How to read a Windows 10 BSOD mini dump analysis

windows windows-10 minidump
jeff porter picture jeff porter · Mar 30, 2016 · Viewed 20k times · Source

I'm hoping someone here can help.

I have a new Windows 10 machine (all parts by EVGA).

I get random BSOD, so I've grabbed a mini dump, installed the SDK and looked into it. I just don't understand what it is reporting.

Can someone point me in the direction of a guide, or decode this mini dump. Note : Each dump looks very similar. e.g. almost the same report from 'irp'

Here is the dump....

Microsoft (R) Windows Debugger Version 10.0.10586.567 X86 Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\033016-4718-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.162.amd64fre.th2_release_sec.160223-1728 Machine Name: Kernel base = 0xfffff8018d674000 PsLoadedModuleList = 0xfffff8018d952cd0 Debug session time: Wed Mar 30 18:15:33.639 2016 (UTC + 1:00) System Uptime: 0 days 2:47:26.264 Loading Kernel Symbols .

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols.

.............................................................. ................................................................ ................................ Loading User Symbols Loading unloaded module list .............

  • *
  • Bugcheck Analysis *
  • *

Use !analyze -v to get detailed debugging information.

BugCheck 9F, {3, ffffe000935ea880, fffff8018f25a890, ffffe00092718bd0}

Probably caused by : ACPI.sys

Followup: MachineOwner

0: kd> !analyze -v

  • *
  • Bugcheck Analysis *
  • *

DRIVER_POWER_STATE_FAILURE (9f) A driver has failed to complete a power IRP within a specific time. Arguments: Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time Arg2: ffffe000935ea880, Physical Device Object of the stack Arg3: fffff8018f25a890, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack Arg4: ffffe00092718bd0, The blocked IRP

Debugging Details:

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10586.162.amd64fre.th2_release_sec.160223-1728

SYSTEM_MANUFACTURER: EVGA INTERNATIONAL CO.,LTD

SYSTEM_PRODUCT_NAME: Default string

SYSTEM_SKU: Default string

SYSTEM_VERSION: Default string

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: 1.07

BIOS_DATE: 01/04/2016

BASEBOARD_MANUFACTURER: EVGA INTERNATIONAL CO.,LTD

BASEBOARD_PRODUCT: 111-SS-E172

BASEBOARD_VERSION: 1.0

DUMP_TYPE: 2

DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump

BUGCHECK_P1: 3

BUGCHECK_P2: ffffe000935ea880

BUGCHECK_P3: fffff8018f25a890

BUGCHECK_P4: ffffe00092718bd0

DRVPOWERSTATE_SUBCODE: 3

IMAGE_NAME: ACPI.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 56cbf9c9

MODULE_NAME: ACPI

FAULTING_MODULE: fffff800d5de0000 ACPI

CPU_COUNT: 8

CPU_MHZ: d50

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 33'00000000 (cache) 33'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x9F

PROCESS_NAME: System

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: Q-PC

ANALYSIS_SESSION_TIME: 03-30-2016 20:04:47.0460

ANALYSIS_VERSION: 10.0.10586.567 x86fre

STACK_TEXT:
fffff8018f25a858 fffff8018d854e42 : 000000000000009f 0000000000000003 ffffe000935ea880 fffff8018f25a890 : nt!KeBugCheckEx fffff8018f25a860 fffff8018d854d62 : ffffe00096133010 fffff8018f252070 0000000000000000 fffff8018d73e0a6 : nt!PopIrpWatchdogBugcheck+0xde fffff8018f25a8c0 fffff8018d6e22c6 : ffffe00096133048 fffff8018f25aa10 0000000000000001 0000000000000002 : nt!PopIrpWatchdog+0x32 fffff8018f25a910 fffff8018d7b951a : 0000000000000000 fffff8018d991180 fffff8018da07740 ffffe00096723800 : nt!KiRetireDpcList+0x5f6 fffff8018f25ab60 0000000000000000 : fffff8018f25b000 fffff8018f254000 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x5a

STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 81a7ba75a791115b4f55c8910c64a260d525502e

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 936d5c51c0ad2157bf4c85af575dd55cea2c0947

THREAD_SHA1_HASH_MOD: f08ac56120cad14894587db086f77ce277bfae84

FOLLOWUP_NAME: MachineOwner

IMAGE_VERSION: 10.0.10586.122

FAILURE_BUCKET_ID: 0x9F_3_POWER_DOWN_i8042prt_IMAGE_ACPI.sys

BUCKET_ID: 0x9F_3_POWER_DOWN_i8042prt_IMAGE_ACPI.sys

PRIMARY_PROBLEM_CLASS: 0x9F_3_POWER_DOWN_i8042prt_IMAGE_ACPI.sys

TARGET_TIME: 2016-03-30T17:15:33.000Z

OSBUILD: 10586

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-02-24 05:48:00

BUILDDATESTAMP_STR: 160223-1728

BUILDLAB_STR: th2_release_sec

BUILDOSVER_STR: 10.0.10586.162.amd64fre.th2_release_sec.160223-1728

ANALYSIS_SESSION_ELAPSED_TIME: 3d7

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x9f_3_power_down_i8042prt_image_acpi.sys

FAILURE_ID_HASH: {22a3ff34-49ca-8d37-715b-ae023b6cc9fb}

Followup: MachineOwner

0: kd> !irp ffffe00092718bd0 Irp is active with 8 stacks 6 is current (= 0xffffe00092718e08) No Mdl: No System Buffer: Thread 00000000: Irp stack trace. Pending has been returned cmd flg cl Device File Completion-Context [N/A(0), N/A(0)] 0 0 00000000 00000000 00000000-00000000 

        Args: 00000000 00000000 00000000 00000000

[N/A(0), N/A(0)] 0 0 00000000 00000000 00000000-00000000 

        Args: 00000000 00000000 00000000 00000000

[N/A(0), N/A(0)] 0 0 00000000 00000000 00000000-00000000 

        Args: 00000000 00000000 00000000 00000000

[N/A(0), N/A(0)] 0 0 00000000 00000000 00000000-00000000 

        Args: 00000000 00000000 00000000 00000000

[IRP_MJ_POWER(16), IRP_MN_WAIT_WAKE(0)] 0 0 ffffe000935ea880 00000000 fffff800d6a81ec0-00000000
\Driver\ACPI i8042prt!I8xPowerUpToD0Complete Args: 00000000 00000000 00000000 00000002

[IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)] 0 e1 ffffe00093f936f0 00000000 fffff800d6ab1060-00000000 Success Error Cancel pending \Driver\i8042prt kbdclass!KeyboardClassPowerComplete Args: 00051100 00000001 00000001 00000002 [IRP_MJ_POWER(16), IRP_MN_SET_POWER(2)] 0 e1 ffffe00093dc95f0 00000000 fffff8018d7840b8-ffffe00096133010 Success Error Cancel pending \Driver\kbdclass nt!PopRequestCompletion Args: 00051100 00000001 00000001 00000002 [N/A(0), N/A(0)] 0 0 00000000 00000000 00000000-ffffe00096133010 

        Args: 00000000 00000000 00000000 00000000

I'm also adding a BlueScreen screen shot, incase that helps.

bluescreen

Now adding output from some extra commands after Martins comments...

0: kd> !devstack ffffe000935ea880
  !DevObj           !DrvObj            !DevExt           ObjectName
  ffffe00093dc95f0  \Driver\kbdclass   ffffe00093dc9740  InfoMask field not found for _OBJECT_HEADER at ffffe00093dc95c0

  ffffe00093f936f0  \Driver\i8042prt   ffffe00093f93840  InfoMask field not found for _OBJECT_HEADER at ffffe00093f936c0

> ffffe000935ea880  \Driver\ACPI       ffffe000923fa8d0  Cannot read info offset from nt!ObpInfoMaskToOffset

!DevNode ffffe000935d6af0 :
  DeviceInst is "ACPI\PNP0303\0"
  ServiceName is "i8042prt"




!process 0 7
**** NT ACTIVE PROCESS DUMP ****
GetPointerFromAddress: unable to read from fffff8018d9f3200
Error in reading nt!_EPROCESS at 0000000000000000




0: kd> !poaction
PopAction: fffff8018d94efe0
  State..........: 0 - Idle
  Updates........: 0 
  Action.........: None
  Lightest State.: Unspecified
  Flags..........: 10000003 QueryApps|UIAllowed
  Irp minor......: ??
  System State...: Unspecified
  Hiber Context..: 0000000000000000

Allocated power irps (PopIrpList - fffff8018d94f4f0)
  IRP: ffffe00092718bd0 (set/D0,), PDO: ffffe000935ea880, CURRENT: ffffe00093f936f0
  IRP: ffffe000971aa990

Irp worker threads (PopIrpThreadList - fffff8018d94e100)
  THREAD: ffffe00091515040 (static)
  THREAD: ffffe00091501800 (static)

Error resolving nt!_POP_CURRENT_BROADCAST...

Summary: Error was caused by my 10 year old Razor mouse with Windows 10. The driver when entering power save state was freaking out and causing the blue screen.

I purchased a new mouse, removed the driver & 2 months in no more BSOD.

Answer

Martin picture Martin · Mar 30, 2016

I usually use BlueScreenView by Nirsoft. It will get you a list of last BSOD and will show a nice view of the components. "Normally" the first mentioned component could be the reason.

Not sure, if you are looking for a solution on a specific problem or the minidump usage in general. Some driver got problems with power state change. Make sure, you have the current Drivers installed.

Related questions

IIS Manager in Windows 10

How do you open IIS (Internet Information Services) Manager using Windows 10? I have installed the developer preview of Windows 10 and can't seem to find IIS Manager? It is not in Control Panel > Administrative Tools. When I browse to the …

Read More
Bridged networking not working in Virtualbox under Windows 10

I just upgraded my laptop from Windows 7 to Windows 10 and found that I am unable to start Virtualbox VMs configured with a bridged adapter. See the configuration below:

Read More
How can I auto-elevate my batch file, so that it requests from UAC administrator rights if required?

I want my batch file to only run elevated. If not elevated, provide an option for the user to relaunch batch as elevated. I'm writing a batch file to set a system variable, copy two files to a Program Files …

Read More