0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001d, An RTL_BALANCED_NODE RBTree entry has been corrupted.
Arg2: fffff887a19ae7c0, Address of the trap frame for the exception that caused the BugCheck
Arg3: fffff887a19ae718, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3953
Key : Analysis.Elapsed.mSec
Value: 7109
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 1
Key : Analysis.Init.CPU.mSec
Value: 656
Key : Analysis.Init.Elapsed.mSec
Value: 13835
Key : Analysis.Memory.CommitPeak.Mb
Value: 94
Key : Analysis.Version.DbgEng
Value: 10.0.27704.1001
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Bugcheck.Code.TargetModel
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 21808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : FailFast.Name
Value: INVALID_BALANCED_TREE
Key : FailFast.Type
Value: 29
Key : Failure.Bucket
Value: 0x139_1d_INVALID_BALANCED_TREE_Npfs!NpAddDataQueueEntry
Key : Failure.Hash
Value: {b78db775-5843-cd38-6dd8-f824b415e2e4}
Key : Hypervisor.Enlightenments.ValueHex
Value: 7417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 55185662
Key : Hypervisor.Flags.ValueHex
Value: 34a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 3f7
BUGCHECK_CODE: 139
BUGCHECK_P1: 1d
BUGCHECK_P2: fffff887a19ae7c0
BUGCHECK_P3: fffff887a19ae718
BUGCHECK_P4: 0
FILE_IN_CAB: 010425-16812-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x21808
Kernel Generated Triage Dump
FAULTING_THREAD: ffffc283f4ad6080
TRAP_FRAME: fffff887a19ae7c0 -- (.trap 0xfffff887a19ae7c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffa0c28401c4a298 rbx=0000000000000000 rcx=000000000000001d
rdx=ffffc28401c4a298 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807ac081503 rsp=fffff887a19ae950 rbp=0000000000000008
r8=0000000000000000 r9=ffffc283f6892dc8 r10=ffa0c28401c4a298
r11=ffffc283e01002d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!RtlRbRemoveNode+0x133:
fffff807`ac081503 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff887a19ae718 -- (.exr 0xfffff887a19ae718)
ExceptionAddress: fffff807ac081503 (nt!RtlRbRemoveNode+0x0000000000000133)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001d
Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: chrome.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001d
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffff887`a19ae498 fffff807`ac48dce9 : 00000000`00000139 00000000`0000001d fffff887`a19ae7c0 fffff887`a19ae718 : nt!KeBugCheckEx
fffff887`a19ae4a0 fffff807`ac48e2f2 : 80000000`80000000 80000000`80000000 ffffffff`ffffffff ffffffff`ffffffff : nt!KiBugCheckDispatch+0x69
fffff887`a19ae5e0 fffff807`ac48bf28 : 00000000`00000002 00000000`00000040 00000000`000000df 00000000`00000040 : nt!KiFastFailDispatch+0xb2
fffff887`a19ae7c0 fffff807`ac081503 : 00000000`00000022 ffffc284`071d3000 00000000`00000200 00000000`00000021 : nt!KiRaiseSecurityCheckFailure+0x368
fffff887`a19ae950 fffff807`ac07e33a : ffffc283`f7bd3080 00000000`00000000 fffff887`a19aec59 ffffc283`e01002c0 : nt!RtlRbRemoveNode+0x133
fffff887`a19ae980 fffff807`ac07f326 : 00000000`00000000 ffffc283`e01002c0 ffffe402`49348160 fffff807`ac723c5c : nt!RtlpHpVsChunkSplit+0x4a
fffff887`a19aea30 fffff807`ac00b1d9 : ffffe402`289b0760 fffff807`00000200 00000000`00000000 00000000`00000002 : nt!RtlpHpVsContextAllocateInternal+0x3f6
fffff887`a19aeab0 fffff807`ac00a2dd : 00000000`00000000 fffff807`ac18a922 ffffc283`f6d49178 00000000`00000000 : nt!RtlpHpVsContextAllocate+0x39
fffff887`a19aeb10 fffff807`ac008a0a : ffffc283`e0100000 00000000`00000000 ffffc283`f846de00 ffffc284`064910f8 : nt!RtlpHpAllocateHeap+0x31d
fffff887`a19aeb90 fffff807`ac008492 : 00000000`000002e0 ffffc283`e36fa010 00000000`7246704e 00000000`00000000 : nt!ExAllocateHeapPool+0x50a
fffff887`a19aecc0 fffff807`ac93724a : 00000000`00000041 00000000`000001b8 00000000`00000000 fffff807`ac0377cb : nt!ExpAllocatePoolWithTagFromNode+0x52
fffff887`a19aed00 fffff807`52db32c5 : ffffc283`f846de00 ffffe402`3ba76888 ffffe402`3ba76880 fffff807`00000000 : nt!ExAllocatePool2+0x15a
fffff887`a19aedb0 fffff807`52db28ee : ffffe402`3ba76840 fffff887`a19aeef0 ffffe402`3ba76888 00000000`000001b8 : Npfs!NpAddDataQueueEntry+0x1b5
fffff887`a19aee10 fffff807`52db25ad : 00000000`000001b8 ffffc284`04211818 00000000`00000000 ffffc283`e18a3010 : Npfs!NpCommonWrite+0x23e
fffff887`a19aeea0 fffff807`ac0f79fe : ffffc284`06491010 ffffc284`04211700 00000000`00000003 00000000`00000000 : Npfs!NpFsdWrite+0x6d
fffff887`a19aef10 fffff807`3d9c6afc : fffff47a`3d005280 ffffc284`06491010 00000000`00000000 ffffc283`f7bd3080 : nt!IofCallDriver+0xbe
fffff887`a19aef50 fffff807`3d9c5c19 : fffff887`a19af050 00000000`00000000 ffffc283`e0100000 ffffc284`04211818 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x23c
fffff887`a19aeff0 fffff807`ac0f79fe : ffffc284`04211700 ffffc283`e371ad20 ffffc283`f846de00 ffffc283`f846de00 : FLTMGR!FltpDispatch+0x109
fffff887`a19af090 fffff807`ac696458 : ffffc283`f846de00 fffff887`a19af140 ffffc283`e371ad20 ffffc284`04211700 : nt!IofCallDriver+0xbe
fffff887`a19af0d0 fffff807`ac6947b1 : fffff887`a19af1e0 fffff887`a19af2b0 00000000`00000000 00000000`00000000 : nt!IopSynchronousServiceTail+0x1c8
fffff887`a19af180 fffff807`ac69447f : ffffc283`f846de00 ffffc283`f846ddd0 ffffc284`04211700 00000000`00000002 : nt!IopWriteFile+0x141
fffff887`a19af2a0 fffff807`ac48d355 : 00000000`0012019f 00000000`00000000 00000000`00000000 0000699c`00030350 : nt!NtWriteFile+0x2cf
fffff887`a19af370 00007ff8`834df824 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
000000f8`639fd3d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`834df824
SYMBOL_NAME: Npfs!NpAddDataQueueEntry+1b5
MODULE_NAME: Npfs
IMAGE_NAME: Npfs.SYS
IMAGE_VERSION: 10.0.26100.1
STACK_COMMAND: .process /r /p 0xffffc283f7bd3080; .thread 0xffffc283f4ad6080 ; kb
BUCKET_ID_FUNC_OFFSET: 1b5
FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_Npfs!NpAddDataQueueEntry
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {b78db775-5843-cd38-6dd8-f824b415e2e4}
Followup: MachineOwner