Question
602 views

Windows 8 crashing Driver_IRQL_not_less_or_equal

Sylveira asked on

Last couple of days, my computer has started crashing, showing the blue screen error message. Your computer has encountered an error and needs to restart with this at the bottom "Driver_IRQL_not_less_or_equal"

I haven't done anything differently from normal, and I've had this computer for over a year

minidump files

https://onedrive.live.com/redir?resid=282EDA316FB97E01!114&authkey=!AJW72H8kmoggxQs&ithint=folder%2c

1 person had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

Hi,

All of the attached DMP files are of the DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) bug check.

This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

0: kd> k
Child-SP          RetAddr           Call Site
fffff880`0aa684b8 fffff800`2d267769 nt!KeBugCheckEx
fffff880`0aa684c0 fffff800`2d265fe0 nt!KiBugCheckDispatch+0x69
fffff880`0aa68600 fffff880`01cfffba nt!KiPageFault+0x260
fffff880`0aa68790 fffff880`01d19ced ndis!ndisXlateReturnNetBufferListToPacket+0x2a
fffff880`0aa687c0 fffff880`01cccfe3 ndis!ndisReturnNetBufferListsToPackets+0x4d
fffff880`0aa68800 fffff880`01cccda8 ndis!ndisInvokeNextReceiveCompleteHandler+0x13f
fffff880`0aa688a0 fffff880`06d83bdb ndis!NdisReturnNetBufferLists+0x108
fffff880`0aa68930 fffff880`06d93517 raspppoe!DerefPppoePacket+0x197
fffff880`0aa68970 fffff880`01cccb06 raspppoe!PrReceiveNetBufferListChain+0x3bf
fffff880`0aa68a10 fffff880`01cef9ac ndis!ndisMIndicateNetBufferListsToOpen+0x126
fffff880`0aa68ac0 fffff880`01cf0204 ndis!ndisDoPeriodicReceivesIndication+0x22c
fffff880`0aa68b50 fffff880`01ce297b ndis!ndisPeriodicReceivesWorker+0x50
fffff880`0aa68b80 fffff800`2d23afd9 ndis!ndisReceiveWorkerThread+0x153
fffff880`0aa68c10 fffff800`2d2ef7e6 nt!PspSystemThreadStartup+0x59
fffff880`0aa68c60 00000000`00000000 nt!KiStartSystemThread+0x16

FAILURE_BUCKET_ID:  AV_raspppoe!DerefPppoePacket

RAS PPPoE mini-port/call-manager driver is the culprit throughout the crashes, however, it's not the TRUE cause and something is causing conflicts.

--------------------

Please enable Driver Verifier:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8/8.1, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick

Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress