Pertanyaan Recurring BSOD 0x139 KERNEL_SECURITY_CHECK_FAILURE di NETIO.SYS (analisis bugcheck dalam)


Deskripsi masalah

  • Saya telah mengalami beberapa intermiten 0x139 KERNEL_SECURITY_CHECK_FAILURE layar biru dengan parameter pertama 0x3 pada laptop Windows 8.1 saya, setiap 20 menit hingga satu jam. Kerusakan ini terjadi di NETIO.SYS, baik di NsiEnumerateObjectsAllParametersEx atau NsiGetParameterEx fungsi.

  • Sistem tampaknya berfungsi dengan benar di Safe Mode with Networking.

  • Saya memiliki beberapa crash dumps yang tersedia untuk diunduh sini, serta dump memori lengkap dari satu kecelakaan yang disimpan secara internal untuk analisis lebih lanjut.

Analisis 1: NsiEnumerateObjectsAllParametersEx minidump

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*E:\sysdebug\debug-symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\sysdebug\debug-symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17476.amd64fre.winblue_r5.141029-1500
Machine Name:
Kernel base = 0xfffff802`44e1f000 PsLoadedModuleList = 0xfffff802`450f8250
Debug session time: Fri Jan  2 16:52:43.919 2015 (UTC - 5:00)
System Uptime: 0 days 0:25:05.631
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
...........................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd000d8d4f1b0, ffffd000d8d4f108, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiEnumerateObjectsAllParametersEx+20d )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000d8d4f1b0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd000d8d4f108, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_FILE_ATTRIBUTES: 0xc
  Insufficient Dumpfile Size
  Kernel Generated Triage Dump

TRAP_FRAME:  ffffd000d8d4f1b0 -- (.trap 0xffffd000d8d4f1b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0019759fef0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe00194b53ef0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80110e5f30d rsp=ffffd000d8d4f340 rbp=ffffe00194b5ea20
 r8=0000000000000000  r9=0000000000000002 r10=ffffe0019635db50
r11=ffffe00192d21fbc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
ndis!ndisNsiEnumerateAllInterfaceInformation+0x25c0d:
fffff801`10e5f30d cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffffd000d8d4f108 -- (.exr 0xffffd000d8d4f108)
ExceptionAddress: fffff80110e5f30d (ndis!ndisNsiEnumerateAllInterfaceInformation+0x0000000000025c0d)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT

BUGCHECK_STR:  0x139

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1:  0000000000000003

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80244f7b5e9 to fffff80244f6faa0

STACK_TEXT:  
ffffd000`d8d4ee88 fffff802`44f7b5e9 : 00000000`00000139 00000000`00000003 ffffd000`d8d4f1b0 ffffd000`d8d4f108 : nt!KeBugCheckEx
ffffd000`d8d4ee90 fffff802`44f7b910 : ffff6bcf`07601f7c ffffd000`d8d4f278 ffffc001`d1bcd060 ffffe001`92d1c698 : nt!KiBugCheckDispatch+0x69
ffffd000`d8d4efd0 fffff802`44f7ab34 : 00000000`00000000 ffffe001`99965501 ffffd000`d8d4f3d4 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`d8d4f1b0 fffff801`10e5f30d : 00000000`ffffe001 00000000`00000000 ffffe001`94b5ea20 ffffe001`94b5eef0 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`d8d4f340 fffff801`10f4e308 : ffffd000`d8d4f580 00000000`00000000 ffffe001`92d1c002 00000000`00000008 : ndis!ndisNsiEnumerateAllInterfaceInformation+0x25c0d
ffffd000`d8d4f460 fffff801`11664fc1 : ffffe001`92d1c000 00000000`00000070 00000065`7450f270 ffffd000`d8d4f668 : NETIO!NsiEnumerateObjectsAllParametersEx+0x20d
ffffd000`d8d4f650 fffff801`11664bea : 00000000`00000000 ffffe001`99a432a0 ffffe001`99a431d0 00000000`00000000 : nsiproxy!NsippEnumerateObjectsAllParameters+0x201
ffffd000`d8d4f840 fffff802`452001ef : 00000000`00000000 ffffe001`99a431d0 ffffe001`99a431d0 00000000`00000001 : nsiproxy!NsippDispatch+0x5a
ffffd000`d8d4f880 fffff802`451ff78e : ffffd000`d8d4fa38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd000`d8d4fa20 fffff802`44f7b2b3 : ffffe001`999a4080 fffff6fb`001f0003 00000065`7450f0e8 fffff680`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`d8d4fa90 00007ffe`07350cba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000065`7450f168 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`07350cba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!NsiEnumerateObjectsAllParametersEx+20d
fffff801`10f4e308 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!NsiEnumerateObjectsAllParametersEx+20d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  546029c5

IMAGE_VERSION:  6.3.9600.17485

BUCKET_ID_FUNC_OFFSET:  20d

FAILURE_BUCKET_ID:  0x139_3_NETIO!NsiEnumerateObjectsAllParametersEx

BUCKET_ID:  0x139_3_NETIO!NsiEnumerateObjectsAllParametersEx

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_netio!nsienumerateobjectsallparametersex

FAILURE_ID_HASH:  {647902b7-14c2-326a-6aea-d9b7b6d3d895}

Followup: MachineOwner
---------

Output dari WhoCrashed Professional

Crash dump file:        E:\sysdebug\dumps\010215-8234-01.dmp
Date/time:              1/2/2015 4:20:01 PM GMT
Uptime:                 00:20:35
Machine:                DRAGON
Bug check name:         KERNEL_SECURITY_CHECK_FAILURE
Bug check code:         0x139
Bug check parm 1:       0x3
Bug check parm 2:       0xFFFFD0002E50A1B0
Bug check parm 3:       0xFFFFD0002E50A108
Bug check parm 4:       0x0
Probably caused by:     ndis.sys
Driver description:     Network Driver Interface Specification (NDIS)
Driver product:         Microsoft Windows Operating System
Driver company:         Microsoft Corporation
OS build:               Built by: 9600.17476.amd64fre.winblue_r5.141029-1500
Architecture:           x64 (64 bit)
CPU count:              8
Page size:              4096

Bug check description: 
The kernel has detected the corruption of a critical data structure.

Comments:

The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 

Analisis 2: NsiGetParameterEx dump memori lengkap

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*E:\sysdebug\debug-symbols*http://msdl.microsoft.com/download/symbols

Loading Dump File [E:\sysdebug\MEMORY.DMP]
Kernel Bitmap Dump File: Full address space is available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*E:\sysdebug\debug-symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*E:\sysdebug\debug-symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.17476.amd64fre.winblue_r5.141029-1500
Machine Name:
Kernel base = 0xfffff801`dde72000 PsLoadedModuleList = 0xfffff801`de14b250
Debug session time: Fri Jan  2 17:17:38.437 2015 (UTC - 5:00)
System Uptime: 0 days 0:22:01.150
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
................................................................
...................................
Loading unloaded module list
..............................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffffd001cb3d0310, ffffd001cb3d0268, 0}

Probably caused by : NETIO.SYS ( NETIO!NsiGetParameterEx+222 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd001cb3d0310, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd001cb3d0268, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


TRAP_FRAME:  ffffd001cb3d0310 -- (.trap 0xffffd001cb3d0310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00059100980 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe00055dbbef0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80084085a29 rsp=ffffd001cb3d04a0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000002 r10=ffffe000587d9040
r11=ffffe000591004b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
ndis!ndisNsiGetInterfaceInformation+0x22b49:
fffff800`84085a29 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffffd001cb3d0268 -- (.exr 0xffffd001cb3d0268)
ExceptionAddress: fffff80084085a29 (ndis!ndisNsiGetInterfaceInformation+0x0000000000022b49)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003

DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT

BUGCHECK_STR:  0x139

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1:  0000000000000003

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff801ddfce5e9 to fffff801ddfc2aa0

STACK_TEXT:  
ffffd001`cb3cffe8 fffff801`ddfce5e9 : 00000000`00000139 00000000`00000003 ffffd001`cb3d0310 ffffd001`cb3d0268 : nt!KeBugCheckEx
ffffd001`cb3cfff0 fffff801`ddfce910 : 00000000`00000000 ffffd001`00000001 ffffd001`cb3d01d8 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`cb3d0130 fffff801`ddfcdb34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd001`cb3d0310 fffff800`84085a29 : 00000000`fffff801 00000000`00000000 ffffd001`cb3d0610 00000000`00000004 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`cb3d04a0 fffff800`8417b572 : ffffd001`cb3d0610 ffffe000`5d2f1602 ffffe000`5d2f1700 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x22b49
ffffd001`cb3d0550 fffff800`851cda25 : 00000000`00000050 00000000`00000050 ffffe000`55dc2010 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd001`cb3d06b0 fffff800`851cdbe3 : 00000000`00000000 ffffe000`54a3c6b0 ffffe000`54a3c5e0 00000000`00000000 : nsiproxy!NsippGetParameter+0x195
ffffd001`cb3d0840 fffff801`de2531ef : 00000000`00000000 ffffe000`54a3c5e0 ffffe000`54a3c5e0 00000000`00000001 : nsiproxy!NsippDispatch+0x53
ffffd001`cb3d0880 fffff801`de25278e : ffffd001`cb3d0a38 00007fff`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd001`cb3d0a20 fffff801`ddfce2b3 : ffffe000`5a9ba080 000000d2`001f0003 000000d2`37e5ea98 fffff801`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd001`cb3d0a90 00007fff`3ef90cba : 00007fff`3eef15f5 00000000`00000004 000000d2`37e5eba1 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000d2`37e5eb18 00007fff`3eef15f5 : 00000000`00000004 000000d2`37e5eba1 00000000`00000000 00000000`00000000 : ntdll!NtDeviceIoControlFile+0xa
000000d2`37e5eb20 00007fff`3b245e0a : 00000000`00000001 000000d2`39ca0990 00000000`00000000 00000000`00000000 : NSI!NsiGetParameter+0xf5
000000d2`37e5ebe0 00007fff`3b245b86 : 00000000`00000001 00007fff`00000000 00000000`00000000 000000d2`37e5ecb0 : DNSAPI!IsInterfaceConnected+0x4e
000000d2`37e5ec40 00007fff`3b2464bf : 00000000`00000000 000000d2`00000007 00000000`00000000 000000d2`39c307f0 : DNSAPI!DnsUpdateMachinePresence+0x106
000000d2`37e5ed10 00007fff`3b24613d : 000000d2`3742eb50 000000d2`37e5f9a0 00000000`00000000 00000000`00000000 : DNSAPI!Query_InProcess+0xf9
000000d2`37e5ed40 00007fff`3b245fcc : 00000000`00000000 000000d2`37e5ee90 000000d2`39c307f0 000000d2`37e5fa18 : DNSAPI!InProc_InitiateQuery+0x15c
000000d2`37e5ed90 00007fff`3b243c3d : 00000000`00000000 00000008`00000002 00000000`00000000 00000000`00000001 : DNSAPI!Query_PrivateExW+0x961
000000d2`37e5f940 00007fff`3b244389 : 00003195`00000001 00001000`00440668 00000000`000000ff 000000d2`39c307f0 : DNSAPI!Query_Shim+0xd5
000000d2`37e5fa10 00007fff`34facfc4 : 00000000`00000010 000000d2`37e5f968 00000000`00000000 00000000`00010004 : DNSAPI!DnsQuery_W+0x39
000000d2`37e5fa60 00007fff`34fad037 : 000000d2`39c01f50 00000000`00000000 00000000`80000000 00000000`00000000 : dnsrslvr!Mcast_VerifyName+0x70
000000d2`37e5fab0 00007fff`34fad22e : 00000000`00000000 00007fff`34facf1e 00000000`00000000 00007fff`3c46158a : dnsrslvr!Mcast_VerifyEx+0x102
000000d2`37e5fd30 00007fff`34fad17b : 00000000`ffffffff 00000000`00000000 00000000`00000001 00000000`00000001 : dnsrslvr!Mcast_Verify+0x8e
000000d2`37e5fd80 00007fff`3edb13d2 : 00007fff`34faccc0 00000000`00000000 00000000`00000000 00000000`00000000 : dnsrslvr!Mcast_Thread+0x186
000000d2`37e5fdf0 00007fff`3ef703c4 : 00007fff`3edb13b0 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x22
000000d2`37e5fe20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!NsiGetParameterEx+222
fffff800`8417b572 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  NETIO!NsiGetParameterEx+222

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  546029c5

BUCKET_ID_FUNC_OFFSET:  222

FAILURE_BUCKET_ID:  0x139_3_NETIO!NsiGetParameterEx

BUCKET_ID:  0x139_3_NETIO!NsiGetParameterEx

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_netio!nsigetparameterex

FAILURE_ID_HASH:  {863902cf-27d7-671f-3d7f-44a47e15711d}

Followup: MachineOwner
---------

Output dari WhoCrashed Professional

Crash dump file:        E:\sysdebug\dumps\MEMORY.DMP
Date/time:              1/2/2015 10:17:38 PM GMT
Uptime:                 00:22:01
Machine:                DRAGON
Bug check name:         KERNEL_SECURITY_CHECK_FAILURE
Bug check code:         0x139
Bug check parm 1:       0x3
Bug check parm 2:       0xFFFFD001CB3D0310
Bug check parm 3:       0xFFFFD001CB3D0268
Bug check parm 4:       0x0
Probably caused by:     ntdll.sys
Driver description:     
Driver product:         
Driver company:         
OS build:               Built by: 9600.17476.amd64fre.winblue_r5.141029-1500
Architecture:           x64 (64 bit)
CPU count:              8
Page size:              4096

Bug check description: 
The kernel has detected the corruption of a critical data structure.

Comments:

A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntdll.sys . 

5
2018-01-02 23:23


asal


driver LAN Relteak Anda Rt630x64.sys sudah tua (dari 2013). Buat pembaruan dan juga hapus Norton Security dan lihat apakah Anda masih mengalami crash. - magicandre1981
Sudah mencoba menghapus Norton Security. - bwDraco
apakah Anda sudah mencoba driver yang lebih baru? - magicandre1981
Saya belum memperbarui driver LAN. Driver WiFi telah diupdate beberapa kali tanpa hasil. - bwDraco


Jawaban:


Seperti ini adalah bug di Windows 8.1 / 2012 R2. Microsoft memperbaiki masalah ini melalui Hotfix KB3055343

Klik pada Hotfix Download Available tautan, isi alamat email Anda, minta perbaikan melalui email dan pasang untuk menyelesaikan masalah.


3
2018-03-25 17:48



Sepertinya saya mengalami masalah yang sama, jejak dmp identik. - Iris Classon
@IrisClasson Hai Iris. Salin Memory.dmp dari C: \ Windows ke desktop Anda, zip dmp, unggah zip ke OneDrive dan tulis surat ke penulis blog (klik "reach out" di bagian akhir blog) yang menyertakan tautan ke tempat pembuangan sampah. Mungkin ini membantu Microsoft untuk memperbaiki masalah ini. - magicandre1981
@IrisClasson Microsoft merilis perbaikan terbaru untuk menyelesaikan masalah ini. Saya memposting langkah-langkah untuk meminta hotfix melalui email - magicandre1981


Perbaikan-pemasangan (pembaruan di tempat ke versi yang sama) memecahkan masalah. Saya belum pernah mengalami crash semacam ini lagi sejak, meskipun pekerjaan yang luas diperlukan untuk membawa sistem ini kembali up to date.

Saya tidak pernah bisa menentukan penyebab pasti dari crash.


0
2018-01-03 17:51