- Aug 12, 2023
- 2
- 0
- 10
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff88d7e0aead0, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff88d7e0aea28, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff88d7e0aead0, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff88d7e0aea28, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1780
Key : Analysis.Elapsed.mSec
Value: 2015
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 155
Key : Analysis.Init.Elapsed.mSec
Value: 2050
Key : Analysis.Memory.CommitPeak.Mb
Value: 107
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1000
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 100
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
Key : Failure.Hash
Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Key : Hypervisor.Enlightenments.Value
Value: 0
Key : Hypervisor.Enlightenments.ValueHex
Value: 0
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 0
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 0
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 16908288
Key : Hypervisor.Flags.ValueHex
Value: 1020000
Key : Hypervisor.Flags.VpAssistPage
Value: 0
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0
Key : SecureKernel.HalpHvciEnabled
Value: 0
Key : WER.OS.Branch
Value: ni_release_svc_prod3
Key : WER.OS.Version
Value: 10.0.22621.1928
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffff88d7e0aead0
BUGCHECK_P3: fffff88d7e0aea28
BUGCHECK_P4: 0
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
TRAP_FRAME: fffff88d7e0aead0 -- (.trap 0xfffff88d7e0aead0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00069d1ac30 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff88d7e0aed60 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8005acca86f rsp=fffff88d7e0aec60 rbp=ffffe00079219a40
r8=ffffe00079219b20 r9=ffffe0007e344000 r10=00000000ffffffff
r11=0000000000013400 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!CmpDelayDerefKeyControlBlock+0x211daf:
fffff800`5acca86f cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff88d7e0aea28 -- (.exr 0xfffff88d7e0aea28)
ExceptionAddress: fffff8005acca86f (nt!CmpDelayDerefKeyControlBlock+0x0000000000211daf)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: Registry
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff88d`7e0ae7a8 fffff800`5a8468a9 : 00000000`00000139 00000000`00000003 fffff88d`7e0aead0 fffff88d`7e0aea28 : nt!KeBugCheckEx
fffff88d`7e0ae7b0 fffff800`5a846e32 : 00000000`00000000 0000001b`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff88d`7e0ae8f0 fffff800`5a844c06 : ffffe000`5ba00380 ffffe000`5ba000ff fffff800`5a400000 ffffe000`00000000 : nt!KiFastFailDispatch+0xb2
fffff88d`7e0aead0 fffff800`5acca86f : ffffe000`79219a40 ffffe000`7e344000 ffffe000`7e535770 fffff800`5abed980 : nt!KiRaiseSecurityCheckFailure+0x346
fffff88d`7e0aec60 fffff800`5aab8a2f : ffffe000`696c4d43 ffffe000`7980a8c0 fffff88d`00000003 00000000`00000050 : nt!CmpDelayDerefKeyControlBlock+0x211daf
fffff88d`7e0aeca0 fffff800`5aab5d60 : ffffe000`7e344000 ffffe000`7980a8c0 ffffe000`7980a8c0 00000000`00000001 : nt!CmpCleanUpKcbCacheWithLock+0xff
fffff88d`7e0aecd0 fffff800`5a61e0bb : 00000000`132b5698 00000000`00000001 00000000`00000001 ffffe000`79808160 : nt!CmpDereferenceKeyControlBlockWithLock+0x8c
fffff88d`7e0aed00 fffff800`5aaeef75 : ffffe000`79808160 ffffe000`7ccbd000 00000000`00000200 00000000`000000ab : nt!CmpDrainDelayDerefContext+0x9b
fffff88d`7e0aed40 fffff800`5aaeec11 : ffff800c`d82d4ab0 00000000`00040000 fffff88d`7e0aef00 fffff88d`7e0aede0 : nt!CmpCleanUpKCBCacheTable+0xe1
fffff88d`7e0aedd0 fffff800`5aaeebc5 : 00000000`00040000 fffff88d`7e0aef09 ffffe000`792646c0 00000000`00000006 : nt!CmpEnumerateAllOpenSubKeys+0x35
fffff88d`7e0aee10 fffff800`5aaed879 : 00000000`00040000 fffff88d`7e0aef09 ffffe000`792646c0 00000000`00000006 : nt!CmpDoesKeyHaveOpenSubkeys+0x25
fffff88d`7e0aee60 fffff800`5aaed5a7 : 00000000`00000000 00000000`00000000 fffff88d`7e0af2e0 00000000`00000001 : nt!CmpPerformUnloadKey+0x14d
fffff88d`7e0aef70 fffff800`5aaed049 : ffffffff`ffffffff ffffe000`7d55f001 00000000`00000000 ffffe000`5ba00000 : nt!CmUnloadKey+0x437
fffff88d`7e0af220 fffff800`5a845fe5 : 00000000`00000000 fffff800`5a7324e9 ffffe000`5ba00380 ffffe000`5ba000ff : nt!NtUnloadKey+0x29
fffff88d`7e0af260 fffff800`5a836ae0 : fffff800`5ab6e6b5 ffffe000`77e1f2b8 ffffffff`ffffffff ffff800c`d630f7a0 : nt!KiSystemServiceCopyEnd+0x25
fffff88d`7e0af3f8 fffff800`5ab6e6b5 : ffffe000`77e1f2b8 ffffffff`ffffffff ffff800c`d630f7a0 ffffe000`77e1f2a0 : nt!KiServiceLinkage
fffff88d`7e0af400 fffff800`5ab6e593 : ffffe000`73377670 fffff88d`7e0af530 00000000`00000011 00000000`000000a0 : nt!VrpUnloadDifferencingHive+0xf5
fffff88d`7e0af470 fffff800`5ab6de65 : 00000000`00000000 ffffffff`ffffffff ffff800c`be4db250 00000000`00000000 : nt!VrpCleanupNamespace+0xa7
fffff88d`7e0af4b0 fffff800`5ab6f99d : 00000000`00000000 ffff800c`be4db250 0000009f`24db9000 ffffe000`73377670 : nt!VrpHandleIoctlUnloadDynamicallyLoadedHives+0x15d
fffff88d`7e0af560 fffff800`5a61f5f5 : ffff800c`be4db180 fffff800`5aac7637 00000000`00000002 ffff800c`caf6fc20 : nt!VrpIoctlDeviceDispatch+0x11d
fffff88d`7e0af610 fffff800`5aac5200 : ffff800c`be4db180 fffff88d`7e0af6b1 ffff800c`d7593470 ffff800c`d7593470 : nt!IofCallDriver+0x55
fffff88d`7e0af650 fffff800`5aac6c37 : ffff800c`be4db180 00000000`00000001 fffff88d`7e0afa05 ffff800c`d7593470 : nt!IopSynchronousServiceTail+0x1d0
fffff88d`7e0af700 fffff800`5aac6516 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x707
fffff88d`7e0af900 fffff800`5a845fe5 : 00007fff`5ef2986d 00007fff`635de0d0 00000000`00000000 00007fff`635dea90 : nt!NtDeviceIoControlFile+0x56
fffff88d`7e0af970 00007fff`923eee34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000009f`26d7ee88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`923eee34
SYMBOL_NAME: nt!KiFastFailDispatch+b2
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: b2
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.22621.1928
BUILDLAB_STR: ni_release_svc_prod3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
---------
Key : Analysis.CPU.mSec
Value: 1780
Key : Analysis.Elapsed.mSec
Value: 2015
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 155
Key : Analysis.Init.Elapsed.mSec
Value: 2050
Key : Analysis.Memory.CommitPeak.Mb
Value: 107
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1000
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 100
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : Failure.Bucket
Value: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
Key : Failure.Hash
Value: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Key : Hypervisor.Enlightenments.Value
Value: 0
Key : Hypervisor.Enlightenments.ValueHex
Value: 0
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 0
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 0
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 16908288
Key : Hypervisor.Flags.ValueHex
Value: 1020000
Key : Hypervisor.Flags.VpAssistPage
Value: 0
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0
Key : SecureKernel.HalpHvciEnabled
Value: 0
Key : WER.OS.Branch
Value: ni_release_svc_prod3
Key : WER.OS.Version
Value: 10.0.22621.1928
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffff88d7e0aead0
BUGCHECK_P3: fffff88d7e0aea28
BUGCHECK_P4: 0
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
TRAP_FRAME: fffff88d7e0aead0 -- (.trap 0xfffff88d7e0aead0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe00069d1ac30 rbx=0000000000000000 rcx=0000000000000003
rdx=fffff88d7e0aed60 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8005acca86f rsp=fffff88d7e0aec60 rbp=ffffe00079219a40
r8=ffffe00079219b20 r9=ffffe0007e344000 r10=00000000ffffffff
r11=0000000000013400 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!CmpDelayDerefKeyControlBlock+0x211daf:
fffff800`5acca86f cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff88d7e0aea28 -- (.exr 0xfffff88d7e0aea28)
ExceptionAddress: fffff8005acca86f (nt!CmpDelayDerefKeyControlBlock+0x0000000000211daf)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: Registry
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff88d`7e0ae7a8 fffff800`5a8468a9 : 00000000`00000139 00000000`00000003 fffff88d`7e0aead0 fffff88d`7e0aea28 : nt!KeBugCheckEx
fffff88d`7e0ae7b0 fffff800`5a846e32 : 00000000`00000000 0000001b`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff88d`7e0ae8f0 fffff800`5a844c06 : ffffe000`5ba00380 ffffe000`5ba000ff fffff800`5a400000 ffffe000`00000000 : nt!KiFastFailDispatch+0xb2
fffff88d`7e0aead0 fffff800`5acca86f : ffffe000`79219a40 ffffe000`7e344000 ffffe000`7e535770 fffff800`5abed980 : nt!KiRaiseSecurityCheckFailure+0x346
fffff88d`7e0aec60 fffff800`5aab8a2f : ffffe000`696c4d43 ffffe000`7980a8c0 fffff88d`00000003 00000000`00000050 : nt!CmpDelayDerefKeyControlBlock+0x211daf
fffff88d`7e0aeca0 fffff800`5aab5d60 : ffffe000`7e344000 ffffe000`7980a8c0 ffffe000`7980a8c0 00000000`00000001 : nt!CmpCleanUpKcbCacheWithLock+0xff
fffff88d`7e0aecd0 fffff800`5a61e0bb : 00000000`132b5698 00000000`00000001 00000000`00000001 ffffe000`79808160 : nt!CmpDereferenceKeyControlBlockWithLock+0x8c
fffff88d`7e0aed00 fffff800`5aaeef75 : ffffe000`79808160 ffffe000`7ccbd000 00000000`00000200 00000000`000000ab : nt!CmpDrainDelayDerefContext+0x9b
fffff88d`7e0aed40 fffff800`5aaeec11 : ffff800c`d82d4ab0 00000000`00040000 fffff88d`7e0aef00 fffff88d`7e0aede0 : nt!CmpCleanUpKCBCacheTable+0xe1
fffff88d`7e0aedd0 fffff800`5aaeebc5 : 00000000`00040000 fffff88d`7e0aef09 ffffe000`792646c0 00000000`00000006 : nt!CmpEnumerateAllOpenSubKeys+0x35
fffff88d`7e0aee10 fffff800`5aaed879 : 00000000`00040000 fffff88d`7e0aef09 ffffe000`792646c0 00000000`00000006 : nt!CmpDoesKeyHaveOpenSubkeys+0x25
fffff88d`7e0aee60 fffff800`5aaed5a7 : 00000000`00000000 00000000`00000000 fffff88d`7e0af2e0 00000000`00000001 : nt!CmpPerformUnloadKey+0x14d
fffff88d`7e0aef70 fffff800`5aaed049 : ffffffff`ffffffff ffffe000`7d55f001 00000000`00000000 ffffe000`5ba00000 : nt!CmUnloadKey+0x437
fffff88d`7e0af220 fffff800`5a845fe5 : 00000000`00000000 fffff800`5a7324e9 ffffe000`5ba00380 ffffe000`5ba000ff : nt!NtUnloadKey+0x29
fffff88d`7e0af260 fffff800`5a836ae0 : fffff800`5ab6e6b5 ffffe000`77e1f2b8 ffffffff`ffffffff ffff800c`d630f7a0 : nt!KiSystemServiceCopyEnd+0x25
fffff88d`7e0af3f8 fffff800`5ab6e6b5 : ffffe000`77e1f2b8 ffffffff`ffffffff ffff800c`d630f7a0 ffffe000`77e1f2a0 : nt!KiServiceLinkage
fffff88d`7e0af400 fffff800`5ab6e593 : ffffe000`73377670 fffff88d`7e0af530 00000000`00000011 00000000`000000a0 : nt!VrpUnloadDifferencingHive+0xf5
fffff88d`7e0af470 fffff800`5ab6de65 : 00000000`00000000 ffffffff`ffffffff ffff800c`be4db250 00000000`00000000 : nt!VrpCleanupNamespace+0xa7
fffff88d`7e0af4b0 fffff800`5ab6f99d : 00000000`00000000 ffff800c`be4db250 0000009f`24db9000 ffffe000`73377670 : nt!VrpHandleIoctlUnloadDynamicallyLoadedHives+0x15d
fffff88d`7e0af560 fffff800`5a61f5f5 : ffff800c`be4db180 fffff800`5aac7637 00000000`00000002 ffff800c`caf6fc20 : nt!VrpIoctlDeviceDispatch+0x11d
fffff88d`7e0af610 fffff800`5aac5200 : ffff800c`be4db180 fffff88d`7e0af6b1 ffff800c`d7593470 ffff800c`d7593470 : nt!IofCallDriver+0x55
fffff88d`7e0af650 fffff800`5aac6c37 : ffff800c`be4db180 00000000`00000001 fffff88d`7e0afa05 ffff800c`d7593470 : nt!IopSynchronousServiceTail+0x1d0
fffff88d`7e0af700 fffff800`5aac6516 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x707
fffff88d`7e0af900 fffff800`5a845fe5 : 00007fff`5ef2986d 00007fff`635de0d0 00000000`00000000 00007fff`635dea90 : nt!NtDeviceIoControlFile+0x56
fffff88d`7e0af970 00007fff`923eee34 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000009f`26d7ee88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`923eee34
SYMBOL_NAME: nt!KiFastFailDispatch+b2
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: b2
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.22621.1928
BUILDLAB_STR: ni_release_svc_prod3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
---------
Last edited by a moderator:
Facebook
Twitter
Instagram