S
Svetlozar Grigorov
Hi,
I Have a 2012 R2 VM server, running on Hyper-V.
The server have restarted with BSOD with the below error:
BugCheck 3B, {c0000005, fffff9600010c190, ffffd0003cc0a770, 0}
Probably caused by : win32k.sys ( win32k!DrvCreateMDEV+110c )
From the analyze below i have understand that error code 0000003B indicates that an exception is happening while executing a routine transitions from non-privileged code to privileged code.
Can this be a driver issues ? I need to ensure such BSOD does not happen in future.
35: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600010c190, Address of the instruction which caused the bugcheck
Arg3: ffffd0003cc0a770, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 9600.19153.amd64fre.winblue_ltsb.180908-0600
SYSTEM_MANUFACTURER: Microsoft Corporation
VIRTUAL_MACHINE: HyperV
SYSTEM_PRODUCT_NAME: Virtual Machine
SYSTEM_SKU: None
SYSTEM_VERSION: Hyper-V UEFI Release v1.0
BIOS_VENDOR: Microsoft Corporation
BIOS_VERSION: Hyper-V UEFI Release v1.0
BIOS_DATE: 11/26/2012
BASEBOARD_MANUFACTURER: Microsoft Corporation
BASEBOARD_PRODUCT: Virtual Machine
BASEBOARD_VERSION: Hyper-V UEFI Release v1.0
DUMP_TYPE: 1
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff9600010c190
BUGCHECK_P3: ffffd0003cc0a770
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
win32k!DrvCreateMDEV+110c
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h]
CONTEXT: ffffd0003cc0a770 -- (.cxr 0xffffd0003cc0a770)
rax=0000000000000000 rbx=0000000000000001 rcx=000000000000fffe
rdx=fffffffffffd8ce0 rsi=fffff901400cb540 rdi=fffff901400c5010
rip=fffff9600010c190 rsp=ffffd0003cc0b190 rbp=ffffd0003cc0b271
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=0000000000000000 r12=0000000051eb851f r13=0000000000000000
r14=0000000000000000 r15=fffff901400d6a30
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
win32k!DrvCreateMDEV+0x110c:
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h] ds:002b:00000000`00000118=????????
Resetting default scope
CPU_COUNT: 26
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 4f
CPU_STEPPING: 1
CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: <ServerName>
ANALYSIS_SESSION_TIME: 12-10-2018 09:21:26.0421
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff96000109dfb to fffff9600010c190
STACK_TEXT:
ffffd000`3cc0b190 fffff960`00109dfb : 00000000`00000001 00000000`00000000 fffff901`400c5010 ffffc000`00000000 : win32k!DrvCreateMDEV+0x110c
ffffd000`3cc0b2c0 fffff960`001096c4 : 00000000`00000000 00000000`00000001 ffffd000`3cc0b5d0 fffff801`f7b5ca7f : win32k!DrvInternalChangeDisplaySettings+0x64b
ffffd000`3cc0b530 fffff960`001151e3 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!DrvChangeDisplaySettings+0xb84
ffffd000`3cc0b6f0 fffff960`0020ea3d : 00000000`00000000 00000000`00000000 00000000`00000009 ffffd000`3cc0bad0 : win32k!InitVideo+0x83
ffffd000`3cc0b790 fffff960`0020e683 : ffffd000`00000000 00000000`00000000 ffffd000`3cc0b960 fffff801`00000000 : win32k!RemoteConnect+0x375
ffffd000`3cc0b840 fffff801`f7b5f1a3 : ffffec01`57ddf880 000000d7`97e5f550 00000000`00000000 000000d7`97e5f680 : win32k!NtUserRemoteConnect+0x223
ffffd000`3cc0bb00 00007ffc`af312fda : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000d7`97e5f508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`af312fda
THREAD_SHA1_HASH_MOD_FUNC: 732e3d67145594f78b4c607e8227ac3c793a6d43
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c245fc29e80724551b1bb9711a3757791ddbcac4
THREAD_SHA1_HASH_MOD: eb0ee9ef9f2b7649573a7994fcc6b85ac1012fea
FOLLOWUP_IP:
win32k!DrvCreateMDEV+110c
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h]
FAULT_INSTR_CODE: 18868b45
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!DrvCreateMDEV+110c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b97ef55
STACK_COMMAND: .cxr 0xffffd0003cc0a770 ; kb
BUCKET_ID_FUNC_OFFSET: 110c
FAILURE_BUCKET_ID: 0x3B_win32k!DrvCreateMDEV
BUCKET_ID: 0x3B_win32k!DrvCreateMDEV
PRIMARY_PROBLEM_CLASS: 0x3B_win32k!DrvCreateMDEV
TARGET_TIME: 2018-12-07T07:57:57.000Z
OSBUILD: 9600
OSSERVICEPACK: 19153
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-09-08 16:12:07
BUILDDATESTAMP_STR: 180908-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19153.amd64fre.winblue_ltsb.180908-0600
ANALYSIS_SESSION_ELAPSED_TIME: 7e2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_win32k!drvcreatemdev
FAILURE_ID_HASH: {d2c14330-3b13-edae-cff1-8f9446c0e847}
Followup: MachineOwner
Thanks,
S
Continue reading...
I Have a 2012 R2 VM server, running on Hyper-V.
The server have restarted with BSOD with the below error:
BugCheck 3B, {c0000005, fffff9600010c190, ffffd0003cc0a770, 0}
Probably caused by : win32k.sys ( win32k!DrvCreateMDEV+110c )
From the analyze below i have understand that error code 0000003B indicates that an exception is happening while executing a routine transitions from non-privileged code to privileged code.
Can this be a driver issues ? I need to ensure such BSOD does not happen in future.
35: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600010c190, Address of the instruction which caused the bugcheck
Arg3: ffffd0003cc0a770, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 9600.19153.amd64fre.winblue_ltsb.180908-0600
SYSTEM_MANUFACTURER: Microsoft Corporation
VIRTUAL_MACHINE: HyperV
SYSTEM_PRODUCT_NAME: Virtual Machine
SYSTEM_SKU: None
SYSTEM_VERSION: Hyper-V UEFI Release v1.0
BIOS_VENDOR: Microsoft Corporation
BIOS_VERSION: Hyper-V UEFI Release v1.0
BIOS_DATE: 11/26/2012
BASEBOARD_MANUFACTURER: Microsoft Corporation
BASEBOARD_PRODUCT: Virtual Machine
BASEBOARD_VERSION: Hyper-V UEFI Release v1.0
DUMP_TYPE: 1
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff9600010c190
BUGCHECK_P3: ffffd0003cc0a770
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
win32k!DrvCreateMDEV+110c
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h]
CONTEXT: ffffd0003cc0a770 -- (.cxr 0xffffd0003cc0a770)
rax=0000000000000000 rbx=0000000000000001 rcx=000000000000fffe
rdx=fffffffffffd8ce0 rsi=fffff901400cb540 rdi=fffff901400c5010
rip=fffff9600010c190 rsp=ffffd0003cc0b190 rbp=ffffd0003cc0b271
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=0000000000000000 r12=0000000051eb851f r13=0000000000000000
r14=0000000000000000 r15=fffff901400d6a30
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
win32k!DrvCreateMDEV+0x110c:
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h] ds:002b:00000000`00000118=????????
Resetting default scope
CPU_COUNT: 26
CPU_MHZ: 893
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 4f
CPU_STEPPING: 1
CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: <ServerName>
ANALYSIS_SESSION_TIME: 12-10-2018 09:21:26.0421
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff96000109dfb to fffff9600010c190
STACK_TEXT:
ffffd000`3cc0b190 fffff960`00109dfb : 00000000`00000001 00000000`00000000 fffff901`400c5010 ffffc000`00000000 : win32k!DrvCreateMDEV+0x110c
ffffd000`3cc0b2c0 fffff960`001096c4 : 00000000`00000000 00000000`00000001 ffffd000`3cc0b5d0 fffff801`f7b5ca7f : win32k!DrvInternalChangeDisplaySettings+0x64b
ffffd000`3cc0b530 fffff960`001151e3 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!DrvChangeDisplaySettings+0xb84
ffffd000`3cc0b6f0 fffff960`0020ea3d : 00000000`00000000 00000000`00000000 00000000`00000009 ffffd000`3cc0bad0 : win32k!InitVideo+0x83
ffffd000`3cc0b790 fffff960`0020e683 : ffffd000`00000000 00000000`00000000 ffffd000`3cc0b960 fffff801`00000000 : win32k!RemoteConnect+0x375
ffffd000`3cc0b840 fffff801`f7b5f1a3 : ffffec01`57ddf880 000000d7`97e5f550 00000000`00000000 000000d7`97e5f680 : win32k!NtUserRemoteConnect+0x223
ffffd000`3cc0bb00 00007ffc`af312fda : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000d7`97e5f508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`af312fda
THREAD_SHA1_HASH_MOD_FUNC: 732e3d67145594f78b4c607e8227ac3c793a6d43
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c245fc29e80724551b1bb9711a3757791ddbcac4
THREAD_SHA1_HASH_MOD: eb0ee9ef9f2b7649573a7994fcc6b85ac1012fea
FOLLOWUP_IP:
win32k!DrvCreateMDEV+110c
fffff960`0010c190 458b8618010000 mov r8d,dword ptr [r14+118h]
FAULT_INSTR_CODE: 18868b45
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!DrvCreateMDEV+110c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b97ef55
STACK_COMMAND: .cxr 0xffffd0003cc0a770 ; kb
BUCKET_ID_FUNC_OFFSET: 110c
FAILURE_BUCKET_ID: 0x3B_win32k!DrvCreateMDEV
BUCKET_ID: 0x3B_win32k!DrvCreateMDEV
PRIMARY_PROBLEM_CLASS: 0x3B_win32k!DrvCreateMDEV
TARGET_TIME: 2018-12-07T07:57:57.000Z
OSBUILD: 9600
OSSERVICEPACK: 19153
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 Server TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-09-08 16:12:07
BUILDDATESTAMP_STR: 180908-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.19153.amd64fre.winblue_ltsb.180908-0600
ANALYSIS_SESSION_ELAPSED_TIME: 7e2
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_win32k!drvcreatemdev
FAILURE_ID_HASH: {d2c14330-3b13-edae-cff1-8f9446c0e847}
Followup: MachineOwner
Thanks,
S
Continue reading...