J
JordanButler3
Over the past 2 days my pc has crashed twice, and earlier in the week it crashed once. Earlier my pc froze but the audio kept playing before eventually it rebooted.
I've used windows debugger to analyse my dump file but i'm not really sure what I'm looking at.
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\110120-66265-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`1c800000 PsLoadedModuleList = 0xfffff803`1d42a310
Debug session time: Sun Nov 1 21:36:45.821 2020 (UTC + 0:00)
System Uptime: 0 days 19:11:05.468
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`1cbf45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff803`2029ce20=0000000000000133
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above. The offending component can usually be
identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: fffff8031d4fb320, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding the cumulative timeout
Arg4: 0000000000000000
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6671
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-07JODNR
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 61842
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 133
BUGCHECK_P1: 1
BUGCHECK_P2: 1e00
BUGCHECK_P3: fffff8031d4fb320
BUGCHECK_P4: 0
DPC_TIMEOUT_TYPE: DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED
TRAP_FRAME: fffff803202958e0 -- (.trap 0xfffff803202958e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd087c83fd00f rbx=0000000000000000 rcx=ffffd087c83fd00e
rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8031cae5d8c rsp=fffff80320295a70 rbp=fffff80320295b70
r8=0000000000000002 r9=0000000000001000 r10=0000000000000000
r11=fffff80320295b80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!EtwpReserveTraceBuffer+0xac:
fffff803`1cae5d8c 0f85a7010000 jne nt!EtwpReserveTraceBuffer+0x259 (fffff803`1cae5f39) [br=0]
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: chrome.exe
DPC_STACK_BASE: FFFFF80320295FB0
STACK_TEXT:
fffff803`2029ce18 fffff803`1cc87a98 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff803`1d4fb320 : nt!KeBugCheckEx
fffff803`2029ce20 fffff803`1cb26993 : 000077f4`1e432524 fffff803`17be1180 00000000`00000000 fffff803`17be1180 : nt!KeAccumulateTicks+0x15dda8
fffff803`2029ce80 fffff803`1cb2647a : fffff803`1d4f38c0 fffff803`20295960 fffff803`1f257900 00000000`00007201 : nt!KeClockInterruptNotify+0x453
fffff803`2029cf30 fffff803`1ca2ecd5 : fffff803`1d4f38c0 fffff803`2029cf40 00000000`00000010 ffff4ca8`c301fb7a : nt!HalpTimerClockIpiRoutine+0x1a
fffff803`2029cf60 fffff803`1cbf604a : fffff803`20295960 fffff803`1d4f38c0 00000000`00000020 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa5
fffff803`2029cfb0 fffff803`1cbf65b7 : ffff9f8b`5b39ae66 ffffd087`cdbd3410 ffffd087`cdb5b000 fffff803`2cb6c05e : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffff803`202958e0 fffff803`1cae5d8c : ffffd087`c84f9000 00000000`00000fe8 ffffd087`c85c6000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
fffff803`20295a70 fffff803`1cae6419 : fffff803`20295a00 fffff803`17be4200 fffff803`20295b70 00000000`00000002 : nt!EtwpReserveTraceBuffer+0xac
fffff803`20295b00 fffff803`1cae55ad : fffff803`17be4240 ffffd087`c84f2000 fffff803`20295f60 fffff803`00000002 : nt!EtwpLogKernelEvent+0x1e9
fffff803`20295bb0 fffff803`1cae4784 : fffff803`17be1180 00000000`00000000 00000000`00000002 00000000`00000004 : nt!KiExecuteAllDpcs+0x41d
fffff803`20295d20 fffff803`1cbfb5e5 : 00000000`00000000 fffff803`17be1180 ffff8000`61e7f3c0 00000000`0000004d : nt!KiRetireDpcList+0x1f4
fffff803`20295fb0 fffff803`1cbfb3d0 : fffff803`1cbf0690 fffff803`1ca7460a ffffd087`d9a6d080 fffff980`a366fb80 : nt!KxRetireDpcList+0x5
fffff980`a366fac0 fffff803`1cbfac85 : 00000000`0000004d fffff803`1cbf6111 00000000`00000012 00000000`00000000 : nt!KiDispatchInterruptContinue
fffff980`a366faf0 fffff803`1cbf6111 : 00000000`00000012 00000000`00000000 00000000`00000000 ffffd087`00000000 : nt!KiDpcInterruptBypass+0x25
fffff980`a366fb00 00007fff`48021775 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatch+0xb1
0000003b`fbdff130 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`48021775
SYMBOL_NAME: nt!KeAccumulateTicks+15dda8
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 15dda8
FAILURE_BUCKET_ID: 0x133_ISR_nt!KeAccumulateTicks
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {65350307-c3b9-f4b5-8829-4d27e9ff9b06}
Followup: MachineOwner
---------
0: kd> lmvm nt
Browse full module list
start end module name
fffff803`1c800000 fffff803`1d846000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\B16053724B46515388FDEA9D0470D02E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\90EE290B1046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 90EE290B (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5FA87
ImageSize: 01046000
File version: 10.0.19041.572
Product version: 10.0.19041.572
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.572
FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
0: kd> lmvm nt
Browse full module list
start end module name
fffff803`1c800000 fffff803`1d846000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\B16053724B46515388FDEA9D0470D02E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\90EE290B1046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 90EE290B (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5FA87
ImageSize: 01046000
File version: 10.0.19041.572
Product version: 10.0.19041.572
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.572
FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Continue reading...
I've used windows debugger to analyse my dump file but i'm not really sure what I'm looking at.
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\110120-66265-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`1c800000 PsLoadedModuleList = 0xfffff803`1d42a310
Debug session time: Sun Nov 1 21:36:45.821 2020 (UTC + 0:00)
System Uptime: 0 days 19:11:05.468
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`1cbf45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff803`2029ce20=0000000000000133
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above. The offending component can usually be
identified with a stack trace.
Arg2: 0000000000001e00, The watchdog period.
Arg3: fffff8031d4fb320, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding the cumulative timeout
Arg4: 0000000000000000
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6671
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-07JODNR
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 61842
Key : Analysis.Memory.CommitPeak.Mb
Value: 84
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 133
BUGCHECK_P1: 1
BUGCHECK_P2: 1e00
BUGCHECK_P3: fffff8031d4fb320
BUGCHECK_P4: 0
DPC_TIMEOUT_TYPE: DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED
TRAP_FRAME: fffff803202958e0 -- (.trap 0xfffff803202958e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd087c83fd00f rbx=0000000000000000 rcx=ffffd087c83fd00e
rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8031cae5d8c rsp=fffff80320295a70 rbp=fffff80320295b70
r8=0000000000000002 r9=0000000000001000 r10=0000000000000000
r11=fffff80320295b80 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!EtwpReserveTraceBuffer+0xac:
fffff803`1cae5d8c 0f85a7010000 jne nt!EtwpReserveTraceBuffer+0x259 (fffff803`1cae5f39) [br=0]
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: chrome.exe
DPC_STACK_BASE: FFFFF80320295FB0
STACK_TEXT:
fffff803`2029ce18 fffff803`1cc87a98 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff803`1d4fb320 : nt!KeBugCheckEx
fffff803`2029ce20 fffff803`1cb26993 : 000077f4`1e432524 fffff803`17be1180 00000000`00000000 fffff803`17be1180 : nt!KeAccumulateTicks+0x15dda8
fffff803`2029ce80 fffff803`1cb2647a : fffff803`1d4f38c0 fffff803`20295960 fffff803`1f257900 00000000`00007201 : nt!KeClockInterruptNotify+0x453
fffff803`2029cf30 fffff803`1ca2ecd5 : fffff803`1d4f38c0 fffff803`2029cf40 00000000`00000010 ffff4ca8`c301fb7a : nt!HalpTimerClockIpiRoutine+0x1a
fffff803`2029cf60 fffff803`1cbf604a : fffff803`20295960 fffff803`1d4f38c0 00000000`00000020 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0xa5
fffff803`2029cfb0 fffff803`1cbf65b7 : ffff9f8b`5b39ae66 ffffd087`cdbd3410 ffffd087`cdb5b000 fffff803`2cb6c05e : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
fffff803`202958e0 fffff803`1cae5d8c : ffffd087`c84f9000 00000000`00000fe8 ffffd087`c85c6000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
fffff803`20295a70 fffff803`1cae6419 : fffff803`20295a00 fffff803`17be4200 fffff803`20295b70 00000000`00000002 : nt!EtwpReserveTraceBuffer+0xac
fffff803`20295b00 fffff803`1cae55ad : fffff803`17be4240 ffffd087`c84f2000 fffff803`20295f60 fffff803`00000002 : nt!EtwpLogKernelEvent+0x1e9
fffff803`20295bb0 fffff803`1cae4784 : fffff803`17be1180 00000000`00000000 00000000`00000002 00000000`00000004 : nt!KiExecuteAllDpcs+0x41d
fffff803`20295d20 fffff803`1cbfb5e5 : 00000000`00000000 fffff803`17be1180 ffff8000`61e7f3c0 00000000`0000004d : nt!KiRetireDpcList+0x1f4
fffff803`20295fb0 fffff803`1cbfb3d0 : fffff803`1cbf0690 fffff803`1ca7460a ffffd087`d9a6d080 fffff980`a366fb80 : nt!KxRetireDpcList+0x5
fffff980`a366fac0 fffff803`1cbfac85 : 00000000`0000004d fffff803`1cbf6111 00000000`00000012 00000000`00000000 : nt!KiDispatchInterruptContinue
fffff980`a366faf0 fffff803`1cbf6111 : 00000000`00000012 00000000`00000000 00000000`00000000 ffffd087`00000000 : nt!KiDpcInterruptBypass+0x25
fffff980`a366fb00 00007fff`48021775 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatch+0xb1
0000003b`fbdff130 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`48021775
SYMBOL_NAME: nt!KeAccumulateTicks+15dda8
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.572
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 15dda8
FAILURE_BUCKET_ID: 0x133_ISR_nt!KeAccumulateTicks
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {65350307-c3b9-f4b5-8829-4d27e9ff9b06}
Followup: MachineOwner
---------
0: kd> lmvm nt
Browse full module list
start end module name
fffff803`1c800000 fffff803`1d846000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\B16053724B46515388FDEA9D0470D02E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\90EE290B1046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 90EE290B (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5FA87
ImageSize: 01046000
File version: 10.0.19041.572
Product version: 10.0.19041.572
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.572
FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
0: kd> lmvm nt
Browse full module list
start end module name
fffff803`1c800000 fffff803`1d846000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\B16053724B46515388FDEA9D0470D02E1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\90EE290B1046000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 90EE290B (This is a reproducible build file hash, not a timestamp)
CheckSum: 00A5FA87
ImageSize: 01046000
File version: 10.0.19041.572
Product version: 10.0.19041.572
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.19041.572
FileVersion: 10.0.19041.572 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
Continue reading...