IRQL_NOT_LESS_OR_EQUAL [BSoD] [Windows 8.1]

Sep 2, 2018
17
0
20
Hello:

I have been encountering this BSoD lately; IRQL_NOT_LESS_OR_EQUAL.

If anyone can help identifying what causes this BSoD to occur, I would appreciate it.


Minidump files:
http://


Notes:

■ This BSoD occurred over 3 times, in the last week, but only two minidump files were stored.
■ I couldn't find a pattern of when this BSoD occurs; seems to occur randomly.
■ The last program I installed was MalwareBytes.
■ I performed SFC /scannow; there were no issues detected.
■ I performed DISM ... /restorehealth; "the component store corruption was repaired."
■ MalwareBytes scan indicated that the system was clean.
■ Bitdefender system scan indicated that the system was clean.



Laptop Specifications:

Model: Lenovo G510
CPU: i7-4700MQ
RAM: 16 GB
OS: Windows 8.1 64-bit
Storage: SanDisk Ultra SSD 500 GB
GPU: AMD Radeon OPAL XT/GL 2 GB


If I missed any details, please let me know.

Thanks in advance.
 
Solution
well, it identifies 1 of the drivers for us. Intel GPU drivers. Now to find newer ones...

Your CPU has Intel® HD Graphics 4600

try running auto update here - https://downloadcenter.intel.com/product/81496/Intel-HD-Graphics-4600

The other is LAN as I said before...

speccy shows ethernet as: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
WIFI as Qualcomm Atheros AR9485WB-EG Wireless Network Adapter

I can find version 8.0.1.314 of the WIFI drivers from 24 Dec 2013, your current version is dated 31 Mar 2013. There appears to only be 1 version of them for win 8. I normally don't link driver sites, but you can't get drivers from Qualcomm so its difficult -...

gardenman

Splendid
Moderator
Hi, both dump files caused the debugger to pause and not respond. This is unusual. On the first dump I waited 17 minutes. The 2nd one I waited 10 minutes. Usually a dump takes about 2 to 3 minutes at most. This means that the dumps may be corrupted (very likely) or something is going on with my debugger (unlikely). I was able to obtain a little info from the dumps and will list it below:

090218-5546-01.dmp
BugCheck A, {fffff000d94d9198, 2, 0, fffff8005bc48c2a}
*** WARNING: Unable to verify timestamp for ntoskrnl.exe

083118-8000-01.dmp
BugCheck A, {ffff9000205effff, 2, 0, fffff802259c1523}
ntoskrnl The system cannot find the file specified

Colif, full text can be read here: https://pastebin.com/0UWXww9X

I can't help you with this information, please wait for additional replies.
 
Sep 2, 2018
17
0
20


Thank you for "reading" the dump files; I really appreciate it.
Hopefully, someone can give us more insight to this issue.
 
Sep 2, 2018
17
0
20


This is another dump file; hoping it's not corrupted.
http://
 

Colif

Win 11 Master
Moderator
Corrupt and can't read ntoiskrnl. That is unusual.

How easy is it to remove ram sticks? I would suggest testing ram and see if it has any problems, Try creating a USB using memtest86. and boot Laptop from it. Test each stick of ram by itself, up to 8 times. Only error count you want is 0, anything higher means ram stick should be removed/replaced

Another choice is run chkdsk C: /f on the ssd in command prompt (with admin rights). If its anything like win 10, 2 paragraphs will pop up asking if you want to unmount drive (you don't do this to C drive while PC is running) or run on a restart (choose yes for this). restart laptop and let it check drive out.
 

gardenman

Splendid
Moderator

This file worked. It took about 17.5 minutes. I was about to abort it when it went through. I was literally moving the mouse to the Abort button when it popped up. I got the following information: https://pste.eu/p/74tK.html

File: 090218-5687-01.dmp (Sep 2 2018 - 12:47:34)
BugCheck: [IRQL_NOT_LESS_OR_EQUAL (A)]
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Uptime: 0 Day(s), 9 Hour(s), 29 Min(s), and 59 Sec(s)

The debugger is still pointing towards the file being corrupt. However some good information was obtained from the debugger (drivers list and BIOS info).

System: Lenovo G510 Laptop
https://www.lenovo.com/us/en/laptops/lenovo/g-series/g510/
It appears that you have the latest BIOS available for your system:
https://support.lenovo.com/us/en/downloads/ds040384

I can't help you with this. Wait for additional replies. Good luck.

Edit: New driver definitions:

ipnat.sys=Internet Protocol Network Address Translator driver (Microsoft)

ISODrv64.sys=ISO DVD/CD-ROM Device driver (EZB Systems) http://www.ezbsystems.com/

mshidumdf.sys=Pass-through Driver for HID-UMDF Interface driver (Microsoft)
 
The files aren't corrupted, if they were you wouldn't be able to get anything out of it at all.
It's either a lack of symbol files, corrupted symbol files on your own pc, hardware issues, malware (the kind that severely alters OS files) or a counterfeit OS.


I suggest to reinstall all latest drivers Lenovo offers.
 
Sep 2, 2018
17
0
20


I'm sorry; are you referring to my pc or ...?
How can I fix symbol files?
I have MalwareBytes and Bitdefender Total Security; neither could detect any malware, viruses, etc.
OS is genuine.

*Edit: As soon as I sent this reply, my laptop crashed.
I will try uninstalling and reinstalling Lenovo drivers.
 

gardenman

Splendid
Moderator
I think the symbols files are OK on my system. I clean the symbols cache out every time it reaches 500mb. I can read other dump files with no problems and no symbol errors, it's only these 3 dumps. Maybe it's because they are Win8, maybe its the buggy debugger.

Anyway, Axe knows more about the dump files than I do. Any help would be appreciated.
 
Sep 2, 2018
17
0
20


Will try both suggestions.
I did chkdsk.. will try again.
I imagine memtest86/+ will take some time.
 

gardenman

Splendid
Moderator
memtest will take a while. You have 2 RAM modules, 8GB each. You need to test them one at a time, for at least 8 passes on each one. Open the case and pull the 2nd out and test. After testing the first, replace the 1st one with the 2nd one and test it.

Axe: I just re-cleaned my symbols cache. I'll try the same dumps again and if it works I'll re-post the results but I don't have much hope. Will get someone to correct it by a downvote.
 

Colif

Win 11 Master
Moderator
Yes, if ntoskrnl was corrupted, windows wouldn't even work. Its why i suggested checking ram as it might be the cause of corruption, or its just the debugger itself in this case

NTOSKRNL = windows kernel. It handles all driver requests, power management, and memory management. It sits between Hardware and Applications. It got blamed but its not the cause. Its a crucial part of windows
 
Sep 2, 2018
17
0
20
I will update this post to bring you up to speed on the results of the MemTest86.

1st RAM Chip
■ Test has run for 6+ hours.
■ Test has finished 8/8 passes with no errors.
■ “[Note] RAM may be vulnerable to high frequency row hammer bit flips” appeared during passes #3, #4, #5, and #6.

2nd RAM Chip
■ Test has run for 3+ hours.
■ Test has finished 4/4 passes with no errors.
■ There were no notes regarding vulnerability to Hammer test.

2nd chip seems to be a-ok.
I reckoned 4 passes were stressful enough.
 

Colif

Win 11 Master
Moderator
The Hammer Test is designed to detect RAM modules that are susceptible to disturbance errors caused by charge leakage. This phenomenon is characterized in the research paper Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors by Yoongu Kim et al. According to the research, a significant number of RAM modules manufactured 2010 or newer are affected by this defect. In simple terms, susceptible RAM modules can be subjected to disturbance errors when repeatedly accessing addresses in the same memory bank but different rows in a short period of time. Errors occur when the repeated access causes charge loss in a memory cell, before the cell contents can be refreshed at the next DRAM refresh interval.

Starting from MemTest86 v6.2, the user may see a warning indicating that the RAM may be vulnerable to high frequency row hammer bit flips. This warning appears when errors are detected during the first pass (maximum hammer rate) but no errors are detected during the second pass (lower hammer rate). See MemTest86 Test Algorithms for a description of the two passes that are performed during the Hammer Test (Test 13). When performing the second pass, address pairs are hammered only at the rate deemed as the maximum allowable by memory vendors (200K accesses per 64ms). Once this rate is exceeded, the integrity of memory contents may no longer be guaranteed. If errors are detected in both passes, errors are reported as normal.

The errors detected during Test 13, albeit exposed only in extreme memory access cases, are most certainly real errors. During typical home PC usage (eg. web browsing, word processing, etc.), it is less likely that the memory usage pattern will fall into the extreme case that make it vulnerable to disturbance errors. It may be of greater concern if you were running highly sensitive equipment such as medical equipment, aircraft control systems, or bank database servers. It is impossible to predict with any accuracy if these errors will occur in real life applications. One would need to do a major scientific study of 1000 of computers and their usage patterns, then do a forensic analysis of each application to study how it makes use of the RAM while it executes. To date, we have only seen 1-bit errors as a result of running the Hammer Test.

There are several actions that can be taken when you discover that your RAM modules are vulnerable to disturbance errors:

Do nothing
Replace the RAM modules
Use RAM modules with error-checking capabilities (eg. ECC)
Depending on your willingness to live with the possibility of these errors manifesting itself as real problems, you may choose to do nothing and accept the risk. For home use you may be willing to live with the errors. In our experience, we have several machines that have been stable for home/office use despite experiencing errors in the Hammer Test.

You may also choose to replace the RAM with modules that have been known to pass the Hammer Test. Choose RAM modules of different brand/model as it is likely that the RAM modules with the same model would still fail the Hammer test.

https://www.memtest86.com/troubleshooting.htm#hammer

ram could well be cause of these BSOD. IRQ errors are usually drivers BUT can also be ram.

BTW, though there are 3 choices offered above, you unlikely to be able to use ECC ram in a non server/workstation PC.
 
Sep 2, 2018
17
0
20
What’s the best way to ascertain that this RAM chip is the cause of these BSoD’s?

Use this chip only and see whether BSoD’s occur.
Or
Use the other chip only and see whether BSoD’s occur.
Or
Other solution.

BTW, I’m ok with removing this chip; 8 GB of RAM is sufficient for me.
 
Sep 2, 2018
17
0
20
@axe0axe0
Can you please have a go at the dump files?
You seem to think they’re not corrupted; maybe you can extract more information.
That is if you have the time and capability.

No disrespect to anyone; I appreciate all of your help.

*Edit:
BTW, I have uninstalled all optional/unnecessary drivers.
Also, I’m in the process of reinstalling important and recommended drivers.

Q: since I know some drivers can be updated through Windows Updates,
…do you recommend updating these drivers?
Or should I leave them as I got them from manufacturer’s website?
 
Corrupted, in this case, means a zero-sized file as in no program can open it.
Unfortunately, as already mentioned, we currently won't be able to have a proper go at the dump files due to symbol issues, as in the tool(s) used for debugging won't be able to help us analyze.
 
Sep 2, 2018
17
0
20


I used the one that didn't have a Hammer test warning, and, surprise, BSoD.
:-(

So, it's not the RAM.
Anyone has other suggestions?

I suppose there's no need uploading the new dump file.

Culprits from last two BSoD's are:

■ ntoskrnl.sys
■ NETIO.sys
■ dxgmms1.sys
 

Colif

Win 11 Master
Moderator
netio.sys - this could be caused by a LAN driver. Netio.sys = Network Input Output
Do you use WIFI or wired?
Integrated Communications
802.11 b/g/n, Bluetooth® 4.0, 10 / 100 Mbps LAN
https://www.lenovo.com/us/en/laptops/lenovo/g-series/g510/

can you download and run Speccy, it will help me figure out what WIFI device you have as the Lenova site lists Atheros and Realtek and that seems unlikely. When you run speccy, go to file/save as text file. This will create a text file with all the info found by speccy. Can you share that with us? Its likely Atheros is WiFi and Realtek is LAN

All the lenova drivers are from 2015 and there are likely newer versions we can find elsewhere, just need to find them

dxgmms1.sys = directX. Normally if DX is crashing its your Graphics card drivers. Fun part is your PC has 2 GPU in it, the CPU is likely to use its inbuilt gpu to run desktop, whereas the Nvidia GPU is mainly used for gaming. What were you doing when this crashed?

ntoskrnl.sys = Windows kernel, already said its unlikely to be cause

If we could read dump files we wouldn't need to guess. Can you upload dumps and we see if they still not behaving right.