locked
unexpected_kernel_mode_trap avgwfpa.sys RRS feed

  • Question

  • I have two different Win 8.1 machines with the same 4 user profiles.

    One and only one of the profiles keeps crashing just after logon (we get t see the desktop),
    whereafter we get the message "unexpected_kernel_mode_trap avgwfpa.sys"

    I have read the "UNEXPECTED KERNEL MODE TRAP (avgwfpa.sys)", which doesn't match my case with regard to when triggered.

    I have prepared dumps for sharing:

    http://1drv.ms/1kHdNlT

    Best regards

      Jeppe


    • Edited by JeppeJuel Monday, June 16, 2014 6:33 PM Link to dump added.
    Monday, June 16, 2014 5:17 PM

Answers

  • JJ

    *

    Two issues.  AVG, and iAstorA.sys.  I would remove AVG and use the built in defender in its place, and install the newest iAstorA.sys available (even if it is the same date as drivers do become corrupt).  If you have an SSD or hybrid I would also update the firmware.  These DMPS look very much like several that I have just done on Microsoft Community

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\051414-49250-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    OK                                             C:\Users\Ken\Desktop
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: C:\Users\Ken\Desktop
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17041.amd64fre.winblue_gdr.140305-1710
    Machine Name:
    Kernel base = 0xfffff801`4da71000 PsLoadedModuleList = 0xfffff801`4dd3b2d0
    Debug session time: Wed May 14 09:53:22.400 2014 (UTC - 4:00)
    System Uptime: 7 days 17:46:28.164
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........................................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 9F, {3, ffffe000d5603060, ffffd001eb606c80, ffffe000dd8ece10}
    
    Probably caused by : pci.sys
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_POWER_STATE_FAILURE (9f)
    A driver has failed to complete a power IRP within a specific time.
    Arguments:
    Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
    Arg2: ffffe000d5603060, Physical Device Object of the stack
    Arg3: ffffd001eb606c80, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
    Arg4: ffffe000dd8ece10, The blocked IRP
    
    Debugging Details:
    ------------------
    
    
    DRVPOWERSTATE_SUBCODE:  3
    
    IMAGE_NAME:  pci.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  53089439
    
    MODULE_NAME: pci
    
    FAULTING_MODULE: fffff801abf46000 pci
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  0x9F
    
    PROCESS_NAME:  iexplore.exe
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    DPC_STACK_BASE:  FFFFD001EB606FB0
    
    STACK_TEXT:  
    ffffd001`eb606c48 fffff801`4dc6dc1e : 00000000`0000009f 00000000`00000003 ffffe000`d5603060 ffffd001`eb606c80 : nt!KeBugCheckEx
    ffffd001`eb606c50 fffff801`4dc6db3e : ffffe000`d8426450 00000000`00000000 ffffe000`d8426490 ffffe000`d84264c8 : nt!PopIrpWatchdogBugcheck+0xde
    ffffd001`eb606cb0 fffff801`4daca810 : 00000000`00000000 00000000`00000001 ffffd001`e6bd5180 ffffe000`00000002 : nt!PopIrpWatchdog+0x32
    ffffd001`eb606d00 fffff801`4dbc80d5 : 00000000`00000000 ffffd001`e6bd5180 ffffe000`d4c00800 00000000`02a8aed8 : nt!KiRetireDpcList+0x4f0
    ffffd001`eb606fb0 fffff801`4dbc7ed9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxRetireDpcList+0x5
    ffffd001`fe6ebac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_VERSION:  6.3.9600.17031
    
    FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
    
    BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x9f_3_power_down_iastora_image_pci.sys
    
    FAILURE_ID_HASH:  {7d15649d-af9d-aeb2-1222-6fa8a2b3c912}
    
    Followup: MachineOwner
    ---------
    
    3: kd> !irp ffffe000dd8ece10
    Irp is active with 4 stacks 3 is current (= 0xffffe000dd8ecf70)
     No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
         cmd  flg cl Device   File     Completion-Context
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
    			Args: 00000000 00000000 00000000 00000000
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
    			Args: 00000000 00000000 00000000 00000000
    >[ 16, 2]   0 e1 ffffe000d575a050 00000000 fffff8014db8f2d8-ffffe000d8c40840 Success Error Cancel pending
    	      *** WARNING: Unable to verify timestamp for iaStorA.sys
    *** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
     \Driver\iaStorA	nt!PopRequestCompletion
    			Args: 00014400 00000001 00000004 00000002
     [  0, 0]   0  0 00000000 00000000 00000000-ffffe000d8c40840    
    
    			Args: 00000000 00000000 00000000 00000000
    

    .


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by ZigZag3143x Thursday, June 19, 2014 12:50 PM
    Monday, June 16, 2014 6:45 PM

All replies

  • We do need the actual DMP file as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  
    We prefer at least 2 DMP files to spot trends and confirm the cause.

    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask

    If you are using Blue screen view, who crashed, or a similar application, don't.  They are wrong at least as often as they are correct

    Wanikiya and Dyami--Team Zigzag

    Monday, June 16, 2014 6:13 PM
  • Link added

    http://1drv.ms/1kHdNlT

    Monday, June 16, 2014 6:33 PM
  • JJ

    *

    Two issues.  AVG, and iAstorA.sys.  I would remove AVG and use the built in defender in its place, and install the newest iAstorA.sys available (even if it is the same date as drivers do become corrupt).  If you have an SSD or hybrid I would also update the firmware.  These DMPS look very much like several that I have just done on Microsoft Community

    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\Ken\Desktop\051414-49250-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    OK                                             C:\Users\Ken\Desktop
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: C:\Users\Ken\Desktop
    Windows 8 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17041.amd64fre.winblue_gdr.140305-1710
    Machine Name:
    Kernel base = 0xfffff801`4da71000 PsLoadedModuleList = 0xfffff801`4dd3b2d0
    Debug session time: Wed May 14 09:53:22.400 2014 (UTC - 4:00)
    System Uptime: 7 days 17:46:28.164
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........................................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 9F, {3, ffffe000d5603060, ffffd001eb606c80, ffffe000dd8ece10}
    
    Probably caused by : pci.sys
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_POWER_STATE_FAILURE (9f)
    A driver has failed to complete a power IRP within a specific time.
    Arguments:
    Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
    Arg2: ffffe000d5603060, Physical Device Object of the stack
    Arg3: ffffd001eb606c80, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
    Arg4: ffffe000dd8ece10, The blocked IRP
    
    Debugging Details:
    ------------------
    
    
    DRVPOWERSTATE_SUBCODE:  3
    
    IMAGE_NAME:  pci.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  53089439
    
    MODULE_NAME: pci
    
    FAULTING_MODULE: fffff801abf46000 pci
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
    
    BUGCHECK_STR:  0x9F
    
    PROCESS_NAME:  iexplore.exe
    
    CURRENT_IRQL:  2
    
    ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
    
    DPC_STACK_BASE:  FFFFD001EB606FB0
    
    STACK_TEXT:  
    ffffd001`eb606c48 fffff801`4dc6dc1e : 00000000`0000009f 00000000`00000003 ffffe000`d5603060 ffffd001`eb606c80 : nt!KeBugCheckEx
    ffffd001`eb606c50 fffff801`4dc6db3e : ffffe000`d8426450 00000000`00000000 ffffe000`d8426490 ffffe000`d84264c8 : nt!PopIrpWatchdogBugcheck+0xde
    ffffd001`eb606cb0 fffff801`4daca810 : 00000000`00000000 00000000`00000001 ffffd001`e6bd5180 ffffe000`00000002 : nt!PopIrpWatchdog+0x32
    ffffd001`eb606d00 fffff801`4dbc80d5 : 00000000`00000000 ffffd001`e6bd5180 ffffe000`d4c00800 00000000`02a8aed8 : nt!KiRetireDpcList+0x4f0
    ffffd001`eb606fb0 fffff801`4dbc7ed9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxRetireDpcList+0x5
    ffffd001`fe6ebac0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_VERSION:  6.3.9600.17031
    
    FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
    
    BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x9f_3_power_down_iastora_image_pci.sys
    
    FAILURE_ID_HASH:  {7d15649d-af9d-aeb2-1222-6fa8a2b3c912}
    
    Followup: MachineOwner
    ---------
    
    3: kd> !irp ffffe000dd8ece10
    Irp is active with 4 stacks 3 is current (= 0xffffe000dd8ecf70)
     No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  
         cmd  flg cl Device   File     Completion-Context
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
    			Args: 00000000 00000000 00000000 00000000
     [  0, 0]   0  0 00000000 00000000 00000000-00000000    
    
    			Args: 00000000 00000000 00000000 00000000
    >[ 16, 2]   0 e1 ffffe000d575a050 00000000 fffff8014db8f2d8-ffffe000d8c40840 Success Error Cancel pending
    	      *** WARNING: Unable to verify timestamp for iaStorA.sys
    *** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
     \Driver\iaStorA	nt!PopRequestCompletion
    			Args: 00014400 00000001 00000004 00000002
     [  0, 0]   0  0 00000000 00000000 00000000-ffffe000d8c40840    
    
    			Args: 00000000 00000000 00000000 00000000
    

    .


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by ZigZag3143x Thursday, June 19, 2014 12:50 PM
    Monday, June 16, 2014 6:45 PM
  • I have two different Win 8.1 machines with the same 4 user profiles.

    One and only one of the profiles keeps crashing just after logon (we get t see the desktop),
    whereafter we get the message "unexpected_kernel_mode_trap avgwfpa.sys"

    I have read the "UNEXPECTED KERNEL MODE TRAP (avgwfpa.sys)", which doesn't match my case with regard to when triggered.

    I have prepared dumps for sharing:

    http://1drv.ms/1kHdNlT

    Best regards

      Jeppe


    The same for me!

    I have a SHUTTLE pc with three NON-SSD disks, and till 3 weeks ago all was ok.

    Now on my son's profile, monitored with family safety i have same problem.

    Today I added my son's profile in my laptop with a brand new SSD disk, and when profile was synchronized BSOD started with same statement UNEXPECTED_KERNEL_MODE_TRAP (avgwfpa.sys).

    Without avg installed locally on pc or laptop, BSOD is not raised.

    Any help?

    Thanks in advance

    Monday, July 7, 2014 4:53 PM
  • I have encountered something very similar on two systems here. Both systems came down with this problem on the same day. I believe this was first triggered, in these cases, by Windows updates; I didn't make a note of the date of this but I believe this was in either May or June 2014.

    In both cases, the system crash out with "UNEXPECTED KERNEL MODE TRAP (avgwfpa.sys)" immediately after login to a profile that is monitored with family safety (different users on the two machines). I have been searching for a fix and, having come across this thread today, I have changed the account settings to disable family safety. The account now logs in without the crash.

    It looks to me like an in issue between AVG, family safety and whatever changed in the Windows update.

    I hope this helps others facing this issue.

    N.

    Sunday, July 20, 2014 5:12 PM