Share via

BSOD kernel_security_check_failure

Anonymous
2024-02-22T15:10:09+00:00

Hi,

my computer recently BSOD'd from nowhere with the error "kernel_security_check_failure".

I ran windbg on the dump file. This is the result of using analyze -v: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffb4800cb2f150, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffb4800cb2f0a8, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 453

    Key  : Analysis.Elapsed.mSec
    Value: 4556

    Key  : Analysis.IO.Other.Mb
    Value: 6

    Key  : Analysis.IO.Read.Mb
    Value: 25

    Key  : Analysis.IO.Write.Mb
    Value: 66

    Key  : Analysis.Init.CPU.mSec
    Value: 124

    Key  : Analysis.Init.Elapsed.mSec
    Value: 18165

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 115

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x139

    Key  : Dump.Attributes.AsUlong
    Value: 808

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : FailFast.Name
    Value: CORRUPT_LIST_ENTRY

    Key  : FailFast.Type
    Value: 3

    Key  : Failure.Bucket
    Value: 0x139_3_CORRUPT_LIST_ENTRY_logi_generic_hid_filter!unknown_function

    Key  : Failure.Hash
    Value: {e1ef3f03-e7c4-6ead-0f36-87ab84e914ff}

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 1417df84

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 1

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 1

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 1

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 1

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 1

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 1

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 1

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 1

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 21631230

    Key  : Hypervisor.Flags.ValueHex
    Value: 14a10fe

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 1

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 1

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 1

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 1

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 1

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 1

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 1

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 1

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 1

    Key  : Hypervisor.RootFlags.Value
    Value: 1015

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 3f7

BUGCHECK_CODE:  139

BUGCHECK_P1: 3

BUGCHECK_P2: ffffb4800cb2f150

BUGCHECK_P3: ffffb4800cb2f0a8

BUGCHECK_P4: 0

FILE_IN_CAB:  022224-6718-01.dmp

TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x808
  Kernel Generated Triage Dump

TRAP_FRAME:  ffffb4800cb2f150 -- (.trap 0xffffb4800cb2f150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9184a70468a8 rbx=0000000000000000 rcx=0000000000000003
rdx=ffff9184a156d0b8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802391c8d77 rsp=ffffb4800cb2f2e8 rbp=ffffb4800cb2f3a0
 r8=ffff9184a6cda808  r9=ffff9184a7046800 r10=ffff9184a7046800
r11=ffffb4800cb2f368 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
Wdf01000!RtlFailFast+0x5 [inlined in Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+0x33]:
fffff802`391c8d77 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffffb4800cb2f0a8 -- (.exr 0xffffb4800cb2f0a8)
ExceptionAddress: fffff802391c8d77 (Wdf01000!RtlFailFast+0x0000000000000005)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY 

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  lghub_agent.ex

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

EXCEPTION_STR:  0xc0000409

STACK_TEXT:  
ffffb480`0cb2ee28 fffff802`34c2c5e9     : 00000000`00000139 00000000`00000003 ffffb480`0cb2f150 ffffb480`0cb2f0a8 : nt!KeBugCheckEx
ffffb480`0cb2ee30 fffff802`34c2cbb2     : 00000000`00000001 00000400`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffb480`0cb2ef70 fffff802`34c2a906     : fffff802`3925fcf0 ffff9184`95abdd50 00000000`00000000 00000000`00000002 : nt!KiFastFailDispatch+0xb2
ffffb480`0cb2f150 fffff802`391c8d77     : fffff802`391c8cdb ffffb480`0cb2f590 00000000`00000000 ffffb480`0cb2f510 : nt!KiRaiseSecurityCheckFailure+0x346
ffffb480`0cb2f2e8 fffff802`391c8cdb     : ffffb480`0cb2f590 00000000`00000000 ffffb480`0cb2f510 00000000`00000008 : Wdf01000!FxIrpQueue::RemoveIrpFromListEntry+0x33 [minkernel\wdf\framework\shared\inc\private\common\FxIrpQueue.hpp @ 262] 
ffffb480`0cb2f2f0 fffff802`391c35e4     : ffffb480`0cb2f3d0 fffff802`391c6084 ffff9184`a7046800 00000000`00000000 : Wdf01000!FxIrpQueue::RemoveNextIrpFromQueue+0x4b [minkernel\wdf\framework\shared\core\fxirpqueue.cpp @ 828] 
ffffb480`0cb2f320 fffff802`39225e98     : ffff9184`9efe3bc0 00000000`00000000 00000000`00000000 fffff802`352ac2b0 : Wdf01000!FxRequest::GetNextRequest+0x18 [minkernel\wdf\framework\shared\core\fxrequest.cpp @ 2051] 
ffffb480`0cb2f360 fffff802`39223c80     : ffff818f`18360d00 ffff9184`9efe3bc0 ffff9184`9efe3be0 00000000`00000000 : Wdf01000!FxIoQueue::QueuePurge+0x150 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 4030] 
ffffb480`0cb2f3d0 fffff802`391c3f71     : fffff802`3545d000 ffffb480`0cb2f500 ffff9184`9efe3bc0 00000000`00000000 : Wdf01000!FxIoQueue::Dispose+0x30 [minkernel\wdf\framework\shared\irphandlers\io\fxioqueue.cpp @ 507] 
ffffb480`0cb2f410 fffff802`391c341d     : ffffb480`0cb2f650 00000000`00000000 ffff9184`98362000 00000000`00000000 : Wdf01000!FxObject::DisposeChildrenWorker+0xa1 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 1212] 
ffffb480`0cb2f460 fffff802`391c1d85     : ffff9184`9efe3bc0 ffff9184`9efe3c00 00000000`00000004 ffff9184`95abdd50 : Wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x35 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 846] 
ffffb480`0cb2f490 fffff802`391c3fc1     : ffff9184`a1a09b30 ffff9184`a1a09b00 ffff9184`9efe3c08 00000000`00000000 : Wdf01000!FxObject::PerformEarlyDisposeWorkerAndUnlock+0x39 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 926] 
ffffb480`0cb2f4c0 fffff802`391c34a6     : ffffb480`0cb2f650 00006e7b`5556adb8 ffff9184`98362000 fffff802`391c6277 : Wdf01000!FxObject::DisposeChildrenWorker+0xf1 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 1191] 
ffffb480`0cb2f510 fffff802`391c3336     : ffff9184`a1a09b30 ffffb480`0cb2f600 ffff9184`a1a09b68 00006e7b`5556adb8 : Wdf01000!FxObject::DeleteWorkerAndUnlock+0x46 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 968] 
ffffb480`0cb2f540 fffff802`391c718b     : ffff9184`95abdd50 fffff802`6bdd8000 ffff9184`95abdd00 fffff802`39211d00 : Wdf01000!FxObject::DeleteObject+0x76 [minkernel\wdf\framework\shared\object\fxobjectstatemachine.cpp @ 169] 
ffffb480`0cb2f570 fffff802`6bdd3624     : ffff9184`a1a09b30 00006e7b`5e5f64c8 00000000`00000000 fffff802`391d1c6f : Wdf01000!imp_WdfObjectDelete+0x4b [minkernel\wdf\framework\shared\object\fxobjectapi.cpp @ 319] 
ffffb480`0cb2f5c0 ffff9184`a1a09b30     : 00006e7b`5e5f64c8 00000000`00000000 fffff802`391d1c6f ffff9184`92ff4c70 : logi_generic_hid_filter+0x3624
ffffb480`0cb2f5c8 00006e7b`5e5f64c8     : 00000000`00000000 fffff802`391d1c6f ffff9184`92ff4c70 fffff802`6bddc4cd : 0xffff9184`a1a09b30
ffffb480`0cb2f5d0 00000000`00000000     : fffff802`391d1c6f ffff9184`92ff4c70 fffff802`6bddc4cd ffff9184`aaa95310 : 0x00006e7b`5e5f64c8

SYMBOL_NAME:  logi_generic_hid_filter+3624

MODULE_NAME: logi_generic_hid_filter

IMAGE_NAME:  logi_generic_hid_filter.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  3624

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_logi_generic_hid_filter!unknown_function

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {e1ef3f03-e7c4-6ead-0f36-87ab84e914ff}

Followup:     MachineOwner

I can't quite interpret it. Is logitech hub the problem?
Windows for home | Windows 11 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emmanuel Santana 39,640 Reputation points Independent Advisor
    2024-02-22T15:55:29+00:00

    Hello Anton, thank you for reaching out to the Microsoft Community. I am here to help and provide assistance with any questions or concerns you may have.

    As you mentioned, the dump highlighted logi_generic_hid_filter.sys as the culprit for the crash, which in this case is linked to Logitech human interface devices like keyboards and mice.

    Have you recently made any changes to your computer? Perhaps updated the drivers for any Logitech device you have?

    Was this answer helpful?

    0 comments