Question BSOD: Memory Management ?

danreut89 · Jul 10, 2023

Hello everyone,

I've been experiencing some issues with my system crashing in the BSOD for several weeks now. I've updated all of my drivers and run various checks, such as the Windows Memory Diagnostic and hard drive check, but I still have occasional BSOD occurrences.

Here is my WinDbg:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8003ec6d3b5, Address of the instruction which caused the BugCheck
Arg3: fffffe86f77000e0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 890

Key : Analysis.Elapsed.mSec
Value: 3454

Key : Analysis.IO.Other.Mb
Value: 0

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 0

Key : Analysis.Init.CPU.mSec
Value: 109

Key : Analysis.Init.Elapsed.mSec
Value: 4763

Key : Analysis.Memory.CommitPeak.Mb
Value: 104

Key : Bugcheck.Code.LegacyAPI
Value: 0x3b

Key : Failure.Bucket
Value: AV_nvlddmkm!unknown_function

Key : Failure.Hash
Value: {7eea5677-f68d-2154-717e-887e07e55cd3}

Key : Hypervisor.Enlightenments.ValueHex
Value: 1417cf94

Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key : Hypervisor.Flags.ApicEnlightened
Value: 1

Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0

Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key : Hypervisor.Flags.CpuManager
Value: 1

Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key : Hypervisor.Flags.Epf
Value: 0

Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key : Hypervisor.Flags.MaxBankNumber
Value: 0

Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key : Hypervisor.Flags.Phase0InitDone
Value: 1

Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key : Hypervisor.Flags.RootScheduler
Value: 0

Key : Hypervisor.Flags.SynicAvailable
Value: 1

Key : Hypervisor.Flags.UseQpcBias
Value: 0

Key : Hypervisor.Flags.Value
Value: 4853999

Key : Hypervisor.Flags.ValueHex
Value: 4a10ef

Key : Hypervisor.Flags.VpAssistPage
Value: 1

Key : Hypervisor.Flags.VsmAvailable
Value: 1

Key : Hypervisor.RootFlags.AccessStats
Value: 1

Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key : Hypervisor.RootFlags.IsHyperV
Value: 1

Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key : Hypervisor.RootFlags.Nested
Value: 0

Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key : Hypervisor.RootFlags.Value
Value: 1015

Key : Hypervisor.RootFlags.ValueHex
Value: 3f7

Key : WER.OS.Branch
Value: ni_release_svc_prod3

Key : WER.OS.Version
Value: 10.0.22621.1928

BUGCHECK_CODE: 3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff8003ec6d3b5

BUGCHECK_P3: fffffe86f77000e0

BUGCHECK_P4: 0

FILE_IN_CAB: 070923-10812-01.dmp

CONTEXT: fffffe86f77000e0 -- (.cxr 0xfffffe86f77000e0)
rax=ffffcb0f70c0e8a0 rbx=fffffe86f7700c50 rcx=ffffcb0f72bd3938
rdx=0000000000e0acf2 rsi=ffffcb0f6b41c000 rdi=ffffcb0f70c0e8a0
rip=fffff8003ec6d3b5 rsp=fffffe86f7700b00 rbp=fffffe86f7700bd9
r8=00000000000000d9 r9=fffffe86f7700b48 r10=ffffcb0f77ebe210
r11=fffffe86f7700b00 r12=00000000ff063001 r13=0000000000000000
r14=ffffcb0f6e316298 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nvlddmkm+0x3dd3b5:
fffff800`3ec6d3b5 6b720a00 imul esi,dword ptr [rdx+0Ah],0 ds:002b:00000000`00e0acfc=????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: Dropbox.exe

STACK_TEXT:
fffffe86`f7700b00 fffffe86`f7700b60 : fffffe86`f7700bd9 ffffcb0f`72bd3938 00000000`ff063001 ffffcb0f`7b474950 : nvlddmkm+0x3dd3b5
fffffe86`f7700b08 fffffe86`f7700bd9 : ffffcb0f`72bd3938 00000000`ff063001 ffffcb0f`7b474950 fffff800`3eb20da2 : 0xfffffe86`f7700b60
fffffe86`f7700b10 ffffcb0f`72bd3938 : 00000000`ff063001 ffffcb0f`7b474950 fffff800`3eb20da2 ffffcb0f`7b474950 : 0xfffffe86`f7700bd9
fffffe86`f7700b18 00000000`ff063001 : ffffcb0f`7b474950 fffff800`3eb20da2 ffffcb0f`7b474950 ffffcb0f`6b41c000 : 0xffffcb0f`72bd3938
fffffe86`f7700b20 ffffcb0f`7b474950 : fffff800`3eb20da2 ffffcb0f`7b474950 ffffcb0f`6b41c000 ffffcb0f`70c0e8a0 : 0xff063001
fffffe86`f7700b28 fffff800`3eb20da2 : ffffcb0f`7b474950 ffffcb0f`6b41c000 ffffcb0f`70c0e8a0 ffffcb0f`6b41c000 : 0xffffcb0f`7b474950
fffffe86`f7700b30 ffffcb0f`7b474950 : ffffcb0f`6b41c000 ffffcb0f`70c0e8a0 ffffcb0f`6b41c000 ffffcb0f`00000000 : nvlddmkm+0x290da2
fffffe86`f7700b38 ffffcb0f`6b41c000 : ffffcb0f`70c0e8a0 ffffcb0f`6b41c000 ffffcb0f`00000000 00000000`00000001 : 0xffffcb0f`7b474950
fffffe86`f7700b40 ffffcb0f`70c0e8a0 : ffffcb0f`6b41c000 ffffcb0f`00000000 00000000`00000001 00000000`00000000 : 0xffffcb0f`6b41c000
fffffe86`f7700b48 ffffcb0f`6b41c000 : ffffcb0f`00000000 00000000`00000001 00000000`00000000 ffffcb0f`72bd3958 : 0xffffcb0f`70c0e8a0
fffffe86`f7700b50 ffffcb0f`00000000 : 00000000`00000001 00000000`00000000 ffffcb0f`72bd3958 00000000`00000000 : 0xffffcb0f`6b41c000
fffffe86`f7700b58 00000000`00000001 : 00000000`00000000 ffffcb0f`72bd3958 00000000`00000000 ffffcb0f`77ebe120 : 0xffffcb0f`00000000
fffffe86`f7700b60 00000000`00000000 : ffffcb0f`72bd3958 00000000`00000000 ffffcb0f`77ebe120 ffffcb0f`6e316298 : 0x1

SYMBOL_NAME: nvlddmkm+3dd3b5

MODULE_NAME: nvlddmkm

IMAGE_NAME: nvlddmkm.sys

STACK_COMMAND: .cxr 0xfffffe86f77000e0 ; kb

BUCKET_ID_FUNC_OFFSET: 3dd3b5

FAILURE_BUCKET_ID: AV_nvlddmkm!unknown_function

OS_VERSION: 10.0.22621.1928

BUILDLAB_STR: ni_release_svc_prod3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {7eea5677-f68d-2154-717e-887e07e55cd3}

Followup: MachineOwner
---------

ubuysa · Jul 10, 2023

For the future can you please zip up all the relevant mindumps and upload the zip file? There's a lot more to dump analysis than just !analyze -v. Also, upload as many relevant dumps as you have, the more dumps we get the more likely we are to be able to make an accurate diagnosis.

That said, the cause of the dump above is your Nvidia graphics driver, nvlddmkm.sys. You can see this clearly in the context record...

Code:

CONTEXT:  fffffe86f77000e0 -- (.cxr 0xfffffe86f77000e0)
rax=ffffcb0f70c0e8a0 rbx=fffffe86f7700c50 rcx=ffffcb0f72bd3938
rdx=0000000000e0acf2 rsi=ffffcb0f6b41c000 rdi=ffffcb0f70c0e8a0
rip=fffff8003ec6d3b5 rsp=fffffe86f7700b00 rbp=fffffe86f7700bd9
r8=00000000000000d9  r9=fffffe86f7700b48 r10=ffffcb0f77ebe210
r11=fffffe86f7700b00 r12=00000000ff063001 r13=0000000000000000
r14=ffffcb0f6e316298 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050282
nvlddmkm+0x3dd3b5:
fffff800`3ec6d3b5 6b720a00        imul    esi,dword ptr [rdx+0Ah],0 ds:002b:00000000`00e0acfc=????????

This shows the nvlddmkm.sys driver executing an imul instruction using the RDX register but the referenced memory location is invalid - indicated by the ????????. Because you didn't upload the full dump I can't tell you what version of nvlddmkm.sys you have installed, but I'd start by checking for an update to that driver.

danreut89 · Jul 10, 2023

ubuysa said:
For the future can you please zip up all the relevant mindumps and upload the zip file? There's a lot more to dump analysis than just !analyze -v. Also, upload as many relevant dumps as you have, the more dumps we get the more likely we are to be able to make an accurate diagnosis.

That said, the cause of the dump above is your Nvidia graphics driver, nvlddmkm.sys. You can see this clearly in the context record...

Code:

CONTEXT: fffffe86f77000e0 -- (.cxr 0xfffffe86f77000e0) rax=ffffcb0f70c0e8a0 rbx=fffffe86f7700c50 rcx=ffffcb0f72bd3938 rdx=0000000000e0acf2 rsi=ffffcb0f6b41c000 rdi=ffffcb0f70c0e8a0 rip=fffff8003ec6d3b5 rsp=fffffe86f7700b00 rbp=fffffe86f7700bd9 r8=00000000000000d9 r9=fffffe86f7700b48 r10=ffffcb0f77ebe210 r11=fffffe86f7700b00 r12=00000000ff063001 r13=0000000000000000 r14=ffffcb0f6e316298 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282 nvlddmkm+0x3dd3b5: fffff800`3ec6d3b5 6b720a00 imul esi,dword ptr [rdx+0Ah],0 ds:002b:00000000`00e0acfc=????????

This shows the nvlddmkm.sys driver executing an imul instruction using the RDX register but the referenced memory location is invalid - indicated by the ????????. Because you didn't upload the full dump I can't tell you what version of nvlddmkm.sys you have installed, but I'd start by checking for an update to that driver.

Thank you so much for your rapid response. I tried to uninstall my video card drivers.

Additionally, I have attached the dmp file for your reference.

070923-10812-01.zip

drive.google.com

ubuysa · Jul 10, 2023

Now this is why we always need the dump file itself. I can also see that you have Avast! installed, there is a call to aswVmm.sys in the full call stack (as well as to nvlddmkm.sys)...

Code:

fffffe86`f77016d8  fffff800`2ed788b4 dxgkrnl!DXGHWQUEUE::ReleaseReference+0x134
fffffe86`f77016e0  ffff910b`8bbc05a0
fffffe86`f77016e8  fffffe86`f77017e0
fffffe86`f77016f0  ffff910b`6b557050
fffffe86`f77016f8  ffff910b`8bdf1d70
fffffe86`f7701700  00000000`00001100
fffffe86`f7701708  fffff800`2babe263 aswVmm+0xe263
fffffe86`f7701710  fffffe86`000011d3
fffffe86`f7701718  ffffb83f`fe9f3300
fffffe86`f7701720  00000000`00989680
fffffe86`f7701728  fffff800`293afb1b nt!HalpHvCounterQueryCounter+0x1b

The aswVmm.sys driver is a component of Avast!. We thus have two potential candidates for this one BSOD; nvlddmkm.sys and aswVmm.sys. Both are fairly recent versions..

Code:

7: kd> lmDvmnvlddmkm
Browse full module list
start             end                 module name
fffff800`3e890000 fffff800`421e3000   nvlddmkm T (no symbols)          
    Loaded symbol image file: nvlddmkm.sys
    Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_5b6e4554b945d508\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Browse all global symbols  functions  data
    Timestamp:        Sat Jun 24 00:22:34 2023 (64960D1A)
    CheckSum:         0384EE9C
    ImageSize:        03953000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
7: kd> lmDvmaswVmm
Browse full module list
start             end                 module name
fffff800`2bab0000 fffff800`2bafd000   aswVmm   T (no symbols)          
    Loaded symbol image file: aswVmm.sys
    Image path: \SystemRoot\system32\drivers\aswVmm.sys
    Image name: aswVmm.sys
    Browse all global symbols  functions  data
    Timestamp:        Tue Jun 20 19:05:37 2023 (6491CE51)
    CheckSum:         0005B70A
    ImageSize:        0004D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

Without knowing the full details of your system I can't check whether there is an update to that Nvidia driver, there might be. If there is please install it. There may also be an update for Avast!

However, Avast! is a known problem. TBH all of the third-party security products cause BSODs now and then, but in my experience Avast! is one of the worst. If I had to choose between nvlddmkm.sys causing this BSOD and aswVmm.sys I would go for the Avast! driver every time. The bugcheck itself happens in the nvlddmkm.sys driver, as we saw from the context record above, but that doesn't eliminate aswVmm.sys from precipitating that error.

My advice would be to uninstall Avast! using the official uninstall tool here and see whether the BSODs stop. If not then update your Nvidia graphics driver. You really don't need Avast!, or any third-party security product. Windows Defender and Windows Firewall are plenty good enough, they are all I use. That and some common sense when online.

danreut89 · Jul 10, 2023

ubuysa said:
Now this is why we always need the dump file itself. I can also see that you have Avast! installed, there is a call to aswVmm.sys in the full call stack (as well as to nvlddmkm.sys)...

Code:

fffffe86`f77016d8 fffff800`2ed788b4 dxgkrnl!DXGHWQUEUE::ReleaseReference+0x134 fffffe86`f77016e0 ffff910b`8bbc05a0 fffffe86`f77016e8 fffffe86`f77017e0 fffffe86`f77016f0 ffff910b`6b557050 fffffe86`f77016f8 ffff910b`8bdf1d70 fffffe86`f7701700 00000000`00001100 fffffe86`f7701708 fffff800`2babe263 aswVmm+0xe263 fffffe86`f7701710 fffffe86`000011d3 fffffe86`f7701718 ffffb83f`fe9f3300 fffffe86`f7701720 00000000`00989680 fffffe86`f7701728 fffff800`293afb1b nt!HalpHvCounterQueryCounter+0x1b

The aswVmm.sys driver is a component of Avast!. We thus have two potential candidates for this one BSOD; nvlddmkm.sys and aswVmm.sys. Both are fairly recent versions..

Code:

7: kd> lmDvmnvlddmkm Browse full module list start end module name fffff800`3e890000 fffff800`421e3000 nvlddmkm T (no symbols) Loaded symbol image file: nvlddmkm.sys Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_5b6e4554b945d508\nvlddmkm.sys Image name: nvlddmkm.sys Browse all global symbols functions data Timestamp: Sat Jun 24 00:22:34 2023 (64960D1A) CheckSum: 0384EE9C ImageSize: 03953000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Information from resource tables: 7: kd> lmDvmaswVmm Browse full module list start end module name fffff800`2bab0000 fffff800`2bafd000 aswVmm T (no symbols) Loaded symbol image file: aswVmm.sys Image path: \SystemRoot\system32\drivers\aswVmm.sys Image name: aswVmm.sys Browse all global symbols functions data Timestamp: Tue Jun 20 19:05:37 2023 (6491CE51) CheckSum: 0005B70A ImageSize: 0004D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Information from resource tables:

Without knowing the full details of your system I can't check whether there is an update to that Nvidia driver, there might be. If there is please install it. There may also be an update for Avast!

However, Avast! is a known problem. TBH all of the third-party security products cause BSODs now and then, but in my experience Avast! is one of the worst. If I had to choose between nvlddmkm.sys causing this BSOD and aswVmm.sys I would go for the Avast! driver every time. The bugcheck itself happens in the nvlddmkm.sys driver, as we saw from the context record above, but that doesn't eliminate aswVmm.sys from precipitating that error.

My advice would be to uninstall Avast! using the official uninstall tool here and see whether the BSODs stop. If not then update your Nvidia graphics driver. You really don't need Avast!, or any third-party security product. Windows Defender and Windows Firewall are plenty good enough, they are all I use. That and some common sense when online.

Wow, thank you so much! I will try to do it this evening and will let you know. I am very apprecet your help!

Search

Question BSOD: Memory Management ?

danreut89

ubuysa

Distinguished

danreut89

070923-10812-01.zip

ubuysa

Distinguished

danreut89

TRENDING THREADS

Latest posts

Moderators online

Share this page