Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Computer Reboot

jasieltegojasieltego Member Posts: 1

Hi All,

I'm having an issue with a computer that restarts randomly. I believe I have narrowed it down, to my best understanding.
What I believe is going on is Python is running for 7+hours, then somehow it conflicted with the driver SISIPSNetFilter.sys , the driver in question is Symatec Endpoint Driver.
I believe the issue started happening since late March, and the Symantec Driver was updated Mid March. According to my interpretation of the mini dump that is what I'm understanding.
I will post the mini dump below and I would really appreciate it, if someone can help me review it and perhaps also give me some tips on how to isolate this further.

NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\atlmfc.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\ObjectiveC.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\concurrency.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\cpp_rest.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Kernel.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\stl.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Data.Json.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Devices.Geolocation.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Devices.Sensors.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Media.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\windows.natvis'
NatVis script unloaded from 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\winrt.natvis'

Loading Dump File [C:\Users\xxxxxxx\minidumpfile.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response Time (ms) Location
Deferred Deferred srvsrv

Symbol search path is: Symbol search path is: srv*
srv*
Executable search path is:
Windows 10 Kernel Windows 10 Kernel Version 14393Version 14393 MP MP (32 procs) (32 procs) Free x64
Free x64
Product: Product: ServerServer, suite:, suite: TerminalServer TerminalServer

Edition build lab: 14393.4530.amd64fre.rs1_release.210705-0736
Machine Name:

Kernel base = 0xfffff8016ac00000 PsLoadedModuleList = 0xfffff8016af04060
Debug session time: Tue Aug 17 09:07:21.852 2021 (UTC - 7:00)
System Uptime: 31 days 23:44:50.078System Uptime: 31 days 23:44:50.078

Loading Kernel Symbols
..........................................................................

Loading User Symbols
Loading unloaded module list
.Loading unloaded module list
.....................................................................................

Unable to deliver callback, Unable to deliver callback, 3131

2: kd> !analyze -v


  • *
  • Bugcheck Analysis *
  • *

DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: fffff8016afa6540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeout

Debugging Details:

*** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys

KEY_VALUES_STRING:
KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3827

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 5483

Key  : Analysis.Init.CPU.mSec
Value: 21687

Key  : Analysis.Init.Elapsed.mSec
Value: 19051342

Key  : Analysis.Memory.CommitPeak.Mb
Value: 106

Key  : WER.OS.Branch
Value: rs1_release

Key  : WER.OS.Timestamp
Value: 2021-07-05T07:36:00Z

Key  : WER.OS.Version
Value: 10.0.14393.4530

BUGCHECK_CODE: 133

BUGCHECK_P1: 0

BUGCHECK_P2: 501

BUGCHECK_P3: 500

BUGCHECK_P4: fffff8016afa6540
1

Key  : Analysis.CPU.mSec
Value: 3827

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 5483

Key  : Analysis.Init.CPU.mSec
Value: 21687

Key  : Analysis.Init.Elapsed.mSec
Value: 19051342

Key  : Analysis.Memory.CommitPeak.Mb
Value: 106

Key  : WER.OS.Branch
Value: rs1_release

Key  : WER.OS.Timestamp
Value: 2021-07-05T07:36:00Z

Key  : WER.OS.Version
Value: 10.0.14393.4530

BUGCHECK_CODE: 133

BUGCHECK_P1: 0

BUGCHECK_P2: 501

BUGCHECK_P3: 500

BUGCHECK_P4: fffff8016afa6540

DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED

TRAP_FRAME:
TRAP_FRAME: ffff8001d0cbbd90 -- (.trap 0xffff8001d0cbbd90)
ffff8001d0cbbd90 -- (.trap 0xffff8001d0cbbd90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb681b2a01d99 rbx=0000000000000000 rcx=ffff8001d0cbbfd0
rdx=ffff8001fffcd6d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8016acde3f0 rsp=ffff8001d0cbbf20 rbp=ffff8001d0cbc1e0
r8=0000000000000000 r9=0000000000000000 r10=fffff80006ad6540
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
rax=ffffb681b2a01d99 rbx=0000000000000000 rcx=ffff8001d0cbbfd0
rdx=ffff8001fffcd6d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8016acde3f0 rsp=ffff8001d0cbbf20 rbp=ffff8001d0cbc1e0
r8=0000000000000000 r9=0000000000000000 r10=fffff80006ad6540
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KxWaitForLockOwnerShipWithIrql+0x40nt!KxWaitForLockOwnerShipWithIrql+0x40:
fffff8016acde3f0 a801 test al,1 : fffff8016acde3f0 a801 test al,1
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: python.exe

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: python.exe

DPC_STACK_BASE: FFFF8001D0CBEFB0

STACK_TEXT:
DPC_STACK_BASE: FFFF8001D0CBEFB0

STACK_TEXT:
ffff8001d0cc6d88 fffff8016ac33507 : 0000000000000133 0000000000000000 0000000000000501 0000000000000500 : nt!KeBugCheckEx
ffff8001d0cc6d90 fffff8016ac30778 : 0050f56f675ddae7 0000000000000000 000000000000ace4 fffff78000000320 : nt!KeAccumulateTicks+0x407
ffff8001d0cc6df0 fffff8016b4204e5 : ffffb681ad8f3c00 ffffb681ad8f3c00 ffff8001d1dd1830 ffff8001d1dd1640 : nt!KeClockInterruptNotify+0xb8
ffff8001d0cc6f40 fffff8016acab696 : ffff82b5c339bc6a ffff8001d0cbbed0 000000000000ace4 00000000000014e9 : hal!HalpTimerClockIpiRoutine+0x15
ffff8001d0cc6f70 fffff8016ad5ed7a : ffff8001d0cbbe10 ffff8001d0cbbfd0 00000000000014e9 0000000000000011 : nt!KiCallInterruptServiceRoutine+0x106
ffff8001d0cc6fb0 fffff8016ad5f267 : 0000000000000002 0000000000000018 ffffb681fdc8f200 ffffb681b1677bf0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffff8001d0cbbd90 fffff8016acde3f0 : ffff8001d0cbc0a0 ffffbe8cb2dd2998 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8001d0cbbf20 fffff8016add1598 : ffff8001d0c83180 0000000000000000 ffffffff00000000 0000000000000001 : nt!KxWaitForLockOwnerShipWithIrql+0x40
ffff8001d0cbbf50 fffff80006ad368f : 0000000000000000 ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 : nt!KiAcquireQueuedSpinLockInstrumented+0x68
ffff8001d0cbbfa0 0000000000000000 : ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 0000000000000001 : SISIPSNetFilter+0x368f

ffff8001d0cc6d88 fffff8016ac33507 : 0000000000000133 0000000000000000 0000000000000501 0000000000000500 : nt!KeBugCheckEx
ffff8001d0cc6d90 fffff8016ac30778 : 0050f56f675ddae7 0000000000000000 000000000000ace4 fffff78000000320 : nt!KeAccumulateTicks+0x407
ffff8001d0cc6df0 fffff8016b4204e5 : ffffb681ad8f3c00 ffffb681ad8f3c00 ffff8001d1dd1830 ffff8001d1dd1640 : nt!KeClockInterruptNotify+0xb8
ffff8001d0cc6f40 fffff8016acab696 : ffff82b5c339bc6a ffff8001d0cbbed0 000000000000ace4 00000000000014e9 : hal!HalpTimerClockIpiRoutine+0x15
ffff8001d0cc6f70 fffff8016ad5ed7a : ffff8001d0cbbe10 ffff8001d0cbbfd0 00000000000014e9 0000000000000011 : nt!KiCallInterruptServiceRoutine+0x106
ffff8001d0cc6fb0 fffff8016ad5f267 : 0000000000000002 0000000000000018 ffffb681fdc8f200 ffffb681b1677bf0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffff8001d0cbbd90 fffff8016acde3f0 : ffff8001d0cbc0a0 ffffbe8cb2dd2998 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8001d0cbbf20 fffff8016add1598 : ffff8001d0c83180 0000000000000000 ffffffff00000000 0000000000000001 : nt!KxWaitForLockOwnerShipWithIrql+0x40
ffff8001d0cbbf50 fffff80006ad368f : 0000000000000000 ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 : nt!KiAcquireQueuedSpinLockInstrumented+0x68
ffff8001d0cbbfa0 0000000000000000 : ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 0000000000000001 : SISIPSNetFilter+0x368f

SYMBOL_NAME: SISIPSNetFilter+368f

MODULE_NAME:

SYMBOL_NAME: SISIPSNetFilter+368f

MODULE_NAME: SISIPSNetFilter
SISIPSNetFilter

IMAGE_NAME: SISIPSNetFilter.sys

STACK_COMMAND: .thread ; .cxr ; kb

IMAGE_NAME: SISIPSNetFilter.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 368f

FAILURE_BUCKET_ID: 0x133_DPC_SISIPSNetFilter!unknown_function

OS_VERSION: 10.0.14393.4530

BUILDLAB_STR: rs1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {6c1ab56e-4b2b-7255-c20f-b0b77806115b}

Followup: MachineOwner

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online