KERNEL_SECURITY_CHECK_FAILURE? I'm not sure how to fix this.

Question

Got this last night, I can see it was the Palworld server I am running, I just don't understand how to fix this issue.

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff830e9466f230, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffff830e9466f188, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 484

    Key  : Analysis.Elapsed.mSec
    Value: 1288

    Key  : Analysis.IO.Other.Mb
    Value: 7

    Key  : Analysis.IO.Read.Mb
    Value: 8

    Key  : Analysis.IO.Write.Mb
    Value: 26

    Key  : Analysis.Init.CPU.mSec
    Value: 280

    Key  : Analysis.Init.Elapsed.mSec
    Value: 105538

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 96

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x139

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x139

    Key  : FailFast.Name
    Value: CORRUPT_LIST_ENTRY

    Key  : FailFast.Type
    Value: 3

    Key  : Failure.Bucket
    Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

    Key  : Failure.Hash
    Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 131072

    Key  : Hypervisor.Flags.ValueHex
    Value: 20000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : WER.OS.Branch
    Value: rs5_release

    Key  : WER.OS.Version
    Value: 10.0.17763.1

BUGCHECK_CODE:  139

BUGCHECK_P1: 3

BUGCHECK_P2: ffff830e9466f230

BUGCHECK_P3: ffff830e9466f188

BUGCHECK_P4: 0

FILE_IN_CAB:  MEMORY.DMP

TRAP_FRAME:  ffff830e9466f230 -- (.trap 0xffff830e9466f230)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffda803249c600 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80029012bf9 rsp=ffff830e9466f3c0 rbp=ffff830e9466f461
 r8=0000000000000000  r9=0000000000000004 r10=0000000000000000
r11=0000000000000090 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!MiUnlinkNodeLargePage+0x192eb9:
fffff800`29012bf9 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff830e9466f188 -- (.exr 0xffff830e9466f188)
ExceptionAddress: fffff80029012bf9 (nt!MiUnlinkNodeLargePage+0x0000000000192eb9)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY 

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXPNP: 1 (!blackboxpnp)

PROCESS_NAME:  PalServer-Win64-Test-Cmd.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

EXCEPTION_STR:  0xc0000409

STACK_TEXT:  
ffff830e`9466ef08 fffff800`28fe33a9     : 00000000`00000139 00000000`00000003 ffff830e`9466f230 ffff830e`9466f188 : nt!KeBugCheckEx
ffff830e`9466ef10 fffff800`28fe3890     : ffffffff`ffffffff 00000000`00000000 00000001`ffffffff fffffff6`00000002 : nt!KiBugCheckDispatch+0x69
ffff830e`9466f050 fffff800`28fe18c8     : 00000000`00000000 fffff800`29886af6 00000001`00000010 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff830e`9466f230 fffff800`29012bf9     : 00000000`00000006 ffff830e`9466f461 ffffda80`15570300 fffff800`28fd8d57 : nt!KiRaiseSecurityCheckFailure+0x308
ffff830e`9466f3c0 fffff800`28e47e8f     : 00000000`00000010 ffff75e0`00000002 00000000`00000001 00000000`00000004 : nt!MiUnlinkNodeLargePage+0x192eb9
ffff830e`9466f4b0 fffff800`28e47a7e     : 00000000`00000001 00000000`292517c0 ffffb80f`ac8e9c40 00000000`00000000 : nt!MiGetFreeZeroLargePage+0x5b
ffff830e`9466f520 fffff800`28e64589     : ffff830e`9466f820 ffffda00`f890fd80 00000000`00000000 00000000`00000010 : nt!MiGet64KPage+0x8e
ffff830e`9466f6c0 fffff800`28e6229c     : ffffb80f`ac8e9c40 ffffb80f`00000000 00000000`00000010 00000000`00000001 : nt!MiResolvePrivateZeroFault+0x459
ffff830e`9466f7e0 fffff800`28e60c9b     : 00000000`00000202 fffff800`28fd7d18 00000000`00000000 00000000`00000000 : nt!MiUserFault+0xd2c
ffff830e`9466f8e0 fffff800`28fdef03     : ffffb80f`c09f8080 00000000`00000000 00000000`00000000 ffffb80f`b9ade060 : nt!MmAccessFault+0x1fb
ffff830e`9466fa80 00007ff7`12c888ac     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x343
000000af`fc17cd70 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff7`12c888ac

SYMBOL_NAME:  nt!KiFastFailDispatch+d0

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  d0

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

OS_VERSION:  10.0.17763.1

BUILDLAB_STR:  rs5_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {3aede96a-54dd-40d6-d4cb-2a161a843851}

Followup:     MachineOwner
---------

Answer 1

Hello

Thank you for posting in Microsoft Community forum.

 From the information you provided, this is a bugcheck code 0x139 issue. Here is an official document about 0X139 for your reference.Bug Check 0x139 KERNEL_SECURITY_CHECK_FAILURE - Windows drivers | Microsoft Learn

We can see the failure process is Palserver-Win64-test-cmd.exe. You may need to contact with the manufactory for further help.

PROCESS_NAME:  PalServer-Win64-Test-Cmd.exe

If you want the detail about the dump analysis, please upload the dump or contact with Microsoft Support. We are happy to help! 

Best Regards,

Zack Lu