Windows 10 KERNEL_SECURITY_CHECK_FAILURE BSOD

0

I'm working on a computer running Windows 10 (Build 16299) that keeps crashing with a KERNEL_SECURITY_CHECK_FAILURE code. I've done quite a bit of research, but this crash seems pretty unique. Microsoft has a list of the bugcheck parameters, but the one that I'm seeing, 1e (or presumably its decimal equivalent, 30) doesn't show up on that list. Turns out it's an internal code used by Microsoft and will not be documented publicly (although someone recently commented on that, so I wonder if it's becoming a more common crash).

So far I have:

  • Updated all drivers I can find for the computer
  • Ran DISM /Online /Cleanup-Image /RestoreHealth and sfc /scannow
  • Ran Dell Pre-boot System Assessment (which includes a CPU stress test and memory tests), no errors reported
  • Ran Windows Memory Diagnostics, no errors reported
  • Replaced the RAM with a brand new module.

There doesn't seem to be any rhyme or reason to the crash; it just happens randomly. No single app is causing it in specific as far as we can tell. Each crash dump lists a different process. One thing I've noticed in common between all of the minidumps I've looked at for this computer is LAST_CONTROL_TRANSFER: from fffff80174793f69 to fffff801747833c0. I only have a fairly basic understanding of computer architecture, so I'm not totally sure how to interpret that.

Below is the output of the most recent minidump that was generated:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001e, Type of memory safety violation
Arg2: fffff8038e9fca40, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8038e9fc998, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  16299.637.amd64fre.rs3_release_svc.180808-1748

SYSTEM_MANUFACTURER:  Dell Inc.

SYSTEM_PRODUCT_NAME:  Precision 3510

SYSTEM_SKU:  06E0

BIOS_VENDOR:  Dell Inc.

BIOS_VERSION:  1.21.6

BIOS_DATE:  10/02/2019

BASEBOARD_MANUFACTURER:  Dell Inc.

BASEBOARD_PRODUCT:  0PVGJH

BASEBOARD_VERSION:  A00

DUMP_TYPE:  2

BUGCHECK_P1: 1e

BUGCHECK_P2: fffff8038e9fca40

BUGCHECK_P3: fffff8038e9fc998

BUGCHECK_P4: 0

TRAP_FRAME:  fffff8038e9fca40 -- (.trap 0xfffff8038e9fca40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff850743100400 rbx=0000000000000000 rcx=000000000000001e
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8038b7a314d rsp=fffff8038e9fcbd0 rbp=fffff8038e9fcc50
 r8=0000000000000084  r9=00000000000000ff r10=fffff8038b608000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!KiDeferredReadyThread+0x12840d:
fffff803`8b7a314d cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  fffff8038e9fc998 -- (.exr 0xfffff8038e9fc998)
ExceptionAddress: fffff8038b7a314d (nt!KiDeferredReadyThread+0x000000000012840d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000000000001e
Subcode: 0x1e FAST_FAIL_INVALID_NEXT_THREAD

CPU_COUNT: 8

CPU_MHZ: a98

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: CC'00000000 (cache) CC'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0x139

PROCESS_NAME:  chrome.exe

CURRENT_IRQL:  2

DEFAULT_BUCKET_ID:  FAIL_FAST_INVALID_NEXT_THREAD

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  000000000000001e

ANALYSIS_SESSION_HOST:  XXXXXXXX

ANALYSIS_SESSION_TIME:  05-06-2020 14:39:39.0266

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

DPC_STACK_BASE:  FFFFF8038E9FCFB0

LAST_CONTROL_TRANSFER:  from fffff8038b799f69 to fffff8038b7893c0

STACK_TEXT:  
fffff803`8e9fc718 fffff803`8b799f69 : 00000000`00000139 00000000`0000001e fffff803`8e9fca40 fffff803`8e9fc998 : nt!KeBugCheckEx
fffff803`8e9fc720 fffff803`8b79a310 : 00000000`00000000 ffff8507`24354370 ffff8507`24a0e000 fffff803`8b78fdab : nt!KiBugCheckDispatch+0x69
fffff803`8e9fc860 fffff803`8b798925 : 00000000`00000000 ffff8507`24bde000 ffff8507`24a5d800 fffff803`8b623078 : nt!KiFastFailDispatch+0xd0
fffff803`8e9fca40 fffff803`8b7a314d : ffff8507`2cc6d080 ffff8507`00000000 ffff8507`00000015 fffff803`8e9fcca8 : nt!KiRaiseSecurityCheckFailure+0x2e5
fffff803`8e9fcbd0 fffff803`8b69b3e3 : fffff803`8974b180 00000000`00000002 fffff803`00000000 00000175`00000001 : nt!KiDeferredReadyThread+0x12840d
fffff803`8e9fcc90 fffff803`8b69bd1e : fffff803`8974b180 ffff8507`2cc6d1f0 fffff803`8e9fce68 ffff8507`00000000 : nt!KiReadyThread+0x33
fffff803`8e9fccc0 fffff803`8b69cc8d : 00000000`00000000 00000000`00000000 00000000`00286978 fffff803`8974b180 : nt!KiProcessExpiredTimerList+0x27e
fffff803`8e9fcdb0 fffff803`8b790365 : 00000000`00000000 fffff803`8974b180 ffff8286`55608a80 fffff803`8bf39890 : nt!KiRetireDpcList+0x43d
fffff803`8e9fcfb0 fffff803`8b790170 : 00000000`00000000 fffff803`8bee6356 ffff8507`2e0a2700 00000000`0a23fe60 : nt!KxRetireDpcList+0x5
ffff8286`556089c0 fffff803`8b78faa5 : 00000000`09bdd918 fffff803`8b78b1d1 00000000`ffffffff ffff8507`2e0a2700 : nt!KiDispatchInterruptContinue
ffff8286`556089f0 fffff803`8b78b1d1 : 00000000`ffffffff ffff8507`2e0a2700 ffff8286`00000000 ffff8507`34701890 : nt!KiDpcInterruptBypass+0x25
ffff8286`55608a00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0xb1


THREAD_SHA1_HASH_MOD_FUNC:  153280be3df77d976d88771fbe16e1f2f8a7b37f

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  536a7bc8cbbd2ddc7135b6f3fadef41d0a0bae49

THREAD_SHA1_HASH_MOD:  dc844b1b94baa204d070855e43bbbd27eee98b94

FOLLOWUP_IP: 
nt!KiFastFailDispatch+d0
fffff803`8b79a310 c644242000      mov     byte ptr [rsp+20h],0

FAULT_INSTR_CODE:  202444c6

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiFastFailDispatch+d0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5e7ad045

IMAGE_VERSION:  10.0.16299.1776

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  d0

FAILURE_BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

TARGET_TIME:  2020-05-06T18:50:16.000Z

OSBUILD:  16299

OSSERVICEPACK:  1776

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2020-03-24 22:30:13

BUILDDATESTAMP_STR:  180808-1748

BUILDLAB_STR:  rs3_release_svc

BUILDOSVER_STR:  10.0.16299.637.amd64fre.rs3_release_svc.180808-1748

ANALYSIS_SESSION_ELAPSED_TIME:  378c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_1e_invalid_next_thread_nt!kifastfaildispatch

FAILURE_ID_HASH:  {bef176cd-c482-4279-6644-552334c6dc54}

Followup:     MachineOwner
---------
windows
windows-10
bsod
crash
asked on Super User May 6, 2020 by tanner

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0