Windows 10: Interpreting Windows dmp file

Hi,


Intermittently my machine has been restarting with no apparent error or BSOD. I've been able to track the respective error Event Viewer and have opened the dmp file using WinDbg Preview but I can't make sense of the information.


Can anyone please help or advise on what the below means?




Microsoft R Windows Debugger Version 10.0.20153.1000 AMD64

Copyright c Microsoft Corporation. All rights reserved.




Loading Dump File [C:\Users\User\Desktop\error logs\121720-13000-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available





************* Path validation summary **************

Response Time ms Location

Deferred srv*

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP 4 procs Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Edition build lab: 19041.1.amd64fre.vb_release.191206-1406

Machine Name:

Kernel base = 0xfffff807`41000000 PsLoadedModuleList = 0xfffff807`41c2a2b0

Debug session time: Thu Dec 17 19:38:27.308 2020 UTC + 0:00

System Uptime: 6 days 12:24:15.790

Loading Kernel Symbols

...............................................................

................................................................

................................................................

.........

Loading User Symbols

Loading unloaded module list

..................................................

For analysis of this file, run !analyze -v

nt!KeBugCheckEx:

fffff807`413f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe006`2f5d0e10=00000000000000ef

3: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



CRITICAL_PROCESS_DIED ef

A critical system process died

Arguments:

Arg1: ffffaa0fbff7e080, Process object or thread object

Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.

Arg3: 0000000000000000

Arg4: 0000000000000000



Debugging Details:

------------------





KEY_VALUES_STRING: 1



Key : Analysis.CPU.mSec

Value: 13484



Key : Analysis.DebugAnalysisProvider.CPP

Value: Create: 8007007e on HASAN-DESKTOP



Key : Analysis.DebugData

Value: CreateObject



Key : Analysis.DebugModel

Value: CreateObject



Key : Analysis.Elapsed.mSec

Value: 21509



Key : Analysis.Memory.CommitPeak.Mb

Value: 83



Key : Analysis.System

Value: CreateObject



Key : WER.OS.Branch

Value: vb_release



Key : WER.OS.Timestamp

Value: 2019-12-06T14:06:00Z



Key : WER.OS.Version

Value: 10.0.19041.1





ADDITIONAL_XML: 1



OS_BUILD_LAYERS: 1



BUGCHECK_CODE: ef



BUGCHECK_P1: ffffaa0fbff7e080



BUGCHECK_P2: 0



BUGCHECK_P3: 0



BUGCHECK_P4: 0



PROCESS_NAME: services.exe



CRITICAL_PROCESS: services.exe



EXCEPTION_RECORD: ffffe0062f5d1910 -- .exr 0xffffe0062f5d1910

ExceptionAddress: ffffe0062f5d1910

ExceptionCode: 2f5d1b80

ExceptionFlags: ffffe006

NumberParameters: 16

Parameter[0]: ffff572375e58cff

Parameter[1]: 0000000000000000

Parameter[2]: 0000006b33130f01

Parameter[3]: 0000000000000001

Parameter[4]: 0000000000000000

Parameter[5]: 0000000000000000

Parameter[6]: 0000000000000000

Parameter[7]: 0000000000000000

Parameter[8]: 0000000000000000

Parameter[9]: 0000000000000000

Parameter[10]: 0000000000000000

Parameter[11]: 0000000000000000

Parameter[12]: 0000000000000000

Parameter[13]: 0000000000000000

Parameter[14]: 0000000000000000



ERROR_CODE: NTSTATUS 0x2f5d1b80 - <Unable to get error code text>



BLACKBOXBSD: 1 !blackboxbsd





BLACKBOXNTFS: 1 !blackboxntfs





BLACKBOXPNP: 1 !blackboxpnp





BLACKBOXWINLOGON: 1



CUSTOMER_CRASH_COUNT: 1



EXCEPTION_CODE_STR: 2f5d1b80



EXCEPTION_PARAMETER1: ffff572375e58cff



EXCEPTION_PARAMETER2: 0000000000000000



EXCEPTION_PARAMETER3: 0000006b33130f01



EXCEPTION_PARAMETER4: 0



EXCEPTION_STR: 0x2f5d1b80



TRAP_FRAME: ffff572375e58cff -- .trap 0xffff572375e58cff

Unable to read trap frame at ffff5723`75e58cff



STACK_TEXT:

ffffe006`2f5d0e08 fffff807`419068e2 : 00000000`000000ef ffffaa0f`bff7e080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx

ffffe006`2f5d0e10 fffff807`41849b39 : 00000000`00000001 fffff807`4135971d 00000000`00000002 fffff807`41358d37 : nt!PspCatchCriticalBreak+0x10e

ffffe006`2f5d0eb0 fffff807`41709724 : ffffaa0f`00000000 00000000`00000000 ffffaa0f`bff7e080 ffffaa0f`bff7e4b8 : nt!PspTerminateAllThreads+0x140b4d

ffffe006`2f5d0f20 fffff807`41709a4c : ffffaa0f`bff7e080 00000000`00000001 ffffffff`ffffffff 00000000`00000000 : nt!PspTerminateProcess+0xe0

ffffe006`2f5d0f60 fffff807`414071b5 : ffffaa0f`bff7e080 ffffaa0f`cb638080 ffffe006`2f5d1050 fffff807`4171da92 : nt!NtTerminateProcess+0x9c

ffffe006`2f5d0fd0 fffff807`413f95e0 : fffff807`41491307 ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x25

ffffe006`2f5d1168 fffff807`41491307 : ffffe006`2f5d1a58 ffffe006`2f5d1a58 ffffffff`ffffffff 00007ff7`eb3a7a68 : nt!KiServiceLinkage

ffffe006`2f5d1170 fffff807`414078ac : ffffe006`2f5d1910 00000000`00000010 ffff5723`75e58cff 00000000`00000000 : nt!KiDispatchException+0x166907

ffffe006`2f5d1920 fffff807`41403a43 : ffffaa0f`cb638080 000001aa`7f7b8f00 ffffe006`2f5d1b80 ffffaa0f`bffa0cb0 : nt!KiExceptionDispatch+0x12c

ffffe006`2f5d1b00 00007ff9`0369b3de : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x443

0000006b`33130f70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`0369b3de





SYMBOL_NAME: nt!PspCatchCriticalBreak+10e



MODULE_NAME: nt



IMAGE_NAME: ntkrnlmp.exe



IMAGE_VERSION: 10.0.19041.685



STACK_COMMAND: .thread ; .cxr ; kb



BUCKET_ID_FUNC_OFFSET: 10e



FAILURE_BUCKET_ID: 0xEF_services.exe_BUGCHECK_CRITICAL_PROCESS_cb638080_nt!PspCatchCriticalBreak



OS_VERSION: 10.0.19041.1



BUILDLAB_STR: vb_release



OSPLATFORM_TYPE: x64



OSNAME: Windows 10



FAILURE_ID_HASH: {a15e0295-f858-878b-9661-62b50968cd12}



Followup: MachineOwner

---------



3: kd> .exr 0xffffe0062f5d1910

ExceptionAddress: ffffe0062f5d1910

ExceptionCode: 2f5d1b80

ExceptionFlags: ffffe006

NumberParameters: 16

Parameter[0]: ffff572375e58cff

Parameter[1]: 0000000000000000

Parameter[2]: 0000006b33130f01

Parameter[3]: 0000000000000001

Parameter[4]: 0000000000000000

Parameter[5]: 0000000000000000

Parameter[6]: 0000000000000000

Parameter[7]: 0000000000000000

Parameter[8]: 0000000000000000

Parameter[9]: 0000000000000000

Parameter[10]: 0000000000000000

Parameter[11]: 0000000000000000

Parameter[12]: 0000000000000000

Parameter[13]: 0000000000000000

Parameter[14]: 0000000000000000

:)

 

Windows 10 BSOD, don't know how to interpret the .dmp files

Edit: I now think this is a Dell problem, not a Windows problem. Thank you all for the suggestions, though. My suggestion is STAY AWAY FROM DELL.

Original post:

I'm running Windows 10, OS Version 10.0.18362 Build 18362

For more than a week, I’ve routinely been getting BSODs with the error message,
BAD POOL CALLER, multiple times a day.

To try and pinpoint the problem, I downloaded Visual Studio and WDK for Windows 10 Version 1903. I registered file associations for .dmp, .hdmp, .mdmp, .kdmp, and .wew. I launched wndbg and set the symbol search path to

SRV*C:\SymCache*Symbol information.

I then attempted to read the dmp files, but in each one I received the message:

Unable to load image \SystemRoot\system32\ntoskrnl.exe, Wind32 error 0n2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

Since I was unable to use wndbg correctly, I downloaded BlueScreenView. I hear that its reports are often inaccurate, but I figured a possibly-correct analysis was better than no analysis. In every crash, BlueScreenView identified
storport.sys and ntoskernel.exe as the culprits; iaStorAVC.sys was also mentioned in a handful of crashes. I’m not sure what to do with this info, though, as I can’t find any of these on the list of drivers in device manager.

You can probably tell I’m not knowledgeable about tech, and this stuff is outside my league. So, I’d be extremely grateful for step-by-step answers to the following questions:

1) What, if anything, should I do about storport.sys, ntoskernel.exe, and iaStorAVC.sys?

2) How can I set up the symbol search path for wndb to properly read dmp files?

Also, if someone wants to read one of my dmp files, I could try uploading some.

Thanks a bunch!

 

Help reading mini dmp file

Download BlueScreenView, unpack the ZIP, and run the EXE (no installation necessary). It's an excellent little utility for looking at DMP files and finding the cause of crashes.

 

Windows 7 is bluescreen-ing on me. can anyone help with the .dmp files.

Download a copy of BlueScreenView 64-bit. Unpack the ZIP file and launch the EXE. It will scan your \Windows\Minidump folder for crash dumps; click on the file that you want to analyze. In the bottom half of the window, BlueScreenView will list the EXEs, DLLs, and drivers that were running when the crash happened. The files with a pink background were responsible for the crash.

I was able to look at your DMP file. I find it a bit odd/suspicious that the Netwsw02.sys driver doesn't show a product name, description, company name, or path. A little digging found that this driver is probably for the Intel Wireless WiFi Link Adapter. Do you have a WiFi adapter in this computer? Your System Specs don't show it. If you do, what is the brand/model?

In the meantime, run Memtest86+ and check for bad RAM. Do at least one full pass, preferably several. It will take a while to check all 16 gigs of RAM in your machine.

It would be a good idea to run some malware scans, too.