BSOD Kernel_Security_Check_Failure - OS X Bootcamp


  1. Posts : 25
    Windows 10 Pro
       #1

    BSOD Kernel_Security_Check_Failure - OS X Bootcamp


    I have a mid 2012 mac and I have had Windows 7 bootcamped on it for ages, working perfectly. I decided to make a change to Windows 10; I formatted the Windows 7 partition and clean installed Windows 10 on that with a CD. As soon as I boot up I get this BSOD: Kernel_Security_Check_Failure

    I get these BSODs almost as soon as I log onto Windows now making it unusable.

    I have used windbg to check the minidump and this is the output:

    Code:
    Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    
    
    Loading Dump File [C:\Windows\Minidump\110715-34750-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    Windows 10 Kernel Version 10240 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 10240.16463.amd64fre.th1.150819-1946
    Machine Name:
    Kernel base = 0xfffff800`d1a8a000 PsLoadedModuleList = 0xfffff800`d1daf030
    Debug session time: Sat Nov  7 15:58:27.989 2015 (UTC + 0:00)
    System Uptime: 0 days 0:01:22.699
    Loading Kernel Symbols
    .
    
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    
    ..............................................................
    ................................................................
    .......................................
    Loading User Symbols
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    Use !analyze -v to get detailed debugging information.
    
    
    BugCheck 139, {3, ffffd00024917de0, ffffd00024917d38, 0}
    
    
    Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
    
    
    Followup:     MachineOwner
    ---------
    
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffd00024917de0, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd00024917d38, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    
    
    Debugging Details:
    ------------------
    
    
    
    
    SYSTEM_SKU:  System SKU#
    
    
    SYSTEM_VERSION:  1.0
    
    
    BIOS_DATE:  06/08/2015
    
    
    BASEBOARD_PRODUCT:  Mac-6F01561E16C75D06
    
    
    BASEBOARD_VERSION:  MacBookPro9,2
    
    
    BUGCHECK_P1: 3
    
    
    BUGCHECK_P2: ffffd00024917de0
    
    
    BUGCHECK_P3: ffffd00024917d38
    
    
    BUGCHECK_P4: 0
    
    
    TRAP_FRAME:  ffffd00024917de0 -- (.trap 0xffffd00024917de0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffe0015fa9dbe8 rbx=0000000000000000 rcx=0000000000000003
    rdx=fffff800d1da20d0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800d1c1b230 rsp=ffffd00024917f70 rbp=0000000000000000
     r8=ffffe0015e82f418  r9=0000000000000000 r10=7fffe0015e82f418
    r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe cy
    nt! ?? ::FNODOBFM::`string'+0x34430:
    fffff800`d1c1b230 cd29            int     29h
    Resetting default scope
    
    
    EXCEPTION_RECORD:  ffffd00024917d38 -- (.exr 0xffffd00024917d38)
    ExceptionAddress: fffff800d1c1b230 (nt! ?? ::FNODOBFM::`string'+0x0000000000034430)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
    
    
    CPU_COUNT: 4
    
    
    CPU_MHZ: b4d
    
    
    CPU_VENDOR:  GenuineIntel
    
    
    CPU_FAMILY: 6
    
    
    CPU_MODEL: 3a
    
    
    CPU_STEPPING: 9
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    
    DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT
    
    
    BUGCHECK_STR:  0x139
    
    
    PROCESS_NAME:  svchost.exe
    
    
    CURRENT_IRQL:  2
    
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    
    EXCEPTION_PARAMETER1:  0000000000000003
    
    
    ANALYSIS_VERSION: 10.0.10240.9 amd64fre
    
    
    LAST_CONTROL_TRANSFER:  from fffff800d1be2ba9 to fffff800d1bd8240
    
    
    STACK_TEXT:  
    ffffd000`24917ab8 fffff800`d1be2ba9 : 00000000`00000139 00000000`00000003 ffffd000`24917de0 ffffd000`24917d38 : nt!KeBugCheckEx
    ffffd000`24917ac0 fffff800`d1be2ed0 : ffffe001`5e88ec00 00000000`00000000 00000000`0000000a ffffe001`5fa9d9e0 : nt!KiBugCheckDispatch+0x69
    ffffd000`24917c00 fffff800`d1be20f4 : 00000000`0000ff00 ffffe001`5fa764f0 00000000`00000002 fffff800`f3ae7e70 : nt!KiFastFailDispatch+0xd0
    ffffd000`24917de0 fffff800`d1c1b230 : ffffe001`5f887ce8 ffffffff`ffffffff ffffffff`ffffffff ffffe001`5f887ce8 : nt!KiRaiseSecurityCheckFailure+0xf4
    ffffd000`24917f70 fffff800`f3132420 : ffffe001`5f8877e0 ffffe001`5e82f400 ffffe001`5f887880 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x34430
    ffffd000`24917fa0 fffff800`f312f6b1 : ffffe001`5e82f400 ffffe001`5e82f400 ffffe001`5f8877e0 ffffe001`5f8877e0 : FLTMGR!FltpObjectPointerDereference+0xd8
    ffffd000`24917fd0 fffff800`f312f333 : ffffe001`5e82f400 00000000`00000008 ffffe001`5e82f2b0 ffffe001`5f8877e0 : FLTMGR!FltpFreeVolume+0x1c1
    ffffd000`24918010 fffff800`f3143bc8 : 00000000`c000014f 00000000`00000000 ffffe001`5d5b0a00 00000000`00000000 : FLTMGR!FltpCleanupDeviceObject+0x6b
    ffffd000`24918070 fffff800`f3132d8c : ffffe001`5c3ca450 ffffe001`c000014f ffffe001`5d5b0a00 ffffe001`5e82f2b0 : FLTMGR!FltpFsControlMountVolume+0xb948
    ffffd000`24918150 fffff800`d1f6dae2 : fffff800`d1dc9540 00000000`00000000 ffffe001`5ec44080 ffffe001`5ec44080 : FLTMGR!FltpFsControl+0x14c
    ffffd000`249181b0 fffff800`d1b528a4 : ffffe001`5cd708c0 ffffe001`5eac5010 ffffe001`5cd708c0 fffff800`d1f2caa7 : nt!IopMountVolume+0x35a
    ffffd000`24918430 fffff800`d1eb6367 : 00000000`000000a5 00000000`00000000 ffffd000`24918790 00000000`00000000 : nt!IopCheckVpbMounted+0x154
    ffffd000`24918480 fffff800`d1eb19d1 : ffffc000`8ce2a668 ffffc000`8ce2a668 ffffd000`24918790 ffffe001`5cd70890 : nt!IopParseDevice+0x4a7
    ffffd000`24918690 fffff800`d1f1038c : ffffe001`5fa96001 ffffd000`249188b8 ffffe001`00000040 ffffe001`5b55ab00 : nt!ObpLookupObjectName+0x711
    ffffd000`24918830 fffff800`d1f0c69c : 00000000`00000001 ffffe001`5eac5010 000000b5`396fd070 000000b5`396fd060 : nt!ObOpenObjectByName+0x1ec
    ffffd000`24918960 fffff800`d1f0c2e9 : 000000b5`396fd050 00000000`00000000 000000b5`396fd070 000000b5`396fd060 : nt!IopCreateFile+0x38c
    ffffd000`24918a00 fffff800`d1be2863 : ffffe001`5ec44080 000000b5`396fd008 ffffd000`24918aa8 00000000`00000001 : nt!NtCreateFile+0x79
    ffffd000`24918a90 00007ffd`63663a4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    000000b5`396fcfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`63663a4a
    
    
    
    
    STACK_COMMAND:  kb
    
    
    FOLLOWUP_IP: 
    nt!KiFastFailDispatch+d0
    fffff800`d1be2ed0 c644242000      mov     byte ptr [rsp+20h],0
    
    
    SYMBOL_STACK_INDEX:  2
    
    
    SYMBOL_NAME:  nt!KiFastFailDispatch+d0
    
    
    FOLLOWUP_NAME:  MachineOwner
    
    
    MODULE_NAME: nt
    
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  55d5626b
    
    
    IMAGE_VERSION:  10.0.10240.16463
    
    
    BUCKET_ID_FUNC_OFFSET:  d0
    
    
    FAILURE_BUCKET_ID:  0x139_3_nt!KiFastFailDispatch
    
    
    BUCKET_ID:  0x139_3_nt!KiFastFailDispatch
    
    
    PRIMARY_PROBLEM_CLASS:  0x139_3_nt!KiFastFailDispatch
    
    
    ANALYSIS_SOURCE:  KM
    
    
    FAILURE_ID_HASH_STRING:  km:0x139_3_nt!kifastfaildispatch
    
    
    FAILURE_ID_HASH:  {36173680-6f08-995f-065a-3d368c996911}
    
    
    Followup:     MachineOwner
    ---------
    Any idea how to fix this?
      My Computer


  2. Posts : 14,901
    Windows 10 Pro
       #2

    Please read BSOD Posting Instructions & How to upload files

    Marked is the Filesystem filter manager driver, which is related to the file system.
    My experience with file system drivers in the stack is that the hard drive is causing problems, but I think an analyse would give better results if we could get the logs from the BSOD instructions.
    Code:
    STACK_TEXT:  
    ffffd000`24917ab8 fffff800`d1be2ba9 : 00000000`00000139 00000000`00000003 ffffd000`24917de0 ffffd000`24917d38 : nt!KeBugCheckEx
    ffffd000`24917ac0 fffff800`d1be2ed0 : ffffe001`5e88ec00 00000000`00000000 00000000`0000000a ffffe001`5fa9d9e0 : nt!KiBugCheckDispatch+0x69
    ffffd000`24917c00 fffff800`d1be20f4 : 00000000`0000ff00 ffffe001`5fa764f0 00000000`00000002 fffff800`f3ae7e70 : nt!KiFastFailDispatch+0xd0
    ffffd000`24917de0 fffff800`d1c1b230 : ffffe001`5f887ce8 ffffffff`ffffffff ffffffff`ffffffff ffffe001`5f887ce8 : nt!KiRaiseSecurityCheckFailure+0xf4
    ffffd000`24917f70 fffff800`f3132420 : ffffe001`5f8877e0 ffffe001`5e82f400 ffffe001`5f887880 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x34430
    ffffd000`24917fa0 fffff800`f312f6b1 : ffffe001`5e82f400 ffffe001`5e82f400 ffffe001`5f8877e0 ffffe001`5f8877e0 : FLTMGR!FltpObjectPointerDereference+0xd8
    ffffd000`24917fd0 fffff800`f312f333 : ffffe001`5e82f400 00000000`00000008 ffffe001`5e82f2b0 ffffe001`5f8877e0 : FLTMGR!FltpFreeVolume+0x1c1
    ffffd000`24918010 fffff800`f3143bc8 : 00000000`c000014f 00000000`00000000 ffffe001`5d5b0a00 00000000`00000000 : FLTMGR!FltpCleanupDeviceObject+0x6b
    ffffd000`24918070 fffff800`f3132d8c : ffffe001`5c3ca450 ffffe001`c000014f ffffe001`5d5b0a00 ffffe001`5e82f2b0 : FLTMGR!FltpFsControlMountVolume+0xb948
    ffffd000`24918150 fffff800`d1f6dae2 : fffff800`d1dc9540 00000000`00000000 ffffe001`5ec44080 ffffe001`5ec44080 : FLTMGR!FltpFsControl+0x14c
    ffffd000`249181b0 fffff800`d1b528a4 : ffffe001`5cd708c0 ffffe001`5eac5010 ffffe001`5cd708c0 fffff800`d1f2caa7 : nt!IopMountVolume+0x35a
    ffffd000`24918430 fffff800`d1eb6367 : 00000000`000000a5 00000000`00000000 ffffd000`24918790 00000000`00000000 : nt!IopCheckVpbMounted+0x154
    ffffd000`24918480 fffff800`d1eb19d1 : ffffc000`8ce2a668 ffffc000`8ce2a668 ffffd000`24918790 ffffe001`5cd70890 : nt!IopParseDevice+0x4a7
    ffffd000`24918690 fffff800`d1f1038c : ffffe001`5fa96001 ffffd000`249188b8 ffffe001`00000040 ffffe001`5b55ab00 : nt!ObpLookupObjectName+0x711
    ffffd000`24918830 fffff800`d1f0c69c : 00000000`00000001 ffffe001`5eac5010 000000b5`396fd070 000000b5`396fd060 : nt!ObOpenObjectByName+0x1ec
    ffffd000`24918960 fffff800`d1f0c2e9 : 000000b5`396fd050 00000000`00000000 000000b5`396fd070 000000b5`396fd060 : nt!IopCreateFile+0x38c
    ffffd000`24918a00 fffff800`d1be2863 : ffffe001`5ec44080 000000b5`396fd008 ffffd000`24918aa8 00000000`00000001 : nt!NtCreateFile+0x79
    ffffd000`24918a90 00007ffd`63663a4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    000000b5`396fcfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`63663a4a
      My Computers


  3. Posts : 25
    Windows 10 Pro
    Thread Starter
       #3

    The problem is that I can't run the program as it bluescreens as soon as I do anything; I tried to connect to WiFi but as soon as I clicked the icon it bluescreened.
      My Computer


  4. Posts : 14,901
    Windows 10 Pro
       #4

    Try booting in safe mode and see if the problem still persist, also try to run the tool in safe mode.
    Safe mode would also immediately eliminate some possibilities as cause.
      My Computers


  5. Posts : 25
    Windows 10 Pro
    Thread Starter
       #5

    For some reason it didn't bluescreen this time and I managed to get the logs.

    Weirdly I have been using Windows for about 10 minutes now and it hasn't bluescreened yet. I don't know if it's a coincidence but I have just installed Tuxura NTFS on my OS X partition in order to read/write Windows from OS X
      My Computer


  6. Posts : 14,901
    Windows 10 Pro
       #6

    If verifier is still enabled please disable driver verifier
    • Open an admin command prompt
    • Enter "verifier/reset" (without quotes)


    A driver from a network device called Broadcom has been flagged, however it seems this one is missing according to the logs
    Code:
    *** WARNING: Unable to verify timestamp for bcmwl63a.sys
    *** ERROR: Module load completed but symbols could not be loaded for bcmwl63a.sys
    0: kd> lmvm bcmwl63a
    start             end                 module name
    fffff801`e6a60000 fffff801`e76ba000   bcmwl63a T (no symbols)           
        Loaded symbol image file: bcmwl63a.sys
        Image path: \SystemRoot\system32\DRIVERS\bcmwl63a.sys
        Image name: bcmwl63a.sys
        Timestamp:        Sat Jul 25 03:26:01 2015 (55B2E5A9)
        CheckSum:         00A56331
        ImageSize:        00C5A000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Search
    Code:
    %SystemRoot%\system32\DRIVERS\
    and see if the bcmwl63a.sys file is there.
      My Computers


  7. Posts : 25
    Windows 10 Pro
    Thread Starter
       #7

    The bcmwl63a.sys file is there and driver verifier is not running.
      My Computer


  8. Posts : 14,901
    Windows 10 Pro
       #8

    Please try to update it
    Driver Reference Table - bcmwl63a.sys
      My Computers


  9. Posts : 5,478
    2004
       #9

    Resentic said:
    I don't know if it's a coincidence but I have just installed Tuxura NTFS on my OS X partition in order to read/write Windows from OS X
    It may not be a coincidence (I can't read these logs though) but I've had problems with AppleHFS.sys (bootcamp 6 version) causing BSOD (I have a late 2012 mbp model 10,2)

    I disabled it but noticed Installing Paragon HFS drivers also disables it as part of the installation - perhaps Tuxura does too as it wouldn't make sense to have 2 HFS drivers. You could check the autostart entry under drivers with Autoruns for Windows

    I also had BSOD problems with the Broadcom driver (only when using Hyper-V). This was fixed by installing the bootcamp 5.1 version instead.

    The version 7.35.118.40 dated 24/07/15 installed by bcmwl63.inf in Bootcamp 6.0 caused BSOD. The version 6.30.223.215 dated 10/01/14 from Bootcamp 5.1 works OK.

    EDIT: You can download the Broadcom driver from my OneDrive if you want to save downloading the whole bootcamp 5,1 just to extract one driver if you want.
    Last edited by lx07; 09 Nov 2015 at 11:28. Reason: added download link
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:46.
Find Us




Windows 10 Forums