3
Windows 10 - KERNEL SECURITY CHECK FAILURE
Hallo zusammen,
ich bekomme an einem Notebook (DELL Inspiron 5770) mit Windows 10 22H2 einen Bluescreen.
Der bluescreen kommt sporadisch und er lässt sich nicht reproduzieren. Was habe ich bisher gemacht:
- Aktualisierung aller Treiber von der Dell Seite + BIOS
- Installation aller Windows Updates
- Memtest
- Festplattentest
- chkdsk
- sfc /scannow
- Dism /Online /Cleanup-Image /CheckHealth
- Dism /Online /Cleanup-Image /ScanHealth
- Dism /Online /Cleanup-Image /RestoreHealth
Bisher alles ohne Ergebnis.
Hier der Auszug aus dem Minidump (Daraus werde ich leider nicht schlau):
*
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff684d5546c00, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff684d5546b58, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3702
Key : Analysis.Elapsed.mSec
Value: 4052
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 4390
Key : Analysis.Init.Elapsed.mSec
Value: 59879
Key : Analysis.Memory.CommitPeak.Mb
Value: 91
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
Key : Failure.Hash
Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffff684d5546c00
BUGCHECK_P3: fffff684d5546b58
BUGCHECK_P4: 0
FILE_IN_CAB: 072923-13765-01.dmp
TRAP_FRAME: fffff684d5546c00 -- (.trap 0xfffff684d5546c00)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffdb0b8cec5c10 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff684d5546e90 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8052dc06f28 rsp=fffff684d5546d90 rbp=ffffdb0b88813e10
r8=ffffdb0b88813ef0 r9=000000000000001a r10=ffffdb0b8504b000
r11=ffffdb0b8504b000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!CmpDelayDerefKeyControlBlock+0x19449c:
fffff805`2dc06f28 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff684d5546b58 -- (.exr 0xfffff684d5546b58)
ExceptionAddress: fffff8052dc06f28 (nt!CmpDelayDerefKeyControlBlock+0x000000000019449c)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Registry
ERROR_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den berlauf eines stapelbasierten Puffers ermittelt. Dieser berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu bernehmen.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff684`d55468d8 fffff805`2d810129 : 00000000`00000139 00000000`00000003 fffff684`d5546c00 fffff684`d5546b58 : nt!KeBugCheckEx
fffff684`d55468e0 fffff805`2d810690 : ffffdb0b`8d1dbb60 00000000`00000000 00000000`00000000 ffffdb0b`9a5eed68 : nt!KiBugCheckDispatch+0x69
fffff684`d5546a20 fffff805`2d80e65d : ffffdb0b`00000000 00000000`00000001 00000000`00001000 01800150`624e4d43 : nt!KiFastFailDispatch+0xd0
fffff684`d5546c00 fffff805`2dc06f28 : ffffdb0b`a18b23c0 fffff805`2db01b70 ffffdb0b`00000000 fffff805`00000000 : nt!KiRaiseSecurityCheckFailure+0x31d
fffff684`d5546d90 fffff805`2da729fa : ffffdb0b`a18b23c0 fffff684`d5546e90 ffffdb0b`8504b000 ffffdb0b`a18b23c0 : nt!CmpDelayDerefKeyControlBlock+0x19449c
fffff684`d5546dd0 fffff805`2da82c9c : ffffdb0b`a18b23c0 ffffdb0b`a18b2301 fffff684`d5546e90 00000000`00000000 : nt!CmpCleanUpKcbCacheWithLock+0x96
fffff684`d5546e00 fffff805`2d62730b : 00000000`132b5698 ffffdb0b`a18b23c0 00000000`00000001 fffff684`d5546e90 : nt!CmpDereferenceKeyControlBlockWithLock+0x94
fffff684`d5546e30 fffff805`2daa3734 : ffffdb0b`8cdac770 ffffdb0b`a17f0000 00000000`00000200 ffffdb0b`a17f1018 : nt!CmpDrainDelayDerefContext+0x9b
fffff684`d5546e70 fffff805`2daa3525 : 00000000`00000000 00000000`00040000 fffff684`d5547000 fffff684`d5546f10 : nt!CmpCleanUpKCBCacheTable+0xec
fffff684`d5546f00 fffff805`2daa34a5 : 00000000`00040000 fffff684`d5547039 ffffdb0b`8d01d940 00000000`00000006 : nt!CmpEnumerateAllOpenSubKeys+0x35
fffff684`d5546f40 fffff805`2daa25c6 : 00000000`00040000 fffff684`d5547039 ffffdb0b`8d01d940 00000000`00000006 : nt!CmpDoesKeyHaveOpenSubkeys+0x25
fffff684`d5546f90 fffff805`2daa236b : fffff684`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpPerformUnloadKey+0x14a
fffff684`d55470a0 fffff805`2daa0bf1 : ffffa58a`00000000 00000000`00000000 ffffa58a`1c9cb570 00000000`67655256 : nt!CmUnloadKey+0x42f
fffff684`d5547340 fffff805`2d80f8f5 : 00000000`00000003 ffffdb0b`883e04c0 00000000`00000000 00000000`00000001 : nt!NtUnloadKey+0x11
fffff684`d5547370 fffff805`2d800ca0 : fffff805`2d9d372d ffffdb0b`00000002 ffffdb0b`00000000 fffff684`d55475a0 : nt!KiSystemServiceCopyEnd+0x25
fffff684`d5547508 fffff805`2d9d372d : ffffdb0b`00000002 ffffdb0b`00000000 fffff684`d55475a0 fffff684`d55475a0 : nt!KiServiceLinkage
fffff684`d5547510 fffff805`2d9d35d3 : ffffdb0b`a1234f70 fffff684`d5547640 ffffdb0b`9a578900 ffffdb0b`a4f9f340 : nt!VrpUnloadDifferencingHive+0x135
fffff684`d5547580 fffff805`2d9d09dd : 00000000`00000000 00000000`00000008 ffffa589`f6e07480 00000001`00000060 : nt!VrpCleanupNamespace+0x8f
fffff684`d55475c0 fffff805`2d9d0b5f : 00000000`00000000 ffffa58a`1c9cb640 ffffa58a`1c9cb570 ffffa58a`33881080 : nt!VrpHandleIoctlUnloadDynamicallyLoadedHives+0x111
fffff684`d5547650 fffff805`2d6113a5 : 00000000`00000002 00000000`00000000 00000000`00000000 ffffa58a`1c9cb570 : nt!VrpIoctlDeviceDispatch+0x12f
fffff684`d5547700 fffff805`2da1121c : 00000000`00000001 ffffa58a`1c9cb640 ffffa58a`208865d0 ffffa58a`1562b0c0 : nt!IofCallDriver+0x55
fffff684`d5547740 fffff805`2da10e71 : ffffa58a`1c9cb640 fffff684`d5547a80 00000000`00010005 ffffa58a`1c9cb640 : nt!IopSynchronousServiceTail+0x34c
fffff684`d55477e0 fffff805`2da101e6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc71
fffff684`d5547920 fffff805`2d80f8f5 : 00000000`00001d20 00000061`6cbfed08 fffff684`d55479a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff684`d5547990 00007ffc`0256d0c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000061`6cbfedf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`0256d0c4
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3208
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
Vielleicht könnt ihr mir noch einen Tipp geben.
Vielen Dank!
ich bekomme an einem Notebook (DELL Inspiron 5770) mit Windows 10 22H2 einen Bluescreen.
Der bluescreen kommt sporadisch und er lässt sich nicht reproduzieren. Was habe ich bisher gemacht:
- Aktualisierung aller Treiber von der Dell Seite + BIOS
- Installation aller Windows Updates
- Memtest
- Festplattentest
- chkdsk
- sfc /scannow
- Dism /Online /Cleanup-Image /CheckHealth
- Dism /Online /Cleanup-Image /ScanHealth
- Dism /Online /Cleanup-Image /RestoreHealth
Bisher alles ohne Ergebnis.
Hier der Auszug aus dem Minidump (Daraus werde ich leider nicht schlau):
*
- *
- Bugcheck Analysis *
- *
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff684d5546c00, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff684d5546b58, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3702
Key : Analysis.Elapsed.mSec
Value: 4052
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 4390
Key : Analysis.Init.Elapsed.mSec
Value: 59879
Key : Analysis.Memory.CommitPeak.Mb
Value: 91
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
Key : Failure.Hash
Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffff684d5546c00
BUGCHECK_P3: fffff684d5546b58
BUGCHECK_P4: 0
FILE_IN_CAB: 072923-13765-01.dmp
TRAP_FRAME: fffff684d5546c00 -- (.trap 0xfffff684d5546c00)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffdb0b8cec5c10 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff684d5546e90 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8052dc06f28 rsp=fffff684d5546d90 rbp=ffffdb0b88813e10
r8=ffffdb0b88813ef0 r9=000000000000001a r10=ffffdb0b8504b000
r11=ffffdb0b8504b000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!CmpDelayDerefKeyControlBlock+0x19449c:
fffff805`2dc06f28 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff684d5546b58 -- (.exr 0xfffff684d5546b58)
ExceptionAddress: fffff8052dc06f28 (nt!CmpDelayDerefKeyControlBlock+0x000000000019449c)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: Registry
ERROR_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den berlauf eines stapelbasierten Puffers ermittelt. Dieser berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu bernehmen.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff684`d55468d8 fffff805`2d810129 : 00000000`00000139 00000000`00000003 fffff684`d5546c00 fffff684`d5546b58 : nt!KeBugCheckEx
fffff684`d55468e0 fffff805`2d810690 : ffffdb0b`8d1dbb60 00000000`00000000 00000000`00000000 ffffdb0b`9a5eed68 : nt!KiBugCheckDispatch+0x69
fffff684`d5546a20 fffff805`2d80e65d : ffffdb0b`00000000 00000000`00000001 00000000`00001000 01800150`624e4d43 : nt!KiFastFailDispatch+0xd0
fffff684`d5546c00 fffff805`2dc06f28 : ffffdb0b`a18b23c0 fffff805`2db01b70 ffffdb0b`00000000 fffff805`00000000 : nt!KiRaiseSecurityCheckFailure+0x31d
fffff684`d5546d90 fffff805`2da729fa : ffffdb0b`a18b23c0 fffff684`d5546e90 ffffdb0b`8504b000 ffffdb0b`a18b23c0 : nt!CmpDelayDerefKeyControlBlock+0x19449c
fffff684`d5546dd0 fffff805`2da82c9c : ffffdb0b`a18b23c0 ffffdb0b`a18b2301 fffff684`d5546e90 00000000`00000000 : nt!CmpCleanUpKcbCacheWithLock+0x96
fffff684`d5546e00 fffff805`2d62730b : 00000000`132b5698 ffffdb0b`a18b23c0 00000000`00000001 fffff684`d5546e90 : nt!CmpDereferenceKeyControlBlockWithLock+0x94
fffff684`d5546e30 fffff805`2daa3734 : ffffdb0b`8cdac770 ffffdb0b`a17f0000 00000000`00000200 ffffdb0b`a17f1018 : nt!CmpDrainDelayDerefContext+0x9b
fffff684`d5546e70 fffff805`2daa3525 : 00000000`00000000 00000000`00040000 fffff684`d5547000 fffff684`d5546f10 : nt!CmpCleanUpKCBCacheTable+0xec
fffff684`d5546f00 fffff805`2daa34a5 : 00000000`00040000 fffff684`d5547039 ffffdb0b`8d01d940 00000000`00000006 : nt!CmpEnumerateAllOpenSubKeys+0x35
fffff684`d5546f40 fffff805`2daa25c6 : 00000000`00040000 fffff684`d5547039 ffffdb0b`8d01d940 00000000`00000006 : nt!CmpDoesKeyHaveOpenSubkeys+0x25
fffff684`d5546f90 fffff805`2daa236b : fffff684`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpPerformUnloadKey+0x14a
fffff684`d55470a0 fffff805`2daa0bf1 : ffffa58a`00000000 00000000`00000000 ffffa58a`1c9cb570 00000000`67655256 : nt!CmUnloadKey+0x42f
fffff684`d5547340 fffff805`2d80f8f5 : 00000000`00000003 ffffdb0b`883e04c0 00000000`00000000 00000000`00000001 : nt!NtUnloadKey+0x11
fffff684`d5547370 fffff805`2d800ca0 : fffff805`2d9d372d ffffdb0b`00000002 ffffdb0b`00000000 fffff684`d55475a0 : nt!KiSystemServiceCopyEnd+0x25
fffff684`d5547508 fffff805`2d9d372d : ffffdb0b`00000002 ffffdb0b`00000000 fffff684`d55475a0 fffff684`d55475a0 : nt!KiServiceLinkage
fffff684`d5547510 fffff805`2d9d35d3 : ffffdb0b`a1234f70 fffff684`d5547640 ffffdb0b`9a578900 ffffdb0b`a4f9f340 : nt!VrpUnloadDifferencingHive+0x135
fffff684`d5547580 fffff805`2d9d09dd : 00000000`00000000 00000000`00000008 ffffa589`f6e07480 00000001`00000060 : nt!VrpCleanupNamespace+0x8f
fffff684`d55475c0 fffff805`2d9d0b5f : 00000000`00000000 ffffa58a`1c9cb640 ffffa58a`1c9cb570 ffffa58a`33881080 : nt!VrpHandleIoctlUnloadDynamicallyLoadedHives+0x111
fffff684`d5547650 fffff805`2d6113a5 : 00000000`00000002 00000000`00000000 00000000`00000000 ffffa58a`1c9cb570 : nt!VrpIoctlDeviceDispatch+0x12f
fffff684`d5547700 fffff805`2da1121c : 00000000`00000001 ffffa58a`1c9cb640 ffffa58a`208865d0 ffffa58a`1562b0c0 : nt!IofCallDriver+0x55
fffff684`d5547740 fffff805`2da10e71 : ffffa58a`1c9cb640 fffff684`d5547a80 00000000`00010005 ffffa58a`1c9cb640 : nt!IopSynchronousServiceTail+0x34c
fffff684`d55477e0 fffff805`2da101e6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc71
fffff684`d5547920 fffff805`2d80f8f5 : 00000000`00001d20 00000061`6cbfed08 fffff684`d55479a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff684`d5547990 00007ffc`0256d0c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000061`6cbfedf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`0256d0c4
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3208
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
Vielleicht könnt ihr mir noch einen Tipp geben.
Vielen Dank!
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 12587843451
Url: https://administrator.de/contentid/12587843451
Printed on: May 9, 2024 at 18:05 o'clock
3 Comments
Latest comment
Hallo,
mal einen anderen RAM-Riegel eingebaut und getestet?
cya
mal einen anderen RAM-Riegel eingebaut und getestet?
cya
Lass Mal Memtest durchlaufen
Guten Morgen,
Memtest habe ich bereits mehrere Stunden laufen lassen, alles i.O.
Kann mir einer Sagen, was das Problem auslöst? Vielleicht ein Treiber? Kann den Dump ehrlich gesagt nicht genau lesen.
Viele Grüße
Memtest habe ich bereits mehrere Stunden laufen lassen, alles i.O.
Kann mir einer Sagen, was das Problem auslöst? Vielleicht ein Treiber? Kann den Dump ehrlich gesagt nicht genau lesen.
Viele Grüße
