Computer Reboot

WINDBG
1

Hi All,

I’m having an issue with a computer that restarts randomly. I believe I have narrowed it down, to my best understanding.
What I believe is going on is Python is running for 7+hours, then somehow it conflicted with the driver SISIPSNetFilter.sys , the driver in question is Symatec Endpoint Driver.
I believe the issue started happening since late March, and the Symantec Driver was updated Mid March. According to my interpretation of the mini dump that is what I’m understanding.
I will post the mini dump below and I would really appreciate it, if someone can help me review it and perhaps also give me some tips on how to isolate this further.

NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\atlmfc.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\ObjectiveC.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\concurrency.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\cpp_rest.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Kernel.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\stl.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Data.Json.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Devices.Geolocation.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Devices.Sensors.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\Windows.Media.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\windows.natvis’
NatVis script unloaded from ‘C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\Visualizers\winrt.natvis’

Loading Dump File [C:\Users\xxxxxxx\minidumpfile.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response Time (ms) Location
Deferred Deferred srvsrv

Symbol search path is: Symbol search path is: srv*
srv*
Executable search path is:
Windows 10 Kernel Windows 10 Kernel Version 14393Version 14393 MP MP (32 procs) (32 procs) Free x64
Free x64
Product: Product: ServerServer, suite:, suite: TerminalServer TerminalServer

Edition build lab: 14393.4530.amd64fre.rs1_release.210705-0736
Machine Name:

Kernel base = 0xfffff8016ac00000 PsLoadedModuleList = 0xfffff8016af04060
Debug session time: Tue Aug 17 09:07:21.852 2021 (UTC - 7:00)
System Uptime: 31 days 23:44:50.078System Uptime: 31 days 23:44:50.078

Loading Kernel Symbols

Loading User Symbols
Loading unloaded module list
.Loading unloaded module list

Unable to deliver callback, Unable to deliver callback, 3131

2: kd> !analyze -v

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: fffff8016afa6540, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeout

Debugging Details:

*** WARNING: Unable to verify timestamp for SISIPSNetFilter.sys

KEY_VALUES_STRING:
KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3827

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 5483

Key  : Analysis.Init.CPU.mSec
Value: 21687

Key  : Analysis.Init.Elapsed.mSec
Value: 19051342

Key  : Analysis.Memory.CommitPeak.Mb
Value: 106

Key  : WER.OS.Branch
Value: rs1_release

Key  : WER.OS.Timestamp
Value: 2021-07-05T07:36:00Z

Key  : WER.OS.Version
Value: 10.0.14393.4530

BUGCHECK_CODE: 133

BUGCHECK_P1: 0

BUGCHECK_P2: 501

BUGCHECK_P3: 500

BUGCHECK_P4: fffff8016afa6540
1

Key  : Analysis.CPU.mSec
Value: 3827

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 5483

Key  : Analysis.Init.CPU.mSec
Value: 21687

Key  : Analysis.Init.Elapsed.mSec
Value: 19051342

Key  : Analysis.Memory.CommitPeak.Mb
Value: 106

Key  : WER.OS.Branch
Value: rs1_release

Key  : WER.OS.Timestamp
Value: 2021-07-05T07:36:00Z

Key  : WER.OS.Version
Value: 10.0.14393.4530

BUGCHECK_CODE: 133

BUGCHECK_P1: 0

BUGCHECK_P2: 501

BUGCHECK_P3: 500

BUGCHECK_P4: fffff8016afa6540

DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED

TRAP_FRAME:
TRAP_FRAME: ffff8001d0cbbd90 – (.trap 0xffff8001d0cbbd90)
ffff8001d0cbbd90 – (.trap 0xffff8001d0cbbd90)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffb681b2a01d99 rbx=0000000000000000 rcx=ffff8001d0cbbfd0
rdx=ffff8001fffcd6d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8016acde3f0 rsp=ffff8001d0cbbf20 rbp=ffff8001d0cbc1e0
r8=0000000000000000 r9=0000000000000000 r10=fffff80006ad6540
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
rax=ffffb681b2a01d99 rbx=0000000000000000 rcx=ffff8001d0cbbfd0
rdx=ffff8001fffcd6d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8016acde3f0 rsp=ffff8001d0cbbf20 rbp=ffff8001d0cbc1e0
r8=0000000000000000 r9=0000000000000000 r10=fffff80006ad6540
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!KxWaitForLockOwnerShipWithIrql+0x40nt!KxWaitForLockOwnerShipWithIrql+0x40:
fffff8016acde3f0 a801 test al,1 : fffff8016acde3f0 a801 test al,1
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: python.exe

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: python.exe

DPC_STACK_BASE: FFFF8001D0CBEFB0

STACK_TEXT:
DPC_STACK_BASE: FFFF8001D0CBEFB0

STACK_TEXT:
ffff8001d0cc6d88 fffff8016ac33507 : 0000000000000133 0000000000000000 0000000000000501 0000000000000500 : nt!KeBugCheckEx
ffff8001d0cc6d90 fffff8016ac30778 : 0050f56f675ddae7 0000000000000000 000000000000ace4 fffff78000000320 : nt!KeAccumulateTicks+0x407
ffff8001d0cc6df0 fffff8016b4204e5 : ffffb681ad8f3c00 ffffb681ad8f3c00 ffff8001d1dd1830 ffff8001d1dd1640 : nt!KeClockInterruptNotify+0xb8
ffff8001d0cc6f40 fffff8016acab696 : ffff82b5c339bc6a ffff8001d0cbbed0 000000000000ace4 00000000000014e9 : hal!HalpTimerClockIpiRoutine+0x15
ffff8001d0cc6f70 fffff8016ad5ed7a : ffff8001d0cbbe10 ffff8001d0cbbfd0 00000000000014e9 0000000000000011 : nt!KiCallInterruptServiceRoutine+0x106
ffff8001d0cc6fb0 fffff8016ad5f267 : 0000000000000002 0000000000000018 ffffb681fdc8f200 ffffb681b1677bf0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffff8001d0cbbd90 fffff8016acde3f0 : ffff8001d0cbc0a0 ffffbe8cb2dd2998 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8001d0cbbf20 fffff8016add1598 : ffff8001d0c83180 0000000000000000 ffffffff00000000 0000000000000001 : nt!KxWaitForLockOwnerShipWithIrql+0x40
ffff8001d0cbbf50 fffff80006ad368f : 0000000000000000 ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 : nt!KiAcquireQueuedSpinLockInstrumented+0x68
ffff8001d0cbbfa0 0000000000000000 : ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 0000000000000001 : SISIPSNetFilter+0x368f

ffff8001d0cc6d88 fffff8016ac33507 : 0000000000000133 0000000000000000 0000000000000501 0000000000000500 : nt!KeBugCheckEx
ffff8001d0cc6d90 fffff8016ac30778 : 0050f56f675ddae7 0000000000000000 000000000000ace4 fffff78000000320 : nt!KeAccumulateTicks+0x407
ffff8001d0cc6df0 fffff8016b4204e5 : ffffb681ad8f3c00 ffffb681ad8f3c00 ffff8001d1dd1830 ffff8001d1dd1640 : nt!KeClockInterruptNotify+0xb8
ffff8001d0cc6f40 fffff8016acab696 : ffff82b5c339bc6a ffff8001d0cbbed0 000000000000ace4 00000000000014e9 : hal!HalpTimerClockIpiRoutine+0x15
ffff8001d0cc6f70 fffff8016ad5ed7a : ffff8001d0cbbe10 ffff8001d0cbbfd0 00000000000014e9 0000000000000011 : nt!KiCallInterruptServiceRoutine+0x106
ffff8001d0cc6fb0 fffff8016ad5f267 : 0000000000000002 0000000000000018 ffffb681fdc8f200 ffffb681b1677bf0 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffff8001d0cbbd90 fffff8016acde3f0 : ffff8001d0cbc0a0 ffffbe8cb2dd2998 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8001d0cbbf20 fffff8016add1598 : ffff8001d0c83180 0000000000000000 ffffffff00000000 0000000000000001 : nt!KxWaitForLockOwnerShipWithIrql+0x40
ffff8001d0cbbf50 fffff80006ad368f : 0000000000000000 ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 : nt!KiAcquireQueuedSpinLockInstrumented+0x68
ffff8001d0cbbfa0 0000000000000000 : ffffb681b2a01d70 ffff8001d0cbc1e0 0000000000000000 0000000000000001 : SISIPSNetFilter+0x368f

SYMBOL_NAME: SISIPSNetFilter+368f

MODULE_NAME:

SYMBOL_NAME: SISIPSNetFilter+368f

MODULE_NAME: SISIPSNetFilter
SISIPSNetFilter

IMAGE_NAME: SISIPSNetFilter.sys

STACK_COMMAND: .thread ; .cxr ; kb

IMAGE_NAME: SISIPSNetFilter.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 368f

FAILURE_BUCKET_ID: 0x133_DPC_SISIPSNetFilter!unknown_function

OS_VERSION: 10.0.14393.4530

BUILDLAB_STR: rs1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {6c1ab56e-4b2b-7255-c20f-b0b77806115b}

Followup: MachineOwner

2

Looks like there’s a bug in the SISIPSNetFilter driver.

File a bug with Symantec.

Peter