none
Daily system BSOD. RRS feed

  • Question

  • Users computers are producing a BSOD whenever they shutdown or reboot their laptops computers. I managed to pull the minidump files from last couple of times. I didn't really seeing any correlating issues other than than something with the logon task. Any assistance in understanding this would be appreciated.

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffd808a5db89d0, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd808a5db8928, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved

    Debugging Details:
    ------------------

    TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  0x139

    PROCESS_NAME:  winlogon.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff8038fe069e9 to fffff8038fdfb0e0

    STACK_TEXT:  
    ffffd808`a5db86a8 fffff803`8fe069e9 : 00000000`00000139 00000000`00000003 ffffd808`a5db89d0 ffffd808`a5db8928 : nt!KeBugCheckEx
    ffffd808`a5db86b0 fffff803`8fe06d50 : ffffd808`a5db8868 ffffc800`bcd0dbc0 00000000`0000002d ffffc800`bcd0dbc0 : nt!KiBugCheckDispatch+0x69
    ffffd808`a5db87f0 fffff803`8fe05d37 : 00000000`00000000 ffff800d`000040f0 00000000`00001e8f ffff8054`6da241f7 : nt!KiFastFailDispatch+0xd0
    ffffd808`a5db89d0 ffff8054`6d9a630f : 00000000`00000001 ffff8054`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf7
    ffffd808`a5db8b60 ffff8054`6da9b7d7 : 00000000`00000000 ffffd808`a5db8c20 00000000`00000000 ffff800d`000ca200 : win32kbase!EngFreeMem+0x9f
    ffffd808`a5db8ba0 ffff8054`6da174c3 : ffff800d`000ca7e8 ffff800d`000ca7e8 ffffd808`a5db8c20 00000000`00000000 : win32kbase!MulDisablePDEV+0x37
    ffffd808`a5db8bd0 ffff8054`6d9cfb12 : ffff800d`000ca200 00000000`00000000 00000000`00000000 ffff800d`00000d90 : win32kbase!vUnreferencePdevWorker+0x263
    ffffd808`a5db8c60 ffff8054`6d9cf69c : 00000000`00000000 ffff9688`039bd460 00000000`00000000 ffff800d`00000000 : win32kbase!PDEVOBJ::vUnreferencePdev+0xe2
    ffffd808`a5db8cb0 ffff8054`6d9cf10c : ffff800d`000ca200 ffff800d`01e07020 00000000`00000000 00000000`00000000 : win32kbase!vDeleteDCInternalWorker+0x55c
    ffffd808`a5db8d30 ffff8054`6d9cee0d : 00000000`0201007e 00000000`0201007e 00000000`00000000 00000000`070505dc : win32kbase!bDeleteDCOBJ+0x2c0
    ffffd808`a5db8da0 ffff8054`6d9d0d83 : 00000000`0000007e 00000000`00000002 00000000`00000000 ffff9688`03baa080 : win32kbase!bDeleteDCInternalEx+0x4d
    ffffd808`a5db8de0 fffff803`8fe06553 : ffff9688`00000000 ffff9688`03baa080 00000000`00000000 00000000`00000000 : win32kbase!NtGdiDeleteObjectApp+0x1f3
    ffffd808`a5db8e40 00007ff9`d56114e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    000000dc`f08fe928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff9`d56114e4


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    win32kbase!EngFreeMem+9f
    ffff8054`6d9a630f cd29            int     29h

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  win32kbase!EngFreeMem+9f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: win32kbase

    IMAGE_NAME:  win32kbase.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  641e5b95

    FAILURE_BUCKET_ID:  X64_0x139_win32kbase!EngFreeMem+9f

    BUCKET_ID:  X64_0x139_win32kbase!EngFreeMem+9f

    Followup: MachineOwner
    ---------

    Monday, December 11, 2017 6:42 PM

All replies

  • Have a look at The Raw Truth - Using Raw Stacks and follow that show the raw stack on dmp file, see if that shows anything.

    Monday, December 11, 2017 6:59 PM
  • Hi,

    Please check if the BSOD also happen when boot into Safe mode and clean boot mode.

    Also, please upload the minidump file directly onto OneDrive and share the link here for our analysis.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 12, 2017 10:08 AM
    Owner