PDA

View Full Version : NETIO.SYS BSOD Kernel_Security_Check_Failure on G750-JZ when on internet ~10mins idle



SeattleROG
04-25-2015, 05:07 PM
Hey everyone,

I'm getting BSOD's on my G750-JZ when it sits on the internet for ~10mins idle or playing audio book. Started happening about 1.5 weeks ago. Heres what I've done so far:

1. Downloaded Windows SDK so I could view the .dmp files that my computer was creating.
2. Reviewed .dmp files.
3. Found NETSYS.IO to be the culprit.
4. Searched and Searched and Searched for info on this driver(?) and where/how to update it. For some reason, the answer is eluding me. The NETSYS.IO driver is shown as a Microsoft-owned software. Why its not easily found/updated on the internet(!).

Any help is much appreciated as this is really the first issue i've had with this awesome computer. :cool:

Thanks!


Here is the contents of the latest .dmp file.

Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\042515-13812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17736.amd64fre.winblue_r9.150322-1500
Machine Name:
Kernel base = 0xfffff802`98280000 PsLoadedModuleList = 0xfffff802`98559850
Debug session time: Sat Apr 25 08:56:46.687 2015 (UTC - 7:00)
System Uptime: 0 days 1:10:54.436
Loading Kernel Symbols
.................................................. .............
.................................................. ..............
..............................................
Loading User Symbols
Loading unloaded module list
........
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd000a9934310, ffffd000a9934268, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

4: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000a9934310, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd000a9934268, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


TRAP_FRAME: ffffd000a9934310 -- (.trap 0xffffd000a9934310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00072578ef0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe0006fea8ef0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801010f9acd rsp=ffffd000a99344a0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe000711c52b0
r11=ffffe00072578a20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff801`010f9acd cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffffd000a9934268 -- (.exr 0xffffd000a9934268)
ExceptionAddress: fffff801010f9acd (ndis!ndisNsiGetInterfaceInformation+0x00000000000 21b8d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT

BUGCHECK_STR: 0x139

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1: 0000000000000003

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER: from fffff802983dc7e9 to fffff802983d0ca0

STACK_TEXT:
ffffd000`a9933fe8 fffff802`983dc7e9 : 00000000`00000139 00000000`00000003 ffffd000`a9934310 ffffd000`a9934268 : nt!KeBugCheckEx
ffffd000`a9933ff0 fffff802`983dcb10 : 00000000`00000000 ffffc001`00000001 ffffd000`a99341d8 ffffd000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`a9934130 fffff802`983dbd34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`a9934310 fffff801`010f9acd : 00000000`ffffe000 00000000`00000000 ffffd000`a9934610 ffffe000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`a99344a0 fffff801`00e0d466 : ffffd000`a9934610 ffffe000`6ce8a702 ffffe000`6ce8a700 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd000`a9934550 fffff801`024e7a25 : 00000000`00000050 00000000`00000050 ffffe000`6ed74f40 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd000`a99346b0 fffff801`024e7be3 : 00000000`00000000 ffffe000`728bbfb0 ffffe000`728bbee0 00000000`00000000 : nsiproxy!NsippGetParameter+0x195
ffffd000`a9934840 fffff802`986a577f : 00000000`00000000 ffffe000`728bbee0 ffffe000`728bbee0 00000000`00000001 : nsiproxy!NsippDispatch+0x53
ffffd000`a9934880 fffff802`986a4d22 : ffffd000`a9934a38 00007ffc`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd000`a9934a20 fffff802`983dc4b3 : ffffe000`725b8080 00000097`001f0003 00000097`419fe918 fffff802`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`a9934a90 00007ffc`0c8d123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000097`419fe998 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`0c8d123a


STACK_COMMAND: kb

FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff801`00e0d466 8bd8 mov ebx,eax

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 540ebbe6

IMAGE_VERSION: 6.3.9600.17337

BUCKET_ID_FUNC_OFFSET: 222

FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x139_3_netio!nsigetparameterex

FAILURE_ID_HASH: {863902cf-27d7-671f-3d7f-44a47e15711d}

Followup: MachineOwner
---------

4: kd> lmvm NETIO
start end module name
fffff801`00e00000 fffff801`00e78000 NETIO (pdb symbols) c:\windows\symbol_cache\netio.pdb\1A13EC2D01DC4013 A4E57B7EB995FD8F2\netio.pdb
Loaded symbol image file: NETIO.SYS
Mapped memory image file: c:\windows\symbol_cache\NETIO.SYS\540EBBE678000\NE TIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Timestamp: Tue Sep 09 01:35:50 2014 (540EBBE6)
CheckSum: 0007D1B9
ImageSize: 00078000
File version: 6.3.9600.17337
Product version: 6.3.9600.17337
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 6.3.9600.17337
FileVersion: 6.3.9600.17337 (winblue_r3.140908-1537)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.

hmscott
04-25-2015, 07:17 PM
SeattleROG, there's nothing wrong with trying to debug it, but you might get rid of that problem easier if you check your Programs and Features, sort by Install Date, and uninstall whatever it was that was installed just before the problem started happening.

Also check for Windows Updates in the same control panel, look for the updates installed just before the crashes started.

Then after you know what specific app/update is causing this you can focus your google research on that/those apps - and that should help you find the solution quicker.

There are some hits on that error fairly recently, tied to a Dec 2014 update - started showing this error for them after that update:
https://www.google.com/search?q=NETIO.SYS+BSOD+Kernel_Security_Check_Fail ure&ie=utf-8&oe=utf-8

BugCheck 0x139 KERNEL_SECURITY_CHECK_FAILURE in NDIS.sys / NetIo.sys
https://social.technet.microsoft.com/Forums/itmanagement/en-US/7cc08298-f99f-4823-9af2-be0919a7bf68/bugcheck-0x139-kernelsecuritycheckfailure-in-ndissys-netiosys?forum=w8itpronetworking

This is more promising:

Recurring BSOD 0x139 KERNEL_SECURITY_CHECK_FAILURE in NETIO.SYS (bugcheck analyses within)
https://superuser.com/questions/859807/recurring-bsod-0x139-kernel-security-check-failure-in-netio-sys-bugcheck-analys

"Looks like this is a bug in Windows 8.1/2012 R2. Microsoft tries to fix this in May 2015 via Update or Hotfix."
http://blogs.technet.com/b/dip/archive/2015/03/24/win2012r2-stop-0x139-or-0xd1-in-netio-nsienumerateobjectsallparametersex-0x20d.aspx

Hopefully you can revert back and uninstall the update(s) that started the problem, and you don't need to wait till May for the Hotfix to work.

Please come back and let us know what you do to stop the bugchecks!

SeattleROG
04-26-2015, 03:06 PM
hmscott,

Thanks for the leads! I followed your link (http://blogs.technet.com/b/dip/archive/2015/03/24/win2012r2-stop-0x139-or-0xd1-in-netio-nsienumerateobjectsallparametersex-0x20d.aspx) above and uninstalled KB2975719.
I'll let my laptop play an audio book for a while and get back to the group as to whether the BSOD continues...

SeattleROG
04-30-2015, 12:07 AM
Still got BSOD's after uninstalling KB2975719. Followed your advice; visited Programs and Features, sorted by date installed. The two programs I installed were pretty critical to the work i'm doing right now:
Sapien Powershell Studio 2015 and Visual Studio 2015 Community Edition. I was ready to uninstall VS2015CE, but alas!, there was no option to uninstall it! I was surprised by that. I clicked "Change" instead, since it was the only option, and VS2015CE did a long...something... then restarted my computer. Upon restart and for a couple of days now I've had no more BSOD.
I should probably check to see if i've had a Windows Update within the last couple days.....eh, looks like an update to VS2015CE did occur on the 26th. Now i'm not sure what fixed the problem!, but it is sure nice not dealing with it any longer....Gremlin!

48763
48764