Computer BSoDs while playing certain games.

Question

For a couple of weeks now, I've been getting BSoDs while playing some games and I can't seem to figure it out on my own. I have tried a couple of things to try and fix the issue but with no success, the reason for crashing has changed though, so either I fixed one issue, or my attempts to fix it caused this as a new issue.

I have tried updating drivers, reinstalling drivers, checking for corrupted data, checking storage integrity, but after trying a few various methods, my computer ended up crashing completely and would not restart and had to restore. Sadly this did not stop the BSoDs, however it is giving a different crash now, though it still crashes from the same things, playing a video game.

It has crashed from the following games: War Thunder (while in a game, not in the lobby), MechWarrior Online, Deep Rock Galactic, Elder Scrolls Online, Darktide, and Back 4 Blood.
It has *not* crashed from playing games like modded Minecraft, Risk of Rain 2, or Final Fantasy 14.

Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (6 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff80740800000 PsLoadedModuleList = 0xfffff8074142a2b0 Debug session time: Thu Apr 27 14:13:47.504 2023 (UTC - 5:00) System Uptime: 0 days 12:05:11.158 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ .... Loading User Symbols PEB is paged out (Peb.Ldr = 0000004f9092f018). Type ".hh dbgerr001" for details Loading unloaded module list ..................... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff80740bfbca0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff808b`e9647800=0000000000000139 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: ffff808be9647b20, Address of the trap frame for the exception that caused the BugCheck Arg3: ffff808be9647a78, Address of the exception record for the exception that caused the BugCheck Arg4: 0000000000000000, Reserved

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 2296

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 2443

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 0

Key  : Analysis.IO.Write.Mb
Value: 0

Key  : Analysis.Init.CPU.mSec
Value: 468

Key  : Analysis.Init.Elapsed.mSec
Value: 2163

Key  : Analysis.Memory.CommitPeak.Mb
Value: 89

Key  : Bugcheck.Code.DumpHeader
Value: 0x139

Key  : Bugcheck.Code.KiBugCheckData
Value: 0x139

Key  : Bugcheck.Code.Register
Value: 0x139

Key  : FailFast.Name
Value: CORRUPT\_LIST\_ENTRY

Key  : FailFast.Type
Value: 3

Key  : WER.OS.Branch
Value: vb\_release

Key  : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key  : WER.OS.Version
Value: 10.0.19041.1

FILE_IN_CAB: MEMORY.DMP

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: ffff808be9647b20

BUGCHECK_P3: ffff808be9647a78

BUGCHECK_P4: 0

TRAP_FRAME: ffff808be9647b20 -- (.trap 0xffff808be9647b20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff80739c30208 rbx=0000000000000000 rcx=0000000000000003 rdx=ffffc108ecfbd550 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80740c468db rsp=ffff808be9647cb0 rbp=00000000000000aa r8=0000000000000001 r9=ffff808be9647da8 r10=fffff80739c2cac0 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc nt!KiRemoveEntryTimer+0x1bb18b: fffff807`40c468db cd29 int 29h Resetting default scope

EXCEPTION_RECORD: ffff808be9647a78 -- (.exr 0xffff808be9647a78) ExceptionAddress: fffff80740c468db (nt!KiRemoveEntryTimer+0x00000000001bb18b) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000003 Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: WmiPrvSE.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

DPC_STACK_BASE: FFFF808BE9647FB0

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
ffff808be96477f8 fffff80740c0fd29 : 0000000000000139 0000000000000003 ffff808be9647b20 ffff808be9647a78 : nt!KeBugCheckEx ffff808be9647800 fffff80740c10290 : 0000000000000000 0000000000000000 0000000000000000 fffff80741423af0 : nt!KiBugCheckDispatch+0x69 ffff808be9647940 fffff80740c0e25d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiFastFailDispatch+0xd0 ffff808be9647b20 fffff80740c468db : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiRaiseSecurityCheckFailure+0x31d ffff808be9647cb0 fffff80740a8adaa : ffffd801a1de8180 616f6c6600000000 0000000000000008 ffff808be9647da8 : nt!KiRemoveEntryTimer+0x1bb18b ffff808be9647d20 fffff80740c04195 : 6974736974617453 ffffd801a1de8180 ffffc108e54d1200 ffffc108e74fe100 : nt!KiRetireDpcList+0x73a ffff808be9647fb0 fffff80740c03f80 : ffffc109006506d0 fffff80740af5f5a ffffc10900650080 ffff8284636c11b8 : nt!KxRetireDpcList+0x5 ffff808beb6aedd0 fffff80740c03705 : ffffc108e74fe100 fffff80740bfe481 ffffc108fbb09a20 0000000000000000 : nt!KiDispatchInterruptContinue ffff808beb6aee00 fffff80740bfe481 : ffffc108fbb09a20 0000000000000000 ffff8284636c1170 fffff80740a200dd : nt!KiDpcInterruptBypass+0x25 ffff808beb6aee10 fffff80740a02f8e : fffff8073c936324 ffffc108fbb09a20 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLockNoEtw+0xb1 ffff808beb6aefa8 fffff8073c936324 : ffffc108fbb09a20 0000000000000000 0000000000000000 0000000000000000 : nt!ExAcquireRundownProtectionCacheAwareEx+0x1e ffff808beb6aefb0 fffff8073c935f7a : ffff808beb6af100 0000000000000012 ffffc108f3724600 0000000000000000 : FLTMGR!FltpPerformPreCallbacksWorker+0x1c4 ffff808beb6af0d0 fffff8073c935021 : ffff808beb6b0000 ffff808beb6a9000 ffffc109008a5520 ffff808beb6af1e0 : FLTMGR!FltpPassThroughInternal+0xca ffff808beb6af120 fffff8073c934a2b : fffffffffffe7960 0000000000000000 0000000000000000 0000000000000000 : FLTMGR!FltpPassThrough+0x541 ffff808beb6af1b0 fffff80740a11385 : ffffc108f3724650 fffff80740a1124d ffff808beb6af7a0 ffffc108f3724650 : FLTMGR!FltpDispatch+0x8b ffff808beb6af210 fffff80740e0e827 : 0000000000000000 ffffc108f3724650 0000000000000000 0000000000040040 : nt!IofCallDriver+0x55 ffff808beb6af250 fffff80740e001d5 : ffffc108f3724650 0000000000000000 0000000000000000 fffff8073c967270 : nt!IopCloseFile+0x177 ffff808beb6af2e0 fffff80740e1501e : ffffc108e7ab38f0 fffff8073c967270 ffffc10900866b00 ffffc10900866b01 : nt!IopParseDevice+0x1e05 ffff808beb6af450 fffff80740e0ccea : ffffc10900866b00 ffff808beb6af6b8 ffffc10900000040 ffffc108e55f00c0 : nt!ObpLookupObjectName+0x3fe ffff808beb6af620 fffff80740dfb155 : ffff808b00000000 0000004f90cfb970 0000004f90cfbf00 0000004f90cfb940 : nt!ObOpenObjectByNameEx+0x1fa ffff808beb6af750 fffff80740c0f4f5 : ffffc10900650080 00000000ffffffff ffffc10900650080 000001e8dd6666f0 : nt!NtQueryAttributesFile+0x1c5 ffff808beb6afa00 00007ffc9c68d804 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25 0000004f90cfb8c8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffc`9c68d804

SYMBOL_NAME: nt!KiRemoveEntryTimer+1bb18b

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 1bb18b

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiRemoveEntryTimer

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {5cf1a79f-75db-1c81-82ec-116a11522249}

Followup: MachineOwner

Answer 1

Screenshot

Answer 2

Thanks for the input. Let's try reinstalling the sound drivers in your device. Can you share your system info, please?

1. On your keyboard, press Windows + R
2. Type: msinfo32 (Press Enter)
3. Take a screenshot of the System Information, please make sure to get the System Model, Baseboard Manufacturer, Baseboard Product, and BIO Version/Date.
4. Then upload it here by dragging and dropping the image to your reply

Thank you.

Answer 3

Following the crash, the computer brought up a command screen without any prompts or info, just an underscore at the to left. After waiting and restarting the PC, it booted up fine but while trying to send the above reply, an error came up on screen but was partially transparent, as the PC crashed during the error appearing.

The audio crash occurred while playing Mechwarrior Online

Answer 4

Completely reinstalled Graphics card, new crash, this time audio related?

Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`5de00000 PsLoadedModuleList = 0xfffff807`5ea2a2b0
Debug session time: Fri Apr 28 13:14:14.727 2023 (UTC - 5:00)
System Uptime: 0 days 0:26:25.381
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..
Loading User Symbols

Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`5e1fbca0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff807`61e752d0=000000000000000a
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000000a0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8075e0185b7, address which referenced memory

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2061

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 2187

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 1390

    Key  : Analysis.Init.Elapsed.mSec
    Value: 2963

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 94

    Key  : Bugcheck.Code.DumpHeader
    Value: 0xa

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0xa

    Key  : Bugcheck.Code.Register
    Value: 0xa

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  a

BUGCHECK_P1: a0

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8075e0185b7

READ_ADDRESS:  00000000000000a0 

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  System

TRAP_FRAME:  fffff80761e75410 -- (.trap 0xfffff80761e75410)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=00000000000000a0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8075e0185b7 rsp=fffff80761e755a0 rbp=fffff80758083180
 r8=0000000000000001  r9=0000000000000000 r10=fffff8075e019280
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!KiTryUnwaitThread+0x1f7:
fffff807`5e0185b7 0fb601          movzx   eax,byte ptr [rcx] ds:00000000`000000a0=??
Resetting default scope

STACK_TEXT:  
fffff807`61e752c8 fffff807`5e20fd29     : 00000000`0000000a 00000000`000000a0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff807`61e752d0 fffff807`5e20b8e3     : 00000000`00000000 fffff807`00000000 000043f0`3d9aefd8 ffffbc0f`00000000 : nt!KiBugCheckDispatch+0x69
fffff807`61e75410 fffff807`5e0185b7     : 00000000`00018c58 fffff807`61e75640 00000003`b10cec00 ffff6dc0`3b833cb4 : nt!KiPageFault+0x463
fffff807`61e755a0 fffff807`5e0193d8     : ffffbc0f`c8506ce0 00000003`00000000 fffff807`58083180 00000000`00000000 : nt!KiTryUnwaitThread+0x1f7
fffff807`61e75600 fffff807`84891187     : 00000000`00000000 fffff807`61e756f9 ffffbc0f`c0cff7b0 ffffbc0f`c88781f0 : nt!KeSetEvent+0x158
fffff807`61e75690 fffff807`5e08b57e     : fffff807`58086240 fffff807`61e75a20 00000000`00000004 fffff807`58083180 : HDAudBus!HdaController::NotificationDpc+0x177
fffff807`61e75760 fffff807`5e08a864     : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`00000000 : nt!KiExecuteAllDpcs+0x30e
fffff807`61e758d0 fffff807`5e20059e     : 00000000`00000000 fffff807`58083180 fffff807`5eb27a00 ffffbc0f`c95e3080 : nt!KiRetireDpcList+0x1f4
fffff807`61e75b60 00000000`00000000     : fffff807`61e76000 fffff807`61e6f000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e

SYMBOL_NAME:  HDAudBus!HdaController::NotificationDpc+177

MODULE_NAME: HDAudBus

IMAGE_NAME:  HDAudBus.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  177

FAILURE_BUCKET_ID:  AV_HDAudBus!HdaController::NotificationDpc

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {32c7137d-a258-e877-1caa-fe3137a7b6c2}

Followup:     MachineOwner
---------

Answer 5

Hi there! I hope you are well. My name is, Zadee. Sorry to hear about your experience. I'll try my best to help you today.

Ntkrnlmp.exe works with a lot of components in your device including your GPU and I am thinking this one may have something to do with your GPU. Please try completely uninstalling your GPU driver using DDU. You can use the article below as your guide.

https://www.guru3d.com/files-details/display-dr...

Once the GPU driver is completely uninstalled, please download the driver again from the device manufacturer's site and reinstall. Then see if that stops the BSOD.

Let me know how that goes. Thank you.

__________________________________________

STANDARD 3RD PARTY WEBSITE DISCLAIMER:

This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.