BSOD when Global VPN client launched

HvacDDCguy · March 7, 2025, 2:36am

Hello all,

Like my username states I’m an HVAC DDC technician. Came from turning wrenches for years, and now play in the computer world. Well I’ve got a problem that started last week, that is causing me lots of grief. I’ve used the sonic wall VPN client on my machine for years, and all of the sudden every time I chose any connections I get an immediate blue screen shutdown. I have done some basic stuff like uninstall and re-install, followed most suggestions on the web, and have worked with our computer support company to resolve this and no luck yet. Can anyone decipher this windows dump info? This dummy HVAC guy doesn’t know what it means. Any help would be much appreciated.

Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64

Loading Dump File [C:\Windows\Minidump\032922-18203-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************

Response Time (ms) Location

Deferred srv*

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP (12 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Machine Name:

Kernel base = 0xfffff800`1c800000 PsLoadedModuleList = 0xfffff800`1d42a2d0

Debug session time: Tue Mar 29 12:31:46.907 2022 (UTC - 7:00)

System Uptime: 0 days 0:10:23.741

Loading Kernel Symbols

…

Loading User Symbols

Loading unloaded module list

…

For analysis of this file, run !analyze -v

ndis!ndisNblTrackerTransferOwnershipInternal+0xa1:

fffff800`21ef321d 498bbe68010000 mov rdi,qword ptr [r14+168h] ds:002b:01000608`12c86457=???

9: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This is a very common BugCheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but …

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80021ef321d, The address that the exception occurred at

Arg3: ffff848d1f122038, Exception Record Address

Arg4: ffff9e80e2ef8920, Context Record Address

Debugging Details:

------------------

*** WARNING: Unable to verify timestamp for Netwtw08.sys

KEY_VALUES_STRING: 1

Key : AV.Fault

Value: Read

Key : Analysis.CPU.mSec

Value: 4953

Key : Analysis.DebugAnalysisManager

Value: Create

Key : Analysis.Elapsed.mSec

Value: 15907

Key : Analysis.Init.CPU.mSec

Value: 1328

Key : Analysis.Init.Elapsed.mSec

Value: 11505

Key : Analysis.Memory.CommitPeak.Mb

Value: 111

FILE_IN_CAB: 032922-18203-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8

Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80021ef321d

BUGCHECK_P3: ffff848d1f122038

BUGCHECK_P4: ffff9e80e2ef8920

EXCEPTION_RECORD: ffff848d1f122038 – (.exr 0xffff848d1f122038)

ExceptionAddress: fffff80021ef321d (ndis!ndisNblTrackerTransferOwnershipInternal+0x00000000000000a1)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: ffffffffffffffff

Attempt to read from address ffffffffffffffff

CONTEXT: ffff9e80e2ef8920 – (.cxr 0xffff9e80e2ef8920)

rax=0000000000000001 rbx=0000000000000020 rcx=0000000000000000

rdx=ffffc38e02c4f0c1 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80021ef321d rsp=ffff848d1f122270 rbp=ffff848d1f122301

r8=0000000000000020 r9=fffff80021fd3048 r10=0000000000000088

r11=1784b9d8639aee08 r12=0000000000000000 r13=0000000000000000

r14=0100060812c862ef r15=0000000000000000

iopl=0 nv up ei pl nz na pe nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202

ndis!ndisNblTrackerTransferOwnershipInternal+0xa1:

fffff800`21ef321d 498bbe68010000 mov rdi,qword ptr [r14+168h] ds:002b:01000608`12c86457=???

Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

READ_ADDRESS: fffff8001d4fa390: Unable to get MiVisibleState

Unable to get NonPagedPoolStart

Unable to get NonPagedPoolEnd

Unable to get PagedPoolStart

Unable to get PagedPoolEnd

unable to get nt!MmSpecialPagesInUse

ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

EXCEPTION_STR: 0xc0000005

STACK_TEXT:

ffff848d`1f122270 fffff800`21f30f89 : 00000000`00000001 ffffc38e`02c4f0c1 00000000`00000020 00000000`00000001 : ndis!ndisNblTrackerTransferOwnershipInternal+0xa1

ffff848d`1f1222f0 fffff800`21ef1c5d : ffffc38d`f64dc010 00000000`00000601 ffff848d`00000000 ffff848d`00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x3f219

ffff848d`1f1223d0 fffff800`21ef7ef1 : ffffc38d`ff0831a0 ffffc38d`eb2e1001 ffffc38d`ff0831a0 ffffc38d`00000000 : ndis!ndisMTopReceiveNetBufferLists+0x1bd

ffff848d`1f122450 fffff800`21f2dfef : ffffc38d`eb2e1030 ffff848d`1f122521 00000000`00000000 fffff800`2ae78af3 : ndis!ndisCallReceiveHandler+0x61

ffff848d`1f1224a0 fffff800`21ef4a94 : 00000000`00009bef 00000000`00000000 ffffc38d`ff0831a0 00000000`00000000 : ndis!ndisInvokeNextReceiveHandler+0x1df

ffff848d`1f122570 fffff800`2dc33300 : ffff9e80`e2ed8180 ffffc38d`eb9105b0 ffff848d`1f122660 ffffc38d`fffab510 : ndis!NdisMIndicateReceiveNetBufferLists+0x104

ffff848d`1f122600 fffff800`2dbf8281 : 00000000`00000000 00000000`00000000 ffff9e80`00000000 00000000`00000000 : wdiwifi!CPort::IndicateFrames+0x2d8

ffff848d`1f1226a0 fffff800`2dbdbbb7 : ffffc38d`fffab510 ffff848d`1f1227c9 ffffc38d`eb8f4bb0 000fa5ef`00000001 : wdiwifi!CAdapter::IndicateFrames+0x141

ffff848d`1f122710 fffff800`2dbdc2f6 : ffffc38d`eb911040 00000000`00000003 ffffc38d`eb8f4bb0 00000000`00000000 : wdiwifi!CRxMgr::RxProcessAndIndicateNblChain+0x7f7

ffff848d`1f122830 fffff800`2dbd8192 : ffffc38d`fffab510 ffff848d`1f122968 ffffc38d`f1f6b440 fffff800`26805955 : wdiwifi!CRxMgr::RxInOrderDataInd+0x35a

ffff848d`1f1228d0 fffff800`2d354399 : ffffc38d`f64f8490 ffffc38d`fe539010 00000000`00000001 ffff9e80`e2ed8180 : wdiwifi!AdapterRxInorderDataInd+0x92

ffff848d`1f122920 ffffc38d`f64f8490 : ffffc38d`fe539010 00000000`00000001 ffff9e80`e2ed8180 ffff848d`1f122960 : Netwtw08+0x64399

ffff848d`1f122928 ffffc38d`fe539010 : 00000000`00000001 ffff9e80`e2ed8180 ffff848d`1f122960 ffff848d`1f122968 : 0xffffc38d`f64f8490

ffff848d`1f122930 00000000`00000001 : ffff9e80`e2ed8180 ffff848d`1f122960 ffff848d`1f122968 ffffc38d`eb911040 : 0xffffc38d`fe539010

ffff848d`1f122938 ffff9e80`e2ed8180 : ffff848d`1f122960 ffff848d`1f122968 ffffc38d`eb911040 fffff800`1ca12331 : 0x1

ffff848d`1f122940 ffff848d`1f122960 : ffff848d`1f122968 ffffc38d`eb911040 fffff800`1ca12331 00000000`ffffffff : 0xffff9e80`e2ed8180

ffff848d`1f122948 ffff848d`1f122968 : ffffc38d`eb911040 fffff800`1ca12331 00000000`ffffffff fffff800`00000000 : 0xffff848d`1f122960

ffff848d`1f122950 ffffc38d`eb911040 : fffff800`1ca12331 00000000`ffffffff fffff800`00000000 ffff5728`d4e88a82 : 0xffff848d`1f122968

ffff848d`1f122958 fffff800`1ca12331 : 00000000`ffffffff fffff800`00000000 ffff5728`d4e88a82 00000000`00000000 : 0xffffc38d`eb911040

ffff848d`1f122960 fffff800`1ca14a98 : ffffc38d`ec24e420 ffff5728`d4e88a32 ffffc38d`fef49620 fffff800`21f29dc2 : nt!KeClearSystemPriority+0x101

ffff848d`1f1229b0 fffff800`1ca74835 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`267d5440 : nt!PspRevertContainerImpersonation+0xf8

ffff848d`1f122a00 fffff800`1cab86d5 : ffffc38d`eb911040 ffffc38d`eb911040 fffff800`1ca74700 00000000`00000000 : nt!IopProcessWorkItem+0x135

ffff848d`1f122a70 fffff800`1cb55a15 : ffffc38d`eb911040 00000000`00000080 ffffc38d`e2cb3080 000fa5ef`bd9bbfff : nt!ExpWorkerThread+0x105

ffff848d`1f122b10 fffff800`1cbfec78 : ffff9e80`e2ed8180 ffffc38d`eb911040 fffff800`1cb559c0 00000000`00000000 : nt!PspSystemThreadStartup+0x55

ffff848d`1f122b60 00000000`00000000 : ffff848d`1f123000 ffff848d`1f11c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28

SYMBOL_NAME: wdiwifi!CPort::IndicateFrames+2d8

MODULE_NAME: wdiwifi

IMAGE_NAME: wdiwifi.sys

IMAGE_VERSION: 10.0.19041.1174

STACK_COMMAND: .cxr 0xffff9e80e2ef8920 ; kb

BUCKET_ID_FUNC_OFFSET: 2d8

FAILURE_BUCKET_ID: AV_wdiwifi!CPort::IndicateFrames

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {d5daa917-7cc2-aeed-4c07-9628e8d7643d}

Followup: MachineOwner

---------

9: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

This is a very common BugCheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but …

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80021ef321d, The address that the exception occurred at

Arg3: ffff848d1f122038, Exception Record Address

Arg4: ffff9e80e2ef8920, Context Record Address

Debugging Details:

------------------

KEY_VALUES_STRING: 1

Key : AV.Fault

Value: Read

Key : Analysis.CPU.mSec

Value: 4046

Key : Analysis.DebugAnalysisManager

Value: Create

Key : Analysis.Elapsed.mSec

Value: 4053

Key : Analysis.Init.CPU.mSec

Value: 8374

Key : Analysis.Init.Elapsed.mSec

Value: 29579

Key : Analysis.Memory.CommitPeak.Mb

Value: 114

FILE_IN_CAB: 032922-18203-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8

Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80021ef321d

BUGCHECK_P3: ffff848d1f122038

BUGCHECK_P4: ffff9e80e2ef8920

EXCEPTION_RECORD: ffff848d1f122038 – (.exr 0xffff848d1f122038)

ExceptionAddress: fffff80021ef321d (ndis!ndisNblTrackerTransferOwnershipInternal+0x00000000000000a1)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: ffffffffffffffff

Attempt to read from address ffffffffffffffff

CONTEXT: ffff9e80e2ef8920 – (.cxr 0xffff9e80e2ef8920)

rax=0000000000000001 rbx=0000000000000020 rcx=0000000000000000

rdx=ffffc38e02c4f0c1 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80021ef321d rsp=ffff848d1f122270 rbp=ffff848d1f122301

r8=0000000000000020 r9=fffff80021fd3048 r10=0000000000000088

r11=1784b9d8639aee08 r12=0000000000000000 r13=0000000000000000

r14=0100060812c862ef r15=0000000000000000

iopl=0 nv up ei pl nz na pe nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050202

ndis!ndisNblTrackerTransferOwnershipInternal+0xa1:

fffff800`21ef321d 498bbe68010000 mov rdi,qword ptr [r14+168h] ds:002b:01000608`12c86457=???

Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

READ_ADDRESS: Unable to get NonPagedPoolStart