C
CleanPinch123
Guest
description says it all. Ill come back to my computer and its frozen, or blue screened. I looked at the WinDBG and have the info but I am a little confused on how to read it? Any help would be greatly appreicated. I am fearing it is something but I would rather have someone tell me why its doing it. I can post other minidumps if needed as well from previous days.
[COLOR=rgba(30, 30, 30, 1)]Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041121-38343-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`6f200000 PsLoadedModuleList = 0xfffff802`6fe2a490
Debug session time: Sun Apr 11 12:42:16.019 2021 (UTC - 7:00)
System Uptime: 0 days 1:24:00.686
Loading Kernel Symbols
...............................................................
................................................................
.........................................................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run [/COLOR][COLOR=rgba(0, 0, 255, 1)]!analyze -v
[/COLOR][COLOR=rgba(30, 30, 30, 1)]nt!KeBugCheckEx:
fffff802`6f5f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8c0a`579c67e0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff8c0a579c6b00, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff8c0a579c6a58, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5343
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 31432
Key : Analysis.Init.CPU.mSec
Value: 656
Key : Analysis.Init.Elapsed.mSec
Value: 75534
Key : Analysis.Memory.CommitPeak.Mb
Value: 85
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff8c0a579c6b00
BUGCHECK_P3: ffff8c0a579c6a58
BUGCHECK_P4: 0
TRAP_FRAME: ffff8c0a579c6b00 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xffff8c0a579c6b00)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff8c0a579c6a58 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffff8c0a579c6a58)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff8026f6360fd (nt!KiCancelTimer+0x00000000001cf1ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff8c0a`579c67d8 fffff802`6f607b69 : 00000000`00000139 00000000`00000003 ffff8c0a`579c6b00 ffff8c0a`579c6a58 : nt!KeBugCheckEx
ffff8c0a`579c67e0 fffff802`6f607f90 : 00000000`00000001 00000000`00000002 00000000`000367ac ffff8380`000081c0 : nt!KiBugCheckDispatch+0x69
ffff8c0a`579c6920 fffff802`6f606323 : ffffbf8c`55a2e700 00000000`00000000 ffffbf8c`55a2e7c0 fffff802`6f40ecc6 : nt!KiFastFailDispatch+0xd0
ffff8c0a`579c6b00 fffff802`6f6360fd : 00000000`00000000 00000000`00000000 ffffbf8c`44b30e28 fffff802`6f46b6e9 : nt!KiRaiseSecurityCheckFailure+0x323
ffff8c0a`579c6c90 fffff802`6f43650b : ffffbf8c`44b30db0 ffffffff`ffffffff ffffe9de`31332a43 00000000`00000000 : nt!KiCancelTimer+0x1cf1ad
ffff8c0a`579c6d40 fffff802`6f436aaf : ffffbf8c`44b7e8a0 ffffbf8c`44b7e801 ffffbf8c`44b7e801 00000000`00000002 : nt!KeCancelTimer+0x3b
ffff8c0a`579c6d70 fffff802`6f4376cc : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopFxProcessWork+0x2b3
ffff8c0a`579c6e20 fffff802`6f4375fc : 00000000`00000005 00000000`00000001 00000000`00000000 ffffbf8c`44930101 : nt!PopFxActivateComponentWorker+0x68
ffff8c0a`579c6e70 fffff802`7282ae03 : ffffbf8c`449301a0 ffffbf8c`564d92d0 ffffbf8c`50d08248 00000000`00000000 : nt!PoFxActivateComponent+0x13c
ffff8c0a`579c6f00 fffff802`7282a4ec : 00000000`00000000 00000000`00000000 00000000`00000000 ffffbf8c`449251a0 : storport!RaidStartIoPacket+0x6d3
ffff8c0a`579c7030 fffff802`7282a28a : 00000000`00000000 00000000`00000000 ffffbf8c`4492fe10 00000000`00000000 : storport!RaUnitScsiIrp+0x21c
ffff8c0a`579c70d0 fffff802`6f452f55 : ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4492fe10 00000000`00000000 : storport!RaDriverScsiIrp+0x5a
ffff8c0a`579c7110 fffff802`7228b58d : ffffbf8c`4492fe10 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7150 fffff802`722810d6 : ffffbf8c`43efb410 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7190 fffff802`6f452f55 : 00000000`00000007 ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4491b8b0 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7210 fffff802`7228b58d : ffffbf8c`4491b8b0 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7250 fffff802`722810d6 : ffffbf8c`44841890 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7290 fffff802`6f452f55 : 00000000`00000007 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7310 fffff802`734d176f : 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f : nt!IofCallDriver+0x55
ffff8c0a`579c7350 00000000`00000000 : 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f 00000000`00000020 : IaNVMeF+0x176f
SYMBOL_NAME: nt!KiCancelTimer+1cf1ad
MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]nt
[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.870
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1cf1ad
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCancelTimer
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {0a906956-eabe-15a9-fdee-848f8aa430ba}
Followup: MachineOwner
---------
2: kd> .trap 0xffff8c0a579c6b00
NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
[/COLOR]
Continue reading...
[COLOR=rgba(30, 30, 30, 1)]Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041121-38343-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`6f200000 PsLoadedModuleList = 0xfffff802`6fe2a490
Debug session time: Sun Apr 11 12:42:16.019 2021 (UTC - 7:00)
System Uptime: 0 days 1:24:00.686
Loading Kernel Symbols
...............................................................
................................................................
.........................................................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run [/COLOR][COLOR=rgba(0, 0, 255, 1)]!analyze -v
[/COLOR][COLOR=rgba(30, 30, 30, 1)]nt!KeBugCheckEx:
fffff802`6f5f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8c0a`579c67e0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff8c0a579c6b00, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff8c0a579c6a58, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5343
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 31432
Key : Analysis.Init.CPU.mSec
Value: 656
Key : Analysis.Init.Elapsed.mSec
Value: 75534
Key : Analysis.Memory.CommitPeak.Mb
Value: 85
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff8c0a579c6b00
BUGCHECK_P3: ffff8c0a579c6a58
BUGCHECK_P4: 0
TRAP_FRAME: ffff8c0a579c6b00 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xffff8c0a579c6b00)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff8c0a579c6a58 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffff8c0a579c6a58)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff8026f6360fd (nt!KiCancelTimer+0x00000000001cf1ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff8c0a`579c67d8 fffff802`6f607b69 : 00000000`00000139 00000000`00000003 ffff8c0a`579c6b00 ffff8c0a`579c6a58 : nt!KeBugCheckEx
ffff8c0a`579c67e0 fffff802`6f607f90 : 00000000`00000001 00000000`00000002 00000000`000367ac ffff8380`000081c0 : nt!KiBugCheckDispatch+0x69
ffff8c0a`579c6920 fffff802`6f606323 : ffffbf8c`55a2e700 00000000`00000000 ffffbf8c`55a2e7c0 fffff802`6f40ecc6 : nt!KiFastFailDispatch+0xd0
ffff8c0a`579c6b00 fffff802`6f6360fd : 00000000`00000000 00000000`00000000 ffffbf8c`44b30e28 fffff802`6f46b6e9 : nt!KiRaiseSecurityCheckFailure+0x323
ffff8c0a`579c6c90 fffff802`6f43650b : ffffbf8c`44b30db0 ffffffff`ffffffff ffffe9de`31332a43 00000000`00000000 : nt!KiCancelTimer+0x1cf1ad
ffff8c0a`579c6d40 fffff802`6f436aaf : ffffbf8c`44b7e8a0 ffffbf8c`44b7e801 ffffbf8c`44b7e801 00000000`00000002 : nt!KeCancelTimer+0x3b
ffff8c0a`579c6d70 fffff802`6f4376cc : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopFxProcessWork+0x2b3
ffff8c0a`579c6e20 fffff802`6f4375fc : 00000000`00000005 00000000`00000001 00000000`00000000 ffffbf8c`44930101 : nt!PopFxActivateComponentWorker+0x68
ffff8c0a`579c6e70 fffff802`7282ae03 : ffffbf8c`449301a0 ffffbf8c`564d92d0 ffffbf8c`50d08248 00000000`00000000 : nt!PoFxActivateComponent+0x13c
ffff8c0a`579c6f00 fffff802`7282a4ec : 00000000`00000000 00000000`00000000 00000000`00000000 ffffbf8c`449251a0 : storport!RaidStartIoPacket+0x6d3
ffff8c0a`579c7030 fffff802`7282a28a : 00000000`00000000 00000000`00000000 ffffbf8c`4492fe10 00000000`00000000 : storport!RaUnitScsiIrp+0x21c
ffff8c0a`579c70d0 fffff802`6f452f55 : ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4492fe10 00000000`00000000 : storport!RaDriverScsiIrp+0x5a
ffff8c0a`579c7110 fffff802`7228b58d : ffffbf8c`4492fe10 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7150 fffff802`722810d6 : ffffbf8c`43efb410 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7190 fffff802`6f452f55 : 00000000`00000007 ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4491b8b0 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7210 fffff802`7228b58d : ffffbf8c`4491b8b0 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7250 fffff802`722810d6 : ffffbf8c`44841890 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7290 fffff802`6f452f55 : 00000000`00000007 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7310 fffff802`734d176f : 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f : nt!IofCallDriver+0x55
ffff8c0a`579c7350 00000000`00000000 : 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f 00000000`00000020 : IaNVMeF+0x176f
SYMBOL_NAME: nt!KiCancelTimer+1cf1ad
MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]nt
[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.870
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1cf1ad
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCancelTimer
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {0a906956-eabe-15a9-fdee-848f8aa430ba}
Followup: MachineOwner
---------
2: kd> .trap 0xffff8c0a579c6b00
NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
[/COLOR]
Continue reading...