******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8801c163610, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8801c163568, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: fffff8801c163610 -- (.trap 0xfffff8801c163610)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8012b753b0 rbx=0000000000000000 rcx=0000000000000003
rdx=fffffa8012a0cfe0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802e9ad2bb0 rsp=fffff8801c1637a0 rbp=0000000000000000
r8=0000000000000002 r9=0000000000000000 r10=fffff880009c0e80
r11=fffffa8012a77880 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!IopCompleteRequest+0x8db:
fffff802`e9ad2bb0 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff8801c163568 -- (.exr 0xfffff8801c163568)
ExceptionAddress: fffff802e9ad2bb0 (nt!IopCompleteRequest+0x00000000000008db)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
IRP_ADDRESS: ffffffffffffff88
LAST_CONTROL_TRANSFER: from fffff802e9a97a69 to fffff802e9a98740
STACK_TEXT:
fffff880`1c1632e8 fffff802`e9a97a69 : 00000000`00000139 00000000`00000003 fffff880`1c163610 fffff880`1c163568 : nt!KeBugCheckEx
fffff880`1c1632f0 fffff802`e9a97d90 : 00000000`00000000 fffffa80`0e456800 fffff780`00000320 fffffa80`0e96c160 : nt!KiBugCheckDispatch+0x69
fffff880`1c163430 fffff802`e9a96ff4 : fffffa80`129ba040 fffff880`1c1636f9 fffffa80`00000006 fffffa80`00000003 : nt!KiFastFailDispatch+0xd0
fffff880`1c163610 fffff802`e9ad2bb0 : fffffa80`12a77880 fffffa80`10e5d080 00000000`00000001 fffffa80`206c644d : nt!KiRaiseSecurityCheckFailure+0xf4
fffff880`1c1637a0 fffff802`e9a571d1 : 00000000`00000000 00000000`00000000 00000000`00000a00 fffffa80`10e5d080 : nt!IopCompleteRequest+0x8db
fffff880`1c163870 fffff802`e9e65e06 : fffffa80`11474e40 fffffa80`10e5d001 00000000`00000001 fffffa80`12b75390 : nt!IopPostProcessIrp+0x71
fffff880`1c163910 fffff802`e9ad8585 : fffffa80`11474e40 0000000c`d7cda880 fffff880`1c163a40 00000000`00000000 : nt!IoRemoveIoCompletion+0x196
fffff880`1c1639a0 fffff802`e9a97753 : 00000000`0000009c 0000000c`d7cda880 fffff880`00000010 0000000c`c867fc40 : nt!NtWaitForWorkViaWorkerFactory+0x295
fffff880`1c163b00 000007f9`774f46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000000c`c867fbe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007f9`774f46ab
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff802`e9a97d90 c644242000 mov byte ptr [rsp+20h],0
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiFastFailDispatch+d0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 50875b31
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
Followup: MachineOwner
---------