H
Hasan Obaydi
Hi,
Intermittently my machine has been restarting with no apparent error or BSOD. I've been able to track the respective error Event Viewer and have opened the dmp file using WinDbg Preview but I can't make sense of the information.
Can anyone please help or advise on what the below means?
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\User\Desktop\error logs\121720-13000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`41000000 PsLoadedModuleList = 0xfffff807`41c2a2b0
Debug session time: Thu Dec 17 19:38:27.308 2020 (UTC + 0:00)
System Uptime: 6 days 12:24:15.790
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`413f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe006`2f5d0e10=00000000000000ef
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffaa0fbff7e080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 13484
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on HASAN-DESKTOP
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 21509
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffaa0fbff7e080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: services.exe
CRITICAL_PROCESS: services.exe
EXCEPTION_RECORD: ffffe0062f5d1910 -- (.exr 0xffffe0062f5d1910)
ExceptionAddress: ffffe0062f5d1910
ExceptionCode: 2f5d1b80
ExceptionFlags: ffffe006
NumberParameters: 16
Parameter[0]: ffff572375e58cff
Parameter[1]: 0000000000000000
Parameter[2]: 0000006b33130f01
Parameter[3]: 0000000000000001
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000
ERROR_CODE: (NTSTATUS) 0x2f5d1b80 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
EXCEPTION_CODE_STR: 2f5d1b80
EXCEPTION_PARAMETER1: ffff572375e58cff
EXCEPTION_PARAMETER2: 0000000000000000
EXCEPTION_PARAMETER3: 0000006b33130f01
EXCEPTION_PARAMETER4: 0
EXCEPTION_STR: 0x2f5d1b80
TRAP_FRAME: ffff572375e58cff -- (.trap 0xffff572375e58cff)
Unable to read trap frame at ffff5723`75e58cff
STACK_TEXT:
ffffe006`2f5d0e08 fffff807`419068e2 : 00000000`000000ef ffffaa0f`bff7e080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffe006`2f5d0e10 fffff807`41849b39 : 00000000`00000001 fffff807`4135971d 00000000`00000002 fffff807`41358d37 : nt!PspCatchCriticalBreak+0x10e
ffffe006`2f5d0eb0 fffff807`41709724 : ffffaa0f`00000000 00000000`00000000 ffffaa0f`bff7e080 ffffaa0f`bff7e4b8 : nt!PspTerminateAllThreads+0x140b4d
ffffe006`2f5d0f20 fffff807`41709a4c : ffffaa0f`bff7e080 00000000`00000001 ffffffff`ffffffff 00000000`00000000 : nt!PspTerminateProcess+0xe0
ffffe006`2f5d0f60 fffff807`414071b5 : ffffaa0f`bff7e080 ffffaa0f`cb638080 ffffe006`2f5d1050 fffff807`4171da92 : nt!NtTerminateProcess+0x9c
ffffe006`2f5d0fd0 fffff807`413f95e0 : fffff807`41491307 ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x25
ffffe006`2f5d1168 fffff807`41491307 : ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff 00007ff7`eb3a7a68 : nt!KiServiceLinkage
ffffe006`2f5d1170 fffff807`414078ac : ffffe006`2f5d1910 00000000`00000010 ffff5723`75e58cff 00000000`00000000 : nt!KiDispatchException+0x166907
ffffe006`2f5d1920 fffff807`41403a43 : ffffaa0f`cb638080 000001aa`7f7b8f00 ffffe006`2f5d1b80 ffffaa0f`bffa0cb0 : nt!KiExceptionDispatch+0x12c
ffffe006`2f5d1b00 00007ff9`0369b3de : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x443
0000006b`33130f70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`0369b3de
SYMBOL_NAME: nt!PspCatchCriticalBreak+10e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 10e
FAILURE_BUCKET_ID: 0xEF_services.exe_BUGCHECK_CRITICAL_PROCESS_cb638080_nt!PspCatchCriticalBreak
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {a15e0295-f858-878b-9661-62b50968cd12}
Followup: MachineOwner
---------
3: kd> .exr 0xffffe0062f5d1910
ExceptionAddress: ffffe0062f5d1910
ExceptionCode: 2f5d1b80
ExceptionFlags: ffffe006
NumberParameters: 16
Parameter[0]: ffff572375e58cff
Parameter[1]: 0000000000000000
Parameter[2]: 0000006b33130f01
Parameter[3]: 0000000000000001
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000
Continue reading...
Intermittently my machine has been restarting with no apparent error or BSOD. I've been able to track the respective error Event Viewer and have opened the dmp file using WinDbg Preview but I can't make sense of the information.
Can anyone please help or advise on what the below means?
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\User\Desktop\error logs\121720-13000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`41000000 PsLoadedModuleList = 0xfffff807`41c2a2b0
Debug session time: Thu Dec 17 19:38:27.308 2020 (UTC + 0:00)
System Uptime: 6 days 12:24:15.790
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`413f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe006`2f5d0e10=00000000000000ef
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffaa0fbff7e080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 13484
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on HASAN-DESKTOP
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 21509
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffaa0fbff7e080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: services.exe
CRITICAL_PROCESS: services.exe
EXCEPTION_RECORD: ffffe0062f5d1910 -- (.exr 0xffffe0062f5d1910)
ExceptionAddress: ffffe0062f5d1910
ExceptionCode: 2f5d1b80
ExceptionFlags: ffffe006
NumberParameters: 16
Parameter[0]: ffff572375e58cff
Parameter[1]: 0000000000000000
Parameter[2]: 0000006b33130f01
Parameter[3]: 0000000000000001
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000
ERROR_CODE: (NTSTATUS) 0x2f5d1b80 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
EXCEPTION_CODE_STR: 2f5d1b80
EXCEPTION_PARAMETER1: ffff572375e58cff
EXCEPTION_PARAMETER2: 0000000000000000
EXCEPTION_PARAMETER3: 0000006b33130f01
EXCEPTION_PARAMETER4: 0
EXCEPTION_STR: 0x2f5d1b80
TRAP_FRAME: ffff572375e58cff -- (.trap 0xffff572375e58cff)
Unable to read trap frame at ffff5723`75e58cff
STACK_TEXT:
ffffe006`2f5d0e08 fffff807`419068e2 : 00000000`000000ef ffffaa0f`bff7e080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffe006`2f5d0e10 fffff807`41849b39 : 00000000`00000001 fffff807`4135971d 00000000`00000002 fffff807`41358d37 : nt!PspCatchCriticalBreak+0x10e
ffffe006`2f5d0eb0 fffff807`41709724 : ffffaa0f`00000000 00000000`00000000 ffffaa0f`bff7e080 ffffaa0f`bff7e4b8 : nt!PspTerminateAllThreads+0x140b4d
ffffe006`2f5d0f20 fffff807`41709a4c : ffffaa0f`bff7e080 00000000`00000001 ffffffff`ffffffff 00000000`00000000 : nt!PspTerminateProcess+0xe0
ffffe006`2f5d0f60 fffff807`414071b5 : ffffaa0f`bff7e080 ffffaa0f`cb638080 ffffe006`2f5d1050 fffff807`4171da92 : nt!NtTerminateProcess+0x9c
ffffe006`2f5d0fd0 fffff807`413f95e0 : fffff807`41491307 ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x25
ffffe006`2f5d1168 fffff807`41491307 : ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff 00007ff7`eb3a7a68 : nt!KiServiceLinkage
ffffe006`2f5d1170 fffff807`414078ac : ffffe006`2f5d1910 00000000`00000010 ffff5723`75e58cff 00000000`00000000 : nt!KiDispatchException+0x166907
ffffe006`2f5d1920 fffff807`41403a43 : ffffaa0f`cb638080 000001aa`7f7b8f00 ffffe006`2f5d1b80 ffffaa0f`bffa0cb0 : nt!KiExceptionDispatch+0x12c
ffffe006`2f5d1b00 00007ff9`0369b3de : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x443
0000006b`33130f70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`0369b3de
SYMBOL_NAME: nt!PspCatchCriticalBreak+10e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.685
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 10e
FAILURE_BUCKET_ID: 0xEF_services.exe_BUGCHECK_CRITICAL_PROCESS_cb638080_nt!PspCatchCriticalBreak
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {a15e0295-f858-878b-9661-62b50968cd12}
Followup: MachineOwner
---------
3: kd> .exr 0xffffe0062f5d1910
ExceptionAddress: ffffe0062f5d1910
ExceptionCode: 2f5d1b80
ExceptionFlags: ffffe006
NumberParameters: 16
Parameter[0]: ffff572375e58cff
Parameter[1]: 0000000000000000
Parameter[2]: 0000006b33130f01
Parameter[3]: 0000000000000001
Parameter[4]: 0000000000000000
Parameter[5]: 0000000000000000
Parameter[6]: 0000000000000000
Parameter[7]: 0000000000000000
Parameter[8]: 0000000000000000
Parameter[9]: 0000000000000000
Parameter[10]: 0000000000000000
Parameter[11]: 0000000000000000
Parameter[12]: 0000000000000000
Parameter[13]: 0000000000000000
Parameter[14]: 0000000000000000
Continue reading...