Windows server 2016 BSOD

[MartinS312]

I need som help looking at a BSOD we are getting on a Windows Server 2016 Terminal Server. It´s a virtual Hyper-V machine.


---



Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, ffffb8930920af59, ffffba009ff62c90, 0}

Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : win32kbase.sys ( win32kbase!HMChangeOwnerThread+49 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: ffffb8930920af59, Address of the instruction which caused the bugcheck
Arg3: ffffba009ff62c90, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details
Page 7d00 not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1


STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING: 14393.2828.amd64fre.rs1_release_inmarket.190216-1457

SYSTEM_MANUFACTURER: Microsoft Corporation

VIRTUAL_MACHINE: HyperV

SYSTEM_PRODUCT_NAME: Virtual Machine

SYSTEM_SKU: None

SYSTEM_VERSION: Hyper-V UEFI Release v1.0

BIOS_VENDOR: Microsoft Corporation

BIOS_VERSION: Hyper-V UEFI Release v1.0

BIOS_DATE: 11/26/2012

BASEBOARD_MANUFACTURER: Microsoft Corporation

BASEBOARD_PRODUCT: Virtual Machine

BASEBOARD_VERSION: Hyper-V UEFI Release v1.0

DUMP_TYPE: 1

BUGCHECK_P1: c0000005

BUGCHECK_P2: ffffb8930920af59

BUGCHECK_P3: ffffba009ff62c90

BUGCHECK_P4: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruktionen p 0x%p refererade till minnet p 0x%p. Minnet kunde inte vara %s.

FAULTING_IP:
win32kbase!HMChangeOwnerThread+49
ffffb893`0920af59 488b8870010000 mov rcx,qword ptr [rax+170h]

CONTEXT: ffffba009ff62c90 -- (.cxr 0xffffba009ff62c90)
rax=0000000000000000 rbx=ffffb8adc22093d0 rcx=ffffb8adc22093d0
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffb8adc074c010
rip=ffffb8930920af59 rsp=ffffba009ff63680 rbp=ffffb89309292e4c
r8=ffffb8adc0007010 r9=ffffb8adc0408178 r10=7fff800b705ea400
r11=7ffffffffffffffc r12=0000000000000001 r13=0000000000000000
r14=00000077406b9000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
win32kbase!HMChangeOwnerThread+0x49:
ffffb893`0920af59 488b8870010000 mov rcx,qword ptr [rax+170h] ds:002b:00000000`00000170=????????????????
Resetting default scope

CPU_COUNT: 4

CPU_MHZ: 898

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 4f

CPU_STEPPING: 1

CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: FFFFFFFF'00000000 (cache) FFFFFFFF'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: csrss.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: TS01

ANALYSIS_SESSION_TIME: 03-07-2019 12:08:01.0414

ANALYSIS_VERSION: 10.0.17763.132 x86fre

LAST_CONTROL_TRANSFER: from ffffb893091ce292 to ffffb8930920af59

STACK_TEXT:
ffffba00`9ff63680 ffffb893`091ce292 : ffffb8ad`c0408178 ffffb8ad`c074c010 00000000`00000000 00000077`406b9000 : win32kbase!HMChangeOwnerThread+0x49
ffffba00`9ff636b0 ffffb893`091a68c6 : ffffba00`9ff63780 ffffb893`092b03a0 ffffb8ad`c074c010 00000000`00000000 : win32kbase!MarkThreadsObjects+0x82
ffffba00`9ff636e0 ffffb893`091a73e6 : 00000000`00000001 ffffb8ad`c074c010 00000000`00000000 ffffb8ad`c074c010 : win32kbase!xxxDestroyThreadInfo+0x5ba
ffffba00`9ff63850 ffffb893`08ef8b94 : 00000000`00000000 00000000`00000001 ffffd581`32b5d800 00000000`00000001 : win32kbase!UserThreadCallout+0x296
ffffba00`9ff638a0 ffffb893`091b2397 : ffffba00`9ff639f8 fffff801`73704400 ffff800b`6129bce0 ffffffff`8000260c : win32kfull!W32pThreadCallout+0x54
ffffba00`9ff638d0 fffff801`738e75d7 : ffffba00`9ff639f8 fffff801`73704400 ffffba00`9ff63980 00000000`00000000 : win32kbase!W32CalloutDispatch+0x147
ffffba00`9ff63910 fffff801`73915821 : 00000000`00000000 ffffba00`9ff63980 00000000`00000000 00000000`00000000 : nt!ExCallCallBack+0x37
ffffba00`9ff63940 fffff801`73807902 : 00000000`00000000 ffffd581`32b5d800 00000000`00000000 ffffd581`2670a080 : nt!PspExitThread+0x3e9
ffffba00`9ff63a80 fffff801`73807800 : ffffd581`32b5d800 00000000`00000000 ffffd581`32b5d800 00000000`00000000 : nt!PspTerminateThreadByPointer+0x96
ffffba00`9ff63ac0 fffff801`73574403 : ffffd581`32b5d800 ffffba00`9ff63b80 00000000`00000000 ffffd581`271a8200 : nt!NtTerminateThread+0x44
ffffba00`9ff63b00 00007ffb`0a6a6564 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000077`40a7fa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`0a6a6564


THREAD_SHA1_HASH_MOD_FUNC: 9c78c52b302a4ede55b99ec9ba9cad5b89900bdf

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4d7c469b9c9432ce01d132b699944e3f2395581d

THREAD_SHA1_HASH_MOD: 5f674a06a6cc525acf0570b4c25dfcfdc237d3ac

FOLLOWUP_IP:
win32kbase!HMChangeOwnerThread+49
ffffb893`0920af59 488b8870010000 mov rcx,qword ptr [rax+170h]

FAULT_INSTR_CODE: 70888b48

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32kbase!HMChangeOwnerThread+49

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32kbase

IMAGE_NAME: win32kbase.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5bd13431

IMAGE_VERSION: 10.0.14393.2608

STACK_COMMAND: .cxr 0xffffba009ff62c90 ; kb

BUCKET_ID_FUNC_OFFSET: 49

FAILURE_BUCKET_ID: 0x3B_win32kbase!HMChangeOwnerThread

BUCKET_ID: 0x3B_win32kbase!HMChangeOwnerThread

PRIMARY_PROBLEM_CLASS: 0x3B_win32kbase!HMChangeOwnerThread

TARGET_TIME: 2019-03-06T20:03:02.000Z

OSBUILD: 14393

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 144

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 Server TerminalServer DataCenter

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2019-02-17 02:56:01

BUILDDATESTAMP_STR: 190216-1457

BUILDLAB_STR: rs1_release_inmarket

BUILDOSVER_STR: 10.0.14393.2828.amd64fre.rs1_release_inmarket.190216-1457

ANALYSIS_SESSION_ELAPSED_TIME: ed3

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x3b_win32kbase!hmchangeownerthread

FAILURE_ID_HASH: {1eae2e18-8d71-cfb9-bae0-7ed3c0e1d54a}

Followup: MachineOwner
---------




msterley

Continue reading...

 

[timeshift]

Hi,

I've got the exact same dump, happens a couple of times a day, just started happening. A windows update maybe? This is the only post regarding this exact error.