none
WINDOWS 2012R2 数据中心版时不时蓝屏 RRS feed

  • 问题

  • 您好,我有一台2012R2数据中心版的服务器,运行一段时间后就会蓝屏,蓝屏代码如下

    .............................................................
    ................................................................
    ..................
    Loading User Symbols
    Loading unloaded module list
    ......
    For analysis of this file, run !analyze -v
    nt!KeBugCheckEx:
    fffff800`7fb581a0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffd001`c593a500=0000000000000139
    12: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffd001c593a820, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd001c593a778, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved

    Debugging Details:
    ------------------

    fffff8007fca9e58: Unable to get Flags value from nt!KdVersionBlock
    GetUlongPtrFromAddress: unable to read from fffff8007fd66310

    KEY_VALUES_STRING: 1

        Key  : Analysis.CPU.Sec
        Value: 2

        Key  : Analysis.DebugAnalysisProvider.CPP
        Value: Create: 8007007e on DESKTOP-0ACPT54

        Key  : Analysis.DebugData
        Value: CreateObject

        Key  : Analysis.DebugModel
        Value: CreateObject

        Key  : Analysis.Elapsed.Sec
        Value: 2

        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 61

        Key  : Analysis.System
        Value: CreateObject


    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump

    BUGCHECK_CODE:  139

    BUGCHECK_P1: 3

    BUGCHECK_P2: ffffd001c593a820

    BUGCHECK_P3: ffffd001c593a778

    BUGCHECK_P4: 0

    TRAP_FRAME:  ffffd001c593a820 -- (.trap 0xffffd001c593a820)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffe8008b687138 rbx=0000000000000000 rcx=0000000000000003
    rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8007faf3b75 rsp=ffffd001c593a9b0 rbp=ffffe001f19651f0
     r8=0000000000000102  r9=0000000000000000 r10=ffffd001c591f780
    r11=00000862c0dd346c r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na po nc
    nt!KiUnlinkWaitBlocks+0xa9:
    fffff800`7faf3b75 cd29            int     29h
    Resetting default scope

    EXCEPTION_RECORD:  ffffd001c593a778 -- (.exr 0xffffd001c593a778)
    ExceptionAddress: fffff8007faf3b75 (nt!KiUnlinkWaitBlocks+0x00000000000000a9)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY 

    CUSTOMER_CRASH_COUNT:  1

    PROCESS_NAME:  System

    ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

    EXCEPTION_CODE_STR:  c0000409

    EXCEPTION_PARAMETER1:  0000000000000003

    EXCEPTION_STR:  0xc0000409

    STACK_TEXT:  
    ffffd001`c593a4f8 fffff800`7fb68429 : 00000000`00000139 00000000`00000003 ffffd001`c593a820 ffffd001`c593a778 : nt!KeBugCheckEx
    ffffd001`c593a500 fffff800`7fb687d0 : 00000000`00000061 000000ff`fff00000 00000000`00000000 fffff800`a24be601 : nt!KiBugCheckDispatch+0x69
    ffffd001`c593a640 fffff800`7fb6715c : ffffd001`c593a850 ffffd001`c593a830 000000ff`04199329 fffff800`8019d6b5 : nt!KiFastFailDispatch+0xd0
    ffffd001`c593a820 fffff800`7faf3b75 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffd001`c591c180 : nt!KiRaiseSecurityCheckFailure+0x2dc
    ffffd001`c593a9b0 fffff800`7fa45eac : ffffe001`f1965080 ffffd001`c593aae0 00000000`00000000 00000000`00000000 : nt!KiUnlinkWaitBlocks+0xa9
    ffffd001`c593a9e0 fffff800`7fb5bf0a : ffffd001`c591c180 ffffd001`c591c180 ffffd001`c592f280 ffffe001`f3b98080 : nt!KiRetireDpcList+0x86c
    ffffd001`c593ac60 00000000`00000000 : ffffd001`c593b000 ffffd001`c5935000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a


    SYMBOL_NAME:  nt!KiFastFailDispatch+d0

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    IMAGE_VERSION:  6.3.9600.19101

    STACK_COMMAND:  .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET:  d0

    FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch

    OS_VERSION:  8.1.9600.19101

    BUILDLAB_STR:  winblue_ltsb_escrow

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 8.1

    FAILURE_ID_HASH:  {3aede96a-54dd-40d6-d4cb-2a161a843851}

    Followup:     MachineOwner
    ---------

    dmp文件链接如下:

    https://pan.baidu.com/s/1zfJflB_EsV2ckg-rn8bNeQ  

    麻烦分析下是什么原因导致,谢谢!!

    2019年10月31日 3:55

全部回复

  • 你好,

    根据您上传的信息,看到您似乎使用的是Symantec Endpoint Protection安全软件。

    在stack txt中显示nt!KiRaiseSecurityCheckFailure+0x2dc

    KERNEL_SECURITY_CHECK_FAILURE (139)

    请更新您的安全软件的版本查看。

    希望对您有帮助,如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年10月31日 8:50
  • 你好,

    请问问题又什么进展吗?如果有问题请随时回复。
    我正在建议有帮助的答复为 "答案"。如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年11月1日 7:58
  • 您好,

     

    请问您的问题是否解决?

     

    如果答复对您有帮助,请将其标记为答复,这样可以帮助其他社区成员快速找到答案。

     

    如果存在一些问题,请回复并告诉我们当前的情况,以便提供进一步的帮助。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年11月7日 2:25