Question
1313 views

Windows 8 Blue Screen - IRQL_NOT_LESS_OR_EQUAL (tcpis.sys)

Ajay Prakash asked on

Hello,

 

I have been randomly getting the blue screen with IRQL_NOT_LESS_OR_EQUAL (tcpip.sys) message followed by a reboot.


I have uploaded some dump files on Skydrive which can be accessed via http://sdrv.ms/15XYdiz

Based on previous questions by other members, I have provided some answers below which might be helpful in troubleshooting.

1. What is the exact and complete error message? 

ANS: IRQL_NOT_LESS_OR_EQUAL (tcpip.sys) message followed by a reboot.


2. When exactly do you receive this error message?

ANS: The occurance is random and have not been able to tie this to any specific activity


3. Do you have any anti-virus installed on the computer?

ANS: Yes. This is a corporate laptop and Symantec is installed


4. Are you able to boot the desktop?

ANS: Yes


5. What is the make and model of the computer?

ANS: HP ProBook 4430s


6. Did you make any changes to the computer prior to this issue?

ANS: Windows 8 was installed on this computer around a month back and apart from MS Office, WinZip and BlackBerry Link have been installed.


Thanks in advance for looking into this.


Regards,

Ajay

2 people had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on
Hi,

All of the attached DMP files are of the DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) bugcheck.

A kernel-mode driver attempted to access pageable memory at a process IRQL (Interrupt Request Level) that was too high.

Usual causes are a device driver has a bug and attempted to access invalid memory, the pagefile has been corrupted or there is a memory problem.

In all of your *D1 dumps, it appears the consistent culprit is Teefer.sys which is a driver in relation to I believe the Sygate Personal Firewall.

If we look at the call stack:

2: kd> kv
ChildEBP RetAddr  Args to Child             
b27b75d4 8219ed9b 0000000a 00000006 00000002 nt!KiBugCheck2
b27b75d4 8ac6da7c 0000000a 00000006 00000002 nt!KiTrap0E+0x1b3 (FPO: [0,0] TrapFrame @ b27b75f4)
b27b76b8 8acad0fe 86520430 0000001a 8ad651d4 tcpip!TcpValidateReceive+0x1c0 (FPO: [Non-Fpo])
b27b76f8 8acacd27 00000006 00000000 8ad64fc8 tcpip!IppDeliverListToProtocol+0x77 (FPO: [Non-Fpo])
b27b7734 8acad45c 8ad64fc8 b27b7794 b27b778c tcpip!IppProcessDeliverList+0x59 (FPO: [Non-Fpo])
b27b77c0 8acac052 8ad64fc8 b27b7820 00000001 tcpip!IppReceiveHeaderBatch+0x1c1 (FPO: [Non-Fpo])
b27b78bc 8aca93c3 8927afa8 85955f40 87e48100 tcpip!IpFlcReceivePackets+0x624 (FPO: [Non-Fpo])
b27b7914 8aca90f1 88ba7c58 00000000 8aca910a tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x20a (FPO: [Non-Fpo])
b27b7944 82088d79 85955f40 f04f353a 00000002 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x85 (FPO: [Non-Fpo])
b27b79bc 820889d8 8aca906c b27b7a04 00002400 nt!KeExpandKernelStackAndCalloutInternal+0x38b (FPO: [SEH])
b27b79dc 8aca95b7 8aca906c b27b7a04 00002400 nt!KeExpandKernelStackAndCalloutEx+0x1f (FPO: [Non-Fpo])
b27b7a1c 8b019f47 00ba7c58 85955f01 00000000 tcpip!FlReceiveNetBufferListChain+0x88 (FPO: [Non-Fpo])
b27b7a6c 8b01f6d9 88ba9168 85955f40 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x1ba (FPO: [Non-Fpo])
b27b7ac4 8b019488 873e01e8 85955f40 00000000 ndis!ndisMTopReceiveNetBufferLists+0x238 (FPO: [Non-Fpo])
b27b7b3c 8b065d30 85955f40 00000000 00000001 ndis!ndisInvokeNextReceiveHandler+0x40d (FPO: [Non-Fpo])
b27b7b7c 8b019ac8 88aa2950 85955f40 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x4d1da
b27b7b9c 96f14e88 88aa2950 85955f40 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x28 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
b27b7bc8 96f15a83 96f1b208 96f1a8e0 87293004 Teefer+0x8e88
b27b7bfc 96f16538 00000008 8973e980 00000000 Teefer+0x9a83
b27b7c34 820b6b1b 96f1a8e0 f04f30f6 00000000 Teefer+0xa538
b27b7c70 821a0579 96f16400 96f1a8e0 00000000 nt!PspSystemThreadStartup+0x4a (FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

We can see Teefer is eventually called into various network related routines and then a bugcheck, so we likely have a conflict. Taking a look at your loaded modules list, I can see you have Norton installed. This is more than likely what the firewall is conflicting with, so you have two choices:

1. Remove and replace Norton with Windows 8's built-in Windows Defender and use Windows Firewall.

Norton removal tool - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

or

2. Remove Sygate Personal Firewall and use Norton on its own.

Regards,

Patrick
Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress