Microsoft (R) Windows Debugger Version 10.0.20348.1 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Temp\Symbole*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Temp\Symbole*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9200 MP (16 procs) Free x64 Product: LanManNt, suite: TerminalServer Edition build lab: 9200.23516.amd64fre.win8_ldr_escrow.211029-1701 Machine Name: Kernel base = 0xfffff801`3946c000 PsLoadedModuleList = 0xfffff801`396e5820 Debug session time: Mon Dec 20 08:28:18.564 2021 (UTC + 1:00) System Uptime: 0 days 0:00:26.197 Loading Kernel Symbols ............................................................... ............................................................. Loading User Symbols Loading unloaded module list ....... For analysis of this file, run !analyze -v 15: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 000000b500190619 Arg2: fffff88006c62068 Arg3: fffff88006c618b0 Arg4: fffff801394beb90 Debugging Details: ------------------ Unable to load image \SystemRoot\system32\DRIVERS\vlflt.sys, Win32 error 0n2 KEY_VALUES_STRING: 1 Key : AV.Dereference Value: NullClassPtr Key : AV.Fault Value: Read Key : Analysis.CPU.mSec Value: 2030 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on MPKDATA Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 4779 Key : Analysis.Init.CPU.mSec Value: 999 Key : Analysis.Init.Elapsed.mSec Value: 102675 Key : Analysis.Memory.CommitPeak.Mb Value: 70 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: win8_ldr_escrow Key : WER.OS.Timestamp Value: 2021-10-29T17:01:00Z Key : WER.OS.Version Value: 8.0.9200.23516 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 VIRTUAL_MACHINE: HyperV BUGCHECK_CODE: 24 BUGCHECK_P1: b500190619 BUGCHECK_P2: fffff88006c62068 BUGCHECK_P3: fffff88006c618b0 BUGCHECK_P4: fffff801394beb90 EXCEPTION_RECORD: fffff88006c62068 -- (.exr 0xfffff88006c62068) ExceptionAddress: fffff801394beb90 (nt!PsGetProcessCreateTimeQuadPart) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000000002d0 Attempt to read from address 00000000000002d0 CONTEXT: fffff88006c618b0 -- (.cxr 0xfffff88006c618b0) rax=fffffab0008d2010 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff801394beb90 rsp=fffff88006c622a8 rbp=fffff88006c623e0 r8=fffff88006c62440 r9=fffffab00136b010 r10=fffffab005856780 r11=fffff88006c62418 r12=0000000000000000 r13=fffffab005785af0 r14=fffffab005884b58 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282 nt!PsGetProcessCreateTimeQuadPart: fffff801`394beb90 488b81d0020000 mov rax,qword ptr [rcx+2D0h] ds:002b:00000000`000002d0=???????????????? Resetting default scope PROCESS_NAME: System READ_ADDRESS: 00000000000002d0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000000000002d0 EXCEPTION_STR: 0xc0000005 STACK_TEXT: fffff880`06c622a8 fffff880`00aeef43 : 00000000`00000001 00000000`00000000 fffffab0`057f0b00 fffff880`030c3180 : nt!PsGetProcessCreateTimeQuadPart fffff880`06c622b0 fffff880`00b2a12c : 00000000`00000000 fffff880`06c623e0 fffff880`01513180 00000000`0001b000 : vlflt+0x2bf43 fffff880`06c622e0 fffff880`00aceb45 : fffffab0`05884b58 00000000`00000000 fffff880`06c62440 fffff801`394f2200 : vlflt+0x6712c fffff880`06c62420 fffff880`00a51ef3 : fffffab0`05884b58 fffffab0`05884c68 fffff8a0`02765140 fffff880`0190a110 : vlflt+0xbb45 fffff880`06c62460 fffff880`00a5368e : fffffab0`021a1000 00000000`00000000 fffff880`05ad85a8 fffffab0`058841e0 : fltmgr!FltReleaseContext+0x2f3 fffff880`06c62530 fffff801`3950a5f6 : fffffab0`05785af0 fffffab0`01345520 fffffab0`05785f6b fffff880`018d0401 : fltmgr!FltReleaseContext+0x1a8e fffff880`06c625a0 fffff880`01891833 : fffff8a0`02518f00 fffffab0`057d37a0 00000000`00000000 00000000`00000000 : nt!IopfCompleteRequest+0x1b6 fffff880`06c62630 fffff880`01925c2f : 00000000`00000000 fffffab0`058a7700 fffff8a0`02518f30 fffff8a0`02765101 : Ntfs!NtfsExtendedCompleteRequestInternal+0x133 fffff880`06c62660 fffff880`0192457e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff801`39500d1c : Ntfs!NtfsQueryDirectory+0x15eb fffff880`06c629a0 fffff880`0188b0c2 : fffffab0`057d37a0 fffffab0`0019a180 fffff8a0`02765140 fffff8a0`02518f30 : Ntfs!NtfsCommonDirectoryControl+0x2be fffff880`06c62a20 fffff801`3950ad51 : fffff801`39687880 fffffab0`05740780 fffff801`39687880 fffff801`00000002 : Ntfs!NtfsFspDispatch+0x46a fffff880`06c62b60 fffff801`394ad019 : fffffab0`000000fe fffff880`030c3180 fffffab0`001ea540 fffff880`030d3400 : nt!ExpWorkerThread+0x179 fffff880`06c62c00 fffff801`39627a36 : fffff880`030c3180 fffffab0`05740780 fffff880`030d3400 00000000`00000001 : nt!PspSystemThreadStartup+0x151 fffff880`06c62c60 00000000`00000000 : fffff880`06c63000 fffff880`06c5d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 SYMBOL_NAME: vlflt+2bf43 MODULE_NAME: vlflt IMAGE_NAME: vlflt.sys STACK_COMMAND: .cxr 0xfffff88006c618b0 ; kb BUCKET_ID_FUNC_OFFSET: 2bf43 FAILURE_BUCKET_ID: 0x24_vlflt!unknown_function OS_VERSION: 8.0.9200.23516 BUILDLAB_STR: win8_ldr_escrow OSPLATFORM_TYPE: x64 OSNAME: Windows 8 FAILURE_ID_HASH: {86dff9ad-a954-83dc-6755-3f1845400833} Followup: MachineOwner ---------