address of the block of pool being deallocated
    
    Debugging Details:
    ------------------
    
    TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
    
    POOL_ADDRESS:  fffffa800c569650 Nonpaged pool
    
    FREED_POOL_TAG:  Fwpp
    
    BUGCHECK_STR:  0xc2_7_Fwpp
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from fffff80002fbabe9 to fffff80002e901c0
    
    STACK_TEXT:  
    fffff880`069ed578 fffff800`02fbabe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`04060016 : nt!KeBugCheckEx
    fffff880`069ed580 fffff880`01c701a1 : 00000000`00000000 fffff8a0`0194de40 fffffa80`0c569658 fffff880`01c68de4 : nt!ExDeferredFreePool+0x1201
    fffff880`069ed630 fffff880`01c9ed68 : 00000000`00000000 fffffa80`0c569650 fffff8a0`017f8ec0 00000000`00000000 : fwpkclnt!WfpNamedPoolFree+0x19
    fffff880`069ed660 fffff880`01c9946e : 00000000`00000000 fffff880`01c956a8 fffffa80`0c8faac0 fffff880`01c956a8 : fwpkclnt!FwppSessionDestroy+0x64
    fffff880`069ed690 fffff880`0473992b : fffffa80`0c569650 00000000`000007ff fffff8a0`0194d058 fffffa80`0c3d6040 : fwpkclnt!FwpmEngineClose0+0x42
    fffff880`069ed6d0 fffffa80`0c569650 : 00000000`000007ff fffff8a0`0194d058 fffffa80`0c3d6040 fffff880`0473e978 : aswrdr2+0x492b
    fffff880`069ed6d8 00000000`000007ff : fffff8a0`0194d058 fffffa80`0c3d6040 fffff880`0473e978 fffffa80`06988c1c : 0xfffffa80`0c569650
    fffff880`069ed6e0 fffff8a0`0194d058 : fffffa80`0c3d6040 fffff880`0473e978 fffffa80`06988c1c fffffa80`06988c1c : 0x7ff
    fffff880`069ed6e8 fffffa80`0c3d6040 : fffff880`0473e978 fffffa80`06988c1c fffffa80`06988c1c fffff8a0`0194d030 : 0xfffff8a0`0194d058
    fffff880`069ed6f0 fffff880`0473e978 : fffffa80`06988c1c fffffa80`06988c1c fffff8a0`0194d030 fffff8a0`0194d058 : 0xfffffa80`0c3d6040
    fffff880`069ed6f8 fffffa80`06988c1c : fffffa80`06988c1c fffff8a0`0194d030 fffff8a0`0194d058 fffff8a0`0194bb10 : aswrdr2+0x9978
    fffff880`069ed700 fffffa80`06988c1c : fffff8a0`0194d030 fffff8a0`0194d058 fffff8a0`0194bb10 00000000`00000000 : 0xfffffa80`06988c1c
    fffff880`069ed708 fffff8a0`0194d030 : fffff8a0`0194d058 fffff8a0`0194bb10 00000000`00000000 fffff8a0`0194b980 : 0xfffffa80`06988c1c
    fffff880`069ed710 fffff8a0`0194d058 : fffff8a0`0194bb10 00000000`00000000 fffff8a0`0194b980 fffff8a0`0194d060 : 0xfffff8a0`0194d030
    fffff880`069ed718 fffff8a0`0194bb10 : 00000000`00000000 fffff8a0`0194b980 fffff8a0`0194d060 fffff800`0312557e : 0xfffff8a0`0194d058
    fffff880`069ed720 00000000`00000000 : fffff8a0`0194b980 fffff8a0`0194d060 fffff800`0312557e 00000000`00000000 : 0xfffff8a0`0194bb10
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    fwpkclnt!WfpNamedPoolFree+19
    fffff880`01c701a1 48b8faaddbbafaaddbba mov rax,0BADBADFABADBADFAh
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  fwpkclnt!WfpNamedPoolFree+19
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: fwpkclnt
    
    IMAGE_NAME:  fwpkclnt.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79321
    
    FAILURE_BUCKET_ID:  X64_0xc2_7_Fwpp_fwpkclnt!WfpNamedPoolFree+19
    
    BUCKET_ID:  X64_0xc2_7_Fwpp_fwpkclnt!WfpNamedPoolFree+19
    
    Followup: MachineOwner
    ---------
    The stack unwind is not clean. However, we can at least extract that aswrdr2.sys is involved, which is the Avast WFP Redirect Driver. WFP is Windows Filtering Platform, which as described here, is responsible for allowing 3rd party drivers and software to filter network activity. We can tell from the top half of the callstack that Avast driver called into fwpkclnt.sys, which FWP/IPsec Kernel-Mode API driver, to evidently close a filtering session (hence the call to fwpkclnt!FwpmEngineClose+0x42). At this time the IPSec driver is doing cleanup work, including freeing the related named pool memory that it's been using for the session (fwpkclnt!WfpNamedPoolFree+0x19). You can verify this by using !pool on the relevant block of pool (you can determine this by looking at Arg4 of the bugchcek, as well as POOL_ADDRESS in the !analyze -v output):

    Code:
    3: kd> !pool fffffa800c569650
    Pool page fffffa800c569650 region is Nonpaged pool
     fffffa800c569000 size:   90 previous size:    0  (Allocated)  Vad 
     fffffa800c569090 size:   90 previous size:   90  (Allocated)  Vad 
     fffffa800c569120 size:   90 previous size:   90  (Allocated)  Vad 
     fffffa800c5691b0 size:   90 previous size:   90  (Allocated)  Vad 
     fffffa800c569240 size:   c0 previous size:   90  (Allocated)  FMsl
     fffffa800c569300 size:  160 previous size:   c0  (Allocated)  Ntfx
     fffffa800c569460 size:   80 previous size:  160  (Allocated)  Even (Protected)
     fffffa800c5694e0 size:  160 previous size:   80  (Allocated)  Ntfx
    *fffffa800c569640 size:   60 previous size:  160  (Free ) *Fwpp
    		Pooltag Fwpp : Windows Filtering Platform export driver., Binary : fwpkclnt.sys
     fffffa800c5696a0 size:  160 previous size:   60  (Allocated)  Ntfx
     fffffa800c569800 size:  1e0 previous size:  160  (Allocated)  MmCi
     fffffa800c5699e0 size:  220 previous size:  1e0  (Allocated)  MmCi
     fffffa800c569c00 size:   60 previous size:  220  (Allocated)  Icp 
     fffffa800c569c60 size:   80 previous size:   60  (Allocated)  Even (Protected)
     fffffa800c569ce0 size:   20 previous size:   80  (Allocated)  ViMm
     fffffa800c569d00 size:   50 previous size:   20  (Allocated)  VadS
     fffffa800c569d50 size:   90 previous size:   50  (Allocated)  Vad 
     fffffa800c569de0 size:  220 previous size:   90  (Allocated)  MmCi
    As you can tell, it doesn't look like any other driver incidentally freed pool beyond is allocation and ended up freeing Fwpp as well. Everything else is allocated and currently in use, and the adjacent allocations are Ntfx (which is general allocation from Ntfs.sys, of which the name is self-explanatory). So I don't see any ugliness there. This really just looks like either two drivers fighting over the same pool allocation, or Avast did just bug out and attempted to free the pool allocation twice, possibly by attempting to close its filtering session twice. I personally can't tell beyond this. That's why Driver Verifier is helpful.
      My Computer


  3. Posts : 2
    Windows 7 Ultimate x64
    Thread Starter
       #3

    thank you sir! my friend suggested me to install to the beta drivers for my gtx670 301.40, and mentioned that 670 are actually failed 680 cores. that maybe the reason for the artifacting.

    i will try with the new drivers and monitor the situation. if it still crashes i will proceed with the verifier.

    thank you again for the help!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:13.
Find Us