Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\Desktop\051823-19000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`6a400000 PsLoadedModuleList = 0xfffff800`6b013470
Debug session time: Thu May 18 10:44:13.112 2023 (UTC + 3:00)
System Uptime: 2 days 17:10:06.601
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
....................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`6a82b8f0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffae01`0bba53c0=0000000000000139
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffae010bba56e0, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffae010bba5638, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1453
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 1734
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 140
Key : Analysis.Init.Elapsed.mSec
Value: 8896
Key : Analysis.Memory.CommitPeak.Mb
Value: 93
Key : Bugcheck.Code.DumpHeader
Value: 0x139
Key : Bugcheck.Code.Register
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1008
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
FILE_IN_CAB: 051823-19000-01.dmp
DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffae010bba56e0
BUGCHECK_P3: ffffae010bba5638
BUGCHECK_P4: 0
TRAP_FRAME: ffffae010bba56e0 -- (.trap 0xffffae010bba56e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff990fec44f700 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe58aab42b110 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8006ddf5008 rsp=ffffae010bba5870 rbp=ffffae010bba5930
r8=ffffe58aaf8bcc98 r9=ffffe58aab42b110 r10=0000000000008001
r11=ffffffffffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
tpm!Tpm20ResourceMgr::RemovedLoadedResource+0xc0:
fffff800`6ddf5008 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffae010bba5638 -- (.exr 0xffffae010bba5638)
ExceptionAddress: fffff8006ddf5008 (tpm!Tpm20ResourceMgr::RemovedLoadedResource+0x00000000000000c0)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffae01`0bba53b8 fffff800`6a840fa9 : 00000000`00000139 00000000`00000003 ffffae01`0bba56e0 ffffae01`0bba5638 : nt!KeBugCheckEx
ffffae01`0bba53c0 fffff800`6a841532 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffae01`0bba5500 fffff800`6a83f306 : 00000000`00000000 fffff800`6de353d0 ffffe58a`97a7f040 fffff800`6a6511e3 : nt!KiFastFailDispatch+0xb2
ffffae01`0bba56e0 fffff800`6ddf5008 : ffff990f`e0eb1110 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x346
ffffae01`0bba5870 fffff800`6de02707 : 00000000`00000075 ffff990f`e0eb1110 00000000`0000000e ffff9900`090d9010 : tpm!Tpm20ResourceMgr::RemovedLoadedResource+0xc0
ffffae01`0bba58b0 fffff800`6ddf3497 : ffff990f`e0eb1110 ffffe58a`975fa600 00000000`00000000 00000000`00000075 : tpm!Tpm20ResourceMgr::SubmitRequest+0xef37
ffffae01`0bba5970 fffff800`6ddf315e : ffffe58a`00000003 00000000`00000000 ffffae01`0bba5b10 00000000`00000050 : tpm!Tpm20Scheduler::DoUserRequest+0xb7
ffffae01`0bba5a10 fffff800`6ddf165c : ffffe58a`975fa600 ffffe58a`975fa600 fffff800`6ddf15f0 ffffe58a`975fa600 : tpm!Tpm20Scheduler::SchedulerThreadFunction+0x19e
ffffae01`0bba5b50 fffff800`6a60dc67 : ffffe58a`00000003 fffff800`6ddf15f0 ffffe58a`975fa600 004fe07f`bcbbbdff : tpm!Tpm20Scheduler::SchedulerThreadWrapper+0x6c
ffffae01`0bba5bb0 fffff800`6a830854 : ffff8081`cdea7180 ffffe58a`97a7f040 fffff800`6a60dc10 4d034ccd`8b45078b : nt!PspSystemThreadStartup+0x57
ffffae01`0bba5c00 00000000`00000000 : ffffae01`0bba6000 ffffae01`0bb9f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: tpm!Tpm20ResourceMgr::RemovedLoadedResource+c0
MODULE_NAME: tpm
IMAGE_NAME: tpm.sys
IMAGE_VERSION: 10.0.22621.1690
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: c0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_tpm!Tpm20ResourceMgr::RemovedLoadedResource
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {1764a007-36a0-ad2e-affa-7bb93db2d908}
Followup: MachineOwner
---------