M
mikkelknudsen
Anybody who can help me here?
What should I look for here?
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mikknu\Desktop\042819-16281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\mss*Symbol information
Symbol search path is: srv*c:\mss*Symbol information
Executable search path is:
Windows 10 Kernel Version 14393 MP (32 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 14393.2828.amd64fre.rs1_release_inmarket.190216-1457
Machine Name:
Kernel base = 0xfffff802`ad478000 PsLoadedModuleList = 0xfffff802`ad77a180
Debug session time: Sun Apr 28 05:51:32.244 2019 (UTC + 2:00)
System Uptime: 55 days 4:37:41.088
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
................
For analysis of this file, run !analyze -v
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffb48061822010, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffb48061821f68, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.2828.amd64fre.rs1_release_inmarket.190216-1457
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: ProLiant BL460c Gen9
SYSTEM_SKU: 813198-B21
BIOS_VENDOR: HP
BIOS_VERSION: I36
BIOS_DATE: 05/21/2018
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffffb48061822010
BUGCHECK_P3: ffffb48061821f68
BUGCHECK_P4: 0
TRAP_FRAME: ffffb48061822010 -- (.trap 0xffffb48061822010)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb4805f3027d0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffa100b5fe2010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802ad6c981f rsp=ffffb480618221a0 rbp=0000000000000000
r8=ffffa10024151350 r9=ffffa10fb0840530 r10=0000000000000001
r11=ffffa1002a7d82b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!ExDeferredFreePool+0x106f:
fffff802`ad6c981f cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffb48061821f68 -- (.exr 0xffffb48061821f68)
ExceptionAddress: fffff802ad6c981f (nt!ExDeferredFreePool+0x000000000000106f)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 20
CPU_MHZ: c7c
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 4f
CPU_STEPPING: 1
CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B00002E'00000000 (cache) B00002E'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: T26-PC-MIKKNU
ANALYSIS_SESSION_TIME: 05-06-2019 15:17:44.0319
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff802ad5e4929 to fffff802ad5d4940
STACK_TEXT:
ffffb480`61821ce8 fffff802`ad5e4929 : 00000000`00000139 00000000`00000003 ffffb480`61822010 ffffb480`61821f68 : nt!KeBugCheckEx
ffffb480`61821cf0 fffff802`ad5e4cd0 : ffffb480`61821ef9 fffff80f`9023ed4b fffff80f`903c2220 ffffa10f`83708940 : nt!KiBugCheckDispatch+0x69
ffffb480`61821e30 fffff802`ad5e32d2 : 00000000`00000000 ffffa10f`8b688010 00000000`00000001 00000000`00000101 : nt!KiFastFailDispatch+0xd0
ffffb480`61822010 fffff802`ad6c981f : ffffb480`5f302000 00000000`00000000 00000000`03ffbfff fffff80f`90203226 : nt!KiRaiseSecurityCheckFailure+0x2d2
ffffb480`618221a0 fffff802`ad6c787f : ffffa100`07b2d010 ffffb480`5f302000 ffffb480`5f302000 00000000`00000000 : nt!ExDeferredFreePool+0x106f
ffffb480`61822220 fffff80f`8f599672 : ffffa100`661ab1c0 00000000`00000101 00000000`00000000 fffff80f`0000002d : nt!ExFreePoolWithTag+0x87f
ffffb480`61822300 fffff80f`91bc6256 : ffffa10f`8ac5c7d0 fffff80f`8f5992fd ffff21fb`e7d50384 ffffb480`61822569 : NDIS!NdisMIndicateReceiveNetBufferLists+0x270c2
ffffb480`618224f0 fffff80f`91bce0c2 : ffffa100`61b85c20 00000000`00000101 00000000`00000000 00000000`00000000 : netft!MaReceivePacket+0x126
ffffb480`61822550 fffff80f`91bcf392 : 00000000`00000000 00000000`00000001 ffffa90b`5cbd5f40 00000000`00000000 : netft!TaReceivePacket+0x23e
ffffb480`61822630 fffff80f`9105c094 : ffffa90b`5cc71cc0 fffff80f`8f580c6c ffffb480`61822700 00000000`00000008 : netft!NetftReceiveDatagramHandler+0x102
ffffb480`61822660 fffff80f`9022ad8e : ffffa10f`873b8100 ffffb480`61822768 ffffa90b`5cbe1890 ffffa90b`5cbe1890 : afd!WskProTLEVENTReceiveMessages+0x144
ffffb480`618226c0 fffff80f`90229e70 : 00000000`00000000 ffffa90b`00000000 ffffb480`00000001 ffffb480`61822940 : tcpip!UdpDeliverDatagrams+0x33e
ffffb480`618228c0 fffff80f`90245281 : ffffa10f`2011400a 00000000`0000ae01 ffffa10f`83470660 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x390
ffffb480`61822cb0 fffff80f`9024342e : ffffa10f`8b6a29d0 00000000`00000000 fffff80f`90202a11 00000000`00000211 : tcpip!IpFlcReceivePreValidatedPackets+0x591
ffffb480`61822e50 fffff802`ad5d7d77 : 00000000`00000000 ffffb480`61822fd0 ffffb480`5fe2a800 ffffb480`5fe35f40 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x15e
ffffb480`61822f80 fffff802`ad5d7d3d : 00000000`00004818 ffffa10f`830f5fb0 00000000`00000000 fffff802`ad579841 : nt!KxSwitchKernelStackCallout+0x27
ffffb480`5fe35f40 fffff802`ad579841 : ffffa10f`830f5fb8 ffffb480`00000019 ffffa10f`8b0fb300 00000000`00000001 : nt!KiSwitchKernelStackContinue
ffffb480`5fe35f60 fffff802`ad5794a6 : ffffb480`5fe35ff0 00000000`00004800 ffffa100`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x241
ffffb480`5fe35ff0 fffff802`ad57936f : 00000000`00000002 ffffb480`5fe360d0 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6
ffffb480`5fe36050 fffff80f`90203226 : ffffa10f`836fe910 00000000`00000008 ffffa10f`830f5fb0 ffffa10f`84371d00 : nt!KeExpandKernelStackAndCalloutInternal+0x2f
ffffb480`5fe360a0 fffff80f`8f57392e : 00000000`00000000 ffffb480`5fe361a0 00000000`00000001 fffff80f`8f5d7571 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffb480`5fe36120 fffff80f`8f5728cc : ffffa10f`9cf79001 00000000`00000008 fffff16f`00000000 ffffa10f`00000001 : NDIS!ndisMIndicateNetBufferListsToOpen+0x11e
ffffb480`5fe361e0 fffff80f`91486db8 : ffffa10f`84371e80 ffffa10f`8448d50a 00000249`00000800 00000000`00000249 : NDIS!NdisMIndicateReceiveNetBufferLists+0x31c
ffffb480`5fe363d0 fffff80f`91489360 : ffffa10f`00000000 fffff80f`91480000 ffffb480`5fe36508 ffffb480`00000000 : vmswitch!VmsMpNicPvtPacketForward+0x238
ffffb480`5fe36480 fffff80f`91488f73 : ffffa10f`8195e410 ffffa10f`87480000 ffffa10f`8ac5c701 ffffb480`5fe36501 : vmswitch!VmsRouterDeliverNetBufferLists+0x390
ffffb480`5fe36590 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmswitch!VmsExtPtReceiveNetBufferLists+0x193
THREAD_SHA1_HASH_MOD_FUNC: 05648f438489c967d3a4e7e1b3840e05cb220f11
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b505b6f48c76da33a68527bd5be4c11c0094393e
THREAD_SHA1_HASH_MOD: 0742afb4b0564e1f4e1f13eb3c259d9267ea0bb7
FOLLOWUP_IP:
nt!ExDeferredFreePool+106f
fffff802`ad6c981f cd29 int 29h
FAULT_INSTR_CODE: 8b4d29cd
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ExDeferredFreePool+106f
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.14393.2828
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 106f
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
TARGET_TIME: 2019-04-28T03:51:32.000Z
OSBUILD: 14393
OSSERVICEPACK: 2828
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 400
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer DataCenter SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-02-17 02:56:01
BUILDDATESTAMP_STR: 190216-1457
BUILDLAB_STR: rs1_release_inmarket
BUILDOSVER_STR: 10.0.14393.2828.amd64fre.rs1_release_inmarket.190216-1457
ANALYSIS_SESSION_ELAPSED_TIME: 79de
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_nt!exdeferredfreepool
FAILURE_ID_HASH: {7ef5a43a-ed8f-4a4a-f936-b37f9eaa1b29}
Followup: Pool_corruption
---------
Continue reading...
What should I look for here?
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mikknu\Desktop\042819-16281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\mss*Symbol information
Symbol search path is: srv*c:\mss*Symbol information
Executable search path is:
Windows 10 Kernel Version 14393 MP (32 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 14393.2828.amd64fre.rs1_release_inmarket.190216-1457
Machine Name:
Kernel base = 0xfffff802`ad478000 PsLoadedModuleList = 0xfffff802`ad77a180
Debug session time: Sun Apr 28 05:51:32.244 2019 (UTC + 2:00)
System Uptime: 55 days 4:37:41.088
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
................
For analysis of this file, run !analyze -v
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffb48061822010, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffb48061821f68, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.2828.amd64fre.rs1_release_inmarket.190216-1457
SYSTEM_MANUFACTURER: HP
SYSTEM_PRODUCT_NAME: ProLiant BL460c Gen9
SYSTEM_SKU: 813198-B21
BIOS_VENDOR: HP
BIOS_VERSION: I36
BIOS_DATE: 05/21/2018
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffffb48061822010
BUGCHECK_P3: ffffb48061821f68
BUGCHECK_P4: 0
TRAP_FRAME: ffffb48061822010 -- (.trap 0xffffb48061822010)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb4805f3027d0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffa100b5fe2010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802ad6c981f rsp=ffffb480618221a0 rbp=0000000000000000
r8=ffffa10024151350 r9=ffffa10fb0840530 r10=0000000000000001
r11=ffffa1002a7d82b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!ExDeferredFreePool+0x106f:
fffff802`ad6c981f cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffb48061821f68 -- (.exr 0xffffb48061821f68)
ExceptionAddress: fffff802ad6c981f (nt!ExDeferredFreePool+0x000000000000106f)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 20
CPU_MHZ: c7c
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 4f
CPU_STEPPING: 1
CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B00002E'00000000 (cache) B00002E'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: T26-PC-MIKKNU
ANALYSIS_SESSION_TIME: 05-06-2019 15:17:44.0319
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff802ad5e4929 to fffff802ad5d4940
STACK_TEXT:
ffffb480`61821ce8 fffff802`ad5e4929 : 00000000`00000139 00000000`00000003 ffffb480`61822010 ffffb480`61821f68 : nt!KeBugCheckEx
ffffb480`61821cf0 fffff802`ad5e4cd0 : ffffb480`61821ef9 fffff80f`9023ed4b fffff80f`903c2220 ffffa10f`83708940 : nt!KiBugCheckDispatch+0x69
ffffb480`61821e30 fffff802`ad5e32d2 : 00000000`00000000 ffffa10f`8b688010 00000000`00000001 00000000`00000101 : nt!KiFastFailDispatch+0xd0
ffffb480`61822010 fffff802`ad6c981f : ffffb480`5f302000 00000000`00000000 00000000`03ffbfff fffff80f`90203226 : nt!KiRaiseSecurityCheckFailure+0x2d2
ffffb480`618221a0 fffff802`ad6c787f : ffffa100`07b2d010 ffffb480`5f302000 ffffb480`5f302000 00000000`00000000 : nt!ExDeferredFreePool+0x106f
ffffb480`61822220 fffff80f`8f599672 : ffffa100`661ab1c0 00000000`00000101 00000000`00000000 fffff80f`0000002d : nt!ExFreePoolWithTag+0x87f
ffffb480`61822300 fffff80f`91bc6256 : ffffa10f`8ac5c7d0 fffff80f`8f5992fd ffff21fb`e7d50384 ffffb480`61822569 : NDIS!NdisMIndicateReceiveNetBufferLists+0x270c2
ffffb480`618224f0 fffff80f`91bce0c2 : ffffa100`61b85c20 00000000`00000101 00000000`00000000 00000000`00000000 : netft!MaReceivePacket+0x126
ffffb480`61822550 fffff80f`91bcf392 : 00000000`00000000 00000000`00000001 ffffa90b`5cbd5f40 00000000`00000000 : netft!TaReceivePacket+0x23e
ffffb480`61822630 fffff80f`9105c094 : ffffa90b`5cc71cc0 fffff80f`8f580c6c ffffb480`61822700 00000000`00000008 : netft!NetftReceiveDatagramHandler+0x102
ffffb480`61822660 fffff80f`9022ad8e : ffffa10f`873b8100 ffffb480`61822768 ffffa90b`5cbe1890 ffffa90b`5cbe1890 : afd!WskProTLEVENTReceiveMessages+0x144
ffffb480`618226c0 fffff80f`90229e70 : 00000000`00000000 ffffa90b`00000000 ffffb480`00000001 ffffb480`61822940 : tcpip!UdpDeliverDatagrams+0x33e
ffffb480`618228c0 fffff80f`90245281 : ffffa10f`2011400a 00000000`0000ae01 ffffa10f`83470660 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x390
ffffb480`61822cb0 fffff80f`9024342e : ffffa10f`8b6a29d0 00000000`00000000 fffff80f`90202a11 00000000`00000211 : tcpip!IpFlcReceivePreValidatedPackets+0x591
ffffb480`61822e50 fffff802`ad5d7d77 : 00000000`00000000 ffffb480`61822fd0 ffffb480`5fe2a800 ffffb480`5fe35f40 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x15e
ffffb480`61822f80 fffff802`ad5d7d3d : 00000000`00004818 ffffa10f`830f5fb0 00000000`00000000 fffff802`ad579841 : nt!KxSwitchKernelStackCallout+0x27
ffffb480`5fe35f40 fffff802`ad579841 : ffffa10f`830f5fb8 ffffb480`00000019 ffffa10f`8b0fb300 00000000`00000001 : nt!KiSwitchKernelStackContinue
ffffb480`5fe35f60 fffff802`ad5794a6 : ffffb480`5fe35ff0 00000000`00004800 ffffa100`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x241
ffffb480`5fe35ff0 fffff802`ad57936f : 00000000`00000002 ffffb480`5fe360d0 00000000`00000000 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6
ffffb480`5fe36050 fffff80f`90203226 : ffffa10f`836fe910 00000000`00000008 ffffa10f`830f5fb0 ffffa10f`84371d00 : nt!KeExpandKernelStackAndCalloutInternal+0x2f
ffffb480`5fe360a0 fffff80f`8f57392e : 00000000`00000000 ffffb480`5fe361a0 00000000`00000001 fffff80f`8f5d7571 : tcpip!FlReceiveNetBufferListChain+0xb6
ffffb480`5fe36120 fffff80f`8f5728cc : ffffa10f`9cf79001 00000000`00000008 fffff16f`00000000 ffffa10f`00000001 : NDIS!ndisMIndicateNetBufferListsToOpen+0x11e
ffffb480`5fe361e0 fffff80f`91486db8 : ffffa10f`84371e80 ffffa10f`8448d50a 00000249`00000800 00000000`00000249 : NDIS!NdisMIndicateReceiveNetBufferLists+0x31c
ffffb480`5fe363d0 fffff80f`91489360 : ffffa10f`00000000 fffff80f`91480000 ffffb480`5fe36508 ffffb480`00000000 : vmswitch!VmsMpNicPvtPacketForward+0x238
ffffb480`5fe36480 fffff80f`91488f73 : ffffa10f`8195e410 ffffa10f`87480000 ffffa10f`8ac5c701 ffffb480`5fe36501 : vmswitch!VmsRouterDeliverNetBufferLists+0x390
ffffb480`5fe36590 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmswitch!VmsExtPtReceiveNetBufferLists+0x193
THREAD_SHA1_HASH_MOD_FUNC: 05648f438489c967d3a4e7e1b3840e05cb220f11
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b505b6f48c76da33a68527bd5be4c11c0094393e
THREAD_SHA1_HASH_MOD: 0742afb4b0564e1f4e1f13eb3c259d9267ea0bb7
FOLLOWUP_IP:
nt!ExDeferredFreePool+106f
fffff802`ad6c981f cd29 int 29h
FAULT_INSTR_CODE: 8b4d29cd
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ExDeferredFreePool+106f
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.14393.2828
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 106f
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_nt!ExDeferredFreePool
TARGET_TIME: 2019-04-28T03:51:32.000Z
OSBUILD: 14393
OSSERVICEPACK: 2828
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 400
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer DataCenter SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-02-17 02:56:01
BUILDDATESTAMP_STR: 190216-1457
BUILDLAB_STR: rs1_release_inmarket
BUILDOSVER_STR: 10.0.14393.2828.amd64fre.rs1_release_inmarket.190216-1457
ANALYSIS_SESSION_ELAPSED_TIME: 79de
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_nt!exdeferredfreepool
FAILURE_ID_HASH: {7ef5a43a-ed8f-4a4a-f936-b37f9eaa1b29}
Followup: Pool_corruption
---------
Continue reading...