I cannot find out why windows crashes after 10 minutes whenever I don’t do anything.
Dump file is created at C:\Windows\LiveKernelReports\WFP-20181003-1859.dmp
I think this crash is related to windows defender firewall and BFE(?) windows driver but I’m not sure and why this error occurs.
Here is an analyzed dump file.
-
*
-
Bugcheck Analysis *
-
*
CRITICAL_SERVICE_FAILED (5a)
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
SYSTEM_PRODUCT_NAME: To Be Filled By O.E.M.
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: P7.30
BIOS_DATE: 12/14/2016
BASEBOARD_MANUFACTURER: ASRock
BASEBOARD_PRODUCT: H110M-DGS
BASEBOARD_VERSION:
DUMP_TYPE: 1
DUMP_FILE_ATTRIBUTES: 0x10
Live Generated Dump
BUGCHECK_P1: 0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
BUGCHECK_STR: 0x5A
CPU_COUNT: 4
CPU_MHZ: c78
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: BE’00000000 (cache) BE’00000000 (init)
DEFAULT_BUCKET_ID: WINBLUE_LIVE_KERNEL_DUMP
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: WONSCH-PC
ANALYSIS_SESSION_TIME: 10-03-2018 19:29:45.0667
ANALYSIS_VERSION: 10.0.17134.1 amd64fre
LAST_CONTROL_TRANSFER: from fffff8010e094682 to fffff8010e09f7ce
STACK_TEXT:
fffffd83974ef150 fffff801
0e094682 : ffffffffffffffff 00000000
00000011 0000000000000000 00000000
00000011 : nt!IopLiveDumpEndMirroringCallback+0x7e
fffffd83974ef1a0 fffff801
0e09f473 : 0000000000000000 fffff801
00000000 ffff9c0900000001 00000000
00000001 : nt!MmDuplicateMemory+0x26e
fffffd83974ef230 fffff801
0e33d04d : ffff9c0973345ad0 ffff9c09
73345ad0 fffffd83974ef4f8 fffffd83
974ef4f8 : nt!IopLiveDumpCaptureMemoryPages+0x7f
fffffd83974ef2f0 fffff801
0e330a34 : 0000000000000000 ffffb087
b908f950 ffffb087b78b3a80 ffffb087
b908f950 : nt!IoCaptureLiveDump+0x289
fffffd83974ef490 fffff801
0e331138 : ffffffff8000367c 00000000
00000000 0000000000000000 00000000
00000000 : nt!DbgkpWerCaptureLiveFullDump+0x134
fffffd83974ef4f0 fffff801
0e33088b : 0000000000000002 00000000
00000000 0000000000000000 00000000
0000005a : nt!DbgkpWerProcessPolicyResult+0x30
fffffd83974ef520 fffff803
45aa6d9f : 0000000000000000 fffffd83
974ef620 ffff9c0972511280 ffff9c09
73858a98 : nt!DbgkWerCaptureLiveKernelDump+0x19b
fffffd83974ef570 fffff803
45aa5d0b : fffffd83974ef658 00000000
00000000 ffff9c0972e3e700 fffff803
44d77929 : fwpkclnt!FwppFirewallStateOnChange+0x3f
fffffd83974ef5d0 fffff803
45894e45 : 0000000000000000 fffff801
0df07306 ffff9c0972b53580 00000000
00000000 : fwpkclnt!FwppDispatchDevCtl0+0xc4b
fffffd83974ef640 fffff803
45834eb3 : ffff9c0973858a60 fffffd83
974ef8c0 0000023e6f6c9a40 00000000
00000000 : tcpip!KfdDispatchDevCtl+0x5ff85
fffffd83974ef6d0 fffff801
0dc36199 : ffff9c0972e3ed70 fffff801
0dc36465 ffff9c0972e3ee40 00000000
20206f49 : tcpip!NlDispatchDeviceControl+0x43
fffffd83974ef700 fffff801
0e0e954b : ffff9c0973858a60 fffffd83
974efa80 0000000000000001 00000000
00000000 : nt!IofCallDriver+0x59
fffffd83974ef740 fffff801
0e0e8bdf : ffff9c0900000000 ffff9c09
724c8570 0000000000000000 fffffd83
974efa80 : nt!IopSynchronousServiceTail+0x1ab
fffffd83974ef7f0 fffff801
0e0e9386 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!IopXxxControlFile+0x66f
fffffd83974ef920 fffff801
0ddd6343 : ffff9c0972e3e700 fffffd83
974efa80 000000946c0ff1e8 fffffd83
974ef9a8 : nt!NtDeviceIoControlFile+0x56
fffffd83974ef990 00007ffe
a3cf9f94 : 00007ffe98bf5931 0000023e
6f602340 0000000000000000 0000023e
6f675510 : nt!KiSystemServiceCopyEnd+0x13
000000946c0ff938 00007ffe
98bf5931 : 0000023e6f602340 00000000
00000000 0000023e6f675510 00000094
6b733000 : ntdll!NtDeviceIoControlFile+0x14
000000946c0ff940 00007ffe
98bf66bd : 0000023e6f675f50 00000094
6b733000 000000946c0ffa38 00007ffe
00000024 : bfe!BfeDeviceIoControl+0x55
000000946c0ff9b0 00007ffe
98c083ec : 0000023e00000000 00007ffe
98c65e40 0000000000000004 0000023e
6f675f50 : bfe!BfeDriverOnFirewallStateChange+0x3d
000000946c0ffa00 00007ffe
98c0846d : 0000023e6ff117f0 00000094
6c0ffcd8 000000946b733000 00000000
00000000 : bfe!BfeFirewallWatchdogTimerCallback+0xdc
000000946c0ffa80 00007ffe
a3cd558d : 0000023e00000001 00000000
7ffe0386 0000023e6ff117f0 00000000
00000000 : bfe!BfeTimerCallback+0x4d
000000946c0ffad0 00007ffe
a3c83229 : 0000023e6f63be20 00000000
7ffe0386 0000023e6f63bee8 0000023e
6f674e00 : ntdll!RtlpTpTimerCallback+0x7d
000000946c0ffb20 00007ffe
a3c7fa2d : 0000023e6f602458 0000023e
6f674de0 0000000000000000 0000023e
6f602358 : ntdll!TppTimerpExecuteCallback+0xe9
000000946c0ffb70 00007ffe
a1ea3034 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : ntdll!TppWorkerThread+0x70d
000000946c0ffe60 00007ffe
a3cd1431 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000946c0ffe90 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : ntdll!RtlUserThreadStart+0x21
THREAD_SHA1_HASH_MOD_FUNC: b0094691039a315dd5559c34529062bb26656401
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: dd9bb3e5e399d5a86fb3332cebe96ac1898e61e7
THREAD_SHA1_HASH_MOD: dc47b33cbe982bc9f39474f67241e70cbd948f40
FOLLOWUP_IP:
fwpkclnt!FwppFirewallStateOnChange+3f
fffff803`45aa6d9f 85c0 test eax,eax
FAULT_INSTR_CODE: f74c085
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: fwpkclnt!FwppFirewallStateOnChange+3f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fwpkclnt
IMAGE_NAME: fwpkclnt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 27391fb0
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 3f
FAILURE_BUCKET_ID: LKD_0x5A_fwpkclnt!FwppFirewallStateOnChange
BUCKET_ID: LKD_0x5A_fwpkclnt!FwppFirewallStateOnChange
PRIMARY_PROBLEM_CLASS: LKD_0x5A_fwpkclnt!FwppFirewallStateOnChange
TARGET_TIME: 2018-10-03T09:59:50.000Z
OSBUILD: 17134
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-08-03 12:10:45
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: 5ea
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:lkd_0x5a_fwpkclnt!fwppfirewallstateonchange
FAILURE_ID_HASH: {8b4a8f75-e7e3-1c33-1ac2-57135d2d5ea3}