我正在使用一台运行 Windows 10(Build 16299)的计算机,该计算机不断崩溃并显示 KERNEL_SECURITY_CHECK_FAILURE 代码。我做了大量研究,但这次崩溃似乎很独特。微软有一个错误检查参数列表,但我看到的那个1e
(或者可能是它的十进制等价数,30)没有出现在该列表中。原来它是微软使用的内部代码,不会公开记录(尽管最近有人对此发表了评论,所以我想知道它是否会成为一种更常见的崩溃)。
到目前为止我已经:
- 更新了我能找到的所有计算机驱动程序
- 跑
DISM /Online /Cleanup-Image /RestoreHealth
了sfc /scannow
- 运行戴尔预启动系统评估(包括 CPU 压力测试和内存测试),未报告任何错误
- 运行 Windows 内存诊断程序,未报告任何错误
- 用全新模块替换了 RAM。
崩溃似乎没有任何规律或原因;它只是随机发生。据我们所知,没有一个应用程序导致它。每个崩溃转储都列出了不同的进程。我注意到我看过的这台电脑的所有小型转储都有一个共同点。LAST_CONTROL_TRANSFER: from fffff80174793f69 to fffff801747833c0
我对计算机架构只有相当基本的了解,所以我不太清楚如何解释这一点。
以下是生成的最新小型转储的输出:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001e, Type of memory safety violation
Arg2: fffff8038e9fca40, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8038e9fc998, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 16299.637.amd64fre.rs3_release_svc.180808-1748
SYSTEM_MANUFACTURER: Dell Inc.
SYSTEM_PRODUCT_NAME: Precision 3510
SYSTEM_SKU: 06E0
BIOS_VENDOR: Dell Inc.
BIOS_VERSION: 1.21.6
BIOS_DATE: 10/02/2019
BASEBOARD_MANUFACTURER: Dell Inc.
BASEBOARD_PRODUCT: 0PVGJH
BASEBOARD_VERSION: A00
DUMP_TYPE: 2
BUGCHECK_P1: 1e
BUGCHECK_P2: fffff8038e9fca40
BUGCHECK_P3: fffff8038e9fc998
BUGCHECK_P4: 0
TRAP_FRAME: fffff8038e9fca40 -- (.trap 0xfffff8038e9fca40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff850743100400 rbx=0000000000000000 rcx=000000000000001e
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8038b7a314d rsp=fffff8038e9fcbd0 rbp=fffff8038e9fcc50
r8=0000000000000084 r9=00000000000000ff r10=fffff8038b608000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiDeferredReadyThread+0x12840d:
fffff803`8b7a314d cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff8038e9fc998 -- (.exr 0xfffff8038e9fc998)
ExceptionAddress: fffff8038b7a314d (nt!KiDeferredReadyThread+0x000000000012840d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001e
Subcode: 0x1e FAST_FAIL_INVALID_NEXT_THREAD
CPU_COUNT: 8
CPU_MHZ: a98
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: CC'00000000 (cache) CC'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 2
DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_NEXT_THREAD
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001e
ANALYSIS_SESSION_HOST: XXXXXXXX
ANALYSIS_SESSION_TIME: 05-06-2020 14:39:39.0266
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
DPC_STACK_BASE: FFFFF8038E9FCFB0
LAST_CONTROL_TRANSFER: from fffff8038b799f69 to fffff8038b7893c0
STACK_TEXT:
fffff803`8e9fc718 fffff803`8b799f69 : 00000000`00000139 00000000`0000001e fffff803`8e9fca40 fffff803`8e9fc998 : nt!KeBugCheckEx
fffff803`8e9fc720 fffff803`8b79a310 : 00000000`00000000 ffff8507`24354370 ffff8507`24a0e000 fffff803`8b78fdab : nt!KiBugCheckDispatch+0x69
fffff803`8e9fc860 fffff803`8b798925 : 00000000`00000000 ffff8507`24bde000 ffff8507`24a5d800 fffff803`8b623078 : nt!KiFastFailDispatch+0xd0
fffff803`8e9fca40 fffff803`8b7a314d : ffff8507`2cc6d080 ffff8507`00000000 ffff8507`00000015 fffff803`8e9fcca8 : nt!KiRaiseSecurityCheckFailure+0x2e5
fffff803`8e9fcbd0 fffff803`8b69b3e3 : fffff803`8974b180 00000000`00000002 fffff803`00000000 00000175`00000001 : nt!KiDeferredReadyThread+0x12840d
fffff803`8e9fcc90 fffff803`8b69bd1e : fffff803`8974b180 ffff8507`2cc6d1f0 fffff803`8e9fce68 ffff8507`00000000 : nt!KiReadyThread+0x33
fffff803`8e9fccc0 fffff803`8b69cc8d : 00000000`00000000 00000000`00000000 00000000`00286978 fffff803`8974b180 : nt!KiProcessExpiredTimerList+0x27e
fffff803`8e9fcdb0 fffff803`8b790365 : 00000000`00000000 fffff803`8974b180 ffff8286`55608a80 fffff803`8bf39890 : nt!KiRetireDpcList+0x43d
fffff803`8e9fcfb0 fffff803`8b790170 : 00000000`00000000 fffff803`8bee6356 ffff8507`2e0a2700 00000000`0a23fe60 : nt!KxRetireDpcList+0x5
ffff8286`556089c0 fffff803`8b78faa5 : 00000000`09bdd918 fffff803`8b78b1d1 00000000`ffffffff ffff8507`2e0a2700 : nt!KiDispatchInterruptContinue
ffff8286`556089f0 fffff803`8b78b1d1 : 00000000`ffffffff ffff8507`2e0a2700 ffff8286`00000000 ffff8507`34701890 : nt!KiDpcInterruptBypass+0x25
ffff8286`55608a00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0xb1
THREAD_SHA1_HASH_MOD_FUNC: 153280be3df77d976d88771fbe16e1f2f8a7b37f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 536a7bc8cbbd2ddc7135b6f3fadef41d0a0bae49
THREAD_SHA1_HASH_MOD: dc844b1b94baa204d070855e43bbbd27eee98b94
FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff803`8b79a310 c644242000 mov byte ptr [rsp+20h],0
FAULT_INSTR_CODE: 202444c6
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiFastFailDispatch+d0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5e7ad045
IMAGE_VERSION: 10.0.16299.1776
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch
BUCKET_ID: 0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch
PRIMARY_PROBLEM_CLASS: 0x139_1e_INVALID_NEXT_THREAD_nt!KiFastFailDispatch
TARGET_TIME: 2020-05-06T18:50:16.000Z
OSBUILD: 16299
OSSERVICEPACK: 1776
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2020-03-24 22:30:13
BUILDDATESTAMP_STR: 180808-1748
BUILDLAB_STR: rs3_release_svc
BUILDOSVER_STR: 10.0.16299.637.amd64fre.rs3_release_svc.180808-1748
ANALYSIS_SESSION_ELAPSED_TIME: 378c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_1e_invalid_next_thread_nt!kifastfaildispatch
FAILURE_ID_HASH: {bef176cd-c482-4279-6644-552334c6dc54}
Followup: MachineOwner
---------