Share via

BSOD please help

Anonymous
2021-07-24T12:50:11+00:00

Hi guys, i have a problem where my laptop crashes and freezes sometimes, freezing usually occurs when using chrome but that's not what i'm here about, i recently retreived MEMORY.DMP file after BSOD, i think this can help analyze errors going on recently, specifically after installing update 20h2 and 21h1.

here it is:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff68227a450f0, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff68227a45048, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

P.S: there was huge amounts of text here but i can't write them down so here is one of them.
Page 6c46a not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 7421

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 7584

    Key  : Analysis.Init.CPU.mSec
    Value: 827

    Key  : Analysis.Init.Elapsed.mSec
    Value: 4725

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 88

    Key  : FailFast.Name
    Value: CORRUPT_LIST_ENTRY

    Key  : FailFast.Type
    Value: 3

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  139

BUGCHECK_P1: 3

BUGCHECK_P2: fffff68227a450f0

BUGCHECK_P3: fffff68227a45048

BUGCHECK_P4: 0

TRAP_FRAME:  fffff68227a450f0 -- (.trap 0xfffff68227a450f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffb4f82e9b9a8 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd80f150b1d30 rsi=0000000000000000 rdi=0000000000000000
rip=fffffb3af48a8be0 rsp=fffff68227a45280 rbp=fffff68227a452f9
 r8=fffff68227a45268  r9=0000000000000000 r10=fffff8005bd2eeb0
r11=ffffb07890000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
cdd!CddBitmap::RemoveFromCddBitmapList+0x80:
fffffb3a`f48a8be0 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  fffff68227a45048 -- (.exr 0xfffff68227a45048)
ExceptionAddress: fffffb3af48a8be0 (cdd!CddBitmap::RemoveFromCddBitmapList+0x0000000000000080)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY 

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  TheForest.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

EXCEPTION_STR:  0xc0000409

STACK_TEXT:  
fffff682`27a44dc8 fffff800`5be08e69     : 00000000`00000139 00000000`00000003 fffff682`27a450f0 fffff682`27a45048 : nt!KeBugCheckEx
fffff682`27a44dd0 fffff800`5be09290     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff682`27a44f10 fffff800`5be07623     : fffff682`27a45108 1a000001`29277863 fffff682`27a45260 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff682`27a450f0 fffffb3a`f48a8be0     : fffffb4f`82e9b920 00000000`00000000 fffffb4f`858652c0 fffff800`5bd27aca : nt!KiRaiseSecurityCheckFailure+0x323
fffff682`27a45280 fffffb3a`f48a7a52     : fffffb4f`82e9b920 fffffb4f`82afe000 fffff800`5bd27ab0 fffffb3a`f4269382 : cdd!CddBitmap::RemoveFromCddBitmapList+0x80
fffff682`27a452b0 fffffb3a`f48b092d     : 00000000`00000003 fffffb4f`82e9b920 00000000`00000001 00000000`00000001 : cdd!CddBitmapHw::Release+0x72
fffff682`27a45360 fffffb3a`f42c2c66     : fffffb4f`80911000 fffffb4f`858652c0 fffffb4f`00000001 00000000`00000aa5 : cdd!DrvDeleteDeviceBitmapEx+0x7d
fffff682`27a45390 fffffb3a`f42ce710     : fffff682`00000000 fffff682`27a455e8 00000000`00000000 00000000`00000000 : win32kbase!SURFACE::bDeleteSurface+0x3f6
fffff682`27a45550 fffffb3a`f42cfea4     : ffffffff`a3050aa5 fffff682`27a455d0 00000000`00000002 00000000`00000002 : win32kbase!SURFREF::bDeleteSurface+0x14
fffff682`27a45580 fffffb3a`f42323af     : 00000000`00000aa5 fffffb4f`858652c0 00000000`00000000 fffffb4f`80a0ff78 : win32kbase!vGarbageCollectObject<SURFREFGC>+0xa4
fffff682`27a455e0 fffffb3a`f4231e5d     : 00000000`00001768 ffffd80f`149f1205 ffffffff`a3050aa5 fffffb3a`f42842c2 : win32kbase!NtGdiCloseProcess+0x1d3
fffff682`27a45650 fffffb3a`f4508a17     : fffffb4f`8068a010 fffffb3a`f45c70d1 fffffb4f`8068a010 00000000`00000001 : win32kbase!GdiProcessCallout+0x6d
fffff682`27a456d0 fffffb3a`f4242ae8     : 00000000`00000000 00000000`c000001c fffff682`27a45a38 fffff800`5bc07d6b : win32kfull!W32pProcessCallout+0x107
fffff682`27a45710 fffffb3a`f4bf10d0     : 00000000`c000001c fffff682`27a459d0 00000000`00000000 fffff682`27a45a38 : win32kbase!W32CalloutDispatch+0x488
fffff682`27a45920 fffff800`5c002525     : 00000000`00000000 fffff800`5c61de30 ffffd80f`0aee5100 00000000`00000000 : win32k!W32CalloutDispatchThunk+0x30
fffff682`27a45960 fffff800`5c0b0668     : ffffd80f`0f2ecde0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PsInvokeWin32Callout+0x55
fffff682`27a45990 fffff800`5c0b3bbe     : ffffd80f`00000000 00000000`00000001 00000000`02916150 00000000`00000000 : nt!PspExitThread+0x598
fffff682`27a45a90 fffff800`5be088b8     : ffffd80f`149f12c0 ffffd80f`10c0f080 fffff682`27a45b80 ffffd80f`149f12c0 : nt!NtTerminateProcess+0xde
fffff682`27a45b00 00007ffa`4d74d3a4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`00b1f9e8 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`4d74d3a4

SYMBOL_NAME:  cdd!CddBitmap::RemoveFromCddBitmapList+80

MODULE_NAME: cdd

IMAGE_NAME:  cdd.dll

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  80

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_cdd!CddBitmap::RemoveFromCddBitmapList

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {a1c0d964-903d-625e-6a5d-948bd2e59450}

Followup:     MachineOwner
Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-08-03T21:01:09+00:00

    no, it was first time when it crashed right after i shut down theforest

    Was this answer helpful?

    0 comments
  2. Sakiko 39,240 Reputation points Independent Advisor
    2021-07-24T13:40:41+00:00

    Hello, I'm independent advisor A&K. I'm glad to be able to help you.

    Your dump shows that there is a problem when playing The Forest. Do you have any problems when playing other games?

    I will keep following up until the problem is solved. My English is not good. If you don't understand my words, please let me know.

    Was this answer helpful?

    0 comments