BSOD caused by bcmwl644.sys against Cisco WiFi

1

I have in front of me an Acer V5 171, it is running a clean install of Windows 7 X64 SP1 will all current hotfixes and updates, with the latest drivers from Acer the version of bcmwl664.sys is 5.100.196.18

If I connect to a BT "Home Hub 2" (Speedtouch with BT firmware), the wireless works perfectly

If I connect to a Cisco 877w running c870-advipservicesk9-mz.151-4.M4 with config as per the below, after it has transferred a small amount of data, it bluescreens

Cisco config and windbg output as below.

version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 102400
no logging rate-limit
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
clock save interval 8
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid CiscoSSID
 authentication open 
 authentication key-management wpa
 guest-mode
 infrastructure-ssid optional
 wpa-psk ascii 0 CiscoSSIDpass
!
no ip source-route
no ip gratuitous-arps
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.10.200 192.168.10.254
!
ip dhcp pool home
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1 
 dns-server 8.8.8.8 8.8.4.4 
 domain-name network.home
 lease 0 2
!
!
!
ip cef
ip domain name network.home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect WAAS flush-timeout 10
ip inspect dns-timeout 10
ip inspect tcp reassembly queue length 128
ip inspect tcp reassembly timeout 10
ip inspect tcp reassembly memory limit 200
ip inspect name ios-inspect cddbp
ip inspect name ios-inspect cifs
ip inspect name ios-inspect dns
ip inspect name ios-inspect echo
ip inspect name ios-inspect fragment maximum 256 timeout 1
ip inspect name ios-inspect ftp
ip inspect name ios-inspect ftps
ip inspect name ios-inspect h323
ip inspect name ios-inspect http
ip inspect name ios-inspect https
ip inspect name ios-inspect icmp
ip inspect name ios-inspect ident
ip inspect name ios-inspect igmpv3lite
ip inspect name ios-inspect imap
ip inspect name ios-inspect imap3
ip inspect name ios-inspect imaps
ip inspect name ios-inspect ipsec-msft
ip inspect name ios-inspect irc
ip inspect name ios-inspect irc-serv
ip inspect name ios-inspect ircs
ip inspect name ios-inspect ircu
ip inspect name ios-inspect isakmp
ip inspect name ios-inspect l2tp
ip inspect name ios-inspect ldap
ip inspect name ios-inspect ldaps
ip inspect name ios-inspect microsoft-ds
ip inspect name ios-inspect netbios-dgm
ip inspect name ios-inspect netbios-ns
ip inspect name ios-inspect netbios-ssn
ip inspect name ios-inspect nntp
ip inspect name ios-inspect ntp
ip inspect name ios-inspect pop3
ip inspect name ios-inspect pop3s
ip inspect name ios-inspect pptp
ip inspect name ios-inspect sip
ip inspect name ios-inspect sip-tls
ip inspect name ios-inspect skinny
ip inspect name ios-inspect sms
ip inspect name ios-inspect snmp
ip inspect name ios-inspect snmptrap
ip inspect name ios-inspect ssh
ip inspect name ios-inspect stun
ip inspect name ios-inspect smtp
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!

username Network privilege 15 password 0 password
!
!
ip ssh version 2
!
! 
!
!
bridge irb
!
!
!
interface ATM0
 description xDSL
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 load-interval 30
 class-int class-default
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl enable-training-log delay 0  
 dsl lom 250
 dsl bitswap both
 no snmp trap link-status
 snmp ifindex persist
 max-reserved-bandwidth 100
 hold-queue 224 in
 pvc DATA 0/38 
  tx-ring-limit 3
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 switchport access vlan 10
 no ip address
!
interface FastEthernet1
 switchport access vlan 10
 no ip address
!
interface FastEthernet2
 switchport access vlan 10
 no ip address
!
interface FastEthernet3
 switchport access vlan 10
 no ip address
!
interface Dot11Radio0
 no ip address
 no dot11 extension aironet
 !
 encryption mode ciphers aes-ccm tkip 
 !
 ssid CiscoSSID
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 fragment-threshold 256
 station-role root
 rts threshold 0
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
!
interface Vlan10
 description LAN
 no ip address
 bridge-group 1
!
interface Dialer1
 ip address negotiated previous
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip accounting precedence input
 ip accounting precedence output
 ip accounting access-violations
 ip nbar protocol-discovery
 ip flow ingress
 ip pim sparse-dense-mode
 ip nat outside
 ip inspect ios-inspect out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no fair-queue
 ppp max-bad-auth 3
 ppp lcp predictive
 ppp lcp delay 1
 ppp authentication chap callin
 ppp chap hostname user@isp.com
 ppp chap password 0 isp-password
 ppp ipcp dns request
 ppp ipcp wins request
 ppp ipcp predictive
 ppp multilink
 ppp multilink interleave
 ppp multilink fragment delay 20
 no cdp enable
 hold-queue 224 in
!
interface BVI1
 description LAN
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 hold-queue 160 in
!
ip forward-protocol nd
ip http server
ip http access-class 25
ip http authentication local
no ip http secure-server
!
!
ip dns server
ip nat inside source list 102 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
kron occurrence Daily0400 at 4:00 recurring
 policy-list ConfigArchive
!
kron policy-list ConfigArchive
 cli archive config
 cli more system:running-config | redirect ftp://user:pass@f.q.d.n./c877w-1/c877w-1-run.cfg
!
logging history debugging
logging trap debugging
access-list 25 remark for ssh and http access
access-list 25 permit 192.168.10.0 0.0.0.255
access-list 102 remark for NAT
access-list 102 permit ip 192.168.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
snmp-server ifindex persist
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
 privilege level 15
 no modem enable
line aux 0
line vty 0 4
 session-timeout 35791  output
 access-class 24 in
 exec-timeout 35791 23
 privilege level 15
 transport input ssh
 transport output all
!
scheduler max-task-time 5000
ntp master 5
ntp server 142.3.100.2
ntp server 91.208.177.20
ntp server 82.219.4.30
!
end

running windbg against the dump file produces

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88005a4a6c9, The address that the exception occurred at
Arg3: fffff88009eb4508, Exception Record Address
Arg4: fffff88009eb3d60, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
bcmwl664+136c9
fffff880`05a4a6c9 488b4348        mov     rax,qword ptr [rbx+48h]

EXCEPTION_RECORD:  fffff88009eb4508 -- (.exr 0xfffff88009eb4508)
ExceptionAddress: fffff88005a4a6c9 (bcmwl664+0x00000000000136c9)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88009eb3d60 -- (.cxr 0xfffff88009eb3d60)
rax=fffffa8007bd9780 rbx=d2d8f11dbec2430d rcx=fffffa80076ed0b0
rdx=fffffa80076ed000 rsi=fffffa800936d000 rdi=fffffa8007af3f30
rip=fffff88005a4a6c9 rsp=fffff88009eb4740 rbp=fffffa8007ac15e0
 r8=d2d8f11dbec2430d  r9=00000000deadbeef r10=0000000000000007
r11=0000000000000000 r12=fffffa8007ac0010 r13=0000000000000000
r14=fffffa8007bc9780 r15=fffffa8007af3f30
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
bcmwl664+0x136c9:
fffff880`05a4a6c9 488b4348        mov     rax,qword ptr [rbx+48h] ds:002b:d2d8f11d`bec24355=????????????????
Resetting default scope

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

FOLLOWUP_IP: 
bcmwl664+136c9
fffff880`05a4a6c9 488b4348        mov     rax,qword ptr [rbx+48h]

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from fffff88005a872a4 to fffff88005a4a6c9

STACK_TEXT:  
fffff880`09eb4740 fffff880`05a872a4 : 00000000`00000001 fffffa80`0936d010 00000000`00000000 00000000`00000000 : bcmwl664+0x136c9
fffff880`09eb4770 fffff880`05a86d6f : 00000000`00000001 fffffa80`0936d010 fffffa80`07ac0010 00000000`00000001 : bcmwl664+0x502a4
fffff880`09eb4880 fffff880`05aba79e : 00000000`00000000 00000000`00000002 fffffa80`076ef840 00000000`00000000 : bcmwl664+0x4fd6f
fffff880`09eb4a10 fffff880`05abaa1b : 00000000`00000001 fffffa80`076ed000 fffff880`00000003 fffff800`03023280 : bcmwl664+0x8379e
fffff880`09eb4a70 fffff880`05a4b833 : fffffa80`076ed000 fffffa80`076ed000 00000000`c0020403 fffff800`03023280 : bcmwl664+0x83a1b
fffff880`09eb4ae0 fffff880`05a616af : fffffa80`03ff58c0 fffffa80`076ed000 fffffa80`03ff58c0 fffffa80`076ed000 : bcmwl664+0x14833
fffff880`09eb4b10 fffff800`03178583 : fffffa80`076a6050 fffffa80`043c6040 fffffa80`07af8410 fffffa80`043c6040 : bcmwl664+0x2a6af
fffff880`09eb4b40 fffff800`02e8f641 : fffff800`03023200 fffff800`03178501 fffffa80`043c6000 fffff880`00000002 : nt!IopProcessWorkItem+0x23
fffff880`09eb4b70 fffff800`0311ce5a : fffff8a0`03a42140 fffffa80`043c6040 00000000`00000080 fffffa80`03fd0040 : nt!ExpWorkerThread+0x111
fffff880`09eb4c00 fffff800`02e76d26 : fffff880`03364180 fffffa80`043c6040 fffffa80`03feeb50 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`09eb4c40 00000000`00000000 : fffff880`09eb5000 fffff880`09eaf000 fffff880`09eb48a0 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  bcmwl664+136c9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: bcmwl664

IMAGE_NAME:  bcmwl664.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4f6820d7

STACK_COMMAND:  .cxr 0xfffff88009eb3d60 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_bcmwl664+136c9

BUCKET_ID:  X64_0x7E_bcmwl664+136c9

Followup: MachineOwner
---------

As the driver works "perfectly" with the BT "home hub", I'm 99.99% sure that it is not a file corruption issue, however I have already downloading the driver again, tried uninstalling the WiFi NIC, removing the .sys file and re-installing from scratch to no avail.

There is a "later" driver available on the Acer website Wireless LAN_Broadcom_6.30.59.78_W8x64UW8x86U_A, but it would appear to be for a different chipset as Windows does not allow the driver to be updated to its contents.

I do see a small number of retries on the wireless interface on the Cisco. The logging on the BT device is however pitiful.

windows-7
broadcom
asked on Super User Oct 29, 2012 by shouldbeq931 • edited Oct 8, 2018 by Hennes

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0