BSOD Crash Dump

1. *******************************************************************************
2. * *
3. * Bugcheck Analysis *
4. * *
5. *******************************************************************************
6.  
7. KERNEL_SECURITY_CHECK_FAILURE (139)
8. A kernel component has corrupted a critical data structure. The corruption
9. could potentially allow a malicious user to gain control of this machine.
10. Arguments:
11. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
12. Arg2: fffff981dd4aeff0, Address of the trap frame for the exception that caused the BugCheck
13. Arg3: fffff981dd4aef48, Address of the exception record for the exception that caused the BugCheck
14. Arg4: 0000000000000000, Reserved
15.  
16. Debugging Details:
17. ------------------
18.  
19.  
20. KEY_VALUES_STRING: 1
21.  
22. Key : Analysis.CPU.mSec
23. Value: 937
24.  
25. Key : Analysis.Elapsed.mSec
26. Value: 4019
27.  
28. Key : Analysis.IO.Other.Mb
29. Value: 7
30.  
31. Key : Analysis.IO.Read.Mb
32. Value: 1
33.  
34. Key : Analysis.IO.Write.Mb
35. Value: 32
36.  
37. Key : Analysis.Init.CPU.mSec
38. Value: 156
39.  
40. Key : Analysis.Init.Elapsed.mSec
41. Value: 29924
42.  
43. Key : Analysis.Memory.CommitPeak.Mb
44. Value: 102
45.  
46. Key : Analysis.Version.DbgEng
47. Value: 10.0.27725.1000
48.  
49. Key : Analysis.Version.Description
50. Value: 10.2408.27.01 amd64fre
51.  
52. Key : Analysis.Version.Ext
53. Value: 1.2408.27.1
54.  
55. Key : Bugcheck.Code.LegacyAPI
56. Value: 0x139
57.  
58. Key : Bugcheck.Code.TargetModel
59. Value: 0x139
60.  
61. Key : Dump.Attributes.AsUlong
62. Value: 808
63.  
64. Key : Dump.Attributes.KernelGeneratedTriageDump
65. Value: 1
66.  
67. Key : FailFast.Name
68. Value: CORRUPT_LIST_ENTRY
69.  
70. Key : FailFast.Type
71. Value: 3
72.  
73. Key : Failure.Bucket
74. Value: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function
75.  
76. Key : Failure.Hash
77. Value: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}
78.  
79. Key : Hypervisor.Enlightenments.ValueHex
80. Value: 1497cf94
81.  
82. Key : Hypervisor.Flags.AnyHypervisorPresent
83. Value: 1
84.  
85. Key : Hypervisor.Flags.ApicEnlightened
86. Value: 1
87.  
88. Key : Hypervisor.Flags.ApicVirtualizationAvailable
89. Value: 0
90.  
91. Key : Hypervisor.Flags.AsyncMemoryHint
92. Value: 0
93.  
94. Key : Hypervisor.Flags.CoreSchedulerRequested
95. Value: 0
96.  
97. Key : Hypervisor.Flags.CpuManager
98. Value: 1
99.  
100. Key : Hypervisor.Flags.DeprecateAutoEoi
101. Value: 0
102.  
103. Key : Hypervisor.Flags.DynamicCpuDisabled
104. Value: 1
105.  
106. Key : Hypervisor.Flags.Epf
107. Value: 0
108.  
109. Key : Hypervisor.Flags.ExtendedProcessorMasks
110. Value: 1
111.  
112. Key : Hypervisor.Flags.HardwareMbecAvailable
113. Value: 1
114.  
115. Key : Hypervisor.Flags.MaxBankNumber
116. Value: 0
117.  
118. Key : Hypervisor.Flags.MemoryZeroingControl
119. Value: 0
120.  
121. Key : Hypervisor.Flags.NoExtendedRangeFlush
122. Value: 0
123.  
124. Key : Hypervisor.Flags.NoNonArchCoreSharing
125. Value: 1
126.  
127. Key : Hypervisor.Flags.Phase0InitDone
128. Value: 1
129.  
130. Key : Hypervisor.Flags.PowerSchedulerQos
131. Value: 0
132.  
133. Key : Hypervisor.Flags.RootScheduler
134. Value: 0
135.  
136. Key : Hypervisor.Flags.SynicAvailable
137. Value: 1
138.  
139. Key : Hypervisor.Flags.UseQpcBias
140. Value: 0
141.  
142. Key : Hypervisor.Flags.Value
143. Value: 4853999
144.  
145. Key : Hypervisor.Flags.ValueHex
146. Value: 4a10ef
147.  
148. Key : Hypervisor.Flags.VpAssistPage
149. Value: 1
150.  
151. Key : Hypervisor.Flags.VsmAvailable
152. Value: 1
153.  
154. Key : Hypervisor.RootFlags.AccessStats
155. Value: 1
156.  
157. Key : Hypervisor.RootFlags.CrashdumpEnlightened
158. Value: 1
159.  
160. Key : Hypervisor.RootFlags.CreateVirtualProcessor
161. Value: 1
162.  
163. Key : Hypervisor.RootFlags.DisableHyperthreading
164. Value: 0
165.  
166. Key : Hypervisor.RootFlags.HostTimelineSync
167. Value: 1
168.  
169. Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
170. Value: 0
171.  
172. Key : Hypervisor.RootFlags.IsHyperV
173. Value: 1
174.  
175. Key : Hypervisor.RootFlags.LivedumpEnlightened
176. Value: 1
177.  
178. Key : Hypervisor.RootFlags.MapDeviceInterrupt
179. Value: 1
180.  
181. Key : Hypervisor.RootFlags.MceEnlightened
182. Value: 1
183.  
184. Key : Hypervisor.RootFlags.Nested
185. Value: 0
186.  
187. Key : Hypervisor.RootFlags.StartLogicalProcessor
188. Value: 1
189.  
190. Key : Hypervisor.RootFlags.Value
191. Value: 1015
192.  
193. Key : Hypervisor.RootFlags.ValueHex
194. Value: 3f7
195.  
196.  
197. BUGCHECK_CODE: 139
198.  
199. BUGCHECK_P1: 3
200.  
201. BUGCHECK_P2: fffff981dd4aeff0
202.  
203. BUGCHECK_P3: fffff981dd4aef48
204.  
205. BUGCHECK_P4: 0
206.  
207. FILE_IN_CAB: 010525-13531-01.dmp
208.  
209. TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
210.  
211.  
212. DUMP_FILE_ATTRIBUTES: 0x808
213. Kernel Generated Triage Dump
214.  
215. FAULTING_THREAD: ffffd38eb5b495c0
216.  
217. TRAP_FRAME: fffff981dd4aeff0 -- (.trap 0xfffff981dd4aeff0)
218. NOTE: The trap frame does not contain all registers.
219. Some register values may be zeroed or incorrect.
220. rax=ffffd38ec3c68ab0 rbx=0000000000000000 rcx=0000000000000003
221. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
222. rip=fffff8005721aff7 rsp=fffff981dd4af180 rbp=ffff9480c7911180
223. r8=0000000000000001 r9=0000000000000002 r10=ffffd38ea27fe800
224. r11=ffffd38efdae8e00 r12=0000000000000000 r13=0000000000000000
225. r14=0000000000000000 r15=0000000000000000
226. iopl=0 nv up ei pl nz na pe nc
227. nt!KiExitDispatcher+0x1c7:
228. fffff800`5721aff7 cd29 int 29h
229. Resetting default scope
230.  
231. EXCEPTION_RECORD: fffff981dd4aef48 -- (.exr 0xfffff981dd4aef48)
232. ExceptionAddress: fffff8005721aff7 (nt!KiExitDispatcher+0x00000000000001c7)
233. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
234. ExceptionFlags: 00000001
235. NumberParameters: 1
236. Parameter[0]: 0000000000000003
237. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
238.  
239. CUSTOMER_CRASH_COUNT: 1
240.  
241. PROCESS_NAME: System
242.  
243. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
244.  
245. EXCEPTION_CODE_STR: c0000409
246.  
247. EXCEPTION_PARAMETER1: 0000000000000003
248.  
249. EXCEPTION_STR: 0xc0000409
250.  
251. STACK_TEXT:
252. fffff981`dd4aecc8 fffff800`5742ae29 : 00000000`00000139 00000000`00000003 fffff981`dd4aeff0 fffff981`dd4aef48 : nt!KeBugCheckEx
253. fffff981`dd4aecd0 fffff800`5742b3f2 : 00000000`00000000 00000000`00000000 00000000`00000001 00000400`00000000 : nt!KiBugCheckDispatch+0x69
254. fffff981`dd4aee10 fffff800`574290db : 00000000`00000000 00000000`00000000 ffffd38e`b5b495c0 00000000`00000001 : nt!KiFastFailDispatch+0xb2
255. fffff981`dd4aeff0 fffff800`5721aff7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x35b
256. fffff981`dd4af180 fffff800`5723d0fd : ffffd38e`fb6c15e0 00000000`00000000 ffffa60d`3d702260 fffff800`57aaa03e : nt!KiExitDispatcher+0x1c7
257. fffff981`dd4af530 fffff800`6f3a716c : ffffd38e`fb6c1600 ffffd38e`fb6c1638 fffff981`dd4af6c0 00000000`00000000 : nt!KeInsertQueueApc+0x17d
258. fffff981`dd4af5c0 ffffd38e`fb6c1600 : ffffd38e`fb6c1638 fffff981`dd4af6c0 00000000`00000000 00000000`00000000 : BEDaisy+0x4d716c
259. fffff981`dd4af5c8 ffffd38e`fb6c1638 : fffff981`dd4af6c0 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffd38e`fb6c1600
260. fffff981`dd4af5d0 fffff981`dd4af6c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffd38e`fb6c1638
261. fffff981`dd4af5d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff981`dd4af6c0
262.  
263.  
264. SYMBOL_NAME: BEDaisy+4d716c
265.  
266. MODULE_NAME: BEDaisy
267.  
268. IMAGE_NAME: BEDaisy.sys
269.  
270. STACK_COMMAND: .process /r /p 0xffffd38ea26d8040; .thread 0xffffd38eb5b495c0 ; kb
271.  
272. BUCKET_ID_FUNC_OFFSET: 4d716c
273.  
274. FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function
275.  
276. OSPLATFORM_TYPE: x64
277.  
278. OSNAME: Windows 10
279.  
280. FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}
281.  
282. Followup: MachineOwner
283. ---------