ascFilter.sys and ascregistryfilter.sys causing BSOD

[Kittyfuzz]

Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Temp\050622-11046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 22616 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 22616.1.amd64fre.ni_release.220502-1800
Machine Name:
Kernel base = 0xfffff801`51400000 PsLoadedModuleList = 0xfffff801`52013010
Debug session time: Fri May  6 04:32:02.743 2022 (UTC - 4:00)
System Uptime: 0 days 0:32:24.386
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
...........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`5181d040 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff103`f8430060=000000000000000a
8: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000d0fa50, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80151668644, address which referenced memory

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2296

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 3285

    Key  : Analysis.Init.CPU.mSec
    Value: 140

    Key  : Analysis.Init.Elapsed.mSec
    Value: 3266

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 97

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-02T18:00:00Z

    Key  : WER.OS.Version
    Value: 10.0.22616.1


FILE_IN_CAB:  050622-11046-01.dmp

BUGCHECK_CODE:  a

BUGCHECK_P1: d0fa50

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80151668644

READ_ADDRESS: fffff8015211c468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 0000000000d0fa50 

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  svchost.exe

TRAP_FRAME:  fffff103f84301a0 -- (.trap 0xfffff103f84301a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000d0fa50 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000d0fa58 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80151668644 rsp=fffff103f8430330 rbp=fffff103f8430501
 r8=0000000078c42fd6  r9=43ec96e478b22fd6 r10=0000000000005000
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!RtlpHpVsChunkSplit+0xd24:
fffff801`51668644 3300            xor     eax,dword ptr [rax] ds:00000000`00d0fa50=????????
Resetting default scope

STACK_TEXT:  
fffff103`f8430058 fffff801`518300a9     : 00000000`0000000a 00000000`00d0fa50 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff103`f8430060 fffff801`5182bfe8     : 00000000`00000040 fffff103`f84301d0 ffff948f`f7d17000 00000000`00001000 : nt!KiBugCheckDispatch+0x69
fffff103`f84301a0 fffff801`51668644     : 00000000`00000000 00000000`00000b78 ffff948f`f7d17880 ffff948f`f70002c0 : nt!KiPageFault+0x468
fffff103`f8430330 fffff801`51667787     : 00010000`00000000 00000000`00000001 0001008a`00000b78 ffffe001`0000008a : nt!RtlpHpVsChunkSplit+0xd24
fffff103`f84303e0 fffff801`516986b2     : fffff801`00000089 ffff9481`00000880 ffff948f`0000008a 00000000`00000000 : nt!RtlpHpVsContextAllocateInternal+0x227
fffff103`f8430450 fffff801`51697f6f     : 00000000`00000000 fffff103`f84308c0 fffff103`636f6d70 00000000`00000000 : nt!ExAllocateHeapPool+0x712
fffff103`f8430560 fffff801`51e98cee     : 00000000`00000000 fffff103`f8430b60 ffff948f`f7d16010 00000000`00000000 : nt!ExpAllocatePoolWithTagFromNode+0x5f
fffff103`f84305b0 fffff801`ac602a4c     : 00000000`00000000 fffff103`f8430b60 ffff948f`f7d16010 00000000`000000c2 : nt!ExAllocatePoolWithTag+0x2e
fffff103`f84305f0 00000000`00000000     : fffff103`f8430b60 ffff948f`f7d16010 00000000`000000c2 00000000`00040282 : AscRegistryFilter+0x2a4c


SYMBOL_NAME:  AscRegistryFilter+2a4c

MODULE_NAME: AscRegistryFilter

IMAGE_NAME:  AscRegistryFilter.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  2a4c

FAILURE_BUCKET_ID:  AV_AscRegistryFilter!unknown_function

OS_VERSION:  10.0.22616.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {d3b677b2-ed06-6d9d-4dea-8947ecc81b41}

Followup:     MachineOwner
---------

[Scannan]

In Registry Clean settings, do you have...Enable Deep Clean.....selected.

If so, you should disable it, as the Deep clean is very aggressive and can cause issues.

See if this prevents your issue.