Question BSOD - DPC Watchdog Violation - Unable to create dump

[BrotherJay]

As per usual, nothing ever comes my way easily.

- Ran driver verifier with the same settings and selections as before.
- BSOD right as I got to the windows login screen
- BSOD's continued until I used a restore point to break free.

- 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION
- Counter stayed at 0% for all BSOD's and would not write dump

-------------

- Ran driver verifier again with same settings and attempted to boot into safe mode
- Safe mode boot worked
- Reboot resulted in the same BSOD as mentioned in above section

 

[ubuysa]

The problem there is a bad driver that's loaded at boot. That it's fine in Safe Mode indicates that the bad driver is a third-party driver (which are not loaded in Safe Mode). Now you have to locate the bad driver...

To do that boot Windows in Clean Mode. Initially disable all third-party services and auto-start items to be certain that it will boot without a BSOD. Then you need to enable selected services to determine what makes it BSOD. I would first leave all auto-start items (in Task Manager Startup) disabled and work just with services (in msconfig). You could try a binary serach technique here; so you enable half of the services and reboot, if it BSODs the problem is in the half you enabled, if it doesn't BSOD the problem is in the half you left disabled. Focus now on the half where the problem lies and enable half of those, then reboot. By halving the group where the problem lies you can quickly drill down to the bad service.

If you end up enabling all services and it won't BSOD then move to the auto-start items and use the same binary search technique there.

Let us know how you get on with that.

 

[BrotherJay]

First, let me just take a moment to thank you for all your help so far. I am 100% certain I would not be digging through this mess without your help. So - THANK YOU!

Now, on to the update...
- I intentionally took a left turn before booting into clean mode and I deleted a bunch of stuff that was in that startup in the hopes that I might stumble upon the issue ahead of time, or at the least save myself some time by eliminating the options. This didn't fix anything, but while doing it I found that my logitech software for my mouse was.. umm.. QUITE out of date. So, that got fixed.
- next up was the clean boot. disabled everything the guide told me to and... I was still getting a BSOD as I arrived at the windows login screen. For some odd reason the AMD Adrenaline software was still showing up in the tray, even though it was disabled in the startup.

- I was getting a little pissed at this point so I took a little trek into DDU and yoinked out the display drivers. Still BSODing. I then went back into DDU and used the WIP Realtek driver removal section to get rid of anything realtek and... VOILA! Able to get into normal windows without any BSOD's.

- With verifier still running I re-installed my display drivers and reboot tested. Still good.

- I then went in and for $hits and giggles I restored everything I had disabled for the clean boot and tested again. Still no problems. Reinstalled the sound drivers and tested again - still working fine.

- Noticed during all this that Gigabyte had released a new MB bios update, so I disable verifier and did the bios update. All remained good.

Note: None of those BSOD's resulted in a dump, and all were of the "0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION" variety.


I have the next 2 days off so I plan on running driver verifier for much of that to see if there are any other surprises waiting for me.

I will let you know how that goes.

 

[ubuysa]

That sounds pretty encouraging. I don't recommend that sort of scatter-gun troubleshooting, it rarely leads to a satisfactory outcome - IE. one where we know what the cause was - but I do understand the urgency in getting to a stable system.

There is rarely much benefit in running with Driver Verifier enabled for more than 48 hours. They key thing when you have Driver Verifier enabled is to use every app, every device, every feature, that you can. Driver Verifier can only check drivers as they are loaded, so you need to ensure that every driver you have installed is loaded at some point - by using every app/device/feature.

It is concerning that the 0xC4 BSODs appear to not be writing dumps. That negates the whole purpose of Driver Verifier - because the answers are in the dumps. In order for dumps to be written all of the following must be true...

• The page file must be on the same drive as your operating system
• Set page file to "system managed"
• Set system crash/recovery options to "Automatic memory dump"
• Overwrite any existing file box must be checked
• The dump file location must be %SystemRoot%\MEMORY.DMP
• Windows Error Reporting (WER) system service should be set to MANUAL
• User account control must be running

In addition, the following can also prevent you seeing dumps...

• SSD drives with older firmware do not create dumps (update the drive firmware)
• Cleaner applications like Ccleaner delete dump files, so don't run them until you are fixed
• Bad RAM may prevent the data from being saved and written to a file on reboot, so if all else fails test your RAM

 

[BrotherJay]

Overwrite was not checked but everything else was set correctly

 

[BrotherJay]

As I have been re-installing some of the stuff that I removed I have created a new BSOD with an error code not from your list.... and it kicked out dumps

- Reinstalled NordVPN with default settings and rebooted the machine
- Nord is the last thing to load up and about 5 seconds after I see the icon in the tray I get this BSOD
- IRQL NOT LESS OR EQUAL
- After reboot the exact same thing happens at the same time
- 3rd reboot and I waited for the icon to appear in my taskbar and immediately closed Nord when the icon showed up. This seems to have broken the loop. Allowing me time to do this post and get the dump files.

Here are the dump files from both crashes

1st crash - https://www.dropbox.com/scl/fi/jj4k...ey=t80obezshzipopaplgerwwrmc&st=kdmeq67z&dl=0

2nd crash - https://www.dropbox.com/scl/fi/vb2n...ey=5i2e14vvvzg1tsryozzvhz40f&st=0yx1b834&dl=0

I will continue to update this post as more happens.

 

[CodeConnoisseur]

As I have been re-installing some of the stuff that I removed I have created a new BSOD with an error code not from your list.... and it kicked out dumps

- Reinstalled NordVPN with default settings and rebooted the machine
- Nord is the last thing to load up and about 5 seconds after I see the icon in the tray I get this BSOD
- IRQL NOT LESS OR EQUAL
- After reboot the exact same thing happens at the same time
- 3rd reboot and I waited for the icon to appear in my taskbar and immediately closed Nord when the icon showed up. This seems to have broken the loop. Allowing me time to do this post and get the dump files.

Here are the dump files from both crashes

1st crash - https://www.dropbox.com/scl/fi/jj4k...ey=t80obezshzipopaplgerwwrmc&st=kdmeq67z&dl=0

2nd crash - https://www.dropbox.com/scl/fi/vb2n...ey=5i2e14vvvzg1tsryozzvhz40f&st=0yx1b834&dl=0

I will continue to update this post as more happens.

Both logs do indeed point to NDivert.sys, a NordVPN driver. Keep fighting the good fight soldier!

 

[BrotherJay]

@ CodeConnoisseur - o7

- Rebooted to confirm that Nord fully loading would cause BSOD - it did
- Rebooted and closed the Nord icon as I did before to break the loop. Loop seemed broken.
- Ran Revo to remove nord fully; as soon as the Nord uninstaller loaded I got another new BSOD, also not from your list. Blessed with a dump this time as well.
- Rebooted again but this time I did a shift restart to get into safe mode where I Revo uninstalled Nord. This post made possible due to Nords removal.

BSOD Error this time - PAGE FAULT IN NONPAGED AREA
- and the dump file created https://www.dropbox.com/scl/fi/0p72...ey=sjsp0w9h4n0g7i1v0xfj4t00q&st=n07gdnbl&dl=0

 

[BrotherJay]

- Re-installed Nord, but this time I did not use it's default settings (which included having nord auto-connect after boot)
- System stable until connection with VPN was attempted which resulted in the same BSOD as above when it was going it's inital loads.

So I know the driver in Nord that is being a dik is something that is activated only when connecting to the VPN.

----------------------------

- Installed AMD Adrenalin software and rebooted
- BSOD upon login screen - dump created
- Error type - DRIVER_VERIFIER_DETECTED_VIOLATION
- and this latest dump https://www.dropbox.com/scl/fi/j1x3...ey=wu3d2177qh5l0mgjzo00srj3m&st=u9mv158m&dl=0

 

[ubuysa]

The earlier two 0xA BSODs do indeed appear to be down to the NDivert.sys driver. The version you have installed is dated June 2022. However, in my copy of NordVPN the NDivert.sys driver has the same date. There does appear to be a problem with yoiur NordVPN installation however, I would fully uninstall it and reboot to confirm that all is well without it. Then you can download a new copy and do a clean install of NordVPN.

The latest dump, the 0xC4 Driver Verifier detected BSOD, is failing AMDRyzenMasterDriver.sys - a component of Adrenalin. What the driver did wrong was to neglect to free all its pool allocations prior to unloading.

I don't believe in having several different problems at the same time, there is likely to be a common connection between them. I know you've tested RAM with Memtest86 but the gold standard RAM test is to remove one stick and run with just 16GB for a week or two to confirm that the remaining stick doesn't BSOD (or that it does of course). Ensure that the remaining RAM stick is in the correct slot for just one stick. After a week or two swap the sticks over and run on just the other for another week or two.

RAM is the most likely common denominator here and it's important to be 100% confident that both sticks are good. Removing one stick is the only guaranteed way to do that.