Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Minidump\081715-6156-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Minidump\SYMBOLS*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Minidump\SYMBOLS*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9600 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 9600.17936.amd64fre.winblue_ltsb.150715-0840 Machine Name: Kernel base = 0xfffff800`1de15000 PsLoadedModuleList = 0xfffff800`1e0ea7b0 Debug session time: Mon Aug 17 14:10:01.429 2015 (UTC + 2:00) System Uptime: 0 days 0:35:53.179 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 139, {3, ffffd0005e12a750, ffffd0005e12a6a8, 0} Probably caused by : NETIO.SYS ( NETIO!RtlReturnTimerWheelEntry+2cdf9 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: ffffd0005e12a750, Address of the trap frame for the exception that caused the bugcheck Arg3: ffffd0005e12a6a8, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------ TRAP_FRAME: ffffd0005e12a750 -- (.trap 0xffffd0005e12a750) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff800b4f309e8 rbx=0000000000000000 rcx=0000000000000003 rdx=000000000000086f rsi=0000000000000000 rdi=0000000000000000 rip=fffff800b4681ab9 rsp=ffffd0005e12a8e0 rbp=ffffd0005e12a979 r8=0000000000000000 r9=0000000000000001 r10=0000000000000000 r11=0000000503650c35 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy NETIO!RtlReturnTimerWheelEntry+0x2cdf9: fffff800`b4681ab9 cd29 int 29h Resetting default scope EXCEPTION_RECORD: ffffd0005e12a6a8 -- (.exr 0xffffd0005e12a6a8) ExceptionAddress: fffff800b4681ab9 (NETIO!RtlReturnTimerWheelEntry+0x000000000002cdf9) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000003 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT BUGCHECK_STR: 0x139 PROCESS_NAME: System CURRENT_IRQL: 2 ERROR_CODE: (NTSTATUS) 0xc0000409 - System wykry EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - System wykry EXCEPTION_PARAMETER1: 0000000000000003 ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre DPC_STACK_BASE: FFFFD0005E131FB0 LAST_CONTROL_TRANSFER: from fffff8001df704e9 to fffff8001df649a0 STACK_TEXT: ffffd000`5e12a428 fffff800`1df704e9 : 00000000`00000139 00000000`00000003 ffffd000`5e12a750 ffffd000`5e12a6a8 : nt!KeBugCheckEx ffffd000`5e12a430 fffff800`1df70810 : 0000000e`00000028 fffff800`b55c1e0c fffff800`b55c1e0c 00000000`0007c0c8 : nt!KiBugCheckDispatch+0x69 ffffd000`5e12a570 fffff800`1df6fa34 : fffff800`1e0fde20 fffff800`1e0b516c ffffe000`d02dbdb0 00000000`0000000c : nt!KiFastFailDispatch+0xd0 ffffd000`5e12a750 fffff800`b4681ab9 : 00000000`827129c0 00000000`0000000f 00000000`00000000 ffffe000`ce94f510 : nt!KiRaiseSecurityCheckFailure+0xf4 ffffd000`5e12a8e0 fffff800`b4f1addb : ffffe000`c9de8e70 00000000`000000ff ffffd000`5e100000 ffffd000`5e100180 : NETIO!RtlReturnTimerWheelEntry+0x2cdf9 ffffd000`5e12a910 fffff800`1de96948 : ffffd000`5e12ab20 ffffd000`5e12aae0 00000000`00000001 ffffd000`5e100180 : wfplwfs!L2FlowsManagerTimerCallback+0xf7 ffffd000`5e12a9e0 fffff800`1df684ea : ffffd000`5e100180 ffffd000`5e100180 ffffd000`5e10c3c0 ffffe000`cf7bb880 : nt!KiRetireDpcList+0x4f8 ffffd000`5e12ac60 00000000`00000000 : ffffd000`5e12b000 ffffd000`5e125000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: NETIO!RtlReturnTimerWheelEntry+2cdf9 fffff800`b4681ab9 cd29 int 29h SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: NETIO!RtlReturnTimerWheelEntry+2cdf9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5 IMAGE_VERSION: 6.3.9600.17485 BUCKET_ID_FUNC_OFFSET: 2cdf9 FAILURE_BUCKET_ID: 0x139_3_NETIO!RtlReturnTimerWheelEntry BUCKET_ID: 0x139_3_NETIO!RtlReturnTimerWheelEntry ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x139_3_netio!rtlreturntimerwheelentry FAILURE_ID_HASH: {b0e8c9e5-8bf0-b4bb-0482-b578dd76c55a} Followup: MachineOwner ---------