Question
983 views

BSOD IRQL_NOT_LESS_OR_EQUAL WIndows8

randypitcherii asked on
Just upgraded to Windows 8 and have been having issues with an IRQL not less or equal BSOD. It happens mostly when the PC goes to sleep and I try to wake it up to use it. I disabled the sleep function, but the problem still happens randomly.

System:



MEMTEST results are normal, so I don't think its the ram. Just updated the firmware for the SSD and that seemed to improve the BSOD situation, but hasn't completely solved the issue.

I have attached a MEGA link to the  ZIP of most recent MINIDUMPs.

MINDUMPS.zip (261 KB)
https://mega.co.nz/#!7s4DXRqR!QM9cNQAzn-CotxkW5EWjGxQAptgXZPIF7_nAM_AUNmU

Thank you for any support / advice you can offer.
2 people had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on
Hi,

We have various different bugchecks attached.

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a routine that transitions from non-privileged code to privileged code.

This bugcheck is generally related to a video driver issue.

Ensure you have the latest video card drivers. If you are already on the latest video card drivers, uninstall and install a version or a few versions behind the latest to ensure it's not a latest driver only issue. If you've already tried the latest version as well as many possible previous versions, you can try a beta driver if available.

DRIVER_POWER_STATE_FAILURE (9f)

This error occurs if drivers do not handle power state transition requests properly, usually during one of the following procedures: shut down, suspending or resuming from standby, suspending or resuming from hibernation.

I cannot seem to run an !irp on the blocked IRP address to check for a culprit device driver as for some reason the dump is reporting incorrect symbols.

IRQL_NOT_LESS_OR_EQUAL (a)

A kernel-mode driver or process attempted to access a protected memory location it does not have permission for, or a kernel interrupt request level (IRQL) attempted to access a memory address that is too high.

This bugcheck usually occurs when a driver uses an incorrect memory address. Other possible causes of this error include: bug in a device driver, system service, the BIOS, an old Anti-virus program or backup tool, or possibly memory issues.

In the call stack, we can see:

0: kd> kv

Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`1aee6648 fffff801`23ee1769 : 00000000`0000000a fffffa00`08c4bb90 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`1aee6650 fffff801`23edffe0 : 00000000`00000000 00000001`2691b121 fffff6fb`7dbee100 fffff880`1aee6790 : nt!KeSaveStateForHibernate+0x2d49
fffff880`1aee6790 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSaveStateForHibernate+0x15c0

Two KeSaveStateForHibernate calls being made right before the bugcheck, this + the 9F likely indicates a driver failing to handle power transition requests properly before a hibernate.

Before enabling Driver Verifier, I see you have !avast installed. I'd recommend removing and replacing it with Windows 8's built-in Windows Defender for temporary troubleshooting purposes.

!avast removal tool - http://www.avast.com/en-us/uninstall-utility

If after removing !avast and replacing it you're still having issues, enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7)
- Concurrentcy Stress Test (Windows 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
 8.    Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:

- Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick
Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress