Hi
I have been having system crashes lately and the log details have been mentioned below. Kindly help me find out the reason for the crash.
Thanks in advance
Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff802
Debug session time: Tue Aug 16 15:45:29.035 2022 (UTC - 3:00)
System Uptime: 0 days 0:00:29.639
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000008e
SYMBOL_NAME: EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+116
MODULE_NAME: EhStorClass
IMAGE_NAME: EhStorClass.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 116
FAILURE_BUCKET_ID: AV_R_EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2dec452e-4a80-0960-6103-91ca0b51062f}
Followup: MachineOwner
I have been having system crashes lately and the log details have been mentioned below. Kindly help me find out the reason for the crash.
Thanks in advance
Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff802
53200000 PsLoadedModuleList = 0xfffff802
53e296b0Debug session time: Tue Aug 16 15:45:29.035 2022 (UTC - 3:00)
System Uptime: 0 days 0:00:29.639
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 0000008e
3e2ef018). Type ".hh dbgerr001" for details
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802
53617d40 48894c2408 mov qword ptr [rsp+8],rcx ss:ffff980f0337d8b0=000000000000001e
5: kd> !analyze -v
*******************************************************************************
[LIST]
[*]*
[*]Bugcheck Analysis *
[*]*
[/LIST]
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff802534d7030, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffff818ec35d034c, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 7546
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 92349
Key : Analysis.Init.CPU.mSec
Value: 1546
Key : Analysis.Init.Elapsed.mSec
Value: 715428
Key : Analysis.Memory.CommitPeak.Mb
Value: 153
Key : Bugcheck.Code.DumpHeader
Value: 0x1e
Key : Bugcheck.Code.KiBugCheckData
Value: 0x1e
Key : Bugcheck.Code.Register
Value: 0x1e
Key : Dump.Attributes.AsUlong
Value: 1000
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff802534d7030
BUGCHECK_P3: 0
BUGCHECK_P4: ffff818ec35d034c
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffff818ec35d034c
READ_ADDRESS: ffff818ec35d034c Nonpaged pool
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: dwm.exe
STACK_TEXT:
ffff980f
0337d8a8 fffff802536a2451 : 00000000
0000001e ffffffffc0000005 fffff802
534d7030 0000000000000000 : nt!KeBugCheckEx
ffff980f
0337d8b0 fffff8025362aace : ffff9710
83c83fe0 0000000000000000 00000000
00001000 ffff980f0337e170 : nt!KiDispatchException+0x1bfe41
ffff980f
0337df90 fffff80253626ada : 00000000
00000400 ffff818ed006f000 ffff818e
d8919648 fffff80255183b3e : nt!KiExceptionDispatch+0x10e
ffff980f
0337e170 fffff802534d7030 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : nt!KiPageFault+0x41a
ffff980f
0337e300 fffff80255099a09 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : nt!PoFxActivateComponent+0x30
ffff980f
0337e390 fffff802550990a5 : ffff818e
00000000 ffff818ed89194a0 00000000
00000000 ffff818ed894d420 : storport!RaidStartIoPacket+0x709
ffff980f
0337e4b0 fffff80255098e4a : fffff802
54941350 fffff8025494126d fffff802
5510a000 fffff8025347e14d : storport!RaUnitScsiIrp+0x215
ffff980f
0337e550 fffff802534504a5 : ffff818e
d89194a0 00007e712fa5d748 00000000
00000000 0000000000000000 : storport!RaDriverScsiIrp+0x5a
ffff980f
0337e590 fffff802551c1126 : 00000000
00000000 ffff818ed05a28b0 ffff818e
d89194a0 00007e712fa5d748 : nt!IofCallDriver+0x55
ffff980f
0337e5d0 fffff80254943d00 : ffff818e
d89194a0 ffff818ed5c09010 ffff818e
d1a98b80 fffff80253402b6f : EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+0x116
ffff980f
0337e670 fffff802534504a5 : 00000000
00000000 ffff818ed89194a0 ffff818e
d06521d0 ffff818ed06521d0 : Wdf01000!FxDevice::DispatchWithLock+0xd0 [minkernel\wdf\framework\shared\core\fxdevice.cpp @ 1447]
ffff980f
0337e6e0 fffff80255ed5a8b : 00000000
00000000 ffff818ed0611040 ffff818e
d8919648 0000000000000000 : nt!IofCallDriver+0x55
ffff980f
0337e720 fffff80255ed4b2c : 00000000
00000040 0000000000000000 ffff818e
d1c2c050 0000000000000000 : CLASSPNP!SubmitTransferPacket+0x2fb
ffff980f
0337e7c0 fffff80255ed4226 : ffff818e
00000000 ffff980f00008000 ffff818e
d1c2c200 ffff3ff900080000 : CLASSPNP!ServiceTransferRequest+0x2cc
ffff980f
0337e860 fffff80255ed1503 : 00000000
00000000 0000000011aa9667 00000000
00000000 fffff80253565aae : CLASSPNP!ClassReadWrite+0x166
ffff980f
0337e980 fffff802534504a5 : ffff980f
0337ea60 ffff818ed8f5cc50 ffff818e
d0622010 ffff818ed1c2c050 : CLASSPNP!ClassGlobalDispatch+0x23
ffff980f
0337e9b0 fffff80254e91c2f : 00000000
0008c835 0000000000000000 ffff818e
d1c2c288 ffff818ed05a8a20 : nt!IofCallDriver+0x55
ffff980f
0337e9f0 fffff80254e91f3f : 00000000
11c2e882 0000000000000000 0000001f
8f925000 ffff818ed1c2c050 : partmgr!PmIo+0xef
ffff980f
0337ea60 fffff802534504a5 : 00000000
00000001 fffff80255e72f5b 00000000
00000000 ffff980f0337eb10 : partmgr!PmGlobalDispatch+0x1f
ffff980f
0337ea90 fffff80254e91776 : ffff980f
0337eae8 ffff980f0337ebd0 ffff818e
00000000 0000000000000000 : nt!IofCallDriver+0x55
ffff980f
0337ead0 fffff80254e91f3f : 00000000
00008000 ffff818ed1c2c2d0 ffff818e
d05c4a40 ffff818ed06ca180 : partmgr!PartitionIo+0x1c6
ffff980f
0337eb80 fffff802534504a5 : ffff818e
d06c51c0 fffff80254e91e7a 00000000
00000000 ffff818ed1c2c330 : partmgr!PmGlobalDispatch+0x1f
ffff980f
0337ebb0 fffff80254fa1101 : ffff818e
d05c4a40 0000000011c2e86d 00000000
00000000 ffff980f0337ee30 : nt!IofCallDriver+0x55
ffff980f
0337ebf0 fffff802534504a5 : ffff818e
d1c2c050 ffff818ed06ca180 00000000
00000002 ffffab844dbbcd10 : volmgr!VmReadWrite+0xf1
ffff980f
0337ec30 fffff80255c94c6c : 00000000
00000000 ffff818ed1c2c050 0000001f
8f91d000 0000000000000000 : nt!IofCallDriver+0x55
ffff980f
0337ec70 fffff80255c94907 : 00000000
00000000 ffff980f0337ee30 00000000
00000000 ffff980f0337ee38 : fvevol!FveFilterRundownReadWrite+0x34c
ffff980f
0337ed40 fffff802534504a5 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : fvevol!FveFilterRundownRead+0x27
ffff980f
0337ed70 fffff80255e7320f : ffff28bb
0c7ab1d1 0000000000000000 ffff980f
0337f260 0000000000000000 : nt!IofCallDriver+0x55
ffff980f
0337edb0 fffff80255e74809 : 00000000
00000002 ffff980f0337f1b0 ffff818e
d05dfa20 ffff818ed1c2c050 : iorate!IoRateIssueAndRecordIo+0x7f
ffff980f
0337edf0 fffff80255e7269d : ffff818e
d06d9180 ffff818ed06df101 ffff980f
0337f0f0 fffff80255306452 : iorate!IoRateProcessIrpWrapper+0x69
ffff980f
0337ee80 fffff802534504a5 : ffff980f
0337efe0 ffff980f0337efd8 00000000
00000000 0000000000000000 : iorate!IoRateDispatchReadWrite+0x5d
ffff980f
0337eec0 fffff80255d61033 : 00000000
00000000 0000000000000000 ffff980f
0337f1b4 ffff818ed81f2aa8 : nt!IofCallDriver+0x55
ffff980f
0337ef00 fffff802534504a5 : ffff818e
d0630500 fffff80255d8e11f 00000000
00008000 fffff80255305e9b : volume!VolumePassThrough+0x23
ffff980f
0337ef30 fffff80255d71d8b : 0000001f
8f91d000 0000000000000000 00007fff
00008000 0000008e00000100 : nt!IofCallDriver+0x55
ffff980f
0337ef70 fffff80255d71c59 : ffff818e
d81f2aa8 fffff80253479c48 ffff980f
0337f048 ffff980f0337f050 : volsnap!VolSnapReadFilter+0x11b
ffff980f
0337efa0 fffff802534504a5 : ffff980f
0337f048 fffff80253479c05 ffff980f
0337f050 ffff818ed06df1b0 : volsnap!VolSnapRead+0x19
ffff980f
0337efd0 fffff802553056e6 : ffff818e
d81f2aa8 ffff980f0337f0f0 ffff980f
0337f1b4 0000000000000000 : nt!IofCallDriver+0x55
ffff980f
0337f010 fffff80255304872 : ffff818e
d81f2aa8 ffff818ed06df1b0 ffffab84
4dbbcb90 0000000000041000 : Ntfs!NtfsMultipleAsync+0x166
ffff980f
0337f0b0 fffff8025530355b : 00000000
00008000 ffff980f0337f530 00000000
00000000 ffffab844dbbcb90 : Ntfs!NtfsNonCachedIo+0x972
ffff980f
0337f340 fffff802553014c7 : ffff818e
d81f2aa8 ffff818ed1c2c050 ffffab84
4dbbcc00 0000000000000000 : Ntfs!NtfsCommonRead+0x1e5b
ffff980f
0337f500 fffff802534504a5 : ffff818e
d8741460 ffff818ed1c2c050 00000000
00000000 ffff818ed1c2c480 : Ntfs!NtfsFsdRead+0x227
ffff980f
0337f5f0 fffff8024f107bb5 : ffff980f
03380000 ffff980f03379000 00000000
00000000 ffff980f0337f6d0 : nt!IofCallDriver+0x55
ffff980f
0337f630 fffff8024f105853 : ffff980f
0337f6c0 0000000000000000 818ed1f4
c8a80400 0000000000000003 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2b5
ffff980f
0337f6a0 fffff802534504a5 : ffff818e
d1c2c050 fffff80253402cdf 00000001
00000000 ffff818ed83fca60 : FLTMGR!FltpDispatch+0xa3
ffff980f
0337f700 fffff802534a138e : ffff818e
d1c2c070 ffff818ed1f58d40 ffff818e
d5627700 0000000100000000 : nt!IofCallDriver+0x55
ffff980f
0337f740 fffff802534c4fa0 : 00000000
00000001 fffff8025347769c ffff818e
d83fca70 ffff818ed83fca30 : nt!IoPageReadEx+0x2ae
ffff980f
0337f7b0 fffff802534c5a04 : 00000000
00000003 ffff980f0337f890 ffff980f
0337f9c0 fffff8025347e491 : nt!MiIssueHardFaultIo+0xc8
ffff980f
0337f800 fffff80253475dab : 00000000
c0033333 0000000000000001 00007ffb
f41018c0 00007ff684046000 : nt!MiIssueHardFault+0x424
ffff980f
0337f900 fffff802536269f5 : ffff818e
d57b6080 0000000000000000 00000000
00000004 0000000000000000 : nt!MmAccessFault+0x35b
ffff980f
0337faa0 00007ffbf41018c0 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : nt!KiPageFault+0x335
0000008e
3e4fe468 0000000000000000 : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : 0x00007ffb
f41018c0SYMBOL_NAME: EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess+116
MODULE_NAME: EhStorClass
IMAGE_NAME: EhStorClass.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 116
FAILURE_BUCKET_ID: AV_R_EhStorClass!FilterDeviceEvtWdmIoctlIrpPreprocess
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2dec452e-4a80-0960-6103-91ca0b51062f}
Followup: MachineOwner