Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa10896.38870\102820-9750-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`76000000 PsLoadedModuleList = 0xfffff806`76c2a310
Debug session time: Wed Oct 28 18:21:10.844 2020 (UTC + 3:00)
System Uptime: 0 days 7:53:16.546
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`763f45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8586`abfbdc80=00000000000000f7
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00005481680dd210, Actual security check cookie from the stack
Arg2: 0000e7661a815d7e, Expected security check cookie
Arg3: ffff1899e57ea281, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6452
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 23397
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: f7
BUGCHECK_P1: 5481680dd210
BUGCHECK_P2: e7661a815d7e
BUGCHECK_P3: ffff1899e57ea281
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000e7661a815d7e found 00005481680dd210
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: WerFault.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff8586`abfbdc78 fffff806`764b05a5 : 00000000`000000f7 00005481`680dd210 0000e766`1a815d7e ffff1899`e57ea281 : nt!KeBugCheckEx
ffff8586`abfbdc80 fffff806`763d0b2e : ffff8586`abfbe290 fffff806`76252faf fffff806`760d8768 fffff806`00000000 : nt!_report_gsfailure+0x25
ffff8586`abfbdcc0 fffff806`763d0ac3 : ffff8586`abfbdd90 00000000`00000000 ffff8586`abfbe2c8 ffff8586`abfbe2a0 : nt!_GSHandlerCheckCommon+0x5a
ffff8586`abfbdcf0 fffff806`763fd45f : fffff806`763d0ab0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffff8586`abfbdd20 fffff806`76252d97 : ffff8586`abfbe290 00000000`00000000 ffff8586`abfbe4a0 fffff806`76339548 : nt!RtlpExecuteHandlerForException+0xf
ffff8586`abfbdd50 fffff806`762519a6 : ffff8586`abfbec68 ffff8586`abfbe9a0 ffff8586`abfbec68 00000000`00000000 : nt!RtlDispatchException+0x297
ffff8586`abfbe470 fffff806`764066ac : 00000000`00001000 ffff8586`abfbed10 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff8586`abfbeb30 fffff806`76402843 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x12c
ffff8586`abfbed10 fffff806`76339548 : fffff806`76337ce6 fffff806`76337b58 ffffe784`b9965000 fffff806`762cb569 : nt!KiPageFault+0x443
ffff8586`abfbeea0 ffffd107`cad46080 : 00000000`00000001 fffff806`763378ed ffffe784`c3095330 00000000`00000000 : nt!MmCheckCachedPageStates+0x1b88
ffff8586`abfbf070 00000000`00000001 : fffff806`763378ed ffffe784`c3095330 00000000`00000000 000bf102`cad4ffff : 0xffffd107`cad46080
ffff8586`abfbf078 fffff806`763378ed : ffffe784`c3095330 00000000`00000000 000bf102`cad4ffff ffffe784`c3095330 : 0x1
ffff8586`abfbf080 fffff806`76700b7e : 00000000`00000001 00000000`00000000 ffff8586`abfbf101 ffff8586`00000000 : nt!CcMapAndRead+0xdd
ffff8586`abfbf0e0 fffff806`796b0920 : fffff806`00000000 ffffe784`c3095338 00000000`00000001 ffffe784`00000001 : nt!CcMapData+0xae
ffff8586`abfbf170 fffff806`796b6dd4 : ffffd107`c906ed28 ffffe784`c3095330 ffffd107`d0d5be60 00000000`00000000 : Ntfs!ReadIndexBuffer+0xe0
ffff8586`abfbf220 fffff806`796b6804 : ffffe784`b97fc170 00000000`00000000 ffffe784`cf574960 ffffe784`b97fc458 : Ntfs!FindNextIndexEntry+0x314
ffff8586`abfbf2e0 fffff806`796b424f : 00000000`00000000 ffffe784`b97fc458 ffffe784`b97fc170 ffffd107`c906ed01 : Ntfs!NtfsContinueIndexEnumeration+0xe4
ffff8586`abfbf390 fffff806`796b75e9 : ffffd107`c906ed28 ffffd107`c7cc3530 ffffd107`bdcc4180 ffffe784`b97fc170 : Ntfs!NtfsQueryDirectory+0x8cf
ffff8586`abfbf640 fffff806`796b74f7 : 00000000`00000000 ffffd107`c7cc3530 ffffd107`c7cc3501 ffff8586`abfbf7c0 : Ntfs!NtfsCommonDirectoryControl+0xa5
ffff8586`abfbf680 fffff806`762cd805 : ffff8586`abfbf7c0 ffffd107`c7cc3530 ffffd107`c906ed28 ffff8586`abfbf6a8 : Ntfs!NtfsFsdDirectoryControl+0xc7
ffff8586`abfbf6f0 fffff806`728d6ccf : ffffd107`0000000a 00000000`00000000 d107c7b1`a080fe45 00000000`00100001 : nt!IofCallDriver+0x55
ffff8586`abfbf730 fffff806`728d48d3 : ffff8586`abfbf7c0 00000000`00000000 00000000`00000020 ffffd107`bb7b0800 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffff8586`abfbf7a0 fffff806`762cd805 : ffffd107`c7cc3530 00000000`00000004 ffff8586`abfbf960 00000000`00000001 : FLTMGR!FltpDispatch+0xa3
ffff8586`abfbf800 fffff806`766c2528 : ffff8586`abfbf959 ffffd107`c7cc3530 00000000`00000001 00000000`00000000 : nt!IofCallDriver+0x55
ffff8586`abfbf840 fffff806`766ba11f : 00000000`00000394 00000076`4b2c6af8 00000000`00000000 ffff8586`abfbf959 : nt!IopSynchronousServiceTail+0x1a8
ffff8586`abfbf8e0 fffff806`76405fb5 : 00000000`00000394 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtQueryDirectoryFileEx+0xaf
ffff8586`abfbf990 00007ff8`9ad2e5c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000076`4b2c6e38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`9ad2e5c4
SYMBOL_NAME: nt!_report_gsfailure+25
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa10896.39652\102120-9375-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff801`1bc00000 PsLoadedModuleList = 0xfffff801`1c82a310
Debug session time: Wed Oct 21 14:28:51.303 2020 (UTC + 3:00)
System Uptime: 0 days 23:19:49.885
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
.......................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`1bff45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff801`20217ad0=000000000000009c
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
x86 Processors
If the processor has ONLY MCE feature available (For example Intel
Pentium), the parameters are:
1 - Low 32 bits of P5_MC_TYPE MSR
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of P5_MC_ADDR MSR
4 - Low 32 bits of P5_MC_ADDR MSR
If the processor also has MCA feature available (For example Intel
Pentium Pro), the parameters are:
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
IA64 Processors
1 - Bugcheck Type
1 - MCA_ASSERT
2 - MCA_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing MCA.
3 - MCA_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
4 - MCA_FATAL
FW reported a fatal MCA.
5 - MCA_NONFATAL
SAL reported a recoverable MCA and we don't support currently
support recovery or SAL generated an MCA and then couldn't
produce an error record.
0xB - INIT_ASSERT
0xC - INIT_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing INIT event.
0xD - INIT_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.
0xE - INIT_FATAL
Not used.
2 - Address of log
3 - Size of log
4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
AMD64 Processors (If Param 1 is < 0x80000000)
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
AMD64 Processors (If Param 1 is > 0x80000000)
1 - Failure Type
VALUES:
0x80000001: Spurious MCE
2 - Address of MCA_EXCEPTION structure
0x80000002: Rendezvous failure
2 - Address of MCA_EXCEPTION structure
END_VALUES
Arguments:
Arg1: 0000000080000001
Arg2: fffff80120217b10
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4843
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 9691
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 9c
BUGCHECK_P1: 80000001
BUGCHECK_P2: fffff80120217b10
BUGCHECK_P3: 0
BUGCHECK_P4: 0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: r5apex.exe
BAD_STACK_POINTER: fffff80120217ac8
STACK_TEXT:
fffff801`20217ac8 fffff801`1c0b4cf9 : 00000000`0000009c 00000000`80000001 fffff801`20217b10 00000000`00000000 : nt!KeBugCheckEx
fffff801`20217ad0 fffff801`1c0b5154 : 00000000`00000006 fffff801`20217e50 00000000`00000000 00000000`00000006 : nt!HalpMcaReportError+0x149
fffff801`20217c40 fffff801`1c0b436b : 00000000`00000000 00000000`80000001 fffff801`20217ed0 00000000`00000000 : nt!HalpMceHandlerWithRendezvous+0x11c
fffff801`20217c70 fffff801`1c0b6bb5 : ffff8282`d52e5910 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HalpHandleMachineCheck+0x5f
fffff801`20217ca0 fffff801`1c10c2b9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HalHandleMcheck+0x35
fffff801`20217cd0 fffff801`1c0036fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiHandleMcheck+0x9
fffff801`20217d00 fffff801`1c0033b7 : 00000000`00000000 00000000`00000000 00000254`c40497f8 00000000`00000000 : nt!KxMcheckAbort+0x7a
fffff801`20217e40 00007ff8`a2b3e58d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiMcheckAbort+0x277
0000006f`2ce0b370 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`a2b3e58d
SYMBOL_NAME: nt!HalpMcaReportError+149
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 149
FAILURE_BUCKET_ID: 0x9C_SPURIOUS_GenuineIntel_STACKPTR_ERROR_nt!HalpMcaReportError
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {16dc0b79-ffca-6bb9-61b6-e2cd4a0f3ed7}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa10896.40426\102020-9406-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`2f600000 PsLoadedModuleList = 0xfffff807`3022a310
Debug session time: Tue Oct 20 15:08:40.385 2020 (UTC + 3:00)
System Uptime: 2 days 3:53:41.437
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`2f9f45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa60b`2bf0f240=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001d, Type of memory safety violation
Arg2: ffffa60b2bf0f560, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffa60b2bf0f4b8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3983
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 11843
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 1d
BUGCHECK_P2: ffffa60b2bf0f560
BUGCHECK_P3: ffffa60b2bf0f4b8
BUGCHECK_P4: 0
TRAP_FRAME: ffffa60b2bf0f560 -- (.trap 0xffffa60b2bf0f560)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc00479401fe0 rbx=0000000000000000 rcx=000000000000001d
rdx=ffffc00479401680 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8072fa67351 rsp=ffffa60b2bf0f6f0 rbp=0000000000000000
r8=ffffc00479501900 r9=ffffc00479400dc0 r10=ffffc00465402160
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!RtlRbInsertNodeEx+0x19d2b1:
fffff807`2fa67351 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffa60b2bf0f4b8 -- (.exr 0xffffa60b2bf0f4b8)
ExceptionAddress: fffff8072fa67351 (nt!RtlRbInsertNodeEx+0x000000000019d2b1)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001d
Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001d
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffa60b`2bf0f238 fffff807`2fa06569 : 00000000`00000139 00000000`0000001d ffffa60b`2bf0f560 ffffa60b`2bf0f4b8 : nt!KeBugCheckEx
ffffa60b`2bf0f240 fffff807`2fa06990 : 00000000`00000008 fffff807`2f93c14a 00100800`00000000 ffe10094`ffffee4e : nt!KiBugCheckDispatch+0x69
ffffa60b`2bf0f380 fffff807`2fa04d23 : fffff807`00000000 00000000`00000005 ffffc004`7483d000 fffff807`2f84bdae : nt!KiFastFailDispatch+0xd0
ffffa60b`2bf0f560 fffff807`2fa67351 : ffffc004`65402100 fffff807`2f82732a ffffffff`ffffffff 00000000`00000001 : nt!KiRaiseSecurityCheckFailure+0x323
ffffa60b`2bf0f6f0 fffff807`2f82732a : ffffffff`ffffffff 00000000`00000001 00000000`00000000 ffffc004`7aa01e80 : nt!RtlRbInsertNodeEx+0x19d2b1
ffffa60b`2bf0f700 fffff807`2f8c76f2 : ffffc004`6a8d0028 ffffc004`65402100 ffffc004`7aa00000 00000000`00000000 : nt!RtlpHpSegPageRangeShrink+0x1ba
ffffa60b`2bf0f770 fffff807`2ffb1019 : ffffd500`00000000 ffffd500`a27c3180 ffffc004`6b027110 01000000`00100000 : nt!ExFreeHeapPool+0x6b2
ffffa60b`2bf0f850 fffff807`2f8aa09b : 00000000`00000000 ffffd500`a27c3190 fffff807`30250eb8 fffff807`30250f70 : nt!ExFreePool+0x9
ffffa60b`2bf0f880 fffff807`2f8acb5a : fffff807`30250c00 ffffc004`6b0570c0 fffff807`30250eb8 fffff807`30250c00 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmDrainSList+0x2f
ffffa60b`2bf0f8b0 fffff807`2f9ba0ed : ffffc004`00000004 fffff807`00000012 fffff807`00000000 ffffd500`a27c3180 : nt!MiStoreCheckCompleteWriteBatch+0x2a
ffffa60b`2bf0f8e0 fffff807`2f8a2ae5 : ffffc004`6b0570c0 ffffc004`6b0570c0 00000000`00000080 fffff807`2f9b9fa0 : nt!MiModifiedPageWriter+0x14d
ffffa60b`2bf0fb10 fffff807`2f9fbbf8 : ffffd500`a27c3180 ffffc004`6b0570c0 fffff807`2f8a2a90 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffa60b`2bf0fb60 00000000`00000000 : ffffa60b`2bf10000 ffffa60b`2bf09000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!ExFreePool+9
IMAGE_NAME: Pool_Corruption
IMAGE_VERSION: 10.0.19041.572
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!ExFreePool
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {ab43366d-59cb-5971-8e17-b53398bf3f90}
Followup: Pool_corruption
---------