Hi there,
Trying to figure out what's going on with my husband's computer. Received another BSOD today - here's what Event Viewer says:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8004e6c2977, 0xffffb606f9bbe670, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 1f2ec02a-332f-49cb-9354-53a55e3bbb22.
Here are the system specs:
http://speccy.piriform.com/results/qjghP42C5WEnZInRMJjmBT7
I have a dump file but not sure how to attach it, I don't see an attachment option. So here is the copy/paste from windbg:
Appreciate any help with this!! Thanks!
Trying to figure out what's going on with my husband's computer. Received another BSOD today - here's what Event Viewer says:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8004e6c2977, 0xffffb606f9bbe670, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 1f2ec02a-332f-49cb-9354-53a55e3bbb22.
Here are the system specs:
http://speccy.piriform.com/results/qjghP42C5WEnZInRMJjmBT7
I have a dump file but not sure how to attach it, I don't see an attachment option. So here is the copy/paste from windbg:
Code:
Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff800`4e400000 PsLoadedModuleList = 0xfffff800`4f02a210
Debug session time: Thu Mar 2 13:42:50.724 2023 (UTC - 5:00)
System Uptime: 0 days 4:37:40.367
Loading Kernel Symbols
...............................................................
................................................................
.........Page 4088c0 not present in the dump file. Type ".hh dbgerr004" for details
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`01040018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`4e7fa090 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb606`f9bbdd70=000000000000003b
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8004e6c2977, Address of the instruction which caused the BugCheck
Arg3: ffffb606f9bbe670, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4452
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 4445
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 2280
Key : Analysis.Init.Elapsed.mSec
Value: 5619
Key : Analysis.Memory.CommitPeak.Mb
Value: 93
Key : Bugcheck.Code.DumpHeader
Value: 0x3b
Key : Bugcheck.Code.KiBugCheckData
Value: 0x3b
Key : Bugcheck.Code.Register
Value: 0x3b
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: MEMORY.DMP
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8004e6c2977
BUGCHECK_P3: ffffb606f9bbe670
BUGCHECK_P4: 0
CONTEXT: ffffb606f9bbe670 -- (.cxr 0xffffb606f9bbe670)
rax=3fffffffffff0000 rbx=0000000000000000 rcx=0000000436780000
rdx=0000000000000000 rsi=ffffd28fbc4c3c00 rdi=fffff45241f4a400
rip=fffff8004e6c2977 rsp=ffffb606f9bbf070 rbp=fffff45241f4a600
r8=fffff40000000001 r9=afff918a7e44e460 r10=ffff918a7cc5a500
r11=ffffb606f9bbf040 r12=ffff918a7d966630 r13=fffff8004f050ac0
r14=ffffd28fbc510000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246
nt!MmMapViewInSystemCache+0x1f7:
fffff800`4e6c2977 49836110fc and qword ptr [r9+10h],0FFFFFFFFFFFFFFFCh ds:002b:afff918a`7e44e470=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: explorer.exe
STACK_TEXT:
ffffb606`f9bbf070 fffff800`4e6c3d0e : 00000004`36780000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmMapViewInSystemCache+0x1f7
ffffb606`f9bbf1f0 fffff800`4e70686a : 00000004`36780000 ffff918a`00000000 ffff918a`00000000 fffff800`00000000 : nt!CcGetVacbMiss+0xce
ffffb606`f9bbf280 fffff800`4eaf6b60 : 00000004`00000000 00000000`00000000 ffffb606`f9bbf3c0 ffffb606`f9bbf3d0 : nt!CcGetVirtualAddress+0x33a
ffffb606`f9bbf320 fffff800`4e705e79 : 00000000`00000000 00000004`36780000 00000000`00000000 ffff918a`7bbc1001 : nt!CcMapAndCopyFromCache+0x80
ffffb606`f9bbf3c0 fffff800`52c10eb1 : ffffd28f`ab243208 fffff800`00000001 ffff918a`00100000 00000000`00000000 : nt!CcCopyReadEx+0x139
ffffb606`f9bbf470 fffff800`52c089e7 : 00000008`5fe633df ffffb606`f9bbf720 00000000`00000001 ffffd28f`ab2431b0 : Ntfs!NtfsCachedRead+0x17d
ffffb606`f9bbf4e0 fffff800`52c0926c : ffff918a`7129e9a8 ffff918a`768c42b0 00000008`5fe633df 00000000`00000000 : Ntfs!NtfsCommonRead+0x1fc7
ffffb606`f9bbf6f0 fffff800`4e6954d5 : ffff918a`7e302a60 ffff918a`768c42b0 ffff918a`768c42b0 ffff918a`7e628710 : Ntfs!NtfsFsdRead+0x1fc
ffffb606`f9bbf7c0 fffff800`4ca070cf : ffff918a`6eb30007 00000000`00000000 ffff918a`7d5a8b60 ffff918a`7fb48c10 : nt!IofCallDriver+0x55
ffffb606`f9bbf800 fffff800`4ca04a03 : ffffb606`f9bbf890 00000000`00000000 00000000`00000001 00000000`20707249 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffffb606`f9bbf870 fffff800`4e6954d5 : ffff918a`768c42b0 ffffb606`f9bbfa38 ffffb606`00000000 ffff918a`7fb48c10 : FLTMGR!FltpDispatch+0xa3
ffffb606`f9bbf8d0 fffff800`4eaa6048 : 00000000`00000000 ffff918a`7fb48c10 00000000`00000001 fffff800`4ca39601 : nt!IofCallDriver+0x55
ffffb606`f9bbf910 fffff800`4ea7e459 : ffff918a`00000000 ffffb606`f9bbfb80 ffff918a`7f0250e0 ffffb606`f9bbfb80 : nt!IopSynchronousServiceTail+0x1a8
ffffb606`f9bbf9b0 fffff800`4e80d8f8 : 00000000`00000000 00000000`00005174 00000000`00000000 00000000`2e67b530 : nt!NtReadFile+0x599
ffffb606`f9bbfa90 00007fff`974ad184 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`315bc968 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`974ad184
SYMBOL_NAME: nt!MmMapViewInSystemCache+1f7
MODULE_NAME: nt
STACK_COMMAND: .cxr 0xffffb606f9bbe670 ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 1f7
FAILURE_BUCKET_ID: AV_nt!MmMapViewInSystemCache
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {92492aee-241b-c907-9bfa-63e97856482e}
Followup: MachineOwner
---------
Appreciate any help with this!! Thanks!