BSOD last one stating Driver-irql-not-less-or-equal (tcpip.sys) RRS feed

  • Question

  • Hello,

    I have searched through all the threads but they all seem pretty individualized to the particular computer and situation and minidump files.  So over the course of the last couple of months my computer has been giving me the BSOD atleast once a week and it is usually while I am streaming video (hulu or netflix). But also that is one of the main uses I have for my computer besides school work so that might not be anything but a coincidence.  I also had these problems last year but I gave my computer to an IT guy and he deleted some unnecessary apps and it seemed to work until it has returned again. I tried to follow the instructions with the dump files and here is my link to them in my SkyDrive...hopefully I did this correctly and you can help me out with this stupid problem. Thanks so much!!


    Those are all the BSOD minidump files I have. 

    Thanks so much,


    Tuesday, April 22, 2014 7:28 PM


  • Hi,

    We have two consistent bug checks:


    This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.

    A driver tried to access an address that is pageable (or that is completely invalid) while the IRQL was too high. This bug check is usually caused by drivers that have used improper addresses.

    6: kd> k
    Child-SP          RetAddr           Call Site
    fffff880`1c47cbd8 fffff803`beedf769 nt!KeBugCheckEx
    fffff880`1c47cbe0 fffff803`beeddfe0 nt!KiBugCheckDispatch+0x69
    fffff880`1c47cd20 fffff880`02022b5c nt!KiPageFault+0x260
    fffff880`1c47ceb0 fffff880`01d81291 tcpip!FlpReturnNetBufferListChain+0xe147c
    fffff880`1c47cf00 fffff880`01f3b3de NETIO!NetioDereferenceNetBufferListChain+0x121
    fffff880`1c47cfd0 fffff880`01ef9999 tcpip!TcpFlushDelay+0x8e
    fffff880`1c47d080 fffff880`01ef9653 tcpip!TcpDeliverInput+0x2f9
    fffff880`1c47d1f0 fffff880`0153d27e tcpip!TcpRequestReceive+0x4a3
    fffff880`1c47d2c0 fffffa80`0d6dd310 afd+0x4827e
    fffff880`1c47d2c8 fffff880`00000002 0xfffffa80`0d6dd310
    fffff880`1c47d2d0 fffffa80`07039d90 0xfffff880`00000002
    fffff880`1c47d2d8 fffffa80`0e575358 0xfffffa80`07039d90
    fffff880`1c47d2e0 ffff5c16`af4df8d1 0xfffffa80`0e575358
    fffff880`1c47d2e8 fffff880`00001000 0xffff5c16`af4df8d1
    fffff880`1c47d2f0 00000000`00000005 0xfffff880`00001000
    fffff880`1c47d2f8 00000000`0000002f 0x5
    fffff880`1c47d300 00000000`00000000 0x2f

    ^^ Various network related routines.


    This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

    This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

    BugCheck 3B, {c0000005, fffff88001f92b5c, fffff8801d30f560, 0}

    1: kd> ln fffff88001f92b5c
    (fffff880`01eb16e0)   tcpip!FlpReturnNetBufferListChain+0xe147c   |  (fffff880`01eb17d0)   tcpip!IpFlcReceivePackets

    ^^ The exception occurred in tcpip!FlpReturnNetBufferListChain.


    Overall, it appears something is causing NETBIOS conflicts. I cannot really make an educated guess what it may be based off of the modules list alone as I see no antivirus, problematic 3rd party network software, etc. With this said, please enable Driver Verifier:

    Driver Verifier:

    What is Driver Verifier?

    Driver Verifier is included in Windows 8/8.1, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

    Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

    Before enabling Driver Verifier, it is recommended to create a System Restore Point:

    Vista - START | type rstrui - create a restore point
    Windows 7 - START | type create | select "Create a Restore Point"
    Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

    How to enable Driver Verifier:

    Start > type "verifier" without the quotes > Select the following options -

    1. Select - "Create custom settings (for code developers)"
    2. Select - "Select individual settings from a full list"
    3. Check the following boxes -
    - Special Pool
    - Pool Tracking
    - Force IRQL Checking
    - Deadlock Detection
    - Security Checks (Windows 7 & 8)
    - DDI compliance checking (Windows 8)
    - Miscellaneous Checks
    4. Select  - "Select driver names from a list"
    5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
    6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
    7. Click on Finish.
    8. Restart.

    Important information regarding Driver Verifier:

    - If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

    - After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

    If this happens, do not panic, do the following:

    - Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

    - Once in Safe Mode - Start > Search > type "cmd" without the quotes.

    - To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
    ・    Restart and boot into normal Windows.

    If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

    - Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

    - Once in Safe Mode - Start > type "system restore" without the quotes.

    - Choose the restore point you created earlier.

    -- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

    How long should I keep Driver Verifier enabled for?

    I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

    My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

    They will be located in %systemroot%\Minidump

    Any other questions can most likely be answered by this article:



    “Be kind whenever possible. It is always possible.” - Dalai Lama

    • Proposed as answer by Yolanda Zhu Wednesday, April 23, 2014 2:36 AM
    • Marked as answer by Brandon Records Tuesday, April 29, 2014 6:14 PM
    Tuesday, April 22, 2014 7:51 PM