Windows 8 Blue Screen - IRQL_NOT_LESS_OR_EQUAL (tcpis.sys)

Hello,

 

I have been randomly getting the blue screen with IRQL_NOT_LESS_OR_EQUAL (tcpip.sys) message followed by a reboot.


I have uploaded some dump files on Skydrive which can be accessed via http://sdrv.ms/15XYdiz

Based on previous questions by other members, I have provided some answers below which might be helpful in troubleshooting.

1. What is the exact and complete error message? 

ANS: IRQL_NOT_LESS_OR_EQUAL (tcpip.sys) message followed by a reboot.


2. When exactly do you receive this error message?

ANS: The occurance is random and have not been able to tie this to any specific activity


3. Do you have any anti-virus installed on the computer?

ANS: Yes. This is a corporate laptop and Symantec is installed


4. Are you able to boot the desktop?

ANS: Yes


5. What is the make and model of the computer?

ANS: HP ProBook 4430s


6. Did you make any changes to the computer prior to this issue?

ANS: Windows 8 was installed on this computer around a month back and apart from MS Office, WinZip and BlackBerry Link have been installed.


Thanks in advance for looking into this.


Regards,

Ajay

 

Question Info


Last updated April 24, 2018 Views 1,417 Applies to:
Answer
Answer
Hi,

All of the attached DMP files are of the DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) bugcheck.

A kernel-mode driver attempted to access pageable memory at a process IRQL (Interrupt Request Level) that was too high.

Usual causes are a device driver has a bug and attempted to access invalid memory, the pagefile has been corrupted or there is a memory problem.

In all of your *D1 dumps, it appears the consistent culprit is Teefer.sys which is a driver in relation to I believe the Sygate Personal Firewall.

If we look at the call stack:

2: kd> kv
ChildEBP RetAddr  Args to Child             
b27b75d4 8219ed9b 0000000a 00000006 00000002 nt!KiBugCheck2
b27b75d4 8ac6da7c 0000000a 00000006 00000002 nt!KiTrap0E+0x1b3 (FPO: [0,0] TrapFrame @ b27b75f4)
b27b76b8 8acad0fe 86520430 0000001a 8ad651d4 tcpip!TcpValidateReceive+0x1c0 (FPO: [Non-Fpo])
b27b76f8 8acacd27 00000006 00000000 8ad64fc8 tcpip!IppDeliverListToProtocol+0x77 (FPO: [Non-Fpo])
b27b7734 8acad45c 8ad64fc8 b27b7794 b27b778c tcpip!IppProcessDeliverList+0x59 (FPO: [Non-Fpo])
b27b77c0 8acac052 8ad64fc8 b27b7820 00000001 tcpip!IppReceiveHeaderBatch+0x1c1 (FPO: [Non-Fpo])
b27b78bc 8aca93c3 8927afa8 85955f40 87e48100 tcpip!IpFlcReceivePackets+0x624 (FPO: [Non-Fpo])
b27b7914 8aca90f1 88ba7c58 00000000 8aca910a tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x20a (FPO: [Non-Fpo])
b27b7944 82088d79 85955f40 f04f353a 00000002 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x85 (FPO: [Non-Fpo])
b27b79bc 820889d8 8aca906c b27b7a04 00002400 nt!KeExpandKernelStackAndCalloutInternal+0x38b (FPO: [SEH])
b27b79dc 8aca95b7 8aca906c b27b7a04 00002400 nt!KeExpandKernelStackAndCalloutEx+0x1f (FPO: [Non-Fpo])
b27b7a1c 8b019f47 00ba7c58 85955f01 00000000 tcpip!FlReceiveNetBufferListChain+0x88 (FPO: [Non-Fpo])
b27b7a6c 8b01f6d9 88ba9168 85955f40 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x1ba (FPO: [Non-Fpo])
b27b7ac4 8b019488 873e01e8 85955f40 00000000 ndis!ndisMTopReceiveNetBufferLists+0x238 (FPO: [Non-Fpo])
b27b7b3c 8b065d30 85955f40 00000000 00000001 ndis!ndisInvokeNextReceiveHandler+0x40d (FPO: [Non-Fpo])
b27b7b7c 8b019ac8 88aa2950 85955f40 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x4d1da
b27b7b9c 96f14e88 88aa2950 85955f40 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x28 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
b27b7bc8 96f15a83 96f1b208 96f1a8e0 87293004 Teefer+0x8e88
b27b7bfc 96f16538 00000008 8973e980 00000000 Teefer+0x9a83
b27b7c34 820b6b1b 96f1a8e0 f04f30f6 00000000 Teefer+0xa538
b27b7c70 821a0579 96f16400 96f1a8e0 00000000 nt!PspSystemThreadStartup+0x4a (FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

We can see Teefer is eventually called into various network related routines and then a bugcheck, so we likely have a conflict. Taking a look at your loaded modules list, I can see you have Norton installed. This is more than likely what the firewall is conflicting with, so you have two choices:

1. Remove and replace Norton with Windows 8's built-in Windows Defender and use Windows Firewall.

Norton removal tool - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=841A6D40BA6872C47697C6C6B19C8E11.4?entsrc=redirect_pubweb&pvid=f-home

or

2. Remove Sygate Personal Firewall and use Norton on its own.

Regards,

Patrick
Debugger/Reverse Engineer.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.