Question Windows 11 Random BSODs (HYPERVISOR_ERROR) Cause Unknown

ConorDuey2000 · Mar 22, 2023

Hello. My computer keeps on getting these BSODs completely at random. They just say "HYPERVISOR_ERROR". I do have VMWare installed on my computer, but I have every VMWare service stopped and set to start manually. I've also never opened Windows Subsystem for Linux before I got that BSOD.

The cause of the BSOD is unknown. When I opened up "WinDBG" as an administrator, it told me that "amdppm.sys" resulted in the BSOD, but the process that caused it was "System". Therefore, I don't know what caused that BSOD. This isn't the only time I've gotten this type of BSOD and it's driving me so crazy that I've contemplated buying a new computer.

I've searched up "amdppm.sys BSOD" and I was told to change a registry value (I backed up my registry before doing so just in case.) and change my computer's power plan to "Balanced (recommended)" in the control panel. I did those two things, but I don't think that this will stop me from getting random and unknown "HYPERVISOR_ERROR" BSODs.

Anyway, here is the BSOD in question. Hopefully, you can find what's wrong with me computer and help me fix it.

By the way, my computer has an AMD Ryzen CPU, 16GB of RAM, an ASUS motherboard, and an NVIDIA GeForce RTX 2060 graphics card.

johnbl · Mar 22, 2023

download microsoft autoruns, then use it to delete this:
Internet Download Manager WFP Driver developed by Tonec
idmwfp.sys Wed Jul 6 07:37:41 2011

update this realtek audio driver to a version dated in 2020 or newer:
RTKVHD64.sys Tue Mar 26 06:23:24 2019
(old version responds to DMA requests from other audio drivers ie video card gpu sound driver and can crash the other driver)

here is info on the actual bugcheck. (not really documented)

I think AMD Primary Processor Module amdppm.sys (provided by microsoft windows update)
went into some extended sleep mode and it ended telling your hypervisor to sleep and it halted its cpu then it made a call that crashed the hypervisor.
(call stack, read from bottom up)
4: kd> kc
# Call Site
00 nt!KeBugCheckEx
01 nt!HvlSkCrashdumpCallbackRoutine
02 nt!KiProcessNMI
03 nt!KxNmiInterrupt
04 nt!KiNmiInterrupt
05 0x0
06 nt!HvcallInitiateHypercall
07 nt!HvlRequestProcessorHalt
08 amdppm!HvRequestIdle
09 amdppm!AcpiCStateIdleExecute <--- problem starts here
0a nt!PpmIdleExecuteTransition
0b nt!PoIdle
0c nt!KiIdleLoop

I would just disable the new sleep functions. ie run in high performance mode, or look for a updated vm.
System Uptime: 6 days 23:30:53.193

guess you could also uninstall or disable the driver.
ie start regedit as an admin
go to the key
hkey_local_machine\system\currentcontrolset\services\amdppm
then change start to a value of 4
(guess you would do this in the windows image in the hypervisor so it does not try got go into low power mode)

then reboot and see if it helps.
How to disable these services ? - Microsoft Q&A

ConorDuey2000 · Mar 22, 2023

johnbl said:
download microsoft autoruns, then use it to delete this:
Internet Download Manager WFP Driver developed by Tonec
idmwfp.sys Wed Jul 6 07:37:41 2011

update this realtek audio driver to a version dated in 2020 or newer:
RTKVHD64.sys Tue Mar 26 06:23:24 2019
(old version responds to DMA requests from other audio drivers ie video card gpu sound driver and can crash the other driver)

here is info on the actual bugcheck. (not really documented)

I think AMD Primary Processor Module amdppm.sys (provided by microsoft windows update)
went into some extended sleep mode and it ended telling your hypervisor to sleep and it halted its cpu then it made a call that crashed the hypervisor.
(call stack, read from bottom up)
4: kd> kc
# Call Site
00 nt!KeBugCheckEx
01 nt!HvlSkCrashdumpCallbackRoutine
02 nt!KiProcessNMI
03 nt!KxNmiInterrupt
04 nt!KiNmiInterrupt
05 0x0
06 nt!HvcallInitiateHypercall
07 nt!HvlRequestProcessorHalt
08 amdppm!HvRequestIdle
09 amdppm!AcpiCStateIdleExecute <--- problem starts here
0a nt!PpmIdleExecuteTransition
0b nt!PoIdle
0c nt!KiIdleLoop

I would just disable the new sleep functions. ie run in high performance mode, or look for a updated vm.
System Uptime: 6 days 23:30:53.193

guess you could also uninstall or disable the driver.
ie start regedit as an admin
go to the key
hkey_local_machine\system\currentcontrolset\services\amdppm
then change start to a value of 4
(guess you would do this in the windows image in the hypervisor so it does not try got go into low power mode)

then reboot and see if it helps.
How to disable these services ? - Microsoft Q&A

I used "Autoruns" to disable "idmwfp.sys". I also changed my power plan to the "high performance" power plan (not the "AMD Ryzen High Performance" power plan) as per your request. Finally, I disabled amdppm.sys in Regedit. I went over to that registry key and I changed "Start" to a value of 4. It was previously set to a value of 3.

ConorDuey2000 · Mar 30, 2023

I got another HYPERVISOR_ERROR BSOD, today. This time, after analyzing it in WinDbg, it told me that WmiPrvSE.exe and NETIO.SYS were the causes of the BSOD. I was playing a game in full screen and when I pressed Alt+Enter to put the game in windowed mode, it triggered the BSOD.

Here is the minidump, by the way.

ConorDuey2000 · Mar 31, 2023

It's gotten worse. I got another HYPERVISOR_BSOD an hour ago for an unknown reason. I analyzed it in WinDbg and it didn't give me any information. It said that the process that caused it was "System" so I don't know what caused that BSOD. I ran driver verifier and the computer did crash when I restarted my computer, but it didn't bluescreen and it didn't create any minidumps. I also updated my computer's BIOS to the latest version (I have an ASUS TUF GAMING X570-PLUS (WI-FI) motherboard) and I really hope that this fixes my BSOD problem because it's driving me so crazy that I've contemplated saving enough money to buy a new computer or at least buy a new CPU.

By the way, here is the minidump.

ubuysa · Mar 31, 2023

When you did this...

download microsoft autoruns, then use it to delete this:
Internet Download Manager WFP Driver developed by Tonec
idmwfp.sys Wed Jul 6 07:37:41 2011

...did you uninstall the Internet Download Manager product in its entirety, or did you just remove the idmwfp.sys driver?

The latest dump shows that a networking operation was in progress, there are calls to the Windows drivers; ndis.sys, tcpip.sys, wdiwifi.sys, and ndu.sys. There are also numerous calls to Netwtw08.sys, which is an Intel wireless adapter driver.

The version of Netwtw08.sys that you have installed is 6 months old and there may be a more recent update...

Code:

4: kd> lmDvmNetwtw08
Browse full module list
start             end                 module name
fffff803`66960000 fffff803`6724d000   Netwtw08 T (no symbols)           
    Loaded symbol image file: Netwtw08.sys
    Image path: Netwtw08.sys
    Image name: Netwtw08.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Dec  7 08:45:39 2022 (63903693)
    CheckSum:         00880C02
    ImageSize:        008ED000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

That said, if the Internet Download Manager product from Tonec is still install but with a key driver missing, that could well be the cause of your BSOD. I would suggest that you completely uninstall the Internet Download Manager product. Details on how to do that can be found in their FAQ here. Regarding uninstall it says this...

If you still want to uninstall IDM, refer to Windows documentation to see how to uninstall programs. Usually you should go to Control Panel, Add/Remove programs. Uninstall is 100% working. If you have problems with removing an older version of IDM, run this program to remove the integration into browsers. Then just delete IDM folder.

johnbl · Mar 31, 2023

remove
IOMap64.sys Sun Nov 1 22:42:10 2020
asus gpu tweak utility. part of asus ai suite.

just looking for any driver that might causes a hardware failure that would cause a NMI
---------
do you need this software/driver?
SCDEmu.SYS Tue Jun 6 06:59:01 2017
part of PowerISO Virtual Drive

--------------
Oh, I guess I should ask, you are running a hypervisor
and actively loading and use it. IE running windows in a virtual machine at the time of the failure.
(just in case you were doing something unrelated and just got a hypervisor error that bugchecked the machine)
---------
any chance your cpu is overheating?
the hypervisor bugchecks both indicated a bad stack pointer.
not sure what to do with this bugcheck. (hypervisor info not documented)
if you want to, you can change the memory dump type to kernel and I can look at the internal logs at the next crash.

non maskable interrupt called
maybe make sure the bios of the machine has been updated, and no bios overclock (for heat problems)
update cpu chipset drivers.

non maskable interrupt would be called if there was some hardware failure that could not be fixed/ignored.

System Uptime: 8 days 6:53:52.327

I would also look to make sure you are not running out of pagefile.sys space

ConorDuey2000 · Mar 31, 2023

ubuysa said:
When you did this...

...did you uninstall the Internet Download Manager product in its entirety, or did you just remove the idmwfp.sys driver?

The latest dump shows that a networking operation was in progress, there are calls to the Windows drivers; ndis.sys, tcpip.sys, wdiwifi.sys, and ndu.sys. There are also numerous calls to Netwtw08.sys, which is an Intel wireless adapter driver.

The version of Netwtw08.sys that you have installed is 6 months old and there may be a more recent update...

Code:

4: kd> lmDvmNetwtw08 Browse full module list start end module name fffff803`66960000 fffff803`6724d000 Netwtw08 T (no symbols) Loaded symbol image file: Netwtw08.sys Image path: Netwtw08.sys Image name: Netwtw08.sys Browse all global symbols functions data Timestamp: Wed Dec 7 08:45:39 2022 (63903693) CheckSum: 00880C02 ImageSize: 008ED000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Information from resource tables:

That said, if the Internet Download Manager product from Tonec is still install but with a key driver missing, that could well be the cause of your BSOD. I would suggest that you completely uninstall the Internet Download Manager product. Details on how to do that can be found in their FAQ here. Regarding uninstall it says this...

johnbl said:
remove
IOMap64.sys Sun Nov 1 22:42:10 2020
asus gpu tweak utility. part of asus ai suite.

just looking for any driver that might causes a hardware failure that would cause a NMI
---------
do you need this software/driver?
SCDEmu.SYS Tue Jun 6 06:59:01 2017
part of PowerISO Virtual Drive

--------------
Oh, I guess I should ask, you are running a hypervisor
and actively loading and use it. IE running windows in a virtual machine at the time of the failure.
(just in case you were doing something unrelated and just got a hypervisor error that bugchecked the machine)
---------
any chance your cpu is overheating?
the hypervisor bugchecks both indicated a bad stack pointer.
not sure what to do with this bugcheck. (hypervisor info not documented)
if you want to, you can change the memory dump type to kernel and I can look at the internal logs at the next crash.

non maskable interrupt called
maybe make sure the bios of the machine has been updated, and no bios overclock (for heat problems)
update cpu chipset drivers.

non maskable interrupt would be called if there was some hardware failure that could not be fixed/ignored.

System Uptime: 8 days 6:53:52.327

I would also look to make sure you are not running out of pagefile.sys space

To ubuysa: I've never installed Internet Download Manager, but I've ran a portable version of it. I opened up Autoruns and I deleted idmwfp.sys.

To johnbl: I deleted SCDEmu.sys using Autoruns since I don't use the Virtual Drives feature in PowerISO. I also have VMWare installed on my computer, but I have all of its services turned off and I only turn them on when I want to use VMWare. I also don't know if my CPU is overheating or not.

ConorDuey2000 · Mar 31, 2023

Also, I changed my power plan back to "AMD Ryzen Balanced" because I changed my power plan to "AMD Ryzen High Performance" last night and I got an IRQL_NOT_LESS_OR_EQUAL BSOD this morning. I analyzed it in WinDbg and it told me that Discord was the cause of the BSOD. I had Discord up and running at the time my computer got that BSOD.

Anyway, here is the minidump.

ConorDuey2000 · Mar 31, 2023

I just got another IRQL_NOT_LESS_OR_EQUAL BSOD, today. This time, after analyzing it in WinDbg, it told me that After Effects was the cause of the BSOD. I got that BSOD not too long after I was done rendering a video in After Effects.

Anyway, here is the minidump.

ConorDuey2000 · Apr 1, 2023

This is outrageous. I got three IRQL_NOT_LESS_OR_EQUAL BSODs in one single day. This one, however, I don't know what caused it. When I analyzed it in WinDbg, it just told me that the process that caused it was "System". Wow, WinDbg. That's very helpful.

I really need some help with these constant BSODs that happen completely at random because it's really driving me crazy and I'm on the verge of selling some of my stuff so I can buy a new $1,500 computer. Also, if any of you know any better minidump debuggers than WinDbg, then please tell me.

Anyway, here is the minidump.

johnbl · Apr 1, 2023

you still have a overclock driver installed. iomap64.sys
you have a bad version of a motherboard sound driver installed.
(rtkvhd64.sys from 2019 you have to use a version dated in 2020 or newer old version responds to other device DMA requests and corrupts the data buffer in the second device) you should disable the motherboard sound if you can not install the update for some reason.

the bugcheck, failed trying to access what looks like it should be a valid kernel memory address. I can not tell why it was not valid with a mini dump. it would require a kernel dump.

well at least this was the first dump that was not in the hypervisor which is pretty much undocumented.

you should consider going to a kernel dump and running verifier to look for bad drivers.

if you can also update rt640x64.sys
I have been seeing the debugger reporting memory leaks with this driver.

ConorDuey2000 · Apr 1, 2023

johnbl said:
you still have a overclock driver installed. iomap64.sys
you have a bad version of a motherboard sound driver installed.
(rtkvhd64.sys from 2019 you have to use a version dated in 2020 or newer old version responds to other device DMA requests and corrupts the data buffer in the second device) you should disable the motherboard sound if you can not install the update for some reason.

the bugcheck, failed trying to access what looks like it should be a valid kernel memory address. I can not tell why it was not valid with a mini dump. it would require a kernel dump.

well at least this was the first dump that was not in the hypervisor which is pretty much undocumented.

you should consider going to a kernel dump and running verifier to look for bad drivers.

if you can also update rt640x64.sys
I have been seeing the debugger reporting memory leaks with this driver.

I already ran driver verifier and I don't get any BSODs so I don't know what driver I should remove. I did update my audio drivers and hopefully that stops the IRQL_NOT_LESS_OR_EQUAL BSODs .

I also got another IRQL_NOT_LESS_OR_EQUAL BSOD this morning. I analyzed it in WinDbg and it says that the process that caused it was svchost.exe so I'm certain that a service caused that BSOD.

Anyway, here is the minidump.

johnbl · Apr 1, 2023

some service running under a service host (svchost.exe)
made a series or recursive calls and overflowed the stack.

I can not dump the command line to see what file was being run by the service host.

you would have to change the memory dump type to kernel and provide memory.dmp file to get the proper debug info. looks like the process was running under wow64

ConorDuey2000 · Apr 1, 2023

johnbl said:
some service running under a service host (svchost.exe)
made a series or recursive calls and overflowed the stack.

I can not dump the command line to see what file was being run by the service host.

you would have to change the memory dump type to kernel and provide memory.dmp file to get the proper debug info. looks like the process was running under wow64

I changed the memory dump type to "complete memory dump" and hopefully, that will give you enough information to get the proper debug info.

johnbl · Apr 1, 2023

ConorDuey2000 said:
I changed the memory dump type to "complete memory dump" and hopefully, that will give you enough information to get the proper debug info.

ok, but try and download microsoft rammap from here:
RAMMap - Sysinternals | Microsoft Learn
run it as an admin and find the menu that has empty in the name and empty each item.
ie
empty working set
empty standby list
this will make the full memory dump much smaller and more compressable. otherwise the file size will be the same as the amount of RAM in your system.

should only need a kernel dump unless the problem is actually in a 32 bit subsystem. full dump will be large but will have everything so it is the safe bet.
some systems make kernel dumps and minidumps
so check to see if you have a file memory.dmp one level up from the minidump directory.

ConorDuey2000 · Apr 1, 2023

johnbl said:
ok, but try and download microsoft rammap from here:
RAMMap - Sysinternals | Microsoft Learn
run it as an admin and find the menu that has empty in the name and empty each item.
ie
empty working set
empty standby list
this will make the full memory dump much smaller and more compressable. otherwise the file size will be the same as the amount of RAM in your system.

Alright. I downloaded RAMMap and on my next BSOD, I'll use that program to compress the memory dump.

johnbl · Apr 1, 2023

ConorDuey2000 said:
Alright. I downloaded RAMMap and on my next BSOD, I'll use that program to compress the memory dump.

nope, run it before you have a problem.
it just removes old programs from memory that you have not run in a long time. for example, in my standby list on my main machine I see i ran a game called planetside and it is in memory ready to go but I have not played it in months. running the rammap->empty-> standby list
should remove it from memory before your system bugchecks and makes a full memory dump.

ConorDuey2000 · Apr 1, 2023

johnbl said:
nope, your run it before you have a problem.
it just removes old programs from memory that you have not run in a long time. for example, in my standby list on my main machine I see i ran a game called planetside and it is in memory ready to go but I have not played it in months. running the rammap->empty-> standby list
should remove it from memory before your system bugchecks and makes a full memory dump.

Alright. I ran it right now and, hopefully, my next memory dump will be compressed.

johnbl · Apr 1, 2023

ConorDuey2000 said:
Alright. I ran it right now and, hopefully, my next memory dump will be compressed.

smaller, you will have to zip it up to do the compression but all the extra space will be filled with zeros that are easy to compress.

if you know that the system will bugcheck you should also turn on verifier as it will add a bunch extra debugging info and help pinpoint problems. the system will run slower but it makes the debugging much more clear.

I mention how to reduce the size of the memory dump because, people take a full dump then try to put it on a server and the server tells them they do not have rights for a file of that size. (some services assume a 25 GB or larger file is really a DVD and block sharing the file)

ConorDuey2000 · Apr 2, 2023

I'm still getting BSODs on a daily basis. This one that I got this morning was neither a HYPERVISOR_ERROR BSOD or IRQL_NOT_LESS_OR_EQUAL BSOD. It was a KERNEL_SECURITY_CHECK_FAILURE BSOD. I analyzed it in WinDbg and it told me that iCUE.exe was the cause of the BSOD. I have iCUE installed on my computer because I have a Corsair keyboard.

Anyway, here is the minidump. It's not a complete dump because I forgot to restart my computer after changing that setting.

ubuysa · Apr 3, 2023

ConorDuey2000 said:
I changed the memory dump type to "complete memory dump" and hopefully, that will give you enough information to get the proper debug info.

NO!

That will produce a dump so large it will take forever to upload/download it. You don't need that level of detail in any case, nobody other than the software vendors will be able to debug the mass of user mode code that will be in there. A kernel dump is all that is required for debugging Windows errors. Please change it back!

ConorDuey2000 · Apr 3, 2023

ubuysa said:
NO!

That will produce a dump so large it will take forever to upload/download it. You don't need that level of detail in any case, nobody other than the software vendors will be able to debug the mass of user mode code that will be in there. A kernel dump is all that is required for debugging Windows errors. Please change it back!

You're right. I just got another "BSOD of the day" and it's an IRQL_NOT_LESS_OR_EQUAL BSOD that was caused by tcpip.sys. Luckily, I was able to use WinDbg to convert the gigantic complete dump to a minidump. I also changed the setting to "kernel dump".

Anyway, here is the minidump.

ubuysa · Apr 3, 2023

The WinDbg analyze -v command blames tcpip.sys, and it is present in the call stack, but tcpip.sys isn't the cause of the BSOD - because it's a Windows driver.

You mention that you've enabled Driver Verfier before, but it's important to enable Driver Verifier in the right way in order to catch flaky drivers, so I'd suggest you enable Driver Verifier again, this time using the correct options, and we'll see what that traps.

First, take a restore point or take a drive image of your system drive. Better still, do both. There is a possibility that Driver Verifier could BSOD a flaky driver during the boor process, that would leave you in a boot-BSOD loop. The only way out is to restore from the restore point you took (by booting the Windows install media) or restore the disk image you took.

To enable Driver Verifier do the following...

Open Driver Verifier via the verifier command.
Select the second option - Create custom settings (for code developers)
Select the second option - Select individual settings from a full list
Check these boxes...

▪ Special Pool
▪ Force IRQL checking
▪ Pool Tracking
▪ Deadlock Detection
▪ Security Checks
▪ Miscellaneous Checks
▪ Power framework delay fuzzing
▪ DDI compliance checking

Select the last option - Select driver names from a list
Click on the heading labeled 'Provider', it will sort on this column. This makes it easier to identify the non-Microsoft drivers.
Check ALL drivers that DO NOT have Microsoft as the provider.
Then check these Microsoft drivers (and ONLY these)...

▪ Wdf01000.sys
▪ ndis.sys
▪ fltMgr.sys
▪ Storport.sys
9. Click in Finish and reboot.

Be sure to save all minidumps generated when Driver Verifier causes a BSOD. Leave Driver Verifier running until you have around 10 dumps or for 24 hours.

ConorDuey2000 · Apr 3, 2023

ubuysa said:
The WinDbg analyze -v command blames tcpip.sys, and it is present in the call stack, but tcpip.sys isn't the cause of the BSOD - because it's a Windows driver.

You mention that you've enabled Driver Verfier before, but it's important to enable Driver Verifier in the right way in order to catch flaky drivers, so I'd suggest you enable Driver Verifier again, this time using the correct options, and we'll see what that traps.

First, take a restore point or take a drive image of your system drive. Better still, do both. There is a possibility that Driver Verifier could BSOD a flaky driver during the boor process, that would leave you in a boot-BSOD loop. The only way out is to restore from the restore point you took (by booting the Windows install media) or restore the disk image you took.

To enable Driver Verifier do the following...

Open Driver Verifier via the verifier command.

Select the second option - Create custom settings (for code developers)

Select the second option - Select individual settings from a full list

Check these boxes...

▪ Special Pool
▪ Force IRQL checking
▪ Pool Tracking
▪ Deadlock Detection
▪ Security Checks
▪ Miscellaneous Checks
▪ Power framework delay fuzzing
▪ DDI compliance checking

Select the last option - Select driver names from a list

Click on the heading labeled 'Provider', it will sort on this column. This makes it easier to identify the non-Microsoft drivers.

Check ALL drivers that DO NOT have Microsoft as the provider.

Then check these Microsoft drivers (and ONLY these)...

▪ Wdf01000.sys
▪ ndis.sys
▪ fltMgr.sys
▪ Storport.sys
9. Click in Finish and reboot.

Be sure to save all minidumps generated when Driver Verifier causes a BSOD. Leave Driver Verifier running until you have around 10 dumps or for 24 hours.

I can't use the Driver Verifier technique in the way that you described because I don't have the Windows install media. However, I did get another BSOD for the second time, today, and it created a minidump and a kernel dump. The kernel dump's over a gigabyte in size so here is the minidump.

By the way, just like the previous BSOD, this BSOD is also an IRQL_NOT_LESS_OR_EQUAL BSOD that was caused by the image name, tcpip.sys and the process name, System.

Question Windows 11 Random BSODs (HYPERVISOR_ERROR) Cause Unknown

Reputable

Polypheme

Reputable

Reputable

Reputable

Distinguished

Polypheme

Reputable

Reputable

Reputable

Reputable

Polypheme

Reputable

Polypheme

Reputable

Polypheme

Reputable

Polypheme

Reputable

Polypheme

Reputable

Distinguished

Reputable

Distinguished

Reputable

Share this page