Hi guys,
I try to analyze below dump and cannot make sure if the root cause correct or not? If you can kindly to check this answer? Thank you.
This is a laptop, DIS SKU, Win10 RS5, and I suspect that it is related to SSD.
Dump file:
drive.google.com
==============================
Microsoft (R) Windows Debugger Version 10.0.16299.91 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\99041911\Desktop\part1\MEMORY\MEMORY.DMP]
Kernel Bitmap Dump File: Full address space is available
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Error: Empty Path.
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Symbol search path is: SRVc:\symbolshttp://msdl.microsoft.com/download/symbols ;SRVC:\websymbols
Executable search path is:
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802
Debug session time: Sun Feb 3 12:43:38.098 2019 (UTC + 8:00)
System Uptime: 3 days 6:13:32.031
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........
Loading User Symbols
....................
Loading unloaded module list
..................................................
***
* *
* Bugcheck Analysis *
* *
***
Use !analyze -v to get detailed debugging information.
BugCheck EF, {ffff8f82affa0080, 0, 0, 0}
Probably caused by : ntdll.dll ( ntdll!NtTerminateProcess+14 )
Followup: MachineOwner
---------
1: kd> !analyze -v
***
* *
* Bugcheck Analysis *
* *
***
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff8f82affa0080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 402
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HUAWEI
SYSTEM_PRODUCT_NAME: VLR-WX9
SYSTEM_SKU: C233
SYSTEM_VERSION: D1050
BIOS_VENDOR: HUAWEI
BIOS_VERSION: 0.52
BIOS_DATE: 01/29/2019
BASEBOARD_MANUFACTURER: HUAWEI
BASEBOARD_PRODUCT: VLR-WX9-PCB
BASEBOARD_VERSION: D1050
DUMP_TYPE: 0
BUGCHECK_P1: ffff8f82affa0080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_CODE: (HRESULT) 0x82ed5080 (2196590720) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x82ed5080 - <Unable to get error code text>
CPU_COUNT: 4
CPU_MHZ: 900
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: b
CPU_MICROCODE: 6,8e,b,0 (F,M,S,R) SIG: 9A'00000000 (cache) 9A'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: AN990118808
ANALYSIS_SESSION_TIME: 02-14-2019 18:44:49.0917
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
LAST_CONTROL_TRANSFER: from fffff8021a532cbd to fffff80219e5a440
STACK_TEXT:
ffff8101
ffff8101
ffff8101
ffff8101
ffff8101
ffff8101
00000045
THREAD_SHA1_HASH_MOD_FUNC: 1ee16e27f2a3bf32487936ba1484cfcaf564e2dc
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d6007b5b4e393f926801e43b9064214961c3c762
THREAD_SHA1_HASH_MOD: fce38ccd7b727228240c1b437cae1484437f51f9
FOLLOWUP_IP:
ntdll!NtTerminateProcess+14
00007ffa
000000ad
1: kd> !scsikd.classext
IMPORTANT NOTE: Please consider using StorageKD instead of scsikd for your debugging needs for win8 and above targets
Storage class devices:
* !classext ffff8f827a372060 [1,2] WDC PC SN720 SDAPNTW-256G-1027 Paging Disk
Usage: !classext <class device> <level [0-2]>
Optical devices, such as DVD drives, can be listed with !wdfkd.wdfdriverinfo cdrom, and further explored
using the "!wdfkd.wdfdevice <device_handle>" and "!wdfkd.wdfdevicequeues <device_handle>" commands.
1: kd> !scsikd.classext ffff8f827a372060
Storage class device ffff8f827a372060 with extension at ffff8f827a3721b0
Classpnp Internal Information at ffff8f827a386040
Failed Requests:
Srb Scsi
Opcode Status Status Sense Code Sector/ListId Time Stamp
------ ------ ------ ---------- --------------- ------------
1b 06 02 05 24 00 04:07:29.536
1b 06 02 05 24 00 04:08:08.551
1b 06 02 05 24 00 04:08:48.520
1b 06 02 05 24 00 04:09:27.473
1b 06 02 05 24 00 04:10:06.551
1b 06 02 05 24 00 04:10:45.489
1b 06 02 05 24 00 04:11:24.442
1b 06 02 05 24 00 04:12:03.708
1b 06 02 05 24 00 04:12:42.833
1b 06 02 05 24 00 04:13:22.708
1b 06 02 05 24 00 04:14:01.567
1b 06 02 05 24 00 04:14:40.708
1b 06 02 05 24 00 04:15:19.708
1b 06 02 05 24 00 04:15:59.442
1b 06 02 05 24 00 04:16:38.520
1b 06 02 05 24 00 04:17:17.520
-- dt classpnp!_CLASS_PRIVATE_FDO_DATA ffff8f827a386040 --
Classpnp External Information at ffff8f827a3721b0
WDC PC SN720 SDAPNTW-256G-1027 10126000 1845_AB80_4379_0001_001B_448B_4484_9B02.
Minidriver information at ffff8f827a372670
Attached device object at ffff8f827a1b6de0
Physical device object at ffff8f827a022060
Media Geometry:
Bytes in a Sector = 512
Sectors per Track = 63
Tracks / Cylinder = 255
Media Length = 256060514304 bytes = ~238 GB
-- dt classpnp!_FUNCTIONAL_DEVICE_EXTENSION ffff8f827a3721b0 --
1: kd> !devstack ffff8f827a372060
!DevObj !DrvObj !DevExt ObjectName
ffff8f827a1ba8d0 \Driver\partmgr ffff8f827a1baa20
ffff8f827a1b6de0 \Driver\EhStorClassffff8f827a1b6ba0
ffff8f827a022060 \Driver\stornvme ffff8f827a0221b0 0000003c
!DevNode ffff8f827a117370 :
DeviceInst is "SCSI\Disk&Ven_NVMe&Prod_WDC_PC_SN720_SDA\5&2cf988ea&0&000000"
ServiceName is "disk"
I try to analyze below dump and cannot make sure if the root cause correct or not? If you can kindly to check this answer? Thank you.
This is a laptop, DIS SKU, Win10 RS5, and I suspect that it is related to SSD.
Dump file:
MEMORY.DMP
==============================
Microsoft (R) Windows Debugger Version 10.0.16299.91 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\99041911\Desktop\part1\MEMORY\MEMORY.DMP]
Kernel Bitmap Dump File: Full address space is available
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Error: Empty Path.
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Symbol search path is: SRVc:\symbolshttp://msdl.microsoft.com/download/symbols ;SRVC:\websymbols
Executable search path is:
WARNING: Whitespace at end of path element
WARNING: Whitespace at end of path element
Windows 10 Kernel Version 17763 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff802
19ca7000 PsLoadedModuleList = 0xfffff8021a0c2ad0Debug session time: Sun Feb 3 12:43:38.098 2019 (UTC + 8:00)
System Uptime: 3 days 6:13:32.031
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........
Loading User Symbols
....................
Loading unloaded module list
..................................................
***
* *
* Bugcheck Analysis *
* *
***
Use !analyze -v to get detailed debugging information.
BugCheck EF, {ffff8f82affa0080, 0, 0, 0}
Probably caused by : ntdll.dll ( ntdll!NtTerminateProcess+14 )
Followup: MachineOwner
---------
1: kd> !analyze -v
***
* *
* Bugcheck Analysis *
* *
***
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff8f82affa0080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 402
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: HUAWEI
SYSTEM_PRODUCT_NAME: VLR-WX9
SYSTEM_SKU: C233
SYSTEM_VERSION: D1050
BIOS_VENDOR: HUAWEI
BIOS_VERSION: 0.52
BIOS_DATE: 01/29/2019
BASEBOARD_MANUFACTURER: HUAWEI
BASEBOARD_PRODUCT: VLR-WX9-PCB
BASEBOARD_VERSION: D1050
DUMP_TYPE: 0
BUGCHECK_P1: ffff8f82affa0080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_CODE: (HRESULT) 0x82ed5080 (2196590720) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0x82ed5080 - <Unable to get error code text>
CPU_COUNT: 4
CPU_MHZ: 900
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: b
CPU_MICROCODE: 6,8e,b,0 (F,M,S,R) SIG: 9A'00000000 (cache) 9A'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: AN990118808
ANALYSIS_SESSION_TIME: 02-14-2019 18:44:49.0917
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
LAST_CONTROL_TRANSFER: from fffff8021a532cbd to fffff80219e5a440
STACK_TEXT:
ffff8101
0311d838 fffff8021a532cbd : 00000000000000ef ffff8f82affa0080 0000000000000000 0000000000000000 : nt!KeBugCheckExffff8101
0311d840 fffff8021a42c403 : 0000000000000000 fffff80219ce5c65 ffff8f82affa0080 fffff80219ce5b64 : nt!PspCatchCriticalBreak+0xfdffff8101
0311d8e0 fffff8021a28974c : ffff8f8200000000 0000000000000000 ffff8f82affa0080 ffff8f82affa0358 : nt!PspTerminateAllThreads+0x1a3e2fffff8101
0311d950 fffff8021a28b289 : ffffffffffffffff ffff81010311da80 ffff8f8277f46400 ffff81010311d901 : nt!PspTerminateProcess+0xe0ffff8101
0311d990 fffff80219e6b685 : ffff8f8200013660 ffff8f8282ed5080 ffff8f82affa0080 0000000000000000 : nt!NtTerminateProcess+0xa9ffff8101
0311da00 00007ffa4b37fbf4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x2500000045
724ff198 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!NtTerminateProcess+0x14THREAD_SHA1_HASH_MOD_FUNC: 1ee16e27f2a3bf32487936ba1484cfcaf564e2dc
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d6007b5b4e393f926801e43b9064214961c3c762
THREAD_SHA1_HASH_MOD: fce38ccd7b727228240c1b437cae1484437f51f9
FOLLOWUP_IP:
ntdll!NtTerminateProcess+14
00007ffa
4b37fbf4 c3 ret
FAULT_INSTR_CODE: c32ecdc3
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: ntdll!NtTerminateProcess+14
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 7ded7809
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 14
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_82ed5080_ntdll!NtTerminateProcess
BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_82ed5080_ntdll!NtTerminateProcess
PRIMARY_PROBLEM_CLASS: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_82ed5080_ntdll!NtTerminateProcess
TARGET_TIME: 2019-02-03T04:43:38.000Z
OSBUILD: 17763
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: f39
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xef_csrss.exe_bugcheck_critical_process_82ed5080_ntdll!ntterminateprocess
FAILURE_ID_HASH: {50859ed8-e1d4-235c-9af9-b48e640397f1}
Followup: MachineOwner
---------
1: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks..
Resource @ nt!IopDeviceTreeLock (0xfffff8021a0dcd80) Shared 1 owning threads
Threads: ffff8f82779b7040-01<*>
KD: Scanning for held locks.
Resource @ nt!PiEngineLock (0xfffff8021a0dce00) Exclusively owned
Contention Count = 7018
Threads: ffff8f82779b7040-01<*>
KD: Scanning for held locks........................................................................
Resource @ 0xffff8f827cb59f80 Shared 1 owning threads
Contention Count = 112
Threads: ffff8f82b1335080-01<*>
KD: Scanning for held locks.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Resource @ 0xffff8f82b2448190 Exclusively owned
Contention Count = 16058
NumberOfExclusiveWaiters = 2
Threads: ffff8f82b10c0080-01<*>
Threads Waiting On Exclusive Access:
ffff8f82b210d080 ffff8f82b1f5c080
KD: Scanning for held locks.........................
Resource @ 0xffff8f82b2d3f590 Exclusively owned
Threads: ffff8f82b1b24080-01<*>
KD: Scanning for held locks.............
52865 total locks, 5 locks currently held
1: kd> !thread ffff8f82b1b24080
THREAD ffff8f82b1b24080 Cid 14e0c.128a0 Teb: 000000ad237f2000 Win32Thread: ffff8f82a1b0c2c0 WAIT: (UserRequest) KernelMode Alertable
ffff8f82b2d3f660 NotificationEvent
Not impersonating
DeviceMap ffffcb0e734da3c0
Owning Process ffff8f82b21a1180 Image: dwm.exe
Attached Process N/A Image: N/A
Wait Start TickCount 18023169 Ticks: 0
Context Switch Count 143 IdealProcessor: 3
UserTime 00:00:00.000
KernelTime 00:00:00.078
Win32 Start Address 0x00007ffa4189b610
Stack Init ffff8101117e5b90 Current ffff8101117e55d0
Base ffff8101117e6000 Limit ffff8101117df000 Call 0000000000000000
Priority 15 BasePriority 15 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffff8101117e5610 fffff80219dc0567 : 0000000000000001 ffff8f82b1b24080 fffff1c844c51b10 fffff19d260da76d : nt!KiSwapContext+0x76
ffff8101117e5750 fffff80219dc00d9 : 000000000000000f 0000000000000000 0000000000000005 ffff8f82b1b24080 : nt!KiSwapThread+0x297
ffff8101117e5810 fffff80219dbee60 : 0000000000000000 ffff8f8200000000 0000000000000000 ffff8101117e5921 : nt!KiCommitThreadWait+0x549
ffff8101117e58b0 fffff19d263e714b : ffff8f82b2d3f660 0000000000000006 0000000000000000 fffff19d263e4201 : nt!KeWaitForSingleObject+0x520
ffff8101117e5980 fffff19d263e7089 : fffff1c840724050 0000000000000001 0000000000000001 0000000000000000 : win32kbase!DirectComposition::CApplicationChannel::WaitForPendingAndProcessReturnedBatches+0x8b
ffff8101117e59d0 fffff80219e6b685 : ffff8f82b1b24080 ffff8101117e5a80 00000245044cdfe8 fffff1c840724050 : win32kbase!NtDCompositionWaitForChannel+0x49
ffff8101117e5a00 00007ffa484f3a04 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ ffff8101117e5a00)000000ad
2399f618 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : win32u!NtDCompositionWaitForChannel+0x141: kd> !scsikd.classext
IMPORTANT NOTE: Please consider using StorageKD instead of scsikd for your debugging needs for win8 and above targets
Storage class devices:
* !classext ffff8f827a372060 [1,2] WDC PC SN720 SDAPNTW-256G-1027 Paging Disk
Usage: !classext <class device> <level [0-2]>
Optical devices, such as DVD drives, can be listed with !wdfkd.wdfdriverinfo cdrom, and further explored
using the "!wdfkd.wdfdevice <device_handle>" and "!wdfkd.wdfdevicequeues <device_handle>" commands.
1: kd> !scsikd.classext ffff8f827a372060
Storage class device ffff8f827a372060 with extension at ffff8f827a3721b0
Classpnp Internal Information at ffff8f827a386040
Failed Requests:
Srb Scsi
Opcode Status Status Sense Code Sector/ListId Time Stamp
------ ------ ------ ---------- --------------- ------------
1b 06 02 05 24 00 04:07:29.536
1b 06 02 05 24 00 04:08:08.551
1b 06 02 05 24 00 04:08:48.520
1b 06 02 05 24 00 04:09:27.473
1b 06 02 05 24 00 04:10:06.551
1b 06 02 05 24 00 04:10:45.489
1b 06 02 05 24 00 04:11:24.442
1b 06 02 05 24 00 04:12:03.708
1b 06 02 05 24 00 04:12:42.833
1b 06 02 05 24 00 04:13:22.708
1b 06 02 05 24 00 04:14:01.567
1b 06 02 05 24 00 04:14:40.708
1b 06 02 05 24 00 04:15:19.708
1b 06 02 05 24 00 04:15:59.442
1b 06 02 05 24 00 04:16:38.520
1b 06 02 05 24 00 04:17:17.520
-- dt classpnp!_CLASS_PRIVATE_FDO_DATA ffff8f827a386040 --
Classpnp External Information at ffff8f827a3721b0
WDC PC SN720 SDAPNTW-256G-1027 10126000 1845_AB80_4379_0001_001B_448B_4484_9B02.
Minidriver information at ffff8f827a372670
Attached device object at ffff8f827a1b6de0
Physical device object at ffff8f827a022060
Media Geometry:
Bytes in a Sector = 512
Sectors per Track = 63
Tracks / Cylinder = 255
Media Length = 256060514304 bytes = ~238 GB
-- dt classpnp!_FUNCTIONAL_DEVICE_EXTENSION ffff8f827a3721b0 --
1: kd> !devstack ffff8f827a372060
!DevObj !DrvObj !DevExt ObjectName
ffff8f827a1ba8d0 \Driver\partmgr ffff8f827a1baa20
ffff8f827a1b6de0 \Driver\EhStorClassffff8f827a1b6ba0
ffff8f827a022060 \Driver\stornvme ffff8f827a0221b0 0000003c
!DevNode ffff8f827a117370 :
DeviceInst is "SCSI\Disk&Ven_NVMe&Prod_WDC_PC_SN720_SDA\5&2cf988ea&0&000000"
ServiceName is "disk"
Facebook
Twitter
Instagram