Random BSOD 0x139 KERNEL_SECURITY_CHECK_FAILURE

Gigi07

New Member
Messages
4
Hi Guys,

I'm having some random BSOD since I've installed an app relying on Oracle VM VirtualBox (Xamarin Android Player) ...
The first time I started a VM in this app, it installed some network drivers just as any virtualization solution.
I was already using another app relying on it (GenyMotion) and VMWare Workstation 9.0.4 build-1945795 without any issue before.

When I installed the Xamarin Android Player, it removed my vmnet0 bridged adapter.
I tried to restore it in the vmnetcfg.exe tool with the "Restore Default" command, but failed with a BSOD too.
I finally deleted all my vmnet and manually restored them (they are working properly from VM running in my VMWare Workstation). But I am since getting these random BSODs...

Find attached to this thread the zip from SF Debug Tool.
Find also the wide dump generated at BSOD time here: https://onedrive.live.com/redir?resid=3AB57E9B12D17188!105 (MEMORY.DMP)

I tried to use the WinDbg myself to solve my issue, but I was not able to load my dump properly... Here What I got:

Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.




Loading Dump File [C:\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available




************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17476.amd64fre.winblue_r5.141029-1500
Machine Name:
Kernel base = 0xfffff803`4e00a000 PsLoadedModuleList = 0xfffff803`4e2e3250
Debug session time: Fri Jan 23 09:16:09.881 2015 (UTC - 5:00)
System Uptime: 1 days 0:00:50.864
Loading Kernel Symbols
...............................................................
.....................................................Page 10d8be not present in the dump file. Type ".hh dbgerr004" for details
...........
.Page 12265c not present in the dump file. Type ".hh dbgerr004" for details
.........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff6`3848f018). Type ".hh dbgerr001" for details
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 139, {3, ffffd000d7e182b0, ffffd000d7e18208, 0}


Page 10d8be not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : NETIO.SYS ( NETIO!NsiGetAllParametersEx+1f8 )


Followup: MachineOwner
---------
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Hewlett-Packard Company
    CPU
    Intel(R) Core(TM) i7-3770 CPU @ 3.4Ghz
    Memory
    20.0GB
Hi gigi07 & Welcome to the forums ^_^,

I am extremely sorry for the late response. There are not enough analysts. Do you still need help with your problem? If you still need help with this, kindly reply back to this topic and I would reply within 48 hours and will be notified by email.

-Pranav
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Hi blueelvis,

Yes I do. I'm encountering this BSOD every morning between 9h17 am and 9h21am...

Hope you can help :)

Guillaume.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Hewlett-Packard Company
    CPU
    Intel(R) Core(TM) i7-3770 CPU @ 3.4Ghz
    Memory
    20.0GB
Just a quick update on my case, I have been able to repair my VMWare Workstation installation by booting in safe mode.
9h34am and still no crash :)
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Hewlett-Packard Company
    CPU
    Intel(R) Core(TM) i7-3770 CPU @ 3.4Ghz
    Memory
    20.0GB
Hi Gigi07 ^_^,

I have analysed the dump files and below has been provided an analysis of the same for informative purposes :-

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine.
Code:
5: kd> knL
 # Child-SP          RetAddr           Call Site
00 ffffd000`2162af88 fffff801`343765e9 nt!KeBugCheckEx
01 ffffd000`2162af90 fffff801`34376910 nt!KiBugCheckDispatch+0x69
02 ffffd000`2162b0d0 fffff801`34375b34 nt!KiFastFailDispatch+0xd0
03 ffffd000`2162b2b0 fffff801`538dc5f5 nt!KiRaiseSecurityCheckFailure+0xf4
04 ffffd000`2162b440 fffff801`536077d3 ndis!ndisNsiGetAllInterfaceInformation+0x26795
05 ffffd000`2162b540 fffff801`545ea677 NETIO!NsiGetAllParametersEx+0x1f8
06 ffffd000`2162b650 fffff801`545eac20 nsiproxy!NsippGetAllParameters+0x1d7
07 ffffd000`2162b840 fffff801`345fb1ef nsiproxy!NsippDispatch+0x90
08 ffffd000`2162b880 fffff801`345fa78e nt!IopXxxControlFile+0xa4f
09 ffffd000`2162ba20 fffff801`343762b3 nt!NtDeviceIoControlFile+0x56
0a ffffd000`2162ba90 00007fff`63210cba nt!KiSystemServiceCopyEnd+0x13
0b 000000aa`6804ee08 00000000`00000000 0x00007fff`63210cba
So, the system crashed because the Networking Drivers of Windows raised a security check failure. Since the drivers are part of the Operating System, chance of them being at fault is extremely less.

Below is a list of 3rd party drivers present on your system -
Code:
**************************Thu Jan 29 01:13:56.399 2015 (UTC + 5:30)**************************
[U][B]vmci.sys                     Tue May  1 06:44:27 2012 (4F9F38F3)
IntcDAud.sys                 Tue Jun 19 20:10:51 2012 (4FE08F73)
HECIx64.sys                  Tue Jul  3 03:44:58 2012 (4FF21D62)
VMNET.SYS                    Sun Jul  8 13:28:34 2012 (4FF93DAA)
vmnetadapter.sys             Sun Jul  8 13:28:35 2012 (4FF93DAB)
vmnetbridge.sys              Sun Jul  8 13:29:19 2012 (4FF93DD7)
e1c63x64.sys                 Fri Jul 13 03:16:10 2012 (4FFF45A2)
vsock.sys                    Wed Aug 22 02:40:15 2012 (5033F937)
RTKVHD64.sys                 Thu Sep 13 14:32:40 2012 (5051A130)
[/B][/U]vstor2-mntapi20-shared.sys   Fri Feb 22 16:57:11 2013 (5127560F)
intelppm.sys                 Thu Aug 22 14:16:35 2013 (5215CFEB)
dump_storahci.sys            Thu Aug 22 17:10:39 2013 (5215F8B7)
hcmon.sys                    Wed Oct 30 00:48:47 2013 (52700A17)
tmcomm.sys                   Mon Dec  9 17:29:50 2013 (52A5B0B6)
iwdbus.sys                   Fri Mar 14 03:29:14 2014 (53222A32)
tmevtmgr.sys                 Wed Mar 19 18:32:04 2014 (5329954C)
tmactmon.sys                 Wed Mar 19 18:32:12 2014 (53299554)
igdkmd64.sys                 Sat May 17 09:47:35 2014 (5376E2DF)
vmnetuserif.sys              Wed Jul  2 11:26:53 2014 (53B39F25)
vmx86.sys                    Wed Jul  2 12:30:39 2014 (53B3AE17)
VSApiNt.sys                  Sat Aug 30 18:33:46 2014 (5401CBB2)
TmPreFlt.sys                 Sat Aug 30 18:41:25 2014 (5401CD7D)
TmXPFlt.sys                  Sat Aug 30 18:41:38 2014 (5401CD8A)
VBoxUSBMon.sys               Sat Oct 11 16:56:22 2014 (543913DE)
VBoxNetAdp.sys               Sat Oct 11 16:56:22 2014 (543913DE)
VBoxNetFlt.sys               Sat Oct 11 16:56:22 2014 (543913DE)
VBoxDrv.sys                  Sat Oct 11 16:58:48 2014 (54391470)
[COLOR=#FF0000][U][B]IntelHaxm.sys                Tue Nov 18 12:32:14 2014 (546AEEF6)
[/B][/U][/COLOR]¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jan 28 19:52:55.086 2015 (UTC + 5:30)**************************
iqvw64e.sys                  Wed Jun  6 21:34:14 2012 (4FCF7F7E)
VBoxDDR0.r0                  Sat Oct 11 16:56:21 2014 (543913DD)
VBoxDD2R0.r0                 Sat Oct 11 16:56:21 2014 (543913DD)
VMMR0.r0                     Sat Oct 11 16:58:48 2014 (54391470)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jan 26 19:50:18.205 2015 (UTC + 5:30)**************************
vmusb.sys                    Tue Sep  1 17:22:14 2009 (4A9D0AEE)
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=e1c63x64.sys
http://www.carrona.org/drivers/driver.php?id=vsock.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
vstor2-mntapi20-shared.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=dump_storahci.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=tmcomm.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=tmevtmgr.sys
http://www.carrona.org/drivers/driver.php?id=tmactmon.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
http://www.carrona.org/drivers/driver.php?id=VSApiNt.sys
http://www.carrona.org/drivers/driver.php?id=TmPreFlt.sys
http://www.carrona.org/drivers/driver.php?id=TmXPFlt.sys
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetFlt.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=IntelHaxm.sys
http://www.carrona.org/drivers/driver.php?id=iqvw64e.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDDR0.r0
http://www.carrona.org/drivers/driver.php?id=VBoxDD2R0.r0
http://www.carrona.org/drivers/driver.php?id=VMMR0.r0
http://www.carrona.org/drivers/driver.php?id=vmusb.sys

Kindly follow the below steps -
  1. Please update the Intel Gigabit Network Driver. It is old.
  2. Please update the VMWARE drivers to the latest (I would suggest uninstalling the present version and installing the latest version).
  3. Intel HAXM is known to cause issues, kindly remove it till we are troubleshooting the system.
  4. If you are still facing issues, kindly remove Trend Micro using this **TOOL**.


Let me know how it goes since you have already updated the VMware drivers ^_^
-Pranav
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Back
Top