BSOD; ntoskrnl.exe; STOP: 0x0000007f

wju · 17 Mar 2010

Hi
I'm running windows 7 64 bit and I'm having a BSOD constantly. (sometimes after 10 Minutes, sometimes after 10 hours)
I have been getting these blue screens regularly since I built my PC. It happens while doing anything from running games to just idling. After some looking around I used bluescreenviewer to located the source of the problem: ntoskrnl.exe.
I have ran memtest86x+ 4.00 and sfc/scannow and it says there are no errors.
Pleas help me. I have no idea.

My system:
Windows 7 Home 64 Bit
Motherboard: Gigabyte GA-P55-UD3
RAM: 2 * 2 GB (Kingston), 1333
CPU: Intel Core i5-750 (Sockel: 1156)
Device: Samsung SH-S223B
GPU: Sapphire Radeon HD 5850, 1024 MB
HDD: Samsung F1 HD103UJ S-ata 2 1TB
Power: 625W Enermax Pro 82+

Bill2 · 17 Mar 2010

Hello,
your dump points to networking (netio.sys). so probably a problem with your network drivers. try updating your network drivers.

Jonathan_King · 17 Mar 2010

Welcome!

It looks like netio.sys is the issue.

I recommend updating your network adapter drivers in Device Manager.

Also, open an elevated command prompt and enter sfc /scannow.

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Jonathan\Desktop\Minidump\031310-15210-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c53000 PsLoadedModuleList = 0xfffff800`02e90e50
Debug session time: Sat Mar 13 07:53:41.523 2010 (GMT-4)
System Uptime: 0 days 0:30:43.959
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 6f8, fffff80002ccf314}

Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002ccf314

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002cc4469 to fffff80002cc4f00

STACK_TEXT:  
fffff880`009eece8 fffff800`02cc4469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009eecf0 fffff800`02cc2932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009eee30 fffff800`02ccf314 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`02f15fa0 fffff800`02cca5a7 : 000010cc`000093f4 000094d8`00001131 00001150`00001138 00001158`000096fc : nt!SepMandatoryIntegrityCheck+0x14
fffff880`02f16020 fffff800`02c8d842 : fffffa80`04187080 00000000`00000001 00000000`00000000 fffffa80`046ba7c8 : nt!SeAccessCheckWithHint+0x317
fffff880`02f16100 fffff880`01406c5a : 00009b28`000110db 0001133a`000110e4 00011340`00009b0c 000096ac`000114b3 : nt!SeAccessCheckFromState+0x102
fffff880`02f167f0 fffff880`0140494f : 00011d08`c0000022 0000953c`00000000 00011eb0`00011e48 00011eb8`00009350 : NETIO!CompareSecurityContexts+0x6a
fffff880`02f16860 fffff880`014069b5 : 00009430`00012572 000126b0`00012578 000126b8`00009444 0000953c`0001277b : NETIO!MatchValues+0xef
fffff880`02f168b0 fffff880`01406845 : fffffa80`05d03e30 fffffa80`04185fd0 fffff880`02f16ad8 fffff880`02f17210 : NETIO!FilterMatch+0x95
fffff880`02f16900 fffff880`01407ccb : 00000000`00000000 00000000`00000000 fffff880`02f17210 fffff880`02f16ac0 : NETIO!IndexListClassify+0x69
fffff880`02f16980 fffff880`0163d4d0 : fffff880`02f17210 fffff880`02f16e58 fffff880`02f17b90 fffffa80`06423850 : NETIO!KfdClassify+0xa4e
fffff880`02f16cf0 fffff880`0163677e : fffff880`01745690 00000000`00000000 fffffa80`05a68010 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`02f16d30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`01406c5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------

wju · 17 Mar 2010

Thank you very much for your help!!
I will update my network adapter now (and post the effect)
@Jonathan_King: I do this scan in elevated command prompt but no mistakes were found.

wju · 17 Mar 2010

I have tried to update my network adapters (Realtek PCIe GBE Familiy Controller). But it was already the newest version (Version: 7.9.820.2009) Should I try to load an older version?

zigzag3143 · 17 Mar 2010

wju said:

I have tried to update my network adapters (Realtek PCIe GBE Familiy Controller). But it was already the newest version (Version: 7.9.820.2009) Should I try to load an older version?

How are you trying to update? are you using a driver dective type of app? or the built in win 7 updater? You should install the driver manually

ken

patrickmorris · 17 Mar 2010

Everytime i try to add my minidump files to a zip'd folder it says acess is denied and im the only user on my computer../????

Jonathan_King · 17 Mar 2010

I'm not sure what's going on, but we don't really need the files. The ones you provided are pretty consistent. They all point to netio.sys.

wju · 17 Mar 2010

Hi zigzag3143
I used the win 7 updater.
But I searched also online and I found no newer version.

nickle · 18 Mar 2010

vsdatant.sys is showing up in the stack of your dump as the culprit. See highlighted in blue in the code box. It is a driver for Zone Alarm. Please uninstall Zone alarm and see if BSOD persists. Use the removal tool: http://download.zonealarm.com/bin/fr...cpes_clean.exe

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Nickle\AppData\Local\Temp\Rar$DI19.414\031710-14539-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c63000 PsLoadedModuleList = 0xfffff800`02ea0e50
Debug session time: Wed Mar 17 05:00:48.978 2010 (GMT-4)
System Uptime: 0 days 0:46:05.102
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050031, 6f8, fffff80002cb040f}

Unable to load image vsdatant.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002cb040f

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002cd4469 to fffff80002cd4f00

STACK_TEXT:  
fffff880`009eece8 fffff800`02cd4469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009eecf0 fffff800`02cd2932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009eee30 fffff800`02cb040f : 00000000`00000000 00ffffff`00ffffff 00ffffff`00ffffff 00ffffff`00ffffff : nt!KiDoubleFaultAbort+0xb2
fffff880`02959000 fffff800`02c9d69c : fffff880`029590e0 fffffa80`046d57c8 00ffffff`00000000 00ffffff`00ffffff : nt!RtlSidHashInitialize+0x2f
fffff880`02959030 fffff800`02c9d7df : fffffa80`046d57c8 00000000`00000001 00000000`00000000 00000000`00000000 : nt!SepTokenFromAccessInformation+0xbc
fffff880`02959060 fffff880`0155cc5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x9f
fffff880`02959750 fffff880`0155a94f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a
fffff880`029597c0 fffff880`0155c9b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef
fffff880`02959810 fffff880`0155c845 : fffffa80`05d668d0 fffffa80`04e62110 fffff880`02959a38 fffff880`0295a170 : NETIO!FilterMatch+0x95
fffff880`02959860 fffff880`0155dccb : 00000000`00000000 00000000`00000000 fffff880`0295a170 fffff880`02959a20 : NETIO!IndexListClassify+0x69
fffff880`029598e0 fffff880`016404d0 : fffff880`0295a170 fffff880`02959db8 fffff880`0295aaf0 fffffa80`03881800 : NETIO!KfdClassify+0xa4e
fffff880`02959c50 fffff880`0163977e : fffff880`01748690 00000000`00000000 fffffa80`04dc6570 00000000`00000000 : tcpip!WfpAleClassify+0x50
fffff880`02959c90 fffff880`01638c15 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
fffff880`0295a3a0 fffff880`0163c956 : 00000000`00000000 00000000`00000000 00000000`00000011 00000000`00000000 : tcpip!WfpAleAuthorizeSend+0x325
fffff880`0295a670 fffff880`0163f6a4 : 00000000`00000000 fffff880`0295aaa8 fffff880`0295aab0 00000000`00000000 : tcpip!WfpAleConnectAcceptIndicate+0x106
fffff880`0295a760 fffff880`01637f59 : fffff880`02c833c0 00000000`000000ff 00000000`00000001 00000000`00000008 : tcpip!ProcessALEForTransportPacket+0x664
fffff880`0295a9d0 fffff880`01664bf6 : 00000000`00000000 00000000`00000002 fffffa80`05e08900 fffffa80`059c8900 : tcpip!WfpProcessOutTransportStackIndication+0x329
fffff880`0295aba0 fffff880`01669a7e : fffffa80`05e0d3b0 fffff880`01558804 fffff880`0176e9a0 fffffa80`04dc6570 : tcpip!IppSendDatagramsCommon+0x526
fffff880`0295ae70 fffff880`01636cf8 : fffffa80`04dc6570 fffffa80`03881800 fffffa80`03881800 fffffa80`05e0d3b0 : tcpip!IpNlpSendDatagrams+0x3e
fffff880`0295aeb0 fffff880`0163726d : fffffa80`03933780 fffffa80`05e057a0 fffff880`0295b800 00000000`00000000 : tcpip!UdpSendMessagesOnPathCreation+0x688
fffff880`0295b230 fffff880`01636ef5 : fffff880`0295b760 fffffa80`03a58900 fffff880`00000001 fffffa80`059ce080 : tcpip!UdpSendMessages+0x35d
fffff880`0295b620 fffff800`02ce464a : fffff880`0295b9b0 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
fffff880`0295b650 fffff880`016374b8 : fffff880`01636ee0 fffff880`0295b760 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0295b730 fffff880`019aef45 : fffffa80`04567210 fffffa80`03cda590 fffffa80`059df920 fffffa80`039d0f1e : tcpip!UdpTlProviderSendMessages+0x78
fffff880`0295b7b0 fffff880`019aeff2 : fffffa80`0495b402 fffffa80`05a9f1f0 fffffa80`043af6b8 fffffa80`05a9f1f0 : tdx!TdxSendDatagramTransportAddress+0x2f5
fffff880`0295b890 fffff880`02d5a542 : 00000000`00000000 fffffa80`059df330 00000000`00000000 fffffa80`043af5a0 : tdx!TdxTdiDispatchInternalDeviceControl+0x52
fffff880`0295b8c0 fffff880`02d5af61 : fffffa80`039d0ee8 fffffa80`039d0ee8 fffffa80`03bea740 fffff880`0295b9c0 : netbt!TdiSendDatagram+0x187
fffff880`0295b930 fffff880`02d67329 : fffffa80`06288010 fffffa80`039d0d30 00000000`00000021 00000000`0000003e : netbt!UdpSendDatagram+0x1b1
fffff880`0295b9c0 fffff880`02d670e6 : 00000000`00000000 00000000`00000000 00000000`00000032 fffff880`02d80089 : netbt!UdpSendResponse+0x4e0
fffff880`0295ba40 fffff880`02d5bbe7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : netbt!QueryFromNet+0xb11
fffff880`0295bb70 fffff880`02d59b47 : 00000000`00000032 fffff880`050f5f2a 00000000`00000032 fffffa80`059df902 : netbt!NameSrvHndlrNotOs+0xca
fffff880`0295bbb0 fffff880`019ad325 : fffffa80`04d59130 fffffa80`059c0002 fffff880`0295beb8 fffffa80`04d59130 : netbt!TdiRcvNameSrvHandler+0x367
fffff880`0295bc50 fffff880`016423c5 : fffffa80`059c8cb0 00000000`00000000 fffffa80`059c8cb0 fffffa80`059c8cb0 : tdx!TdxEventReceiveMessagesTransportAddress+0x315
fffff880`0295be40 fffff880`016428d4 : fffffa80`00000000 fffffa80`059c8cb0 00000000`00000000 fffff880`050f5f22 : tcpip!UdpDeliverDatagrams+0x155
fffff880`0295bfd0 fffff880`0165e427 : fffffa80`046cfe30 fffff880`00000000 fffffa80`053277d0 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x324
fffff880`0295c0c0 fffff880`0165e499 : fffff880`0295c240 fffff880`0176e9a0 fffff880`0295c250 fffffa80`04548cf0 : tcpip!IppDeliverListToProtocol+0xf7
fffff880`0295c180 fffff880`0165e990 : fffff880`0176e9a0 fffffa80`03a5c9f0 00000000`00000011 fffff880`0295c240 : tcpip!IppProcessDeliverList+0x59
fffff880`0295c1f0 fffff880`0165d821 : 00000000`ff00a8c0 fffffa80`046c1138 fffff880`0176e9a0 00000000`04c47801 : tcpip!IppReceiveHeaderBatch+0x231
fffff880`0295c2d0 fffff880`01737592 : fffffa80`04f8f3c0 00000000`00000000 fffffa80`04c47801 fffffa80`00000001 : tcpip!IpFlcReceivePackets+0x651
fffff880`0295c4d0 fffff880`01409afa : fffffa80`03826802 fffffa80`03826850 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2
fffff880`0295c510 fffff880`02c15863 : fffffa80`059b4ea0 fffffa80`04c47890 00000000`00000000 00000000`00000000 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
fffff880`0295c5c0 fffffa80`059b4ea0 : fffffa80`04c47890 00000000`00000000 00000000`00000000 00000000`00000002 : vsdatant+0x15863
fffff880`0295c5c8 fffffa80`04c47890 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000001 : 0xfffffa80`059b4ea0
fffff880`0295c5d0 00000000`00000000 : 00000000`00000000 00000000`00000002 00000000`00000001 fffffa80`0000000b : 0xfffffa80`04c47890


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!CompareSecurityContexts+6a
fffff880`0155cc5a 448b442470      mov     r8d,dword ptr [rsp+70h]

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  NETIO!CompareSecurityContexts+6a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

BUCKET_ID:  X64_0x7f_8_NETIO!CompareSecurityContexts+6a

Followup: MachineOwner
---------