Çözüldü KERNEL_SECURITY_CHECK_FAILURE mavi ekran hatası

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001d, Type of memory safety violation
Arg2: ffff9d0734844120, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff9d0734844078, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202

SYSTEM_PRODUCT_NAME:  To Be Filled By O.E.M.

SYSTEM_SKU:  To Be Filled By O.E.M.

SYSTEM_VERSION:  To Be Filled By O.E.M.

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  P2.90

BIOS_DATE:  11/27/2019

BASEBOARD_MANUFACTURER:  ASRock

BASEBOARD_PRODUCT:  B450M Steel Legend

BASEBOARD_VERSION:                       

DUMP_TYPE:  2

BUGCHECK_P1: 1d

BUGCHECK_P2: ffff9d0734844120

BUGCHECK_P3: ffff9d0734844078

BUGCHECK_P4: 0

TRAP_FRAME:  ffff9d0734844120 -- (.trap 0xffff9d0734844120)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000001d
rdx=ffffca85d9451fe8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80457bfac3b rsp=ffff9d07348442b8 rbp=ffffca85d9451fe8
 r8=0000000000000000  r9=ffffca85d9498f00 r10=ffffca85d9498fe8
r11=ffffca85d9566fe8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!RtlRbRemoveNode+0x1b65fb:
fffff804`57bfac3b cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff9d0734844078 -- (.exr 0xffff9d0734844078)
ExceptionAddress: fffff80457bfac3b (nt!RtlRbRemoveNode+0x00000000001b65fb)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000000000001d
Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE

CPU_COUNT: c

CPU_MHZ: c80

CPU_VENDOR:  AuthenticAMD

CPU_FAMILY: 17

CPU_MODEL: 8

CPU_STEPPING: 2

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

BUGCHECK_STR:  0x139

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

DEFAULT_BUCKET_ID:  FAIL_FAST_INVALID_BALANCED_TREE

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  000000000000001d

ANALYSIS_SESSION_HOST:  DESKTOP-18V31A3

ANALYSIS_SESSION_TIME:  02-19-2020 17:50:42.0558

ANALYSIS_VERSION: 10.0.18362.1 x86fre

LAST_CONTROL_TRANSFER:  from fffff80457bd33e9 to fffff80457bc1510

STACK_TEXT: 
ffff9d07`34843df8 fffff804`57bd33e9 : 00000000`00000139 00000000`0000001d ffff9d07`34844120 ffff9d07`34844078 : nt!KeBugCheckEx
ffff9d07`34843e00 fffff804`57bd3810 : ffff9d07`34844050 fffff804`57a33353 ffffca85`00000000 ffffe10d`00000002 : nt!KiBugCheckDispatch+0x69
ffff9d07`34843f40 fffff804`57bd1ba5 : 00000000`00000080 ffffe10d`42010000 00000000`00000000 ffffffff`ffffffff : nt!KiFastFailDispatch+0xd0
ffff9d07`34844120 fffff804`57bfac3b : 00000000`00000216 ffffca85`d9451fe0 fffff804`57a42eb8 ffff9d07`34844349 : nt!KiRaiseSecurityCheckFailure+0x325
ffff9d07`348442b8 fffff804`57a42eb8 : ffff9d07`34844349 00000000`00000302 ffffca85`d9451fe0 ffffca85`d0600280 : nt!RtlRbRemoveNode+0x1b65fb
ffff9d07`348442d0 fffff804`57a42d79 : ffffca85`d0600280 00000000`00000000 00000000`00000002 00000000`00000000 : nt!RtlpHpVsChunkSplit+0x48
ffff9d07`348443a0 fffff804`57a32b18 : 00000000`00000216 00000000`00002140 00000000`00002140 ffffca85`d0600000 : nt!RtlpHpVsContextAllocateInternal+0x3c9
ffff9d07`34844410 fffff804`57d6f06d : 00000000`00000009 00000000`00000000 00000000`00000000 00000000`00002138 : nt!ExAllocateHeapPool+0x418
ffff9d07`34844550 fffff804`57a29cd0 : 00000000`00000000 00000000`00000009 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x5d
ffff9d07`348445a0 fffff804`5bdcaddd : 00000000`0006ca00 00000000`00000000 ffffe10d`63734943 00000000`00000000 : nt!ExAllocatePoolWithQuotaTag+0x60
ffff9d07`34844620 fffff804`5bdcfca9 : ffff9d07`34844a03 00000000`00000000 00000000`00000000 00000000`00002138 : CI!CiReadFile+0x81
ffff9d07`348446a0 fffff804`5bdd088f : 00000000`00000000 ffffca85`d9c7e010 ffffca85`d9c7e458 00000000`00000000 : CI!CipImageGetCertInfo+0xbd
ffff9d07`34844720 fffff804`5bdcf22d : ffffca85`d9c7e010 ffff9d07`34844a88 ffff9d07`00000000 00000000`00000000 : CI!CipGetEmbeddedSignatureAndFindFirstMatch+0xa7
ffff9d07`348447c0 fffff804`5bdce989 : ffffca85`d9c7e010 ffffe10d`4de4c650 ffffe10d`4dc0d440 fffff804`597b0000 : CI!CipValidatePageHash+0xfd
ffff9d07`348448b0 fffff804`5bdccc8b : ffff9d07`34844c8c 00000000`00000000 ffffe10d`4de4c650 00000000`00000000 : CI!CipValidateImageHash+0xed
ffff9d07`348449e0 fffff804`58083ea6 : ffff9d07`34844c20 fffff804`597b0000 00000000`0000000e fffff804`597b0000 : CI!CiValidateImageHeader+0x68b
ffff9d07`34844b60 fffff804`580839ca : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00001000 : nt!SeValidateImageHeader+0xd6
ffff9d07`34844c10 fffff804`580211da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`01000000 : nt!MiValidateSectionCreate+0x436
ffff9d07`34844e00 fffff804`57ffb261 : ffff9d07`34845130 ffff9d07`34844f60 00000000`40000000 ffff9d07`34845130 : nt!MiValidateSectionSigningPolicy+0xa6
ffff9d07`34844e60 fffff804`57fda950 : ffffe10d`4de4c650 ffff9d07`34845130 ffff9d07`34845130 00000000`00000000 : nt!MiCreateNewSection+0x5ad
ffff9d07`34844fc0 fffff804`57fdac54 : ffff9d07`34844ff0 ffffca85`ddf97d30 ffffe10d`4de4c650 00000000`00000000 : nt!MiCreateImageOrDataSection+0x2d0
ffff9d07`348450b0 fffff804`580323e7 : 00000000`01000000 ffff9d07`34845300 ffff9d07`348455b8 00000000`00000001 : nt!MiCreateSection+0xf4
ffff9d07`34845230 fffff804`5802f92e : 00000000`4dd13000 ffff9d07`34845360 00000000`00000000 00000000`00000000 : nt!MmCreateSpecialImageSection+0xbb
ffff9d07`348452e0 fffff804`57bd2e18 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000001 : nt!NtCreateUserProcess+0x54e
ffff9d07`34845a90 00007fff`6ee5d934 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000da`cdd7d198 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6ee5d934


THREAD_SHA1_HASH_MOD_FUNC:  51843617a146e15baf431938cef92475a9f18400

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  2e14aaf28e10ad536c77c0db4db7574c6dfc7ddd

THREAD_SHA1_HASH_MOD:  6a10a5e268d933cb393e5b28646c749afa252e07

FOLLOWUP_IP:
CI!CiReadFile+81
fffff804`5bdcaddd 488bf0          mov     rsi,rax

FAULT_INSTR_CODE:  48f08b48

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  CI!CiReadFile+81

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CI

IMAGE_NAME:  CI.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  10.0.18362.625

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  81

FAILURE_BUCKET_ID:  0x139_1d_INVALID_BALANCED_TREE_CI!CiReadFile

BUCKET_ID:  0x139_1d_INVALID_BALANCED_TREE_CI!CiReadFile

PRIMARY_PROBLEM_CLASS:  0x139_1d_INVALID_BALANCED_TREE_CI!CiReadFile

TARGET_TIME:  2020-02-14T23:35:33.000Z

OSBUILD:  18362

OSSERVICEPACK:  657

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2005-04-23 04:40:32

BUILDDATESTAMP_STR:  190318-1202

BUILDLAB_STR:  19h1_release

BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME:  4ff1

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_1d_invalid_balanced_tree_ci!cireadfile

FAILURE_ID_HASH:  {a76b7da8-4393-015c-c18c-922c1530998a}

Followup:     MachineOwner
---------

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff8a0c4282d3d0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff8a0c4282d328, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for BEDaisy.sys
*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202

SYSTEM_PRODUCT_NAME:  To Be Filled By O.E.M.

SYSTEM_SKU:  To Be Filled By O.E.M.

SYSTEM_VERSION:  To Be Filled By O.E.M.

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  P2.90

BIOS_DATE:  11/27/2019

BASEBOARD_MANUFACTURER:  ASRock

BASEBOARD_PRODUCT:  B450M Steel Legend

BASEBOARD_VERSION:                       

DUMP_TYPE:  2

BUGCHECK_P1: 3

BUGCHECK_P2: ffff8a0c4282d3d0

BUGCHECK_P3: ffff8a0c4282d328

BUGCHECK_P4: 0

TRAP_FRAME:  ffff8a0c4282d3d0 -- (.trap 0xffff8a0c4282d3d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff900d3a10f7e0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8063f648b10 rsp=ffff8a0c4282d560 rbp=ffff900d3a2ab040
 r8=0000000000000001  r9=0000000000000002 r10=ffff900d2deef800
r11=ffffde0022040180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
nt!KiExitDispatcher+0x160:
fffff806`3f648b10 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff8a0c4282d328 -- (.exr 0xffff8a0c4282d328)
ExceptionAddress: fffff8063f648b10 (nt!KiExitDispatcher+0x0000000000000160)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

CPU_COUNT: c

CPU_MHZ: c80

CPU_VENDOR:  AuthenticAMD

CPU_FAMILY: 17

CPU_MODEL: 8

CPU_STEPPING: 2

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

BUGCHECK_STR:  0x139

PROCESS_NAME:  System

CURRENT_IRQL:  2

DEFAULT_BUCKET_ID:  FAIL_FAST_CORRUPT_LIST_ENTRY

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

ANALYSIS_SESSION_HOST:  DESKTOP-18V31A3

ANALYSIS_SESSION_TIME:  02-19-2020 17:50:40.0480

ANALYSIS_VERSION: 10.0.18362.1 x86fre

LAST_CONTROL_TRANSFER:  from fffff8063f7d33e9 to fffff8063f7c1510

STACK_TEXT: 
ffff8a0c`4282d0a8 fffff806`3f7d33e9 : 00000000`00000139 00000000`00000003 ffff8a0c`4282d3d0 ffff8a0c`4282d328 : nt!KeBugCheckEx
ffff8a0c`4282d0b0 fffff806`3f7d3810 : 00000000`00000000 fffff806`3f64ae66 00000000`0000000a 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff8a0c`4282d1f0 fffff806`3f7d1ba5 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff8a0c`4282d540 : nt!KiFastFailDispatch+0xd0
ffff8a0c`4282d3d0 fffff806`3f648b10 : 00000000`00000000 ffff8a0c`4282d601 ffffde00`22040180 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x325
ffff8a0c`4282d560 fffff806`3f6a54cd : ffff900d`3a10f7d8 00000000`00000200 ffffde00`22040101 fffff806`3f96f06d : nt!KiExitDispatcher+0x160
ffff8a0c`4282d5c0 fffff806`9280fc64 : 00000000`00000700 ffff900d`3f4e1738 00000000`00000001 00000000`00000002 : nt!KeInsertQueueApc+0x14d
ffff8a0c`4282d660 00000000`00000700 : ffff900d`3f4e1738 00000000`00000001 00000000`00000002 00000000`00000000 : BEDaisy+0x2afc64
ffff8a0c`4282d668 ffff900d`3f4e1738 : 00000000`00000001 00000000`00000002 00000000`00000000 00000000`00000000 : 0x700
ffff8a0c`4282d670 00000000`00000001 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff900d`3f4e1738
ffff8a0c`4282d678 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1
ffff8a0c`4282d680 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`c0000001 : 0x2


THREAD_SHA1_HASH_MOD_FUNC:  b61d566806c3900e9d82f26f996154d545d8a932

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  fca4a2c9edc5b93556e4b2fb148f6720c6f965b3

THREAD_SHA1_HASH_MOD:  0079172978a7673b45090780b1c9d2221d299a5f

FOLLOWUP_IP:
BEDaisy+2afc64
fffff806`9280fc64 84c0            test    al,al

FAULT_INSTR_CODE:  e9c084

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  BEDaisy+2afc64

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: BEDaisy

IMAGE_NAME:  BEDaisy.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5dce5a59

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  2afc64

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function

BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function

PRIMARY_PROBLEM_CLASS:  0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function

TARGET_TIME:  2020-02-18T20:34:37.000Z

OSBUILD:  18362

OSSERVICEPACK:  657

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2005-04-23 04:40:32

BUILDDATESTAMP_STR:  190318-1202

BUILDLAB_STR:  19h1_release

BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME:  789c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_corrupt_list_entry_bedaisy!unknown_function

FAILURE_ID_HASH:  {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}

Followup:     MachineOwner
---------