TCPIP-Related BSOD, Minidumps Includes

[HorseloverFat]

Wondering if anyone could take a look at some minidumps and help sort out a persistent BSOD problem I've been having.

Lately I've been experiencing semi-regular BSOD crashes on one of my computers. It's an extremely mediocre setup (Sempron 2400+, 512mb, etc) that I use solely for running some P2P clients, so I don't have to waste resources on my other computer or leave it on constantly. I should also mention that it's running XP Pro with SP2. Anyway, back to the issue.

Maybe 4-5 times a day I've been getting a blue screen of death. It used to just reboot, until I changed the "automatically restart" option in the hopes of getting some more info to try to solve the issue. The blue screen mentions TCPIP.SYS and some memory addresses, but aside from that doesn't give much of a clue as to what's going on. I *think* the problem is related to BitComet, as it always seems to happen when that app is running. I've turned off most of my other apps and the problem still occurs. Tonight I'm going to try running the computer with everything I usually have running EXCEPT for BitComet and see if the problem still happens.

When this first started, after Googling the "Your System has Recovered from a Serious Error" message that I initially was getting after an auto-reboot, I thought it might be bad RAM, so I ran MEMTEST and sure enough there were errors, so I replaced that right away. MEMTEST no longer finds errors in the RAM, but the problem persists, unchanged.

Then I got to thinking about what had changed recently that might be a factor, and thought that the problem might have begun when I switched from my motherboard's onboard Marvell LAN to the onboard NVidia LAN, so I switched back and disabled the NVidia LAN in the BIOS, but no luck there either (although it did seem to reduce the frequency of the crashes - maybe a coincidence, maybe not).

I know for sure that it's not malware or a virus, as I've had Kaspersky Internet Security Suite running real-time protection and I've done a full scan on the highest protection settings. I also should mention that I did a fresh format very recently, installed all Windows updates, etc. Oh and, the problem DID exist before the format, I was hoping it would get rid of it.

I haven't completely ruled out the NVidia LAN as the culprit, since even though it's disabled in the BIOS the drivers would still be installed, would they not? Right now that's my only lead, since the problem did seem to start when I switched to that onboard LAN. Aside from that there's nothing I can think of except a hardware failure of some sort, and I've already ruled out the RAM by replacing it with a brand new stick. I've also been running ASUS' PC Probe utility to monitor my power supply, CPU/Motherboard temperature, etc. and it hasn't popped up any warnings.

Sorry this post is so long, but I always prefer to err on the side of too much detail than not enough.

So, can anyone suggest anything, or gather any clues from the minidumps? I'd be eternally grateful for any help.

Aug11Dumps.zip

Aug12Dumps.zip

Aug13Dumps.zip

[Tarun]

The dumps also point to your tcpip.sys file. Have you "patched" your tcpip.sys file? If so, you may wish to run sfc /purgecache and then sfc /scannow

[HorseloverFat]

The dumps also point to your tcpip.sys file. Have you "patched" your tcpip.sys file? If so, you may wish to run sfc /purgecache and then sfc /scannow

Thanks for your reply.

Yes, I did patch TCPIP.SYS, but I already thought that might be the cause of the problem and reverted it back to the original backup file to test, and still it crashes. Plus I've been using BitComet for a long time and right around when I first started using it I started patching TCPIP.SYS, and this problem didn't start until recently.

[DjLizard]

vv Edit: that sounds like the winner.

Edited August 14, 2007 by DjLizard

[cluberti]

Looking around the internet, I found this thread which seems to match your symptoms exactly:

http://www.pcguide.com/vb/showthread.php?t=42196

After looking at the dumps, I can say that it is either a problem with the Nvidia driver itself, or an interaction between the BitComet software and the driver (as per the thread above). Uninstalling the Nvidia network driver and _then_ disabling the device is probably a much better approach to this problem if upgrading the Nvidia driver doesn't fix it.

They're all the same (the addresses are usually a little different, but the thread stack and exception record are always the same), so here's the analysis of the first minidump:

EXCEPTION_RECORD:  f8157acc -- (.exr fffffffff8157acc)
ExceptionAddress: f511c5c8 (tcpip!TcpipBufferVirtualAddress+0x00000008)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 01000006
Attempt to read from address 01000006

kd> .cxr 0xfffffffff81577c8
eax=01000000 ebx=00007ed3 ecx=1eb4ade0 edx=00000000 esi=01000000 edi=00000000
eip=f511c5c8 esp=f8157b94 ebp=f8157b94 iopl=0		 nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000			 efl=00010246
tcpip!TcpipBufferVirtualAddress+0x8:
f511c5c8 f6400605		test	byte ptr [eax+6],5		 ds:0023:01000006=??

kd> k
ChildEBP RetAddr  
f8157b94 f511f27f tcpip!TcpipBufferVirtualAddress+0x8
f8157bb4 f5120b32 tcpip!XsumSendChain+0x44
f8157c34 f512094a tcpip!UDPSend+0x3ca
f8157c58 f51209b0 tcpip!TdiSendDatagram+0xd5
f8157c90 f511f308 tcpip!UDPSendDatagram+0x4f
f8157cac 804e37f7 tcpip!TCPDispatchInternalDeviceControl+0xff
f8157d14 804e37f7 nt!IopfCallDriver+0x31
f8157dac 8057d0f1 nt!IopfCallDriver+0x31
f8157ddc 804f827a nt!PspSystemThreadStartup+0x34
00000000 00000000 nt!KiThreadStartup+0x16

kd> dps f511f27f
f511f27f  840fc085
f511f283  00016e4b
f511f287  031476ff
f511f28b  ff5350c7
f511f28f  1585ac15
f511f293  8bd88bf5
f511f297  368b1446
f511f29b  f73bff33 nvmcp+0x43f33
f511f29f  7d39ce75
f511f2a3  30850ffc
f511f2a7  6600016e
f511f2ab  5e5fc38b
f511f2af  08c2c95b
f511f2b3  01f98300
f511f2b7  4916850f
f511f2bb  4f8a0000
f511f2bf  07f98001
f511f2c3  a0cb840f
f511f2c7  f9800000
f511f2cb  80337409
f511f2cf  840f0af9
f511f2d3  000241d3
f511f2d7  0f0bf980
f511f2db  00927085
f511f2df  e8565700
f511f2e3  000439c7
f511f2e7  6683f88b
f511f2eb  02b2001c
f511f2ef  7e89ce8b
f511f2f3  6015ff18
f511f2f7  8bf51581
f511f2fb  feeee9c7

kd> lmvm nltdi
start	end		module name
f5106000 f5118e00   nltdi	T (no symbols)		   
	Loaded symbol image file: nltdi.sys
	Image path: nltdi.sys
	Image name: nltdi.sys
	Timestamp:		Mon Apr 23 07:02:47 2007 (462C9257)
	CheckSum:		 00015DEE
	ImageSize:		00012E00
	Translations:	 0000.04b0 0000.04e0 0409.04b0 0409.04e0

kd> lmvm nvmcp
start	end		module name
f737c000 f7461000   nvmcp	T (no symbols)		   
	Loaded symbol image file: nvmcp.sys
	Image path: nvmcp.sys
	Image name: nvmcp.sys
	Timestamp:		Wed Apr 13 15:34:21 2005 (425D743D)
	CheckSum:		 000E8E41
	ImageSize:		000E5000
	Translations:	 0000.04b0 0000.04e0 0409.04b0 0409.04e0

In the future, kernel or complete dumps are easier to debug!!!!

[JuMz]

I've never really known how to get a memory dump after a BSOD...how'd you do it?

[HorseloverFat]

Cluberti: Thank you for the link and for taking the time to have a look at the dumps. I share your suspicions about the NVidia driver since, as I said, I'm pretty sure the problem started around the same time I switched from the Marvell LAN to the NVidia. I initially did so because I couldn't get wake-on-lan to work with the Marvell LAN, but now I've got it working so there's no reason to stick with the other LAN if it is indeed responsible for the crash. I'm going to re-enable the NVidia LAN in the BIOS so I can uninstall it, and then disable it in the BIOS again, and see if that fixes things. I'm also toying with the idea of just switching to uTorrent and hoping that fixes it.

PS. I could give you a full dump, but it's 512mb and thus impossible to upload here. Heh.

JuMz: On my system, Windows just puts the dumps in C:\WINDOWS\Minidump\ but I'm not sure if I had to enable something to get it to store them there. I don't *think* I did, so your's probably puts them there by default too.

Edited August 14, 2007 by HorseloverFat

[Martin L]

I've never really known how to get a memory dump after a BSOD...how'd you do it?

http://www.msfn.org/board/index.php?showtopic=90244

[cluberti]

Cluberti: Thank you for the link and for taking the time to have a look at the dumps. I share your suspicions about the NVidia driver since, as I said, I'm pretty sure the problem started around the same time I switched from the Marvell LAN to the NVidia. I initially did so because I couldn't get wake-on-lan to work with the Marvell LAN, but now I've got it working so there's no reason to stick with the other LAN if it is indeed responsible for the crash. I'm going to re-enable the NVidia LAN in the BIOS so I can uninstall it, and then disable it in the BIOS again, and see if that fixes things. I'm also toying with the idea of just switching to uTorrent and hoping that fixes it.

Let us know if this works for you or not.