C
caolong32
Please help. About two weeks ago my Windows Server 2016 is BSOD and rebooting. Can't figure out what the problem is. Here is my dump analysis:
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\nguyenl\Desktop\New folder (2)\012920-5859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`2500b000 PsLoadedModuleList = 0xfffff800`2530e020
Debug session time: Wed Jan 29 12:27:34.516 2020 (UTC - 8:00)
System Uptime: 0 days 5:26:42.253
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000000, Address of the instruction which caused the bugcheck
Arg3: ffffa1810dda82b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 12/12/2018
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: 0
BUGCHECK_P3: ffffa1810dda82b0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
+0
00000000`00000000 ?? ???
CONTEXT: ffffa1810dda82b0 -- (.cxr 0xffffa1810dda82b0)
rax=0000000000000002 rbx=ffffb88db4ac7118 rcx=ffffb88db4ed6840
rdx=ffffb88db6297e10 rsi=ffffe50c528a4048 rdi=ffffb88db4ac73a0
rip=0000000000000000 rsp=ffffa1810dda8ca0 rbp=ffffe50cc0000010
r8=ffffb88db3d92080 r9=ffffa1810b367180 r10=ffffb88db26946a0
r11=ffffb88db4ed6840 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=fffff8031d9fa000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
00000000`00000000 ?? ???
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 4
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 0
CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
PROCESS_NAME: lfs.exe
CURRENT_IRQL: 1
ANALYSIS_SESSION_HOST: 25I4GVBMR2
ANALYSIS_SESSION_TIME: 01-29-2020 14:59:06.0208
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from ffffb88db4ac73a0 to 0000000000000000
IP_IN_FREE_BLOCK: 0
STACK_TEXT:
ffffa181`0dda8ca0 ffffb88d`b4ac73a0 : ffffe50c`49fe10e8 fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 : 0x0
ffffa181`0dda8ca8 ffffe50c`49fe10e8 : fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a : 0xffffb88d`b4ac73a0
ffffa181`0dda8cb0 fffff803`00000028 : ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 : 0xffffe50c`49fe10e8
ffffa181`0dda8cb8 ffffe50c`4835d1a0 : ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 : 0xfffff803`00000028
ffffa181`0dda8cc0 ffffe50c`52b97010 : fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 00000000`00000000 : 0xffffe50c`4835d1a0
ffffa181`0dda8cc8 fffff800`2510095a : 00000000`00000103 fffff803`1d9e5604 00000000`00000000 ffffb88d`b4956c88 : 0xffffe50c`52b97010
ffffa181`0dda8cd0 fffff803`1d9e7822 : ffffe50c`528a4010 ffffe50c`00000000 00000000`00000103 ffffe50c`49fe10d0 : nt!ExAcquirePushLockExclusiveEx+0x13a
ffffa181`0dda8d10 fffff803`1d9e72e8 : ffffe50c`00000000 fffff803`000000e0 01d5886c`d57f6895 00000000`00000000 : peerdistkm!ProcessTrackers+0x4c6
ffffa181`0dda8e20 fffff803`1d9e6e05 : ffffe50c`528a4010 ffffe50c`4914e010 ffffe50c`49fe10d0 ffffe50c`00000000 : peerdistkm!QueueTracker+0x98
ffffa181`0dda8e60 fffff803`1da01df0 : 00000000`00000000 ffffb88d`b4956c88 ffffa181`0dda9020 ffffb88d`b4956c40 : peerdistkm!CreateTransferObject+0x4c9
ffffa181`0dda8ed0 fffff803`1d5df4f1 : 00000000`00000103 ffffb88d`bc36d1e8 ffffa181`0dda9259 00000000`00000000 : peerdistkm!VtHkePublishResponse+0xf00
ffffa181`0dda9120 fffff803`1d687d34 : ffffb88d`b9493780 ffffa181`0dda9259 ffffb88d`bf110010 00000000`00000000 : HTTP!UlHkeIndicatePublishRequest+0xcd
ffffa181`0dda9190 fffff803`1d5cf4c7 : ffffb88d`b81f2460 ffffb88d`b9493780 ffffb88d`b81f2460 ffffb88d`00000000 : HTTP!UlpSendResponseToExtension+0x2e8
ffffa181`0dda92c0 fffff803`1d62c2a9 : ffffb88d`ba4dbe10 000001f0`cc149500 00000000`00000000 ffffb88d`ba4dbe0d : HTTP!UlSendHttpResponse+0x134f7
ffffa181`0dda9390 fffff803`1d5b19c2 : ffffb88d`b4ac7118 fffff800`254b3928 ffffb88d`ba4dbe10 00000000`0000002d : HTTP!UlSendHttpResponseIoctl+0x18a9
ffffa181`0dda97e0 fffff800`25486bc0 : ffffb88d`b36aa570 00000000`00000002 00000000`00000000 fffff803`1d62ca83 : HTTP!UxDeviceControl+0x72
ffffa181`0dda9820 fffff800`25485f5c : ffffb88d`b36aa500 ffffa181`0dda9b04 fffff780`000002dc ffffa181`0dda9b80 : nt!IopSynchronousServiceTail+0x1a0
ffffa181`0dda98e0 fffff800`254851b6 : b88dbf23`6c90a8c9 00000000`00000000 00000000`00000000 000001f0`cb81f540 : nt!IopXxxControlFile+0xd9c
ffffa181`0dda9a20 fffff800`25177903 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffa181`0dda9a90 00007ffe`66a75b24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000042`1f5fe698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`66a75b24
THREAD_SHA1_HASH_MOD_FUNC: bf1237ec8bf5093bd9fc09ee9faf4f858117412a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a4960018624ac19b0f80c66b1b212557457e6f3e
THREAD_SHA1_HASH_MOD: af5aad70cf6610539bb2f12a6684d3fa4cc655e3
FOLLOWUP_IP:
peerdistkm!ProcessTrackers+4c6
fffff803`1d9e7822 8bb42410010000 mov esi,dword ptr [rsp+110h]
FAULT_INSTR_CODE: 1024b48b
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: peerdistkm!ProcessTrackers+4c6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: peerdistkm
IMAGE_NAME: peerdistkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 57899b6e
IMAGE_VERSION: 10.0.14393.0
STACK_COMMAND: .cxr 0xffffa1810dda82b0 ; kb
BUCKET_ID_FUNC_OFFSET: 4c6
FAILURE_BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers
BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers
PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_peerdistkm!ProcessTrackers
TARGET_TIME: 2020-01-29T20:27:34.000Z
OSBUILD: 14393
OSSERVICEPACK: 3383
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-25 21:39:13
BUILDDATESTAMP_STR: 191125-1816
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816
ANALYSIS_SESSION_ELAPSED_TIME: 89e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_c0000005_peerdistkm!processtrackers
FAILURE_ID_HASH: {245cc320-65d6-a580-60b8-b9f6b2cfa945}
Followup: MachineOwner
**************************************************************************************************************************************************
2nd Dump File Analysis
**************************************************************************************************************************************************
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\012820-6015-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`02814000 PsLoadedModuleList = 0xfffff800`02b17020
Debug session time: Tue Jan 28 17:28:06.527 2020 (UTC - 8:00)
System Uptime: 0 days 4:58:11.877
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 12/12/2018
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: 0
BUGCHECK_P3: 8
BUGCHECK_P4: 0
CPU_COUNT: 4
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 0
CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x1E
PROCESS_NAME: lfs.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: 25I4GVBMR2
ANALYSIS_SESSION_TIME: 01-29-2020 15:05:08.0774
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffd18166eceb10 -- (.trap 0xffffd18166eceb10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffd181685efff0 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=ffffd18166ececa0 rbp=ffffaa0a4cb5a2e0
r8=ffffd181685efff0 r9=ffffe38000000000 r10=ffffc28000007920
r11=ffffd18166eceb50 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
00000000`00000000 ?? ???
Resetting default scope
IP_IN_FREE_BLOCK: 0
LAST_CONTROL_TRANSFER: from fffff800029198bd to fffff80002970e00
STACK_TEXT:
ffffd181`66ece278 fffff800`029198bd : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
ffffd181`66ece280 fffff800`02980f02 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x22d
ffffd181`66ece930 fffff800`0297df46 : 00000000`00000001 ffffd181`62a99000 ffffaa0a`00000000 ffff9a06`0a330080 : nt!KiExceptionDispatch+0xc2
ffffd181`66eceb10 00000000`00000000 : 00000000`00000001 00000000`00000000 ffffaa0a`4cb5a010 00000000`00000000 : nt!KiPageFault+0x406
THREAD_SHA1_HASH_MOD_FUNC: 2e9ab7e93b3f60731b8608f9c5cc37cdb42d594f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e0135b9f23b3f301c86826a28800a02c41ff5583
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!KiDispatchException+22d
fffff800`029198bd cc int 3
FAULT_INSTR_CODE: b68b49cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiDispatchException+22d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
IMAGE_VERSION: 10.0.14393.3383
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 22d
FAILURE_BUCKET_ID: 0x1E_nt!KiDispatchException
BUCKET_ID: 0x1E_nt!KiDispatchException
PRIMARY_PROBLEM_CLASS: 0x1E_nt!KiDispatchException
TARGET_TIME: 2020-01-29T01:28:06.000Z
OSBUILD: 14393
OSSERVICEPACK: 3383
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-25 21:39:13
BUILDDATESTAMP_STR: 191125-1816
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816
ANALYSIS_SESSION_ELAPSED_TIME: b84
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1e_nt!kidispatchexception
FAILURE_ID_HASH: {4c003660-11e1-3fb7-2474-3522eb7ee67b}
Followup: MachineOwner
---------
Continue reading...
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\nguyenl\Desktop\New folder (2)\012920-5859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`2500b000 PsLoadedModuleList = 0xfffff800`2530e020
Debug session time: Wed Jan 29 12:27:34.516 2020 (UTC - 8:00)
System Uptime: 0 days 5:26:42.253
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000000, Address of the instruction which caused the bugcheck
Arg3: ffffa1810dda82b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 12/12/2018
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: c0000005
BUGCHECK_P2: 0
BUGCHECK_P3: ffffa1810dda82b0
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
+0
00000000`00000000 ?? ???
CONTEXT: ffffa1810dda82b0 -- (.cxr 0xffffa1810dda82b0)
rax=0000000000000002 rbx=ffffb88db4ac7118 rcx=ffffb88db4ed6840
rdx=ffffb88db6297e10 rsi=ffffe50c528a4048 rdi=ffffb88db4ac73a0
rip=0000000000000000 rsp=ffffa1810dda8ca0 rbp=ffffe50cc0000010
r8=ffffb88db3d92080 r9=ffffa1810b367180 r10=ffffb88db26946a0
r11=ffffb88db4ed6840 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=fffff8031d9fa000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
00000000`00000000 ?? ???
Resetting default scope
BUGCHECK_STR: 0x3B_c0000005
CPU_COUNT: 4
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 0
CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
PROCESS_NAME: lfs.exe
CURRENT_IRQL: 1
ANALYSIS_SESSION_HOST: 25I4GVBMR2
ANALYSIS_SESSION_TIME: 01-29-2020 14:59:06.0208
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from ffffb88db4ac73a0 to 0000000000000000
IP_IN_FREE_BLOCK: 0
STACK_TEXT:
ffffa181`0dda8ca0 ffffb88d`b4ac73a0 : ffffe50c`49fe10e8 fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 : 0x0
ffffa181`0dda8ca8 ffffe50c`49fe10e8 : fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a : 0xffffb88d`b4ac73a0
ffffa181`0dda8cb0 fffff803`00000028 : ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 : 0xffffe50c`49fe10e8
ffffa181`0dda8cb8 ffffe50c`4835d1a0 : ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 : 0xfffff803`00000028
ffffa181`0dda8cc0 ffffe50c`52b97010 : fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 00000000`00000000 : 0xffffe50c`4835d1a0
ffffa181`0dda8cc8 fffff800`2510095a : 00000000`00000103 fffff803`1d9e5604 00000000`00000000 ffffb88d`b4956c88 : 0xffffe50c`52b97010
ffffa181`0dda8cd0 fffff803`1d9e7822 : ffffe50c`528a4010 ffffe50c`00000000 00000000`00000103 ffffe50c`49fe10d0 : nt!ExAcquirePushLockExclusiveEx+0x13a
ffffa181`0dda8d10 fffff803`1d9e72e8 : ffffe50c`00000000 fffff803`000000e0 01d5886c`d57f6895 00000000`00000000 : peerdistkm!ProcessTrackers+0x4c6
ffffa181`0dda8e20 fffff803`1d9e6e05 : ffffe50c`528a4010 ffffe50c`4914e010 ffffe50c`49fe10d0 ffffe50c`00000000 : peerdistkm!QueueTracker+0x98
ffffa181`0dda8e60 fffff803`1da01df0 : 00000000`00000000 ffffb88d`b4956c88 ffffa181`0dda9020 ffffb88d`b4956c40 : peerdistkm!CreateTransferObject+0x4c9
ffffa181`0dda8ed0 fffff803`1d5df4f1 : 00000000`00000103 ffffb88d`bc36d1e8 ffffa181`0dda9259 00000000`00000000 : peerdistkm!VtHkePublishResponse+0xf00
ffffa181`0dda9120 fffff803`1d687d34 : ffffb88d`b9493780 ffffa181`0dda9259 ffffb88d`bf110010 00000000`00000000 : HTTP!UlHkeIndicatePublishRequest+0xcd
ffffa181`0dda9190 fffff803`1d5cf4c7 : ffffb88d`b81f2460 ffffb88d`b9493780 ffffb88d`b81f2460 ffffb88d`00000000 : HTTP!UlpSendResponseToExtension+0x2e8
ffffa181`0dda92c0 fffff803`1d62c2a9 : ffffb88d`ba4dbe10 000001f0`cc149500 00000000`00000000 ffffb88d`ba4dbe0d : HTTP!UlSendHttpResponse+0x134f7
ffffa181`0dda9390 fffff803`1d5b19c2 : ffffb88d`b4ac7118 fffff800`254b3928 ffffb88d`ba4dbe10 00000000`0000002d : HTTP!UlSendHttpResponseIoctl+0x18a9
ffffa181`0dda97e0 fffff800`25486bc0 : ffffb88d`b36aa570 00000000`00000002 00000000`00000000 fffff803`1d62ca83 : HTTP!UxDeviceControl+0x72
ffffa181`0dda9820 fffff800`25485f5c : ffffb88d`b36aa500 ffffa181`0dda9b04 fffff780`000002dc ffffa181`0dda9b80 : nt!IopSynchronousServiceTail+0x1a0
ffffa181`0dda98e0 fffff800`254851b6 : b88dbf23`6c90a8c9 00000000`00000000 00000000`00000000 000001f0`cb81f540 : nt!IopXxxControlFile+0xd9c
ffffa181`0dda9a20 fffff800`25177903 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffa181`0dda9a90 00007ffe`66a75b24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000042`1f5fe698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`66a75b24
THREAD_SHA1_HASH_MOD_FUNC: bf1237ec8bf5093bd9fc09ee9faf4f858117412a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a4960018624ac19b0f80c66b1b212557457e6f3e
THREAD_SHA1_HASH_MOD: af5aad70cf6610539bb2f12a6684d3fa4cc655e3
FOLLOWUP_IP:
peerdistkm!ProcessTrackers+4c6
fffff803`1d9e7822 8bb42410010000 mov esi,dword ptr [rsp+110h]
FAULT_INSTR_CODE: 1024b48b
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: peerdistkm!ProcessTrackers+4c6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: peerdistkm
IMAGE_NAME: peerdistkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 57899b6e
IMAGE_VERSION: 10.0.14393.0
STACK_COMMAND: .cxr 0xffffa1810dda82b0 ; kb
BUCKET_ID_FUNC_OFFSET: 4c6
FAILURE_BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers
BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers
PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_peerdistkm!ProcessTrackers
TARGET_TIME: 2020-01-29T20:27:34.000Z
OSBUILD: 14393
OSSERVICEPACK: 3383
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-25 21:39:13
BUILDDATESTAMP_STR: 191125-1816
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816
ANALYSIS_SESSION_ELAPSED_TIME: 89e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_c0000005_peerdistkm!processtrackers
FAILURE_ID_HASH: {245cc320-65d6-a580-60b8-b9f6b2cfa945}
Followup: MachineOwner
**************************************************************************************************************************************************
2nd Dump File Analysis
**************************************************************************************************************************************************
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\012820-6015-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`02814000 PsLoadedModuleList = 0xfffff800`02b17020
Debug session time: Tue Jan 28 17:28:06.527 2020 (UTC - 8:00)
System Uptime: 0 days 4:58:11.877
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 12/12/2018
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: 0
BUGCHECK_P3: 8
BUGCHECK_P4: 0
CPU_COUNT: 4
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3f
CPU_STEPPING: 0
CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x1E
PROCESS_NAME: lfs.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: 25I4GVBMR2
ANALYSIS_SESSION_TIME: 01-29-2020 15:05:08.0774
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffd18166eceb10 -- (.trap 0xffffd18166eceb10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffd181685efff0 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=ffffd18166ececa0 rbp=ffffaa0a4cb5a2e0
r8=ffffd181685efff0 r9=ffffe38000000000 r10=ffffc28000007920
r11=ffffd18166eceb50 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
00000000`00000000 ?? ???
Resetting default scope
IP_IN_FREE_BLOCK: 0
LAST_CONTROL_TRANSFER: from fffff800029198bd to fffff80002970e00
STACK_TEXT:
ffffd181`66ece278 fffff800`029198bd : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
ffffd181`66ece280 fffff800`02980f02 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x22d
ffffd181`66ece930 fffff800`0297df46 : 00000000`00000001 ffffd181`62a99000 ffffaa0a`00000000 ffff9a06`0a330080 : nt!KiExceptionDispatch+0xc2
ffffd181`66eceb10 00000000`00000000 : 00000000`00000001 00000000`00000000 ffffaa0a`4cb5a010 00000000`00000000 : nt!KiPageFault+0x406
THREAD_SHA1_HASH_MOD_FUNC: 2e9ab7e93b3f60731b8608f9c5cc37cdb42d594f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e0135b9f23b3f301c86826a28800a02c41ff5583
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!KiDispatchException+22d
fffff800`029198bd cc int 3
FAULT_INSTR_CODE: b68b49cc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KiDispatchException+22d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81
IMAGE_VERSION: 10.0.14393.3383
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 22d
FAILURE_BUCKET_ID: 0x1E_nt!KiDispatchException
BUCKET_ID: 0x1E_nt!KiDispatchException
PRIMARY_PROBLEM_CLASS: 0x1E_nt!KiDispatchException
TARGET_TIME: 2020-01-29T01:28:06.000Z
OSBUILD: 14393
OSSERVICEPACK: 3383
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-11-25 21:39:13
BUILDDATESTAMP_STR: 191125-1816
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816
ANALYSIS_SESSION_ELAPSED_TIME: b84
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1e_nt!kidispatchexception
FAILURE_ID_HASH: {4c003660-11e1-3fb7-2474-3522eb7ee67b}
Followup: MachineOwner
---------
Continue reading...