locked
Windows 7 Pro 64 bit - BSOD - overnight RRS feed

  • Question

  • hi all,

    new to these forums :)

    basically i left my pc powered on overnight and the next morning i see it had rebooted and the message "windows has recovered from an unexpected shutdown>

    i have checked the event log, but i dont see anything obvious to be causing the issue.

    this is the first time this issue has arisen, and the pc is a bout 4-5 months old.

    any thoughts or advice appreciated.

    Attached Event log-

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
      <EventID>41</EventID>
      <Version>2</Version>
      <Level>1</Level>
      <Task>63</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000002</Keywords>
      <TimeCreated SystemTime="2011-09-18T14:47:09.194010000Z" />
      <EventRecordID>40904</EventRecordID>
      <Correlation />
      <Execution ProcessID="4" ThreadID="8" />
      <Channel>System</Channel>
      <Computer>Timmo-PC</Computer>
      <Security UserID="S-1-5-18" />
      </System>
    - <EventData>
      <Data Name="BugcheckCode">209</Data>
      <Data Name="BugcheckParameter1">0x28</Data>
      <Data Name="BugcheckParameter2">0x2</Data>
      <Data Name="BugcheckParameter3">0x0</Data>
      <Data Name="BugcheckParameter4">0xfffff88001411b2d</Data>
      <Data Name="SleepInProgress">false</Data>
      <Data Name="PowerButtonTimestamp">0</Data>
      </EventData>
      </Event>

     

    Once again thanks for your insight to this issue, thanks.

    Timmo


    Sunday, September 18, 2011 11:48 PM

Answers

  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000028, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff88001411b2d, address which referenced memory
    Debugging Details:
    ------------------
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003ab7100
     0000000000000028 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1d
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h]
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  fffff8800391c660 -- (.trap 0xfffff8800391c660)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800391c880 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88001411b2d rsp=fffff8800391c7f0 rbp=fffff8800391c920
     r8=00000000ffffffbc  r9=0000000000000044 r10=0000000000000000
    r11=fffffa80178a16b0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    NETIO!RtlCopyBufferToMdl+0x1d:
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h] ds:2180:00000000`00000028=????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff800038841e9 to fffff80003884c40
    STACK_TEXT:  
    fffff880`0391c518 fffff800`038841e9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0391c520 fffff800`03882e60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000044 : nt!KiBugCheckDispatch+0x69
    fffff880`0391c660 fffff880`01411b2d : 00000000`00000087 fffff880`016eafec 00000000`0000000a fffffa80`181e6f58 : nt!KiPageFault+0x260
    fffff880`0391c7f0 fffff880`0177174c : 00000000`00000000 fffff880`017403a6 00000000`00000001 00000000`00000000 : NETIO!RtlCopyBufferToMdl+0x1d
    fffff880`0391c850 fffff880`0173d993 : fffffa80`178a16b0 00000000`00000001 fffffa80`183ab710 00000000`00000000 : tcpip! ?? ::FNODOBFM::`string'+0x1d72f
    fffff880`0391c8c0 fffff880`017307f4 : fffff880`0391cd78 00000000`00000029 fffffa80`183ab710 00000000`00000001 : tcpip!TcpTcbCarefulDatagram+0x543
    fffff880`0391ca70 fffff880`0172f11a : fffffa80`13263830 fffff880`017275d4 fffffa80`1322e628 00000000`00000000 : tcpip!TcpTcbReceive+0x694
    fffff880`0391cc20 fffff880`01730d4b : fffffa80`141e0052 fffffa80`1339c000 00000000`00000000 fffff880`0391cf00 : tcpip!TcpMatchReceive+0x1fa
    fffff880`0391cd70 fffff880`01727c67 : fffffa80`13263830 fffffa80`132cbac9 fffffa80`000007c7 00000000`000007c7 : tcpip!TcpPreValidatedReceive+0x36b
    fffff880`0391ce40 fffff880`017277da : 00000000`00000000 fffff880`01843800 fffff880`0391d000 fffff880`015c4f5e : tcpip!IppDeliverListToProtocol+0x97
    fffff880`0391cf00 fffff880`01726dd9 : 00000000`00000001 00000000`00000011 fffff880`0391cfe0 fffff880`0391cff0 : tcpip!IppProcessDeliverList+0x5a
    fffff880`0391cfa0 fffff880`01724b4f : 00000000`00000000 00000000`139d5700 fffff880`01843800 fffff880`01843800 : tcpip!IppReceiveHeaderBatch+0x23a
    fffff880`0391d080 fffff880`01724142 : fffffa80`13a7ef30 00000000`00000000 fffffa80`139d5700 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f
    fffff880`0391d280 fffff880`017a43ea : 00000000`00000000 fffffa80`178bce20 fffffa80`139d57f0 00000000`00000001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
    fffff880`0391d360 fffff800`03891618 : 00000000`00000010 00000000`00000246 fffffa80`12b04040 00000000`00000001 : tcpip! ?? ::FNODOBFM::`string'+0x567f2
    fffff880`0391d3b0 fffff880`01723ca2 : fffff880`01723500 fffffa80`169a7190 fffff880`01848900 fffff880`01728e01 : nt!KeExpandKernelStackAndCalloutEx+0xd8
    fffff880`0391d490 fffff880`015c40eb : fffffa80`13a7c010 00000000`00000000 fffffa80`136f01a0 00000000`00000000 : tcpip!FlReceiveNetBufferListChain+0xb2
    fffff880`0391d500 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1d
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h]
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1d
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: NETIO
    IMAGE_NAME:  NETIO.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79381
    FAILURE_BUCKET_ID:  X64_0xD1_NETIO!RtlCopyBufferToMdl+1d
    BUCKET_ID:  X64_0xD1_NETIO!RtlCopyBufferToMdl+1d
    Followup: MachineOwner
    ---------
    4: kd> lmvm NETIO
    start             end                 module name
    fffff880`01400000 fffff880`01460000   NETIO      (pdb symbols)          c:\symbols\netio.pdb\DD06DDC1DE2F426D85400E127C2DF49A2\netio.pdb
        Loaded symbol image file: NETIO.SYS
        Mapped memory image file: c:\symbols\NETIO.SYS\4CE7938160000\NETIO.SYS
        Image path: \SystemRoot\system32\drivers\NETIO.SYS
        Image name: NETIO.SYS
        Timestamp:        Sat Nov 20 10:23:13 2010 (4CE79381)
        CheckSum:         00066D17
        ImageSize:        00060000
        File version:     6.1.7601.17514
        Product version:  6.1.7601.17514
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.6 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     netio.sys
        OriginalFilename: netio.sys
        ProductVersion:   6.1.7601.17514
        FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
        FileDescription:  Network I/O Subsystem
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    ---------------------------------------------------------------------------------------------
    Start by updating NIC drivers and disable all security softwares.
    Once done, check again.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator

    • Marked as answer by Robinson Zhang Thursday, October 6, 2011 4:18 PM
    Saturday, September 24, 2011 2:41 PM

All replies

  • Hello,

    Please use Microsoft Skydrive to upload dump files (c:\windows\minidumps). Once done, post a link here.

    You can also contact Microsoft CSS.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, September 19, 2011 11:22 PM
  • Hi,
    
    I analyzed the dump file and find the root casue which caused the BSOD is “NETIO.SYS”.
    
    Please remove all unnecessary hardware devices from the computer, try entering Windows safe mode to test whether it is a third-party software/hardware compatibility issue.
    
    If the issue is caused by some incompatible driver, you might go to Device Manager, right click your hardware device in the list and select Update Driver Software; then click Search automatically for updated driver software. Otherwise, caused by third-party software, directly contact its own support to solve the problem in timely manner.
    
    Also please refer:
    Windows Kernel event ID 41 error in Windows 7 or in Windows Server 2008 R2: "The system has rebooted without cleanly shutting down first".
    http://support.microsoft.com/kb/2028504
    
    Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    http://msdn.microsoft.com/en-us/library/ff560244(v=vs.85).aspx
    
    Hope that helps
    


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Friday, September 23, 2011 2:39 AM
  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000028, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff88001411b2d, address which referenced memory
    Debugging Details:
    ------------------
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003ab7100
     0000000000000028 
    CURRENT_IRQL:  2
    FAULTING_IP: 
    NETIO!RtlCopyBufferToMdl+1d
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h]
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    BUGCHECK_STR:  0xD1
    PROCESS_NAME:  System
    TRAP_FRAME:  fffff8800391c660 -- (.trap 0xfffff8800391c660)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800391c880 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88001411b2d rsp=fffff8800391c7f0 rbp=fffff8800391c920
     r8=00000000ffffffbc  r9=0000000000000044 r10=0000000000000000
    r11=fffffa80178a16b0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    NETIO!RtlCopyBufferToMdl+0x1d:
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h] ds:2180:00000000`00000028=????????
    Resetting default scope
    LAST_CONTROL_TRANSFER:  from fffff800038841e9 to fffff80003884c40
    STACK_TEXT:  
    fffff880`0391c518 fffff800`038841e9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0391c520 fffff800`03882e60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000044 : nt!KiBugCheckDispatch+0x69
    fffff880`0391c660 fffff880`01411b2d : 00000000`00000087 fffff880`016eafec 00000000`0000000a fffffa80`181e6f58 : nt!KiPageFault+0x260
    fffff880`0391c7f0 fffff880`0177174c : 00000000`00000000 fffff880`017403a6 00000000`00000001 00000000`00000000 : NETIO!RtlCopyBufferToMdl+0x1d
    fffff880`0391c850 fffff880`0173d993 : fffffa80`178a16b0 00000000`00000001 fffffa80`183ab710 00000000`00000000 : tcpip! ?? ::FNODOBFM::`string'+0x1d72f
    fffff880`0391c8c0 fffff880`017307f4 : fffff880`0391cd78 00000000`00000029 fffffa80`183ab710 00000000`00000001 : tcpip!TcpTcbCarefulDatagram+0x543
    fffff880`0391ca70 fffff880`0172f11a : fffffa80`13263830 fffff880`017275d4 fffffa80`1322e628 00000000`00000000 : tcpip!TcpTcbReceive+0x694
    fffff880`0391cc20 fffff880`01730d4b : fffffa80`141e0052 fffffa80`1339c000 00000000`00000000 fffff880`0391cf00 : tcpip!TcpMatchReceive+0x1fa
    fffff880`0391cd70 fffff880`01727c67 : fffffa80`13263830 fffffa80`132cbac9 fffffa80`000007c7 00000000`000007c7 : tcpip!TcpPreValidatedReceive+0x36b
    fffff880`0391ce40 fffff880`017277da : 00000000`00000000 fffff880`01843800 fffff880`0391d000 fffff880`015c4f5e : tcpip!IppDeliverListToProtocol+0x97
    fffff880`0391cf00 fffff880`01726dd9 : 00000000`00000001 00000000`00000011 fffff880`0391cfe0 fffff880`0391cff0 : tcpip!IppProcessDeliverList+0x5a
    fffff880`0391cfa0 fffff880`01724b4f : 00000000`00000000 00000000`139d5700 fffff880`01843800 fffff880`01843800 : tcpip!IppReceiveHeaderBatch+0x23a
    fffff880`0391d080 fffff880`01724142 : fffffa80`13a7ef30 00000000`00000000 fffffa80`139d5700 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f
    fffff880`0391d280 fffff880`017a43ea : 00000000`00000000 fffffa80`178bce20 fffffa80`139d57f0 00000000`00000001 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
    fffff880`0391d360 fffff800`03891618 : 00000000`00000010 00000000`00000246 fffffa80`12b04040 00000000`00000001 : tcpip! ?? ::FNODOBFM::`string'+0x567f2
    fffff880`0391d3b0 fffff880`01723ca2 : fffff880`01723500 fffffa80`169a7190 fffff880`01848900 fffff880`01728e01 : nt!KeExpandKernelStackAndCalloutEx+0xd8
    fffff880`0391d490 fffff880`015c40eb : fffffa80`13a7c010 00000000`00000000 fffffa80`136f01a0 00000000`00000000 : tcpip!FlReceiveNetBufferListChain+0xb2
    fffff880`0391d500 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
    STACK_COMMAND:  kb
    FOLLOWUP_IP: 
    NETIO!RtlCopyBufferToMdl+1d
    fffff880`01411b2d 448b5228        mov     r10d,dword ptr [rdx+28h]
    SYMBOL_STACK_INDEX:  3
    SYMBOL_NAME:  NETIO!RtlCopyBufferToMdl+1d
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: NETIO
    IMAGE_NAME:  NETIO.SYS
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79381
    FAILURE_BUCKET_ID:  X64_0xD1_NETIO!RtlCopyBufferToMdl+1d
    BUCKET_ID:  X64_0xD1_NETIO!RtlCopyBufferToMdl+1d
    Followup: MachineOwner
    ---------
    4: kd> lmvm NETIO
    start             end                 module name
    fffff880`01400000 fffff880`01460000   NETIO      (pdb symbols)          c:\symbols\netio.pdb\DD06DDC1DE2F426D85400E127C2DF49A2\netio.pdb
        Loaded symbol image file: NETIO.SYS
        Mapped memory image file: c:\symbols\NETIO.SYS\4CE7938160000\NETIO.SYS
        Image path: \SystemRoot\system32\drivers\NETIO.SYS
        Image name: NETIO.SYS
        Timestamp:        Sat Nov 20 10:23:13 2010 (4CE79381)
        CheckSum:         00066D17
        ImageSize:        00060000
        File version:     6.1.7601.17514
        Product version:  6.1.7601.17514
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        3.6 Driver
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     netio.sys
        OriginalFilename: netio.sys
        ProductVersion:   6.1.7601.17514
        FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
        FileDescription:  Network I/O Subsystem
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
    ---------------------------------------------------------------------------------------------
    Start by updating NIC drivers and disable all security softwares.
    Once done, check again.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator

    • Marked as answer by Robinson Zhang Thursday, October 6, 2011 4:18 PM
    Saturday, September 24, 2011 2:41 PM