KERNEL_SECURITY_CHECK_FAILURE (139)

Question

Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\xiangshuai\Desktop\120622-14859-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 22000 MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Machine Name:

Kernel base = 0xfffff80729200000 PsLoadedModuleList = 0xfffff80729e29b00

Debug session time: Tue Dec 6 13:52:04.159 2022 (UTC + 8:00)

System Uptime: 0 days 4:34:02.304

Loading Kernel Symbols

..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.

Run !sym noisy before .reload to track down problems loading symbols.

.............................................................

................................................................

................................................................

..........................................

Loading User Symbols

Loading unloaded module list

....................

For analysis of this file, run !analyze -v

6: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)

A kernel component has corrupted a critical data structure. The corruption

could potentially allow a malicious user to gain control of this machine.

Arguments:

Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).

Arg2: ffffd28736e7ef60, Address of the trap frame for the exception that caused the bugcheck

Arg3: ffffd28736e7eeb8, Address of the exception record for the exception that caused the bugcheck

Arg4: 0000000000000000, Reserved

Debugging Details:

---

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.Sec 

Value: 1 

Key  : Analysis.DebugAnalysisProvider.CPP 

Value: Create: 8007007e on XIANGSHUAI-PC-2 

Key  : Analysis.DebugData 

Value: CreateObject 

Key  : Analysis.DebugModel 

Value: CreateObject 

Key  : Analysis.Elapsed.Sec 

Value: 1 

Key  : Analysis.Memory.CommitPeak.Mb 

Value: 81 

Key  : Analysis.System 

Value: CreateObject 

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x1808

Kernel Generated Triage Dump

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: ffffd28736e7ef60

BUGCHECK_P3: ffffd28736e7eeb8

BUGCHECK_P4: 0

TRAP_FRAME: ffffd28736e7ef60 -- (.trap 0xffffd28736e7ef60)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffffe70d59ae8eb8 rbx=0000000000000000 rcx=0000000000000003

rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000

rip=fffff807294233d9 rsp=ffffd28736e7f0f0 rbp=ffffe70d411c71b0

r8=0000000000000010 r9=0000000000000000 r10=ffffc101c04c9050

r11=fffff80729ef8c00 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei pl nz na pe cy

nt!KiProcessThreadWaitList+0x99:

fffff807`294233d9 cd29 int 29h

Resetting default scope

EXCEPTION_RECORD: ffffd28736e7eeb8 -- (.exr 0xffffd28736e7eeb8)

ExceptionAddress: fffff807294233d9 (nt!KiProcessThreadWaitList+0x0000000000000099)

ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

ExceptionFlags: 00000001

NumberParameters: 1

Parameter[0]: 0000000000000003

Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

EXCEPTION_STR: 0xc0000409

STACK_TEXT:

ffffd28736e7ec38 fffff80729630369 : 0000000000000139 0000000000000003 ffffd28736e7ef60 ffffd28736e7eeb8 : nt!KeBugCheckEx

ffffd28736e7ec40 fffff807296308f2 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x69

ffffd28736e7ed80 fffff8072962e79e : ffffd28736e7ef90 ffffd28736e7efa8 ffffd28736e7f038 ffffe70d264bad90 : nt!KiFastFailDispatch+0xb2

ffffd28736e7ef60 fffff807294233d9 : ffffc101c0700180 0000000000000000 ffffd28736e7f160 0000000000000000 : nt!KiRaiseSecurityCheckFailure+0x31e

ffffd28736e7f0f0 fffff807294225d6 : 0000000000000000 0000000000000001 ffffd28700000000 0000000000000002 : nt!KiProcessThreadWaitList+0x99

ffffd28736e7f160 fffff80729420a54 : 0000000000000000 0000000000000000 0000000000000000 fffff80726e93588 : nt!KiProcessExpiredTimerList+0x376

ffffd28736e7f290 fffff8072961fd8e : 0000000000000000 ffffc101c0700180 ffffc101c070c240 ffffe70d4df47080 : nt!KiRetireDpcList+0x714

ffffd28736e7f540 0000000000000000 : ffffd28736e80000 ffffd28736e79000 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x9e

SYMBOL_NAME: nt!KiProcessExpiredTimerList+376

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.22000.1281

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 376

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiProcessExpiredTimerList

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {9db7945b-255d-24a1-9f2c-82344e883ab8}

Followup: MachineOwner

---

Answer 1

Hi, thank you for patiently waiting, upon analyzing and checking the DMP files, the error you have is ntkrnlmp.exe, this is usually caused by Damaged power cords and adapters and drivers, to fix this issue kindly refer to the steps provided on this link:

https://www.lifewire.com/fix-the-ntkrnlmp-exe-e...

Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

Answer 2

https://1drv.ms/u/s!AkpkvyifBjKbhzgA1j1IapdebnvZ?e=9qhw7A

Answer 3

Hi, thank you for replying, seems that I cannot access the file from that link, is there a chance that you can upload it in OneDrive?

Go to this link: https://onedrive.live.com/ then upload the file

Then provide the shareable link by following the steps from this link: https://support.microsoft.com/en-us/office/shar...

Answer 4

you know，reboot it can fix a lot of problem. :)
here is dump file.

链接：https://pan.baidu.com/s/1ZcgUeFzrrL6fOGRMuQia1w 提取码：ryq7

Answer 5

Hi and thanks for reaching out. My name is Bernard a Windows fan like you. I'll be happy to help you out today.

I understand the issue you have, nothing to worry I am here to help, and just to confirm can you still use the affected device? if so, we need to analyze the error, can you please check if you have minidump files on the PC so that we can further examine what is the root cause of the issue?

Press Windows key + E (To open file explorer)

Click "This PC" > then follow the file path:

C:\Windows\Minidump

Copy the Minidump files and save them to another location like Desktop or Documents.

Then please upload it to Cloud storage and please share the shareable link here.

Let me know how it goes and I hope that helps.

Bernard

Independent Advisor