BSOD "Driver_Power_State_Failure"

Discussion in 'ESET Smart Security' started by jlpeifer, Jul 5, 2012.

Thread Status:
Not open for further replies.
  1. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I have a pair of identical Dell laptops running 64-bit, Win7 Pro on which I installed ESET EES v5.0. Within days of installing ESET the systems started experiencing random BSOD problems. I ran debugging tools against the Mini Kernel Dump file that Windows created and found the that the issue is likely related to a Bluetooth driver.

    Here's the problem I have with ESET... these laptops ran absolutely fine up until the installation of ESET. The addition of ESET was the only recent change to the laptops themselves (no other software or hardware had been installed recently). I may be wrong, but it seems that ESET is the offender here.

    I removed ESET completely from one of the laptops. After uninstalling ESET the laptop no longer encountered the BSOD problems.

    Any input would be greatly appreciated. Here's the debug info:

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Documents and Settings\Administrator\Desktop\070512-17019-01.fox.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`0021ac32?
    DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff8a0`01697462?
    DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff800`00ba2730?
    Symbol search path is: srv*
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
    Machine Name:
    Kernel base = 0xfffff800`02c02000 PsLoadedModuleList = 0xfffff800`02e46670
    Debug session time: Thu Jul  5 10:56:49.846 2012 (UTC - 4:00)
    System Uptime: 0 days 0:11:05.628
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................................................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 9F, {3, fffffa8007f04060, fffff80000ba2748, fffffa8008ebb5e0}
    
    Unable to load image \SystemRoot\system32\DRIVERS\btwampfl.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for btwampfl.sys
    *** ERROR: Module load completed but symbols could not be loaded for btwampfl.sys
    Probably caused by : usbhub.sys
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_POWER_STATE_FAILURE (9f)
    A driver is causing an inconsistent power state.
    Arguments:
    Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
    Arg2: fffffa8007f04060, Physical Device Object of the stack
    Arg3: fffff80000ba2748, Functional Device Object of the stack
    Arg4: fffffa8008ebb5e0, The blocked IRP
    
    Debugging Details:
    ------------------
    
    
    DRVPOWERSTATE_SUBCODE:  3
    
    DRIVER_OBJECT: fffffa8006e9e670
    
    IMAGE_NAME:  usbhub.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4d8c0c15
    
    MODULE_NAME: usbhub
    
    FAULTING_MODULE: fffff88006a2d000 usbhub
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x9F
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  2
    
    STACK_TEXT:  
    fffff800`00ba26f8 fffff800`02ceb6c2 : 00000000`0000009f 00000000`00000003 fffffa80`07f04060 fffff800`00ba2748 : nt!KeBugCheckEx
    fffff800`00ba2700 fffff800`02c8be3c : fffff800`00ba2830 fffff800`00ba2830 00000000`00000000 00000000`00000003 : nt! ?? ::FNODOBFM::`string'+0x34050
    fffff800`00ba27a0 fffff800`02c8bcd6 : fffffa80`06970c58 fffffa80`06970c58 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c
    fffff800`00ba2810 fffff800`02c8bbbe : 00000001`8cbed4dc fffff800`00ba2e88 00000000`0000a6ac fffff800`02df7808 : nt!KiProcessExpiredTimerList+0xc6
    fffff800`00ba2e60 fffff800`02c8b9a7 : fffff800`02df3ec4 fffffa80`0000a6ac 00000000`00000000 00000000`000000ac : nt!KiTimerExpiration+0x1be
    fffff800`00ba2f00 fffff800`02c84305 : 00000000`00000000 fffffa80`08c7a060 00000000`00000000 fffff880`04aa2588 : nt!KiRetireDpcList+0x277
    fffff800`00ba2fb0 fffff800`02c8411c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxRetireDpcList+0x5
    fffff880`08d4c410 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    FAILURE_BUCKET_ID:  X64_0x9F_3_IMAGE_usbhub.sys
    
    BUCKET_ID:  X64_0x9F_3_IMAGE_usbhub.sys
    
    Followup: MachineOwner
    ---------
    
    0: kd> lmvm usbhub
    start             end                 module name
    fffff880`06a2d000 fffff880`06a87000   usbhub     (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x86)\sym\usbhub.pdb\353A033184434AEB9C9196D2C276720F1\usbhub.pdb
        Loaded symbol image file: usbhub.sys
        Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\usbhub.sys\4D8C0C155a000\usbhub.sys
        Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
        Image name: usbhub.sys
        Timestamp:        Thu Mar 24 23:29:25 2011 (4D8C0C15)
        CheckSum:         00054F31
        ImageSize:        0005A000
        File version:     6.1.7601.17586
        Product version:  6.1.7601.17586
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     usbhub.sys
        OriginalFilename: usbhub.sys
        ProductVersion:   6.1.7601.17586
        FileVersion:      6.1.7601.17586 (win7sp1_gdr.110324-1501)
        FileDescription:  Default Hub Driver for USB
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    0: kd> !drvobj fffffa8006e9e670 f
    fffff80002e28fb0: Unable to get value of ObpRootDirectoryObject
    fffff80002e28fb0: Unable to get value of ObpRootDirectoryObject
    Driver object (fffffa8006e9e670) is for:
     \Driver\usbhub
    Driver Extension List: (id , addr)
    
    Device Object list:
    fffffa8007f04060  fffffa8007cbb060  fffffa8007b46050  fffffa8007b03050
    fffffa8007a1d060  fffffa8007a13060  fffffa800789d050  fffffa8006e91050
    
    
    DriverEntry:   fffff88006a7a064	usbhub!GsDriverEntry
    DriverStartIo: 00000000	
    DriverUnload:  fffff88006a536d8	usbhub!UsbhDriverUnload
    AddDevice:     00000000	
    
    Dispatch routines:
    [00] IRP_MJ_CREATE                      fffff88006a2ef60	usbhub!UsbhGenDispatch
    [01] IRP_MJ_CREATE_NAMED_PIPE           fffff80002c66100	nt!IopInvalidDeviceRequest
    [02] IRP_MJ_CLOSE                       fffff88006a2ef60	usbhub!UsbhGenDispatch
    [03] IRP_MJ_READ                        fffff80002c66100	nt!IopInvalidDeviceRequest
    [04] IRP_MJ_WRITE                       fffff80002c66100	nt!IopInvalidDeviceRequest
    [05] IRP_MJ_QUERY_INFORMATION           fffff80002c66100	nt!IopInvalidDeviceRequest
    [06] IRP_MJ_SET_INFORMATION             fffff80002c66100	nt!IopInvalidDeviceRequest
    [07] IRP_MJ_QUERY_EA                    fffff80002c66100	nt!IopInvalidDeviceRequest
    [08] IRP_MJ_SET_EA                      fffff80002c66100	nt!IopInvalidDeviceRequest
    [09] IRP_MJ_FLUSH_BUFFERS               fffff80002c66100	nt!IopInvalidDeviceRequest
    [0a] IRP_MJ_QUERY_VOLUME_INFORMATION    fffff80002c66100	nt!IopInvalidDeviceRequest
    [0b] IRP_MJ_SET_VOLUME_INFORMATION      fffff80002c66100	nt!IopInvalidDeviceRequest
    [0c] IRP_MJ_DIRECTORY_CONTROL           fffff80002c66100	nt!IopInvalidDeviceRequest
    [0d] IRP_MJ_FILE_SYSTEM_CONTROL         fffff80002c66100	nt!IopInvalidDeviceRequest
    [0e] IRP_MJ_DEVICE_CONTROL              fffff88006a2ef60	usbhub!UsbhGenDispatch
    [0f] IRP_MJ_INTERNAL_DEVICE_CONTROL     fffff88006a2ef60	usbhub!UsbhGenDispatch
    [10] IRP_MJ_SHUTDOWN                    fffff88006a54540	usbhub!UsbhDeviceShutdown
    [11] IRP_MJ_LOCK_CONTROL                fffff80002c66100	nt!IopInvalidDeviceRequest
    [12] IRP_MJ_CLEANUP                     fffff80002c66100	nt!IopInvalidDeviceRequest
    [13] IRP_MJ_CREATE_MAILSLOT             fffff80002c66100	nt!IopInvalidDeviceRequest
    [14] IRP_MJ_QUERY_SECURITY              fffff80002c66100	nt!IopInvalidDeviceRequest
    [15] IRP_MJ_SET_SECURITY                fffff80002c66100	nt!IopInvalidDeviceRequest
    [16] IRP_MJ_POWER                       fffff88006a2ef60	usbhub!UsbhGenDispatch
    [17] IRP_MJ_SYSTEM_CONTROL              fffff88006a2ef60	usbhub!UsbhGenDispatch
    [18] IRP_MJ_DEVICE_CHANGE               fffff80002c66100	nt!IopInvalidDeviceRequest
    [19] IRP_MJ_QUERY_QUOTA                 fffff80002c66100	nt!IopInvalidDeviceRequest
    [1a] IRP_MJ_SET_QUOTA                   fffff80002c66100	nt!IopInvalidDeviceRequest
    [1b] IRP_MJ_PNP                         fffff88006a2ef60	usbhub!UsbhGenDispatch
    
    0: kd> lmvm usbhub
    start             end                 module name
    fffff880`06a2d000 fffff880`06a87000   usbhub     (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x86)\sym\usbhub.pdb\353A033184434AEB9C9196D2C276720F1\usbhub.pdb
        Loaded symbol image file: usbhub.sys
        Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\usbhub.sys\4D8C0C155a000\usbhub.sys
        Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
        Image name: usbhub.sys
        Timestamp:        Thu Mar 24 23:29:25 2011 (4D8C0C15)
        CheckSum:         00054F31
        ImageSize:        0005A000
        File version:     6.1.7601.17586
        Product version:  6.1.7601.17586
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     usbhub.sys
        OriginalFilename: usbhub.sys
        ProductVersion:   6.1.7601.17586
        FileVersion:      6.1.7601.17586 (win7sp1_gdr.110324-1501)
        FileDescription:  Default Hub Driver for USB
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    ESET Endpoint products have Device control enabled by default currently. Does disabling it and restarting the computer make a difference?
     
  3. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I am using ERAC to manage ESET configuration for workstations on my network. Within the Configuration I see...

    Windows Desktop 5 --> Device Management --> Settings --> System Integration: Yes

    Would changing this to "No" effectively disable device control on the client system?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    A computer restart will be required for the change to take effect.
     
  5. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I disabled Device Control and disabled the Bluetooth device on the laptop itself but the problem recurred. Only uninstalling ESET solved the problem.
     
  6. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    This matter appears to have been resolved with a firmware update.

    For those who may stumble upon this post in the future...
    Systems affected were Dell Inspiron E5200 running Windows 7 Pro, 64-Bit
    The problematic Dell System BIOS version was A02
    An updated to BIOS version A07 seems to have stabilized the systems when running ESET ESS

    Will post back if problems re-appear.
     
  7. joediggity

    joediggity Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    1
    Location:
    USA
    I am having the same issue one of three of the Dell All-in-one compters. They ran fine under ESET 4.0 but when they were upgraded to endpoint 5.0 they all started to BSOD within 5 minutes. I tried upgrading all drivers and firmware but the only fix was to downgrade back to 4.0. Looks like a bug with 5.0 to me...
     
  8. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
    Same BSOD on Lenovo ThinkPad Edge with Windows 7 Pro after upgrade to Endpoint Antivirus 5.0.2122. Disabling Device control helped. Have latest BIOS and drivers.
     
  9. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I'm re-opening this issue as UNRESOLVED and URGENT after encountering BSOD "Driver_Power_State_Failure" error on Dell E5520 laptops that have been fully patched with latest firmware and o/s updates.

    I have collected from the affected system the following:

    - System Information (Start --> Programs --> Accessories --> System --> System Information)
    - MiniDump error log created after latest BSOD
    - ESET SysInspector log

    Since these logs contain proprietary info I prefer not to post them to a public forum. Please provide info on how you'd like to take delivery of this info.

    This problem is now affecting several E5520's within the company. It seems likely (as joediggity noted) that this is a bug within ESET 5.0.

    Please advise.
     
  10. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  11. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    Fairly quick email response from ESET...

    For what it's worth... I felt that I had narrowed this problem down to a Bluetooth driver conflict on the Dell E5520's. I have disabled Bluetooth capabilities on one of the affected workstations at a the BIOS level. The user has not yet reported any subsequent BSODs. I will update this post if that status changes.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    The outcome of !analyze shows that it's a Device control issue and disabling its integration followed by a computer restart must fix it. This will be addressed in the upcoming service build as mentioned above.
     
  13. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I disabled device control on one laptop and it BSOD'd within minutes. I'll try again just to confirm and will repost with result.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Did you actually restart the computer after disabling it?
     
  15. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I think you may have me on that one. I'm not so sure I did.
     
  16. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    I have disabled Device Control on two affected laptops, followed immediately by a reboot, and the problems appear to have ceased. Thanks for the recommendation!
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Glad to hear that. If you don't need to block devices, we'd recommend leaving Device control disabled to minimize the risk of a clash with another driver. This particular issue will be addressed in the upcoming service build that is being worked on and will be released soon.
     
  18. jlpeifer

    jlpeifer Registered Member

    Joined:
    Jul 5, 2012
    Posts:
    14
    Location:
    USA
    That brings up two questions:
    1. Will the service build release be announced somewhere (so I know I can safely re-enable Device Control)?
    2. And this may be a stupid question... but will the service build get updated automatically on my client computers?
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    It will be announced as usual when a new build is available. An announcement will be posted here at Wilders' as well.

    You'll be able to upgrade the clients via the Remote install -> Upgrade Windows Client option.
     
  20. stevedev

    stevedev Registered Member

    Joined:
    Feb 1, 2012
    Posts:
    2
    Just for record, I was also able to replicate the issue on a Dell Latitude E5420 (new as of april of this year) win7 32bit. As stated above -- disabling the Device control feature and rebooting fixed. I had previously upgraded the affected machine from Business Edition 4.2 to Endpoint 5.0. We don't currently employ the Remote Admin.

    A quick question though, as I didn't notice or recall if I had enabled -- but is the feature enabled by default after install?

    Thx all for starting this thread. Lost a day on this one.

    for additional background info, I had 3rd party app WhoCrashed analyze dmp files. And it came up with:
    On Tue 7/31/2012 4:05:55 PM GMT your computer crashed
    crash dump file: C:\Windows\Minidump\073112-11762-01.dmp
    This was probably caused by the following module: ntkrnlpa.exe (nt+0xDEE9C)
    Bugcheck code: 0x9F (0x3, 0xFFFFFFFF86E7E438, 0xFFFFFFFF8078ADB0, 0xFFFFFFFF8801400:cool:
    Error: DRIVER_POWER_STATE_FAILURE
    file path: C:\Windows\system32\ntkrnlpa.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.
     
    Last edited: Jul 31, 2012
  21. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
    Upgrade to EEA 5.0.2126 resolved this BSOD problem.
     
  22. stevedev

    stevedev Registered Member

    Joined:
    Feb 1, 2012
    Posts:
    2
    Yes, discovered upgrade. Wish I had known. Isn't there an alert list for core upgrades?
     
  23. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
  24. lisapaloma

    lisapaloma Registered Member

    Joined:
    Aug 3, 2012
    Posts:
    1
    Location:
    El Salvador
    How can I install this version? The version on my computer is 5.0.2122.14, and since it was installed, when it gets in the mood, it reboots every 10 minutes, although sometimes it works for hours with no problem. This is a new Compac presario CQ1 All-in-One, Windows 7 starter 6.1.7601, s.p. 1. (No problem until ESET installed, currently running in safe mode.)
     
  25. karlisi

    karlisi Registered Member

    Joined:
    Apr 7, 2011
    Posts:
    68
    Location:
    Latvia
    Uncheck device control in ESET options, restart computer, there will be no BSODs after that. Upgrade ESET and you can enable device control after that.
     
Thread Status:
Not open for further replies.