BSOD Debug help. Netio.sys?
Hi guys. I was wondering if you could assist me in finding why Im getting random BSOD's
Incidently where can I learn to debug windows using DMP files, error logs etc?
I am currently trying to upload the related dmp file to skydrive but I only havea 1Mb upload so it may take a while >.<
The back story is I was getting BSOD's where MAFW.sys would be names on screen (my m-audio firewire sound card)
As there was only one driver available for the card i was just putting up with it.
Now i seem to be getting random BSODS which so not give an error message, they will happen sometimes after the computer has been sat idle for hours or sometimes when playing a game or watching a movie. they are happening 2-3 times a day now.
key hardware:
2X9800gt
nforce 570 chipset
athlon64x2
aforementioned sound card.
software running during all BSODS:
windows 7 pro
Zone alarm
AVG
Utorrent
Reclusa keyboard editor
MAFW control panel.
My installed apps are shown here.
http://cid-3f163e004f38c23c.skydrive.live.com/embedphoto.aspx/.Public/apps.jpg
Debugger reads....
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\David\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: C:\Symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c53e50
Debug session time: Tue Apr 6 22:51:59.041 2010 (GMT+1)
System Uptime: 0 days 6:36:12.916
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002a8d5a2}
*** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002a8d5a2
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002a87469 to fffff80002a87f00
STACK_TEXT:
fffff880`009efc68 fffff800`02a87469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009efc70 fffff800`02a85932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009efdb0 fffff800`02a8d5a2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`0ad18000 fffff800`02a50842 : fffffa80`07761080 00000000`00000001 00000000`00000000 fffffa80`04b4e068 : nt!SeAccessCheckWithHint+0x312
fffff880`0ad180e0 fffff880`01606c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x102
fffff880`0ad187d0 fffff880`0160494f : 00000000`c0000022 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`0ad18840 fffff880`016069b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`0ad18890 fffff880`01606845 : fffffa80`06ea8160 fffffa80`06f6f510 fffff880`0ad18ab8 fffff880`0ad191f0 : NETIO!FilterMatch+0x95
fffff880`0ad188e0 fffff880`01607ccb : 00000000`00000000 00000000`00000000 fffff880`0ad191f0 fffff880`0ad18aa0 : NETIO!IndexListClassify+0x69
fffff880`0ad18960 fffff880`0183e4d0 : fffff880`0ad191f0 fffff880`0ad18e38 fffff880`0ad19b70 fffffa80`0abdf740 : NETIO!KfdClassify+0xa4e
fffff880`0ad18cd0 fffff880`0183777e : fffff880`01946690 00000000`00000000 fffffa80`06a38db0 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`0ad18d10 fffff880`01836c15 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
fffff880`0ad19420 fffff880`0183a956 : 00000000`00000000 00000000`00000000 00000000`00000011 00000000`00000000 : tcpip!WfpAleAuthorizeSend+0x325
fffff880`0ad196f0 fffff880`0183d6a4 : 00000000`00000000 fffff880`0ad19b28 fffff880`0ad19b30 fffff880`0ad1a630 : tcpip!WfpAleConnectAcceptIndicate+0x106
fffff880`0ad197e0 fffff880`01835f59 : 00000000`0000002c fffff880`0ad19e30 00000000`00000001 00000000`00000008 : tcpip!ProcessALEForTransportPacket+0x664
fffff880`0ad19a50 fffff880`01862bf6 : 00000000`00000000 00000000`00000002 fffffa80`06a68900 fffff800`02a28900 : tcpip!WfpProcessOutTransportStackIndication+0x329
fffff880`0ad19c20 fffff880`01867a7e : fffffa80`06a623b0 fffff880`01602804 fffff880`0196c9a0 fffffa80`06a38db0 : tcpip!IppSendDatagramsCommon+0x526
fffff880`0ad19ef0 fffff880`01834cf8 : fffffa80`06a38db0 fffffa80`0abdf740 fffffa80`0abdf740 fffffa80`06a623b0 : tcpip!IpNlpSendDatagrams+0x3e
fffff880`0ad19f30 fffff880`0183526d : fffffa80`04b99380 fffffa80`06b6c6e0 fffff880`0ad1a880 00000000`00000000 : tcpip!UdpSendMessagesOnPathCreation+0x688
fffff880`0ad1a2b0 fffff880`01834ef5 : fffff880`0ad1a7e0 fffffa80`06a38900 fffffa80`00000001 fffffa80`06d45800 : tcpip!UdpSendMessages+0x35d
fffff880`0ad1a6a0 fffff800`02a9764a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
fffff880`0ad1a6d0 fffff880`018354b8 : fffff880`01834ee0 fffff880`0ad1a7e0 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0ad1a7b0 fffff880`01027f45 : fffffa80`04a20860 fffffa80`06770ec0 fffffa80`06a2dcd0 fffffa80`04fe758e : tcpip!UdpTlProviderSendMessages+0x78
fffff880`0ad1a830 fffff880`01027ff2 : fffffa80`00000002 fffffa80`04fb8bc0 fffffa80`094eb650 fffff880`00000014 : tdx!TdxSendDatagramTransportAddress+0x2f5
fffff880`0ad1a910 fffff880`03a23bee : fffffa80`094eb4f0 fffff800`02a97beb fffffa80`06a16da0 fffffa80`04fe73a0 : tdx!TdxTdiDispatchInternalDeviceControl+0x52
fffff880`0ad1a940 fffff880`03a243a5 : 00000000`00000000 00000000`0000003e fffffa80`06a16da0 fffffa80`0a9b3640 : avgtdia+0x4bee
fffff880`0ad1a970 fffff880`03a71542 : fffffa80`04fe73a0 fffffa80`06a16da0 00000000`00000000 fffffa80`094eb4f0 : avgtdia+0x53a5
fffff880`0ad1a9a0 fffff880`03a71f61 : fffffa80`04fe7558 fffffa80`04fe7558 fffffa80`0403d920 fffff880`0ad1aaa0 : netbt!TdiSendDatagram+0x187
fffff880`0ad1aa10 fffff880`03a7e329 : fffffa80`074d4e00 fffffa80`04fe73a0 00000000`00000021 00000000`0000003e : netbt!UdpSendDatagram+0x1b1
fffff880`0ad1aaa0 fffff880`03a7e0e6 : 00000000`00000001 00000000`00000000 00000000`00000032 fffff880`03a90089 : netbt!UdpSendResponse+0x4e0
fffff880`0ad1ab20 fffff880`03a72be7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : netbt!QueryFromNet+0xb11
fffff880`0ad1ac50 fffff880`03a70b47 : 00000000`00000032 fffffa80`05af302a 00000000`00000032 fffffa80`06a2dc02 : netbt!NameSrvHndlrNotOs+0xca
fffff880`0ad1ac90 fffff880`01026325 : fffffa80`06a68340 fffffa80`06a20002 fffff880`0ad1af98 fffffa80`06a68340 : netbt!TdiRcvNameSrvHandler+0x367
fffff880`0ad1ad30 fffff880`018403c5 : fffffa80`06a2db80 00000000`00000000 fffffa80`06a2db80 fffffa80`06a2db80 : tdx!TdxEventReceiveMessagesTransportAddress+0x315
fffff880`0ad1af20 fffff880`018408d4 : fffffa80`00000000 fffffa80`06a2db80 00000000`00000000 fffffa80`05af3022 : tcpip!UdpDeliverDatagrams+0x155
fffff880`0ad1b0b0 fffff880`0185c427 : fffffa80`04b4ec40 fffff880`00000000 fffffa80`05cdd010 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x324
fffff880`0ad1b1a0 fffff880`0185c499 : fffff880`0ad1b320 fffff880`0196c9a0 fffff880`0ad1b330 fffffa80`04a1c3e0 : tcpip!IppDeliverListToProtocol+0xf7
fffff880`0ad1b260 fffff880`0185c990 : fffff880`0196c9a0 fffffa80`04154350 00000000`00000011 fffff880`0ad1b320 : tcpip!IppProcessDeliverList+0x59
fffff880`0ad1b2d0 fffff880`0185b821 : 00000000`ff00a8c0 fffffa80`04b45138 fffff880`0196c9a0 00000000`05345901 : tcpip!IppReceiveHeaderBatch+0x231
fffff880`0ad1b3b0 fffff880`01935592 : fffffa80`05cc2cd0 00000000`00000000 fffffa80`05345901 fffffa80`00000001 : tcpip!IpFlcReceivePackets+0x651
fffff880`0ad1b5b0 fffff880`01694afa : fffffa80`03fb7c02 fffffa80`03fb7c90 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2
fffff880`0ad1b5f0 fffff880`03b53863 : fffffa80`06f2bf20 fffffa80`05345940 00000000`00000000 00000000`00000000 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
fffff880`0ad1b6a0 fffff880`03b52a86 : fffffa80`05345940 fffffa80`04ff2440 fffffa80`0b1536a8 fffffa80`0b153570 : vsdatant+0x15863
fffff880`0ad1b730 fffff880`03b4c651 : fffffa80`05345940 fffffa80`05345940 fffff880`0ad1bf00 fffffa80`05345a38 : vsdatant+0x14a86
fffff880`0ad1b830 fffff880`0161d57f : fffff880`0ad1be48 fffff880`0ad1bf60 fffffa80`05af4e20 fffffa80`06f7a580 : vsdatant+0xe651
fffff880`0ad1b960 fffff880`016074db : fffffa80`06ed0018 fffff880`0ad1be48 fffffa80`06d45858 fffffa80`05af4e20 : NETIO! ?? ::FNODOBFM::`string'+0x7267
fffff880`0ad1ba80 fffff880`0190002b : fffff880`0ad1c498 fffff880`0ad1be48 fffff880`0ad1c498 fffffa80`05af4e20 : NETIO!KfdClassify+0x24b
fffff880`0ad1bdf0 fffff880`01803d10 : 00000000`00000000 fffffa80`06a38db0 fffffa80`06d45960 00000000`00000000 : tcpip!WFPDatagramDataShimV4+0x49b
fffff880`0ad1c150 fffff880`0187cf2d : fffff880`0ad1c5a8 fffff880`016f628a fffffa80`04a141b0 fffffa80`05af4e20 : tcpip! ?? ::FNODOBFM::`string'+0x2b82f
fffff880`0ad1c3c0 fffff880`0183f080 : fffffa80`06a38db0 00000000`00000000 00000000`00000002 00000000`00000000 : tcpip!ProcessAleForNonTcpIn+0x1ad
fffff880`0ad1c4e0 fffff880`0186d861 : fffffa80`00000011 fffffa80`06a20002 fffffa80`04b48900 00000000`00008900 : tcpip!WfpProcessInTransportStackIndication+0xb10
fffff880`0ad1c850 fffff880`0183ff93 : fffffa80`06a2db80 fffffa80`04b4b380 00000000`00000000 fffffa80`04b45000 : tcpip!InetInspectReceiveDatagram+0x121
fffff880`0ad1c8f0 fffff880`01840345 : fffffa80`06a2db80 00000000`00000000 fffffa80`04b4b380 00000000`00000000 : tcpip!UdpBeginMessageIndication+0x83
fffff880`0ad1ca40 fffff880`018408d4 : fffffa80`00000000 fffffa80`06a2db80 00000000`00000000 fffffa80`05af3022 : tcpip!UdpDeliverDatagrams+0xd5
fffff880`0ad1cbd0 fffff880`0185c427 : fffffa80`04b4ec40 00000000`00000000 fffffa80`05cdd010 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x324
fffff880`0ad1ccc0 fffff880`0185c499 : fffff880`0ad1ce40 fffff880`0196c9a0 fffff880`0ad1ce50 fffffa80`04a1c3e0 : tcpip!IppDeliverListToProtocol+0xf7
fffff880`0ad1cd80 fffff880`0185c990 : fffff880`0196c9a0 fffffa80`05af4f50 00000000`00000011 fffff880`0ad1ce40 : tcpip!IppProcessDeliverList+0x59
fffff880`0ad1cdf0 fffff880`0185b821 : 00000000`ff00a8c0 fffffa80`04b45000 fffff880`0196c9a0 00000000`05bee601 : tcpip!IppReceiveHeaderBatch+0x231
fffff880`0ad1ced0 fffff880`0185a272 : fffffa80`05cc2cd0 00000000`00000000 fffffa80`05bee601 fffff880`00000001 : tcpip!IpFlcReceivePackets+0x651
fffff880`0ad1d0d0 fffff880`018736ba : fffffa80`05bee6a0 fffff880`0ad1d200 fffffa80`05bee6a0 fffffa80`06dc0000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
fffff880`0ad1d1b0 fffff800`02a9764a : fffffa80`05af4e20 fffff880`0ad18000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda
fffff880`0ad1d200 fffff880`018730e2 : fffff880`018735e0 fffff880`0ad1d310 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0ad1d2e0 fffff880`017b30eb : fffffa80`05c468d0 00000000`00000000 fffffa80`055c91a0 fffffa80`055c91a0 : tcpip!FlReceiveNetBufferListChain+0xb2
fffff880`0ad1d350 fffff880`0177cfc6 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff880`0ad1d3c0 fffff880`016ffa24 : fffffa80`055c91a0 00000000`00000002 00000000`00000001 fffff880`01835651 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff880`0ad1d840 fffff880`016ff9e9 : 00000000`00000000 fffffa80`09799700 00000000`00000000 00000000`00000001 : ndis!ndisMTopReceiveNetBufferLists+0x24
fffff880`0ad1d880 fffff880`016ff980 : fffffa80`05bee6a0 00000000`00000001 ffff0000`096bd584 00000000`00000001 : ndis!ndisFilterIndicateReceiveNetBufferLists+0x29
fffff880`0ad1d8c0 fffff880`03b5664d : fffffa80`05c15160 00000000`00000001 00000000`00000001 fffffa80`05af4e20 : ndis!NdisFIndicateReceiveNetBufferLists+0x50
fffff880`0ad1d900 fffff880`017172b7 : fffffa80`05c15160 fffffa80`05af4e20 00000000`00000000 fffff880`00000001 : vsdatant+0x1864d
fffff880`0ad1d9a0 fffff880`040fa974 : fffffa80`0580c000 fffffa80`059edc00 00000000`18008000 00000000`00000001 : ndis! ?? ::FNODOBFM::`string'+0xccef
fffff880`0ad1d9f0 fffff880`041161e8 : 00000000`00000000 00000000`18008000 00000000`18008000 00000000`00000000 : nvm62x64!OS_IndicatePacketsRx+0x88
fffff880`0ad1da30 fffff880`04115c1e : fffff880`00000004 00000000`00000000 00000000`00000000 00000000`00000000 : nvm62x64!UpdateReceiveDescRingData64+0x370
fffff880`0ad1daf0 fffff880`0411308d : fffffa80`061a5590 fffffa80`0580c000 00000000`00000000 00000000`00000000 : nvm62x64!ADAPTER_HandleInterrupt64+0xfa
fffff880`0ad1db40 fffff880`040fd713 : fffffa80`061a5698 fffff800`02a8f052 fffffa80`055c91a0 fffffa80`061a5590 : nvm62x64!HMacDDpc+0x29
fffff880`0ad1db70 fffff880`01781e4b : fffff880`01758110 00000000`00000000 fffffa80`055c91a0 fffffa80`055c9f68 : nvm62x64!NDIS_HandleInterrupt+0x37
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!CompareSecurityContexts+6a
fffff880`01606c5a 448b442470 mov r8d,dword ptr [rsp+70h]
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: NETIO!CompareSecurityContexts+6a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a
FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a
Followup: MachineOwner
---------
April 7th, 2010 3:47pm
From the "Bugcheck Analysis" you posted is this line from the "STACK_TEXT" field:
fffff880`0ad1d900 fffff880`017172b7 : fffffa80`05c15160 fffffa80`05af4e20 00000000`00000000 fffff880`00000001 : vsdatant+0x1864d
I've bolded the driver, the vsdatant.sys, which is a ZoneAlarm driver.
The vsdatant.sys is accessing memory at that point and may be causing the issue.
Here is a previous thread on the issue with ZoneAlarm which seems to occur on some 64-bit systems:
http://social.answers.microsoft.com/Forums/en/w7repair/thread/e94de527-183f-4227-9749-072ba0e7769f
I would suggest to try disabling NetBIOS over TCP/IP or uninstall ZoneAlarm.
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2010 3:57pm
Can you recommend a suitable free alternative to zone alarm?
April 7th, 2010 7:23pm
I have just discovered the minidumps.. please find mine at : http://cid-3f163e004f38c23c.skydrive.live.com/self.aspx/.Public/Minidump.rar
Can anyone make sense of these.. ill try removing zone alarm in the meantime
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2010 8:18pm
You seem to have two issues.
One is the UNEXPECTED_KERNEL_MODE_TRAP (7f) errors which are probably from ZoneAlarm.
Uninstalling ZoneAlarm should stop these errors.
The other is that the mafw.sys driver appears to be causing an issue referencing the 1394ohci.sys.
This may indicate a lack of compliance with Windows 7's 1394ohci.sys.
It may benefit to switch the 1394ohci.sys driver to the "legacy" driver - see the first post (post #11 in the thread) in the following link:
http://forums.m-audio.com/showthread.php?16193-FireWire-410-Does-Not-Work-Wilh-Windows-7/page2
April 7th, 2010 10:17pm
On Wed, 7 Apr 2010 16:23:05 +0000, PLEKTRUM wrote:> Can you recommend a suitable free alternative to zone alarm? Yes, the built-in Windows 7 firewall. I think it's at least as good asZoneAlarm.Ken Blake, Microsoft MVP (Windows Desktop Experience) since 2003Ken Blake
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2010 1:06am
You seem to have two issues.
One is the UNEXPECTED_KERNEL_MODE_TRAP (7f) errors which are probably from ZoneAlarm.
Uninstalling ZoneAlarm should stop these errors.
The other is that the mafw.sys driver appears to be causing an issue referencing the 1394ohci.sys.
This may indicate a lack of compliance with Windows 7's 1394ohci.sys.
It may benefit to switch the 1394ohci.sys driver to the "legacy" driver - see the first post (post #11 in the thread) in the following link:
http://forums.m-audio.com/showthread.php?16193-FireWire-410-Does-Not-Work-Wilh-Windows-7/page2
Cheers. I'd tried this fix before but reverted back to the original driver after I thought it stopped the sound card from working.
Turns out I just forgot to set the sound card back to the default sound device as i have several >.< doh!
Fingers crossed all should be well.
Just for the record the firewire controller was using the ol generic "Texas instruments"driver as opposed to the default Win 7 one (I think its a belkin pci card) Its now running fine on the legacy driver though. I'll check out the belkin site for specific drivers later :)
April 8th, 2010 5:16am
NO BSODS TO DATE :D ty for all your help
April 19th, 2010 11:06pm
You're welcome. Glad that is working out.
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2010 4:57pm
Hi ! the dump files only help if there is a "target" computer setup with the symbol trees loaded from the original setup disk ready for the kernel debugger session to begin at / on a previously specified port, most often com1 or 2. Analysis is done via
a remote assistance invite via the same port. Of more use to us would be any error codes generated by the blue screens themselves, usually in the form of #x####### where each # can be a letter, or a number."http://support.microsoft.com/fixit/default.aspx/". This is MICROSOFT'S new, FREE, fully automated, anonymous support portal, which can help users resolve windows and other product issues with a few mouse clicks. BOOKMARK THIS SITE, EVERYBODY
!!!
January 22nd, 2011 7:00am