Announcement

Collapse
No announcement yet.

What caused the BSOD?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    What caused the BSOD?

    Hello there!
    I was doing some usual stuff, browsing the internet, listening to music, coding, etc. and my computer froze. It looked like the website couldn't process the request (logging into the account, there was the loading symbol) and it took a few seconds, then my computer totally froze except for the mouse cursor. It lasted for about a minute and I got the BSOD. It happened yesterday and today (just now).

    I managed to get the MEMORY.DMP content, but I don't really understand it. Could somebody help me?

    Code:
    ************* Preparing the environment for Debugger Extensions Gallery repositories **************
  ExtensionRepository : Implicit
  UseExperimentalFeatureForNugetShare : false
  AllowNugetExeUpdate : false
  AllowNugetMSCredentialProviderInstall : false
  AllowParallelInitializationOfLocalRepositories : true

  -- Configuring repositories
   ----> Repository : LocalInstalled, Enabled: true
   ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
  ----> Repository : UserExtensions, Enabled: true, Packages count: 0
  ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25877.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\gibek\Desktop\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff801`0f400000 PsLoadedModuleList = 0xfffff801`1002a2d0
Debug session time: Fri Jun 23 13:43:07.580 2023 (UTC + 2:00)
System Uptime: 1 days 0:56:08.524
Loading Kernel Symbols
...............................................................
................................................................
..........................................................
Loading User Symbols
PEB address is NULL !
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`0f7fc030 48894c2408   mov   qword ptr [rsp+8],rcx ss:fffffd85`8aec8c80=000000000000003b
11: kd> !analyze -v
*******************************************************************************
*                                       *
*            Bugcheck Analysis                  *
*                                       *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000006, Exception code that caused the BugCheck
Arg2: fffff8010fa9f3c2, Address of the instruction which caused the BugCheck
Arg3: fffffd858aec9580, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

*************************************************************************
***                                  ***
***                                  ***
***  Either you specified an unqualified symbol, or your debugger  ***
***  doesn't have full symbol information. Unqualified symbol   ***
***  resolution is turned off by default. Please either specify a  ***
***  fully qualified symbol module!symbolname, or enable resolution ***
***  of unqualified symbols by typing ".symopt- 100". Note that   ***
***  enabling unqualified symbol resolution with network symbol   ***
***  server shares in the symbol path may cause the debugger to   ***
***  appear to hang for long periods of time when an incorrect   ***
***  symbol name is typed or the network symbol server is down.   ***
***                                  ***
***  For some commands to work properly, your symbol path      ***
***  must point to .pdb files that have full type information.   ***
***                                  ***
***  Certain .pdb files (such as the public OS symbols) do not   ***
***  contain the required information. Contact the group that   ***
***  provided you with these symbols if you need this command to  ***
***  work.                             ***
***                                  ***
***  Type referenced: ExceptionRecord                ***
***                                  ***
*************************************************************************
*************************************************************************
***                                  ***
***                                  ***
***  (The same message as the one above)  ***
***                                  ***
***                                  ***                            ***
***                                  ***
***  Type referenced: ContextRecord                 ***
***                                  ***
*************************************************************************
*************************************************************************
***                                  ***
***                                  ***
***  (The same message as the one above)  ***
***                                  ***                            ***
***                                  ***
***  Type referenced: ExceptionRecord                ***
***                                  ***
*************************************************************************
*************************************************************************
***                                  ***
***                                  ***
***  (The same message as the one above)  ***
***                                  ***                            ***
***                                  ***
***  Type referenced: ContextRecord                 ***
***                                  ***
*************************************************************************

KEY_VALUES_STRING: 1

  Key : Analysis.CPU.mSec
  Value: 4921

  Key : Analysis.Elapsed.mSec
  Value: 4928

  Key : Analysis.IO.Other.Mb
  Value: 12

  Key : Analysis.IO.Read.Mb
  Value: 2

  Key : Analysis.IO.Write.Mb
  Value: 18

  Key : Analysis.Init.CPU.mSec
  Value: 811

  Key : Analysis.Init.Elapsed.mSec
  Value: 91073

  Key : Analysis.Memory.CommitPeak.Mb
  Value: 133

  Key : Bugcheck.Code.KiBugCheckData
  Value: 0x3b

  Key : Bugcheck.Code.LegacyAPI
  Value: 0x3b

  Key : Failure.Bucket
  Value: 0x3B_C0000006_nt!HvpGetCellPaged

  Key : Failure.Hash
  Value: {68f3db38-ae8e-4bae-c37a-85819946495f}

  Key : Hypervisor.Enlightenments.Value
  Value: 0

  Key : Hypervisor.Enlightenments.ValueHex
  Value: 0

  Key : Hypervisor.Flags.AnyHypervisorPresent
  Value: 0

  Key : Hypervisor.Flags.ApicEnlightened
  Value: 0

  Key : Hypervisor.Flags.ApicVirtualizationAvailable
  Value: 1

  Key : Hypervisor.Flags.AsyncMemoryHint
  Value: 0

  Key : Hypervisor.Flags.CoreSchedulerRequested
  Value: 0

  Key : Hypervisor.Flags.CpuManager
  Value: 0

  Key : Hypervisor.Flags.DeprecateAutoEoi
  Value: 0

  Key : Hypervisor.Flags.DynamicCpuDisabled
  Value: 0

  Key : Hypervisor.Flags.Epf
  Value: 0

  Key : Hypervisor.Flags.ExtendedProcessorMasks
  Value: 0

  Key : Hypervisor.Flags.HardwareMbecAvailable
  Value: 0

  Key : Hypervisor.Flags.MaxBankNumber
  Value: 0

  Key : Hypervisor.Flags.MemoryZeroingControl
  Value: 0

  Key : Hypervisor.Flags.NoExtendedRangeFlush
  Value: 0

  Key : Hypervisor.Flags.NoNonArchCoreSharing
  Value: 0

  Key : Hypervisor.Flags.Phase0InitDone
  Value: 0

  Key : Hypervisor.Flags.PowerSchedulerQos
  Value: 0

  Key : Hypervisor.Flags.RootScheduler
  Value: 0

  Key : Hypervisor.Flags.SynicAvailable
  Value: 0

  Key : Hypervisor.Flags.UseQpcBias
  Value: 0

  Key : Hypervisor.Flags.Value
  Value: 16777216

  Key : Hypervisor.Flags.ValueHex
  Value: 1000000

  Key : Hypervisor.Flags.VpAssistPage
  Value: 0

  Key : Hypervisor.Flags.VsmAvailable
  Value: 0

  Key : Hypervisor.RootFlags.AccessStats
  Value: 0

  Key : Hypervisor.RootFlags.CrashdumpEnlightened
  Value: 0

  Key : Hypervisor.RootFlags.CreateVirtualProcessor
  Value: 0

  Key : Hypervisor.RootFlags.DisableHyperthreading
  Value: 0

  Key : Hypervisor.RootFlags.HostTimelineSync
  Value: 0

  Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
  Value: 0

  Key : Hypervisor.RootFlags.IsHyperV
  Value: 0

  Key : Hypervisor.RootFlags.LivedumpEnlightened
  Value: 0

  Key : Hypervisor.RootFlags.MapDeviceInterrupt
  Value: 0

  Key : Hypervisor.RootFlags.MceEnlightened
  Value: 0

  Key : Hypervisor.RootFlags.Nested
  Value: 0

  Key : Hypervisor.RootFlags.StartLogicalProcessor
  Value: 0

  Key : Hypervisor.RootFlags.Value
  Value: 0

  Key : Hypervisor.RootFlags.ValueHex
  Value: 0

  Key : SecureKernel.HalpHvciEnabled
  Value: 0

  Key : WER.OS.Branch
  Value: vb_release

  Key : WER.OS.Version
  Value: 10.0.19041.1


BUGCHECK_CODE: 3b

BUGCHECK_P1: c0000006

BUGCHECK_P2: fffff8010fa9f3c2

BUGCHECK_P3: fffffd858aec9580

BUGCHECK_P4: 0

FILE_IN_CAB: MEMORY.DMP

CONTEXT: fffffd858aec9580 -- (.cxr 0xfffffd858aec9580)
rax=0000000000000000 rbx=fffffd858aec9fd0 rcx=0000000000000007
rdx=00000000008533f0 rsi=ffffc206944c6730 rdi=ffffb204a18de000
rip=fffff8010fa9f3c2 rsp=fffffd858aec9f88 rbp=fffffd858aeca089
 r8=000000000000001c r9=ffffc206945e7540 r10=00000268f3ee43f0
r11=00000000000003f0 r12=0000000000010275 r13=fffffd858aeca230
r14=0000000000000080 r15=00000268f3ed6afc
iopl=0     nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b       efl=00050206
nt!HvpGetCellPaged+0xa2:
fffff801`0fa9f3c2 418b02     mov   eax,dword ptr [r10] ds:002b:00000268`f3ee43f0=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME: Registry

STACK_TEXT: 
fffffd85`8aec9f88 fffff801`0fa7229f   : 00000000`00000000 ffffb204`a18de000 fffffd85`8aeca940 00000000`00000000 : nt!HvpGetCellPaged+0xa2
fffffd85`8aec9f90 fffff801`0fa79ae0   : 00000001`ffffffff 00000000`fa176dee 00000000`00000080 00000000`00000000 : nt!CmpDoCompareKeyName+0x3f
fffffd85`8aec9fd0 fffff801`0fa1a709   : ffffb204`ac7bb060 00000000`0000000b fffffd85`8aeca1d0 fffffd85`8aeca250 : nt!CmpWalkOneLevel+0x700
fffffd85`8aeca0d0 fffff801`0fa19c23   : 00000000`0000001c fffffd85`8aeca420 fffffd85`8aeca3d8 ffffc206`98d5a4a0 : nt!CmpDoParseKey+0x849
fffffd85`8aeca370 fffff801`0fa152ee   : fffff801`0fa19901 00000000`00000000 ffffc206`98d5a4a0 00000000`6d4e6201 : nt!CmpParseKey+0x2c3
fffffd85`8aeca510 fffff801`0fa0cfba   : ffffc206`98d5a400 fffffd85`8aeca778 00000000`00000040 ffffc206`8b3030c0 : nt!ObpLookupObjectName+0x3fe
fffffd85`8aeca6e0 fffff801`0fa0cd9c   : 00000000`00000000 00000000`00000000 00000000`00000000 ffffc206`8b3030c0 : nt!ObOpenObjectByNameEx+0x1fa
fffffd85`8aeca810 fffff801`0fa0c8b1   : 00000000`02abe828 fffffd85`8aecab80 00000000`00000001 fffff801`0f6211fe : nt!ObOpenObjectByName+0x5c
fffffd85`8aeca860 fffff801`0fa0c5df   : 00000000`02abeca8 00000000`02abecb8 00000000`00000000 00000000`00000001 : nt!CmOpenKey+0x2c1
fffffd85`8aecaac0 fffff801`0f80f7f8   : 00000000`00000000 fffffd85`8aecab80 fffffd85`8aecab80 00000000`02abecb8 : nt!NtOpenKeyEx+0xf
fffffd85`8aecab00 00007fff`d784f4c4   : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`02abe7c8 00000000`00000000   : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`d784f4c4


SYMBOL_NAME: nt!HvpGetCellPaged+a2

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr 0xfffffd858aec9580 ; kb

BUCKET_ID_FUNC_OFFSET: a2

FAILURE_BUCKET_ID: 0x3B_C0000006_nt!HvpGetCellPaged

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {68f3db38-ae8e-4bae-c37a-85819946495f}

Followup:   MachineOwner
---------
    Last edited by SMDFlea; 06-23-2023, 08:09 AM. Reason: CODE box
    Tags: None
    #2
    Re: What caused the BSOD?

    You should setup a symbol search path to get more useful information.
    "The one who says it cannot be done should never interrupt the one who is doing it."

    Comment

      #3
      Re: What caused the BSOD?

      often bsod is caused by faulty hardware as processor or ram but in your case here i think its a driver problem cause your computer doesn´t freeze complete as u got a mouse visible...

      check your drivers, do windows updates and u can also try to install language pack seperately again. could be that it has to do something with this...

      Comment

        #4
        Re: What caused the BSOD?

        Originally posted by stormanimal83 View Post
        often bsod is caused by faulty hardware as processor or ram but in your case here i think its a driver problem cause your computer doesn´t freeze complete as u got a mouse visible...

        check your drivers, do windows updates and u can also try to install language pack seperately again. could be that it has to do something with this...
        My Windows is up to date (22H2) - in fact, I had an update a few days ago.
        Maybe it caused some driver issues.

        When I had the BSOD, the error code was 0xc000000e and the file was \Windows\system32\winload.exe.

        I think I will do as you wrote and check if there are any chipset updates.

        Comment

        Previous template Next
        Working...
        X