4 Replies Latest reply on Jan 16, 2016 3:03 AM by GRVFX

    After Effect CC 2015 - KERNEL_SECURITY_CHECK_FAILURE ( Memory Dump )

    NetMan60

      Hi There

       

      As it's obvious, i got a problem after installing AE and it gives me a Blue Screen with a message above ( KERNEL_SECURITY_CHECK_FAILURE ). It seems there is a memory crash between AE and another software or driver. So i Analysed Memory.DMP file with WinDbg and gave me a result below.

       

      As you can see, i found out, file dxgkrnl.sys with AEGPUSniffer.e process make a memory crash. I need to say that befor installing AE i uninstalled my graphic card drivers ( Geforce and Intell ) and installed a vendor drivers directly but AE has a problem with DirecX! ( my DirectX Edition is 12 )


      Here is my System Configuration:


      Laptop: HP with UEFI Firmware ( secure boot off )

      Windows 10 edition 10586

      Ram: 16 GB

      Graphic cards: internal Intel (1 GB) and Dedicated Geforce GTX ( 4GB )

      CPU: 2.3 GH core i7 ( quad core  & 8 logical processors )

      HDD: 1 TB

      All drivers up to date


      Well, Any help will be appreciated. If there is no any way to make it correct, can i make it right with another edition of AE or wil be the same?



       

       

       

      Microsoft (R) Windows Debugger Version 10.0.10586.567 X86

      Copyright (c) Microsoft Corporation. All rights reserved.

       

       

       

       

      Loading Dump File [C:\Users\Babak\Desktop\MEMORY.DMP]

      Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

       

       

      Symbol search path is: srv*

      Executable search path is:

      Windows 10 Kernel Version 10586 MP (8 procs) Free x64

      Product: WinNt, suite: TerminalServer SingleUserTS

      Built by: 10586.17.amd64fre.th2_release.151121-2308

      Machine Name:

      Kernel base = 0xfffff802`6fa00000 PsLoadedModuleList = 0xfffff802`6fcdec70

      Debug session time: Tue Dec 29 01:11:09.512 2015 (UTC + 8:00)

      System Uptime: 0 days 0:00:54.331

      Loading Kernel Symbols

      ...........................................................Page 105d4a not present in the dump file. Type ".hh dbgerr004" for details

      ....

      ................................................................

      .................................................

      Loading User Symbols

      PEB is paged out (Peb.Ldr = 00000000`002e2018).  Type ".hh dbgerr001" for details

      Loading unloaded module list

      .........

      *******************************************************************************

      *                                                                            *

      *                        Bugcheck Analysis                                    *

      *                                                                            *

      *******************************************************************************

       

       

      Use !analyze -v to get detailed debugging information.

       

       

      BugCheck 139, {3, ffffd00024267490, ffffd000242673e8, 0}

       

       

      Page 11b860 not present in the dump file. Type ".hh dbgerr004" for details

      Page 110e88 not present in the dump file. Type ".hh dbgerr004" for details

      Page 110515 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

      Probably caused by : dxgkrnl.sys ( dxgkrnl!DXGDEVICE::DestroyAllDeviceState+1cb )

       

       

      Followup:    MachineOwner

      ---------

       

       

      7: kd> !analyze -v

      *******************************************************************************

      *                                                                            *

      *                        Bugcheck Analysis                                    *

      *                                                                            *

      *******************************************************************************

       

       

      KERNEL_SECURITY_CHECK_FAILURE (139)

      A kernel component has corrupted a critical data structure.  The corruption

      could potentially allow a malicious user to gain control of this machine.

      Arguments:

      Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).

      Arg2: ffffd00024267490, Address of the trap frame for the exception that caused the bugcheck

      Arg3: ffffd000242673e8, Address of the exception record for the exception that caused the bugcheck

      Arg4: 0000000000000000, Reserved

       

       

      Debugging Details:

      ------------------

       

       

      Page 110515 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

      Page 1280 not present in the dump file. Type ".hh dbgerr004" for details

       

       

      DUMP_CLASS: 1

       

       

      DUMP_QUALIFIER: 401

       

       

      BUILD_VERSION_STRING:  10586.17.amd64fre.th2_release.151121-2308

       

       

      SYSTEM_MANUFACTURER:  Hewlett-Packard

       

       

      SYSTEM_PRODUCT_NAME:  HP ENVY 15 Notebook PC

       

       

      SYSTEM_SKU:  K8U61PA#UUF

       

       

      SYSTEM_VERSION:  097F120000405F10000310100

       

       

      BIOS_VENDOR:  Insyde

       

       

      BIOS_VERSION:  F.22

       

       

      BIOS_DATE:  11/25/2014

       

       

      BASEBOARD_MANUFACTURER:  Hewlett-Packard

       

       

      BASEBOARD_PRODUCT:  22A0

       

       

      BASEBOARD_VERSION:  KBC Version 83.12

       

       

      DUMP_TYPE:  1

       

       

      BUGCHECK_P1: 3

       

       

      BUGCHECK_P2: ffffd00024267490

       

       

      BUGCHECK_P3: ffffd000242673e8

       

       

      BUGCHECK_P4: 0

       

       

      TRAP_FRAME:  ffffd00024267490 -- (.trap 0xffffd00024267490)

      NOTE: The trap frame does not contain all registers.

      Some register values may be zeroed or incorrect.

      rax=ffffe0017d079730 rbx=0000000000000000 rcx=0000000000000003

      rdx=ffffe0017d045890 rsi=0000000000000000 rdi=0000000000000000

      rip=fffff8026fb59d82 rsp=ffffd00024267620 rbp=ffffd00024267729

      r8=ffffc001f8dfe3f0  r9=0000000000000003 r10=7fffc001f8dfe3f0

      r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000

      r14=0000000000000000 r15=0000000000000000

      iopl=0        nv up ei pl nz na po cy

      nt! ?? ::FNODOBFM::`string'+0x8c82:

      fffff802`6fb59d82 cd29            int    29h

      Resetting default scope

       

       

      EXCEPTION_RECORD:  ffffd000242673e8 -- (.exr 0xffffd000242673e8)

      ExceptionAddress: fffff8026fb59d82 (nt! ?? ::FNODOBFM::`string'+0x0000000000008c82)

        ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

        ExceptionFlags: 00000001

      NumberParameters: 1

        Parameter[0]: 0000000000000003

      Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

       

       

      CPU_COUNT: 8

       

       

      CPU_MHZ: 8f7

       

       

      CPU_VENDOR:  GenuineIntel

       

       

      CPU_FAMILY: 6

       

       

      CPU_MODEL: 3c

       

       

      CPU_STEPPING: 3

       

       

      CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1E'00000000 (cache) 1E'00000000 (init)

       

       

      DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT

       

       

      BUGCHECK_STR:  0x139

       

       

      PROCESS_NAME:  AEGPUSniffer.e

       

       

      CURRENT_IRQL:  2

       

       

      ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

       

       

      EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

       

       

      EXCEPTION_CODE_STR:  c0000409

       

       

      EXCEPTION_PARAMETER1:  0000000000000003

       

       

      ANALYSIS_SESSION_HOST:  HP-ENVY15

       

       

      ANALYSIS_SESSION_TIME:  12-29-2015 17:10:58.0743

       

       

      ANALYSIS_VERSION: 10.0.10586.567 x86fre

       

       

      LAST_CONTROL_TRANSFER:  from fffff8026fb4d2e9 to fffff8026fb42760

       

       

      STACK_TEXT: 

      ffffd000`24267168 fffff802`6fb4d2e9 : 00000000`00000139 00000000`00000003 ffffd000`24267490 ffffd000`242673e8 : nt!KeBugCheckEx

      ffffd000`24267170 fffff802`6fb4d610 : 00000000`00000000 fffff802`6fa3272f 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69

      ffffd000`242672b0 fffff802`6fb4c7f3 : ffffe001`7b2bf010 ffffe001`7b2bf010 00000000`00000000 ffffe001`7d168270 : nt!KiFastFailDispatch+0xd0

      ffffd000`24267490 fffff802`6fb59d82 : ffffc001`f8dfe330 ffffc001`f8dfe3f0 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf3

      ffffd000`24267620 fffff801`4871147b : ffffc001`00000000 ffffc001`f7a6e010 ffffc001`f7a6e100 ffffc001`f7a6e100 : nt! ?? ::FNODOBFM::`string'+0x8c82

      ffffd000`24267650 fffff801`48710653 : ffffc001`f7a6e010 00000000`00000000 00000000`0000000b 00000000`00000000 : dxgkrnl!DXGDEVICE::DestroyAllDeviceState+0x1cb

      ffffd000`24267690 fffff801`486f3717 : ffffc001`f7a6e010 ffffc001`f8dfe330 ffffc001`f8dfe330 ffffe001`7cf74080 : dxgkrnl!ADAPTER_RENDER::DestroyDevice+0xa7

      ffffd000`242676c0 fffff801`486f00b4 : 00000000`00000100 ffffc001`f8dfe330 ffffc001`f8dfe330 fffff960`c5492d90 : dxgkrnl!DXGPROCESS::Destroy+0x2bf

      ffffd000`24267790 fffff960`c53b6c9c : 00000000`00001cb0 fffff901`407a3730 00000000`00000007 00000000`00000000 : dxgkrnl!DxgkProcessCallout+0x64

      ffffd000`242677f0 fffff960`c5035cb9 : fffff901`407a3730 fffff901`407a3730 ffffe001`7b72c080 00000000`00000001 : win32kbase!GdiProcessCallout+0x8c

      ffffd000`24267870 fffff960`c53d08cb : ffffd000`24267a48 ffffd000`242679c0 00000000`00000000 00000000`00000007 : win32kfull!W32pProcessCallout+0xd9

      ffffd000`242678a0 fffff802`6fdfc262 : ffffd000`242679c0 ffffe001`7b3e42b0 00000000`00000000 00000000`00000000 : win32kbase!W32CalloutDispatch+0x6b

      ffffd000`24267910 fffff802`6fe06ddf : ffffe001`7b3e42b0 00000000`00000000 00000000`00000000 ffffe001`7b72c080 : nt!PsInvokeWin32Callout+0x42

      ffffd000`24267950 fffff802`6fe812f2 : ffffe001`00000007 ffffe001`7cf74080 ffffe001`7cf74080 ffffe001`7b72c080 : nt!PspExitThread+0x49b

      ffffd000`24267a90 fffff802`6fb4cfa3 : ffffe001`7cf74080 ffffe001`7b72c080 ffffd000`24267b80 ffffd000`24267b80 : nt!NtTerminateProcess+0xde

      ffffd000`24267b00 00007ff8`14085364 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13

      00000000`0014fd98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`14085364

       

       

       

       

      STACK_COMMAND:  kb

       

       

      THREAD_SHA1_HASH_MOD_FUNC:  a0a5514a4d87706527c6f92c37842ea8c43b81ac

       

       

      THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  11718e5c925d2d833f63315284a04f89616e7880

       

       

      THREAD_SHA1_HASH_MOD:  c9f3f8c71ac99eb021b386cc891dde1c61018273

       

       

      FOLLOWUP_IP:

      dxgkrnl!DXGDEVICE::DestroyAllDeviceState+1cb

      fffff801`4871147b 488b4b50        mov    rcx,qword ptr [rbx+50h]

       

       

      FAULT_INSTR_CODE:  504b8b48

       

       

      SYMBOL_STACK_INDEX:  5

       

       

      SYMBOL_NAME:  dxgkrnl!DXGDEVICE::DestroyAllDeviceState+1cb

       

       

      FOLLOWUP_NAME:  MachineOwner

       

       

      MODULE_NAME: dxgkrnl

       

       

      IMAGE_NAME:  dxgkrnl.sys

       

       

      DEBUG_FLR_IMAGE_TIMESTAMP:  5632d261

       

       

      BUCKET_ID_FUNC_OFFSET:  1cb

       

       

      FAILURE_BUCKET_ID:  0x139_3_dxgkrnl!DXGDEVICE::DestroyAllDeviceState

       

       

      BUCKET_ID:  0x139_3_dxgkrnl!DXGDEVICE::DestroyAllDeviceState

       

       

      PRIMARY_PROBLEM_CLASS:  0x139_3_dxgkrnl!DXGDEVICE::DestroyAllDeviceState

       

       

      TARGET_TIME:  2015-12-28T17:11:09.000Z

       

       

      OSBUILD:  10586

       

       

      OSSERVICEPACK:  0

       

       

      SERVICEPACK_NUMBER: 0

       

       

      OS_REVISION: 0

       

       

      SUITE_MASK:  272

       

       

      PRODUCT_TYPE:  1

       

       

      OSPLATFORM_TYPE:  x64

       

       

      OSNAME:  Windows 10

       

       

      OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

       

       

      OS_LOCALE: 

       

       

      USER_LCID:  0

       

       

      OSBUILD_TIMESTAMP:  2015-11-22 17:24:24

       

       

      BUILDDATESTAMP_STR:  151121-2308

       

       

      BUILDLAB_STR:  th2_release

       

       

      BUILDOSVER_STR:  10.0.10586.17.amd64fre.th2_release.151121-2308

       

       

      ANALYSIS_SESSION_ELAPSED_TIME: 25c0

       

       

      ANALYSIS_SOURCE:  KM

       

       

      FAILURE_ID_HASH_STRING:  km:0x139_3_dxgkrnl!dxgdevice::destroyalldevicestate

       

       

      FAILURE_ID_HASH:  {070f1ec5-2412-7644-8cb9-60ac33a7233f}

       

       

      Followup:    MachineOwner

      ---------