S
Steve Sankey
We have a 2016 standard server running on VMware that is randomly crashing, Yesterday the windows Update service was hung starting during this crash. Below is the .dmp that was created and analyzed. Any help with tracking down the root cause would be appreciated.
Microsoft (R) Windows Debugger Version 10.0.18239.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\me\Desktop\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*Symbol information
Symbol search path is: srv*c:\symbols*Symbol information
Executable search path is:
Windows 10 Kernel Version 14393 MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.2665.amd64fre.rs1_release.181203-1755
Machine Name:
Kernel base = 0xfffff800`3dc81000 PsLoadedModuleList = 0xfffff800`3df83220
Debug session time: Mon Jan 28 13:04:08.766 2019 (UTC - 5:00)
System Uptime: 17 days 16:31:45.525
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
........................Unable to read NT module Base Name string at 00000000`00f231ae - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..........................Unable to read NT module Base Name string at 00000000`1a6b02d8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1a6e6dc8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.............
....Unable to read NT module Base Name string at 00000000`1a77c14a - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
...Unable to read NT module Base Name string at 00000000`1a6fa778 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
....................Unable to read NT module Base Name string at 00000000`1ade2428 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1ade20b8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1ade2e28 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ade2bf8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ade2248 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ae693c4 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.................Unable to read NT module Base Name string at 00000000`1d078910 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1db1fae8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1db11040 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1db113a0 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1dafb3f8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1dafb1c8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1dafb218 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1dafb358 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
...
...Unable to read NT module Base Name string at 00000000`1aee5608 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.........
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck EF, {ffff95812b3fa840, 0, 0, 0}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
nt!KeBugCheckEx:
fffff800`3dddd990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffae01`71b6e980=00000000000000ef
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff95812b3fa840, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 14393.2665.amd64fre.rs1_release.181203-1755
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 04/05/2016
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 1
BUGCHECK_P1: ffff95812b3fa840
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: svchost.exe
CRITICAL_PROCESS: svchost.exe
EXCEPTION_CODE: (Win32) 0x45a6b080 (1168552064) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x45a6b080 - <Unable to get error code text>
CPU_COUNT: 8
CPU_MHZ: a21
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3e
CPU_STEPPING: 4
CPU_MICROCODE: 6,3e,4,0 (F,M,S,R) SIG: 42C'00000000 (cache) 42C'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: mypc
ANALYSIS_SESSION_TIME: 01-29-2019 09:05:48.0108
ANALYSIS_VERSION: 10.0.18239.1000 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
STACK_TEXT:
ffffae01`71b6e978 fffff800`3e2febb2 : 00000000`000000ef ffff9581`2b3fa840 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffae01`71b6e980 fffff800`3e22345b : ffff9581`2b3fa840 ffff9581`45a6b400 00000000`00000000 00000000`00000000 : nt!PspCatchCriticalBreak+0xd6
ffffae01`71b6e9e0 fffff800`3e08ea7d : ffff9581`00000001 ffff9581`2b3fa840 ffff9581`45a6b400 00000000`00000000 : nt!PspTerminateAllThreads+0x160bcb
ffffae01`71b6ea50 fffff800`3e08e834 : ffff9581`2b2c6840 00000000`00000000 ffff9581`2b3fa840 ffff9581`45a6b080 : nt!PspTerminateProcess+0x101
ffffae01`71b6ea90 fffff800`3dded503 : ffff9581`2b3fa840 ffff9581`45a6b080 ffffae01`71b6eb80 00000000`00000000 : nt!NtTerminateProcess+0x9c
ffffae01`71b6eb00 00007fff`66976084 : 00007fff`63080399 00000000`2447e960 00000000`00000000 00000000`000036f8 : nt!KiSystemServiceCopyEnd+0x13
00000000`2447ab98 00007fff`63080399 : 00000000`2447e960 00000000`00000000 00000000`000036f8 00000000`000036f8 : ntdll!NtTerminateProcess+0x14
00000000`2447aba0 00007ffe`fa44c93b : 00000000`2105b0d0 00000000`000036f8 00000000`00000000 00000000`0000008b : KERNELBASE!TerminateProcess+0x29
00000000`2447abd0 00000000`2105b0d0 : 00000000`000036f8 00000000`00000000 00000000`0000008b 00001619`2ce7bd23 : 0x00007ffe`fa44c93b
00000000`2447abd8 00000000`000036f8 : 00000000`00000000 00000000`0000008b 00001619`2ce7bd23 00007fff`59459948 : 0x2105b0d0
00000000`2447abe0 00000000`00000000 : 00000000`0000008b 00001619`2ce7bd23 00007fff`59459948 00000000`2447ead8 : 0x36f8
THREAD_SHA1_HASH_MOD_FUNC: 0be890b1a48bf1baa08ac924c66917067caad9cc
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1779d4ecfc0644640d017947e636cb43df8bd61c
THREAD_SHA1_HASH_MOD: a21d3cbacffbf1683d4a2fe600473dcea6a15ed6
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
TARGET_TIME: 2019-01-28T18:04:08.000Z
OSBUILD: 14393
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-12-04 00:14:50
BUILDDATESTAMP_STR: 181203-1755
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.2665.amd64fre.rs1_release.181203-1755
ANALYSIS_SESSION_ELAPSED_TIME: ce2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_terminated_by_ltsvc.exe_45a6b080_analysis_inconclusive!unknown_function
FAILURE_ID_HASH: {776877d2-3d8b-5e37-66b6-5f7f7fdde811}
Followup: MachineOwner
---------
Continue reading...
Microsoft (R) Windows Debugger Version 10.0.18239.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\me\Desktop\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*Symbol information
Symbol search path is: srv*c:\symbols*Symbol information
Executable search path is:
Windows 10 Kernel Version 14393 MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.2665.amd64fre.rs1_release.181203-1755
Machine Name:
Kernel base = 0xfffff800`3dc81000 PsLoadedModuleList = 0xfffff800`3df83220
Debug session time: Mon Jan 28 13:04:08.766 2019 (UTC - 5:00)
System Uptime: 17 days 16:31:45.525
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
........................Unable to read NT module Base Name string at 00000000`00f231ae - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..........................Unable to read NT module Base Name string at 00000000`1a6b02d8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1a6e6dc8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.............
....Unable to read NT module Base Name string at 00000000`1a77c14a - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
...Unable to read NT module Base Name string at 00000000`1a6fa778 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
....................Unable to read NT module Base Name string at 00000000`1ade2428 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1ade20b8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1ade2e28 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ade2bf8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ade2248 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1ae693c4 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.................Unable to read NT module Base Name string at 00000000`1d078910 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1db1fae8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1db11040 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1db113a0 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1dafb3f8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
..Unable to read NT module Base Name string at 00000000`1dafb1c8 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1dafb218 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.Unable to read NT module Base Name string at 00000000`1dafb358 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
...
...Unable to read NT module Base Name string at 00000000`1aee5608 - NTSTATUS 0xC0000147
Missing image name, possible paged-out or corrupt data.
.........
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck EF, {ffff95812b3fa840, 0, 0, 0}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
nt!KeBugCheckEx:
fffff800`3dddd990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffae01`71b6e980=00000000000000ef
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff95812b3fa840, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 14393.2665.amd64fre.rs1_release.181203-1755
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 04/05/2016
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 1
BUGCHECK_P1: ffff95812b3fa840
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: svchost.exe
CRITICAL_PROCESS: svchost.exe
EXCEPTION_CODE: (Win32) 0x45a6b080 (1168552064) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x45a6b080 - <Unable to get error code text>
CPU_COUNT: 8
CPU_MHZ: a21
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3e
CPU_STEPPING: 4
CPU_MICROCODE: 6,3e,4,0 (F,M,S,R) SIG: 42C'00000000 (cache) 42C'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: mypc
ANALYSIS_SESSION_TIME: 01-29-2019 09:05:48.0108
ANALYSIS_VERSION: 10.0.18239.1000 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
STACK_TEXT:
ffffae01`71b6e978 fffff800`3e2febb2 : 00000000`000000ef ffff9581`2b3fa840 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffae01`71b6e980 fffff800`3e22345b : ffff9581`2b3fa840 ffff9581`45a6b400 00000000`00000000 00000000`00000000 : nt!PspCatchCriticalBreak+0xd6
ffffae01`71b6e9e0 fffff800`3e08ea7d : ffff9581`00000001 ffff9581`2b3fa840 ffff9581`45a6b400 00000000`00000000 : nt!PspTerminateAllThreads+0x160bcb
ffffae01`71b6ea50 fffff800`3e08e834 : ffff9581`2b2c6840 00000000`00000000 ffff9581`2b3fa840 ffff9581`45a6b080 : nt!PspTerminateProcess+0x101
ffffae01`71b6ea90 fffff800`3dded503 : ffff9581`2b3fa840 ffff9581`45a6b080 ffffae01`71b6eb80 00000000`00000000 : nt!NtTerminateProcess+0x9c
ffffae01`71b6eb00 00007fff`66976084 : 00007fff`63080399 00000000`2447e960 00000000`00000000 00000000`000036f8 : nt!KiSystemServiceCopyEnd+0x13
00000000`2447ab98 00007fff`63080399 : 00000000`2447e960 00000000`00000000 00000000`000036f8 00000000`000036f8 : ntdll!NtTerminateProcess+0x14
00000000`2447aba0 00007ffe`fa44c93b : 00000000`2105b0d0 00000000`000036f8 00000000`00000000 00000000`0000008b : KERNELBASE!TerminateProcess+0x29
00000000`2447abd0 00000000`2105b0d0 : 00000000`000036f8 00000000`00000000 00000000`0000008b 00001619`2ce7bd23 : 0x00007ffe`fa44c93b
00000000`2447abd8 00000000`000036f8 : 00000000`00000000 00000000`0000008b 00001619`2ce7bd23 00007fff`59459948 : 0x2105b0d0
00000000`2447abe0 00000000`00000000 : 00000000`0000008b 00001619`2ce7bd23 00007fff`59459948 00000000`2447ead8 : 0x36f8
THREAD_SHA1_HASH_MOD_FUNC: 0be890b1a48bf1baa08ac924c66917067caad9cc
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1779d4ecfc0644640d017947e636cb43df8bd61c
THREAD_SHA1_HASH_MOD: a21d3cbacffbf1683d4a2fe600473dcea6a15ed6
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_LTSVC.exe_45a6b080_ANALYSIS_INCONCLUSIVE!unknown_function
TARGET_TIME: 2019-01-28T18:04:08.000Z
OSBUILD: 14393
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-12-04 00:14:50
BUILDDATESTAMP_STR: 181203-1755
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.2665.amd64fre.rs1_release.181203-1755
ANALYSIS_SESSION_ELAPSED_TIME: ce2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_terminated_by_ltsvc.exe_45a6b080_analysis_inconclusive!unknown_function
FAILURE_ID_HASH: {776877d2-3d8b-5e37-66b6-5f7f7fdde811}
Followup: MachineOwner
---------
Continue reading...