New
#1
Friend's desktop BSOD - 0x139 ntkrnlmp.exe
An online friend of mine has been getting BSODs for half a year now and I asked for the minidump files. Looking at the most recent one (it was the only file he had in his minidumps folder) in WinDBG I get the following:
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 139, {3, ffffc10069c7f780, ffffc10069c7f6d8, 0} Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )Code:kd> !thread THREAD ffff960400ac9400 Cid 1bac.4890 Teb: 000000000033b000 Win32Thread: ffff9603feabdac0 RUNNING on processor 2 Not impersonating GetUlongFromAddress: unable to read from fffff8026497c924 Owning Process ffff9603efe9e080 Image: game.bin Attached Process N/A Image: N/A fffff78000000000: Unable to get shared data Wait Start TickCount 14920749 Context Switch Count 4852731 IdealProcessor: 1 ReadMemory error: Cannot get nt!KeMaximumIncrement value. UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x00000000005023d5 Stack Init ffffc10069c7fc10 Current ffffc10069c7f900 Base ffffc10069c80000 Limit ffffc10069c79000 Call 0000000000000000 Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site ffffc100`69c7f458 fffff802`647db129 : 00000000`00000139 00000000`00000003 ffffc100`69c7f780 ffffc100`69c7f6d8 : nt!KeBugCheckEx ffffc100`69c7f460 fffff802`647db490 : 00000000`8000e00c 00000000`00000000 ffff2047`f7e2dcfb ffffc100`69c7f830 : nt!KiBugCheckDispatch+0x69 ffffc100`69c7f5a0 fffff802`647da473 : ffff9603`fe6f7748 00000000`00000001 ffff9603`f944e010 fffff802`64a86b34 : nt!KiFastFailDispatch+0xd0 ffffc100`69c7f780 fffff802`647f121e : ffff9604`00ac9400 ffff9603`fe6f7700 0012019f`00000000 ffffc100`69c7fb01 : nt!KiRaiseSecurityCheckFailure+0xf3 (TrapFrame @ ffffc100`69c7f780) ffffc100`69c7f910 fffff802`646b7ba4 : ffff9603`fa69a370 00000000`00000000 00000000`00000000 00000000`00000003 : nt! ?? ::FNODOBFM::`string'+0x1205e ffffc100`69c7f970 fffff802`64b5e6c8 : ffffc100`69c7fa28 00000000`00000000 ffffc100`69c7fb00 00000000`00000003 : nt!KeReleaseSemaphore+0x114 ffffc100`69c7f9f0 fffff802`647dac93 : ffff9604`00ac9400 00000000`530c7cf0 00000000`00000000 00000000`0033b001 : nt!NtReleaseSemaphore+0x98 ffffc100`69c7fa80 00000000`530b222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffc100`69c7fa80) 00000000`0009ef68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x530b222cCode:ffffc100`69c7f3b8 fffff807`23aa45b0*** WARNING: Unable to verify timestamp for Wdf01000.sys *** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys Wdf01000+0xa45b0Code:ffffc100`69c7fa48 ffff93b9`3564bddd*** WARNING: Unable to verify timestamp for win32kfull.sys *** ERROR: Module load completed but symbols could not be loaded for win32kfull.sys win32kfull+0x4bdddAll drivers are updated according to him.Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: ffffc10069c7f780, Address of the trap frame for the exception that caused the bugcheck Arg3: ffffc10069c7f6d8, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 10.0.14393.0 (rs1_release.160715-1616) SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1801 BIOS_DATE: 03/24/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: Z170-A BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 2 BUGCHECK_P1: 3 BUGCHECK_P2: ffffc10069c7f780 BUGCHECK_P3: ffffc10069c7f6d8 BUGCHECK_P4: 0 TRAP_FRAME: ffffc10069c7f780 -- (.trap 0xffffc10069c7f780) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffff9603ff0c18d8 rbx=0000000000000000 rcx=0000000000000003 rdx=ffff9603f723e8d8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff802647f121e rsp=ffffc10069c7f910 rbp=ffffc10054c40180 r8=0000000000000000 r9=0000000000000000 r10=fffff80264b5e600 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe cy nt! ?? ::FNODOBFM::`string'+0x1205e: fffff802`647f121e cd29 int 29h Resetting default scope EXCEPTION_RECORD: ffffc10069c7f6d8 -- (.exr 0xffffc10069c7f6d8) ExceptionAddress: fffff802647f121e (nt! ?? ::FNODOBFM::`string'+0x000000000001205e) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000003 Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY CPU_COUNT: 4 CPU_MHZ: db0 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT BUGCHECK_STR: 0x139 PROCESS_NAME: game.bin CURRENT_IRQL: 2 ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 0000000000000003 ANALYSIS_SESSION_HOST: DESKTOP-53APAMQ ANALYSIS_SESSION_TIME: 08-18-2016 23:47:55.0574 ANALYSIS_VERSION: 10.0.14321.1024 amd64fre LAST_CONTROL_TRANSFER: from fffff802647db129 to fffff802647cff90 STACK_TEXT: ffffc100`69c7f458 fffff802`647db129 : 00000000`00000139 00000000`00000003 ffffc100`69c7f780 ffffc100`69c7f6d8 : nt!KeBugCheckEx ffffc100`69c7f460 fffff802`647db490 : 00000000`8000e00c 00000000`00000000 ffff2047`f7e2dcfb ffffc100`69c7f830 : nt!KiBugCheckDispatch+0x69 ffffc100`69c7f5a0 fffff802`647da473 : ffff9603`fe6f7748 00000000`00000001 ffff9603`f944e010 fffff802`64a86b34 : nt!KiFastFailDispatch+0xd0 ffffc100`69c7f780 fffff802`647f121e : ffff9604`00ac9400 ffff9603`fe6f7700 0012019f`00000000 ffffc100`69c7fb01 : nt!KiRaiseSecurityCheckFailure+0xf3 ffffc100`69c7f910 fffff802`646b7ba4 : ffff9603`fa69a370 00000000`00000000 00000000`00000000 00000000`00000003 : nt! ?? ::FNODOBFM::`string'+0x1205e ffffc100`69c7f970 fffff802`64b5e6c8 : ffffc100`69c7fa28 00000000`00000000 ffffc100`69c7fb00 00000000`00000003 : nt!KeReleaseSemaphore+0x114 ffffc100`69c7f9f0 fffff802`647dac93 : ffff9604`00ac9400 00000000`530c7cf0 00000000`00000000 00000000`0033b001 : nt!NtReleaseSemaphore+0x98 ffffc100`69c7fa80 00000000`530b222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0009ef68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x530b222c STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: 7b1b1b678c193293d57e31051cdfc86482a154c8 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f1f42a15c3b1873086e7b45d6c7c55af090ccd17 THREAD_SHA1_HASH_MOD: cb5f414824c2521bcc505eaa03e92fa10922dad8 FOLLOWUP_IP: nt!KiFastFailDispatch+d0 fffff802`647db490 c644242000 mov byte ptr [rsp+20h],0 FAULT_INSTR_CODE: 202444c6 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiFastFailDispatch+d0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 578998f1 IMAGE_VERSION: 10.0.14393.0 BUCKET_ID_FUNC_OFFSET: d0 FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch BUCKET_ID: 0x139_3_nt!KiFastFailDispatch PRIMARY_PROBLEM_CLASS: 0x139_3_nt!KiFastFailDispatch TARGET_TIME: 2016-08-18T13:54:27.000Z OSBUILD: 14393 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-07-16 10:16:17 BUILDDATESTAMP_STR: 160715-1616 BUILDLAB_STR: rs1_release BUILDOSVER_STR: 10.0.14393.0 ANALYSIS_SESSION_ELAPSED_TIME: 12ffc ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
Here's the dump I requested from him: Attachment 96815