KERNEL_SECURITY_CHECK_FAILURE (139)

Question

Hi Guys,

Been having the BSOD KERNEL_SECURITY_CHECK_FAILURE (139) on Windows8.1x64. Need your assistance analyzing the debug logs of the BSOD and recommendations on how to resolve it.

KERNEL_SECURITY_CHECK_FAILURE (139)

A kernel component has corrupted a critical data structure.  The corruption

could potentially allow a malicious user to gain control of this machine.

Arguments:

Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).

Arg2: ffffd000ee531500, Address of the trap frame for the exception that caused the bugcheck

Arg3: ffffd000ee531458, Address of the exception record for the exception that caused the bugcheck

Arg4: 0000000000000000, Reserved

Debugging Details:

---

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  9600.17415.amd64fre.winblue_r4.141028-1500

SYSTEM_MANUFACTURER:  MSI

SYSTEM_PRODUCT_NAME:  MS-7788

SYSTEM_SKU:  To be filled by O.E.M.

SYSTEM_VERSION:  1.0

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  V3.6

BIOS_DATE:  09/29/2013

BASEBOARD_MANUFACTURER:  MSI

BASEBOARD_PRODUCT:  H61M-P31/W8 (MS-7788)

BASEBOARD_VERSION:  1.0

DUMP_TYPE:  1

BUGCHECK_P1: 3

BUGCHECK_P2: ffffd000ee531500

BUGCHECK_P3: ffffd000ee531458

BUGCHECK_P4: 0

TRAP_FRAME:  ffffd000ee531500 -- (.trap 0xffffd000ee531500)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffc00140ead0f0 rbx=0000000000000000 rcx=0000000000000003

rdx=8000000000000000 rsi=0000000000000000 rdi=0000000000000000

rip=fffff800bce6a829 rsp=ffffd000ee531690 rbp=fffff800bce00000

 r8=ffffe001a83e0d78  r9=7fffe001a9da78c8 r10=ffffe001a9da78c8

r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up ei ng nz na pe cy

fileinfo!FIStreamCleanup+0x4fed:

fffff800`bce6a829 cd29            int     29h

Resetting default scope

EXCEPTION_RECORD:  ffffd000ee531458 -- (.exr 0xffffd000ee531458)

ExceptionAddress: fffff800bce6a829 (fileinfo!FIStreamCleanup+0x0000000000004fed)

   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

  ExceptionFlags: 00000001

NumberParameters: 1

   Parameter[0]: 0000000000000003

Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

CPU_COUNT: 2

CPU_MHZ: b4d

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3a

CPU_STEPPING: 9

CPU_MICROCODE: 6,3a,9,0 (F,M,S,R)  SIG: 1B'00000000 (cache) 1B'00000000 (init)

BUGCHECK_STR:  0x139

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

DEFAULT_BUCKET_ID:  FAIL_FAST_LIST_ENTRY_CORRUPT

ANALYSIS_SESSION_HOST:  *******

ANALYSIS_SESSION_TIME:  10-02-2017 04:58:34.0709

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER:  from fffff801875d34e9 to fffff801875c79a0

STACK_TEXT:  

ffffd000ee5311d8 fffff801875d34e9 : 0000000000000139 0000000000000003 ffffd000ee531500 ffffd000ee531458 : nt!KeBugCheckEx

ffffd000ee5311e0 fffff801875d3810 : ffffd000ee5313c0 fffff800bd384161 ffffc001410788c0 fffff801875ccb45 : nt!KiBugCheckDispatch+0x69

ffffd000ee531320 fffff801875d2a34 : ffffd000ee531620 0000000000000000 00000000000001a0 c0013e2b6e664d46 : nt!KiFastFailDispatch+0xd0

ffffd000ee531500 fffff800bce6a829 : ffffe001a83e0d78 ffffc001410a4840 ffffe001a83e0d78 0000000000000000 : nt!KiRaiseSecurityCheckFailure+0xf4

ffffd000ee531690 fffff800bce09b21 : ffffffffffffffff 0000000000000000 ffffffffffffffff ffffe001a9da78c8 : fileinfo!FIStreamCleanup+0x4fed

ffffd000ee5316e0 fffff800bce2c8c5 : 0000000000000000 fffff800bce00000 0000000000000000 ffffc001410a47f8 : fltmgr!DoFreeContext+0x55

ffffd000ee531710 fffff800bce2db92 : ffffe001a9da78c8 0000000000000703 ffffffffffffffff ffffe001a5dcd010 : fltmgr!FltpDeleteContextList+0xb5

ffffd000ee531740 fffff800bce2db26 : ffffe001a9da7880 0000000000000705 0000000000000702 0000000000000705 : fltmgr!CleanupStreamListCtrl+0x4a

ffffd000ee531780 fffff801878860f3 : 0000000000000000 fffff8018754a779 ffffc00140cb3000 0000000000000700 : fltmgr!DeleteStreamListCtrlCallback+0x92

ffffd000ee5317c0 fffff800bd3978c9 : ffffc001410ae140 ffffe001a9da7888 ffffc001410ae140 000000000000000c : nt!FsRtlTeardownPerStreamContexts+0x53

ffffd000ee531830 fffff800bd38cc39 : ffffc001410a0703 0000000000000003 ffffc001410ae030 0000000000000000 : Ntfs!NtfsDeleteScb+0x399

ffffd000ee5318e0 fffff800bd2e77d4 : 0000000000000000 ffffc001410ae140 0000000000000000 ffffc001410ae040 : Ntfs!NtfsRemoveScb+0x99

ffffd000ee531920 fffff800bd390170 : ffffc001410ae010 ffffd000ee531b40 ffffc001410ae010 ffffd000ee531a00 : Ntfs!NtfsPrepareFcbForRemoval+0x54

ffffd000ee531950 fffff800bd2eea20 : ffffe001a5527518 ffffc001410ae010 ffffc001410ae490 ffffc001410ae010 : Ntfs!NtfsTeardownStructures+0x90

ffffd000ee5319d0 fffff800bd3b2334 : ffffd000ee531b78 ffffd000ee531b40 ffffc001410ae010 ffffc00100000015 : Ntfs!NtfsDecrementCloseCounts+0xd4

ffffd000ee531a10 fffff800bd398421 : ffffe001a5527518 ffffc001410ae140 ffffc001410ae010 ffffe001a4818180 : Ntfs!NtfsCommonClose+0x3a4

ffffd000ee531ae0 fffff8018751338c : fffff80187585bc8 fffff800bd398580 ffffe001a533b6c0 fffff80187729300 : Ntfs!NtfsFspCloseInternal+0x1a1

ffffd000ee531c50 fffff80187578c70 : 0000000000000000 ffffe001a533b6c0 0000000000000080 ffffe001a533b6c0 : nt!ExpWorkerThread+0x28c

ffffd000ee531d00 fffff801875cdfc6 : fffff8018777a180 ffffe001a533b6c0 ffffe001a4937880 0000000000000000 : nt!PspSystemThreadStartup+0x58

ffffd000ee531d60 0000000000000000 : ffffd000ee532000 ffffd000ee52c000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb

THREAD_SHA1_HASH_MOD_FUNC:  5587d25b10d5566d256b7b0a9635bc2aee827d1a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  550824a24c039341b0542ba0cf650b10438e9a00

THREAD_SHA1_HASH_MOD:  b6791b611615db56cab572f02f354a761818bb52

FOLLOWUP_IP: 

fileinfo!FIStreamCleanup+4fed

fffff800`bce6a829 cd29            int     29h

FAULT_INSTR_CODE:  489029cd

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  fileinfo!FIStreamCleanup+4fed

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME:  fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  53089456

BUCKET_ID_FUNC_OFFSET:  4fed

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_fileinfo!FIStreamCleanup

BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_fileinfo!FIStreamCleanup

PRIMARY_PROBLEM_CLASS:  0x139_3_CORRUPT_LIST_ENTRY_fileinfo!FIStreamCleanup

TARGET_TIME:  2017-10-02T10:57:29.000Z

OSBUILD:  9600

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 8.1

OSEDITION:  Windows 8.1 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2014-10-28 17:38:48

BUILDDATESTAMP_STR:  141028-1500

BUILDLAB_STR:  winblue_r4

BUILDOSVER_STR:  6.3.9600.17415.amd64fre.winblue_r4.141028-1500

ANALYSIS_SESSION_ELAPSED_TIME:  83b

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_corrupt_list_entry_fileinfo!fistreamcleanup

FAILURE_ID_HASH:  {694c0cb7-4136-0a28-198d-f0a8025bc9b1}

Followup:     MachineOwner

---

Thanks,

Answer 1

Please upload the minidumps. Helps us analyze better.

Answer 2

Please complete the information needed to analyze crashes from this link: http://answers.microsoft.com/en-us/windows/wiki/windows\_10-update/blue-screen-of-death-bsod/1939df35-283f-4830-a4dd-e95ee5d8669d

Once you submit it we can have it analyzed by an expert.

Until then please go over this Checklist to make sure the install is set up correctly, optimized for best performance, and any needed repairs get done: http://answers.microsoft.com/en-us/windows/wiki/windows\_10-performance/windows-10-performance-and-install-integrity/75529fd4-fac7-4653-893a-dd8cd4b4db00

If any steps cannot be performed try them in Safe Mode: http://www.pcworld.com/article/2984712/windows/how-to-enter-windows-10s-safe-mode.html

But remember that a factory or Upgrade install are inferior installs that most enthusiasts would never run in the first place because they'd expect endless issues. Most prefer to do the gold standard Clean install from this link: http://answers.microsoft.com/en-us/windows/wiki/windows\_10-windows\_install/clean-reinstall-windows-10-upgradefactory-oem/1c426bdf-79b1-4d42-be93-17378d93e587

There is also an automated Windows 10 Refresh which reinstalls Windows while leaving out the factory bloatware that throttles Windows and causes endless issues, and lets you save your files. https://www.howtogeek.com/265054/how-to-easily-reinstall-windows-10-without-the-bloatware/

I hope this helps. Feel free to ask back any questions and let us know how it goes. I'll keep working with you until this is resolved.