Solved Win 8.1, BSOD, BAD_POOL_HEADER, tcpip.sys

Megagoth1702

New Member
Messages
14
Hello guys,

first time posting in this forum so I will try to do it right. :)

I was tinkering with Batman - Arkham Knight today, Alt-Tabbing in and out when I encountered this BSOD for the first time! Usually I do not react to BSODs unless they are really weird or happen often, but googeling it made me curious. This forum seems to be an amazing source of information so I am trying to get to the bottom of this here together with you.

I have created two data packages using your awesome data collector. You can access both at this location.

The bigger file (120MB) includes the memory.dmp file from C:\Windows.

On a side note-what tools do you guys use to analyze BSODs? I know my way around computers and maybe I can learn to do it myself. :)


Thanks a LOT in advance guys, I will be patiently waiting. :)
 
Huh, I just had a second BSOD of this kind while playing the Witcher 3, with a lot of programs in the background. (Steam, Origin, GOG Galaxy, Firefox, NetLimiter, NetWorx, MSI Afterburner, Dropbox, Google Drive, RadeonPro, Catalyst Control Center, Skype, Unified Remote Server, CCLeaner, Flawless Widescreen, Logitech Gaming Software - so a lot of programs but all of them seemed stable to me).

Here is the file dump.
 
Hi Megagoth1702,

I have analysed your dump files a little bit. One of your drivers has been flagged.
Please update program networx or remove it temporarily.

Program Networx

Code:
********************************************************************************                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


BugCheck 133, {1, 1e00, 0, 0}


[COLOR=#ff0000]*** WARNING: Unable to verify timestamp for networx.sys
*** ERROR: Module load completed but symbols could not be loaded for networx.sys
Probably caused by : tdx.sys ( tdx!TdxSendDatagramTransportAddress+2eb )[/COLOR]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
    DISPATCH_LEVEL or above. The offending component can usually be
    identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: 0000000000000000
Arg4: 0000000000000000


Debugging Details:
------------------




DPC_TIMEOUT_TYPE:  DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED


CUSTOMER_CRASH_COUNT:  1


DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT


BUGCHECK_STR:  0x133


PROCESS_NAME:  networx.exe


CURRENT_IRQL:  d


ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre


LAST_CONTROL_TRANSFER:  from fffff800e296bf7e to fffff800e2950ca0


STACK_TEXT:  
ffffd001`269abc88 fffff800`e296bf7e : 00000000`00000133 00000000`00000001 00000000`00001e00 00000000`00000000 : nt!KeBugCheckEx
ffffd001`269abc90 fffff800`e283c871 : 00000000`00000000 00000000`000d1dac 00000000`00000001 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0xadbe
ffffd001`269abd20 fffff800`e2f9c7b5 : 00000000`00000000 ffffd001`393462c0 00000000`00000000 00000000`00000000 : nt!KeClockInterruptNotify+0x91
ffffd001`269abf40 fffff800`e28d7143 : ffff443a`c0faf6ca fffff800`e28ff057 00000000`00000000 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x15
ffffd001`269abf70 fffff800`e295212a : ffffe000`92600200 ffffd001`393462c0 00000000`00000000 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa3
ffffd001`269abfb0 fffff800`e295250f : 00000000`00000000 00000000`9e1410c5 ffffd001`393462c0 00000000`00020000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffd001`39345eb0 fffff800`e286adfb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchLBControl+0x11f
ffffd001`39346040 fffff800`89dcaa78 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxWaitForLockOwnerShip+0x27
ffffd001`39346070 fffff800`89d0b324 : 00000000`00000001 00001f80`00580001 00000000`00000000 ffffe000`9850dcd8 : tcpip!UdpSendMessages+0xc0018
ffffd001`393464b0 fffff800`e2872703 : 00000000`00000002 ffffe000`939208c0 fffff800`e295d893 00000000`00000000 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
ffffd001`393464e0 fffff800`89d0c5ec : fffff800`89d0b310 ffffd001`39346600 ffffe000`92ed6600 ffffd001`393466d9 : nt!KeExpandKernelStackAndCalloutInternal+0xf3
ffffd001`393465d0 fffff800`899c097b : ffffe000`96fdcfe0 ffffd001`393466d9 ffffe000`987a9c96 ffffd001`00000000 : tcpip!UdpTlProviderSendMessages+0x6c
ffffd001`39346650 fffff800`899c0bd9 : ffffe000`97993500 ffffe000`92ed6620 ffffe000`92ed6780 00000000`00000001 : tdx!TdxSendDatagramTransportAddress+0x2eb
ffffd001`39346740 fffff800`899f3ece : ffffe000`987a9c04 ffffe000`92d38da4 00000000`00000000 00000000`00000003 : tdx!TdxTdiDispatchInternalDeviceControl+0x59
ffffd001`39346790 ffffe000`987a9c04 : ffffe000`92d38da4 00000000`00000000 00000000`00000003 00000000`0000001d : networx+0x7ece
ffffd001`39346798 ffffe000`92d38da4 : 00000000`00000000 00000000`00000003 00000000`0000001d ffffe000`92d38da4 : 0xffffe000`987a9c04
ffffd001`393467a0 00000000`00000000 : 00000000`00000003 00000000`0000001d ffffe000`92d38da4 ffffd001`39580000 : 0xffffe000`92d38da4




STACK_COMMAND:  kb


FOLLOWUP_IP: 
tdx!TdxSendDatagramTransportAddress+2eb
fffff800`899c097b 448bf8          mov     r15d,eax


SYMBOL_STACK_INDEX:  c


SYMBOL_NAME:  tdx!TdxSendDatagramTransportAddress+2eb


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: tdx


IMAGE_NAME:  tdx.sys


DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7c2


IMAGE_VERSION:  6.3.9600.16384


BUCKET_ID_FUNC_OFFSET:  2eb


FAILURE_BUCKET_ID:  0x133_ISR_tdx!TdxSendDatagramTransportAddress


BUCKET_ID:  0x133_ISR_tdx!TdxSendDatagramTransportAddress


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:0x133_isr_tdx!tdxsenddatagramtransportaddress


FAILURE_ID_HASH:  {383e128a-bf78-5814-a7ec-2be262097ee5}
 
Last edited:
To answer your question about the tools, since about a week ago I started to learn the program windbg to understand the bsod better.
As I understood there is also a program called Sysnative BSOD Analysing App or something like that, that is also very usefull. But I haven't yet figured out how to work with it as the results I get from my last BSOD (also about a week ago) with the Sysnative tool is literally no information.

Because I'm really new with this I'll probably make a lot of mistakes. But for trying to prevent the mistakes, I'll help only those which I'm sure I make a chance at finding a solution with them.
 
Okay, I will remove networx. Too bad, since it's a unique tool to see your network usage per day/application/month etc. It helps with my 300GB/month quota. But if it crashes - it has to go.

Thanks for the tools-post, I will check out the tools.
 
If you'd like to see how much you use every month you don't need a program.
All you have to do is right click on your wifi/ethernet connection and choose the first option from above.
You can reset it whenever you want so it will start from 0.
But be aware that its an estimation, for precise data you need a program which doesn't let your pc crash.
 
I have taken another look, this time with Sysnative BSOD Analysing App.
This program gave me other results.

Please update, replace or remove the following drivers.
Code:
[COLOR=red][B]LGBusEnum.sys Tue Nov 24 02:36:48 2009 (4B0B38B0)[/B][/COLOR] 
[url=http://www.logitech.com/en-us/support-downloads/downloads]Logitech Support + Downloads[/url]

[COLOR=red][B]LGVirHid.sys Tue Nov 24 02:36:48 2009 (4B0B38B0)[/B][/COLOR] 
[url=http://www.logitech.com/index.cfm/support_downloads/downloads/&cl=us,en]Logitech Support + Downloads[/url]

[COLOR=red][B]GPU-Z.sys Wed Oct 6 18:14:37 2010 (4CACA06D)[/B][/COLOR]
[url=http://www.techpowerup.com/gpuz/]GPU-Z Video card GPU Information Utility[/url]

[COLOR=red][B]nlndis.sys Sun Feb 13 23:07:33 2011 (4D585625)[/B][/COLOR] 
[url=http://www.netlimiter.com/]NetLimiter Homepage[/url]

[COLOR=red][B]nltdi.sys Sun Feb 13 23:07:35 2011 (4D585627)[/B][/COLOR] 
[url=http://www.netlimiter.com/download.php]404[/url]

[COLOR=red][B]RTCore64.sys Fri Apr 24 09:01:47 2015 (5539EA5B)[/B][/COLOR] 
[URL]http://www.guru3d.com/category/rivatuner/[/URL]


The following is for information purposes only.
Code:
 The following information contains the relevant information from the blue screen analysis: 
**************************Sun Jun 28 03:40:08.328 2015 (UTC + 2:00)************************** 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64 

System Uptime:[B]1 days 10:32:35.209[/B] 

Probably caused by :[B]win32k.sys ( win32k!xxxUserPowerCalloutWorker+b3 )[/B] 

BugCheck [B]19, {d, ffffd0011a2142b0, fffff80000000000, bafc3d6a32572838}[/B] 
BugCheck Info: [URL="http://www.carrona.org/bsodindx.html#0x00000019"]BAD_POOL_HEADER (19)[/URL] 

Arguments: 
Arg1: 000000000000000d, 
Arg2: ffffd0011a2142b0 
Arg3: fffff80000000000 
Arg4: bafc3d6a32572838 
BUGCHECK_STR: 0x19_d 

PROCESS_NAME: csrss.exe 

FAILURE_BUCKET_ID: [B]0x19_d_win32k!xxxUserPowerCalloutWorker[/B] 

CPUID: "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz" 

MaxSpeed: 3300 

CurrentSpeed: [B]3293[/B] 

BIOS Version L2.31A 

BIOS Release Date 02/22/2013 

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` 
**************************Fri Jun 26 17:07:10.806 2015 (UTC + 2:00)************************** 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64 

System Uptime:[B]0 days 3:43:50.688[/B] 

*** WARNING: Unable to verify timestamp for networx.sys 

*** ERROR: Module load completed but symbols could not be loaded for networx.sys 

Probably caused by :[B]tdx.sys ( tdx!TdxSendDatagramTransportAddress+2eb )[/B] 

BugCheck [B]133, {1, 1e00, 0, 0}[/B] 
BugCheck Info: [URL="http://www.carrona.org/bsodindx.html#0x00000133"]DPC_WATCHDOG_VIOLATION (133)[/URL] 

Arguments: 
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at 
DISPATCH_LEVEL or above. The offending component can usually be 
identified with a stack trace. 
Arg2: 0000000000001e00, The watchdog period. 
Arg3: 0000000000000000 
Arg4: 0000000000000000 
BUGCHECK_STR: 0x133 

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT 

PROCESS_NAME: networx.exe 

FAILURE_BUCKET_ID: [B]0x133_ISR_tdx!TdxSendDatagramTransportAddress[/B] 

CPUID: "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz" 

MaxSpeed: 3300 

CurrentSpeed: [B]3293[/B] 

BIOS Version L2.31A 

BIOS Release Date 02/22/2013 

¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨`` 
**************************Tue Jun 23 02:48:32.676 2015 (UTC + 2:00)************************** 
Windows 8 Kernel Version 9600 MP (4 procs) Free x64 

System Uptime:[B]3 days 11:02:45.568[/B] 

Probably caused by :[B]WdFilter.sys ( WdFilter!MpIsAMPath+32 )[/B] 

BugCheck [B]19, {e, ffffd000441c72b0, fffff800c97f2e04, 4414ec3bf245953}[/B] 
BugCheck Info: [URL="http://www.carrona.org/bsodindx.html#0x00000019"]BAD_POOL_HEADER (19)[/URL] 

Arguments: 
Arg1: 000000000000000e, 
Arg2: ffffd000441c72b0 
Arg3: fffff800c97f2e04 
Arg4: 04414ec3bf245953 
BUGCHECK_STR: 0x19_e 

PROCESS_NAME: firefox.exe 

FAILURE_BUCKET_ID: [B]0x19_e_WdFilter!MpIsAMPath[/B] 

CPUID: "Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz" 

MaxSpeed: 3300 

CurrentSpeed: [B]3293[/B] 

BIOS Version L2.31A 

BIOS Release Date 02/22/2013


Because I'm new with windbg and not fully understand this program I'm making mistakes, ofcourse I do research before posting.

Sysnative app is much clearer since I finally am able to use this program fully.
 
Hello axe0, thank you very much for your information! :)

I do not suffer BSODs anymore! :) Thank you! But could you please link the information you read to learn sysnative's BSOD tool?

Thanks! :)
 
Please mark this thread as solved :)
 
Hey axe0,

thanks for the reply!

I will mark the thread as solved after I know what happened there in the last BSOD in my post above your last one. Still getting my head around sysnative BSOD app.
 
Might want to head over to sysnative to ask such questions of the mods there, some of whom wrote the tool you're questioning of.
 
Back
Top