Help with BSOD

I'm not sure if I should post in this forum or somewhere else, but here was suggested by someone else so if not just let me know and I'll move this thread. I just got a BSOD and I'm not sure how to analyze it. Here is the startup of the debugging tools after I open the .dmp file.

Code:

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Machine Name:
Kernel base = 0xfffff800`03400000 PsLoadedModuleList = 0xfffff800`03644670
Debug session time: Thu Mar 28 22:33:53.852 2013 (UTC - 7:00)
System Uptime: 0 days 4:58:42.788
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd5018).  Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad0073, fffff880131c4168, fffff880131c39c0, fffff88004aa6a3a}

Probably caused by : rdbss.sys ( rdbss!RxPurgeAllFobxs+ea )

Followup: MachineOwner
---------

And here is the !analyze -v command output

Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

RDR_FILE_SYSTEM (27)
    If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
    exception record and context record. Do a .cxr on the 3rd parameter and then kb to
    obtain a more informative stack trace.
    The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
    as follows:
     RDBSS_BUG_CHECK_CACHESUP  = 0xca550000,
     RDBSS_BUG_CHECK_CLEANUP   = 0xc1ee0000,
     RDBSS_BUG_CHECK_CLOSE     = 0xc10e0000,
     RDBSS_BUG_CHECK_NTEXCEPT  = 0xbaad0000,
Arguments:
Arg1: 00000000baad0073
Arg2: fffff880131c4168
Arg3: fffff880131c39c0
Arg4: fffff88004aa6a3a

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff880131c4168 -- (.exr 0xfffff880131c4168)
ExceptionAddress: fffff88004aa6a3a (rdbss!RxPurgeAllFobxs+0x00000000000000ea)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT:  fffff880131c39c0 -- (.cxr 0xfffff880131c39c0)
rax=0000000000000000 rbx=fffff88004a8b110 rcx=fffffa80161509c0
rdx=fffff8a01aa80568 rsi=fffff8a01ab10010 rdi=fffff8a01aa80568
rip=fffff88004aa6a3a rsp=fffff880131c43a0 rbp=fffffa80137aa868
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=fffff800035f1e80 r12=fffffa80161509c0 r13=fffffa80143ac9f0
r14=fffffa80137aa2b8 r15=fffff88004a8b110
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
rdbss!RxPurgeAllFobxs+0xea:
fffff880`04aa6a3a 488b7010        mov     rsi,qword ptr [rax+10h] ds:002b:00000000`00000010=????????????????
Resetting default scope

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000010

READ_ADDRESS:  0000000000000010 

FOLLOWUP_IP: 
rdbss!RxPurgeAllFobxs+ea
fffff880`04aa6a3a 488b7010        mov     rsi,qword ptr [rax+10h]

FAULTING_IP: 
rdbss!RxPurgeAllFobxs+ea
fffff880`04aa6a3a 488b7010        mov     rsi,qword ptr [rax+10h]

BUGCHECK_STR:  0x27

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff88004aa6e9a to fffff88004aa6a3a

STACK_TEXT:  
fffff880`131c43a0 fffff880`04aa6e9a : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000024 : rdbss!RxPurgeAllFobxs+0xea
fffff880`131c4450 fffff880`056ffa3c : fffffa80`143ac9f0 fffffa80`1254be10 fffff8a0`00000000 fffff800`03431114 : rdbss!RxFinalizeConnection+0xca
fffff880`131c4520 fffff880`05717c00 : fffff8a0`150754e0 fffffa80`15b449c0 00000000`00000000 00000000`c0000010 : mrxsmb!SmbShellDeleteConnection+0xf8
fffff880`131c4560 fffff880`056f715e : fffffa80`0e5bae5c fffffa80`15b4490d fffff880`131cec23 fffffa80`162c6010 : mrxsmb!MRxSmbDevFcbXXXControlFile+0x274
fffff880`131c45c0 fffff880`04aa72e5 : fffffa80`15b449c0 fffff880`04a72037 fffffa80`137aa040 00000000`01000100 : mrxsmb!SmbShellDevFcbXXXControlFile+0xe
fffff880`131c45f0 fffff880`04aa7437 : fffffa80`162c6170 00000000`001401ac 00000000`00000000 00000000`00000000 : rdbss!RxXXXControlFileCallthru+0xcd
fffff880`131c4620 fffff880`04a74684 : 00000000`00000000 fffff880`131c46c0 fffffa80`15b449c0 00000000`00000000 : rdbss!RxCommonDevFCBFsCtl+0x11b
fffff880`131c4680 fffff880`04a91b44 : fffffa80`162c6010 fffffa80`137aa00d 00000000`131c47e0 fffff8a0`00000000 : rdbss!RxFsdCommonDispatch+0x870
fffff880`131c4770 fffff880`057152cc : fffffa80`162c6010 fffff880`131c47e0 fffffa80`162c6170 fffffa80`137aa040 : rdbss!RxFsdDispatch+0x224
fffff880`131c47e0 fffff880`019ec271 : fffffa80`159d8350 fffffa80`162c6010 fffffa80`15f793e0 fffff8a0`00372c40 : mrxsmb!MRxSmbFsdDispatch+0xc0
fffff880`131c4820 fffff880`019ea138 : fffff8a0`00372c40 fffffa80`159d8350 00000000`00000001 00000000`00000000 : mup!MupiCallUncProvider+0x161
fffff880`131c4890 fffff880`019eb9e3 : fffffa80`162c6010 fffff880`131c4960 fffffa80`16263d30 00000000`00000000 : mup!MupStateMachine+0x128
fffff880`131c48e0 fffff880`0159fbcf : fffffa80`162c61b8 fffffa80`159d8350 fffff880`131c4900 00000000`0000000d : mup!MupFsControl+0x7f
fffff880`131c4920 fffff880`015bf95e : fffffa80`0f59fb30 fffffa80`15f9e200 fffffa80`0f59fb00 fffffa80`162c6010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`131c49b0 fffff800`03794b57 : fffffa80`15f9e200 fffff880`131c4ca0 fffffa80`162c6200 fffffa80`162c6010 : fltmgr!FltpFsControl+0xee
fffff880`131c4a10 fffff800`03752892 : fffffa80`137ed730 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`131c4b40 fffff800`03474ed3 : fffffa80`137ed730 00000000`00000001 fffffa80`0efb8060 fffff800`03770734 : nt!NtFsControlFile+0x56
fffff880`131c4bb0 00000000`776a16aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`1282e7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776a16aa


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  rdbss!RxPurgeAllFobxs+ea

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME:  rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79497

STACK_COMMAND:  .cxr 0xfffff880131c39c0 ; kb

FAILURE_BUCKET_ID:  X64_0x27_rdbss!RxPurgeAllFobxs+ea

BUCKET_ID:  X64_0x27_rdbss!RxPurgeAllFobxs+ea

Followup: MachineOwner
---------

If I need to run any more commands to give any more information just let me know and I'll post the results.

Thanks!
Kyle

 

The problem reports you have indicate an error in the "File Object Extensions" (fobx) of RDBSS that is run as a Windows Service (svchost): http://msdn.microsoft.com/en-us/library/windows/hardware/ff556813(v=vs.85).aspx

The module within RDBSS is attempting to dereference a null pointer, i.e., looking at a memory location that hasn't been set-up and causes an access violation.

The above suggests that a file system driver is at fault when attempting to purge all the file object extensions.

Are you up-to date with drivers (as well as other MS Windows 7 x64 updates) and that there are no driver errors listed in the device manager?

What disk drives and file systems are you using?

 

I should be up-to-date with all drivers, I'll have to wait until I'm home to respond with exactly what drives I'm using.

I actually have been deugging a "different" problem for days now. I have the EDGE Boost Pro SSD http://www.edgememory.com/ssds.aspx along with dataplex software. With that installed (it works great most of the time) my system every other boot will hang, not a BSOD, just hangs and stops responding. I have been working with them for days getting my system set up for debugging but can't get any useful infomraiton from it. I ended up for now uninstalling the dataplex software that I believe to be the issue to run for a few days and see if that's what was causing it, then a day after I uninstalled it, I get this BSOD which is the firs time with this system that I've ever had a BSOD in the three years I've owned it.

I'll respond later with the actual drive types if needed. I assume by file system you mean NTFS/FAT32? I have one main hard drive that is NTFS, the only other drive is the SSD drive from EDGE that the dataplex software would use as a cache, though it's plugged in still now but not being used with that software uninstalled. I'm not sure what they format it to, though I believe it's also NTFS.

 

Thanks for the response! That shouldn't be it though because I haven't added any new devices in the past few months except for this SSD drive and caching software.

 

OK, this seems to be the crux of the BSOD that you observed. The Windows 7 OS (RDBSS) seems to have obtained some leftover from the SSD/Dataplex configuration following uninstallation of Dataplex and has caused RDBSS to be confused.

Have you followed the Dataplex diagnostics at: http://www.nvelo.com/support/dataplex/help/what-do-error-messages-1003-1004-1005-mean

Further information on Dataplex support can be found at http://www.nvelo.com/support/dataplex/help

 

Now it would be appropriate for you Maxwell (with a signature such as above) to solve this malfunctionary riddle of leftovers I suppose...