Tech Support banner

1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I upgraded my CPU a few weeks ago and had constant crashes so I did a wipe and reinstalled a fresh copy of windows. Now, I just had a crash again, and need to figure out what it was caused by. Here are the dump files


and here's the minidump analysis


Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\rusti\OneDrive\Desktop\031321-10281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`73400000 PsLoadedModuleList = 0xfffff807`7402a490
Debug session time: Sat Mar 13 15:31:00.029 2021 (UTC - 8:00)
System Uptime: 0 days 17:12:10.551
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`737f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe180`7433ecf0=0000000000000139
15: kd> !analyze -v
***
  • *
  • Bugcheck Analysis *
  • *
***

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: ffffe1807433f010, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffe1807433ef68, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3203

Key : Analysis.DebugAnalysisManager
Value: Create

Key : Analysis.Elapsed.mSec
Value: 18091

Key : Analysis.Init.CPU.mSec
Value: 359

Key : Analysis.Init.Elapsed.mSec
Value: 23474

Key : Analysis.Memory.CommitPeak.Mb
Value: 83

Key : FailFast.Name
Value: INCORRECT_STACK

Key : FailFast.Type
Value: 4

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


BUGCHECK_CODE: 139

BUGCHECK_P1: 4

BUGCHECK_P2: ffffe1807433f010

BUGCHECK_P3: ffffe1807433ef68

BUGCHECK_P4: 0

TRAP_FRAME: ffffe1807433f010 -- (.trap 0xffffe1807433f010)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff860698be9000 rbx=0000000000000000 rcx=0000000000000004
rdx=ffff860698bf0000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807738919a9 rsp=ffffe1807433f1a0 rbp=ffffe1807433f710
r8=ffff860698bf0000 r9=ffffe1807433f728 r10=ffff860698befa00
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlpGetStackLimitsEx+0x165d39:
fffff807`738919a9 cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffffe1807433ef68 -- (.exr 0xffffe1807433ef68)
ExceptionAddress: fffff807738919a9 (nt!RtlpGetStackLimitsEx+0x0000000000165d39)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000004
Subcode: 0x4 FAST_FAIL_INCORRECT_STACK

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: svchost.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000004

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
ffffe180`7433ece8 fffff807`73807b69 : 00000000`00000139 00000000`00000004 ffffe180`7433f010 ffffe180`7433ef68 : nt!KeBugCheckEx
ffffe180`7433ecf0 fffff807`73807f90 : 664f2d56`2d726570 6f432d65`6e696c66 72656d2d`6e6f6d6d 6b636150`2d646567 : nt!KiBugCheckDispatch+0x69
ffffe180`7433ee30 fffff807`73806323 : ffffe180`7433f7c0 00000000`00000000 ffffe180`7433ea60 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffe180`7433f010 fffff807`738919a9 : 000000db`5f77ddf0 00007ffa`25e57dd3 ffffe180`7433f710 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x323
ffffe180`7433f1a0 fffff807`73891b77 : ffffe180`7433f710 00000000`00000000 ffff8606`98befa00 fffff807`00000003 : nt!RtlpGetStackLimitsEx+0x165d39
ffffe180`7433f1d0 fffff807`7372abe6 : ffff8606`98bef2c8 ffffe180`7433fe20 ffff8606`98bef2c8 00000000`00000040 : nt!RtlDispatchException+0x165e17
ffffe180`7433f8f0 fffff807`737f6ae2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffffe180`7433ffb0 fffff807`737f6ab0 : fffff807`73807ca5 ffff8606`98bef780 00000000`00000000 00000000`00140001 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffff8606`98bef188 fffff807`73807ca5 : ffff8606`98bef780 00000000`00000000 00000000`00140001 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffff8606`98bef190 fffff807`738021e9 : ffff8c81`468d3080 ffff8c81`337a8b38 ffffffff`fffffffe ffffc3e1`c091a6c0 : nt!KiExceptionDispatch+0x125
ffff8606`98bef370 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInvalidOpcodeFault+0x329


SYMBOL_NAME: nt!KiFastFailDispatch+d0

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.19041.867

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: d0

FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_nt!KiFastFailDispatch
 

·
Team Manager, Microsoft Support
Joined
·
28,962 Posts
New CPU might require bios update.
 
1 - 2 of 2 Posts
Top