What does it mean when this happens - WinDbg

[Patrick]

I was going to analyze some x124 dumps, and then this happened. Kind of frustrating. I've seen this in the past with other dump files, but I never knew why it did this.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 124, {0, fffffa800a040030, b6242000, 8000135}

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
Probably caused by : hardware

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa800a040030, Address of the WHEA_ERROR_RECORD structure.
Arg3: 00000000b6242000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000008000135, Low order 32-bits of the MCi_STATUS value.

Debugging Details:
------------------

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: pshed!_WHEA_ERROR_RECORD_HEADER                ***
***                                                                   ***
*************************************************************************

BUGCHECK_STR:  0x124_AuthenticAMD

CUSTOMER_CRASH_COUNT:  9

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

PROCESS_NAME:  HPHC_Service.ex

CURRENT_IRQL:  f

STACK_TEXT:  
fffffa60`005f3958 fffff800`0361a8ba : 00000000`00000124 00000000`00000000 fffffa80`0a040030 00000000`b6242000 : nt!KeBugCheckEx
fffffa60`005f3960 fffff800`03779ee3 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000001 : hal!HalBugCheckSystem+0x12e
fffffa60`005f39d0 fffff800`0361a1bc : fffffa60`00000c3e fffffa60`005f3bb0 fffffa60`005f3c30 00000000`00000000 : nt!WheaReportHwError+0x243
fffffa60`005f3a30 fffff800`036afd31 : fffff880`01328010 fffffa60`005f3c30 00000000`00000640 00000000`00000000 : hal!HalpMcaExceptionHandler+0x114
fffffa60`005f3a70 fffff800`036afb75 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxMcheckAbort+0x71
fffffa60`005f3bb0 fffff800`038dcbb1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiMcheckAbort+0xf5
fffffa60`0d571820 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvpGetCellPaged+0x51


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hardware

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  X64_0x124_AuthenticAMD__UNKNOWN

BUCKET_ID:  X64_0x124_AuthenticAMD__UNKNOWN

Followup: MachineOwner
---------

Although it does show some info, etc, if I try and run an !errrec on the parameter, it just shoots more symbol errors and I cannot get the necessary information.

 

[usasma]

This is the key:

Your debugger is not using the correct symbols

If it's someone else running the dumps, I first blame their debugger and it's symbols.
Then I blame the OS installation, either corrupted or a pirated copy.

If it's occurring on my debugger, I presume the problem is elsewhere (since my debugger has been running unaltered with the same symbol path for a long, long time).
Could be a problem with the copy in the MS symbol server. I recall this happening once or twice over the last 3 years.
I've also seen issues when I start and stop my network connection (to speed up the running of dumps) - and I find that the symbol cache on my hard driver gets corrupted. Deleting the contents of the cache usually fixes that one.

Just FYI, I do a fair amount of dumps (123 sets over the last month) and haven't seen these errors in any that I've done.

We've seen recent issues with win32k.sys and now with pshed.dll
Here's another topic with pshed.dll issues: https://www.sysnative.com/forums/showthread.php/3051-Is-this-Dells-version-of-Windows

Here's the win32k.sys topic: https://www.sysnative.com/forums/showthread.php/1377-win32k-symbol-errors
Although the topic is older, I'm still getting these errors.

Another, much less likely scenario, is that you haven't run this type of dump before (the OS type not STOP 0x124) - and that your cache doesn't contain the necessary symbol files for pshed.dll. Then a network failure would cause your system to look for the symbols in your cache - and since it's not there it would then give you the error. Not real likely, as you'd probably notice a network problem, but it still needs to be discussed.

Can you run lmtsmn and see what info you can find on the drivers?
How about a systeminfo.exe report (to check the Product ID for piracy)
How about MSINFO32 for more info on the system?

 

[Patrick]

Hey John,

I've analyzed a fair amount of 124 hardware dumps and haven't seen this happen. My symbol path currently is:

SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols

Running lmtsmn works just fine, it displays the drivers as it should.

As far as sysinfo goes, I have the system diagnostics report. Where in that would I find out if the product ID is legitimate?

Being curious, I assumed the word activation is the key, so I ctrl-f'd "activation" and the only thing that came up was:

SL UI Notification Service - Provides Software Licensing activation and notification. It was set to "false" in terms of whether the service was Started. Is that anything of relevance?

Another, much less likely scenario, is that you haven't run this type of dump before (the OS type not STOP 0x124)

It's possible, I don't think I have run a 124 on Vista, if I am understanding what you're saying correctly.

Either way, not a huge deal and nothing I'm going to lose sleep over. I've had zero issues analyzing in the past, just when I ran this specific 124 dump and I saw this for the first time on my own system.. I was just thrown a little off guard as I've seen Shintaro have the same issue, etc.. just as you mentioned.

Regards,

Patrick

 

[usasma]

Symbols path looks good

As for the possible piracy, search Google for the product ID number in the systeminfo report
That'll give you a start. The results aren't definitive - you can get a ton of hits and still have a legitimate OS - but it's a start

Anything of note in the list of drivers?

 

[Shintaro]

Mate,

Yea, welcome to the club of mysterious PSHED.DLL.
If you are able, could you share that dump.
As I wonder if it will do the same on my system?

Also if possible, what do you know about that system?
Cheers.

 

[cluberti]

Agreed - share the dump out. Usually this means you don't have correct symbols in your cache (or they're corrupt), and the debugger can't figure it out. Another thing to do is do a reload /f after doing !sym noisy to see what gets spit out after you back up (and then delete) your symcache.

 

[usasma]

Not to beat a dead horse, but I've been reading about WHEA.
And I come to find out that PSHED.dll is a central part of it. And, that it functions similarly (IMO) to hal.dll in that it isolates the hardware from the error reporting mechanisms. Hal.dll isolates the hardware from the operating system.

Some further info (from the document "Windows Hardware Error Architecture dated 23 May 2006).....

The Low Level Hardware Error Handlers (LLHEH) may exist in the kernel or the HAL (may exist in other places also)

WHEA is notified by the LLHEH of hardware errors

3 types of errors (very generic descriptions):
- Corrected Errors (fixed before Windows gets notified and then Windows generates an ETW event)
- Uncorrected but Recoverable Errors (fixed by Windows then it generates an ETW event)
- Uncorrected Fatal Errors (Windows generates an ETW event and then bugchecks the system)
(I wonder if STOP 0x117 errors are Corrected or Uncorrected but Recoverable? I suspect that they're Corrected because I seem to recall reading that the driver resets itself when it sees that it's needed.)

WHEA gives 3rd party vendors the opportunity to add additional info before the ETW event is generated

Both the LLHEH and Windows draw on the services of the Platform-Specific Hardware Error Driver (PSHED)

Platform vendors can add PSHED plug-ins. A PSHED plug-in is a "special-purpose Windows device driver" that establishes an additional call-back for PSHED. The purpose of the plug-in is to augment or override the behavior of PSHED.
Both PSHED and the plug-ins are able to interface directly with the device's firmware.

Referring to BSOD crashes:

The PSHED provides an interface through which the operating system can store and retrieve a hardware error record so that the error information is preserved during the system restart

So, it appears possible that the some things could happen to make PSHED show up "in error" in the memory dump analysis:
- that the error reporting mechanism is corrupted during the crash - making PSHED appear as non-valid for the current symbols. In other words, that the dump is slightly messed up because the PSHED doesn't maintain the error information throughout the reboot.

- that a plug-in for PSHED isn't working properly - making PSHED not valid for the current symbols. In other words, PSHED is corrupted by the plug-in.

Anyone know how to locate these plug-ins? Or to see if they are implemented in a system?

 

[Shintaro]

Usasma,

Thanks for that.
Just quickly some links:

http://download.microsoft.com/download/5/b/9/5b97017b-e28a-4bae-ba48-174cf47d23cd/cpa018_wh06.ppt

[h=1]Introduction to PSHED Plug-Ins [/h]
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559408(v=vs.85).aspx

 

[usasma]

Great links!!!
Thanks Shintaro!

 

[Shintaro]

Some more links:
[h=1]Roadmap for Developing PSHED Plug-Ins [/h]http://msdn.microsoft.com/en-us/library/windows/hardware/ff559487%28v=vs.85%29.aspx

[h=1]Introduction to the Windows Hardware Error Architecture [/h]http://msdn.microsoft.com/en-us/library/windows/hardware/ff559412%28v=vs.85%29.aspx

Old Doc:
http://msdn.microsoft.com/en-us/windows/hardware/gg463510.aspx

 

[usasma]

From here: http://msdn.microsoft.com/en-us/library/windows/hardware/ff559478(v=vs.85).aspx

Therefore, a registered PSHED plug-in must not be unloaded from the system or a bug check might occur.

 

[Patrick]

Nice info guys!

So what I'm trying to figure out here is - why can I debug and analyze hundreds and hundreds of crash dumps, but for some reason, my WinDbg just won't work with these specific 124's for this one particular user. Is it an issue regarding his dumps, or is it an issue with my WinDbg?

Here's the thread: http://www.techsupportforum.com/forums/f299/bsod-help-658939.html

 

[usasma]

If you can do hundreds of memory dumps without issue, then the problem is most likely with the owner's machine (and not yours).

My theory is that there is a malfunctioning plug-in for the PSHED on the crashing machine

If it was related to the error report not being saved (or not being saved properly), then the PSHED itself probably wouldn't be corrupted (although it could be an issue if the crash occurs while the PSHED is being used/accessed).

 

[Patrick]

Figured as much, thanks John.