P
Prab Ramady
Due to unknown reason, our Windows 2016 servers reboots abruptly and it happens sporadically.(Not due to patches etc.) It creates a crash dump file each time it happens and based on the WinDbg, here is the analysis. It would be helpful, if someone could elaborate on the analysis.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff8f012e8bd9c8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80c66812158, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000001, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for PROCEXP152.SYS
Could not read faulting driver name
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3442.amd64fre.rs1_release.191219-1727
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 04/05/2016
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 2
BUGCHECK_P1: ffff8f012e8bd9c8
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80c66812158
BUGCHECK_P4: 1
READ_ADDRESS: fffff800855b4338: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffff8f012e8bd9c8
FAULTING_IP:
PROCEXP152+2158
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax]
MM_INTERNAL_CODE: 1
CPU_COUNT: 4
CPU_MHZ: ce4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2d
CPU_STEPPING: 2
CPU_MICROCODE: 6,2d,2,0 (F,M,S,R) SIG: 714'00000000 (cache) 714'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: AV
PROCESS_NAME: handle64.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: W1970509
ANALYSIS_SESSION_TIME: 03-24-2020 12:10:46.0766
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: ffff8f012f8dc260 -- (.trap 0xffff8f012f8dc260)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8f012e8bd9c8 rbx=0000000000000000 rcx=0000000000000001
rdx=ffffc6021084cea0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80c66812158 rsp=ffff8f012f8dc3f0 rbp=0000000000000002
r8=ffffd881cfbbd044 r9=0000000000000800 r10=ffffd881d0c4f400
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
PROCEXP152+0x2158:
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax] ds:ffff8f01`2e8bd9c8=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800852e9bc3 to fffff8008536be00
STACK_TEXT:
ffff8f01`2f8dbf68 fffff800`852e9bc3 : 00000000`00000050 ffff8f01`2e8bd9c8 00000000`00000000 ffff8f01`2f8dc260 : nt!KeBugCheckEx
ffff8f01`2f8dbf70 fffff800`852c3344 : 00000000`00000000 ffffecff`ffffffff 00000000`001fffff ffff8f01`2e8bd9c8 : nt!MiSystemFault+0xff3
ffff8f01`2f8dc060 fffff800`85378e61 : 00000000`00000000 00000000`00000001 ffffd881`00000000 ffffd881`cf3467d0 : nt!MmAccessFault+0x254
ffff8f01`2f8dc260 fffff80c`66812158 : 00000000`00000000 fffff800`856b76ce ffffd881`d0c4f401 fffff800`00000000 : nt!KiPageFault+0x321
ffff8f01`2f8dc3f0 00000000`00000000 : fffff800`856b76ce ffffd881`d0c4f401 fffff800`00000000 00000000`00000000 : PROCEXP152+0x2158
THREAD_SHA1_HASH_MOD_FUNC: 93e55b7100fa29b429386b8bfa7a2868628058b0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 82de2d946adf35bcdae35e387fcdc1fb147677ec
THREAD_SHA1_HASH_MOD: 90d3f506ccfc306e96bc71d2605fdbd762c13575
FOLLOWUP_IP:
PROCEXP152+2158
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax]
FAULT_INSTR_CODE: 10b70f44
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: PROCEXP152+2158
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PROCEXP152
IMAGE_NAME: PROCEXP152.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 53bb8f8b
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2158
FAILURE_BUCKET_ID: AV_R_INVALID_PROCEXP152!unknown_function
BUCKET_ID: AV_R_INVALID_PROCEXP152!unknown_function
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_PROCEXP152!unknown_function
TARGET_TIME: 2020-03-13T04:47:58.000Z
OSBUILD: 14393
OSSERVICEPACK: 3442
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-12-19 23:20:44
BUILDDATESTAMP_STR: 191219-1727
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3442.amd64fre.rs1_release.191219-1727
ANALYSIS_SESSION_ELAPSED_TIME: 5114
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_procexp152!unknown_function
FAILURE_ID_HASH: {3f032f7d-da89-62d5-a8bf-1b449540c094}
Followup: MachineOwner
---------
Continue reading...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff8f012e8bd9c8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80c66812158, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000001, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for PROCEXP152.SYS
Could not read faulting driver name
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 14393.3442.amd64fre.rs1_release.191219-1727
SYSTEM_MANUFACTURER: VMware, Inc.
VIRTUAL_MACHINE: VMware
SYSTEM_PRODUCT_NAME: VMware Virtual Platform
SYSTEM_VERSION: None
BIOS_VENDOR: Phoenix Technologies LTD
BIOS_VERSION: 6.00
BIOS_DATE: 04/05/2016
BASEBOARD_MANUFACTURER: Intel Corporation
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 2
BUGCHECK_P1: ffff8f012e8bd9c8
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80c66812158
BUGCHECK_P4: 1
READ_ADDRESS: fffff800855b4338: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffff8f012e8bd9c8
FAULTING_IP:
PROCEXP152+2158
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax]
MM_INTERNAL_CODE: 1
CPU_COUNT: 4
CPU_MHZ: ce4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2d
CPU_STEPPING: 2
CPU_MICROCODE: 6,2d,2,0 (F,M,S,R) SIG: 714'00000000 (cache) 714'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: AV
PROCESS_NAME: handle64.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: W1970509
ANALYSIS_SESSION_TIME: 03-24-2020 12:10:46.0766
ANALYSIS_VERSION: 10.0.18362.1 amd64fre
TRAP_FRAME: ffff8f012f8dc260 -- (.trap 0xffff8f012f8dc260)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8f012e8bd9c8 rbx=0000000000000000 rcx=0000000000000001
rdx=ffffc6021084cea0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80c66812158 rsp=ffff8f012f8dc3f0 rbp=0000000000000002
r8=ffffd881cfbbd044 r9=0000000000000800 r10=ffffd881d0c4f400
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
PROCEXP152+0x2158:
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax] ds:ffff8f01`2e8bd9c8=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800852e9bc3 to fffff8008536be00
STACK_TEXT:
ffff8f01`2f8dbf68 fffff800`852e9bc3 : 00000000`00000050 ffff8f01`2e8bd9c8 00000000`00000000 ffff8f01`2f8dc260 : nt!KeBugCheckEx
ffff8f01`2f8dbf70 fffff800`852c3344 : 00000000`00000000 ffffecff`ffffffff 00000000`001fffff ffff8f01`2e8bd9c8 : nt!MiSystemFault+0xff3
ffff8f01`2f8dc060 fffff800`85378e61 : 00000000`00000000 00000000`00000001 ffffd881`00000000 ffffd881`cf3467d0 : nt!MmAccessFault+0x254
ffff8f01`2f8dc260 fffff80c`66812158 : 00000000`00000000 fffff800`856b76ce ffffd881`d0c4f401 fffff800`00000000 : nt!KiPageFault+0x321
ffff8f01`2f8dc3f0 00000000`00000000 : fffff800`856b76ce ffffd881`d0c4f401 fffff800`00000000 00000000`00000000 : PROCEXP152+0x2158
THREAD_SHA1_HASH_MOD_FUNC: 93e55b7100fa29b429386b8bfa7a2868628058b0
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 82de2d946adf35bcdae35e387fcdc1fb147677ec
THREAD_SHA1_HASH_MOD: 90d3f506ccfc306e96bc71d2605fdbd762c13575
FOLLOWUP_IP:
PROCEXP152+2158
fffff80c`66812158 440fb710 movzx r10d,word ptr [rax]
FAULT_INSTR_CODE: 10b70f44
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: PROCEXP152+2158
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PROCEXP152
IMAGE_NAME: PROCEXP152.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 53bb8f8b
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2158
FAILURE_BUCKET_ID: AV_R_INVALID_PROCEXP152!unknown_function
BUCKET_ID: AV_R_INVALID_PROCEXP152!unknown_function
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_PROCEXP152!unknown_function
TARGET_TIME: 2020-03-13T04:47:58.000Z
OSBUILD: 14393
OSSERVICEPACK: 3442
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 Server TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-12-19 23:20:44
BUILDDATESTAMP_STR: 191219-1727
BUILDLAB_STR: rs1_release
BUILDOSVER_STR: 10.0.14393.3442.amd64fre.rs1_release.191219-1727
ANALYSIS_SESSION_ELAPSED_TIME: 5114
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_procexp152!unknown_function
FAILURE_ID_HASH: {3f032f7d-da89-62d5-a8bf-1b449540c094}
Followup: MachineOwner
---------
Continue reading...