Here is the analyze -v output
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800181cfd2, address which referenced memory
Debugging Details:
READ_ADDRESS: 0000000000000028
CURRENT_IRQL: 2
FAULTING_IP:
NETIO!RtlCopyBufferToMdl+22
fffff880`0181cfd2 8b5228 mov edx,dword ptr [rdx+28h]
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
TRAP_FRAME: fffff880192447e0 – (.trap 0xfffff880192447e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000100000000 rbx=0000000000000000 rcx=fffffa80054034b0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800181cfd2 rsp=fffff88019244970 rbp=fffff88019244a90
r8=00000000ffffffbc r9=0000000000000044 r10=0000000000000000
r11=fffff880192449a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
NETIO!RtlCopyBufferToMdl+0x22:
fffff8800181cfd2 8b5228 mov edx,dword ptr [rdx+28h] ds:00000000
00000028=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff803dc0e4869 to fffff803dc0e5540
STACK_TEXT:
fffff88019244698 fffff803
dc0e4869 : 000000000000000a 00000000
00000028 0000000000000002 00000000
00000000 : nt!KeBugCheckEx
fffff880192446a0 fffff803
dc0e30e0 : 0000000000000000 00000000
00000000 fffffa80055fc700 fffff880
192447e0 : nt!KiBugCheckDispatch+0x69
fffff880192447e0 fffff880
0181cfd2 : 0000000056b52598 fffff880
01d4e56c fffffa800b591100 fffffa80
0b591100 : nt!KiPageFault+0x260
fffff88019244970 fffff880
01d28406 : fffffa800401bf60 00000000
3f655741 fffffa800e7ce3d0 fffff880
19244cf0 : NETIO!RtlCopyBufferToMdl+0x22
fffff880192449d0 fffff880
01d22626 : 0000000000000000 00000000
00000000 fffff88019244ab8 fffff880
3f655741 : tcpip!TcpTcbReassemblyRetrieveSegments+0x1d6
fffff88019244a40 fffff880
01d4d934 : 0000000000000000 fffffa80
0e56de88 fffff88005d004bc fffff880
05d030a1 : tcpip!TcpTcbCarefulDatagram+0x726
fffff88019244c70 fffff880
01d4c750 : fffff880192451e8 fffff880
192451d8 fffff88019244f40 00000000
00000000 : tcpip!TcpTcbReceive+0x474
fffff88019244dd0 fffff880
01d4de41 : fffffa800a53a202 fffffa80
06aad000 0000000000000000 fffffa80
06aad000 : tcpip!TcpMatchReceive+0x1f0
fffff88019244f40 fffff880
01d5fd43 : fffffa80059f1f00 00000000
00002ff9 fffffa8006aa17fc fffffa80
059f1f00 : tcpip!TcpPreValidatedReceive+0x381
fffff88019245020 fffff880
01d60058 : fffff88019245249 fffffa80
09f63a00 0000000000000000 fffff880
01d3775d : tcpip!IppDeliverListToProtocol+0x93
fffff880192450d0 fffff880
01d640eb : fffff88001e77f30 fffff880
0180d743 fffffa800000f6e6 fffff880
192451e8 : tcpip!IppProcessDeliverList+0x68
fffff88019245180 fffff880
01d61b31 : fffffa8008127600 fffff880
192453b0 0000000000000000 00000000
00000000 : tcpip!IppReceiveHeaderBatch+0x21b
fffff880192452b0 fffff880
01d63473 : fffffa8009050b00 00000000
00000000 0000000000000000 fffff880
01e72b00 : tcpip!IpFlcReceivePackets+0x641
fffff880192454e0 fffff880
01d6e04d : 0000000000000000 00000000
00000000 fffff88001d61400 fffff803
00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2ce
fffff880192455b0 fffff803
dc13aae6 : 0000000000000000 fffffa80
0a982a30 0000000000000001 00000000
00000001 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x12c
fffff880192456b0 fffff803
dc13d545 : fffff88001d6df20 fffff880
19245820 0000000000000000 fffffa80
009f01b1 : nt!KeExpandKernelStackAndCalloutInternal+0xe6
fffff880192457b0 fffff880
01d6e12e : fffff880192458f0 fffffa80
04c350d0 ffffffff00000010 00000002
00000005 : nt!KeExpandKernelStackAndCalloutEx+0x25
fffff880192457f0 fffff880
01adcb06 : 0000000000000000 fffffa80
0956bdf0 fffffa800812b620 00000000
00000801 : tcpip!FlReceiveNetBufferListChain+0xae
fffff88019245870 fffff880
01adc16d : 0000000000000702 fffffa80
09560000 fffffa800b584650 00000000
00000001 : ndis!ndisMIndicateNetBufferListsToOpen+0x126
fffff88019245920 fffff880
01adc843 : 0000000000000020 00000000
00000100 0000000000000001 fffff803
dc128970 : ndis!ndisInvokeNextReceiveHandler+0x25d
fffff880192459f0 fffff880
00a0ccec : fffff88000a1ea00 00000000
00000001 0000000000000000 fffff880
00a090d0 : ndis!NdisMIndicateReceiveNetBufferLists+0xd3
fffff88019245aa0 fffff880
00a090ee : fffff88000a1ea10 fffff880
00a090d0 ffffffff00000010 00000002
00000005 : tunnel!TeredoWfpIndicationWorker+0x70
fffff88019245ae0 fffff803
dc133cd7 : fffffa800af35610 fffff880
00a090d0 fffffa8007e50520 fffff803
dc1abf60 : tunnel!LwWorker+0x1e
fffff88019245b10 fffff803
dc123411 : fffff803dc311190 fffffa80
0a601a00 fffff803dc133c78 fffff803
dc324d00 : nt!IopProcessWorkItem+0x5f
fffff88019245b80 fffff803
dc0b8075 : fffff803dc383180 00000000
00000080 fffff803dc1232d0 fffffa80
0a601a00 : nt!ExpWorkerThread+0x142
fffff88019245c10 fffff803
dc16c3b6 : fffff803dc383180 fffffa80
0a601a00 fffffa8005789b00 fffffa80
03fcd800 : nt!PspSystemThreadStartup+0x59
fffff88019245c60 00000000
00000000 : fffff88019246000 fffff880
19240000 0000000000000000 00000000
00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!RtlCopyBufferToMdl+22
fffff880`0181cfd2 8b5228 mov edx,dword ptr [rdx+28h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETIO!RtlCopyBufferToMdl+22
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 50765624
BUCKET_ID_FUNC_OFFSET: 22
FAILURE_BUCKET_ID: AV_NETIO!RtlCopyBufferToMdl
BUCKET_ID: AV_NETIO!RtlCopyBufferToMdl
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_netio!rtlcopybuffertomdl
FAILURE_ID_HASH: {d1f0b36b-846d-6c9d-08f6-8457013ed970}
Followup: MachineOwner
It doesn’t show anything about our WFP callout driver.
After looking at the forums, i see that same issue is reported multiple times i.e. dump in NETIO.sys with torrent clients.
Is there any clue?