KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffa987eb1a3130, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffa987eb1a3088, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for athurx.sys
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 4
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-JO5OOR3
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 43
Key : Analysis.Memory.CommitPeak.Mb
Value: 71
Key : Analysis.System
Value: CreateObject
ADDITIONAL_XML: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffa987eb1a3130
BUGCHECK_P3: ffffa987eb1a3088
BUGCHECK_P4: 0
TRAP_FRAME: ffffa987eb1a3130 -- (.trap 0xffffa987eb1a3130)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff988afe82e67b rbx=0000000000000000 rcx=0000000000000003
rdx=ffff988af7e14c48 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8052ef20f6c rsp=ffffa987eb1a32c0 rbp=0000000000000001
r8=000000000000004c r9=0000000000000000 r10=0000000000000000
r11=fffff780000003b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz ac po cy
nt!ExInterlockedRemoveHeadList+0x8c:
fffff805`2ef20f6c cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffa987eb1a3088 -- (.exr 0xffffa987eb1a3088)
ExceptionAddress: fffff8052ef20f6c (nt!ExInterlockedRemoveHeadList+0x000000000000008c)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffa987`eb1a2e08 fffff805`2efef929 : 00000000`00000139 00000000`00000003 ffffa987`eb1a3130 ffffa987`eb1a3088 : nt!KeBugCheckEx
ffffa987`eb1a2e10 fffff805`2efefd50 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffa987`eb1a2f50 fffff805`2efee0e3 : 00000000`03dfd240 00000000`00000000 ffff6abe`24c1bbaa fffff805`2ee3737e : nt!KiFastFailDispatch+0xd0
ffffa987`eb1a3130 fffff805`2ef20f6c : 00000000`00000000 00000000`00000000 ffff988a`f7e14c58 ffff988a`f7e14c48 : nt!KiRaiseSecurityCheckFailure+0x323
ffffa987`eb1a32c0 fffff805`415654c0 : ffff988b`036c5080 00000000`00000080 fffff805`41566eb0 00000000`00000000 : nt!ExInterlockedRemoveHeadList+0x8c
ffffa987`eb1a32f0 ffff988b`036c5080 : 00000000`00000080 fffff805`41566eb0 00000000`00000000 00000000`00000000 : athurx+0x54c0
ffffa987`eb1a32f8 00000000`00000080 : fffff805`41566eb0 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff988b`036c5080
ffffa987`eb1a3300 fffff805`41566eb0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x80
ffffa987`eb1a3308 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff805`4158abf4 : athurx+0x6eb0
SYMBOL_NAME: athurx+54c0
MODULE_NAME: athurx
IMAGE_NAME: athurx.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 54c0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_athurx!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {cf0b00cb-8b52-be47-e20d-865e290d55f0}
Followup: MachineOwner
---------