[SOLVED] Multiple BSOD errors related to ntoskrnl.exe

X

xensored

Member
Joined
Jul 14, 2021
Posts
5
Hi to the experts,

I have regularly BSOD errors and after vacation I got one today and have now 3 different minidumps with IRQL_NOT_LESS_OR_EQUAL + PAGE_FAULT_IN_NONPAGED_AREA + latest was DRIVER_VERIFIER_DETECTED_VIOLATION (tried to run driver verifier as recommened)

- I had problems much more often and though it must be a memory related problem. memtest for old Corsair Vengeance 2x8GB DDR4-3000 LPX was okay, but nevertheless I changed to G.Skill 2x16GB DDR4-3200 some weeks ago. Memtest is okay again, but BSOD show up again, so may be it is driver related?
- Win10 pro 64bit re-installed from scratch (with previous formatting)
- SSD checked with Crystal and everything ok
- Only "special" configuration is that I use 4x 24" monitors with Radeon RX 590
- Windows is up-to-date
- I use only Windows Defender for security

Please find Sysnative files attached.

Many thanks!
 

Attachments

Hi,

There appear to be entries related to piracy present in your logs.

I kindly want to ask you to remove everything related to piracy from your pc.

It is policy that no assistance is given while entries related to piracy are present, as such until they're removed no assistance is given.

To proof that everything has been removed, simply upload a new zip from the log collector.
 
It looks like the NordVPN is causing issues.

If there are no updates for NordVPN available, temporarily remove it while we're troubleshooting and use your pc as you normally would to see if other BSOD crashes occur. If they do, then run the log collector again and upload a new zip file.
Code: 
11: kd> k
 # Child-SP          RetAddr           Call Site
00 ffff9509`134a7148 fffff805`1f5eee34 nt!KeBugCheckEx
01 ffff9509`134a7150 fffff805`1f60aef2 nt!VerifierBugCheckIfAppropriate+0xe0
02 ffff9509`134a7190 fffff805`1f5f2658 nt!ExAllocatePoolSanityChecks+0xfe
03 ffff9509`134a71d0 fffff805`1ffca255 nt!VeAllocatePoolWithTagPriority+0x88
04 ffff9509`134a7240 fffff805`1f5f318d VerifierExt!ExAllocatePoolWithTagPriority_internal_wrapper+0x1c5
05 ffff9509`134a72d0 fffff805`2c9bb4a0 nt!VerifierExAllocatePoolWithTagPriority+0xbd
06 ffff9509`134a7320 00000000`00000000 NDivert+0xb4a0

11: kd> !dpx
Start memory scan  : 0xffff9509134a7148 ($csp)
End memory scan    : 0xffff9509134a8000 (Kernel Stack Base)

               rsp : 0xffff9509134a7148 : 0xfffff8051f5eee34 : nt!VerifierBugCheckIfAppropriate+0xe0
0xffff9509134a7148 : 0xfffff8051f5eee34 : nt!VerifierBugCheckIfAppropriate+0xe0
0xffff9509134a7188 : 0xfffff8051f60aef2 : nt!ExAllocatePoolSanityChecks+0xfe
0xffff9509134a71c8 : 0xfffff8051f5f2658 : nt!VeAllocatePoolWithTagPriority+0x88
0xffff9509134a7200 : 0xfffff8051ea2a560 :  dt msrpc!NDR64_BUFSIZE_POINTER_QUEUE_ELEMENT
0xffff9509134a7238 : 0xfffff8051ffca255 : VerifierExt!ExAllocatePoolWithTagPriority_internal_wrapper+0x1c5
0xffff9509134a7268 : 0xfffff8052c9c3358 :  !du ""NordVPN split tunnel sublayer""
0xffff9509134a72b0 : 0xffffcb87de6e77d0 : 0xffffb408c3ffcb70 :  dt msrpc!LRPC_FAST_BINDING_HANDLE
0xffff9509134a72c8 : 0xfffff8051f5f318d : nt!VerifierExAllocatePoolWithTagPriority+0xbd
0xffff9509134a72f8 : 0xfffff8051f5f25d0 : nt!VeAllocatePoolWithTagPriority
0xffff9509134a7348 : 0xfffff805209b83be : fwpkclnt!FwpmSubLayerAdd0+0x8e
0xffff9509134a7368 : 0xfffff805209be690 : fwpkclnt!FwpmSubLayerDeleteByKey0
0xffff9509134a7408 : 0xfffff8051eea6e52 : nt!RtlCaptureStackBackTrace+0x42
0xffff9509134a7468 : 0xfffff8051f5f9447 : nt!VerifierKeReleaseSpinLock+0x57
0xffff9509134a7558 : 0xfffff8051f600040 : nt!VerifierExEnterCriticalRegionAndAcquireResourceExclusive+0x60
0xffff9509134a7608 : 0xfffff805209727a4 : fwpkclnt!FwppGetCompartmentBfeState+0x48
0xffff9509134a7688 : 0xfffff805209b860d : fwpkclnt!FwppBfeStateOnChange+0x55
0xffff9509134a76b8 : 0xfffff8051f2ec9d0 : nt!PsGetThreadSessionId+0x10
0xffff9509134a76c8 : 0xfffff805209b8ef8 : fwpkclnt!FwppDispatchDevCtl0+0xc8
0xffff9509134a76e8 : 0xfffff80520ce7ba9 : ndis!NdisGetThreadObjectCompartmentId+0x79
0xffff9509134a7778 : 0xfffff8051ece8000 : "nt!setjmpexused <PERF> (nt+0xc9000)"
0xffff9509134a77c8 : 0xfffff80520ee0702 : tcpip!NlDispatchDeviceControl+0x42
0xffff9509134a77d8 : 0xfffff8051f5fe12b : nt!VfFreePoolNotification+0x97
0xffff9509134a77e8 : 0xffff9509134a2000 :  !du ""the validation of these values then failed after connecting to a share. This may...""
0xffff9509134a77f0 : 0xfffff80520ee06c0 : tcpip!NlDispatchDeviceControl
0xffff9509134a77f8 : 0xfffff8051ef37545 : nt!IofCallDriver+0x55
0xffff9509134a7808 : 0xfffff8051ef34460 : nt!ExAllocatePoolWithTagPriority+0x70
0xffff9509134a7838 : 0xfffff8051f301748 : nt!IopSynchronousServiceTail+0x1a8
0xffff9509134a78d8 : 0xfffff8051f301015 : nt!IopXxxControlFile+0x5e5
0xffff9509134a7918 : 0xfffff8051f1cf39f : nt!ExpCheckForResource+0x3b
0xffff9509134a7a18 : 0xfffff8051f300a16 : nt!NtDeviceIoControlFile+0x56
0xffff9509134a7a78 : 0xfffff8051f314267 : nt!AlpcpDereferenceBlobEx+0x77
0xffff9509134a7a80 : 0xfffff8051f3009c0 : nt!NtDeviceIoControlFile
0xffff9509134a7a88 : 0xfffff8051f0275b8 : nt!KiSystemServiceCopyEnd+0x28
0xffff9509134a7af8 : 0xfffff8051f0275b8 : nt!KiSystemServiceCopyEnd+0x28
0xffff9509134a7b00 : 0xffffcb87de6230c0 :  Trap @ ffff9509134a7b00
0xffff9509134a7c98 : 0xffff9509134a2000 :  !du ""the validation of these values then failed after connecting to a share. This may...""

11: kd> !PDE.du ffff9509134a2000
the validation of these values then failed after connecting to a share. This may be due to a "man-in-the-middle" compromise atte

11: kd> lmvm NDivert
Browse full module list
start             end                 module name
fffff805`2c9b0000 fffff805`2c9c9000   NDivert  T (no symbols)          
    Loaded symbol image file: NDivert.sys
    Image path: \SystemRoot\System32\drivers\NDivert.sys
    Image name: NDivert.sys
    Browse all global symbols  functions  data
    Timestamp:        Thu Jan 14 13:55:30 2021 (60003F42)
    CheckSum:         0001C26E
    ImageSize:        00019000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
 
Looks like NordVPN was the problem, no BSOD until today and computer was up and running nearly all days around 8-10 hours (use it for work).
Thanks again!
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top