Fata Morgana
New member
- Feb 12, 2023
- 3
Hello everyone!
I am looking for advise on what could be the reason for BSOD code 139 caused by mrxsmb.sys. Maybe someone from the community could help me. WinDBG gave me the following:
I am looking for advise on what could be the reason for BSOD code 139 caused by mrxsmb.sys. Maybe someone from the community could help me. WinDBG gave me the following:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffb3020e555e50, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffb3020e555da8, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2921
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 17763
Key : Analysis.Init.CPU.mSec
Value: 4530
Key : Analysis.Init.Elapsed.mSec
Value: 81869
Key : Analysis.Memory.CommitPeak.Mb
Value: 89
Key : Dump.Attributes.InsufficientDumpfileSize
Value: 1
Key : Dump.Attributes.RequiredDumpfileSize
Value: 0xb99eafbbd
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: rs1_release
Key : WER.OS.Timestamp
Value: 2020-12-02T17:42:00Z
Key : WER.OS.Version
Value: 10.0.14393.4104
FILE_IN_CAB: 020823-12734-01.dmp
DUMP_FILE_ATTRIBUTES: 0xc
Insufficient Dumpfile Size
Kernel Generated Triage Dump
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffb3020e555e50
BUGCHECK_P3: ffffb3020e555da8
BUGCHECK_P4: 0
TRAP_FRAME: ffffb3020e555e50 -- (.trap 0xffffb3020e555e50)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe1023e918d40 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80356e5a009 rsp=ffffb3020e555fe0 rbp=ffffb3020e556080
r8=0000000000000002 r9=0000000000000002 r10=fffff80356e8f920
r11=fffff80356e8f000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
mrxsmb!SmbCeInitiateExchange+0x919:
fffff803`56e5a009 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffb3020e555da8 -- (.exr 0xffffb3020e555da8)
ExceptionAddress: fffff80356e5a009 (mrxsmb!SmbCeInitiateExchange+0x0000000000000919)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffb302`0e555b28 fffff802`0de00329 : 00000000`00000139 00000000`00000003 ffffb302`0e555e50 ffffb302`0e555da8 : nt!KeBugCheckEx
ffffb302`0e555b30 fffff802`0de006d0 : ffffe102`3d1f1d50 ffffe102`2f1c9dc0 ffffe102`2f1c9ed8 ffffe102`34557c00 : nt!KiBugCheckDispatch+0x69
ffffb302`0e555c70 fffff802`0ddfecd8 : ffffe102`3dd75e90 fffff803`56e574c2 ffffe102`26fd6a50 ffffe102`dcf65020 : nt!KiFastFailDispatch+0xd0
ffffb302`0e555e50 fffff803`56e5a009 : ffffe102`2f1c9dc0 ffffb302`0e556080 00000000`00000000 ffff9203`7a340000 : nt!KiRaiseSecurityCheckFailure+0x2d8
ffffb302`0e555fe0 fffff803`56f90b58 : 00000000`00090244 00000000`00090244 ffffe102`26fd6a50 ffffe102`e16c1010 : mrxsmb!SmbCeInitiateExchange+0x919
ffffb302`0e556380 fffff803`56f90913 : 00000000`00000160 00000000`00000000 ffffe102`3c828cb8 ffff920b`2825a750 : mrxsmb20!Smb2GenericFsControl+0x12c
ffffb302`0e5563e0 fffff803`56e680fc : ffffe102`e16c1010 ffff9203`7a3402e0 ffffe102`26fd6a50 00000000`c0000010 : mrxsmb20!MRxSmb2FsCtl+0x103
ffffb302`0e556420 fffff803`55da89ab : ffffe102`e16c1010 00000000`00000000 00000000`c000000d 00000000`00000000 : mrxsmb!MRxSmbFsCtl+0xdc
ffffb302`0e556470 fffff803`55da861f : 00000000`00000000 ffffe902`de97f2a0 ffff9203`7a340010 ffffe102`e16c1010 : rdbss!RxLowIoSubmit+0x33b
ffffb302`0e5564e0 fffff803`55da9bcc : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`d528c601 : rdbss!RxLowIoFsCtlShell+0x9f
ffffb302`0e556540 fffff803`55d62acb : ffffe102`e16c1010 ffffe102`26c3e080 ffffe102`e16c1010 ffffe902`de97f1d0 : rdbss!RxCommonFileSystemControl+0xdcc
ffffb302`0e5566a0 fffff803`55d9f486 : ffffe102`66375010 fffff803`575827e0 ffffb302`00000001 ffffb302`0e556858 : rdbss!RxFsdCommonDispatch+0x55b
ffffb302`0e556820 fffff803`56e990eb : 00000000`00000000 fffff802`0dd3b9a1 00000011`3a400000 00000001`984a0000 : rdbss!RxFsdDispatch+0x86
ffffb302`0e556870 fffff803`5753bad6 : ffffb302`0e556990 00000000`00000001 fffff803`5753bac0 ffffb302`0e556990 : mrxsmb!MRxSmbFsdDispatch+0xeb
ffffb302`0e5568b0 fffff802`0dd3b925 : 00000000`00000001 ffffb302`0e556990 00000000`00000005 00000000`00000000 : CsvFs!CsvFsCallDriverCallout+0x16
ffffb302`0e5568e0 fffff803`57536a38 : fffff803`5753bac0 00000000`00000000 ffffb302`0e556990 ffff920b`2825a750 : nt!KeExpandKernelStackAndCalloutInternal+0x85
ffffb302`0e556930 fffff803`5753a300 : ffffffff`fffffffd ffffb302`0e5569f0 ffff680b`c21cc89c 00000000`00000000 : CsvFs!CsvFsExpandKernelStackAndCalloutNoFail+0x28
ffffb302`0e556970 fffff803`5753a2a1 : 00000000`00000000 ffffe902`de97f1d0 00000000`00000001 ffffe102`26c3e080 : CsvFs!CsvFsCallDriver+0x40
ffffb302`0e5569c0 fffff803`575418c0 : ffffe902`de97f1d0 ffffe102`26c3e080 00000000`00000000 00000000`00000000 : CsvFs!CsvFsRemoveTopLevelIrpAndCallDriver+0x31
ffffb302`0e5569f0 fffff803`5757054e : ffff920b`2825a580 00000000`00000003 ffffe902`de97f1d0 00000000`c00000e2 : CsvFs!CsvFsEnqueueSingleClientNotify+0xe13c
ffffb302`0e556a70 fffff802`0dcd4520 : ffffe902`eb8277c0 ffffe902`dd278940 00000000`00000000 ffffe902`dd278940 : CsvFs!CsvFsSingleClientNotifyWorkitem+0x4ee
ffffb302`0e556b10 fffff802`0dcd1969 : fffff802`0e050140 ffffe102`3689f040 fffff802`0dcd4430 00000000`00000000 : nt!IopProcessWorkItem+0xf0
ffffb302`0e556b80 fffff802`0dd9cf7d : ffffe102`3689f040 00000000`00000080 ffffe101`e68a26c0 ffffe102`3689f040 : nt!ExpWorkerThread+0xe9
ffffb302`0e556c10 fffff802`0ddf75e6 : ffffb301`e9fc0180 ffffe102`3689f040 fffff802`0dd9cf3c 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffffb302`0e556c60 00000000`00000000 : ffffb302`0e557000 ffffb302`0e551000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_NAME: mrxsmb!SmbCeInitiateExchange+919
MODULE_NAME: mrxsmb
IMAGE_NAME: mrxsmb.sys
IMAGE_VERSION: 10.0.14393.3595
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 919
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_mrxsmb!SmbCeInitiateExchange
OS_VERSION: 10.0.14393.4104
BUILDLAB_STR: rs1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {120f4e66-1340-d398-bfd9-d70d36b4057a}
