BSOD1

1. *******************************************************************************
2. * *
3. * Bugcheck Analysis *
4. * *
5. *******************************************************************************
6.  
7. KERNEL_SECURITY_CHECK_FAILURE (139)
8. A kernel component has corrupted a critical data structure. The corruption
9. could potentially allow a malicious user to gain control of this machine.
10. Arguments:
11. Arg1: 000000000000001d, Type of memory safety violation
12. Arg2: ffffce8a79daa0d0, Address of the trap frame for the exception that caused the bugcheck
13. Arg3: ffffce8a79daa028, Address of the exception record for the exception that caused the bugcheck
14. Arg4: 0000000000000000, Reserved
15.  
16. Debugging Details:
17. ------------------
18.  
19.  
20. KEY_VALUES_STRING: 1
21.  
22.  
23. PROCESSES_ANALYSIS: 1
24.  
25. STACKHASH_ANALYSIS: 1
26.  
27. TIMELINE_ANALYSIS: 1
28.  
29.  
30. DUMP_CLASS: 1
31.  
32. DUMP_QUALIFIER: 400
33.  
34. BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
35.  
36. DUMP_TYPE: 2
37.  
38. BUGCHECK_P1: 1d
39.  
40. BUGCHECK_P2: ffffce8a79daa0d0
41.  
42. BUGCHECK_P3: ffffce8a79daa028
43.  
44. BUGCHECK_P4: 0
45.  
46. TRAP_FRAME: ffffce8a79daa0d0 -- (.trap 0xffffce8a79daa0d0)
47. NOTE: The trap frame does not contain all registers.
48. Some register values may be zeroed or incorrect.
49. rax=ffffd1866a5f3c00 rbx=0000000000000000 rcx=000000000000001d
50. rdx=ffffd18675b550c0 rsi=0000000000000000 rdi=0000000000000000
51. rip=fffff80338a7cd84 rsp=ffffce8a79daa260 rbp=0000000000000001
52. r8=0000000000000003 r9=0000000000000000 r10=0000000000000000
53. r11=ffffe50000000000 r12=0000000000000000 r13=0000000000000000
54. r14=0000000000000000 r15=0000000000000000
55. iopl=0 nv up ei ng nz na pe cy
56. nt!RtlAvlRemoveNode+0x170af4:
57. fffff803`38a7cd84 cd29 int 29h
58. Resetting default scope
59.  
60. EXCEPTION_RECORD: ffffce8a79daa028 -- (.exr 0xffffce8a79daa028)
61. ExceptionAddress: fffff80338a7cd84 (nt!RtlAvlRemoveNode+0x0000000000170af4)
62. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
63. ExceptionFlags: 00000001
64. NumberParameters: 1
65. Parameter[0]: 000000000000001d
66. Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
67.  
68. CPU_COUNT: 10
69.  
70. CPU_MHZ: e6d
71.  
72. CPU_VENDOR: AuthenticAMD
73.  
74. CPU_FAMILY: 17
75.  
76. CPU_MODEL: 8
77.  
78. CPU_STEPPING: 2
79.  
80. CUSTOMER_CRASH_COUNT: 1
81.  
82. BUGCHECK_STR: 0x139
83.  
84. PROCESS_NAME: svchost.exe
85.  
86. CURRENT_IRQL: 2
87.  
88. DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_BALANCED_TREE
89.  
90. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
91.  
92. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
93.  
94. EXCEPTION_CODE_STR: c0000409
95.  
96. EXCEPTION_PARAMETER1: 000000000000001d
97.  
98. ANALYSIS_SESSION_HOST: DESKTOP-D3Q8Q3F
99.  
100. ANALYSIS_SESSION_TIME: 01-20-2019 17:44:00.0369
101.  
102. ANALYSIS_VERSION: 10.0.18303.1000 amd64fre
103.  
104. LAST_CONTROL_TRANSFER: from fffff80338a5dc69 to fffff80338a4d0a0
105.  
106. STACK_TEXT:
107. ffffce8a`79da9da8 fffff803`38a5dc69 : 00000000`00000139 00000000`0000001d ffffce8a`79daa0d0 ffffce8a`79daa028 : nt!KeBugCheckEx
108. ffffce8a`79da9db0 fffff803`38a5e010 : 00000000`00000001 fffff803`3893af15 ffffbd80`58ddf180 00000000`ffffffff : nt!KiBugCheckDispatch+0x69
109. ffffce8a`79da9ef0 fffff803`38a5c61f : ffffd186`6aa4f700 fffff803`38c77390 00000000`ffffffff fffff803`388d812f : nt!KiFastFailDispatch+0xd0
110. ffffce8a`79daa0d0 fffff803`38a7cd84 : ffffce8a`79daa3b0 fffff803`3893763f ffffd186`00000040 ffffd186`6aa4f700 : nt!KiRaiseSecurityCheckFailure+0x2df
111. ffffce8a`79daa260 fffff803`388da6e3 : ffffce8a`79daa598 ffffd186`786e2680 ffffe572`80000000 ffffd186`6aa4f700 : nt!RtlAvlRemoveNode+0x170af4
112. ffffce8a`79daa2b0 fffff803`3899ce86 : 00000000`0127b77f ffffd186`71e216d0 00000000`00000000 fffff803`388fceeb : nt!MiDeleteVad+0x10c3
113. ffffce8a`79daa5e0 fffff803`38d6af8b : 00000000`00000000 00000000`00000000 ffffd186`769730c0 00000000`00000001 : nt!MiFreeVadRange+0x92
114. ffffce8a`79daa640 fffff803`38d6abdb : ffffd186`6f2c8250 ffffe58c`562d7900 ffffd186`00000002 ffffe58c`562d7900 : nt!MmFreeVirtualMemory+0x37b
115. ffffce8a`79daa770 fffff803`38a5d743 : ffffd186`6aa4f700 00000012`00000000 00000000`00000000 00000000`00000000 : nt!NtFreeVirtualMemory+0x8b
116. ffffce8a`79daa7d0 fffff803`38a50aa0 : fffff803`38d58b7f ffffd186`6aa4f700 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
117. ffffce8a`79daa968 fffff803`38d58b7f : ffffd186`6aa4f700 00000000`00000001 00000000`00000000 ffffd186`6aa4f700 : nt!KiServiceLinkage
118. ffffce8a`79daa970 fffff803`38de8966 : ffffce8a`00000000 00000012`7b77f900 00000012`7b4fc000 fffff803`38a5d743 : nt!PspExitThread+0x39f
119. ffffce8a`79daaa70 fffff803`38de89c6 : 00000000`00000000 00000000`00000000 ffffd186`6aa4f700 fffff803`38d6fe87 : nt!PspTerminateThreadByPointer+0x96
120. ffffce8a`79daaab0 fffff803`38a5d743 : 00000000`00000000 ffffd186`6aa4f700 ffffce8a`79daab80 00000000`c000007a : nt!NtTerminateThread+0x4a
121. ffffce8a`79daab00 00007ffb`6151b404 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
122. 00000012`7b77f9c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`6151b404
123.  
124.  
125. THREAD_SHA1_HASH_MOD_FUNC: 8b955dd2fda45afce02af097fe4b162f6cb783df
126.  
127. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5a2d0bafc8220e5d8a7019d8be1f33505a20167d
128.  
129. THREAD_SHA1_HASH_MOD: 38bc5fec3f0409c265cf5c87da6f8f8859d0711c
130.  
131. FOLLOWUP_IP:
132. nt!KiFastFailDispatch+d0
133. fffff803`38a5e010 c644242000 mov byte ptr [rsp+20h],0
134.  
135. FAULT_INSTR_CODE: 202444c6
136.  
137. SYMBOL_STACK_INDEX: 2
138.  
139. SYMBOL_NAME: nt!KiFastFailDispatch+d0
140.  
141. FOLLOWUP_NAME: MachineOwner
142.  
143. MODULE_NAME: nt
144.  
145. IMAGE_NAME: ntkrnlmp.exe
146.  
147. DEBUG_FLR_IMAGE_TIMESTAMP: 5c2b0c3d
148.  
149. IMAGE_VERSION: 10.0.17134.523
150.  
151. STACK_COMMAND: .thread ; .cxr ; kb
152.  
153. BUCKET_ID_FUNC_OFFSET: d0
154.  
155. FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
156.  
157. BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
158.  
159. PRIMARY_PROBLEM_CLASS: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
160.  
161. TARGET_TIME: 2019-01-18T09:24:25.000Z
162.  
163. OSBUILD: 17134
164.  
165. OSSERVICEPACK: 523
166.  
167. SERVICEPACK_NUMBER: 0
168.  
169. OS_REVISION: 0
170.  
171. SUITE_MASK: 272
172.  
173. PRODUCT_TYPE: 1
174.  
175. OSPLATFORM_TYPE: x64
176.  
177. OSNAME: Windows 10
178.  
179. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
180.  
181. OS_LOCALE:
182.  
183. USER_LCID: 0
184.  
185. OSBUILD_TIMESTAMP: 2018-12-31 22:44:13
186.  
187. BUILDDATESTAMP_STR: 180410-1804
188.  
189. BUILDLAB_STR: rs4_release
190.  
191. BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
192.  
193. ANALYSIS_SESSION_ELAPSED_TIME: 1fc8
194.  
195. ANALYSIS_SOURCE: KM
196.  
197. FAILURE_ID_HASH_STRING: km:0x139_1d_invalid_balanced_tree_nt!kifastfaildispatch
198.  
199. FAILURE_ID_HASH: {67ec97ad-ad0b-071e-ab87-6dc661e22d1b}
200.  
201. Followup: MachineOwner
202. ---------