H
HoratiuCismas
I am trying to figure out what this BSOD was caused by and how to prevent it from occurring again. It's the second time it happens in the last month. The first time I ignored it thinking it must've been some windows updates issue as I just had a windows update earlier that same day, even though I was just web browsing with youtube in the background when the BSOD actually happened. Then everything worked fine for almost an entire month (even during long sessions of intense gaming). I didn't do any other updates or hardware changes. Now it happened again at the moment I was trying to make a screenshot with windows snipping tool.
This time though I don't want to ignore it.. so I researched it the best that I knew. I googled for this type of error, looked at Event Viewer, got the memory dump and analyzed it. This is where I got stuck. Apparently there isn't any 3rd party process at fault.. just 'system' (attaching analysis below). I also used windows memory diagnostic tool but reported no errors. I don't know where to go from here. Thank you for any advice.
EDIT: adding minidump 112420-7546-01.dmp
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`11600000 PsLoadedModuleList = 0xfffff807`1222a3b0
Debug session time: Tue Nov 24 19:28:07.562 2020 (UTC + 2:00)
System Uptime: 0 days 10:26:40.253
Loading Kernel Symbols
...............................................................
.....Page 18612f not present in the dump file. Type ".hh dbgerr004" for details
...........................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
.........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`119f5210 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9207`b3e526a0=000000000000000a
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff80700000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80711944c03, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1671
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on HDC-PC
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 1723
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: a
BUGCHECK_P1: fffff80700000000
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: fffff80711944c03
READ_ADDRESS: fffff80700000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
TRAP_FRAME: ffff9207b3e527e0 -- (.trap 0xffff9207b3e527e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
rdx=ffffbc0344ab7690 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80711944c03 rsp=ffff9207b3e52970 rbp=ffff9207b3e52ac8
r8=fffffb8000002800 r9=0000000000000000 r10=000000000028a200
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!MiZeroLargePages+0x993:
fffff807`11944c03 410fb6c2 movzx eax,r10b
Resetting default scope
STACK_TEXT:
ffff9207`b3e52698 fffff807`11a07169 : 00000000`0000000a fffff807`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
ffff9207`b3e526a0 fffff807`11a03469 : 00000001`39cc8100 00000000`00000003 ffffbc03`44ab7550 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff9207`b3e527e0 fffff807`11944c03 : ffffbc03`44ab7550 00000000`00000001 fffff807`12250c00 ffffbc03`44ac7c20 : nt!KiPageFault+0x469
ffff9207`b3e52970 fffff807`119b15d8 : ffffbc03`44ab7550 ffff9207`00000003 fffff807`00000000 00000000`00000008 : nt!MiZeroLargePages+0x993
ffff9207`b3e52a60 fffff807`118a29a5 : 00000000`00000000 ffffbc03`44ac7c20 fffffb80`00007000 fffff807`12250c00 : nt!MiZeroLargePageThread+0x88
ffff9207`b3e52b10 fffff807`119fc868 : ffffd100`39cc8180 ffffbc03`44cd1080 fffff807`118a2950 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff9207`b3e52b60 00000000`00000000 : ffff9207`b3e53000 ffff9207`b3e4c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!MiZeroLargePages+993
MODULE_NAME: nt
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 993
FAILURE_BUCKET_ID: AV_nt!MiZeroLargePages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {0cf202d0-f638-2d7a-400f-dbf8043a9a87}
Followup: MachineOwner
---------
Continue reading...
This time though I don't want to ignore it.. so I researched it the best that I knew. I googled for this type of error, looked at Event Viewer, got the memory dump and analyzed it. This is where I got stuck. Apparently there isn't any 3rd party process at fault.. just 'system' (attaching analysis below). I also used windows memory diagnostic tool but reported no errors. I don't know where to go from here. Thank you for any advice.
EDIT: adding minidump 112420-7546-01.dmp
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`11600000 PsLoadedModuleList = 0xfffff807`1222a3b0
Debug session time: Tue Nov 24 19:28:07.562 2020 (UTC + 2:00)
System Uptime: 0 days 10:26:40.253
Loading Kernel Symbols
...............................................................
.....Page 18612f not present in the dump file. Type ".hh dbgerr004" for details
...........................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
.........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`119f5210 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff9207`b3e526a0=000000000000000a
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff80700000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80711944c03, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1671
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on HDC-PC
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 1723
Key : Analysis.Memory.CommitPeak.Mb
Value: 83
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: a
BUGCHECK_P1: fffff80700000000
BUGCHECK_P2: 2
BUGCHECK_P3: 8
BUGCHECK_P4: fffff80711944c03
READ_ADDRESS: fffff80700000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
TRAP_FRAME: ffff9207b3e527e0 -- (.trap 0xffff9207b3e527e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000080000000
rdx=ffffbc0344ab7690 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80711944c03 rsp=ffff9207b3e52970 rbp=ffff9207b3e52ac8
r8=fffffb8000002800 r9=0000000000000000 r10=000000000028a200
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!MiZeroLargePages+0x993:
fffff807`11944c03 410fb6c2 movzx eax,r10b
Resetting default scope
STACK_TEXT:
ffff9207`b3e52698 fffff807`11a07169 : 00000000`0000000a fffff807`00000000 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
ffff9207`b3e526a0 fffff807`11a03469 : 00000001`39cc8100 00000000`00000003 ffffbc03`44ab7550 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff9207`b3e527e0 fffff807`11944c03 : ffffbc03`44ab7550 00000000`00000001 fffff807`12250c00 ffffbc03`44ac7c20 : nt!KiPageFault+0x469
ffff9207`b3e52970 fffff807`119b15d8 : ffffbc03`44ab7550 ffff9207`00000003 fffff807`00000000 00000000`00000008 : nt!MiZeroLargePages+0x993
ffff9207`b3e52a60 fffff807`118a29a5 : 00000000`00000000 ffffbc03`44ac7c20 fffffb80`00007000 fffff807`12250c00 : nt!MiZeroLargePageThread+0x88
ffff9207`b3e52b10 fffff807`119fc868 : ffffd100`39cc8180 ffffbc03`44cd1080 fffff807`118a2950 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff9207`b3e52b60 00000000`00000000 : ffff9207`b3e53000 ffff9207`b3e4c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!MiZeroLargePages+993
MODULE_NAME: nt
STACK_COMMAND: .thread ; .cxr ; kb
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: 993
FAILURE_BUCKET_ID: AV_nt!MiZeroLargePages
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {0cf202d0-f638-2d7a-400f-dbf8043a9a87}
Followup: MachineOwner
---------
Continue reading...