IRQL_GT_ZERO_AT_SYSTEM_SERVICE BSOD Randomly

pite · 15 Jan 2012

I constantly have regular bluescreens about once a day saying IRQL_GT_ZERO_AT_SYSTEM_SERVICE

I used WhoCrashed and it said the following about my most recent bluescreen:

Code:

On Sun 1/15/2012 4:21:14  PM GMT your computer crashed
crash dump file:  C:\Windows\Minidump\011512-27690-01.dmp
This was probably caused by the  following module: ntoskrnl.exe (nt+0x71F00) 
Bugcheck code: 0x4A  (0x776AFF2A, 0x2, 0x0, 0xFFFFF8800AB00C60)
Error: IRQL_GT_ZERO_AT_SYSTEM_SERVICE
file path:  C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel &  System
Bug check description: This indicates that a thread is returning to  user mode from a system call when its IRQL is still above PASSIVE_LEVEL. 
The  crash took place in the Windows kernel. Possibly this problem is caused by  another driver which cannot be identified at this time.

Windows 7:
- x64 bit
- Original OS installed is Windows 7 Ultimate x64 (current OS)
- OEM
- All hardware is around 2 months old
- Installation is also 2 months old, still using original installation

Also included the DMP files and jcgriff analysis and perfmon report

pite · 15 Jan 2012

I also uninstalled VirtualBox (as i thought its network driver may have caused bluescreens) and Ran driver verifier since my last crash, havent bluescreened yet.

writhziden · 15 Jan 2012

Code:


Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\010312-17503-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0301d000 PsLoadedModuleList = 0xfffff800`0325ae50
Debug session time: Tue Jan  3 04:38:49.100 2012 (UTC - 7:00)
System Uptime: 0 days 8:33:57.990
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {7745ff2a, 2, 0, fffff880095d6c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 000000007745ff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff880095d6c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3534663533386164
00000000`7745ff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000308e469 to fffff8000308ef00

STACK_TEXT:  
fffff880`095d6a28 fffff800`0308e469 : 00000000`0000004a 00000000`7745ff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`095d6a30 fffff800`0308e3a0 : fffffa80`10182430 00000000`056cfa78 fffff880`095d6b88 fffff800`033a2094 : nt!KiBugCheckDispatch+0x69
fffff880`095d6b70 00000000`7745ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`056cf1c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7745ff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`0308e3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\010512-20716-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03067000 PsLoadedModuleList = 0xfffff800`032a4e50
Debug session time: Thu Jan  5 02:19:48.722 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:18.002
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa800ec38b30, fffffa800ec38e10, fffff800033e1240}

Probably caused by : wininit.exe

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800ec38b30, Terminating object
Arg3: fffffa800ec38e10, Process image file name
Arg4: fffff800033e1240, Explanatory message (ascii)

Debugging Details:
------------------


PROCESS_OBJECT: fffffa800ec38b30

IMAGE_NAME:  wininit.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 0000000000000000 

PROCESS_NAME:  wininit.exe

EXCEPTION_CODE: (Win32) 0x36b1 (14001) - The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

BUGCHECK_STR:  0xF4_36B1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

STACK_TEXT:  
fffff880`02119ac8 fffff800`03464142 : 00000000`000000f4 00000000`00000003 fffffa80`0ec38b30 fffffa80`0ec38e10 : nt!KeBugCheckEx
fffff880`02119ad0 fffff800`03410269 : 00000000`00000001 fffffa80`0ec3ab60 fffffa80`0ec38b30 00000000`00326f50 : nt!PspCatchCriticalBreak+0x92
fffff880`02119b10 fffff800`03394c74 : 00000000`00000001 00000000`00000001 fffffa80`0ec38b30 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x17a06
fffff880`02119b60 fffff800`030d8153 : fffffa80`0ec3ab60 fffff880`000036b1 fffffa80`0ec3ab60 fffffa80`0f3f7960 : nt!NtTerminateProcess+0xf4
fffff880`02119be0 00000000`7784017a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0022fdc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7784017a


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xF4_36B1_IMAGE_wininit.exe

BUCKET_ID:  X64_0xF4_36B1_IMAGE_wininit.exe

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\010512-18766-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0300c000 PsLoadedModuleList = 0xfffff800`03249e50
Debug session time: Thu Jan  5 02:55:15.623 2012 (UTC - 7:00)
System Uptime: 0 days 0:21:31.903
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {778cff2a, 2, 0, fffff88009860c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 00000000778cff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff88009860c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+6161663636613633
00000000`778cff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000307d469 to fffff8000307df00

STACK_TEXT:  
fffff880`09860a28 fffff800`0307d469 : 00000000`0000004a 00000000`778cff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09860a30 fffff800`0307d3a0 : fffffa80`10419560 00000000`056df7a8 fffff880`09860b88 fffff800`03391094 : nt!KiBugCheckDispatch+0x69
fffff880`09860b70 00000000`778cff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`056deef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x778cff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`0307d3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\010612-17971-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0304c000 PsLoadedModuleList = 0xfffff800`03289e50
Debug session time: Fri Jan  6 06:20:47.552 2012 (UTC - 7:00)
System Uptime: 1 days 1:45:36.832
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
...................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {777cff2a, 2, 0, fffff8800371dc60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 00000000777cff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff8800371dc60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3738623134623534
00000000`777cff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800030bd469 to fffff800030bdf00

STACK_TEXT:  
fffff880`0371da28 fffff800`030bd469 : 00000000`0000004a 00000000`777cff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0371da30 fffff800`030bd3a0 : fffffa80`10396060 00000000`058bfce8 fffff880`0371db88 fffff800`030b9b07 : nt!KiBugCheckDispatch+0x69
fffff880`0371db70 00000000`777cff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`058bf438 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777cff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030bd3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\010812-16957-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0304a000 PsLoadedModuleList = 0xfffff800`03287e50
Debug session time: Sun Jan  8 13:43:09.228 2012 (UTC - 7:00)
System Uptime: 0 days 19:47:49.823
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {7757ff2a, 2, 0, fffff88009664c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 000000007757ff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff88009664c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3738623134623534
00000000`7757ff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800030bb469 to fffff800030bbf00

STACK_TEXT:  
fffff880`09664a28 fffff800`030bb469 : 00000000`0000004a 00000000`7757ff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09664a30 fffff800`030bb3a0 : fffffa80`1083c8b0 00000000`0570f748 fffff880`09664b88 fffff800`033cf094 : nt!KiBugCheckDispatch+0x69
fffff880`09664b70 00000000`7757ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`0570ee98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7757ff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030bb3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\011212-21091-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0305a000 PsLoadedModuleList = 0xfffff800`03297e50
Debug session time: Thu Jan 12 16:30:26.853 2012 (UTC - 7:00)
System Uptime: 1 days 10:58:20.133
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {7777ff2a, 2, 0, fffff88009e98c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 000000007777ff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff88009e98c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3738623134623534
00000000`7777ff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800030cb469 to fffff800030cbf00

STACK_TEXT:  
fffff880`09e98a28 fffff800`030cb469 : 00000000`0000004a 00000000`7777ff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09e98a30 fffff800`030cb3a0 : fffffa80`10b2d060 00000000`04f4f9a8 fffff880`09e98b88 fffff800`033df094 : nt!KiBugCheckDispatch+0x69
fffff880`09e98b70 00000000`7777ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`04f4f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7777ff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030cb3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\011412-14944-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03005000 PsLoadedModuleList = 0xfffff800`03242e50
Debug session time: Sat Jan 14 16:23:56.206 2012 (UTC - 7:00)
System Uptime: 1 days 23:52:47.096
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {77c4ff2a, 2, 0, fffff88009629c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 0000000077c4ff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff88009629c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3738623134623534
00000000`77c4ff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80003076469 to fffff80003076f00

STACK_TEXT:  
fffff880`09629a28 fffff800`03076469 : 00000000`0000004a 00000000`77c4ff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09629a30 fffff800`030763a0 : fffffa80`10601760 00000000`0573fd48 fffff880`09629b88 fffff800`0338a094 : nt!KiBugCheckDispatch+0x69
fffff880`09629b70 00000000`77c4ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`0573f498 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c4ff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030763a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\011412-25131-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03066000 PsLoadedModuleList = 0xfffff800`032a3e50
Debug session time: Sat Jan 14 22:17:38.113 2012 (UTC - 7:00)
System Uptime: 0 days 5:53:03.393
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {776dff2a, 2, 0, fffff880095ddc60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 00000000776dff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff880095ddc60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3534663533386164
00000000`776dff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800030d7469 to fffff800030d7f00

STACK_TEXT:  
fffff880`095dda28 fffff800`030d7469 : 00000000`0000004a 00000000`776dff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`095dda30 fffff800`030d73a0 : fffffa80`1074f060 00000000`056cf9f8 fffff880`095ddb88 fffff800`033eb094 : nt!KiBugCheckDispatch+0x69
fffff880`095ddb70 00000000`776dff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`056cf148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776dff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030d73a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\011512-27690-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0305d000 PsLoadedModuleList = 0xfffff800`0329ae50
Debug session time: Sun Jan 15 09:21:14.530 2012 (UTC - 7:00)
System Uptime: 0 days 11:02:54.420
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4A, {776aff2a, 2, 0, fffff8800ab00c60}

Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+245 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_GT_ZERO_AT_SYSTEM_SERVICE (4a)
Returning to usermode from a system call at an IRQL > PASSIVE_LEVEL.
Arguments:
Arg1: 00000000776aff2a, Address of system function (system call routine)
Arg2: 0000000000000002, Current IRQL
Arg3: 0000000000000000, 0
Arg4: fffff8800ab00c60, 0

Debugging Details:
------------------


PROCESS_NAME:  NisSrv.exe

BUGCHECK_STR:  RAISED_IRQL_FAULT

FAULTING_IP: 
+3534663533386164
00000000`776aff2a ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800030ce469 to fffff800030cef00

STACK_TEXT:  
fffff880`0ab00a28 fffff800`030ce469 : 00000000`0000004a 00000000`776aff2a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0ab00a30 fffff800`030ce3a0 : fffffa80`1029a760 00000000`0557f828 fffff880`0ab00b88 fffff800`033e2094 : nt!KiBugCheckDispatch+0x69
fffff880`0ab00b70 00000000`776aff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x245
00000000`0557ef78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776aff2a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSystemServiceExit+245
fffff800`030ce3a0 4883ec50        sub     rsp,50h

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiSystemServiceExit+245

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

BUCKET_ID:  X64_RAISED_IRQL_FAULT_NisSrv.exe_nt!KiSystemServiceExit+245

Followup: MachineOwner
---------

Many of these were related to Microsoft Security Essentials Network Inspection System. It could be related to the VirtualBox network as you suspected. You could try getting an updated version of VirtualBox. It may also help to get your Windows updates installed. I note you do not have Service Pack 1 installed.

Update to SP1

Download Details - Microsoft Download Center - System Update Readiness Tool for Windows 7 (KB947821) [August 2011]

Download Details - Microsoft Download Center - System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [August 2011]

Steps to follow before you install Windows 7 Service Pack 1 from the Microsoft Download Center

Service Pack 1 Download site

Links to Service Pack 1 (SP1) and preparation for SP1 courtesy of JMH

Install all updates after updating to SP1, as well.

pite · 15 Jan 2012

Okay, i just bluescreened again, but i am pretty sure it is from the DriverVerifier:

Code:

On Sun 1/15/2012 8:56:43  PM GMT your computer crashed
crash dump file:  C:\Windows\Minidump\011512-20779-01.dmp
This was probably caused by the  following module: nisdrvwfp.sys (NisDrvWFP+0x57D4) 
Bugcheck code:  0xC9 (0x12, 0xFFFFF88006B197D4, 0x0, 0x2)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION 
file path:  C:\Windows\system32\drivers\nisdrvwfp.sys
product: Microsoft Forefront System
company: Microsoft Corporation
description: Microsoft Network  Inspection System Driver
Bug check description: This is the bug check code  for all Driver Verifier 
This appears to be a typical software driver bug and  is not likely to be caused by a hardware problem. 
The crash took place in a  standard Microsoft module. Your system configuration may be incorrect. Possibly  this problem is caused by another driver on your system which cannot be  identified at this time. 


On Sun 1/15/2012 8:56:43 PM GMT your computer  crashed
crash dump file: C:\Windows\memory.dmp
This was probably  caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0) 
Bugcheck code:  0xC9 (0x12, 0xFFFFF88006B197D4, 0x0, 0x2)
Error: DRIVER_VERIFIER_IOMANAGER_VIOLATION 
Bug check  description: This is the bug check code for all Driver Verifier 
This appears  to be a typical software driver bug and is not likely to be caused by a hardware  problem. 
The crash took place in the Windows kernel. Possibly this problem  is caused by another driver which cannot be identified at this time.

Attached the DMP files and such

And i have yet to install SP1, as i wanted to let driver verifier run first.

writhziden · 15 Jan 2012

Code:

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\pite\Windows_NT6_BSOD_jcgriff2\011512-20779-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0305e000 PsLoadedModuleList = 0xfffff800`0329be50
Debug session time: Sun Jan 15 13:56:43.944 2012 (UTC - 7:00)
System Uptime: 0 days 3:21:31.239
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {12, fffff88006b197d4, 0, 2}

Unable to load image \SystemRoot\system32\DRIVERS\NisDrvWFP.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NisDrvWFP.sys
*** ERROR: Module load completed but symbols could not be loaded for NisDrvWFP.sys
Probably caused by : NisDrvWFP.sys ( NisDrvWFP+57d4 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000012, IRQL not equal across call to driver dispatch routine
Arg2: fffff88006b197d4, Driver dispatch routine address.
Arg3: 0000000000000000, IRQL before calling driver dispatch routine.
Arg4: 0000000000000002, Current IRQL.

Debugging Details:
------------------


BUGCHECK_STR:  0xc9_12

DRIVER_VERIFIER_IO_VIOLATION_TYPE:  12

FAULTING_IP: 
NisDrvWFP+57d4
fffff880`06b197d4 4883ec28        sub     rsp,28h

FOLLOWUP_IP: 
NisDrvWFP+57d4
fffff880`06b197d4 4883ec28        sub     rsp,28h

PREVIOUS_IRQL:  0

CURRENT_IRQL:  2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  NisSrv.exe

LAST_CONTROL_TRANSFER:  from fffff80003158c00 to fffff800030cff00

STACK_TEXT:  
fffff880`06fd08d8 fffff800`03158c00 : 00000000`000000c9 00000000`00000012 fffff880`06b197d4 00000000`00000000 : nt!KeBugCheckEx
fffff880`06fd08e0 fffff800`0356fa3b : 00000000`00000000 00000000`00000001 00000000`00000000 fffff880`06b19800 : nt!VfBugCheckNoStackUsage+0x30
fffff880`06fd0920 fffff800`03575c2e : fffff980`0e36aee0 fffff980`0e36aee0 00000000`00000002 fffffa80`0febe2a0 : nt!VfAfterCallDriver+0x22b
fffff880`06fd0970 fffff800`033e83a7 : fffffa80`10f4ebe0 fffff880`06fd0c60 fffffa80`10f4ebe0 fffffa80`0f95d940 : nt!IovCallDriver+0x57e
fffff880`06fd09d0 fffff800`033e8c06 : fffffa80`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`06fd0b00 fffff800`030cf153 : fffffa80`113b42d0 00000000`0511fc18 fffff880`06fd0b88 fffff800`033e3094 : nt!NtDeviceIoControlFile+0x56
fffff880`06fd0b70 00000000`7713ff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0511f368 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7713ff2a


STACK_COMMAND:  .bugcheck ; kb

SYMBOL_NAME:  NisDrvWFP+57d4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NisDrvWFP

IMAGE_NAME:  NisDrvWFP.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9cc855

FAILURE_BUCKET_ID:  X64_0xc9_12_VRF_NisDrvWFP+57d4

BUCKET_ID:  X64_0xc9_12_VRF_NisDrvWFP+57d4

Followup: MachineOwner
---------

Microsoft Network Inspection System Driver caused the crash due to the Microsoft Security Essentials Network Inspection System. Probably due to not having the service pack installed and MSE being designed to run on the newer version of Windows 7. In other words, see the bold statement below.

pite said:

Code:

The crash took place in a  standard Microsoft module. 
Your system configuration may be incorrect. 
Possibly this problem is caused by another driver on 
your system which cannot be identified at this time.

writhziden · 05 Feb 2012

Did updating to SP1 fix the stability issues?

pite · 06 Feb 2012

I actually just fixed it by playing around a bit with my network drivers and such, and figured out it was just a MSE issue
Thank you very much though!

EDIT: marked as solved

writhziden · 06 Feb 2012

You're welcome. Glad it is stable again.

IRQL_GT_ZERO_AT_SYSTEM_SERVICE BSOD Randomly

IRQL_GT_ZERO_AT_SYSTEM_SERVICE BSOD Randomly (ntoskrnl.exe)