Hi BTyssen,
Okay, you mention you have RAM manually set to 3600Mhz, is there an auto setting in BIOS, rather than using the manual setting?
BSOD - ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
I've been struggling with BSODs with my computer now for a few weeks. The majority of the dump files lead to the error being a SYSTEM SERVICE EXCEPTION with the file path being: C:\Windows\system32\ntoskrnl.exe.
These BSODs don't happen when gaming but more when I am being intensive on either the CPU or RAM.
I have been getting a few Minidumps and analysing them but today was the first time a MEMORY.DMP was created in C:\Windows\
As Follows:
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (24 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff80243800000 PsLoadedModuleList = 0xfffff8024442a230
Debug session time: Fri Jun 11 19:01:02.567 2021 (UTC + 1:00)
System Uptime: 0 days 1:38:56.169
Loading Kernel Symbols
...............................................................
..........Page 29008d not present in the dump file. Type ".hh dbgerr004" for details
......................................................
................................................................
...........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`011a3018). Type ".hh dbgerr001" for details
Loading unloaded module list
......................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffc480eb66ede0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffc480eb66ed38, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 2
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BRADPC
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 7
Key : Analysis.Memory.CommitPeak.Mb
Value: 130
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffc480eb66ede0
BUGCHECK_P3: ffffc480eb66ed38
BUGCHECK_P4: 0
TRAP_FRAME: ffffc480eb66ede0 -- (.trap 0xffffc480eb66ede0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc600aecb7930 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffc600aee27e30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80243fdfefb rsp=ffffc480eb66ef70 rbp=ffffc600aef32170
r8=ffffc480eb66ef88 r9=0000000000000000 r10=0000000000000000
r11=000000000000007d r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!CmpPerformSingleKcbCacheLookup+0x1eef9b:
fffff802`43fdfefb cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffc480eb66ed38 -- (.exr 0xffffc480eb66ed38)
ExceptionAddress: fffff80243fdfefb (nt!CmpPerformSingleKcbCacheLookup+0x00000000001eef9b)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: explorer.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffc480eb66eab8 fffff80243c08b69 : 0000000000000139 0000000000000003 ffffc480eb66ede0 ffffc480eb66ed38 : nt!KeBugCheckEx
ffffc480eb66eac0 fffff80243c08f90 : 0000000000000000 ffffc480eb66ee28 0000000000000000 0000000000000001 : nt!KiBugCheckDispatch+0x69
ffffc480eb66ec00 fffff80243c07323 : ffffc480eb66ee40 0000000000000100 0000000e00000101 0000000100000000 : nt!KiFastFailDispatch+0xd0
ffffc480eb66ede0 fffff80243fdfefb : 00000000bd15da6a ffffc600aef32170 ffffc600ab004240 ffffc60000000000 : nt!KiRaiseSecurityCheckFailure+0x323
ffffc480eb66ef70 fffff80243def067 : ffffc600aaf82d20 ffffc600a27ade30 ffffc480eb66f190 fffff80200000006 : nt!CmpPerformSingleKcbCacheLookup+0x1eef9b
ffffc480eb66f000 fffff80243def4aa : 0000000000000002 ffffc480eb66f100 ffffc48000000006 0000000000000000 : nt!CmpPerformCompleteKcbCacheLookup+0x77
ffffc480eb66f090 fffff80243dee303 : ffffc6000000001c ffffc480eb66f3e0 ffffc480eb66f398 ffffa18b4e8c2a20 : nt!CmpDoParseKey+0x2da
ffffc480eb66f330 fffff80243df23ce : fffff80243dee001 0000000000000000 ffffa18b4e8c2a20 0000000000000001 : nt!CmpParseKey+0x2c3
ffffc480eb66f4d0 fffff80243f014aa : ffffa18b4e8c2a00 ffffc480eb66f738 0000000000000040 ffffa18b3718c900 : nt!ObpLookupObjectName+0x3fe
ffffc480eb66f6a0 fffff80243f0128c : 0000000000000000 0000000000000000 0000000000000000 ffffa18b3718c900 : nt!ObOpenObjectByNameEx+0x1fa
ffffc480eb66f7d0 fffff80243f00db1 : 000000000c67e3e0 ffffc480eb66fb40 0000000000000001 fffff80243a0827e : nt!ObOpenObjectByName+0x5c
ffffc480eb66f820 fffff80243f00adf : ffffa18b46adf080 000000000000000c 0000000000000001 00000000013c11d0 : nt!CmOpenKey+0x2c1
ffffc480eb66fa80 fffff80243c085b8 : ffffa18b46adf000 ffffa18b00000001 ffffc480eb66fad8 0000000000000000 : nt!NtOpenKeyEx+0xf
ffffc480eb66fac0 00007ffc5e20f214 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x28
000000000c67e298 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffc`5e20f214
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
I've done majority of the simple things found on the internet. Was told to clean GPU Drivers and reinstall, run SFC, use MEMTEST for the RAM.
I am happy to share any Minidump/DMP files needed for further analysis and any help is greatly appreciated. Thank you!
Windows for home | Windows 10 | Performance and system failures
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
11 answers
Sort by: Most helpful
-
Anonymous
2021-06-19T12:34:47+00:00 Hi again Dave,
I used the Driver Verifier and followed the instructions in the link you said.
I shut the PC down and then booted it back up. It passed BIOS fine and soon as it was booting into windows it would BSOD immediately. It did this 2 times and then on the 3rd went into the Advanced Recovery options where I booted into safe mode and reset the Driver Verifier settings and rebooted back into Windows normally.
There was no update to any of the Minidumps nor the large MEMORY.DMP in C:\Windows
On the blue screen there was the error which was "DRIVER_VERIFIER_DETECTED_VIOLATION" and that was all.
I had used the Driver Verifier earlier this month and got a similar stop code being "DRIVER_VERIFIER_IOMANGER_VIOLATION" and What Failed being "wdf01000.sys"
EDIT: Also to mention a few months back I was having a lot more frequent BSOD's when I had XMP turned on in the BIOS. I turned the XMP profile off and this has reduced now the BSODs to 1 every day/every other day. I have the RAM manually set to 3600mhz in the BIOS as this is what the speed of the RAM is.
-
DaveM121 868K Reputation points Independent Advisor2021-06-19T09:36:39+00:00 Hi BTyssen
Your minidump files just indicate memory (RAM) corruption no specific driver is listed
All drivers and BIOS on your MAG X570 TOMAHAWK WIFI (MS-7C84) are fully up to date, and you have already run a full 4 pass scan with MemTest86, so we can rule out RAM errors.
To try to force Windows 10 show any faulting drivers, the best option would be to turn on Driver Verifier, let your PC crash 3 times, then you must turn off Driver Verifier, and finally, upload any newly created minidump files
-
Anonymous
2021-06-19T09:21:51+00:00 Hi Dave,
Thank you for the fast response.
Here are the current minidump files that are in \Minidump
https://www.dropbox.com/s/c9vucsg3sxl0743/MDs.zip?dl=0
Thanks
-
DaveM121 868K Reputation points Independent Advisor
2021-06-19T08:06:41+00:00 Hi BTyssen,
I am Dave, an Independent Advisor, I will help you with this.
Please upload any minidump files you have, I will check those to see if they provide any insight into a potential cause of the system crashes.
Open Windows File Explorer.
Navigate to C:\Windows\Minidump
Copy any minidump files onto your Desktop, then zip those up.
Upload the zip file to the Cloud (OneDrive, DropBox... etc.), then choose to share those and get a share link.
Then post the link here to the zip file, so we can take a look for you.