Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KERNEL_SECURITY_CHECK_FAILURE (139) #41

Open
Tai7sy opened this issue Nov 19, 2019 · 0 comments
Open

KERNEL_SECURITY_CHECK_FAILURE (139) #41

Tai7sy opened this issue Nov 19, 2019 · 0 comments

Comments

@Tai7sy
Copy link

Tai7sy commented Nov 19, 2019

BSOD randomly

debug Screenshot:
screenshot.png

!analyze -v

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
	extents for the thread.
Arg2: ffffac0a81dbd110, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffac0a81dbd068, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


"C:\Windows\System32\KERNELBASE.dll" was not found in the image list.
Debugger will attempt to load "C:\Windows\System32\KERNELBASE.dll" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.

KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

DUMP_TYPE:  0

BUGCHECK_P1: 4

BUGCHECK_P2: ffffac0a81dbd110

BUGCHECK_P3: ffffac0a81dbd068

BUGCHECK_P4: 0

TRAP_FRAME:  ffff18a01182070f -- (.trap 0xffff18a01182070f)
Unable to read trap frame at ffff18a0`1182070f

EXCEPTION_RECORD:  ffffac0a81dbd068 -- (.exr 0xffffac0a81dbd068)
ExceptionAddress: fffff80413a3b7df (nt!RtlpGetStackLimits+0x0000000000147c7f)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000004
Subcode: 0x4 FAST_FAIL_INCORRECT_STACK

CPU_COUNT: 4

CPU_MHZ: e10

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R)  SIG: B4'00000000 (cache) B4'00000000 (init)

BUGCHECK_STR:  0x139

PROCESS_NAME:  debug_me.exe

CURRENT_IRQL:  0

DEFAULT_BUCKET_ID:  FAIL_FAST_INCORRECT_STACK

WATSON_BKT_EVENT:  BEX

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000004

ANALYSIS_SESSION_HOST:  windywhli-PC1

ANALYSIS_SESSION_TIME:  11-19-2019 20:19:23.0224

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

BAD_STACK_POINTER:  ffffac0a81dbc628

LAST_CONTROL_TRANSFER:  from fffff80413aa2d72 to fffff804139cd390

STACK_TEXT:  
ffffac0a`81dbc628 fffff804`13aa2d72 : 00000000`00000004 00000000`00000003 ffffac0a`81dbc790 fffff804`1396d380 : nt!DbgBreakPointWithStatus
ffffac0a`81dbc630 fffff804`13aa24f7 : 00000000`00000003 ffffac0a`81dbc790 fffff804`139d9660 00000000`00000139 : nt!KiBugCheckDebugBreak+0x12
ffffac0a`81dbc690 fffff804`139c5837 : 00000000`00000000 cccccccc`cccccccc 00000000`00000000 00001f80`00cc00cc : nt!KeBugCheck2+0x957
ffffac0a`81dbcdb0 fffff804`139d6e69 : 00000000`00000139 00000000`00000004 ffffac0a`81dbd110 ffffac0a`81dbd068 : nt!KeBugCheckEx+0x107
ffffac0a`81dbcdf0 fffff804`139d7210 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiBugCheckDispatch+0x69
ffffac0a`81dbcf30 fffff804`139d5608 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiFastFailDispatch+0xd0
ffffac0a`81dbd110 fffff804`13a3b7df : 00000000`00000000 ffffac0a`81dbd550 cccccccc`cccccccc cccccccc`cccccccc : nt!KiRaiseSecurityCheckFailure+0x308
ffffac0a`81dbd2a0 fffff804`13926e7b : cccccccc`cccccccc cccccccc`cccccccc cccccccc`00000003 cccccccc`cccccccc : nt!RtlpGetStackLimits+0x147c7f
ffffac0a`81dbd2d0 fffff804`13834ac4 : ffffac0a`81dbdd08 ffffac0a`81dbda50 ffffac0a`81dbdd08 ffffac0a`81db6000 : nt!RtlDispatchException+0x6b
ffffac0a`81dbd520 fffff804`139d6f42 : 00000000`00000000 fffff804`138ec094 ffff18a0`1182070f fffff804`14283af6 : nt!KiDispatchException+0x144
ffffac0a`81dbdbd0 fffff804`139d178e : ffffac0a`81dbddc0 fffff804`1aab3e85 00000000`00000000 00000020`00000000 : nt!KiExceptionDispatch+0xc2
ffffac0a`81dbddb0 fffff804`1aab34c1 : 00000000`00000000 00000000`00484ea3 cccccccc`cccccccc cccccccc`cccccccc : nt!KiInvalidOpcodeFault+0x30e
ffffac0a`81dbdf40 fffff804`1aac3be5 : 00000000`0019fa90 00000000`004023fd 00000000`00010202 00000000`00000005 : win32dk!hvpp::vcpu_t::entry_host+0x161 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp @ 849]
ffffac0a`81dbdfb0 00000000`00402402 : 004020f3`00401714 00739670`004020f3 0019fa98`00401564 0040131f`0019fae0 : win32dk!hvpp::vcpu_t::entry_host_+0x58 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.asm @ 231]
00000000`0019fa90 004020f3`00401714 : 00739670`004020f3 0019fa98`00401564 0040131f`0019fae0 00000007`004020f3 : debug_me+0x2402
00000000`0019fa98 00739670`004020f3 : 0019fa98`00401564 0040131f`0019fae0 00000007`004020f3 4150083c`c0000000 : 0x004020f3`00401714
00000000`0019faa0 0019fa98`00401564 : 0040131f`0019fae0 00000007`004020f3 4150083c`c0000000 40180000`00000000 : 0x00739670`004020f3
00000000`0019faa8 0040131f`0019fae0 : 00000007`004020f3 4150083c`c0000000 40180000`00000000 4150083b`40000000 : 0x0019fa98`00401564
00000000`0019fab0 00000007`004020f3 : 4150083c`c0000000 40180000`00000000 4150083b`40000000 00000007`0073e308 : 0x0040131f`0019fae0
00000000`0019fab8 4150083c`c0000000 : 40180000`00000000 4150083b`40000000 00000007`0073e308 004020f3`00739670 : 0x00000007`004020f3
00000000`0019fac0 40180000`00000000 : 4150083b`40000000 00000007`0073e308 004020f3`00739670 0041c7f0`0019fb14 : 0x4150083c`c0000000
00000000`0019fac8 4150083b`40000000 : 00000007`0073e308 004020f3`00739670 0041c7f0`0019fb14 004b5710`02416dc8 : 0x40180000`00000000
00000000`0019fad0 00000007`0073e308 : 004020f3`00739670 0041c7f0`0019fb14 004b5710`02416dc8 004b5710`02416dc8 : 0x4150083b`40000000
00000000`0019fad8 004020f3`00739670 : 0041c7f0`0019fb14 004b5710`02416dc8 004b5710`02416dc8 004b5710`0040baa0 : 0x00000007`0073e308
00000000`0019fae0 0041c7f0`0019fb14 : 004b5710`02416dc8 004b5710`02416dc8 004b5710`0040baa0 fffffffe`ffffffff : 0x004020f3`00739670
00000000`0019fae8 004b5710`02416dc8 : 004b5710`02416dc8 004b5710`0040baa0 fffffffe`ffffffff 76a96c42`0019fb40 : 0x0041c7f0`0019fb14
00000000`0019faf0 004b5710`02416dc8 : 004b5710`0040baa0 fffffffe`ffffffff 76a96c42`0019fb40 000007d8`004012c3 : 0x004b5710`02416dc8
00000000`0019faf8 004b5710`0040baa0 : fffffffe`ffffffff 76a96c42`0019fb40 000007d8`004012c3 0019fb80`004120b9 : 0x004b5710`02416dc8
00000000`0019fb00 fffffffe`ffffffff : 76a96c42`0019fb40 000007d8`004012c3 0019fb80`004120b9 02416dc8`02416dc8 : 0x004b5710`0040baa0
00000000`0019fb08 76a96c42`0019fb40 : 000007d8`004012c3 0019fb80`004120b9 02416dc8`02416dc8 0040baa0`0019fc20 : 0xfffffffe`ffffffff
00000000`0019fb10 000007d8`004012c3 : 0019fb80`004120b9 02416dc8`02416dc8 0040baa0`0019fc20 02416dc8`0040baa0 : 0x76a96c42`0019fb40
00000000`0019fb18 0019fb80`004120b9 : 02416dc8`02416dc8 0040baa0`0019fc20 02416dc8`0040baa0 00000000`00000001 : 0x000007d8`004012c3
00000000`0019fb20 02416dc8`02416dc8 : 0040baa0`0019fc20 02416dc8`0040baa0 00000000`00000001 0047f1d2`0019fc14 : 0x0019fb80`004120b9
00000000`0019fb28 0040baa0`0019fc20 : 02416dc8`0040baa0 00000000`00000001 0047f1d2`0019fc14 004153f9`ffffffff : 0x02416dc8`02416dc8
00000000`0019fb30 02416dc8`0040baa0 : 00000000`00000001 0047f1d2`0019fc14 004153f9`ffffffff 0019fb80`000007d8 : 0x0040baa0`0019fc20
00000000`0019fb38 00000000`00000001 : 0047f1d2`0019fc14 004153f9`ffffffff 0019fb80`000007d8 004153ca`00000000 : 0x02416dc8`0040baa0
00000000`0019fb40 0047f1d2`0019fc14 : 004153f9`ffffffff 0019fb80`000007d8 004153ca`00000000 0019fb80`000007d8 : 0x1
00000000`0019fb48 004153f9`ffffffff : 0019fb80`000007d8 004153ca`00000000 0019fb80`000007d8 0040badb`00000000 : 0x0047f1d2`0019fc14
00000000`0019fb50 0019fb80`000007d8 : 004153ca`00000000 0019fb80`000007d8 0040badb`00000000 0019fb80`000007d8 : 0x004153f9`ffffffff
00000000`0019fb58 004153ca`00000000 : 0019fb80`000007d8 0040badb`00000000 0019fb80`000007d8 00000000`00000000 : 0x0019fb80`000007d8
00000000`0019fb60 0019fb80`000007d8 : 0040badb`00000000 0019fb80`000007d8 00000000`00000000 16010002`52010001 : 0x004153ca`00000000
00000000`0019fb68 0040badb`00000000 : 0019fb80`000007d8 00000000`00000000 16010002`52010001 00000000`00000000 : 0x0019fb80`000007d8
00000000`0019fb70 0019fb80`000007d8 : 00000000`00000000 16010002`52010001 00000000`00000000 00486218`00000000 : 0x0040badb`00000000
00000000`0019fb78 00000000`00000000 : 16010002`52010001 00000000`00000000 00486218`00000000 004b8118`0047de32 : 0x0019fb80`000007d8


THREAD_SHA1_HASH_MOD_FUNC:  9878726627229c0c7c7b6cf8cacb076f99901365

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  6b7b4724f584776c4f57d46af500ba565cf0d156

THREAD_SHA1_HASH_MOD:  6ae1ede5fed85cf92790998645c6060afa1c331a

FOLLOWUP_IP: 
win32dk!hvpp::vcpu_t::entry_host+161 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp @ 849]
fffff804`1aab34c1 440f79a720800000        vmwrite r12,qword ptr [rdi+8020h]

FAULT_INSTR_CODE:  a7790f44

FAULTING_SOURCE_LINE:  D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp

FAULTING_SOURCE_FILE:  D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp

FAULTING_SOURCE_LINE_NUMBER:  849

SYMBOL_STACK_INDEX:  c

SYMBOL_NAME:  win32dk!hvpp::vcpu_t::entry_host+161

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32dk

IMAGE_NAME:  win32dk.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5dce5bd8

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  161

FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

PRIMARY_PROBLEM_CLASS:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

TARGET_TIME:  2019-11-19T12:18:30.000Z

OSBUILD:  17763

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2005-12-02 00:58:59

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  fbfd

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_missing_gsframe_stackptr_error_win32dk!hvpp::vcpu_t::entry_host

FAILURE_ID_HASH:  {46030f82-f280-8494-bba2-d63fa3a0fafa}

Followup:     MachineOwner
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tai7sy