I’ve gotten this same crash in the same process context twice now and I’m assuming it’s the result of one of my drivers. Apparently Chrome doesn’t like something I’m doing. However, I’m not doing any recursion or using any stack space so the message about extending the stack doesn’t make sense to me. The other unusual thing is that I don’t have driver verifier enabled on this system for any drivers so the error message is even more suspect. This has only occurred on a Win8.1 x64 system and I haven’t seen it on any of my Win7 systems. If anyone has any tips on how to investigate this further please let me know.
Either way, here’s the !analyze -v
Loading Dump File [V:\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\windows\symbols*http://msdl.microsoft.com/download/symbols;
Executable search path is:
Windows 8 Kernel Version 9600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.17736.amd64fre.winblue_r9.150322-1500
Machine Name:
Kernel base = 0xfffff80142872000 PsLoadedModuleList = 0xfffff801
42b4b850
Debug session time: Wed Apr 29 18:29:38.420 2015 (UTC - 4:00)
System Uptime: 10 days 16:41:57.274
Loading Kernel Symbols
…
…
…
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`ff4ab018). Type “.hh dbgerr001” for details
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 1, ffffe00196ae8880, 0}
Probably caused by : ntkrnlmp.exe ( nt!RtlpGetStackLimits+ee )
Followup: MachineOwner
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000001
Arg3: ffffe00196ae8880
Arg4: 0000000000000000
Debugging Details:
BUGCHECK_STR: 0xc4_91
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 1
EXCEPTION_RECORD: 0000000000000005 – (.exr 0x5)
Cannot read Exception record @ 0000000000000005
LAST_CONTROL_TRANSFER: from fffff8014293e552 to fffff801429c2ca0
STACK_TEXT:
fffff801444690c8 fffff801
4293e552 : 00000000000000c4 00000000
00000091 0000000000000001 ffffe001
96ae8880 : nt!KeBugCheckEx
fffff801444690d0 fffff801
4293af61 : 0000000000000000 fffff801
38a088cb ffffe00100401802 ffff2541
b40e1542 : nt!RtlpGetStackLimits+0xee
fffff80144469110 fffff801
4293f45e : fffff8014446a008 fffff801
44469d10 fffff8014446a008 ffffe001
96ae8c00 : nt!RtlDispatchException+0x61
fffff801444697e0 fffff801
429ce8c2 : 0000000000000005 ffffe001
96ae8c00 ffffe0019a438c60 00000000
00000000 : nt!KiDispatchException+0x646
fffff80144469ed0 fffff801
429ccdfe : 0000000000000000 00000000
00000000 fffff80142b75180 00000000
00000001 : nt!KiExceptionDispatch+0xc2
fffff8014446a0b0 fffff801
429c7e0e : fffff8013b888dff ffffe001
904411b0 ffffe00100000000 ffffe001
96ae8800 : nt!KiGeneralProtectionFault+0xfe
fffff8014446a248 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiDpcInterrupt+0x1de
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!RtlpGetStackLimits+ee
fffff801`4293e552 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!RtlpGetStackLimits+ee
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6
BUCKET_ID_FUNC_OFFSET: ee
FAILURE_BUCKET_ID: 0xc4_91_nt!RtlpGetStackLimits
BUCKET_ID: 0xc4_91_nt!RtlpGetStackLimits
Followup: MachineOwner