Major Description
The problem has been found by fuzzing the NtFindAtom() API using my fork of ROCALL, using: ROCALL.EXE -sc 80 -pc 65540 .
An EXCEPTION_DOUBLE_FAULT (Trap08) is emitted, which is best debugged using this local commit (since Trap08 has a TSS frame).
See the attached debug log.
Problems happen when RtlpExecuteHandlerForException() is called with a NULL RegistrationFrame->Handler for whatever reason (corrupted stack?)
Cc ThePhysicist and ThFabba.