Windows 10: KERNEL_SECURITY_CHECK_FAILURE (139) on start up randomly

  1.    02 Apr 2018 #1

    KERNEL_SECURITY_CHECK_FAILURE (139) on start up randomly

    Hi, have a MBP mid 2012 running Win 10 Pro in Bootcamp. I was having no problems until Fall Creators Update.
    Now, when I login It either BSOD's immediately, a couple of minutes later or during boot up.
    I have tried reset 3 times and same thing after it updates to F.C.U.
    I have included my logs.

    Thanks, in advance.
    KERNEL_SECURITY_CHECK_FAILURE (139) on start up randomly Attached Files
      My ComputerSystem Spec

  2.    02 Apr 2018 #2

    Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [C:\Users\KFlamson\Downloads\DESKTOP-0SA12PN-Mon_04_02_2018_133754_27\031618-8015-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    Symbol search path is: srv*c:\symbols*Symbol information
    Executable search path is: 
    Windows 8 Kernel Version 16299 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 16299.15.amd64fre.rs3_release.170928-1534
    Machine Name:
    Kernel base = 0xfffff801`91a06000 PsLoadedModuleList = 0xfffff801`91d6d110
    Debug session time: Fri Mar 16 18:18:56.369 2018 (UTC + 1:00)
    System Uptime: 0 days 0:01:06.074
    Loading Kernel Symbols
    Loading User Symbols
    Loading unloaded module list
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    Use !analyze -v to get detailed debugging information.
    BugCheck 139, {3, fffff601d4e065d0, fffff601d4e06528, 0}
    *** WARNING: Unable to verify checksum for win32k.sys
    Probably caused by : memory_corruption
    Followup: memory_corruption
    3: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: fffff601d4e065d0, Address of the trap frame for the exception that caused the bugcheck
    Arg3: fffff601d4e06528, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    Debugging Details:
    TRAP_FRAME:  fffff601d4e065d0 -- (.trap 0xfffff601d4e065d0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffe2041a230a38 rbx=0000000000000000 rcx=0000000000000003
    rdx=ffffe2041a5e3b80 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80191ba3145 rsp=fffff601d4e06760 rbp=fffff601d4e06899
     r8=0000000000000000  r9=7fffe20416bcdef8 r10=7ffffffffffffffc
    r11=0000000000000012 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz ac po cy
    fffff801`91ba3145 cd29            int     29h
    Resetting default scope
    EXCEPTION_RECORD:  fffff601d4e06528 -- (.exr 0xfffff601d4e06528)
    ExceptionAddress: fffff80191ba3145 (nt!ExDeleteResourceLite+0x00000000001763d5)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    BUGCHECK_STR:  0x139
    PROCESS_NAME:  System
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    EXCEPTION_PARAMETER1:  0000000000000003
    LAST_CONTROL_TRANSFER:  from fffff80191b8e529 to fffff80191b7b430
    fffff601`d4e062a8 fffff801`91b8e529 : 00000000`00000139 00000000`00000003 fffff601`d4e065d0 fffff601`d4e06528 : nt!KeBugCheckEx
    fffff601`d4e062b0 fffff801`91b8e8d0 : fffff601`d4e06180 fffff601`d4e063c8 ffffe204`1a1ab570 ffffe204`16c95d50 : nt!KiBugCheckDispatch+0x69
    fffff601`d4e063f0 fffff801`91b8cc13 : fffff601`d4e06640 ffff9680`037335f0 00000000`00000000 ffffcae5`72b37000 : nt!KiFastFailDispatch+0xd0
    fffff601`d4e065d0 fffff801`91ba3145 : 00000000`00000001 00000000`00000000 ffffe204`1928e700 fffff801`91a4c3b1 : nt!KiRaiseSecurityCheckFailure+0x3d3
    fffff601`d4e06760 fffff801`91a2cd58 : ffffe204`00000000 00000000`00000000 00000000`00000001 ffffe204`16bcdef8 : nt!ExDeleteResourceLite+0x1763d5
    fffff601`d4e067b0 fffff801`91a4bf6f : 00000000`ffffffff fffff601`00000000 00000000`00000001 ffffe204`18fad8f0 : nt!CcDeallocateBcb+0x1c
    fffff601`d4e067e0 fffff801`91a4b587 : ffffe204`16cc6a90 00000000`000002fd 00000000`00002000 ffffe204`15769c00 : nt!CcUnpinFileDataEx+0x6df
    fffff601`d4e06900 fffff801`91a42cef : 00000000`00585000 fffff601`d4e06a50 00000000`0000108a 00000000`00585000 : nt!CcReleaseByteRangeFromWrite+0x83
    fffff601`d4e06950 fffff801`91ab5a39 : ffffe204`16bb9b30 00000000`00000000 00000000`00000001 fffff601`d4e06ad0 : nt!CcFlushCachePriv+0x47f
    fffff601`d4e06aa0 fffff801`91a414d5 : ffffe204`156f9100 ffffe204`00000001 ffffe204`00000000 ffffe204`00001000 : nt!CcWriteBehindInternal+0x199
    fffff601`d4e06b80 fffff801`91b1cb87 : ffffe204`1928e700 00000000`00000080 ffffe204`156ca040 ffffe204`1928e700 : nt!ExpWorkerThread+0xf5
    fffff601`d4e06c10 fffff801`91b82be6 : fffff801`90bff180 ffffe204`1928e700 fffff801`91b1cb40 03256a40`6a28430c : nt!PspSystemThreadStartup+0x47
    fffff601`d4e06c60 00000000`00000000 : fffff601`d4e07000 fffff601`d4e01000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
        fffff80191c2cc09 - nt!MiAddColdPagesToHotRanges+3d
        [ fa:96 ]
        fffff80191cb50a6-fffff80191cb50a7  2 bytes - nt!ExFreePoolWithTag+306
        [ fb f6:e5 ca ]
    3 errors : !nt (fffff80191c2cc09-fffff80191cb50a7)
    MODULE_NAME: memory_corruption
    IMAGE_NAME:  memory_corruption
    FOLLOWUP_NAME:  memory_corruption
    Followup: memory_corruption
    According to your latest BSOD dump it is due to a memory corruption.

    Most likely a driver bug where a driver tried to free the same kernel memory object twice. Or something corrupted the list of memory objects. (this can be caused by issues with RAM, or a bad driver that overwrites into memory that is should not) the problem is hard to track down because by default the checks are not done at the time the driver asks to free the memory but at some time later when the system actually tries to free up blocks of memory.

    if you know what driver you suspect, you can run driver verifier on it and turn on checking and it will bugcheck when the actual problem occurs. Problem is for a graphics driver it will really slow down your driver and may actually obscure the issue and make it harder to find.
    Again it can be other drivers that actually stomp on memory and change links in the linked list data structure or a virus that do this on purpose to gain access to kernel data structures.

    These crashes were related to memory corruption (probably caused by a driver).

    Please run these two tests to verify your memory and find which driver is causing the problem. Please run verifier first. You do not need to run memtest yet unless verifier does not find the cause, or you want to.

    If you are overclocking anything, reset to default before running these tests. (reset BIOS to optimized defaults)
    In other words STOP! If you're unsure what I mean by 'overclocking', you're likely not overclocked.

    Do the following:

    Driver verifier
    sfc.exe /scannow in an Elevated Command Prompt. (Right click on Command Prompt and select 'Run as Administrator').
    Start updating 3rd party software that has device drivers

    If anyone else can help shed some light, please do.
      My ComputerSystem Spec


Related Threads
Sometimes, when I shutdown the system, I get the BSOD screen with error 139, it then shuts down and reboots. There doesn't seem to be any pattern to it, and it doesn't always do it, nor does there seem to be any bad aftereffects. Any...
Every since i ran the creators update on my windows 10 image.. there is a random issue where the tiles in the start menu are blank.. and any attempts to right click fail as well.. seems if you restart.. it clears it (or possibly restart the...
I have tried doing fresh installs of Windows 10 multiple times but I always face this issue where items in the start menu and/or taskbar jump lists disappear randomly. I am attaching a screenshot for this. This also happens when after I close any...
Hi, Launching an app such as weather or easy gmail will sometimes bring up the app, freeze on opening and never open and then I can't use the start menu anymore. I have tried running sfc, no problems. I have tried using the powershell to reinstall...
I never had this problem when I was using Windows 8.1. This problem mostly occurs when I'm playing a game (Dota 2, Battlefield 4, Fallout 3, etc) and sometimes when I was just browsing the web, watching youtube videos. The sound will just disappear,...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:27.
Find Us