[SOLVED] Need help analyzing memory.dmp

[AltafK]

Microsoft (R) Windows Debugger Version 10.0.22415.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Spoiler

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Path validation summary *
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff80371000000 PsLoadedModuleList = 0xfffff80371c2a230
Debug session time: Mon Sep 6 15:32:23.658 2021 (UTC + 5:00)
System Uptime: 1 days 0:02:00.415
Loading Kernel Symbols
...............................................................
................................................................
.............................................................Page 25c977 not present in the dump file. Type ".hh dbgerr004" for details
...
...........

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

...............................
Loading User Symbols
......................................................
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803713f6c20 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffc285da0ef840=00000000000000ef
2: kd> !analyze -v
***

• *
• Bugcheck Analysis *
• *

***

CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffd80c26237080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 5796

Key : Analysis.DebugAnalysisManager
Value: Create

Key : Analysis.Elapsed.mSec
Value: 14147

Key : Analysis.Init.CPU.mSec
Value: 890

Key : Analysis.Init.Elapsed.mSec
Value: 20477

Key : Analysis.Memory.CommitPeak.Mb
Value: 97

Key : CriticalProcessDied.ExceptionCode
Value: 2c6a1080

Key : CriticalProcessDied.Process
Value: svchost.exe

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


BUGCHECK_CODE: ef

BUGCHECK_P1: ffffd80c26237080

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME: svchost.exe

CRITICAL_PROCESS: svchost.exe

ERROR_CODE: (NTSTATUS) 0x2c6a1080 - <Unable to get error code text>

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

STACK_TEXT:
ffffc285da0ef838 fffff80371908432 : 00000000000000ef ffffd80c26237080 0000000000000000 0000000000000000 : nt!KeBugCheckEx
ffffc285da0ef840 fffff803717fa62b : 0000000000000000 fffff8037129de5d 0000000000000002 fffff8037129d477 : nt!PspCatchCriticalBreak+0x10e
ffffc285da0ef8e0 fffff8037165ea44 : ffffd80c00000000 0000000000000000 ffffd80c26237080 ffffd80c262374b8 : nt!PspTerminateAllThreads+0x19c31f
ffffc285da0ef950 fffff8037165ed6c : ffffd80c26237080 0000000000000000 00000004408ff77c fffff803716007aa : nt!PspTerminateProcess+0xe0
ffffc285da0ef990 fffff803714085b5 : ffffd80c26237080 ffffd80c2c6a1080 ffffc285da0efa80 ffffc285da0efa80 : nt!NtTerminateProcess+0x9c
ffffc285da0efa00 00007ffb2aead3a4 : 00007ffb2af22b53 00007ffb2af566f8 00000004408ff740 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
00000004408fe5a8 00007ffb2af22b53 : 00007ffb2af566f8 00000004408ff740 0000000000000000 00007ffb2ae10000 : ntdll!NtTerminateProcess+0x14
00000004408fe5b0 00007ffb2aeb53ce : 00007ffb2af566f8 000000000000000c 00007ffb2ae10000 00007ffb2ae6315a : ntdll!TppWorkerpInnerExceptionFilter+0x5b
00000004408fe5e0 00007ffb2ae9c776 : 00000004408fe688 00000004408fe6c8 00007ffb2ae6315a 0000000000000001 : ntdll!TppWorkerThread$filt$5+0x19
00000004408fe620 00007ffb2aeaca0e : 00007ffb2af567b8 00000004408ff2f0 00000004408ff740 00000004408fec40 : ntdll!_C_specific_handler+0x96
00000004408fe690 00007ffb2aeb217f : 0000000000000000 00000004408fec30 00000004408ff2f0 0000000000000000 : ntdll!_GSHandlerCheck_SEH+0x6a
00000004408fe6c0 00007ffb2ae61454 : 0000000000000000 00000004408fec30 00000004408ff2f0 0000000000000000 : ntdll!RtlpExecuteHandlerForException+0xf
00000004408fe6f0 00007ffb2aeb0cae : 000001312bbe0000 00007ffb2ae12278 000001312c9ee560 00007ffb2ae12278 : ntdll!RtlDispatchException+0x244
00000004408fee00 00007ffb2ae48317 : 000001312d09f9c8 00007ffb287de619 0000d43ff47e2cb4 0000000000000000 : ntdll!KiUserExceptionDispatch+0x2e
00000004408ff580 00007ffb2880b59b : 0000000000000000 00007ffb2ae776ea 0000000000000000 0000000000000000 : ntdll!RtlEqualSid+0x7
00000004408ff5b0 00007ffb0ffd985d : 000001312d0f2db0 00007ffb2ae7752d 00007ffb10044850 00000000ffffffff : KERNELBASE!EqualSid+0x2b
00000004408ff5e0 00007ffb27191ebc : 00007ffb10044818 0000000000000074 00007ffb10044850 00000004408ff708 : mpssvc!FwMoneisDiagPackageIdStatsEntrySqmAndFree+0x2d
00000004408ff640 00007ffb0ffd9c79 : 000001312c9ee150 000001312bc94810 00000004408ff8b8 000001312bc948d8 : fwbase!FwHashtableEmpty+0xc9ac
00000004408ff6a0 00007ffb2ae81619 : 000001312bc94810 000000007ffe0386 00000004408ff8b8 000001310000006e : mpssvc!FwMoneisDiagTimerCallback+0x109
00000004408ff6f0 00007ffb2ae6315a : 000001312bc02458 000001312cfdcf40 0000000000000000 000001312bc02358 : ntdll!TppTimerpExecuteCallback+0xa9
00000004408ff740 00007ffb2a2e7034 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!TppWorkerThread+0x68a
00000004408ffa40 00007ffb2ae62651 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14
00000004408ffa70 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21


SYMBOL_NAME: ntdll!NtTerminateProcess+14

MODULE_NAME: ntdll

IMAGE_NAME: ntdll.dll

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 14

FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_2c6a1080_ntdll!NtTerminateProcess

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {519117b4-963b-63e4-5133-ca3df0180428}

Followup: MachineOwner
---------

 

[Colif]

i might be wrong but try updating Ethernet or WIFI drivers, depending which you use.

error mentions defender so it might be lan drivers

Can you follow option one on the following link - here - and then do this step below: Small memory dumps - Have Windows Create a Small Memory Dump (Minidump) on BSOD - that creates a file in c windows/minidump after the next BSOD

1. Open Windows File Explore
   
2. Navigate to C:\Windows\Minidump
   
3. Copy the mini-dump files out onto your Desktop
   
4. Do not use Winzip, use the built in facility in Windows
   
5. Select those files on your Desktop, right click them and choose 'Send to' - Compressed (zipped) folder
   
6. Upload the zip file to the Cloud (OneDrive, DropBox . . . etc.)
   
7. Then post a link here to the zip file, so we can take a look for you . . .
   

 

[AltafK]

Here is the link to the minidump file

https://1drv.ms/u/s!AmhCT-8nlKb-ifUdkLHVsfq2_mPaMQ?e=GBbtlr

 

[gardenman]

Hi, I edited your first post to hide the huge log file in a spoiler (just cleaned it up a bit so it's easier to read the rest of the posts).

I ran the dump file through the debugger and got the following information: https://jsfiddle.net/s7y1L5kd/show This link is for anyone wanting to help. You do not have to view it. It is safe to "run the fiddle" as the page asks.

File information:	090621-54718-01.dmp (Sep 6 2021 - 06:32:23)
Bugcheck:	CRITICAL_PROCESS_DIED (EF)
Probably caused by:	memory_corruption (Process: svchost.exe)
Uptime:	1 Day(s), 0 Hour(s), 02 Min(s), and 00 Sec(s)

Motherboard: K401UQK

This information can be used by others to help you. Someone else will post with more information. Please wait for additional answers. Good luck.

 

[Colif]

i misinterpreted what i read last night, its not lan drivers or at least, it doesn't specifically point to them.

Critical Process died is a windows error. Obviously they all windows errors, but its specifically windows. It occurs if one of a number of system files crashes and windows has no choice but to follow. In your case it was services host and it doesn't tell me a great deal as to why. It is needed for almost all of windows to keep functioning, but there isn't just one Service Host, every service has one now

try this
right click start button
choose powershell (admin)
type SFC /scannow and press enter
once its completed, copy/paste this command into same window:

Repair-WindowsImage -Online -RestoreHealth
and press enter

SFC fixes system files, second command cleans image files, re run SFC if it failed to fix all files and restart PC

give us anymore dumps you get

can you run this, it creates a zip file, can you upload to same place as dumps and I will see if it tells me anything more - https://www.sysnative.com/forums/pages/bsodcollectionapp/