Share via

Devices being crashed multiple times

Ritesh Sharma 326 Reputation points
2024-03-06T17:04:51.3766667+00:00

We have multiple reports that devices being crashed. Below are the debugging details from one of impacted devices. We check the minidump logs for another device as well and same component is showing causing issue.

Debugging Details:

 

*** WARNING: Unable to verify timestamp for Netwtw10.sys

 

KEY_VALUES_STRING: 1

 

    Key  : Analysis.CPU.mSec

    Value: 1827

 

    Key  : Analysis.DebugAnalysisManager

    Value: Create

 

    Key  : Analysis.Elapsed.mSec

    Value: 5433

 

    Key  : Analysis.Init.CPU.mSec

    Value: 2452

 

    Key  : Analysis.Init.Elapsed.mSec

    Value: 31270

 

    Key  : Analysis.Memory.CommitPeak.Mb

    Value: 110

 

    Key  : Dump.Attributes.InsufficientDumpfileSize

    Value: 1

 

    Key  : Dump.Attributes.RequiredDumpfileSize

    Value: 0x9f2b0bbd

 

 

FILE_IN_CAB:  022224-10500-01.dmp

 

DUMP_FILE_ATTRIBUTES: 0xc

  Insufficient Dumpfile Size

  Kernel Generated Triage Dump

 

BUGCHECK_CODE:  d1

 

BUGCHECK_P1: 8

 

BUGCHECK_P2: 2

 

BUGCHECK_P3: 0

 

BUGCHECK_P4: fffff80617c9d4b8

 

READ_ADDRESS: fffff806166fb390: Unable to get MiVisibleState

Unable to get NonPagedPoolStart

Unable to get NonPagedPoolEnd

Unable to get PagedPoolStart

Unable to get PagedPoolEnd

unable to get nt!MmSpecialPagesInUse

 0000000000000008

 

BLACKBOXBSD: 1 (!blackboxbsd)

 

 

BLACKBOXNTFS: 1 (!blackboxntfs)

 

 

BLACKBOXPNP: 1 (!blackboxpnp)

 

 

BLACKBOXWINLOGON: 1

 

CUSTOMER_CRASH_COUNT:  1

 

PROCESS_NAME:  System

 

TRAP_FRAME:  fffffa0e0589c5d0 -- (.trap 0xfffffa0e0589c5d0)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=0000000000000000 rbx=0000000000000000 rcx=fffffa0e0589c8d8

rdx=ffffda0ad9f64a60 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80617c9d4b8 rsp=fffffa0e0589c760 rbp=fffffa0e0589c7d9

 r8=ffffda0ad9f64a60  r9=0000000000000f63 r10=ffffda0ad69528b0

r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up ei pl zr na po nc

NETIO!StreamInvokeCalloutAndNormalizeAction+0x5c:

fffff80617c9d4b8 488b4808        mov     rcx,qword ptr [rax+8] ds:0000000000000008=????????????????

Resetting default scope

 

STACK_TEXT: 

fffffa0e0589c488 fffff80615e11aa9     : 000000000000000a 0000000000000008 0000000000000002 0000000000000000 : nt!KeBugCheckEx

fffffa0e0589c490 fffff80615e0d563     : fffffa0e0589cb02 0000000000000000 fffff8062a7e6f78 0000000000000102 : nt!KiBugCheckDispatch+0x69

fffffa0e0589c5d0 fffff80617c9d4b8     : ffffda0ad9f64a60 fffffa0e0589c7d9 fffffa0e0589c8a0 ffffda0ad9f64a60 : nt!KiPageFault+0x463

fffffa0e0589c760 fffff80617c9d1c4     : fffffa0e0589cbc0 ffffda0ad9f64a60 0000000000000000 ffffda0ad9f64a60 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x5c

fffffa0e0589c830 fffff80617c9c7cf     : 0000000000000014 fffff80645949fe0 ffffda0a00000002 fffffa0e0589d240 : NETIO!StreamProcessCallout+0x3fc

fffffa0e0589c960 fffff80617c9962b     : bb0150e300000014 fffffa0e0589d240 fffffa0e0589d270 fffffa0e0589d0f0 : NETIO!ProcessCallout+0x76f

fffffa0e0589cae0 fffff80617c981ca     : ffffda0ad8a13320 ffffda0ab296f960 0000000000000000 fffffa0e0000000e : NETIO!ArbitrateAndEnforce+0x71b

fffffa0e0589cc40 fffff80617c978db     : ffffffffffffffff fffff80615cb95b9 fffffa0e0589d140 00000000000000f0 : NETIO!KfdClassify+0x37a

fffffa0e0589d040 fffff80617c974fa     : fffffa0e0589d498 0000000000000000 0000000000000000 0000000000000000 : NETIO!StreamClassify+0x28b

fffffa0e0589d1e0 fffff80617c96e0d     : ffffda0ae7a6dda0 fffff80617d33d24 fffff80617c92710 0000000000000000 : NETIO!StreamCommonInspect+0x282

fffffa0e0589d5d0 fffff80618260edc     : ffffda0ae7a6dd00 fffff80618260f00 ffffda0ada43aa00 ffffda0ae4431c90 : NETIO!WfpStreamInspectReceive+0x18d

fffffa0e0589d660 fffff80618260df4     : ffffda0ada43aa20 fffffa0e0589d760 ffffda0ada43aa20 ffffda0ada43abd8 : tcpip!InetInspectReceive+0x80

fffffa0e0589d710 fffff8061825eeea     : ffffda0acbc04db0 ffffda0acbc04db0 ffffda0ae4431c90 ffffda0ae4431c90 : tcpip!TcpInspectReceive+0x9c

fffffa0e0589d790 fffff80618255aae     : 0000000000000000 0000000000000000 0000000000000000 0000000000000006 : tcpip!TcpTcbCarefulDatagram+0x41ba

fffffa0e0589dc00 fffff80618254ccf     : 0000000000001002 0000000000000000 000000000001126a ffffda0acbc75000 : tcpip!TcpTcbReceive+0x30e

fffffa0e0589de50 fffff80618253e9d     : ffffda0ad0faa6b8 ffffda0ab2ffee20 ffffda0ad0faacf8 00000000c0a80114 : tcpip!TcpMatchReceive+0x51f

fffffa0e0589e100 fffff80618280e62     : ffffda0ad19850e3 0000000000000009 0000000000000002 ffffda0acbc75a01 : tcpip!TcpReceive+0x44d

fffffa0e0589e1f0 fffff8061824a59c     : ffffda0adb24a9c0 ffffda0ab09a5000 00000000e8320000 ffffda0ab2825640 : tcpip!TcpNlClientReceiveDatagrams+0x22

fffffa0e0589e230 fffff80618246c6a     : 0000000000000000 ffffda0acbc75a40 0000000000000000 ffffda0acbc75000 : tcpip!IppProcessDeliverList+0xcc

fffffa0e0589e310 fffff8061824b30e     : fffff806183f9a70 ffffda0acbc4b8a0 ffffda0acbc75000 0000000000000000 : tcpip!IppReceiveHeaderBatch+0x3aa

fffffa0e0589e410 fffff80618234f3b     : ffffda0ae2686260 ffffda0ae7a81730 0000000000000001 0000000000000000 : tcpip!IppFlcReceivePacketsCore+0x32e

fffffa0e0589e530 fffff806182893bf     : ffffda0ae2686260 ffffda0ae2d691e0 0000000000000000 0000000000000000 : tcpip!IpFlcReceivePreValidatedPackets+0xe4b

fffffa0e0589e7d0 fffff80615c7c798     : ffffda0ab0961c60 0000000000000002 ffffda0ae0a8e040 fffffa0e0589eac8 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x12f

fffffa0e0589e920 fffff80615c7c70d     : fffff80618289290 fffffa0e0589eac8 ffffda0ab2cfeca0 fffff80617c92414 : nt!KeExpandKernelStackAndCalloutInternal+0x78

fffffa0e0589e990 fffff806182604fd     : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KeExpandKernelStackAndCalloutEx+0x1d

fffffa0e0589e9d0 fffff8061825fbdd     : 0000000000000001 fffffa0e0589eb30 ffffda0ae2d691e0 fffff806127c1168 : tcpip!NetioExpandKernelStackAndCallout+0x8d

fffffa0e0589ea30 fffff80617d31eb1     : ffffda0ada0f8001 ffffda0ae4469c61 0000000000000020 0000000000000001 : tcpip!FlReceiveNetBufferListChain+0x46d

fffffa0e0589ece0 fffff80617d31ccb     : ffffda0ad38c2010 ffffda0ae7a80001 ffffda0a00000000 fffff80600000009 : NDIS!ndisMIndicateNetBufferListsToOpen+0x141

fffffa0e0589edc0 fffff80617d37ef1     : ffffda0ad632d1a0 fffff8061241e301 ffffda0ad632d1a0 0000000000000001 : NDIS!ndisMTopReceiveNetBufferLists+0x22b

fffffa0e0589ee40 fffff80617d6dfef     : ffffda0ae7a81730 fffffa0e0589ef11 0000000000000000 fffff80617d6f91d : NDIS!ndisCallReceiveHandler+0x61

fffffa0e0589ee90 fffff80617d34a94     : 00000000006c0565 0000000000000000 ffffda0ad632d1a0 0000000000000000 : NDIS!ndisInvokeNextReceiveHandler+0x1df

fffffa0e0589ef60 fffff80645b232d0     : 0000000000000000 ffffda0ad3f14010 fffffa0e0589f050 ffffda0ae2aa79c0 : NDIS!NdisMIndicateReceiveNetBufferLists+0x104

fffffa0e0589eff0 fffff80645ae8251     : ffffda0ad02cf100 0000000000000000 ffffda0a00000000 ffffda0a00000000 : wdiwifi!CPort::IndicateFrames+0x2d8

fffffa0e0589f090 fffff80645acbbb7     : ffffda0ae2aa79c0 fffffa0e0589f1b9 ffffda0acbff0bb0 fffff80615e05f42 : wdiwifi!CAdapter::IndicateFrames+0x141

fffffa0e0589f100 fffff80645acc2f6     : 0000000000000000 fffffa0e0589f280 ffffda0acbff0bb0 fffff80615e31a11 : wdiwifi!CRxMgr::RxProcessAndIndicateNblChain+0x7f7

fffffa0e0589f220 fffff80645ac8192     : ffffda0ae2aa79c0 fffffa0e0589f350 0000000000000000 000000000589f215 : wdiwifi!CRxMgr::RxInOrderDataInd+0x35a

fffffa0e0589f2c0 fffff8063de9c4be     : ffffda0ad68f8c30 ffffda0ad9f9ae00 0000000000000001 ffffda0ab61ad040 : wdiwifi!AdapterRxInorderDataInd+0x92

fffffa0e0589f310 ffffda0ad68f8c30     : ffffda0ad9f9ae00 0000000000000001 ffffda0ab61ad040 fffffa0e0589f358 : Netwtw10+0x4c4be

fffffa0e0589f318 ffffda0ad9f9ae00     : 0000000000000001 ffffda0ab61ad040 fffffa0e0589f358 fffffa0e0589f350 : 0xffffda0a`d68f8c30

fffffa0e0589f320 0000000000000001     : ffffda0ab61ad040 fffffa0e0589f358 fffffa0e0589f350 ffffda0ae0a8e040 : 0xffffda0a`d9f9ae00

fffffa0e0589f328 ffffda0ab61ad040     : fffffa0e0589f358 fffffa0e0589f350 ffffda0ae0a8e040 0000000000000000 : 0x1

fffffa0e0589f330 fffffa0e0589f358     : fffffa0e0589f350 ffffda0ae0a8e040 0000000000000000 ffffda0a00000000 : 0xffffda0a`b61ad040

fffffa0e0589f338 fffffa0e0589f350     : ffffda0ae0a8e040 0000000000000000 ffffda0a00000000 ffffda0affffffff : 0xfffffa0e`0589f358

fffffa0e0589f340 ffffda0ae0a8e040     : 0000000000000000 ffffda0a00000000 ffffda0affffffff ffff5d15e796863f : 0xfffffa0e`0589f350

fffffa0e0589f348 0000000000000000     : ffffda0a00000000 ffffda0affffffff ffff5d15e796863f fffff80600000000 : 0xffffda0a`e0a8e040

 

 

SYMBOL_NAME:  NETIO!StreamInvokeCalloutAndNormalizeAction+5c

 

MODULE_NAME: NETIO

 

IMAGE_NAME:  NETIO.SYS

 

IMAGE_VERSION:  10.0.19041.4046

 

STACK_COMMAND:  .cxr; .ecxr ; kb

 

BUCKET_ID_FUNC_OFFSET:  5c

 

FAILURE_BUCKET_ID:  AV_NETIO!StreamInvokeCalloutAndNormalizeAction

 

OSPLATFORM_TYPE:  x64

 

OSNAME:  Windows 10

 

FAILURE_ID_HASH:  {c2ca2d1f-cfdc-88d5-c7bc-7693b8f0de04}

 

Followup:     MachineOwner

 

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,480 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,362 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Nebbett 6,081 Reputation points
    2024-03-12T12:57:36.6666667+00:00

    Hello Ritesh,

    I have recently been investigating this bug check whenever it is reported somewhere on the web.

    I think that there are four factors that combine to trigger this bug check:

    1. A bug in the routine NETIO!StreamDataInject when validating the combined validity of the netBufferList and streamFlags arguments provided in a call to FwpsStreamInjectAsync0 by a WFP callout driver; the check of the streamFlags is inverted (tests (stream Flags & (FWPS_STREAM_FLAG_RECEIVE_DISCONNECT | FWPS_STREAM_FLAG_RECEIVE_ABORT | FWPS_STREAM_FLAG_SEND_DISCONNECT | FWPS_STREAM_FLAG_SEND_ABORT)) == 0; the test should be "!=").
    2. A bug in a WFP callout driver stream inspection (calling FwpsStreamInjectAsync0 with netBufferList = 0 without setting a suitable flag in streamFlags).
    3. The stream data should be inspected by another callout driver after the buggy callout driver (preparing for this callout stumbles over the null pointer set in the StreamData by the buggy callout driver).
    4. The stream data is identified by the buggy callout driver as needing modification. The buggy callout drivers are normally part of web threat defence products - the behaviour/patterns that they are searching for can probably be configured and change frequently.

    There are hints in the web that this problem has existed for six years or more. Products from several companies seem to include WFP callout drivers that exhibit the behaviour described in point 2.

    Gary

    0 comments
  2. Wesley Li 10,135 Reputation points
    2024-03-13T09:34:24.2766667+00:00

    Hello

    Netwtw10 should be the reason. It is the Intel wifi network driver. Please try to download the latest wifi driver from the intel official website.

    You could try the following link driver, please pay attention to the compatibility wifi model list and ensure present wifi device is supported.

    Windows® 10 and Windows 11* Wi-Fi Drivers for Intel® Wireless Adapters

    Or you could try to search from the intel website by yourself based on the wifi model.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.