locked
BSOD caused by NETIO.SYS? RRS feed

  • Question

  • Normally one to solve these problems on my own, but having a headache of a time getting a symbol server or some-such to work, so that I would be able to read the data from the dump file properly.

    I see many other people have crashes "caused by" netio, but root cause usually something else.

    Anyways, hoping someone can help me out by taking a look at the dump files and letting me know the more specific cause of my bluescreens, and possibly where to go.

    Links:
    https://drive.google.com/file/d/0Bw6i7JJWAFWvcHVjZlc5VDAtV1E/edit?usp=sharing
    https://drive.google.com/file/d/0Bw6i7JJWAFWvNWZ0U1Bod2VJQWc/edit?usp=sharing
    https://drive.google.com/file/d/0Bw6i7JJWAFWvQXpwcHV6RDdtUkk/edit?usp=sharing

    Thursday, September 18, 2014 12:21 AM

Answers

  • Hi,

    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

    This indicates that a kernel-mode program generated an exception which the error handler did not catch.

    BugCheck 1000008E, {c0000005, 8bc91b13, a4797930, 0}

    1: kd> .trap 0xffffffffa4797930
    ErrCode = 00000000
    eax=00000000 ebx=8528fdb0 ecx=00010001 edx=00010000 esi=86c727b8 edi=fffffa4c
    eip=8bc91b13 esp=a47979a4 ebp=a47979b8 iopl=0         nv up ei ng nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
    tcpip!FlpReturnNetBufferListChain+0x35:
    8bc91b13 8b08            mov     ecx,dword ptr [eax]  ds:0023:00000000=????????
    

    On the faulting instruction, there was a failure moving a pointer stored in eax to ecx. This failed because the eax register is null (zero).

    Something 3rd party is causing network conflicts (specifically with the Network I/O System). If I had to guess, it's probably VMWare. To be sure though, let's enable Driver Verifier:

    Driver Verifier:

    What is Driver Verifier?

    Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

    Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

    Before enabling Driver Verifier, it is recommended to create a System Restore Point:

    Vista - START | type rstrui - create a restore point
    Windows 7 - START | type create | select "Create a Restore Point"
    Windows 8/8.1 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

    How to enable Driver Verifier:

    Start > type "verifier" without the quotes > Select the following options -

    1. Select - "Create custom settings (for code developers)"
    2. Select - "Select individual settings from a full list"
    3. Check the following boxes -
    - Special Pool
    - Pool Tracking
    - Force IRQL Checking
    - Deadlock Detection
    - Security Checks (only on Windows 7 & 8/8.1)
    - DDI compliance checking (only on Windows 8/8.1)
    - Miscellaneous Checks
    4. Select  - "Select driver names from a list"
    5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
    6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
    7. Click on Finish.
    8. Restart.

    Important information regarding Driver Verifier:
     
    - Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.

    - If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

    - After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

    If this happens, do not panic, do the following:

    - Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

    - Once in Safe Mode - Start > Search > type "cmd" without the quotes.

    - To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

    - Restart and boot into normal Windows.

    If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

    - Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

    - Once in Safe Mode - Start > type "system restore" without the quotes.

    - Choose the restore point you created earlier.

    -- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

    How long should I keep Driver Verifier enabled for?

    I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

    My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

    - If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

    - If you have the system set to generate Kernel Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.

    Any other questions can most likely be answered by this article:

    http://support.microsoft.com/kb/244617

    Regards,

    Patrick

    “Be kind whenever possible. It is always possible.” - Dalai Lama

    • Proposed as answer by Roger Lu Thursday, September 18, 2014 10:28 AM
    • Marked as answer by Yolanda Zhu Wednesday, September 24, 2014 9:42 AM
    Thursday, September 18, 2014 4:12 AM