A BSOD is seen on Windows machines where high I/O requests are seen. A similar stack trace is found in the memory.dmp

nt!KeBugCheckEx
nt!KiBugCheckDispatch+0x69
nt!KiFastFailDispatch+0xd0
nt!KiRaiseSecurityCheckFailure+0x31d
cbk7+0x2145a
nt!IoCsqInsertIrpEx+0xa9
nt!IoCsqInsertIrp+0xc
cbk7+0x21984
cbk7+0x308c
nt!IofCallDriver+0x59
nt!IopSynchronousServiceTail+0x1b1
nt!IopXxxControlFile+0xe61
nt!NtDeviceIoControlFile+0x56
nt!KiSystemServiceCopyEnd+0x25
0x00007ffa`da3f00b4

• Carbon Black EDR Sensor: 7.4.1
• Microsoft Windows: All Supported Versions

Previously in EDR queue IRP used inside the cancel safe queue are protected by FAST_MUTEX and lock/unlock was functioning properly. The issue of link_list corruption start occurring when cancelsafequeue callback called at DISPATCH_LEVEL, then synchronization using FAST_MUTEX won't work properly leading to release of IRP from queue.

Upgrade to 7.5.0 Windows Sensor when available. 

• This issue is only seen with machines with high I/O requests, as these increase it could cause the machine to BSOD.