Windows 10 KERNEL_SECURITY_CHECK_FAILURE 蓝屏

Windows 10 KERNEL_SECURITY_CHECK_FAILURE 蓝屏

我正在使用一台运行 Windows 10(Build 16299)的计算机,该计算机不断崩溃并显示 KERNEL_SECURITY_CHECK_FAILURE 代码。我做了大量研究,但这次崩溃似乎很独特。微软有一个错误检查参数列表,但我看到的那个1e(或者可能是它的十进制等价数,30)没有出现在该列表中。原来它是微软使用的内部代码,不会公开记录(尽管最近有人对此发表了评论,所以我想知道它是否会成为一种更常见的崩溃)。

到目前为止我已经:

  • 更新了我能找到的所有计算机驱动程序
  • DISM /Online /Cleanup-Image /RestoreHealthsfc /scannow
  • 运行戴尔预启动系统评估(包括 CPU 压力测试和内存测试),未报告任何错误
  • 运行 Windows 内存诊断程序,未报告任何错误
  • 用全新模块替换了 RAM。

崩溃似乎没有任何规律或原因;它只是随机发生。据我们所知,没有一个应用程序导致它。每个崩溃转储都列出了不同的进程。我注意到我看过的这台电脑的所有小型转储都有一个共同点。LAST_CONTROL_TRANSFER: from fffff80174793f69 to fffff801747833c0我对计算机架构只有相当基本的了解,所以我不太清楚如何解释这一点。

以下是生成的最新小型转储的输出:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001e, Type of memory safety violation
Arg2: fffff8038e9fca40, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8038e9fc998, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  16299.637.amd64fre.rs3_release_svc.180808-1748

SYSTEM_MANUFACTURER:  Dell Inc.

SYSTEM_PRODUCT_NAME:  Precision 3510

SYSTEM_SKU:  06E0

BIOS_VENDOR:  Dell Inc.

BIOS_VERSION:  1.21.6

BIOS_DATE:  10/02/2019

BASEBOARD_MANUFACTURER:  Dell Inc.

BASEBOARD_PRODUCT:  0PVGJH

BASEBOARD_VERSION:  A00

DUMP_TYPE:  2

BUGCHECK_P1: 1e

BUGCHECK_P2: fffff8038e9fca40

BUGCHECK_P3: fffff8038e9fc998

BUGCHECK_P4: 0

TRAP_FRAME:  fffff8038e9fca40 -- (.trap 0xfffff8038e9fca40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff850743100400 rbx=0000000000000000 rcx=000000000000001e
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8038b7a314d rsp=fffff8038e9fcbd0 rbp=fffff8038e9fcc50
 r8=0000000000000084  r9=00000000000000ff r10=fffff8038b608000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!KiDeferredReadyThread+0x12840d:
fffff803`8b7a314d cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  fffff8038e9fc998 -- (.exr 0xfffff8038e9fc998)
ExceptionAddress: fffff8038b7a314d (nt!KiDeferredReadyThread+0x000000000012840d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000000000001e
Subcode: 0x1e FAST_FAIL_INVALID_NEXT_THREAD

CPU_COUNT: 8

CPU_MHZ: a98

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: CC'00000000 (cache) CC'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0x139

PROCESS_NAME:  chrome.exe

CURRENT_IRQL:  2

DEFAULT_BUCKET_ID:  FAIL_FAST_INVALID_NEXT_THREAD

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  000000000000001e

ANALYSIS_SESSION_HOST:  XXXXXXXX

ANALYSIS_SESSION_TIME:  05-06-2020 14:39:39.0266

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

DPC_STACK_BASE:  FFFFF8038E9FCFB0

LAST_CONTROL_TRANSFER:  from fffff8038b799f69 to fffff8038b7893c0

STACK_TEXT:  
fffff803`8e9fc718 fffff803`8b799f69 : 00000000`00000139 00000000`0000001e fffff803`8e9fca40 fffff803`8e9fc998 : nt!KeBugCheckEx
fffff803`8e9fc720 fffff803`8b79a310 : 00000000`00000000 ffff8507`24354370 ffff8507`24a0e000 fffff803`8b78fdab : nt!KiBugCheckDispatch+0x69
fffff803`8e9fc860 fffff803`8b798925 : 00000000`00000000 ffff8507`24bde000 ffff8507`24a5d800 fffff803`8b623078 : nt!KiFastFailDispatch+0xd0
fffff803`8e9fca40 fffff803`8b7a314d : ffff8507`2cc6d080 ffff8507`00000000 ffff8507`00000015 fffff803`8e9fcca8 : nt!KiRaiseSecurityCheckFailure+0x2e5
fffff803`8e9fcbd0 fffff803`8b69b3e3 : fffff803`8974b180 00000000`00000002 fffff803`00000000 00000175`00000001 : nt!KiDeferredReadyThread+0x12840d
fffff803`8e9fcc90 fffff803`8b69bd1e : fffff803`8974b180 ffff8507`2cc6d1f0 fffff803`8e9fce68 ffff8507`00000000 : nt!KiReadyThread+0x33
fffff803`8e9fccc0 fffff803`8b69cc8d : 00000000`00000000 00000000`00000000 00000000`00286978 fffff803`8974b180 : nt!KiProcessExpiredTimerList+0x27e
fffff803`8e9fcdb0 fffff803`8b790365 : 00000000`00000000 fffff803`8974b180 ffff8286`55608a80 fffff803`8bf39890 : nt!KiRetireDpcList+0x43d
fffff803`8e9fcfb0 fffff803`8b790170 : 00000000`00000000 fffff803`8bee6356 ffff8507`2e0a2700 00000000`0a23fe60 : nt!KxRetireDpcList+0x5
ffff8286`556089c0 fffff803`8b78faa5 : 00000000`09bdd918 fffff803`8b78b1d1 00000000`ffffffff ffff8507`2e0a2700 : nt!KiDispatchInterruptContinue
ffff8286`556089f0 fffff803`8b78b1d1 : 00000000`ffffffff ffff8507`2e0a2700 ffff8286`00000000 ffff8507`34701890 : nt!KiDpcInterruptBypass+0x25
ffff8286`55608a00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0xb1


THREAD_SHA1_HASH_MOD_FUNC:  153280be3df77d976d88771fbe16e1f2f8a7b37f

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  536a7bc8cbbd2ddc7135b6f3fadef41d0a0bae49

THREAD_SHA1_HASH_MOD:  dc844b1b94baa204d070855e43bbbd27eee98b94

FOLLOWUP_IP: 
nt!KiFastFailDispatch+d0
fffff803`8b79a310 c644242000      mov     byte ptr [rsp+20h],0

FAULT_INSTR_CODE:  202444c6

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiFastFailDispatch+d0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5e7ad045

IMAGE_VERSION:  10.0.16299.1776

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  d0

FAILURE_BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

PRIMARY_PROBLEM_CLASS:  0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch

TARGET_TIME:  2020-05-06T18:50:16.000Z

OSBUILD:  16299

OSSERVICEPACK:  1776

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2020-03-24 22:30:13

BUILDDATESTAMP_STR:  180808-1748

BUILDLAB_STR:  rs3_release_svc

BUILDOSVER_STR:  10.0.16299.637.amd64fre.rs3_release_svc.180808-1748

ANALYSIS_SESSION_ELAPSED_TIME:  378c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_1e_invalid_next_thread_nt!kifastfaildispatch

FAILURE_ID_HASH:  {bef176cd-c482-4279-6644-552334c6dc54}

Followup:     MachineOwner
---------

相关内容