Getting a blue screen of death randomly

C

CleanPinch123

The description says it all. Ill come back to my computer and its frozen, or blue screened. I looked at the WinDBG and have the info but I am a little confused on how to read it? Any help would be greatly appreicated. I am fearing it is something but I would rather have someone tell me why its doing it. I can post other minidumps if needed as well from previous days.


[COLOR=rgba(30, 30, 30, 1)]Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\041121-38343-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`6f200000 PsLoadedModuleList = 0xfffff802`6fe2a490
Debug session time: Sun Apr 11 12:42:16.019 2021 (UTC - 7:00)
System Uptime: 0 days 1:24:00.686
Loading Kernel Symbols
...............................................................
................................................................
.........................................................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run [/COLOR][COLOR=rgba(0, 0, 255, 1)]!analyze -v
[/COLOR][COLOR=rgba(30, 30, 30, 1)]nt!KeBugCheckEx:
fffff802`6f5f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8c0a`579c67e0=0000000000000139
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff8c0a579c6b00, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff8c0a579c6a58, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 5343

Key : Analysis.DebugAnalysisManager
Value: Create

Key : Analysis.Elapsed.mSec
Value: 31432

Key : Analysis.Init.CPU.mSec
Value: 656

Key : Analysis.Init.Elapsed.mSec
Value: 75534

Key : Analysis.Memory.CommitPeak.Mb
Value: 85

Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY

Key : FailFast.Type
Value: 3

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: ffff8c0a579c6b00

BUGCHECK_P3: ffff8c0a579c6a58

BUGCHECK_P4: 0

TRAP_FRAME: ffff8c0a579c6b00 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xffff8c0a579c6b00)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffff8c0a579c6a58 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffff8c0a579c6a58)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff8026f6360fd (nt!KiCancelTimer+0x00000000001cf1ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
ffff8c0a`579c67d8 fffff802`6f607b69 : 00000000`00000139 00000000`00000003 ffff8c0a`579c6b00 ffff8c0a`579c6a58 : nt!KeBugCheckEx
ffff8c0a`579c67e0 fffff802`6f607f90 : 00000000`00000001 00000000`00000002 00000000`000367ac ffff8380`000081c0 : nt!KiBugCheckDispatch+0x69
ffff8c0a`579c6920 fffff802`6f606323 : ffffbf8c`55a2e700 00000000`00000000 ffffbf8c`55a2e7c0 fffff802`6f40ecc6 : nt!KiFastFailDispatch+0xd0
ffff8c0a`579c6b00 fffff802`6f6360fd : 00000000`00000000 00000000`00000000 ffffbf8c`44b30e28 fffff802`6f46b6e9 : nt!KiRaiseSecurityCheckFailure+0x323
ffff8c0a`579c6c90 fffff802`6f43650b : ffffbf8c`44b30db0 ffffffff`ffffffff ffffe9de`31332a43 00000000`00000000 : nt!KiCancelTimer+0x1cf1ad
ffff8c0a`579c6d40 fffff802`6f436aaf : ffffbf8c`44b7e8a0 ffffbf8c`44b7e801 ffffbf8c`44b7e801 00000000`00000002 : nt!KeCancelTimer+0x3b
ffff8c0a`579c6d70 fffff802`6f4376cc : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopFxProcessWork+0x2b3
ffff8c0a`579c6e20 fffff802`6f4375fc : 00000000`00000005 00000000`00000001 00000000`00000000 ffffbf8c`44930101 : nt!PopFxActivateComponentWorker+0x68
ffff8c0a`579c6e70 fffff802`7282ae03 : ffffbf8c`449301a0 ffffbf8c`564d92d0 ffffbf8c`50d08248 00000000`00000000 : nt!PoFxActivateComponent+0x13c
ffff8c0a`579c6f00 fffff802`7282a4ec : 00000000`00000000 00000000`00000000 00000000`00000000 ffffbf8c`449251a0 : storport!RaidStartIoPacket+0x6d3
ffff8c0a`579c7030 fffff802`7282a28a : 00000000`00000000 00000000`00000000 ffffbf8c`4492fe10 00000000`00000000 : storport!RaUnitScsiIrp+0x21c
ffff8c0a`579c70d0 fffff802`6f452f55 : ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4492fe10 00000000`00000000 : storport!RaDriverScsiIrp+0x5a
ffff8c0a`579c7110 fffff802`7228b58d : ffffbf8c`4492fe10 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7150 fffff802`722810d6 : ffffbf8c`43efb410 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7190 fffff802`6f452f55 : 00000000`00000007 ffffbf8c`50d08010 ffffbf8c`50d08010 ffffbf8c`4491b8b0 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7210 fffff802`7228b58d : ffffbf8c`4491b8b0 ffffbf8c`50d08010 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff8c0a`579c7250 fffff802`722810d6 : ffffbf8c`44841890 00000000`00000007 ffffbf8c`50d08248 00000000`00000000 : ACPI!ACPIIrpDispatchDeviceControl+0xad
ffff8c0a`579c7290 fffff802`6f452f55 : 00000000`00000007 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 : ACPI!ACPIDispatchIrp+0xc6
ffff8c0a`579c7310 fffff802`734d176f : 00000000`00000000 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f : nt!IofCallDriver+0x55
ffff8c0a`579c7350 00000000`00000000 : 00000000`00001000 ffffbf8c`44b28a20 fffff802`6f44bc2f 00000000`00000020 : IaNVMeF+0x176f


SYMBOL_NAME: nt!KiCancelTimer+1cf1ad

MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]nt

[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.19041.870

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 1cf1ad

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCancelTimer

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {0a906956-eabe-15a9-fdee-848f8aa430ba}

Followup: MachineOwner
---------

2: kd> .trap 0xffff8c0a579c6b00
NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=fffff8026b212d48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffbf8c44b7ea30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8026f6360fd rsp=ffff8c0a579c6c90 rbp=0000000000001280
r8=0000000000000001 r9=0000000000000084 r10=0000000000000000
r11=fffff8026f200000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiCancelTimer+0x1cf1ad:
fffff802`6f6360fd cd29 int 29h
[/COLOR]

Continue reading...
 

Similar threads

C
Replies
0
Views
432
CleanPinch123
C
R
Replies
0
Views
302
R4ndomPerson
R
B
Replies
0
Views
546
Bhim Charan Murmu
B
X
Replies
0
Views
252
XxBaddaskillerX
X
Back
Top Bottom