[SOLVED] "IRQL_NOT_LESS_OR_EQUAL" BSOD (minidumps attached) ?

[MLX001]

I am having a problem with my computer, and the blue screen error code from Microsoft is IRQL_NOT_LESS_OR_EQUAL. I have tried upgrading my graphics card/AMD driver, updating the WIFI driver, replacing the SSD, and running RAM tests without any issues. However, even after reinstalling the operating system, the blue screen error still persists. Here are some of the different error messages I have encountered. Could you please help me take a look at them? Thank you.
dump file 1
dump file 2
dump file 3
dump file 4

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffffffa838904, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80009e74e10, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2093

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 57155

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 202

    Key  : Analysis.Init.Elapsed.mSec
    Value: 14162

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 87

    Key  : Bugcheck.Code.DumpHeader
    Value: 0xa

    Key  : Bugcheck.Code.Register
    Value: 0xa

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-06T12:50:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.1


FILE_IN_CAB:  022423-9328-01.dmp

BUGCHECK_CODE:  a

BUGCHECK_P1: fffffffffa838904

BUGCHECK_P2: ff

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80009e74e10

READ_ADDRESS: fffff8000a91c468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
fffffffffa838904

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

TRAP_FRAME:  ffffba80c6dd3180 -- (.trap 0xffffba80c6dd3180)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffffffffffff8 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff80009c00000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80009e74e10 rsp=ffffba80c6dd3318 rbp=fffff800066e3180
r8=ffffba80c6dd37e0  r9=ffffba80c6dd37e0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl nz na pe nc
nt!KiSearchForNewThreadOnSubNode:
fffff800`09e74e10 48895c2410      mov     qword ptr [rsp+10h],rbx ss:0018:ffffba80`c6dd3328=0000000000000000
Resetting default scope

STACK_TEXT: 
ffffba80`c6dd3038 fffff800`0a033fa9     : 00000000`0000000a ffffffff`fa838904 00000000`000000ff 00000000`00000000 : nt!KeBugCheckEx
ffffba80`c6dd3040 fffff800`0a02fee8     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffba80`c6dd3180 fffff800`09e74e10     : ffffba80`c6dd3620 ffffaa80`2bfe3180 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x468
ffffba80`c6dd3318 ffffba80`c6dd3620     : ffffaa80`2bfe3180 00000000`00000000 00000000`00000000 fffff800`0a94c6c0 : nt!KiSearchForNewThreadOnSubNode
ffffba80`c6dd3320 ffffaa80`2bfe3180     : 00000000`00000000 00000000`00000000 fffff800`0a94c6c0 fffff800`066e3180 : 0xffffba80`c6dd3620
ffffba80`c6dd3328 00000000`00000000     : 00000000`00000000 fffff800`0a94c6c0 fffff800`066e3180 00000000`00000000 : 0xffffaa80`2bfe3180


SYMBOL_NAME:  nt!KiSearchForNewThreadOnSubNode+0

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.22621.525

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  0

FAILURE_BUCKET_ID:  AV_nt!KiSearchForNewThreadOnSubNode

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {34c9066a-6b1d-6254-2bf5-5d8feebcea65}

Followup:     MachineOwner
---------

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000001, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80077a1eb0a, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2405

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 18088

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 202

    Key  : Analysis.Init.Elapsed.mSec
    Value: 9146

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 98

    Key  : Bugcheck.Code.DumpHeader
    Value: 0xa

    Key  : Bugcheck.Code.Register
    Value: 0xa

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-06T12:50:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.1


FILE_IN_CAB:  022523-11812-01.dmp

BUGCHECK_CODE:  a

BUGCHECK_P1: 1

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80077a1eb0a

READ_ADDRESS: fffff8007851c468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000001

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  explorer.exe

TRAP_FRAME:  ffffb1061b740a90 -- (.trap 0xffffb1061b740a90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000001e1 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80077a1eb0a rsp=ffffb1061b740c20 rbp=ffffb1061b740d90
r8=0000000000000000  r9=ffffb1061b740fc0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!KiSearchForNewThreadOnProcessor+0x8ba:
fffff800`77a1eb0a 6833d2e81e      push    1EE8D233h
Resetting default scope

MISALIGNED_IP:
nt!KiSearchForNewThreadOnProcessor+8ba
fffff800`77a1eb0a 6833d2e81e      push    1EE8D233h

STACK_TEXT: 
ffffb106`1b740948 fffff800`77c3e2a9     : 00000000`0000000a 00000000`00000001 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb106`1b740950 fffff800`77c39934     : 00000000`00000000 00000000`00000000 00000000`00000001 00000400`00000000 : nt!KiBugCheckDispatch+0x69
ffffb106`1b740a90 fffff800`77a1eb0a     : ffffb106`00000002 ffffa10a`00000000 00000000`00000000 00000000`0000000c : nt!KiPageFault+0x474
ffffb106`1b740c20 00000000`00000000     : 00000000`00000000 00000000`00000000 ffff4df4`ed093d22 00000000`00000000 : nt!KiSearchForNewThreadOnProcessor+0x8ba


SYMBOL_NAME:  nt!KiSearchForNewThreadOnProcessor+8ba

IMAGE_VERSION:  10.0.22621.1265

STACK_COMMAND:  .cxr; .ecxr ; kb

MODULE_NAME: AuthenticAMD

IMAGE_NAME:  AuthenticAMD.sys

FAILURE_BUCKET_ID:  IP_MISALIGNED_AuthenticAMD.sys

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {716d112a-8330-4bbb-160c-ec98297019d2}

Followup:     MachineOwner
---------

---------

 

[Fix_that_Glitch]

Have you tried using one stick of ram at a time? To rule out a bad stick? I know you did a memtest but this can still be a definitive troubleshooter. Do you have anything plugged into usb ports other than keyboard, mouse haeadphone? Is bios up to date? Cpu overclocked /underclocked at all?

 

[MLX001]

Have you tried using one stick of ram at a time? To rule out a bad stick? I know you did a memtest but this can still be a definitive troubleshooter. Do you have anything plugged into usb ports other than keyboard, mouse haeadphone? Is bios up to date? Cpu overclocked /underclocked at all?

later I will try to use only one RAM stick to see if the issue persists. Also, I haven't overclocked/underclocked the CPU, and the BIOS is the latest version provided by the manufacturer. In addition to the mouse and keyboard, there is a USB hub connected to the USB interface, and an external screen is connected via HDMI.

 

[MLX001]

Have you tried using one stick of ram at a time? To rule out a bad stick? I know you did a memtest but this can still be a definitive troubleshooter. Do you have anything plugged into usb ports other than keyboard, mouse haeadphone? Is bios up to date? Cpu overclocked /underclocked at all?

have also run stress tests on the CPU/GPU for 30 minutes, and there were no issues. The BSOD does not occur during gaming (at least not yet).

 

[Fix_that_Glitch]

Have you tried running- DISM.exe /Online /Cleanup-Image /RestoreHealth

 

[MLX001]

Have you tried running- DISM.exe /Online /Cleanup-Image /RestoreHealth

I have tried many fixes, chkdsk to repair the hard drive, sfc and dism commands to repair the system, but unfortunately the problem still happens.

 

[johnbl]

best guess with out proof would be this driver is corrupting kernel memory:
\system32\drivers\adgnetworkwfpdrv.sys Fri Oct 21 04:56:51 2022
this driver belongs to Adguard WFP network driver
I would uninstall the adgauard software and see if it helps.
-------------------------

note: sometimes old versions of network drivers cause programs that depend on them to fail.

note: not sure what
\System32\drivers\wtd.sys
does. infoin debugger seems incorrect.


====================
just from the text It looks like something is corrupting kernel memory and causing some random driver to crash.
in these cases, 80 to 90 percent of the time the driver will corrupt some other kernel process data and 10 to 20 percent of the time it corrupts its own data.

so you either have to look at a lot of memory dumps or start using debugging methods (verifier.exe)


==========

I will take a quick look at the dumps to see if I can see a likely suspect.
it will take a few minutes.

bugcheck #3
invalid kernel call from some valid kernel address.
most likely this driver caused all of the failures. I can not see the diver name.
since it failed on the windows side of the call.


bugcheck #2
bogus memory address used, stack overflow in timer routine, no symbols on raw stack.
system uptime 44 minutes
------------
bugcheck #4
ip alignment fault
memory address used
0000000000000001, memory referenced
System Uptime: 0 days 2:13:17.667

------------
bugcheck 1:
nt!KeInsertQueueApc+
alignment fault running system process
bogus memory address used
0000000000000070, memory referenced
System Uptime: 0 days 0:05:00.959

no modified windows files:
BIOS Version N.1.05MRO06
BIOS Starting Address Segment f000
BIOS Release Date 04/20/2021
Manufacturer MECHREVO
Product Name Jiaolong Series GM5NG0O
Product GM5NG0O
Chassis Type Notebook
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 10f8600fffb8b17
Processor Version AMD Ryzen 7 4800H with Radeon Graphics
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 4300MHz
Current Speed 2900MHz

 

[MLX001]

best guess with out proof would be this driver is corrupting kernel memory:
\system32\drivers\adgnetworkwfpdrv.sys Fri Oct 21 04:56:51 2022
this driver belongs to Adguard WFP network driver
I would uninstall the adgauard software and see if it helps.
-------------------------

note: sometimes old versions of network drivers cause programs that depend on them to fail.

note: not sure what
\System32\drivers\wtd.sys
does. infoin debugger seems incorrect.


====================
just from the text It looks like something is corrupting kernel memory and causing some random driver to crash.
in these cases, 80 to 90 percent of the time the driver will corrupt some other kernel process data and 10 to 20 percent of the time it corrupts its own data.

so you either have to look at a lot of memory dumps or start using debugging methods (verifier.exe)


==========

I will take a quick look at the dumps to see if I can see a likely suspect.
it will take a few minutes.

bugcheck #3
invalid kernel call from some valid kernel address.
most likely this driver caused all of the failures. I can not see the diver name.
since it failed on the windows side of the call.


bugcheck #2
bogus memory address used, stack overflow in timer routine, no symbols on raw stack.
system uptime 44 minutes
------------
bugcheck #4
ip alignment fault
memory address used
0000000000000001, memory referenced
System Uptime: 0 days 2:13:17.667

------------
bugcheck 1:
nt!KeInsertQueueApc+
alignment fault running system process
bogus memory address used
0000000000000070, memory referenced
System Uptime: 0 days 0:05:00.959

no modified windows files:
BIOS Version N.1.05MRO06
BIOS Starting Address Segment f000
BIOS Release Date 04/20/2021
Manufacturer MECHREVO
Product Name Jiaolong Series GM5NG0O
Product GM5NG0O
Chassis Type Notebook
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 10f8600fffb8b17
Processor Version AMD Ryzen 7 4800H with Radeon Graphics
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 4300MHz
Current Speed 2900MHz

Thank you for your hard work, I will uninstall AdGuard in my free time to see if this issue comes up again, and I will come back to consult if it does.

 

[MLX001]

best guess with out proof would be this driver is corrupting kernel memory:
\system32\drivers\adgnetworkwfpdrv.sys Fri Oct 21 04:56:51 2022
this driver belongs to Adguard WFP network driver
I would uninstall the adgauard software and see if it helps.
-------------------------

note: sometimes old versions of network drivers cause programs that depend on them to fail.

note: not sure what
\System32\drivers\wtd.sys
does. infoin debugger seems incorrect.


====================
just from the text It looks like something is corrupting kernel memory and causing some random driver to crash.
in these cases, 80 to 90 percent of the time the driver will corrupt some other kernel process data and 10 to 20 percent of the time it corrupts its own data.

so you either have to look at a lot of memory dumps or start using debugging methods (verifier.exe)


==========

I will take a quick look at the dumps to see if I can see a likely suspect.
it will take a few minutes.

bugcheck #3
invalid kernel call from some valid kernel address.
most likely this driver caused all of the failures. I can not see the diver name.
since it failed on the windows side of the call.


bugcheck #2
bogus memory address used, stack overflow in timer routine, no symbols on raw stack.
system uptime 44 minutes
------------
bugcheck #4
ip alignment fault
memory address used
0000000000000001, memory referenced
System Uptime: 0 days 2:13:17.667

------------
bugcheck 1:
nt!KeInsertQueueApc+
alignment fault running system process
bogus memory address used
0000000000000070, memory referenced
System Uptime: 0 days 0:05:00.959

no modified windows files:
BIOS Version N.1.05MRO06
BIOS Starting Address Segment f000
BIOS Release Date 04/20/2021
Manufacturer MECHREVO
Product Name Jiaolong Series GM5NG0O
Product GM5NG0O
Chassis Type Notebook
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 10f8600fffb8b17
Processor Version AMD Ryzen 7 4800H with Radeon Graphics
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 4300MHz
Current Speed 2900MHz

I tried to turn off the WFP driver in adguard after enabling Microsoft verify
I found that the error DRIVER_VERIFIER_DETECTED_VIOLATION (c4) was caused by the file adgnetworktdidrv.sys through a superficial analysis of the dump, so I uninstalled adguard completely. In order to troubleshoot other problems, I selected all items in Microsoft verify to verify all drivers, and got another error SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e), which was caused by RtsUer.sys.
It is worth mentioning that every time I perform Microsoft verify all verification, it will cause me to be unable to enter the system, Windows 11 also can not be automatically repaired, can only use the last time the system restore to enter the system.
Using Microsoft verify standard mode verification, I can enter the system normally.

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
A new error appears in SYSTEM_ SERVICE_ EXCEPTION (3b)

This is his dump file

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, BugChecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000002000, Code Integrity Issue: The caller specified an executable pool type. (Expected: NonPagedPoolNx)
Arg2: fffff8050c131032, The address in the driver's code where the error was detected.
Arg3: 0000000000000000, Pool Type.
Arg4: 0000000000000000, Pool Tag (if provided).

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1624

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 2507

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 218

    Key  : Analysis.Init.Elapsed.mSec
    Value: 50553

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 82

    Key  : Bugcheck.Code.DumpHeader
    Value: 0xc4

    Key  : Bugcheck.Code.Register
    Value: 0xc4

    Key  : Dump.Attributes.AsUlong
    Value: 1008

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 0


FILE_IN_CAB:  022623-8000-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
  Kernel Generated Triage Dump

BUGCHECK_CODE:  c4

BUGCHECK_P1: 2000

BUGCHECK_P2: fffff8050c131032

BUGCHECK_P3: 0

BUGCHECK_P4: 0

BLACKBOXNTFS: 1 (!blackboxntfs)


CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

STACK_TEXT:
ffffa40f`03806398 fffff800`0fcd63c1     : 00000000`000000c4 00000000`00002000 fffff805`0c131032 00000000`00000000 : nt!KeBugCheckEx
ffffa40f`038063a0 fffff800`0f7d7f22     : fffff800`0fe27bb8 00000000`00002000 fffff805`0c131032 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x14d
ffffa40f`03806440 fffff800`0fccc970     : 00000000`00000000 fffff800`0fe27bb8 fffff805`0c131032 00000000`00000001 : nt!VfReportIssueWithOptions+0x102
ffffa40f`03806490 fffff800`0fcc905e     : 00000000`00000000 00000000`32544c46 00000000`00000000 00000000`00000040 : nt!VfCheckPoolType+0x90
ffffa40f`038064d0 fffff805`0c131032     : 00000000`00000bcb ffffa40f`038068b0 00000000`00005e60 00000000`00000bcb : nt!VerifierExAllocatePoolWithTag+0x9e
ffffa40f`03806530 00000000`00000bcb     : ffffa40f`038068b0 00000000`00005e60 00000000`00000bcb ffffb688`3b9fa000 : adgnetworktdidrv+0x1032
ffffa40f`03806538 ffffa40f`038068b0     : 00000000`00005e60 00000000`00000bcb ffffb688`3b9fa000 fffff805`0c1388ca : 0xbcb
ffffa40f`03806540 00000000`00005e60     : 00000000`00000bcb ffffb688`3b9fa000 fffff805`0c1388ca 00000000`00000bcb : 0xffffa40f`038068b0
ffffa40f`03806548 00000000`00000bcb     : ffffb688`3b9fa000 fffff805`0c1388ca 00000000`00000bcb 00000000`00000000 : 0x5e60
ffffa40f`03806550 ffffb688`3b9fa000     : fffff805`0c1388ca 00000000`00000bcb 00000000`00000000 ffffa40f`038068b0 : 0xbcb
ffffa40f`03806558 fffff805`0c1388ca     : 00000000`00000bcb 00000000`00000000 ffffa40f`038068b0 00000000`00001001 : 0xffffb688`3b9fa000
ffffa40f`03806560 00000000`00000bcb     : 00000000`00000000 ffffa40f`038068b0 00000000`00001001 006e0067`00640061 : adgnetworktdidrv+0x88ca
ffffa40f`03806568 00000000`00000000     : ffffa40f`038068b0 00000000`00001001 006e0067`00640061 006f0077`00740065 : 0xbcb


SYMBOL_NAME:  adgnetworktdidrv+1032

MODULE_NAME: adgnetworktdidrv

IMAGE_NAME:  adgnetworktdidrv.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  1032

FAILURE_BUCKET_ID:  0xc4_2000_adgnetworktdidrv!unknown_function

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {338f67af-abd4-a9ae-b142-8613d6800895}

Followup:     MachineOwner
---------

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common BugCheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800358ef9c6, The address that the exception occurred at
Arg3: ffffdb0600d29778, Exception Record Address
Arg4: ffffdb0600d28f90, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : AV.Dereference
    Value: NullPtr

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 2999

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 82452

    Key  : Analysis.IO.Other.Mb
    Value: 4

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 11

    Key  : Analysis.Init.CPU.mSec
    Value: 171

    Key  : Analysis.Init.Elapsed.mSec
    Value: 4652

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 99

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x1000007e

    Key  : Bugcheck.Code.Register
    Value: 0x7e

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-06T12:50:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.1


FILE_IN_CAB:  022623-10640-01.dmp

BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff800358ef9c6

BUGCHECK_P3: ffffdb0600d29778

BUGCHECK_P4: ffffdb0600d28f90

EXCEPTION_RECORD:  ffffdb0600d29778 -- (.exr 0xffffdb0600d29778)
ExceptionAddress: fffff800358ef9c6 (nt!ExGetHeapFromVA+0x00000000000000b6)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000

CONTEXT:  ffffdb0600d28f90 -- (.cxr 0xffffdb0600d28f90)
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000016
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffc70182ce5350
rip=fffff800358ef9c6 rsp=ffffdb0600d299b0 rbp=0000000000000000
r8=0000000000000000  r9=0000000000000000 r10=00000000ffffffff
r11=ffffdb0600d29a10 r12=0000000000000006 r13=ffffdb0600d29b38
r14=00000000000000c4 r15=ffffc70182ce57e0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00050286
nt!ExGetHeapFromVA+0xb6:
fffff800`358ef9c6 488b00          mov     rax,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

READ_ADDRESS: fffff80036337468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000000

ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p            0x%p                    %s

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_STR:  0xc0000005

STACK_TEXT: 
ffffdb06`00d299b0 fffff800`35c17de1     : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`6a0f472c : nt!ExGetHeapFromVA+0xb6
ffffdb06`00d299f0 fffff800`360f1e50     : 00000000`00000000 00000000`00000000 00000000`00000000 ffffc701`82ce5350 : nt!ExIsSpecialPoolAddress+0x9
ffffdb06`00d29a20 fffff800`360ca11a     : 00000000`00000000 00000000`00000000 ffffc701`82ce5350 ffffc701`668fd7b0 : nt!ExFreePoolSanityChecks+0x64
ffffdb06`00d29a60 fffff800`6a0f532d     : ffffc701`82ce5350 00000000`00000010 00000000`00000000 ffffc701`82ce5350 : nt!VerifierExFreePool+0x2a
ffffdb06`00d29a90 ffffc701`82ce5350     : 00000000`00000010 00000000`00000000 ffffc701`82ce5350 00000000`00000000 : RtsUer+0x1532d
ffffdb06`00d29a98 00000000`00000010     : 00000000`00000000 ffffc701`82ce5350 00000000`00000000 ffffdb06`00d29b10 : 0xffffc701`82ce5350
ffffdb06`00d29aa0 00000000`00000000     : ffffc701`82ce5350 00000000`00000000 ffffdb06`00d29b10 00000000`00000000 : 0x10


SYMBOL_NAME:  RtsUer+1532d

MODULE_NAME: RtsUer

IMAGE_NAME:  RtsUer.sys

STACK_COMMAND:  .cxr 0xffffdb0600d28f90 ; kb

BUCKET_ID_FUNC_OFFSET:  1532d

FAILURE_BUCKET_ID:  AV_VRF_RtsUer!unknown_function

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {25412827-8e09-ed70-2a25-02019e297269}

Followup:     MachineOwner
---------

SYSTEM_SERVICE_EXCEPTION (3b)
nt!KeBugCheckEx:
fffff802`61628c50 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff802`67940fb0=000000000000003b
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the BugCheck
Arg2: fffff802614cc184, Address of the instruction which caused the BugCheck
Arg3: fffff80267941900, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2609

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 14305

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 1

    Key  : Analysis.Init.CPU.mSec
    Value: 125

    Key  : Analysis.Init.Elapsed.mSec
    Value: 5840

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 92

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x3b

    Key  : Bugcheck.Code.Register
    Value: 0x3b

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-06T12:50:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.1


FILE_IN_CAB:  022623-12890-01.dmp

BUGCHECK_CODE:  3b

BUGCHECK_P1: c000001d

BUGCHECK_P2: fffff802614cc184

BUGCHECK_P3: fffff80267941900

BUGCHECK_P4: 0

CONTEXT:  fffff80267941900 -- (.cxr 0xfffff80267941900)
rax=000000000000007a rbx=ffffd806fea58080 rcx=0000000000081f7a
rdx=ffffd806fe52d158 rsi=fffff8025f911180 rdi=0000000000000002
rip=fffff802614cc184 rsp=ffffbd83212df5f0 rbp=0000000000000001
 r8=0000000000000002  r9=0000000000000000 r10=0000000000000001
r11=ffffd806fea581c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=ffffd806fea58180
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050246
nt!KiCommitThreadWait+0x144:
fffff802`614cc184 c4              ???
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  msedgewebview2.exe

MISALIGNED_IP:
nt!KiCommitThreadWait+144
fffff802`614cc184 c4              ???

STACK_TEXT:  
ffffbd83`212df5f0 fffff802`614ce7c6     : 00000000`00000000 00000000`00000001 00000000`0000007a 00000020`7debf7a3 : nt!KiCommitThreadWait+0x144
ffffbd83`212df6a0 fffff802`618da15c     : ffffd807`051bd0c0 ffffd807`01c19de0 00000000`00000000 ffffbd83`212dfb01 : nt!KeWaitForSingleObject+0x256
ffffbd83`212dfa40 fffff802`618da07b     : ffffd806`fea58080 000000c9`fc1ff798 00000000`00000000 00000000`00000630 : nt!ObWaitForSingleObject+0xcc
ffffbd83`212dfaa0 fffff802`6163d9e8     : 00000000`00000000 00000000`0000000e ffffbd83`212dfaf8 ffffffff`fffe7960 : nt!NtWaitForSingleObject+0x6b
ffffbd83`212dfae0 00007ffe`a2c8ee84     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000c9`fc1ff768 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`a2c8ee84


SYMBOL_NAME:  nt!KiCommitThreadWait+144

IMAGE_VERSION:  10.0.22621.1265

STACK_COMMAND:  .cxr 0xfffff80267941900 ; kb

MODULE_NAME: AuthenticAMD

IMAGE_NAME:  AuthenticAMD.sys

FAILURE_BUCKET_ID:  IP_MISALIGNED_AuthenticAMD.sys

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {716d112a-8330-4bbb-160c-ec98297019d2}

Followup:     MachineOwner
---------

 

[MLX001]

My Realtek driver version is 6.0.9111.1, dated 2021/1/26, which is automatically installed by the system.

 

[MLX001]

It's frustrating that every time one problem is eliminated, new problems will appear

 

[Fix_that_Glitch]

In settings for adguard do you see a box next to a choice to use WPI settings? If you do select that and see if anything changes.

 

[MLX001]

In settings for adguard do you see a box next to a choice to use WPI settings? If you do select that and see if anything changes.

I tried to turn off WPI settings, but the problem still occurred, so I completely uninstalled adguard. Unfortunately, the system is still BSOD

 

[Fix_that_Glitch]

What is your pc build? Never mind I see the info in the dump file.

 

[MLX001]

What is your pc build?

Processor AMD Ryzen 7 4800H with Radeon Graphics 2.90 GHz
RAM 16.0 GB
Version Windows 11 Professional
Version 22H2
Installation date 2023/2/24
Operating system version 22621.1265
Experience Windows Feature Experience Pack 1000.22638.1000.0

 

[Fix_that_Glitch]

later I will try to use only one RAM stick to see if the issue persists. Also, I haven't overclocked/underclocked the CPU, and the BIOS is the latest version provided by the manufacturer. In addition to the mouse and keyboard, there is a USB hub connected to the USB interface, and an external screen is connected via HDMI.

What is plugged into the usb hub?

 

[MLX001]

What is plugged into the usb hub?

A device used to expand the USB interface, making one USB into one that can plug in multiple USB.

 

[Fix_that_Glitch]

If you go into event viewer, and try to find the service exception detected line. See if it lists a driver.

 

[MLX001]

If you go into event viewer, and try to find the service exception detected line. See if it lists a driver.

I checked the recent log because I updated the graphics card driver and chipset driver today. The error message reported by the log manager is different. In the recent unexpected shutdown, the log message HAP AcpInitializeAudioEngine failed with status (0xC000009A)
It seems that there is a problem with my SSD

- <Event xmlns=" [url=http://schemas.microsoft.com/win/2004/08/events/event]http://schemas.microsoft.com/win/2004/08/events/event[/url] ">
- <System>
<Provider Name="IntcAzAudAddService" /> 
<EventID Qualifiers="49152">258</EventID> 
<Version>0</Version> 
<Level>2</Level> 
<Task>0</Task> 
<Opcode>0</Opcode> 
<Keywords>0x80000000000000</Keywords> 
<TimeCreated SystemTime="2023-02-26T10:46:15.8742945Z" /> 
<EventRecordID>3538</EventRecordID> 
<Correlation /> 
<Execution ProcessID="4" ThreadID="372" /> 
<Channel>System</Channel> 
<Computer>MLH001</Computer> 
<Security /> 
</System>
- <EventData>
<Data>\Device\00000054</Data> 
<Data>HAP AcpInitializeAudioEngine</Data> 
<Data>0xC000009A</Data> 
<Binary>000000000300300000000000020100C0000000009A0000C000000000000000000000000000000000</Binary> 
</EventData>
</Event>

The creation of the dump file failed because of an error during the creation of the dump.

- <Event xmlns=" [url=http://schemas.microsoft.com/win/2004/08/events/event]http://schemas.microsoft.com/win/2004/08/events/event[/url] ">
- <System>
<Provider Name="volmgr" /> 
<EventID Qualifiers="49156">161</EventID> 
<Version>0</Version> 
<Level>2</Level> 
<Task>0</Task> 
<Opcode>0</Opcode> 
<Keywords>0x80000000000000</Keywords> 
<TimeCreated SystemTime="2023-02-26T10:46:12.7248846Z" /> 
<EventRecordID>3506</EventRecordID> 
<Correlation /> 
<Execution ProcessID="4" ThreadID="360" /> 
<Channel>System</Channel> 
<Computer>MLH001</Computer> 
<Security /> 
</System>
- <EventData>
<Data>\Device\HarddiskVolume2</Data> 
<Binary>000000000100000000000000A10004C00000000004001AC000000000000000000000000000000000</Binary> 
</EventData>
</Event>

 

[johnbl]

RtsUer.sys is reltek usb card reader. any USB device like this can have firmware in it that may need to be updated. Often it will depend on the bios version updates also.

when you have a driver that is corrupting kernel memory you should set the system to delete the pagefile.sys on reboot. basically, the driver does kernel corruptions, the corruptions are saved to the pagefile. Then you remove the driver or fix it, later the saved corrupted area in the pagefile is used by another driver and that driver fails. Most often it will have a bad memory address error code. you can google how to delete windows pagefile on every shutdown for instructions.

I would focus on the card reader as a source of the problem.
windows plug and play will detect the hardware an re install the driver but you might be able to disable the hardware in bios.
reltek puts out patches for the device put it only gives them directly to the vendor that used the chip in their design.

most of the ones I see are old versions.
old versions also will not pass verifier. I have had to disable the device in the past on some laptops.

 

[MLX001]

I seem to find the problem, it may be because of the AMD processor low load problem, at present I have been based on AMD processor low load, to find a solution to the problem, and has been applied to the system, so far the system has not BSOD.I am testing if the solution works and if it does I will post the solution.

 

[MLX001]

If your amd computer and I have similar errors, and in the use of the process will occur no bsod prompt, but the computer stuck situation is also OK you can try my approach.
Enter "computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7" in the address bar, and then:

=> Change the value of Attributes to 0 => Open Power Options ——> Change plan settings ——> Change advanced power settings ——> Processor power management ——> Processor performance boost mode ——> Set it to "Aggressive" and "Enabled".

I would also like to express my gratitude to everyone who has helped me when I encountered problems.

 

[johnbl]

I am so glad you got this figured out. I keep seeing people with problems with the AMD cpu after windows changed the default low power settings. Some have gotten them to work by going to high performance mode. This would be a better test fix to see if it fixed the problem.
(basically, the low power mode would be running acting like a underclock and violate the electronics timing requirements.

I guess the main thing to look for in this case was all of the various
ip alignment problems
(normally assumed to be power problems or heating problems)

memory references to low numbered memory address like 0x00000001
are assumed to be driver corruptions. But it assumes the electronics are properly powered and running at the correct voltage and frequency.

 

[MLX001]

I am so glad you got this figured out. I keep seeing people with problems with the AMD cpu after windows changed the default low power settings. Some have gotten them to work by going to high performance mode. This would be a better test fix to see if it fixed the problem.
(basically, the low power mode would be running acting like a underclock and violate the electronics timing requirements.

I guess the main thing to look for in this case was all of the various
ip alignment problems
(normally assumed to be power problems or heating problems)

memory references to low numbered memory address like 0x00000001
are assumed to be driver corruptions. But it assumes the electronics are properly powered and running at the correct voltage and frequency.

After I applied this solution, on today's use, I didn't encounter the bsod phenomenon, I think it's a perfect solution, I don't know why Microsoft hide this feature. Also thank you for your help, because analyzing dump is a complex and tedious job