Kernel_Security_Check_Failure / Watch_Dog_Violation

Post Reply
User avatar
Delltor123
Posts: 1
Joined: Fri Oct 09, 2015 3:29 pm
Contact:

Thu Jul 18, 2019 7:03 am

Hello all,

I built my first computer about 2 years and 2 months ago now and since I built it I've bluescreened in the neighborhood of 100+ times. The bluescreens first began not long after I built the computer (a couple weeks to a month or 2 after build completion at most). The bluescreens were sporadic up until a month or so ago and then they started to occur every day. The bluescreens *ONLY* occur on shut down or restart and always say Kernel_Security_Check_Failure or Watch_Dog_Violation.

I've already done some troubleshooting on my own and with two Microsoft Windows specialists. The results of all of that are:
  • The bluescreening has endured through 3 re-installations of Windows 10 Pro. The last reinstall was just 2 weeks ago.
  • The results of my RAM testing on a "standard" test were: "The Windows Memory Diagnostic tested the computer's memory and detected no errors".
  • Both the Windows 10 software and Samsung/Intel's custom Hard Drive software also says that all 4 of my hard drives are "healthy" and are running the latest firmware.
  • Both Windows Update and my ASUS motherboard AI Suite software also claim that all of my drivers are up-to-date.
  • In the Windows 10 Event Viewer all of the bluescreens get recorded as "Kernel-Power Event ID: 41 Task Category: (63)" with a description of "The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly."
Below are one of each bluescreen error dump. Basically the Microsoft Technicians I spoke to and myself came to the conclusion that I probably have to start replacing hardware. However, before I jump into a potentially expensive solution like that I'd prefer to get as many second opinions as possible. Depending on who I talk to it seems that I may end up replacing my Power Supply, Motherboard, Graphics Cards and/or Hard Drives. Thanks in advance!

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffab0afad3f040, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffab0afad3ef98, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 9

Key : Analysis.Elapsed.Sec
Value: 11

Key : Analysis.Memory.CommitPeak.Mb
Value: 69


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

DUMP_TYPE: 2

BUGCHECK_P1: 3

BUGCHECK_P2: ffffab0afad3f040

BUGCHECK_P3: ffffab0afad3ef98

BUGCHECK_P4: 0

TRAP_FRAME: ffffab0afad3f040 -- (.trap 0xffffab0afad3f040)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffad09cf328af0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8072fc47fd0 rsp=ffffab0afad3f1d0 rbp=ffffad0993ba9080
r8=0000000000000001 r9=0000000000000003 r10=ffffad0991bf9a00
r11=ffffc280354b9180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!KiExitDispatcher+0x160:
fffff807`2fc47fd0 cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffffab0afad3ef98 -- (.exr 0xffffab0afad3ef98)
ExceptionAddress: fffff8072fc47fd0 (nt!KiExitDispatcher+0x0000000000000160)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

CPU_COUNT: 14

CPU_MHZ: bb6

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 4f

CPU_STEPPING: 1

CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B000031'00000000 (cache) B000031'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

BUGCHECK_STR: 0x139

PROCESS_NAME: wininit.exe

CURRENT_IRQL: 2

DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

ANALYSIS_SESSION_HOST: PROJECTSKYNET

ANALYSIS_SESSION_TIME: 07-18-2019 06:00:46.0309

ANALYSIS_VERSION: 10.0.18914.1001 amd64fre

LAST_CONTROL_TRANSFER: from fffff8072fdce569 to fffff8072fdbc900

STACK_TEXT:
ffffab0a`fad3ed18 fffff807`2fdce569 : 00000000`00000139 00000000`00000003 ffffab0a`fad3f040 ffffab0a`fad3ef98 : nt!KeBugCheckEx
ffffab0a`fad3ed20 fffff807`2fdce990 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffab0a`fad3ee60 fffff807`2fdccd1f : ffffad09`bf7b0080 fffff807`2fdcdf98 00000000`00001390 00000000`00000070 : nt!KiFastFailDispatch+0xd0
ffffab0a`fad3f040 fffff807`2fc47fd0 : 00000000`00000000 fffff807`300f7dc0 ffffc280`354b9180 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x31f
ffffab0a`fad3f1d0 fffff807`2fcad4dd : ffffad09`cf328ae8 fffff807`2fc3960d ffffc280`354b9101 ffffad09`9189d660 : nt!KiExitDispatcher+0x160
ffffab0a`fad3f230 fffff807`3031b431 : 00000000`00000000 ffffad09`93ba9080 ffffab0a`fad3f349 ffffab0a`00000003 : nt!KeInsertQueueApc+0x14d
ffffab0a`fad3f2d0 fffff807`3019402f : 00000000`00000000 ffffad09`9189d380 00000000`00000000 000002b8`9c850000 : nt!ExSwapinWorkerThreads+0x101
ffffab0a`fad3f3b0 fffff807`3019a01c : ffffad09`929f6000 00000000`00000006 00000000`00000006 ffffab0a`fad3f670 : nt!PopTransitionSystemPowerStateEx+0x1c3
ffffab0a`fad3f470 fffff807`2fdcdf98 : 00000000`00000000 ffffab0a`fad3fa50 ffffad09`91a53000 ffffad09`924199a0 : nt!NtSetSystemPowerState+0x4c
ffffab0a`fad3f650 fffff807`2fdc06c0 : fffff807`301a07e3 00000000`00000000 ffffab0a`fad3f870 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
ffffab0a`fad3f7e8 fffff807`301a07e3 : 00000000`00000000 ffffab0a`fad3f870 00000000`00000000 00000000`00000000 : nt!KiServiceLinkage
ffffab0a`fad3f7f0 fffff807`3019a01c : ffff7961`9e160fa0 fffff807`00000006 00000000`00000006 00000000`00000000 : nt!PopTransitionSystemPowerStateEx+0xc977
ffffab0a`fad3f8b0 fffff807`305081e9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtSetSystemPowerState+0x4c
ffffab0a`fad3fa90 fffff807`2fdcdf98 : ffffad09`bf7b0080 ffffab0a`fad3fb40 ffffab0a`fad3fb40 ffffad09`bd932dd0 : nt!NtShutdownSystem+0x39
ffffab0a`fad3fac0 00007fff`65edf614 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000ce`e0abf6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`65edf614


THREAD_SHA1_HASH_MOD_FUNC: b435ba676cd6c11fc0a4f0f2933880b2169cbf97

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e6c007d1491ccc4a909187dc55f29b1f71510018

THREAD_SHA1_HASH_MOD: 38bc5fec3f0409c265cf5c87da6f8f8859d0711c

FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff807`2fdce990 c644242000 mov byte ptr [rsp+20h],0

FAULT_INSTR_CODE: 202444c6

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiFastFailDispatch+d0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 0

IMAGE_VERSION: 10.0.18362.207

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: d0

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

TARGET_TIME: 2019-07-10T10:03:31.000Z

OSBUILD: 18362

OSSERVICEPACK: 207

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 190318-1202

BUILDLAB_STR: 19h1_release

BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME: 2e89

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_nt!kifastfaildispatch

FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}

Followup: MachineOwner
---------
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above. The offending component can usually be
identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: fffff8057556e350, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding the cumulative timeout
Arg4: 0000000000000000

Debugging Details:
------------------

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************

KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 12

Key : Analysis.Elapsed.Sec
Value: 15

Key : Analysis.Memory.CommitPeak.Mb
Value: 70


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

DUMP_TYPE: 2

BUGCHECK_P1: 1

BUGCHECK_P2: 1e00

BUGCHECK_P3: fffff8057556e350

BUGCHECK_P4: 0

DPC_TIMEOUT_TYPE: DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED

CPU_COUNT: 14

CPU_MHZ: bb6

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 4f

CPU_STEPPING: 1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x133

PROCESS_NAME: wininit.exe

CURRENT_IRQL: d

ANALYSIS_SESSION_HOST: PROJECTSKYNET

ANALYSIS_SESSION_TIME: 07-18-2019 05:56:11.0634

ANALYSIS_VERSION: 10.0.18914.1001 amd64fre

LAST_CONTROL_TRANSFER: from fffff805751ebdb3 to fffff805751bc900

STACK_TEXT:
ffffca81`486f8af8 fffff805`751ebdb3 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff805`7556e350 : nt!KeBugCheckEx
ffffca81`486f8b00 fffff805`7501f16f : 00009d73`63981eb6 ffffca81`486a0180 00000000`00000286 00000000`00385ac4 : nt!KeAccumulateTicks+0x1c94f3
ffffca81`486f8b60 fffff805`75ab51e1 : 00000000`00000000 ffffaa0f`5fadc100 fffffd06`e3f27090 ffffaa0f`5fadc1b0 : nt!KeClockInterruptNotify+0xcf
ffffca81`486f8f30 fffff805`75002e15 : ffffaa0f`5fadc100 fffff805`7512cb67 00000000`00000000 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x21
ffffca81`486f8f60 fffff805`751be36a : fffffd06`e3f27090 ffffaa0f`5fadc100 ffffaa0f`61b891f0 ffffaa0f`5fadc100 : nt!KiCallInterruptServiceRoutine+0xa5
ffffca81`486f8fb0 fffff805`751be8b7 : ffffaa0f`9ea3ef68 fffffd06`e3f27090 ffffaa0f`5fadc100 fffffd06`e3f2757c : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffffd06`e3f27010 fffff805`7506f9d1 : 00000000`00000000 00000000`00000000 00000000`00000002 fffffd06`e3f27209 : nt!KiInterruptDispatchNoLockNoEtw+0x37
fffffd06`e3f271a0 fffff805`75047fb8 : 00000000`00000000 fffff805`754f7dc0 ffffca81`486a0180 00000000`00000000 : nt!KiAcquireKobjectLockSafe+0x31
fffffd06`e3f271d0 fffff805`750ad4dd : ffffaa0f`9ea3ef68 fffff805`7503960d ffffca81`486a0101 ffffaa0f`5fa80660 : nt!KiExitDispatcher+0x148
fffffd06`e3f27230 fffff805`7571b431 : 00000000`00000000 ffffaa0f`61b89080 fffffd06`e3f27349 fffffd06`00000003 : nt!KeInsertQueueApc+0x14d
fffffd06`e3f272d0 fffff805`7559402f : 00000000`00000000 ffffaa0f`5fa80380 00000000`00000000 00000272`87ba0000 : nt!ExSwapinWorkerThreads+0x101
fffffd06`e3f273b0 fffff805`7559a01c : ffffaa0f`60ee6000 00000000`00000006 00000000`00000006 fffffd06`e3f27670 : nt!PopTransitionSystemPowerStateEx+0x1c3
fffffd06`e3f27470 fffff805`751ce118 : 00000000`00000000 fffffd06`e3f27a50 ffffaa0f`5fc53000 ffffaa0f`605ca1c0 : nt!NtSetSystemPowerState+0x4c
fffffd06`e3f27650 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28


THREAD_SHA1_HASH_MOD_FUNC: cecd5ac107b91ef562b8f7e8545230bd8f9e29df

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 74f8725968795f02ab68ae68bfbfbc95067af50e

THREAD_SHA1_HASH_MOD: a46c1b556d92394c8d3f63eb407b2ed053afd34a

FOLLOWUP_IP:
nt!KeAccumulateTicks+1c94f3
fffff805`751ebdb3 cc int 3

FAULT_INSTR_CODE: ab3944cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KeAccumulateTicks+1c94f3

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 3ed0f42

IMAGE_VERSION: 10.0.18362.239

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 1c94f3

FAILURE_BUCKET_ID: 0x133_ISR_nt!KeAccumulateTicks

BUCKET_ID: 0x133_ISR_nt!KeAccumulateTicks

PRIMARY_PROBLEM_CLASS: 0x133_ISR_nt!KeAccumulateTicks

TARGET_TIME: 2019-07-17T09:55:34.000Z

OSBUILD: 18362

OSSERVICEPACK: 239

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 1972-02-02 02:33:06

BUILDDATESTAMP_STR: 190318-1202

BUILDLAB_STR: 19h1_release

BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME: 3b77

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x133_isr_nt!keaccumulateticks

FAILURE_ID_HASH: {65350307-c3b9-f4b5-8829-4d27e9ff9b06}

Followup: MachineOwner
---------
Post Reply