Question BSOD when playing Warzone DRIVER_IRQL_NOT_LESS_OR_EQUAL

May 13, 2020
4
0
10
0
I'm getting a BSOD (DRIVER_IRQL_NOT_LESS_OR_EQUAL) when I play COD Warzone. I usually get one BSOD per hour.

What I tried:
Driver verifier: BSOD on startup => "logi audio surround.sys" There seems to be a problem with this driver.
But I don't know if the ingame crashes are related to this issue.
With Driver verifier enabled, I couldnt get passed the booting phase, so I didn't have the chance to run the game to try get a BSOD.
PC Boots normally again with driver verifier turned off.

Below I posted 2 dumps: One of the game crash, one of the Logitech BSOD on startup with Driver Verifier enabled.
I also uploaded the mini dumps here.


Normal dump when game crashes

Loading Dump File 051020-16562-01.dmp
Mini Kernel Dump File: Only registers and stack trace are available
Path validation summary *
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff80107a08000 PsLoadedModuleList = 0xfffff80107e50150
Debug session time: Sun May 10 22:06:36.185 2020 (UTC + 2:00)
System Uptime: 0 days 8:46:21.516
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff80107bca390 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffa0188d5f090=000000000000000a
2: kd> !analyze -v
***
  • *
  • Bugcheck Analysis *
  • *
***

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff80187bd179e, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff80187bd179e, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 1

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-LJGAJ30

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 3

Key : Analysis.Memory.CommitPeak.Mb
Value: 72

Key : Analysis.System
Value: CreateObject


ADDITIONAL_XML: 1

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: d1

BUGCHECK_P1: fffff80187bd179e

BUGCHECK_P2: 2

BUGCHECK_P3: 8

BUGCHECK_P4: fffff80187bd179e

READ_ADDRESS: fffff80107f7b3b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80107e323c8: Unable to get Flags value from nt!KdVersionBlock
fffff80107e323c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
fffff80187bd179e

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: Battle.net.exe

TRAP_FRAME: fffffa0188d5f1d0 -- (.trap 0xfffffa0188d5f1d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000cb9000 rbx=0000000000000000 rcx=00000000c0000100
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80187bd179e rsp=fffffa0188d5f360 rbp=000024efb59bbfff
r8=00000000000000d0 r9=0000000000000000 r10=fffff80928f815a0
r11=ffffc609849b4080 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
fffff80187bd179e ?? ???
Resetting default scope

FAILED_INSTRUCTION_ADDRESS:
+0
fffff801
87bd179e ?? ???

STACK_TEXT:
fffffa0188d5f088 fffff80107bdc1e9 : 000000000000000a fffff80187bd179e 0000000000000002 0000000000000008 : nt!KeBugCheckEx
fffffa0188d5f090 fffff80107bd8529 : ffff910197d84180 fffff801084c237b 0000000000000000 000000000000076a : nt!KiBugCheckDispatch+0x69
fffffa0188d5f1d0 fffff80187bd179e : fffff80105ea1180 0000000000000000 fffff80107f99400 fffff80107bd1116 : nt!KiPageFault+0x469
fffffa0188d5f360 fffff80105ea1180 : 0000000000000000 fffff80107f99400 fffff80107bd1116 0000000000000010 : 0xfffff80187bd179e
fffffa01
88d5f368 0000000000000000 : fffff80107f99400 fffff80107bd1116 0000000000000010 0000000000040200 : 0xfffff80105ea1180


SYMBOL_NAME: nt!KiPageFault+469

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.18362.815

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 469

FAILURE_BUCKET_ID: AV_CODE_AV_BAD_IP_nt!KiPageFault

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {73cd60cc-83fa-6b76-df08-1961c31d7403}

Followup: MachineOwner
---------

Dump of BSOD on startup with Driver Verifier enabled

Path validation summary *
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff8045d6b8000 PsLoadedModuleList = 0xfffff8045db00150
Debug session time: Wed May 13 13:19:20.736 2020 (UTC + 2:00)
System Uptime: 0 days 0:00:11.416
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.....
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff8045d87a390 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffe9814393f420=00000000000000c4
10: kd> !analyze -v
***
  • *
  • Bugcheck Analysis *
  • *
***

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff802e9786473, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 00000000324c5044, Pool Tag (if provided).

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 1

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-LJGAJ30

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 1

Key : Analysis.Memory.CommitPeak.Mb
Value: 69

Key : Analysis.System
Value: CreateObject


ADDITIONAL_XML: 1

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: c4

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff802e9786473

BUGCHECK_P3: 0

BUGCHECK_P4: 324c5044

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

STACK_TEXT:
ffffe9814393f418 fffff8045e0286e3 : 00000000000000c4 0000000000002000 fffff802e9786473 0000000000000000 : nt!KeBugCheckEx
ffffe9814393f420 fffff8045d9e1c9b : fffff8045dae5878 0000000000002000 fffff802e9786473 0000000000000000 : nt!VerifierBugCheckIfAppropriate+0xdf
ffffe9814393f460 fffff8045e01fb98 : 00000000324c5044 fffff8045dae5878 fffff802e9786473 0000000000000000 : nt!VfReportIssueWithOptions+0x103
ffffe9814393f4b0 fffff8045e03863a : 0000000000000000 0000000000000001 0000000000000018 ffffe9814393f550 : nt!VfCheckPoolType+0x90
ffffe9814393f4f0 fffff802e9786473 : 0000000000000000 0000000000000005 0000000000000000 fffff802e97863f0 : nt!VerifierExInitializeNPagedLookasideList+0x5a
ffffe9814393f570 0000000000000000 : 0000000000000005 0000000000000000 fffff802e97863f0 0000000000000018 : logi_audio_surround+0x6473


SYMBOL_NAME: logi_audio_surround+6473

MODULE_NAME: logi_audio_surround

IMAGE_NAME: logi_audio_surround.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 6473

FAILURE_BUCKET_ID: 0xc4_2000_logi_audio_surround!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {11e623ce-dfdf-0535-997f-db5cda3a3590}

Followup: MachineOwner
---------
 
Last edited:
May 13, 2020
4
0
10
0
New dump file from yesterdays crash:



* Path validation summary **
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff80466a00000 PsLoadedModuleList = 0xfffff80466e48150
Debug session time: Thu May 14 22:03:31.513 2020 (UTC + 2:00)
System Uptime: 0 days 11:06:36.155
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff80466bc2390 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffac01acf76560=000000000000000a
3: kd> !analyze -v
***
  • *
  • Bugcheck Analysis *
  • *
***

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000032000, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 000000000000005d, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80466b16221, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 1

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-LJGAJ30

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 18

Key : Analysis.Memory.CommitPeak.Mb
Value: 77

Key : Analysis.System
Value: CreateObject


ADDITIONAL_XML: 1

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: a

BUGCHECK_P1: 32000

BUGCHECK_P2: ff

BUGCHECK_P3: 5d

BUGCHECK_P4: fffff80466b16221

WRITE_ADDRESS: fffff80466f733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff80466e2a3c8: Unable to get Flags value from nt!KdVersionBlock
fffff80466e2a3c8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
0000000000032000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: SearchUI.exe

TRAP_FRAME: ffffac01acf766a0 -- (.trap 0xffffac01acf766a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000032000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffbe8f4f0d58d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80466b16221 rsp=ffffac01acf76830 rbp=83850f3333486833
r8=ffffbe8f4f0d58a0 r9=0000000000000003 r10=0000000000000000
r11=ffff81000eb57180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!KiEndThreadAccountingPeriod+0x121:
fffff80466b16221 0000 add byte ptr [rax],al ds:0000000000032000=??
Resetting default scope

MISALIGNED_IP:
nt!KiEndThreadAccountingPeriod+121
fffff80466b16221 0000 add byte ptr [rax],al

STACK_TEXT:
ffffac01
acf76558 fffff80466bd41e9 : 000000000000000a 0000000000032000 00000000000000ff 000000000000005d : nt!KeBugCheckEx
ffffac01
acf76560 fffff80466bd0529 : ffffbe8f4a3d7290 ffffac01acf767b9 ffffac01acf767b9 fffff80400000000 : nt!KiBugCheckDispatch+0x69
ffffac01
acf766a0 fffff80466b16221 : 0000000000000000 0000000000000000 0000000000000000 ffff81000eb57180 : nt!KiPageFault+0x469
ffffac01
acf76830 fffff80466b1451f : ffff81000eb57180 000000000000000b ffffbe8f4de3a1d8 0000000000000000 : nt!KiEndThreadAccountingPeriod+0x121
ffffac01
acf76860 fffff80466b13f04 : ffffbe8f4f0d5080 ffffffffffffffff ffffac01acf76a20 fffff80466b0bc44 : nt!KiSwapThread+0x9f
ffffac01
acf76900 fffff80466ade7a7 : 0000000000000000 0000000000000000 ffffac01acf76b00 0000000000000000 : nt!KiCommitThreadWait+0x144
ffffac01
acf769a0 fffff80467090659 : 0000000000000004 ffffac01acf76af0 ffffbe8f4de3a190 0000000000000000 : nt!KeWaitForMultipleObjects+0x287
ffffac01
acf76ab0 ffffe86c393623ad : 0000000000000000 ffffbe8f4a3d67f0 ffffe82b84070620 fffff80466d6f019 : nt!ObWaitForMultipleObjects+0x2a9
ffffac01
acf76fb0 ffffe86c39215951 : 0000000000000003 ffffe82b867a00f0 00000000ffffffff 0000000000001cff : win32kfull!xxxMsgWaitForMultipleObjectsEx+0xd9
ffffac01
acf77060 fffff80466bd3c15 : ffffbe8f4f0d5080 0000009c35fff3b8 00000000ffffffff ffffd28700001cff : win32kfull!NtUserMsgWaitForMultipleObjectsEx+0x3c1
ffffac01
acf77990 00007ffc95cf9a84 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
0000009c
35fff398 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffc95cf9a84


SYMBOL_NAME: win32kfull!xxxMsgWaitForMultipleObjectsEx+d9

MODULE_NAME: hardware

IMAGE_NAME: hardware

IMAGE_VERSION: 10.0.18362.815

STACK_COMMAND: .thread ; .cxr ; kb

FAILURE_BUCKET_ID: IP_MISALIGNED

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {201b0e5d-db2a-63d2-77be-8ce8ff234750}

Followup: MachineOwner
---------
 

ASK THE COMMUNITY

TRENDING THREADS