P
PeiyuanKang
I am facing a serious problem of blue screen death with stop code: critical process died. It happens after I logging in.
I tried everything I can find online, including update system, update drivers, scf/scannow, chkdsk, etc.
however, it just keeps happening. The only thing kinda works is that the problem stopped under the safe mode. but I still cannot figure out which program triggered the problem.
I used Windbg to check the memory.dmp and the analyze result are read as follows:
Microsoft (R) Windows Debugger Version 10.0.19041.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Page 2000040df too large to be in the dump file.
Page 200003d97 too large to be in the dump file.
Page 200003d97 too large to be in the dump file.
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`0520c000 PsLoadedModuleList = 0xfffff803`05654190
Debug session time: Wed Jul 15 11:09:11.385 2020 (UTC - 5:00)
System Uptime: 0 days 0:03:28.190
Loading Kernel Symbols
...............................................................
..Page d2f35 not present in the dump file. Type ".hh dbgerr004" for details
.......Page 275b not present in the dump file. Type ".hh dbgerr004" for details
.......................................................
...............................................
Loading User Symbols
............................
Loading unloaded module list
...........
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff86054a76c240, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
Page d2f35 not present in the dump file. Type ".hh dbgerr004" for details
Page 275b not present in the dump file. Type ".hh dbgerr004" for details
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 6
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-T8V3B01
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 7
Key : Analysis.Memory.CommitPeak.Mb
Value: 70
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: ef
BUGCHECK_P1: ffff86054a76c240
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: services.exe
CRITICAL_PROCESS: services.exe
EXCEPTION_RECORD: ffff96cb65b2d000 -- (.exr 0xffff96cb65b2d000)
ExceptionAddress: 0000000000000000
ExceptionCode: 3791b867
ExceptionFlags: 0a000001
NumberParameters: 0
ERROR_CODE: (NTSTATUS) 0x3791b867 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
EXCEPTION_CODE_STR: 3791b867
EXCEPTION_STR: 0x3791b867
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
SYMBOL_NAME: ntdll!RtlDispatchException+ec
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ec
FAILURE_BUCKET_ID: 0xEF_services.exe_VRF_BUGCHECK_CRITICAL_PROCESS_6309d080_ntdll!RtlDispatchException
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3314e8dd-aec2-a77d-1970-9f05b706d10d}
Followup: MachineOwner
---------
Continue reading...
I tried everything I can find online, including update system, update drivers, scf/scannow, chkdsk, etc.
however, it just keeps happening. The only thing kinda works is that the problem stopped under the safe mode. but I still cannot figure out which program triggered the problem.
I used Windbg to check the memory.dmp and the analyze result are read as follows:
Microsoft (R) Windows Debugger Version 10.0.19041.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Page 2000040df too large to be in the dump file.
Page 200003d97 too large to be in the dump file.
Page 200003d97 too large to be in the dump file.
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`0520c000 PsLoadedModuleList = 0xfffff803`05654190
Debug session time: Wed Jul 15 11:09:11.385 2020 (UTC - 5:00)
System Uptime: 0 days 0:03:28.190
Loading Kernel Symbols
...............................................................
..Page d2f35 not present in the dump file. Type ".hh dbgerr004" for details
.......Page 275b not present in the dump file. Type ".hh dbgerr004" for details
.......................................................
...............................................
Loading User Symbols
............................
Loading unloaded module list
...........
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffff86054a76c240, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
Page d2f35 not present in the dump file. Type ".hh dbgerr004" for details
Page 275b not present in the dump file. Type ".hh dbgerr004" for details
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 6
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-T8V3B01
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 7
Key : Analysis.Memory.CommitPeak.Mb
Value: 70
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: ef
BUGCHECK_P1: ffff86054a76c240
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: services.exe
CRITICAL_PROCESS: services.exe
EXCEPTION_RECORD: ffff96cb65b2d000 -- (.exr 0xffff96cb65b2d000)
ExceptionAddress: 0000000000000000
ExceptionCode: 3791b867
ExceptionFlags: 0a000001
NumberParameters: 0
ERROR_CODE: (NTSTATUS) 0x3791b867 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
EXCEPTION_CODE_STR: 3791b867
EXCEPTION_STR: 0x3791b867
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
SYMBOL_NAME: ntdll!RtlDispatchException+ec
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ec
FAILURE_BUCKET_ID: 0xEF_services.exe_VRF_BUGCHECK_CRITICAL_PROCESS_6309d080_ntdll!RtlDispatchException
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3314e8dd-aec2-a77d-1970-9f05b706d10d}
Followup: MachineOwner
---------
Continue reading...