*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000754b2150, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd000754b20a8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for ts_arnusbx.sys
GetUlongPtrFromAddress: unable to read from fffff8038bbd8308
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.19464.amd64fre.winblue_ltsb_escrow.190828-1437
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffffd000754b2150
BUGCHECK_P3: ffffd000754b20a8
BUGCHECK_P4: 0
TRAP_FRAME: ffffd000754b2150 -- (.trap 0xffffd000754b2150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe000e5cb1d79 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe000e5cb2477 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8038b94959d rsp=ffffd000754b22e0 rbp=0000000000000000
r8=ffffe000e6ca8c48 r9=000000000000002f r10=fffff8038b8215b0
r11=ffffd000754b2250 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na po cy
nt!ExInterlockedInsertTailList+0xad:
fffff803`8b94959d cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd000754b20a8 -- (.exr 0xffffd000754b20a8)
ExceptionAddress: fffff8038b94959d (nt!ExInterlockedInsertTailList+0x00000000000000ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 4
CPU_MHZ: 9be
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 11-19-2019 17:13:46.0822
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8038b9da669 to fffff8038b9ca3a0
STACK_TEXT:
ffffd000`754b1e28 fffff803`8b9da669 : 00000000`00000139 00000000`00000003 ffffd000`754b2150 ffffd000`754b20a8 : nt!KeBugCheckEx
ffffd000`754b1e30 fffff803`8b9da9d0 : 00000000`00000000 ffffd000`00000000 ffffd000`22d83800 fffff801`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`754b1f70 fffff803`8b9d93a2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`754b2150 fffff803`8b94959d : 00000000`40cc0088 ffffe000`e6c96030 ffffe000`e6e14880 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x2e2
ffffd000`754b22e0 fffff801`708da501 : ffffd000`79180180 00000000`00000080 ffffe000`e14ac8c0 ffffd000`79190380 : nt!ExInterlockedInsertTailList+0xad
ffffd000`754b2320 ffffd000`79180180 : 00000000`00000080 ffffe000`e14ac8c0 ffffd000`79190380 00000000`00000000 : ts_arnusbx+0x5501
ffffd000`754b2328 00000000`00000080 : ffffe000`e14ac8c0 ffffd000`79190380 00000000`00000000 fffff801`708ff740 : 0xffffd000`79180180
ffffd000`754b2330 ffffe000`e14ac8c0 : ffffd000`79190380 00000000`00000000 fffff801`708ff740 ffffe000`e6c96030 : 0x80
ffffd000`754b2338 ffffd000`79190380 : 00000000`00000000 fffff801`708ff740 ffffe000`e6c96030 ffffe000`e5cb2477 : 0xffffe000`e14ac8c0
ffffd000`754b2340 00000000`00000000 : fffff801`708ff740 ffffe000`e6c96030 ffffe000`e5cb2477 ffffe000`e5cb2477 : 0xffffd000`79190380
THREAD_SHA1_HASH_MOD_FUNC: 56f4b5ca5e95130e360027680335c2b191b86ccd
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: cf0a1cf4265782daebc0cf1bfacd3707f7f6fa88
THREAD_SHA1_HASH_MOD: 26b56796b7f533c74d0de91b500771994b81b3ec
FOLLOWUP_IP:
ts_arnusbx+5501
fffff801`708da501 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: ts_arnusbx+5501
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ts_arnusbx
IMAGE_NAME: ts_arnusbx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 532c99ec
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 5501
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_ts_arnusbx!unknown_function
BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_ts_arnusbx!unknown_function
PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_ts_arnusbx!unknown_function
TARGET_TIME: 2019-11-19T11:54:53.000Z
OSBUILD: 9600
OSSERVICEPACK: 19464
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-08-29 02:34:07
BUILDDATESTAMP_STR: 190828-1437
BUILDLAB_STR: winblue_ltsb_escrow
BUILDOSVER_STR: 6.3.9600.19464.amd64fre.winblue_ltsb_escrow.190828-1437
ANALYSIS_SESSION_ELAPSED_TIME: ea7
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_ts_arnusbx!unknown_function
FAILURE_ID_HASH: {d62c5129-98fc-fe25-dee5-f04db3063a6c}
Followup: MachineOwner
---------
0: kd> lmvm ts_arnusbx
Browse full module list
start end module name
fffff801`708d5000 fffff801`70abe000 ts_arnusbx T (no symbols)
Loaded symbol image file: ts_arnusbx.sys
Image path: \SystemRoot\system32\DRIVERS\ts_arnusbx.sys
Image name: ts_arnusbx.sys
Browse all global symbols functions data
Timestamp: Fri Mar 21 12:58:36 2014 (532C99EC)
CheckSum: 001F0D98
ImageSize: 001E9000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
