- May 21, 2023
- 2
- 1
- 15
Hi, for a while now, I ve been experiencing BSODs during a windows 11 update to 22h2. Once it reaches 8%download progress roughly my computer always blue screens preventing me from going through with this update. I can keep it on pause to prevent it happening on a loop but I would like to know the reason as to why I am experiencing these crashes:
I gathered the dump files from these crashes and found that it might possibly be due to "ntkrnlmp.exe", as I found from the "Failure_Bucket_ID" However I am not very experienced with this stuff so I am unsure of how to fix it.
These are the dump files:
https://www.mediafire.com/file/9e3o8x6ej7fj4w4/041423-9046-01.dmp/file
Specs:
Motherboard: ROG STRIX X570-F Gaming
CPU: AMD Ryzen 7 5800x
GPU: RTX 3070
RAM: 16GB
OS: Win 11
From one of my analysis':
Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041423-9046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff806`46c00000 PsLoadedModuleList = 0xfffff806`47829b60
Debug session time: Fri Apr 14 03:08:15.631 2023 (UTC + 1:00)
System Uptime: 0 days 0:04:23.224
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`4701d470 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9785`37fdfd00=000000000000001e
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4234
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 17490
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 358
Key : Analysis.Init.Elapsed.mSec
Value: 3989
Key : Analysis.Memory.CommitPeak.Mb
Value: 98
Key : Bugcheck.Code.DumpHeader
Value: 0x1e
Key : Bugcheck.Code.Register
Value: 0x1e
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: 041423-9046-01.dmp
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: 0
BUGCHECK_P3: 8
BUGCHECK_P4: 0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: WindowsUpdateBox.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9785`37fdfcf8 fffff806`470a1041 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
ffff9785`37fdfd00 fffff806`4703288e : 00000000`00001000 ffff9785`37fe05c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x1c1d21
ffff9785`37fe03e0 fffff806`4702df26 : 01d5a939`46ee89bf 01d5a939`fc2d6380 00000000`00000000 ffff9a83`00000001 : nt!KiExceptionDispatch+0x10e
ffff9785`37fe05c0 00000000`00000000 : fffff806`5543f452 ffff9a83`2f909cd0 fffff806`55441d5a ffffce0d`12197600 : nt!KiPageFault+0x426
SYMBOL_NAME: nt!KiDispatchException+1c1d21
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22000.1817
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1c1d21
FAILURE_BUCKET_ID: AV_nt!KiDispatchException
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {00781d15-b897-afab-75cd-f83221cbf387}
Followup: MachineOwner
---------
I gathered the dump files from these crashes and found that it might possibly be due to "ntkrnlmp.exe", as I found from the "Failure_Bucket_ID" However I am not very experienced with this stuff so I am unsure of how to fix it.
These are the dump files:
https://www.mediafire.com/file/9e3o8x6ej7fj4w4/041423-9046-01.dmp/file
Specs:
Motherboard: ROG STRIX X570-F Gaming
CPU: AMD Ryzen 7 5800x
GPU: RTX 3070
RAM: 16GB
OS: Win 11
From one of my analysis':
Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\041423-9046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff806`46c00000 PsLoadedModuleList = 0xfffff806`47829b60
Debug session time: Fri Apr 14 03:08:15.631 2023 (UTC + 1:00)
System Uptime: 0 days 0:04:23.224
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`4701d470 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9785`37fdfd00=000000000000001e
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4234
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 17490
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 358
Key : Analysis.Init.Elapsed.mSec
Value: 3989
Key : Analysis.Memory.CommitPeak.Mb
Value: 98
Key : Bugcheck.Code.DumpHeader
Value: 0x1e
Key : Bugcheck.Code.Register
Value: 0x1e
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: 041423-9046-01.dmp
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: 0
BUGCHECK_P3: 8
BUGCHECK_P4: 0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: WindowsUpdateBox.exe
TRAP_FRAME: ffff800000000000 -- (.trap 0xffff800000000000)
Unable to read trap frame at ffff8000`00000000
STACK_TEXT:
ffff9785`37fdfcf8 fffff806`470a1041 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
ffff9785`37fdfd00 fffff806`4703288e : 00000000`00001000 ffff9785`37fe05c0 ffff8000`00000000 00000000`00000000 : nt!KiDispatchException+0x1c1d21
ffff9785`37fe03e0 fffff806`4702df26 : 01d5a939`46ee89bf 01d5a939`fc2d6380 00000000`00000000 ffff9a83`00000001 : nt!KiExceptionDispatch+0x10e
ffff9785`37fe05c0 00000000`00000000 : fffff806`5543f452 ffff9a83`2f909cd0 fffff806`55441d5a ffffce0d`12197600 : nt!KiPageFault+0x426
SYMBOL_NAME: nt!KiDispatchException+1c1d21
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22000.1817
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 1c1d21
FAILURE_BUCKET_ID: AV_nt!KiDispatchException
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {00781d15-b897-afab-75cd-f83221cbf387}
Followup: MachineOwner
---------
Last edited:
Facebook
Twitter
Instagram