New
#1
[BSOD] CRITICAL_PROCESS_DIED 0x0EF - 'ntoskrnl,exe'
Hey people.
I was happily watching Smallville on Prime Video stoned and enjoying my night when my system suddenly crashed. So I left it to reboot, went to make a cuppa, came back up and my OCD forces me to investigate. Though my first attempt at analyzing proved effable with WinDBg Preview with it screaming about having no symbols despite my system having them and I configured it to use those symbols. So I hopped onto WinDBg. I'd like to request some help troubleshooting if possible? My system hasn't choked on a BSOD in a while so this is a bit odd. I'm certain however it isn't to do with my overclock which I'll shed some light on that shortly.
My analysis attempt is below, if you could just give your input if I'm wrong or on what steps are needed to resolve the issue?
I admit I don't know my way around windbg commands so please shed some light on the red stacks. I am unsure what caused the crash and would like some help determining that and resolving it.PHP Code:
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffde82d9285080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6593
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 12064
Key : Analysis.Init.CPU.mSec
Value: 3640
Key : Analysis.Init.Elapsed.mSec
Value: 132811
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : CriticalProcessDied.ExceptionCode
Value: e8c14080
Key : CriticalProcessDied.Process
Value: svchost.exe
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffde82d9285080
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: svchost.exe
CRITICAL_PROCESS: svchost.exe
ERROR_CODE: (NTSTATUS) 0xe8c14080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
ffffdd82`e2c28938 fffff805`2330db42 : 00000000`000000ef ffffde82`d9285080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffdd82`e2c28940 fffff805`2320d06d : 00000000`00000000 fffff805`22d13d19 00000000`00000002 fffff805`22ceb36b : nt!PspCatchCriticalBreak+0x10e
ffffdd82`e2c289e0 fffff805`23099710 : ffffde82`00000000 00000000`00000000 ffffde82`d9285080 ffffde82`d92854b8 : nt!PspTerminateAllThreads+0x172d61
ffffdd82`e2c28a50 fffff805`2309950c : ffffde82`d9285080 00000000`00000000 000000c8`2d97fbcc 00000213`34ff0000 : nt!PspTerminateProcess+0xe0
ffffdd82`e2c28a90 fffff805`22e0f7f8 : ffffde82`d9285080 ffffde82`e8c14080 ffffdd82`e2c28b80 ffffde82`d9285080 : nt!NtTerminateProcess+0x9c
ffffdd82`e2c28b00 00007ff9`970ed634 : 00007ff9`97162e83 00007ff9`971976d4 000000c8`2d97fb90 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000c8`2d97b1a8 00007ff9`97162e83 : 00007ff9`971976d4 000000c8`2d97fb90 00000000`00000000 00007ff9`97050000 : 0x00007ff9`970ed634
000000c8`2d97b1b0 00007ff9`971976d4 : 000000c8`2d97fb90 00000000`00000000 00007ff9`97050000 00000000`00000004 : 0x00007ff9`97162e83
000000c8`2d97b1b8 000000c8`2d97fb90 : 00000000`00000000 00007ff9`97050000 00000000`00000004 00007ff9`970f56ad : 0x00007ff9`971976d4
000000c8`2d97b1c0 00000000`00000000 : 00007ff9`97050000 00000000`00000004 00007ff9`970f56ad 00007ff9`971976d4 : 0x000000c8`2d97fb90
SYMBOL_NAME: nt!PspCatchCriticalBreak+10e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3086
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 10e
FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_e8c14080_nt!PspCatchCriticalBreak
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4fa9d29c-2c4f-4234-f31b-658563c0dda1}
Followup: MachineOwner
---------
Thank you, and I appreciate your time and support. Whoever determines the cause and resolution will be repped.
KYLE-PC-(2023-06-20_22-43-56).zip
- - - Updated - - -
Another BSOD. Memory corruption FxSound
KYLE-PC-(2023-06-21_00-17-18).zipPHP Code:
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffffffffffffcb, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff2b70dc27541, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 9061
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 45728
Key : Analysis.Init.CPU.mSec
Value: 3828
Key : Analysis.Init.Elapsed.mSec
Value: 26317
Key : Analysis.Memory.CommitPeak.Mb
Value: 95
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 50
BUGCHECK_P1: ffffffffffffffcb
BUGCHECK_P2: 0
BUGCHECK_P3: fffff2b70dc27541
BUGCHECK_P4: 2
READ_ADDRESS: fffff8062a2fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffffffffffffcb
MM_INTERNAL_CODE: 2
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: FxSound.exe
TRAP_FRAME: ffff9d80dcebc890 -- (.trap 0xffff9d80dcebc890)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000010000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff2d140603010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff2b70dc27541 rsp=ffff9d80dcebca20 rbp=0000000000000001
r8=0000000000010000 r9=0000000000000000 r10=fffff80629820a40
r11=ffff9d80dcebc9f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
win32kbase!HmgShareLockEx+0xe1:
fffff2b7`0dc27541 4c8b4dca mov r9,qword ptr [rbp-36h] ss:0018:ffffffff`ffffffcb=????????????????
Resetting default scope
STACK_TEXT:
ffff9d80`dcebc5e8 fffff806`29a4af53 : 00000000`00000050 ffffffff`ffffffcb 00000000`00000000 ffff9d80`dcebc890 : nt!KeBugCheckEx
ffff9d80`dcebc5f0 fffff806`2986e7b0 : ffffe202`a9d3d080 00000000`00000000 ffff9d80`dcebc910 00000000`00000000 : nt!MiSystemFault+0x1b2563
ffff9d80`dcebc6f0 fffff806`29a0bad8 : 00000000`00000001 ffffe202`a3159080 00000000`00000000 fffff806`242aa6a0 : nt!MmAccessFault+0x400
ffff9d80`dcebc890 fffff2b7`0dc27541 : fffff2d1`46af6e00 00000000`22010ce0 00000000`00000001 00000000`00000000 : nt!KiPageFault+0x358
ffff9d80`dcebca20 fffff2b7`0dc30726 : 00000000`00000000 fffff2d1`448e4d20 00000000`00000000 ffff9d80`dcebcae0 : win32kbase!HmgShareLockEx+0xe1
ffff9d80`dcebca90 fffff2b7`0dc319e3 : fffff806`298ff7e0 fffff2b7`0dc2842c ffffe202`a2904a90 ffff9d80`dcebcc00 : win32kbase!DCOBJA::DCOBJA+0x22
ffff9d80`dcebcac0 fffff2b7`0dc2ece2 : fffff2d1`448e4d20 00000000`5d0411ea ffff9d80`dcebccb8 fffff2b7`0dc22253 : win32kbase!GreIsRendering+0x13
ffff9d80`dcebcb00 fffff2b7`0df41014 : fffff2d1`448e4d20 00000000`5d0411ea fffff2d1`00010098 fffff2d1`00000000 : win32kbase!_GetDCEx+0x23b2
ffff9d80`dcebcd00 fffff2b7`0df3d86f : 00000000`00000000 ffff9d80`dcebcec0 fffff2d1`448e4d20 00000046`768ff720 : win32kfull!xxxBeginPaint+0x14c
ffff9d80`dcebcd40 fffff2b7`0e514a6d : ffffe202`a5c69080 ffff9d80`dcebcec0 ffffe202`a5c69080 00000000`00000002 : win32kfull!NtUserBeginPaint+0xbf
ffff9d80`dcebce10 fffff806`29a0f7f8 : ffffe202`a5c69080 ffffe202`b332a080 00000000`00000000 fffff2b7`0e51590c : win32k!NtUserBeginPaint+0x15
ffff9d80`dcebce40 00007ffd`b8761324 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000046`768ff6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`b8761324
CHKIMG_EXTENSION: !chkimg -lo 50 -db !win32kbase
12 errors : !win32kbase (fffff2b70dc27023-fffff2b70dc2797b)
fffff2b70dc27020 4c 8b 4f *12 8b d0 41 0f b7 49 02 45 8b 81 08 08 L.O...A..I.E....
...
fffff2b70dc27070 c9 48 8b 00 48 03 c9 48 8b 04 d0 *49 8b 5c c8 08 .H..H..H...I.\..
...
fffff2b70dc27170 ff ff ff 00 81 fb 00 00 01 00 72 *1a 48 8b 0d 1d ..........r.H...
...
fffff2b70dc27190 0b 00 8b df 48 8b 3d 05 3a 22 00 *4a 8b 57 10 0f ....H.=.:".J.W..
...
fffff2b70dc271f0 cb 48 8b 00 48 03 c9 48 8b 04 d0 *68 8b 54 c8 08 .H..H..H...h.T..
...
fffff2b70dc27540 cf 4c 8b *4d ca 08 85 c9 0f 85 8a 9a 0b 00 41 3b .L.M..........A;
fffff2b70dc27550 59 14 0f 83 92 9a 0b 00 49 8b 41 *1b 8b d3 48 c1 Y.......I.A...H.
...
fffff2b70dc27590 ff ff 00 *a1 fb 00 00 01 00 72 18 *4a 8b 0d fe 35 .........r.J...5
...
fffff2b70dc275d0 10 41 03 c0 3b d8 0f 83 58 9a 0b *20 8b cb 41 2b .A..;...X.. ..A+
...
fffff2b70dc27890 8d 48 20 *4a 89 78 20 8b f7 45 8b e8 4c 8b fa 4c .H J.x ..E..L..L
...
fffff2b70dc27970 8d 0c c5 00 00 00 00 48 8b 03 83 *4d 08 08 01 48 .......H...M...H
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
MEMORY_CORRUPTOR: STRIDE
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_STRIDE
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {574dbc1b-92cb-fb09-cb7a-cacc1bb2c511}
Followup: memory_corruption
---------