- Apr 5, 2020
- 5
- 0
- 10
Hi all.
Just had a few issues crop up with my gaming desktop as of the past two days and needed some assistance. No prior issues, but today my computer blue screened randomly while playing FFXIV. The audio got super distorted and loud when this happened as well and didnt stop until the computer rebooted. Kind of a loud robotic screech. The error code was "Kernal Security Check Failure". Yesterday I blue screened as well but received "Attempted_Execute_Of"NoExecute" instead. My drivers are up to date, I have ran a virus scan which did not detect any problems. Memory check passed and I've done an sfc /scannow.
Any ideas as to what could be causing this? Below is the .dmp file from todays Kernal BSOD. Curious if anyone is able to translate what may be the issue. I really appreciate any help!
Here are my specs below:Windows 10, AMD Ryzen 7 2700 Eight Core Processor, 16 GB RAM
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
buffer overrun.
Arg2: fffff885ad9f3940, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff885ad9f3898, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 8
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-RMT3JMH
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 18
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 2
BUGCHECK_P2: fffff885ad9f3940
BUGCHECK_P3: fffff885ad9f3898
BUGCHECK_P4: 0
TRAP_FRAME: fffff885ad9f3940 -- (.trap 0xfffff885ad9f3940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000002
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8003bb76b25 rsp=fffff885ad9f3ad0 rbp=fffff885ad9f3be0
r8=0000000000000000 r9=fffff885ad9f3cf0 r10=fffff80039645fe0
r11=ffffbf044ec1ea20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
iorate!_report_gsfailure+0x5:
fffff800
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
fffff885
SYMBOL_NAME: iorate!_report_gsfailure+5
MODULE_NAME: iorate
IMAGE_NAME: iorate.sys
IMAGE_VERSION: 10.0.18362.1049
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_iorate!_report_gsfailure
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {92482ef2-f7ba-6610-7b12-052c61b25c00}
Followup: MachineOwner
Just had a few issues crop up with my gaming desktop as of the past two days and needed some assistance. No prior issues, but today my computer blue screened randomly while playing FFXIV. The audio got super distorted and loud when this happened as well and didnt stop until the computer rebooted. Kind of a loud robotic screech. The error code was "Kernal Security Check Failure". Yesterday I blue screened as well but received "Attempted_Execute_Of"NoExecute" instead. My drivers are up to date, I have ran a virus scan which did not detect any problems. Memory check passed and I've done an sfc /scannow.
Any ideas as to what could be causing this? Below is the .dmp file from todays Kernal BSOD. Curious if anyone is able to translate what may be the issue. I really appreciate any help!
Here are my specs below:Windows 10, AMD Ryzen 7 2700 Eight Core Processor, 16 GB RAM
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
buffer overrun.
Arg2: fffff885ad9f3940, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff885ad9f3898, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
Unable to read KTHREAD address fffff80039b914b8
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 8
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-RMT3JMH
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 18
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 2
BUGCHECK_P2: fffff885ad9f3940
BUGCHECK_P3: fffff885ad9f3898
BUGCHECK_P4: 0
TRAP_FRAME: fffff885ad9f3940 -- (.trap 0xfffff885ad9f3940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000002
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8003bb76b25 rsp=fffff885ad9f3ad0 rbp=fffff885ad9f3be0
r8=0000000000000000 r9=fffff885ad9f3cf0 r10=fffff80039645fe0
r11=ffffbf044ec1ea20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
iorate!_report_gsfailure+0x5:
fffff800
3bb76b25 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff885ad9f3898 -- (.exr 0xfffff885ad9f3898)
ExceptionAddress: fffff8003bb76b25 (iorate!_report_gsfailure+0x0000000000000005)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000002
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
WATSON_BKT_EVENT: BEX
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000002
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff885ad9f3618 fffff800397d41e9 : 0000000000000139 0000000000000002 fffff885ad9f3940 fffff885ad9f3898 : nt!KeBugCheckEx
fffff885ad9f3620 fffff800397d4610 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69
fffff885ad9f3760 fffff800397d29a5 : 0000000000000000 0000000000000001 0000004400000000 ffff990b8dc130b0 : nt!KiFastFailDispatch+0xd0
fffff885ad9f3940 fffff8003bb76b25 : fffff8003bb74d6e 0000000000000000 0000000000000000 ffffbf044ec1ea20 : nt!KiRaiseSecurityCheckFailure+0x325
fffff885ad9f3ad0 fffff8003bb74d6e : 0000000000000000 0000000000000000 ffffbf044ec1ea20 0000000000000001 : iorate!_report_gsfailure+0x5
fffff885ad9f3ad8 fffff885ad9f3d80 : fffff8003bb74ee1 fffff885ad9f3d00 fffff800396c1671 0000000000000000 : iorate!IoRateProcessIrpHelper+0x3fe
fffff885ad9f3c78 fffff8003bb74ee1 : fffff885ad9f3d00 fffff800396c1671 0000000000000000 0000000000000001 : 0xfffff885ad9f3d80fffff885
ad9f3c80 fffff8003bb75120 : fffff800397c5cb0 ffffbf044ee36180 ffffbf044bf71480 ffff896fab85e161 : iorate!IoRateProcessIrpWrapper+0x151fffff885
ad9f3dc0 fffff8003970a939 : 0000000000000f34 ffffd03d00501802 000000a6c83ffaa0 0000000000000018 : iorate!IoRateDispatchReadWrite+0x80fffff885
ad9f3e00 fffff8003ba71033 : ffffbf044edd3670 fffff8003ba84340 0000000000000020 ffffbf04584d06e0 : nt!IofCallDriver+0x59fffff885
ad9f3e40 fffff8003970a939 : ffffbf044ee36180 fffff8003ba9e294 0000000000000018 000000a6c83ffb88 : volume!VolumePassThrough+0x23fffff885
ad9f3e70 fffff8003ba869d4 : 0000000000000000 00000292205ff4c0 0000000000000000 0000000000000000 : nt!IofCallDriver+0x59fffff885
ad9f3eb0 fffff8003ba812c9 : fffff885ab141128 0000000000000000 0000000000000000 0000000000000000 : volsnap!VolSnapReadFilter+0x56f4fffff885
ad9f3ee0 fffff8003970a939 : 00007fff3d80c6a0 0000000000000000 0000000000000000 0000000000000000 : volsnap!VolSnapRead+0x19fffff885
ad9f3f10 fffff8003b06327c : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!IofCallDriver+0x59fffff885
ad9f3f50 fffff800397c5c4e : 0000000000000000 0000000000000000 0000000000000000 000000a6c83ffcf9 : Ntfs!NtfsStorageDriverCallout+0x1cfffff885
ad9f3f80 fffff800397c5c0c : fffff885ad9f3fd0 ffffbf044bf71480 fffff885ad9f4000 fffff800396c043e : nt!KxSwitchKernelStackCallout+0x2efffff885
ab140f10 fffff800396c043e : fffff885ad9f3fd0 fffff885ad9f4000 0000000000000001 0000000000000000 : nt!KiSwitchKernelStackContinuefffff885
ab140f30 fffff800396c023c : fffff8003b063260 fffff885ab141128 0000800000000002 0000010000000000 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x18efffff885
ab140fd0 fffff800396c00b3 : fffff885ab141260 fffff885ab141330 fffff885ab1411a0 ffffbf045f1c8b20 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xdcfffff885
ab141040 fffff800396c006d : fffff8003b063260 fffff885ab141128 0000000000000001 ffffbf044be79a28 : nt!KeExpandKernelStackAndCalloutInternal+0x33fffff885
ab1410b0 fffff8003b051690 : ffffbf044be79a28 ffffbf045f1c8b20 0000000000000000 0000000000000000 : nt!KeExpandKernelStackAndCalloutEx+0x1dfffff885
ab1410f0 fffff8003b050229 : fffff885ab1411a0 ffffbf044be79a28 000000000012e400 0000000000126400 : Ntfs!NtfsMultipleAsync+0x110fffff885
ab141160 fffff8003b056e58 : fffff885ab141600 0000000000008000 0000000000000001 ffffbf045f1c8b20 : Ntfs!NtfsNonCachedIo+0x3f9fffff885
ab141410 fffff8003b05641c : fffff885ab141610 ffffbf045f1c8b20 fffff885ab141610 ffffbf044be79a28 : Ntfs!NtfsCommonRead+0x828fffff885
ab1415d0 fffff8003970a939 : ffffbf04612049a0 ffffbf045f1c8b20 ffffbf045f1c8f08 ffffffffffffff00 : Ntfs!NtfsFsdRead+0x20cfffff885
ab141690 fffff8003a6e55de : 0000000000000000 fffff885ab141770 ffffbf045f1c8b20 fffff885ab141780 : nt!IofCallDriver+0x59fffff885
ab1416d0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15eSYMBOL_NAME: iorate!_report_gsfailure+5
MODULE_NAME: iorate
IMAGE_NAME: iorate.sys
IMAGE_VERSION: 10.0.18362.1049
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_iorate!_report_gsfailure
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {92482ef2-f7ba-6610-7b12-052c61b25c00}
Followup: MachineOwner
Facebook
Twitter
Instagram