A bug causing bluescreen in tcpip.sys/netio.sys

Question

Hi all,
we are developing an application that includes an NDIS 5.0 intermediate
filter driver. It works ok on Windows XP but we regularily experience
bluescreens on Vista caused by tcpip.sys/netio.sys (especially when
connecting/disconnecting to/from a network). Windbg analysis of the
crashdump always shows the following:

kd> !analyze -v *******************************************************************************
*                                                                           
*
*                        Bugcheck Analysis                                 
*
*                                                                           
* *******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or
it
is pointing at freed memory.
Arguments:
Arg1: dfdfdfff, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 8a09c1c8, If non-zero, the instruction address which referenced the
bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  dfdfdfff

FAULTING_IP:
tcpip!IppNotifyRouteChangeAtPassive+21
8a09c1c8 8b4020          mov    eax,dword ptr [eax+20h]

MM_INTERNAL_CODE:  2

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4549b319

MODULE_NAME: NETIO

FAULTING_MODULE: 8a085000 tcpip

DEFAULT_BUCKET_ID:  VISTA_RC

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  8419ec50 -- (.trap ffffffff8419ec50)
ErrCode = 00000000
eax=dfdfdfdf ebx=aaba8fd8 ecx=00000000 edx=000290c0 esi=b2664fac edi=8419ecf4
eip=8a09c1c8 esp=8419ecc4 ebp=8419ecf8 iopl=0        nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000            efl=00010246
tcpip!IppNotifyRouteChangeAtPassive+0x21:
8a09c1c8 8b4020          mov    eax,dword ptr [eax+20h]
ds:0023fdfdfff=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 81c49304 to 81c57535

STACK_TEXT: 
8419ec38 81c49304 00000000 dfdfdfff 00000000 nt!MmAccessFault+0x14b
8419ec38 8a09c1c8 00000000 dfdfdfff 00000000 nt!KiTrap0E+0xdc
8419ecf8 8a09b877 b2664f88 91dd09e4 8419ed2c
tcpip!IppNotifyRouteChangeAtPassive+0x21
8419ed08 83dca4cd aaba8fd8 81cf55fc 837903d8
tcpip!IppCompartmentNotificationWorker+0x11
8419ed2c 81e18fa4 837903d8 91dd09e4 941befe0
NETIO!NetiopIoWorkItemRoutine+0x2f
8419ed44 81c6b8aa 941befe0 00000000 82f4c2d8 nt!IopProcessWorkItem+0x2d
8419ed7c 81dafbfd 941befe0 84195680 00000000 nt!ExpWorkerThread+0xfd
8419edc0 81c9a396 81c6b7ad 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
NETIO!NetiopIoWorkItemRoutine+2f
83dca4cd 8d55f4          lea    edx,[ebp-0Ch]

SYMBOL_STACK_INDEX:  4

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  NETIO!NetiopIoWorkItemRoutine+2f

FAILURE_BUCKET_ID:  0x50_VRF_NETIO!NetiopIoWorkItemRoutine+2f

BUCKET_ID:  0x50_VRF_NETIO!NetiopIoWorkItemRoutine+2f

Followup: MachineOwner
---------


The callstack is always almost the same regardless whether we turn the
Driver Verifier for all drivers on or off. The bluescreen happens both on
32bit and 64bit versions of Vista. We think that the bluescreen happens only
after a certain Vista automatic update patch is applied, although we are not
100% sure about it yet.

When this patch is applied, our application or driver seems to trigger
a bug in tcpip.sys, but it is impossible for us to determine how. Could
someone from Microsoft please comment on this and provide us confirmation
of this bug and perhaps some workarounds for it? We can provide full memory
dumps on demand.

Thank you,
Martin Stangel

Answer 1

Hello, Martin Stangel!

Have you gotten any answers from Microsoft regarding the blue screen issue

IRQL NOT LESS OR EQUAL  blabla tcpip.sys  ?

 

I have this problem on an ACER Aspire 7520G Laptop.

I have searched and tried to install every KB fix that I could find, but to no avail.

 

Any help or tips would be appreciated!

 

Best regards,

Andy

Answer 2

Hi Andy

If your problem is same as ours, then setting a static IP configuration on your laptop should help you. To do so follow these steps:

 

1.      On the client computer, click Control Panel, then click Network and Sharing Center.

 

2.      Right-click Local Area Connection and click Status.

 

3.      Click Properties.

 

4.      Click Internet Protocol Version 4 (ICP/IPv4) or Internet Protocol Version 6 (ICP/IPv6) and then click Properties.

 

5.      Select Use the following IP address and enter the values in IP address, Subnet mask, Default gateway, and Preferred DNS server.

 

6.      Click OK.

 

I must warn you though: I don't think that you have the same problem as we had so this workaround will likely not help you. Good luck

 

Martin Stangel

Answer 3

You wrote:

5.      Select Use the following IP address and enter the values in IP address, Subnet mask, Default gateway, and Preferred DNS server.


Q 1:
What values should I enter in the fields?
Where do I find the IP address to use?

Sorry if I'm not grasping all of this.

best regards,
Anders

P.S.
Q 2:
when will this Ndis stuff be available for us people who are having Major problems
with these constant and annoying BSOD?
Q 3:
Do I have to revert to XP Pro again?
It is pretty bad when a completely new computer is delivered with pre-installed Vista,
and it turns out to work as bad as this...

What next?
"have an Apple?"

sorry but this is getting really frustrating

Answer 4

Hi Andy,

1. Type "cmd" to "Start Search" edit box in Start Menu.
2. Rightclick the found cmd command and select "Run as Administrator"
3. Type "ipconfig /all" in the newly opened window. This will show you your current IP address, Subnet mask, Default Gateway and DNS servers as they were obtained automatically from network (by DHCP protocol)
4. Enter the values from step 3 to IP settings dialog as described in my previous message.

If the BSODs keep appearing you should better revert the IP config back to "Obtain automatically"

HTH,

Martin

 

Re Q2: Sorry I don't know.

Re Q3: I am running XP on my machine and I am not planning to upgrade to Vista.

Answer 5

Thanks so much for your help Martin!
I really appreciate it.

I do like some features in Vista, like the search functions for instance.
But on the other hand, my previous XP Pro system never gave any headaches
since SP2 came.
I read the Downgrade statement from MS and so I could always upgrade again later if
I learn that Vista is more stable and thoroughly tested.
I don't have to be one of the guinea-pigs.

Re Q3: Would theoretically, XP Pro run faster on any given system hardware due to being less demanding
resource-wise than Vista?


Once again - thanks.

Andy