Share via

Windows 10 BSOD

Rotting Sniper 1 Reputation point
2021-02-19T01:07:48.983+00:00

Had my 1st BSOD the other day no clue what caused it but this is what the log says Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (16 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff80214400000 PsLoadedModuleList = 0xfffff8021502a390 Debug session time: Thu Feb 18 18:37:12.761 2021 (UTC - 6:00) System Uptime: 0 days 6:54:35.390 Loading Kernel Symbols ............................................................... .Page 634f8e not present in the dump file. Type ".hh dbgerr004" for details ............................................................... ................................................................ ........ Loading User Symbols Loading unloaded module list ................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff802147f5a80 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff9020158ef60=0000000000000139 10: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: fffff9020158f280, Address of the trap frame for the exception that caused the bugcheck Arg3: fffff9020158f1d8, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2327 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on LEGION Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 2484 Key : Analysis.Memory.CommitPeak.Mb Value: 81 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 BUGCHECK_CODE: 139 BUGCHECK_P1: 3 BUGCHECK_P2: fffff9020158f280 BUGCHECK_P3: fffff9020158f1d8 BUGCHECK_P4: 0 TRAP_FRAME: fffff9020158f280 -- (.trap 0xfffff9020158f280) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffe00b3a973690 rbx=0000000000000000 rcx=0000000000000003 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8021464a8fd rsp=fffff9020158f410 rbp=ffffe00b3a974040 r8=0000000000000001 r9=0000000000000002 r10=ffffe00b2f8f4300 r11=ffffac004210a180 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe cy nt!KiExitDispatcher+0x1ad: fffff8021464a8fd cd29 int 29h Resetting default scope EXCEPTION_RECORD: fffff9020158f1d8 -- (.exr 0xfffff9020158f1d8) ExceptionAddress: fffff8021464a8fd (nt!KiExitDispatcher+0x00000000000001ad) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000003 Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 0000000000000003 EXCEPTION_STR: 0xc0000409 STACK_TEXT: fffff9020158ef58 fffff80214807a69 : 0000000000000139 0000000000000003 fffff9020158f280 fffff9020158f1d8 : nt!KeBugCheckEx fffff9020158ef60 fffff80214807e90 : 0000000000000000 fffff802146e8fe0 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69 fffff9020158f0a0 fffff80214806223 : 000000000000ffff 0000000000000000 0000000000000000 5555555555555555 : nt!KiFastFailDispatch+0xd0 fffff9020158f280 fffff8021464a8fd : 0000000000000000 fffff9020158f4c1 ffffe00b3f2d0000 fffff80214664623 : nt!KiRaiseSecurityCheckFailure+0x323 fffff9020158f410 fffff80214757681 : ffffac004210a180 0000000000000000 ffffac004210a101 fffff80214db1094 : nt!KiExitDispatcher+0x1ad fffff9020158f480 fffff80268de207a : 0000000000000200 ffffe00b41804738 ffffce83b6948660 0000000000000002 : nt!KeInsertQueueApc+0x151 fffff9020158f520 fffff80268ddcebd : fffff80268ac61d8 0000000000000000 000000000000ff00 ffffce83d895f770 : BEDaisy+0x33207a fffff9020158f790 fffff80268ddfff1 : 000000000000000a fffff80268ab4c01 0000000000000004 0000000000000000 : BEDaisy+0x32cebd fffff9020158f8e0 fffff80214717e25 : ffffe00b3f2d0040 fffff80268ab4cb0 0000000000000000 0000000000000001 : BEDaisy+0x32fff1 fffff9020158fb10 fffff802147fd0d8 : ffffac0041f9d180 ffffe00b3f2d0040 fffff80214717dd0 0000000000000000 : nt!PspSystemThreadStartup+0x55 fffff9020158fb60 0000000000000000 : fffff90201590000 fffff90201589000 0000000000000000 00000000`00000000 : nt!KiStartSystemThread+0x28 SYMBOL_NAME: BEDaisy+33207a MODULE_NAME: BEDaisy IMAGE_NAME: BEDaisy.sys STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 33207a FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8} Followup: MachineOwner ---------

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. cheong00 3,486 Reputation points Volunteer Moderator
    2021-02-19T01:26:50.42+00:00

    ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

    Either some of your driver or service running in kernel mode have critical bug, or someone outside tries to hack your computer if the process is externally facing service such as file shares. Since the process name is "System" which all drivers and asynchronous I/O is assigned to I can't really tell. The module name "BEDaisy.sys" is there but sometimes it's just scapegoat that the overrun goes into...

    A brief search found quite some others faces hang related to BEDaisy.sys too. Maybe you should check whatever game vendor that uses "Battle eye anticheat driver" provides update to fix the problem, or whether the steps here helps.

    0 comments
  2. Carl Fan 6,881 Reputation points
    2021-02-19T09:48:24.513+00:00

    Hi,
    The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    It could be related to BEDaisy.sys. If you installed the Battle software, please uninstall or update it to new version to check.
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.