Windows Serverr 2012 R2 KERNEL_SECURITY_CHECK_FAILURE (139) RRS feed

  • Question

  • Hello,
    I keep getting the stop code
    + System 
    - EventData 
      param1 0x00000139 (0x0000000000000002, 0xffffd001e189ae30, 0xffffd001e189ad88, 0x0000000000000000) 

    The dump file is:
    21: kd> !analyze -v


    A kernel component has corrupted a critical data structure.  The corruption could potentially allow a malicious user to gain control of this machine.
    Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based buffer overrun.
    Arg2: ffffd001e189ae30, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd001e189ad88, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved

    Debugging Details:

    DUMP_TYPE:  1

    BUGCHECK_P1: 2

    BUGCHECK_P2: ffffd001e189ae30

    BUGCHECK_P3: ffffd001e189ad88

    BUGCHECK_P4: 0

    TRAP_FRAME:  ffffd001e189ae30 -- (.trap 0xffffd001e189ae30)

    NOTE: The trap frame does not contain all registers.

    Some register values may be zeroed or incorrect.

    rax=0000000000000042 rbx=0000000000000000 rcx=0000000000000002

    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000

    rip=fffff801cbecf661 rsp=ffffd001e189afc8 rbp=ffffd001e189b0d0

     r8=0000000000000042  r9=ffffe8005de7e010 r10=0000000000000042

    r11=ffffd001e189b020 r12=0000000000000000 r13=0000000000000000

    r14=0000000000000000 r15=0000000000000000

    iopl=0         nv up ei pl nz ac pe nc


    fffff801`cbecf661 cd29            int     29h

    Resetting default scope

    EXCEPTION_RECORD:  ffffd001e189ad88 -- (.exr 0xffffd001e189ad88)

    ExceptionAddress: fffff801cbecf661 (ql2300+0x00000000000ce661)

    ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

    ExceptionFlags: 00000001

    NumberParameters: 1

    Parameter[0]: 0000000000000002


    BUGCHECK_STR:  0x139

    PROCESS_NAME:  System




    ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

    EXCEPTION_CODE_STR:  c0000409

    EXCEPTION_PARAMETER1:  0000000000000002


    ANALYSIS_SESSION_TIME:  12-05-2019 15:47:35.0493

    ANALYSIS_VERSION: 10.0.18362.1 amd64fre

    LAST_CONTROL_TRANSFER:  from fffff800f4de1ae9 to fffff800f4dd5fa0


    ffffd001`e189ab08 fffff800`f4de1ae9 : 00000000`00000139 00000000`00000002 ffffd001`e189ae30 ffffd001`e189ad88 : nt!KeBugCheckEx

    ffffd001`e189ab10 fffff800`f4de1e10 : ffffe001`6b427bb0 00000000`00000000 00000000`000005dc 00000000`00000001 : nt!KiBugCheckDispatch+0x69

    ffffd001`e189ac50 fffff800`f4de1034 : 37310030`30303831 38616563`64646600 ffffe001`00000000 00000000`00000002 : nt!KiFastFailDispatch+0xd0

    ffffd001`e189ae30 fffff801`cbecf661 : fffff801`cbecd115 ffffe800`5de7e010 00000000`00000042 ffffe800`5f746228 : nt!KiRaiseSecurityCheckFailure+0xf4

    ffffd001`e189afc8 fffff801`cbecd115 : ffffe800`5de7e010 00000000`00000042 ffffe800`5f746228 fffff801`cbe01000 : ql2300+0xce661

    ffffd001`e189afd0 fffff801`cbe8455e : ffffe800`5f71c040 ffffe800`5ff1bd30 fffff801`cbed9a60 ffffe800`5fddcea8 : ql2300+0xcc115

    ffffd001`e189b3f0 fffff801`cbe701ca : ffffe800`5fddcea8 ffffe800`5f74c678 ffffe800`5de7e010 ffffe800`5fddcea8 : ql2300+0x8355e

    ffffd001`e189b5c0 fffff801`cbe6f11b : ffffd001`e189b900 ffffe800`5de7e010 00000000`00000003 00000000`00000000 : ql2300+0x6f1ca

    ffffd001`e189b7f0 fffff800`f4cdc1e0 : ffffd001`e1870f00 00000000`00000000 ffffd001`e189b960 ffffd001`e189bb00 : ql2300+0x6e11b

    ffffd001`e189b860 fffff800`f4cdb3fb : ffffd001`e186e180 ffffe800`6099f430 00000000`00000000 fffff801`cbfac6d7 : nt!KiExecuteAllDpcs+0x1b0

    ffffd001`e189b9b0 fffff800`f4dd9aea : ffffd001`e186e180 ffffd001`e186e180 ffffd001`e187a7c0 ffffe800`609ba880 : nt!KiRetireDpcList+0xdb

    ffffd001`e189bc60 00000000`00000000 : ffffd001`e189c000 ffffd001`e1896000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a

    THREAD_SHA1_HASH_MOD_FUNC:  7560323b503d9fb770a0d3353f55118b3d4ade87

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  edf17d8042c6ee116d14f7227f23a7437895e59a

    THREAD_SHA1_HASH_MOD:  84a64667ddfc48ea26a6be3b4fa4a0df3049752e



    fffff801`cbecf661 cd29            int     29h

    FAULT_INSTR_CODE:  b9cc29cd


    SYMBOL_NAME:  ql2300+ce661

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: ql2300

    IMAGE_NAME:  ql2300.sys


    STACK_COMMAND:  .thread ; .cxr ; kb


    FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_ql2300!unknown_function

    BUCKET_ID:  0x139_MISSING_GSFRAME_ql2300!unknown_function

    PRIMARY_PROBLEM_CLASS:  0x139_MISSING_GSFRAME_ql2300!unknown_function

    TARGET_TIME:  2019-12-04T12:52:13.000Z

    OSBUILD:  9600




    SUITE_MASK:  16



    OSNAME:  Windows 8.1

    OSEDITION:  Windows 8.1 Server TerminalServer


    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2014-03-06 13:18:55

    BUILDDATESTAMP_STR:  140305-1710

    BUILDLAB_STR:  winblue_gdr

    BUILDOSVER_STR:  6.3.9600.17041.amd64fre.winblue_gdr.140305-1710


    FAILURE_ID_HASH_STRING:  km:0x139_missing_gsframe_ql2300!unknown_function
    FAILURE_ID_HASH:  {9387f01c-d58b-8aa8-e966-15494b475893}

    Thursday, December 5, 2019 9:39 AM

All replies

  • The bugcheck was 139:  KERNEL_SECURITY_CHECK_FAILURE

    To evaluate the BSOD please post logs for troubleshooting.

    Using administrative command prompt copy and paste this whole command.

    Make sure the default language is English so that the logs can be scanned and read.

    The command will automatically collect the computer files and place them on the desktop.

    Then use 7zip to organize the files and one drive, drop box, or google drive to place share links into the thread for troubleshooting.

    This command will automatically collect these files:  msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.

    Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    There are two files for you to find manually:

    a) C:\Windows\MEMORY.DMP

    Use file explorer > this PC > local C: drive > right upper corner search enter the above to find results.

    b) dxdiag:  

    In the left lower corner search type:  dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread

    Please remember to vote and to mark the replies as answers if they help.

    On the bottom of each post there is: Propose as answer = answered the question

    On the left side of each post:  Vote = a helpful post

    Thursday, December 5, 2019 9:48 AM
  • Thx. I collect the information and upload them to OneDrive:

    1. msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.!Amqpu0RsWr4ehWFF-R3znaE1nRar


    Friday, December 6, 2019 1:46 AM
  • The logs were in a foreign language and were not able to be scanned or read.

    Debugging displayed 2 misbehaving drivers.

    Uninstall and reinstall:

    a) ixgbi.sys      Intel(R) PRO/10GbE PCI Intel(R) PRO/10GbE PCI

    b) ql2300.sys       QLogic Fibre Channel S QLogic Fibre Channel S




    ql2300       QLogic Fibre Channel S QLogic Fibre Channel S  2018/3/23 4:14:18      C:\Windows\system32\DRIVERS\ql2300.sys

    名称 QLogic Fibre Channel Adapter
    制造商 QLogic
    状态 良好
    PNP 设备 ID PCI\VEN_1077&DEV_2261&SUBSYS_029C1077&REV_01\4&2EC617B0&0&001A
    驱动程序 c:\windows\system32\drivers\ql2300.sys (, 1.61 MB (1,686,856 字节), 2018/3/28 5:56)

    ql2300 QLogic Fibre Channel STOR Miniport Driver (wx64) c:\windows\system32\drivers\ql2300.sys 内核驱动程序 手动 正在运行 良好 一般

    ql2300.sys   Thu Mar 22 13:14:18 2018 (5AB40E9A)




    ixgbi        Intel(R) PRO/10GbE PCI Intel(R) PRO/10GbE PCI  2013/6/14 4:55:48      C:\Windows\system32\DRIVERS\ixi63x64.sys

    名称 [00000011] Intel(R) 以太网服务器适配器 X520-2
    适配器类型 没有资料
    产品类型 Intel(R) 以太网服务器适配器 X520-2
    PNP 设备 ID 没有资料
    上次重置 2019/12/5 18:27
    索引 11
    服务名称 ixgbi

    ixgbi Intel(R) PRO/10GbE PCIe-I 网络连接驱动程序 c:\windows\system32\drivers\ixi63x64.sys

    ixi63x64.sys Thu Jun 13 13:55:48 2013 (51BA31D4)


    Please remember to vote and to mark the replies as answers if they help.

    On the bottom of each post there is: Propose as answer = answered the question

    On the left side of each post:  Vote = a helpful post

    Friday, December 6, 2019 6:47 AM