Microsoft (R) Windows Debugger Version 10.0.22000.194 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [D:\Downloads\dumps\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff806`69400000 PsLoadedModuleList = 0xfffff806`6a02a230 Debug session time: Sun May 8 23:50:35.582 2022 (UTC + 8:00) System Uptime: 0 days 15:42:00.664 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ .................................. Loading User Symbols ................................................................ .............................. Loading unloaded module list ..................... For analysis of this file, run !analyze -v 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_PROCESS_DIED (ef) A critical system process died Arguments: Arg1: ffffc909721f3080, Process object or thread object Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died. Arg3: 0000000000000000 Arg4: 0000000000000000 Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 6140 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 26138 Key : Analysis.Init.CPU.mSec Value: 2389 Key : Analysis.Init.Elapsed.mSec Value: 99585 Key : Analysis.Memory.CommitPeak.Mb Value: 86 Key : CriticalProcessDied.ExceptionCode Value: 72d82080 Key : CriticalProcessDied.Process Value: svchost.exe Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b BUGCHECK_CODE: ef BUGCHECK_P1: ffffc909721f3080 BUGCHECK_P2: 0 BUGCHECK_P3: 0 BUGCHECK_P4: 0 PROCESS_NAME: svchost.exe CRITICAL_PROCESS: svchost.exe ERROR_CODE: (NTSTATUS) 0x72d82080 - STACK_TEXT: fffffd8c`3e3ef838 fffff806`69d087e2 : 00000000`000000ef ffffc909`721f3080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffffd8c`3e3ef840 fffff806`69c0ff81 : 00000000`00000000 fffff806`696fd8ad 00000000`00000002 fffff806`696fcec7 : nt!PspCatchCriticalBreak+0x10e fffffd8c`3e3ef8e0 fffff806`69ab5b94 : ffffc909`00000000 00000000`00000000 ffffc909`721f3080 ffffc909`721f34b8 : nt!PspTerminateAllThreads+0x15ab25 fffffd8c`3e3ef950 fffff806`69ab5ebc : ffffc909`72d650c0 00000000`00000000 00000000`00000001 00000000`00000c9c : nt!PspTerminateProcess+0xe0 fffffd8c`3e3ef990 fffff806`698092b5 : ffffc909`721f3080 ffffc909`72d82080 fffffd8c`3e3efa80 ffffc909`00000000 : nt!NtTerminateProcess+0x9c fffffd8c`3e3efa00 00007ffa`4f6ed2f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 00000088`3bcfea18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTerminateProcess+0x14 SYMBOL_NAME: ntdll!NtTerminateProcess+14 MODULE_NAME: ntdll IMAGE_NAME: ntdll.dll STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 14 FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_72d82080_ntdll!NtTerminateProcess OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {b7dcc9f4-a6e5-442d-8d76-1815a6ee8184} Followup: MachineOwner --------- 3: kd> !process PROCESS ffffc909721f3080 SessionId: 0 Cid: 0230 Peb: f557430000 ParentCid: 032c DirBase: 440e67002 ObjectTable: ffffdc8605871b40 HandleCount: 1431. Image: svchost.exe VadRoot ffffc909717147b0 Vads 154 Clone 0 Private 2336. Modified 61000. Locked 2. DeviceMap ffffdc8601446720 Token ffffdc8606846470 ElapsedTime 15:41:45.627 UserTime 00:00:07.484 KernelTime 00:00:13.875 QuotaPoolUsage[PagedPool] 533840 QuotaPoolUsage[NonPagedPool] 26584 Working Set Sizes (now,min,max) (7085, 50, 345) (28340KB, 200KB, 1380KB) PeakWorkingSetSize 7466 VirtualSize 2101376 Mb PeakVirtualSize 2101391 Mb PageFaultCount 157590 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2882 THREAD ffffc909721f2480 Cid 0230.0234 Teb: 000000f557431000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable ffffc909720168e0 SynchronizationEvent THREAD ffffc909722c0080 Cid 0230.042c Teb: 000000f557445000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc90972274f80 QueueObject THREAD ffffc909723c2080 Cid 0230.04dc Teb: 000000f557451000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable ffffc909723606e0 SynchronizationEvent ffffc909723604e0 SynchronizationEvent THREAD ffffc9097243e080 Cid 0230.0520 Teb: 000000f557457000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable ffffc90958af29a0 NotificationEvent ffffc90972360be0 SynchronizationEvent ffffc90972360ce0 SynchronizationEvent THREAD ffffc90974bcc080 Cid 0230.0e8c Teb: 000000f55746b000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc909743ea7c0 QueueObject THREAD ffffc90972ba5080 Cid 0230.198c Teb: 000000f557473000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc909759765c0 QueueObject THREAD ffffc90992a99040 Cid 0230.2ff0 Teb: 000000f5575d3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc9097217ff80 QueueObject THREAD ffffc909948130c0 Cid 0230.2048 Teb: 000000f5575e1000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc90972394680 QueueObject THREAD ffffc90994877080 Cid 0230.0ac0 Teb: 000000f5575e3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc9097217ff80 QueueObject THREAD ffffc9099548a0c0 Cid 0230.2964 Teb: 000000f557400000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc9097217ff80 QueueObject THREAD ffffc909956dd0c0 Cid 0230.1b60 Teb: 000000f557402000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc9097217ff80 QueueObject THREAD ffffc909959e50c0 Cid 0230.1d54 Teb: 000000f557408000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable ffffc90972ef8430 SynchronizationTimer THREAD ffffc909950c2080 Cid 0230.2f20 Teb: 000000f557410000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc90972212d40 QueueObject THREAD ffffc909729e8080 Cid 0230.2b08 Teb: 000000f557412000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable ffffc90972394680 QueueObject 3: kd> !thread THREAD ffffc90972d82080 Cid 0c38.0c9c Teb: 000000883adab000 Win32Thread: 0000000000000000 RUNNING on processor 3 Not impersonating DeviceMap ffffdc8601446720 Owning Process ffffc90972d650c0 Image: SbieSvc.exe Attached Process ffffc909721f3080 Image: svchost.exe Wait Start TickCount 3617322 Ticks: 0 Context Switch Count 1214289 IdealProcessor: 0 UserTime 00:00:07.671 KernelTime 00:00:22.078 Win32 Start Address 0x00007ff6c3d754c0 Stack Init fffffd8c3e3efb90 Current fffffd8c3e3eec70 Base fffffd8c3e3f0000 Limit fffffd8c3e3e9000 Call 0000000000000000 Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffffd8c`3e3ef838 fffff806`69d087e2 : 00000000`000000ef ffffc909`721f3080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffffd8c`3e3ef840 fffff806`69c0ff81 : 00000000`00000000 fffff806`696fd8ad 00000000`00000002 fffff806`696fcec7 : nt!PspCatchCriticalBreak+0x10e fffffd8c`3e3ef8e0 fffff806`69ab5b94 : ffffc909`00000000 00000000`00000000 ffffc909`721f3080 ffffc909`721f34b8 : nt!PspTerminateAllThreads+0x15ab25 fffffd8c`3e3ef950 fffff806`69ab5ebc : ffffc909`72d650c0 00000000`00000000 00000000`00000001 00000000`00000c9c : nt!PspTerminateProcess+0xe0 fffffd8c`3e3ef990 fffff806`698092b5 : ffffc909`721f3080 ffffc909`72d82080 fffffd8c`3e3efa80 ffffc909`00000000 : nt!NtTerminateProcess+0x9c fffffd8c`3e3efa00 00007ffa`4f6ed2f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffffd8c`3e3efa00) 00000088`3bcfea18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTerminateProcess+0x14