F
f-society
Guest
Hi all,
We have been getting the BSOD on a number of laptops, as far as I can tell it is only when the users work from home on. They don't use a VPN, they use the CitrixGateway app for remote access and also have a keyboard with a smartcard reader.
They are Lenovo ThinkPads T590.
When I check evenviewer they get this error;
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0xfffff80445773358). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 2fc68af7-1110-4791-9097-1dfa12b16fac.
When I check the dump logs I get this results. I have never used this before so I am not sure what i am looking for, any ideas?
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff807`76e00000 PsLoadedModuleList = 0xfffff807`77248170
Debug session time: Fri Apr 3 12:41:03.808 2020 (UTC + 1:00)
System Uptime: 0 days 0:38:45.702
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........................
For analysis of this file, run !analyze -v
4: kd> .symfix+ c:\symbols
4: kd> .reload
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........................
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: fffff80777373358, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeout
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for cag.sys
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: LENOVO
SYSTEM_PRODUCT_NAME: 20N5S0JP00
SYSTEM_SKU: LENOVO_MT_20N5_BU_Think_FM_ThinkPad T590
SYSTEM_VERSION: ThinkPad T590
BIOS_VENDOR: LENOVO
BIOS_VERSION: N2IET75W (1.53 )
BIOS_DATE: 08/21/2019
BASEBOARD_MANUFACTURER: LENOVO
BASEBOARD_PRODUCT: 20N5S0JP00
BASEBOARD_VERSION:SDK0xxx697 WIN
DUMP_TYPE: 2
BUGCHECK_P1: 0
BUGCHECK_P2: 501
BUGCHECK_P3: 500
BUGCHECK_P4: fffff80777373358
DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: b
CPU_MICROCODE: 6,8e,b,0 (F,M,S,R) SIG: B8'00000000 (cache) B8'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x133
PROCESS_NAME: System
CURRENT_IRQL: d
ANALYSIS_SESSION_HOST: xxxxx
ANALYSIS_SESSION_TIME: 04-06-2020 08:21:38.0792
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8077703d82d to fffff80776fc2360
STACK_TEXT:
ffffe781`cb0d8b08 fffff807`7703d82d : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
ffffe781`cb0d8b10 fffff807`76eb8e2c : 000003d5`53ff407f ffffe781`cb080180 00000000`0002456c 00000000`0002456c : nt!KeAccumulateTicks+0x1815bd
ffffe781`cb0d8b70 fffff807`778b8567 : ffff8284`f705fa10 ffff8284`f705f5f0 ffff8284`f705f670 00000000`00000002 : nt!KeClockInterruptNotify+0x98c
ffffe781`cb0d8f30 fffff807`76e2cc75 : 00000005`6a51669c ffff8588`a4ad4600 ffff8588`a4ad46b0 ffffe644`8176d923 : hal!HalpTimerClockInterrupt+0xf7
ffffe781`cb0d8f60 fffff807`76fc3dea : ffff8284`f705f670 ffff8588`a4ad4600 00000000`000000aa ffff8588`a4ad4600 : nt!KiCallInterruptServiceRoutine+0xa5
ffffe781`cb0d8fb0 fffff807`76fc4357 : ffff8284`f705f600 fffff807`76ebc76c 00000001`ffffffff fffffff6`00000002 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
ffff8284`f705f5f0 fffff807`76ea1460 : ffffe781`cb080100 00000000`00000f45 ffff8284`f705fa10 00000000`000000aa : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8284`f705f780 fffff807`76ea1047 : ffff8588`bbb02050 ffffe781`cb080180 00000000`00000000 ffff8588`a4e03000 : nt!KxWaitForSpinLockAndAcquire+0x30
ffff8284`f705f7b0 fffff807`74fb1f48 : ffffe781`cb091240 ffff8588`bbb02020 00000000`00000000 00000000`00000008 : nt!KeAcquireSpinLockRaiseToDpc+0x87
ffff8284`f705f7e0 ffffe781`cb091240 : ffff8588`bbb02020 00000000`00000000 00000000`00000008 ffff8588`bbb020a8 : cag+0x1f48
ffff8284`f705f7e8 ffff8588`bbb02020 : 00000000`00000000 00000000`00000008 ffff8588`bbb020a8 fffff807`74fc09a9 : 0xffffe781`cb091240
ffff8284`f705f7f0 00000000`00000000 : 00000000`00000008 ffff8588`bbb020a8 fffff807`74fc09a9 00000000`00000006 : 0xffff8588`bbb02020
THREAD_SHA1_HASH_MOD_FUNC: 4d77ad6f3bba150c4502c21fd79d2515cffe7c84
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 21edf2fff47b663222cece75f32b0fd8d8cef38e
THREAD_SHA1_HASH_MOD: 3a110e720c70a15682d8e5a10c31c507128f1c46
FOLLOWUP_IP:
cag+1f48
fffff807`74fb1f48 48897328 mov qword ptr [rbx+28h],rsi
FAULT_INSTR_CODE: 28738948
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: cag+1f48
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cag
IMAGE_NAME: cag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b8fc2e6
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f48
FAILURE_BUCKET_ID: 0x133_DPC_cag!unknown_function
BUCKET_ID: 0x133_DPC_cag!unknown_function
PRIMARY_PROBLEM_CLASS: 0x133_DPC_cag!unknown_function
TARGET_TIME: 2020-04-03T11:41:03.000Z
OSBUILD: 18362
OSSERVICEPACK: 752
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: e0c2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x133_dpc_cag!unknown_function
FAILURE_ID_HASH: {3482a22b-d9f8-13df-6432-9093eccd95d7}
Followup: MachineOwner
---------
----------------------------------------------
Kevin
More...
We have been getting the BSOD on a number of laptops, as far as I can tell it is only when the users work from home on. They don't use a VPN, they use the CitrixGateway app for remote access and also have a keyboard with a smartcard reader.
They are Lenovo ThinkPads T590.
When I check evenviewer they get this error;
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0xfffff80445773358). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 2fc68af7-1110-4791-9097-1dfa12b16fac.
When I check the dump logs I get this results. I have never used this before so I am not sure what i am looking for, any ideas?
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff807`76e00000 PsLoadedModuleList = 0xfffff807`77248170
Debug session time: Fri Apr 3 12:41:03.808 2020 (UTC + 1:00)
System Uptime: 0 days 0:38:45.702
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........................
For analysis of this file, run !analyze -v
4: kd> .symfix+ c:\symbols
4: kd> .reload
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..........................
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000000, A single DPC or ISR exceeded its time allotment. The offending
component can usually be identified with a stack trace.
Arg2: 0000000000000501, The DPC time count (in ticks).
Arg3: 0000000000000500, The DPC time allotment (in ticks).
Arg4: fffff80777373358, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding this single DPC timeout
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for cag.sys
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
SYSTEM_MANUFACTURER: LENOVO
SYSTEM_PRODUCT_NAME: 20N5S0JP00
SYSTEM_SKU: LENOVO_MT_20N5_BU_Think_FM_ThinkPad T590
SYSTEM_VERSION: ThinkPad T590
BIOS_VENDOR: LENOVO
BIOS_VERSION: N2IET75W (1.53 )
BIOS_DATE: 08/21/2019
BASEBOARD_MANUFACTURER: LENOVO
BASEBOARD_PRODUCT: 20N5S0JP00
BASEBOARD_VERSION:SDK0xxx697 WIN
DUMP_TYPE: 2
BUGCHECK_P1: 0
BUGCHECK_P2: 501
BUGCHECK_P3: 500
BUGCHECK_P4: fffff80777373358
DPC_TIMEOUT_TYPE: SINGLE_DPC_TIMEOUT_EXCEEDED
CPU_COUNT: 8
CPU_MHZ: 708
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: b
CPU_MICROCODE: 6,8e,b,0 (F,M,S,R) SIG: B8'00000000 (cache) B8'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x133
PROCESS_NAME: System
CURRENT_IRQL: d
ANALYSIS_SESSION_HOST: xxxxx
ANALYSIS_SESSION_TIME: 04-06-2020 08:21:38.0792
ANALYSIS_VERSION: 10.0.18362.1 x86fre
LAST_CONTROL_TRANSFER: from fffff8077703d82d to fffff80776fc2360
STACK_TEXT:
ffffe781`cb0d8b08 fffff807`7703d82d : 00000000`00000133 00000000`00000000 00000000`00000501 00000000`00000500 : nt!KeBugCheckEx
ffffe781`cb0d8b10 fffff807`76eb8e2c : 000003d5`53ff407f ffffe781`cb080180 00000000`0002456c 00000000`0002456c : nt!KeAccumulateTicks+0x1815bd
ffffe781`cb0d8b70 fffff807`778b8567 : ffff8284`f705fa10 ffff8284`f705f5f0 ffff8284`f705f670 00000000`00000002 : nt!KeClockInterruptNotify+0x98c
ffffe781`cb0d8f30 fffff807`76e2cc75 : 00000005`6a51669c ffff8588`a4ad4600 ffff8588`a4ad46b0 ffffe644`8176d923 : hal!HalpTimerClockInterrupt+0xf7
ffffe781`cb0d8f60 fffff807`76fc3dea : ffff8284`f705f670 ffff8588`a4ad4600 00000000`000000aa ffff8588`a4ad4600 : nt!KiCallInterruptServiceRoutine+0xa5
ffffe781`cb0d8fb0 fffff807`76fc4357 : ffff8284`f705f600 fffff807`76ebc76c 00000001`ffffffff fffffff6`00000002 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
ffff8284`f705f5f0 fffff807`76ea1460 : ffffe781`cb080100 00000000`00000f45 ffff8284`f705fa10 00000000`000000aa : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff8284`f705f780 fffff807`76ea1047 : ffff8588`bbb02050 ffffe781`cb080180 00000000`00000000 ffff8588`a4e03000 : nt!KxWaitForSpinLockAndAcquire+0x30
ffff8284`f705f7b0 fffff807`74fb1f48 : ffffe781`cb091240 ffff8588`bbb02020 00000000`00000000 00000000`00000008 : nt!KeAcquireSpinLockRaiseToDpc+0x87
ffff8284`f705f7e0 ffffe781`cb091240 : ffff8588`bbb02020 00000000`00000000 00000000`00000008 ffff8588`bbb020a8 : cag+0x1f48
ffff8284`f705f7e8 ffff8588`bbb02020 : 00000000`00000000 00000000`00000008 ffff8588`bbb020a8 fffff807`74fc09a9 : 0xffffe781`cb091240
ffff8284`f705f7f0 00000000`00000000 : 00000000`00000008 ffff8588`bbb020a8 fffff807`74fc09a9 00000000`00000006 : 0xffff8588`bbb02020
THREAD_SHA1_HASH_MOD_FUNC: 4d77ad6f3bba150c4502c21fd79d2515cffe7c84
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 21edf2fff47b663222cece75f32b0fd8d8cef38e
THREAD_SHA1_HASH_MOD: 3a110e720c70a15682d8e5a10c31c507128f1c46
FOLLOWUP_IP:
cag+1f48
fffff807`74fb1f48 48897328 mov qword ptr [rbx+28h],rsi
FAULT_INSTR_CODE: 28738948
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: cag+1f48
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cag
IMAGE_NAME: cag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b8fc2e6
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1f48
FAILURE_BUCKET_ID: 0x133_DPC_cag!unknown_function
BUCKET_ID: 0x133_DPC_cag!unknown_function
PRIMARY_PROBLEM_CLASS: 0x133_DPC_cag!unknown_function
TARGET_TIME: 2020-04-03T11:41:03.000Z
OSBUILD: 18362
OSSERVICEPACK: 752
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: e0c2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x133_dpc_cag!unknown_function
FAILURE_ID_HASH: {3482a22b-d9f8-13df-6432-9093eccd95d7}
Followup: MachineOwner
---------
----------------------------------------------
Kevin
More...