Jared
Sysnative Staff, BSOD Kernel Dump Expert
- Feb 3, 2014
- 1,591
We are teaming against you.
You'll crack eventually and give up.
So here we've got memory being referenced (written to) at an IRQL of 2 which is either paged out or simply invalid.
So here we can see your realtek network driver calling lots of routines, networking isn't my strong area but I'm reading more into it.
It appears to Network Driver Interface Specification is recieving data and passing it up to TCP/IP which has then tried to access invalid memory.
I believe it's going back up the stack seen as it's receiving information.
We can confirm that was referencing memory that caused the page fault.
Here we can see that the memory which was being referenced was actually invalid so whether or not the IRQL was above 2 the system would still result in a page fault, the page fault handler wouldn't be able to bring the pages into memory as they didn't exist. A 0x50 bugcheck would probably be initiated.
You'll need to update your Realtek network driver, because I don't have your system information file I cannot tell you which to download.
If you know which NIC you're using then update it on the realtek website or via device manager.
You'll crack eventually and give up.
Code:
BugCheck D1, {[COLOR="#FF0000"]fffff881039bfad8[/COLOR], [COLOR="#800080"]2[/COLOR], [COLOR="#00FFFF"]1[/COLOR], [COLOR="#008000"]fffff8800165ea35[/COLOR]}
So here we've got memory being referenced (written to) at an IRQL of 2 which is either paged out or simply invalid.
Code:
fffff880`081983a8 fffff800`0328aca9 : 00000000`0000000a fffff881`039bfad8 00000000`00000002 00000000`00000001 : [COLOR="#0000FF"]nt!KeBugCheckEx[/COLOR]
fffff880`081983b0 fffff800`03289920 : 00000000`00000001 fffffa80`100688f0 fffffa80`1603e100 fffffa80`1210e100 : [COLOR="#0000FF"]nt!KiBugCheckDispatch+0x69[/COLOR]
fffff880`081984f0 fffff880`0165ea35 : fffffa80`117554f0 00000000`00000001 00000000`00000001 fffffa80`11755420 : [COLOR="#0000FF"]nt!KiPageFault+0x260[/COLOR]
fffff880`08198680 fffff880`0166da0d : 00000000`4f68aa06 00000000`00000018 00000000`00000002 80000002`00000000 : [COLOR="#800080"]tcpip!TcpTcbHeaderSend+0x1f5[/COLOR]
fffff880`08198830 fffff880`0167a334 : fffffa80`0eb57500 00000000`00000002 fffffa80`0de55060 00000000`00000000 : [COLOR="#800080"]tcpip!TcpTcbCarefulDatagram+0xc9d[/COLOR]
fffff880`081989e0 fffff880`0167e86a : fffffa80`0d9eff00 fffffa80`0cb33700 fffffa80`0d86ee01 00000000`00000000 : [COLOR="#800080"]tcpip!TcpTcbReceive+0x694[/COLOR]
fffff880`08198b90 fffff880`0167e3b7 : fffff880`044917e2 fffffa80`0d9eb000 00000000`00000000 fffff880`01661600 : [COLOR="#800080"]tcpip!TcpMatchReceive+0x1fa[/COLOR]
fffff880`08198ce0 fffff880`016606c7 : fffffa80`0d9eba40 fffffa80`0d8569c7 fffffa80`0d9eba40 00000000`00000000 : [COLOR="#800080"]tcpip!TcpPreValidatedReceive+0x177[/COLOR]
fffff880`08198d90 fffff880`01660799 : fffff880`08198f10 fffff880`0176e9a0 fffff880`08198f20 00000000`00000001 : [COLOR="#800080"]tcpip!IppDeliverListToProtocol+0x97[/COLOR]
fffff880`08198e50 fffff880`01660c90 : fffffa80`0d9eb000 fffffa80`0eb57400 00000000`00000011 fffff880`08198f10 : [COLOR="#800080"]tcpip!IppProcessDeliverList+0x59[/COLOR]
fffff880`08198ec0 fffff880`0165fb21 : 00000000`faffffef fffffa80`0d9eb000 fffff880`0176e9a0 00000000`0eb8c801 : [COLOR="#800080"]tcpip!IppReceiveHeaderBatch+0x231[/COLOR]
fffff880`08198fa0 fffff880`0165e592 : fffffa80`0ebc97e0 00000000`00000000 fffffa80`0eb8c801 00000000`00000001 : [COLOR="#800080"]tcpip!IpFlcReceivePackets+0x651[/COLOR]
fffff880`081991a0 fffff880`01677e5a : fffffa80`0eb8c810 fffff880`081992d0 fffffa80`0eb8c810 00000000`00000000 : [COLOR="#800080"]tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2[/COLOR]
fffff880`08199280 fffff800`0329ae5a : fffffa80`0eb4f030 fffff880`08194000 00000000`00004800 00000000`00000000 : [COLOR="#800080"]tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda[/COLOR]
fffff880`081992d0 fffff880`01677882 : fffff880`01677d80 fffff880`081993e0 00000000`00000002 00000000`00000000 : [COLOR="#800080"]nt!KeExpandKernelStackAndCalloutEx+0xda[/COLOR]
fffff880`081993b0 fffff880`015600eb : fffffa80`0eb8e560 00000000`00000000 fffffa80`0e6d71a0 fffffa80`0e88c000 : [COLOR="#800080"]tcpip!FlReceiveNetBufferListChain+0xb2[/COLOR]
fffff880`08199420 fffff880`01529fc6 : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : [COLOR="#00FFFF"]ndis!ndisMIndicateNetBufferListsToOpen+0xdb[/COLOR]
fffff880`08199490 fffff880`014a3ef1 : fffffa80`0e6d71a0 fffffa80`0cc8cd30 00000000`00000001 00000000`00003402 : [COLOR="#00FFFF"]ndis!ndisMDispatchReceiveNetBufferLists+0x1d6[/COLOR]
fffff880`08199910 fffff880`03e7596b : fffffa80`0eab9000 fffffa80`0eafb5f0 fffffa80`0eab9600 00000000`00000000 : [COLOR="#00FFFF"]ndis!NdisMIndicateReceiveNetBufferLists+0xc1[/COLOR]
fffff880`08199960 fffff880`03e65165 : fffffa80`0e6d7100 fffff880`02f64101 fffffa80`0000000a fffff880`08199ba0 : [COLOR="#FF0000"]Rt64win7+0x1596b[/COLOR]
fffff880`08199b40 fffff880`0152ee4b : fffff880`00000000 fffffa80`0e6d71a0 00000000`00000000 00000000`00000000 : [COLOR="#FF0000"]Rt64win7+0x5165[/COLOR]
fffff880`08199ba0 fffff880`014b4bfd : fffffa80`0eb895b8 00000000`0000000a 00000000`00000002 00000000`00000002 : [COLOR="#00FFFF"]ndis! ?? ::DKGKHJNI::`string'+0x1597[/COLOR]
fffff880`08199c10 fffff880`014dbb0c : 00000000`00000000 fffffa80`0eb895b8 00000000`00000080 fffffa80`0d84f230 : [COLOR="#00FFFF"]ndis!ndisQueuedMiniportDpcWorkItem+0xcd[/COLOR]
fffff880`08199cb0 fffff800`0352e7c6 : 00000000`00000000 fffffa80`11e86b60 00000000`00000080 00000000`00000000 : [COLOR="#00FFFF"]ndis!ndisReceiveWorkerThread+0x12c[/COLOR]
fffff880`08199d40 fffff800`03269c26 : fffff880`02f64180 fffffa80`11e86b60 fffff880`02f6efc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`08199d80 00000000`00000000 : fffff880`0819a000 fffff880`08194000 fffff880`08199a00 00000000`00000000 : nt!KiStartSystemThread+0x16
So here we can see your realtek network driver calling lots of routines, networking isn't my strong area but I'm reading more into it.
It appears to Network Driver Interface Specification is recieving data and passing it up to TCP/IP which has then tried to access invalid memory.
I believe it's going back up the stack seen as it's receiving information.
Code:
2: kd> [COLOR="#008000"]!address fffff8800165ea35[/COLOR]
Mapping user range ...
Mapping system range ...
Mapping non addressable range ...
Mapping page tables...
Mapping hyperspace...
Mapping HAL reserved range...
Mapping User Probe Area...
Mapping system shared page...
Mapping system cache working set...
Mapping loader mappings...
Mapping system PTEs...
Mapping system paged pool...
Mapping session space...
Mapping dynamic system space...
Mapping PFN database...
Mapping non paged pool...
Mapping VAD regions...
Mapping module regions...
Mapping process, thread, and stack regions...
Mapping system cache regions...
Usage: Module
Base Address: fffff880`01603000
End Address: fffff880`01800000
Region Size: 00000000`001fd000
VA Type: SystemPTEs
Module name: [COLOR="#800080"]tcpip.sys[/COLOR]
Module path: [[COLOR="#800080"]\SystemRoot\System32\drivers\tcpip.sys[/COLOR]]
We can confirm that was referencing memory that caused the page fault.
Code:
2: kd> [COLOR="#008000"]!pte fffff881039bfad8[/COLOR]
VA fffff881039bfad8
PXE at FFFFF6FB7DBEDF88 PPE at FFFFF6FB7DBF1020 PDE at FFFFF6FB7E2040E0 PTE at FFFFF6FC4081CDF8
contains 000000040CD04863 contains 0000000000000000
pfn 40cd04 ---DA--KWEV [B][COLOR="#FF0000"]not valid[/COLOR][/B]
Here we can see that the memory which was being referenced was actually invalid so whether or not the IRQL was above 2 the system would still result in a page fault, the page fault handler wouldn't be able to bring the pages into memory as they didn't exist. A 0x50 bugcheck would probably be initiated.
Code:
2: kd> [COLOR="#008000"]lm vm rt64win7[/COLOR]
start end module name
fffff880`03e60000 fffff880`03ec7000 Rt64win7 (no symbols)
Loaded symbol image file: Rt64win7.sys
Image path: \SystemRoot\system32\DRIVERS\Rt64win7.sys
Image name: Rt64win7.sys
Timestamp: [COLOR="#FF0000"]Fri Jan 21 07:34:00 [B]2011[/B][/COLOR] (4D3936E8)
CheckSum: 00065268
ImageSize: 00067000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
You'll need to update your Realtek network driver, because I don't have your system information file I cannot tell you which to download.
If you know which NIC you're using then update it on the realtek website or via device manager.