Blue screen code DRIVER IRQL NOT LESS OR EQUAL (tcpip.sys)

tong chao 1 Reputation point
2022-06-14T03:24:25.68+00:00

One of the network cards of the server suddenly lost packets, and the reset network card showed a blue screen.


  • Bugcheck Analysis *

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: ffffffffffffffc0, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000000, value 0 = read operation, 1 = write operation

Arg4: fffff80000f2fa8d, address which referenced memory

Debugging Details:

------------------

READ_ADDRESS: ffffffffffffffc0

CURRENT_IRQL: 2

FAULTING_IP:

tcpip!IppRemoveLocalAddressUnderLock+1d

fffff800`00f2fa8d 488b7908 mov rdi,qword ptr [rcx+8]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR: 0xD1

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from fffff800327e2be9 to fffff800327d70a0

STACK_TEXT:

ffffd00047f358a8 fffff800327e2be9 : 000000000000000a ffffffffffffffc0 0000000000000002 0000000000000000 : nt!KeBugCheckEx

ffffd00047f358b0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:

tcpip!IppRemoveLocalAddressUnderLock+1d

fffff800`00f2fa8d 488b7908 mov rdi,qword ptr [rcx+8]

SYMBOL_NAME: tcpip!IppRemoveLocalAddressUnderLock+1d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5215f841

FAILURE_BUCKET_ID: X64_0xD1_tcpip!IppRemoveLocalAddressUnderLock+1d

BUCKET_ID: X64_0xD1_tcpip!IppRemoveLocalAddressUnderLock+1d

Followup: MachineOwner

---------

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,926 Reputation points
    2022-06-15T07:49:31.3+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having issues related to BSOD.

    A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

    By default, the cause of all of the crashes is tcpip.sys which is the TCP/IP Protocol driver (not the true cause), and usually when we have network related crashes like this, it's caused by one of two things:

    1. Network drivers themselves need to be updated.
    2. Disable any Antivirus program or Windows firewall you may have for temporary purpose.

    -----------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
    0 comments No comments

  2. Docs 15,761 Reputation points
    2022-06-14T03:33:26.563+00:00

    Please run the DM log collector and post a share link into this thread using one drive, drop box, or google drive.

    If the server is able to run the V2 log collector it will collect more useful troubleshooting log files.

    https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html

    https://www.elevenforum.com/t/bsod-posting-instructions.103/

    .
    .
    .
    .
    .

    Please remember to vote and to mark the replies as answers if they help.

    On the bottom of each post there is:

    Propose as answer = answered the question

    On the left side of each post there is /\ with a number: click = a helpful post
    .
    .
    .
    .
    .

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.