Return to Level1Techs.com

KVM + fortnite = BSOD - Kernel_Security_Check_Failure

Running fortnite in a KVM on Pop_OS! is something I haven’t been able to do yet. However I am able to run overwatch at nearly native fps. But when I attempt to run fortnite on there it BSODs and shows Kernel_Security_Check_Failure I have a memory dump from that down here. I dont really know what to make of it, other than that the fortnite game exe is triggering it. And just in case its something vm configuration related I have my whole KVM XML down here as well.

Thank you all in advance! ^^

KVM XML

<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
  <name>win10</name>
  <uuid>40575e23-c6b5-42ff-b070-6a9a6d0b3328</uuid>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://microsoft.com/win/10"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit="KiB">16000000</memory>
  <currentMemory unit="KiB">16000000</currentMemory>
  <memoryBacking>
    <hugepages/>
  </memoryBacking>
  <vcpu placement="static" current="4">12</vcpu>
  <os>
    <type arch="x86_64" machine="pc-q35-4.0">hvm</type>
    <loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
    <bootmenu enable="yes"/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <hyperv>
      <relaxed state="on"/>
      <vapic state="on"/>
      <spinlocks state="on" retries="8191"/>
      <vendor_id state="on" value="Ceremco"/>
    </hyperv>
    <kvm>
      <hidden state="on"/>
    </kvm>
    <vmport state="off"/>
    <ioapic driver="kvm"/>
  </features>
  <cpu mode="host-model" check="partial">
    <model fallback="allow"/>
    <topology sockets="1" cores="6" threads="2"/>
  </cpu>
  <clock offset="localtime">
    <timer name="rtc" tickpolicy="catchup"/>
    <timer name="pit" tickpolicy="delay"/>
    <timer name="hpet" present="no"/>
    <timer name="hypervclock" present="yes"/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled="no"/>
    <suspend-to-disk enabled="no"/>
  </pm>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type="file" device="cdrom">
      <driver name="qemu" type="raw" cache="none" io="native"/>
      <source file="/home/ceremco/Downloads/virtio-win-0.1.171.iso"/>
      <target dev="sda" bus="sata"/>
      <readonly/>
      <address type="drive" controller="0" bus="0" target="0" unit="0"/>
    </disk>
    <controller type="usb" index="0" model="qemu-xhci" ports="15">
      <address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
    </controller>
    <controller type="pci" index="0" model="pcie-root"/>
    <controller type="pci" index="1" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="1" port="0x8"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0" multifunction="on"/>
    </controller>
    <controller type="pci" index="2" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="2" port="0x9"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
    </controller>
    <controller type="pci" index="3" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="3" port="0xa"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x2"/>
    </controller>
    <controller type="pci" index="4" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="4" port="0xb"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x3"/>
    </controller>
    <controller type="pci" index="5" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="5" port="0xc"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x4"/>
    </controller>
    <controller type="pci" index="6" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="6" port="0xd"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x5"/>
    </controller>
    <controller type="pci" index="7" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="7" port="0xe"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x6"/>
    </controller>
    <controller type="pci" index="8" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="8" port="0xf"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x7"/>
    </controller>
    <controller type="pci" index="9" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="9" port="0x10"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
    </controller>
    <controller type="pci" index="10" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="10" port="0x11"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
    </controller>
    <controller type="pci" index="11" model="pcie-to-pci-bridge">
      <model name="pcie-pci-bridge"/>
      <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
    </controller>
    <controller type="pci" index="12" model="pcie-root-port">
      <model name="pcie-root-port"/>
      <target chassis="12" port="0x12"/>
      <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
    </controller>
    <controller type="sata" index="0">
      <address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
    </controller>
    <interface type="bridge">
      <mac address="52:54:00:6c:47:81"/>
      <source bridge="bridge0"/>
      <model type="virtio"/>
      <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
    </interface>
    <interface type="network">
      <mac address="52:54:00:e6:8e:0d"/>
      <source network="formula"/>
      <model type="virtio"/>
      <link state="up"/>
      <address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
    </interface>
    <input type="mouse" bus="virtio">
      <address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
    </input>
    <input type="keyboard" bus="virtio">
      <address type="pci" domain="0x0000" bus="0x0a" slot="0x00" function="0x0"/>
    </input>
    <input type="mouse" bus="ps2"/>
    <input type="keyboard" bus="ps2"/>
    <sound model="ich6">
      <address type="pci" domain="0x0000" bus="0x0b" slot="0x02" function="0x0"/>
    </sound>
    <hostdev mode="subsystem" type="pci" managed="yes">
      <source>
        <address domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
      </source>
      <rom bar="on"/>
      <address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
    </hostdev>
    <hostdev mode="subsystem" type="pci" managed="yes">
      <source>
        <address domain="0x0000" bus="0x03" slot="0x00" function="0x1"/>
      </source>
      <rom bar="on"/>
      <address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
    </hostdev>
    <hostdev mode="subsystem" type="pci" managed="yes">
      <source>
        <address domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
      </source>
      <boot order="1"/>
      <rom bar="on"/>
      <address type="pci" domain="0x0000" bus="0x08" slot="0x00" function="0x0"/>
    </hostdev>
    <memballoon model="virtio">
      <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
    </memballoon>
    <shmem name="looking-glass">
      <model type="ivshmem-plain"/>
      <size unit="M">32</size>
      <address type="pci" domain="0x0000" bus="0x0b" slot="0x01" function="0x0"/>
    </shmem>
  </devices>
  <qemu:commandline>
    <qemu:arg value="-object"/>
    <qemu:arg value="input-linux,id=mouse1,evdev=/dev/input/by-id/usb-Logitech_Gaming_Mouse_G502_066A34783437-event-mouse"/>
    <qemu:arg value="-object"/>
    <qemu:arg value="input-linux,id=kbd1,evdev=/dev/input/by-id/usb-Logitech_G510_Gaming_Keyboard-event-kbd,grab_all=on,repeat=on"/>
    <qemu:env name="QEMU_AUDIO_DRV" value="pa"/>
    <qemu:env name="QEMU_PA_SAMPLES" value="8192"/>
    <qemu:env name="QEMU_AUDIO_TIMER_PERIOD" value="99"/>
    <qemu:env name="QEMU_PA_SERVER" value="/run/user/1000/pulse/native"/>
  </qemu:commandline>
</domain>

Windows 10 BSOD memory.dmp

> KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack extents for the thread.
Arg2: ffffc381cb85eff0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffc381cb85ef48, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202

SYSTEM_MANUFACTURER:  QEMU

SYSTEM_PRODUCT_NAME:  Standard PC (Q35 + ICH9, 2009)

SYSTEM_VERSION:  pc-q35-4.0

BIOS_VENDOR:  EFI Development Kit II / OVMF

BIOS_VERSION:  0.0.0

BIOS_DATE:  02/06/2015

DUMP_TYPE:  1

BUGCHECK_P1: 4

BUGCHECK_P2: ffffc381cb85eff0

BUGCHECK_P3: ffffc381cb85ef48

BUGCHECK_P4: 0

TRAP_FRAME:  ffffc381cb85eff0 -- (.trap 0xffffc381cb85eff0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffd0524acc000 rbx=0000000000000000 rcx=0000000000000004
rdx=fffffd0524ad2000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80234c4ecc7 rsp=ffffc381cb85f180 rbp=ffffc381cb85f6f0
 r8=fffffd0524ad2000  r9=ffffc381cb85f701 r10=ffff828b237ea080
r11=0000003f0072d5b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl zr na po nc
nt!RtlpGetStackLimitsEx+0x12e6cb:
fffff802`34c4ecc7 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: fffff80234bc10a0 (nt!KeBugCheckEx)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000001
NumberParameters: 0

CPU_COUNT: 4

CPU_MHZ: d4b

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3a

CPU_STEPPING: 9

CPU_MICROCODE: 6,3a,9,0 (F,M,S,R)  SIG: 1'00000000 (cache) 1'00000000 (init)

BUGCHECK_STR:  0x139

PROCESS_NAME:  FortniteClient-Win64-Shipping.exe

CURRENT_IRQL:  0

DEFAULT_BUCKET_ID:  FAIL_FAST_INCORRECT_STACK

WATSON_BKT_EVENT:  BEX

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000004

ANALYSIS_SESSION_HOST:  DESKTOP-9P3C7E0

ANALYSIS_SESSION_TIME:  11-11-2019 19:01:49.0974

ANALYSIS_VERSION: 10.0.18362.1 x86fre

BAD_STACK_POINTER:  ffffc381cb85ecc8

LAST_CONTROL_TRANSFER:  from fffff80234bd2ee9 to fffff80234bc10a0

STACK_TEXT:  
ffffc381`cb85ecc8 fffff802`34bd2ee9 : 00000000`00000139 00000000`00000004 ffffc381`cb85eff0 ffffc381`cb85ef48 : nt!KeBugCheckEx
ffffc381`cb85ecd0 fffff802`34bd3310 : 00000000`00000000 00000000`00000000 ffffffff`ffffffff ffffffff`ffffffff : nt!KiBugCheckDispatch+0x69
ffffc381`cb85ee10 fffff802`34bd16a5 : fffff802`34b271d8 fffff802`34e0de14 ffffc381`cb85f7d0 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffc381`cb85eff0 fffff802`34c4ecc7 : 00000000`00000000 00000000`00000267 0005e554`00ab5000 00000000`0010001f : nt!KiRaiseSecurityCheckFailure+0x325
ffffc381`cb85f180 fffff802`34c2e600 : 00000000`0000008e 00000000`00000000 ffffc381`cb85f6f0 00007fff`00000003 : nt!RtlpGetStackLimitsEx+0x12e6cb
ffffc381`cb85f1b0 fffff802`34ac7aee : fffffd05`24ad18b8 ffffc381`cb85fe30 fffffd05`24ad18b8 00000000`001cf750 : nt!RtlDispatchException+0x16b550
ffffc381`cb85f900 fffff802`34bc1f22 : ffffffff`ffffffff ffffffff`ffffffff ffffffff`ffffffff ffffffff`ffffffff : nt!KiDispatchException+0x16e
ffffc381`cb85ffb0 fffff802`34bc1ef0 : fffff802`34bd3016 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxExceptionDispatchOnExceptionStack+0x12
fffffd05`24ad1778 fffff802`34bd3016 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
fffffd05`24ad1780 fffff802`34bceda2 : 00000000`00000000 00000000`00000001 fffffd05`24ad1ac0 ffff828b`237ea080 : nt!KiExceptionDispatch+0x116
fffffd05`24ad1960 fffff802`34bc167e : fffff802`34bc7a07 00007ff7`e4046e00 fffffd05`24ad1b80 ffff828b`237ea080 : nt!KiGeneralProtectionFault+0x322
fffffd05`24ad1af8 fffff802`34bc7a07 : 00007ff7`e4046e00 fffffd05`24ad1b80 ffff828b`237ea080 00000000`001cf750 : nt!KiSaveDebugRegisterState+0x8e
fffffd05`24ad1b00 00007fff`56edb404 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIpiInterrupt+0x267
0000003f`0072d5b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`56edb404


THREAD_SHA1_HASH_MOD_FUNC:  439169631f0b674993a50adabe97ebb00283d757

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  35f648a188b2f1cdd98e5abedd1c72f7b99570c6

THREAD_SHA1_HASH_MOD:  fe34192f63d13620a8987d294372ee74d699cfee

FOLLOWUP_IP: 
nt!KiFastFailDispatch+d0
fffff802`34bd3310 c644242000      mov     byte ptr [rsp+20h],0

FAULT_INSTR_CODE:  202444c6

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiFastFailDispatch+d0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  d0

FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch

TARGET_TIME:  2019-11-11T17:30:42.000Z

OSBUILD:  18362

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  190318-1202

BUILDLAB_STR:  19h1_release

BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME:  2dde

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_missing_gsframe_stackptr_error_nt!kifastfaildispatch

FAILURE_ID_HASH:  {7b0febb5-6007-4f2b-3d38-57fef278d8d5}

Followup:     MachineOwner