BSODHunter
New member
- Aug 19, 2015
- 1
First of all the system specifies of the target system:
OS: Windows Server 2012 R2 (64bit)
Type: Virtual Machine (VMWare)
CPU/RAM: 2 vCPU / 4096 MB RAM
While I was connecting to my virtual machine today using the remote desktop connection in fullscreen resolution the system crashed :banghead:
Checking the eventlog I found the following entry:
I loaded the dump file into WinDbg and tried to analyse the dump as it follows:
I wanted more information so I used the !analyze -v switch
I tried to gather a bit more of informations out of the dumpfile:
I found a post in this forum (https://www.sysnative.com/forums/bsod-crashes-kernel-debugging/12553-server-2012-r2-bsod.html) where the problem looks a bit like mine, but there the error looks a bit different the user Patrick ( https://www.sysnative.com/forums/members/208-patrick/ ) posted there the following comments:
And I think the problem got the same root but I'm not sure about that mine looks like
Since the Dumpfile has a huge size I'm not able to upload it online at the moment.
I hope you can help me based on my informations - if you need more please tell me.
Kind regards
BSOD Hunter
OS: Windows Server 2012 R2 (64bit)
Type: Virtual Machine (VMWare)
CPU/RAM: 2 vCPU / 4096 MB RAM
While I was connecting to my virtual machine today using the remote desktop connection in fullscreen resolution the system crashed :banghead:
Checking the eventlog I found the following entry:
Code:
The computer has rebooted from a bugcheck.
The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8016188cdf7, 0xffffd00108fccf70, 0x0000000000000000).
A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081915-15515-01.I loaded the dump file into WinDbg and tried to analyse the dump as it follows:
Code:
BugCheck 3B, {c0000005, fffff8016188cdf7, ffffd00108fccf70, 0}
Probably caused by : dxgkrnl.sys ( dxgkrnl!DxgkQueryAdapterInfo+517 )I wanted more information so I used the !analyze -v switch
Code:
SYSTEM_SERVICE_EXCEPTION (3b)An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8016188cdf7, Address of the instruction which caused the bugcheck
Arg3: ffffd00108fccf70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
VIRTUAL_MACHINE: VMware
SYSTEM_VERSION: None
BIOS_DATE: 04/14/2014
BASEBOARD_PRODUCT: 440BX Desktop Reference Platform
BASEBOARD_VERSION: None
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8016188cdf7
BUGCHECK_P3: ffffd00108fccf70
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
dxgkrnl!DxgkQueryAdapterInfo+517
fffff801`6188cdf7 483908 cmp qword ptr [rax],rcx
CONTEXT: ffffd00108fccf70 -- (.cxr 0xffffd00108fccf70)
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe000a6648400
rdx=0000000001f876f2 rsi=ffffffffffffffff rdi=ffffc001c36cae30
rip=fffff8016188cdf7 rsp=ffffd00108fcd9a0 rbp=ffffd00108fcdb80
r8=ffffe000a4f6aa80 r9=0000000000000000 r10=0000000000000801
r11=ffffc001cda31ad0 r12=ffffc001c2bb3170 r13=ffffc001cc48aad0
r14=ffffe000a4aab010 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
dxgkrnl!DxgkQueryAdapterInfo+0x517:
fffff801`6188cdf7 483908 cmp qword ptr [rax],rcx ds:002b:00000000`00000000=????????????????
Resetting default scope
CPU_COUNT: 2
CPU_MHZ: 9c4
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 2d
CPU_STEPPING: 7
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 10.0.10240.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff802bbf622b3 to fffff8016188cdf7
STACK_TEXT:
ffffd001`08fcd9a0 fffff802`bbf622b3 : 00000000`00000004 ffffe000`000007df 00007fff`c331b620 00000000`00000008 : dxgkrnl!DxgkQueryAdapterInfo+0x517
ffffd001`08fcdb00 00007fff`c712175a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000075`7683f738 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`c712175a
FOLLOWUP_IP:
dxgkrnl!DxgkQueryAdapterInfo+517
fffff801`6188cdf7 483908 cmp qword ptr [rax],rcx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgkrnl!DxgkQueryAdapterInfo+517
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgkrnl
IMAGE_NAME: dxgkrnl.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 54505515
STACK_COMMAND: .cxr 0xffffd00108fccf70 ; kb
BUCKET_ID_FUNC_OFFSET: 517
FAILURE_BUCKET_ID: 0x3B_dxgkrnl!DxgkQueryAdapterInfo
BUCKET_ID: 0x3B_dxgkrnl!DxgkQueryAdapterInfo
PRIMARY_PROBLEM_CLASS: 0x3B_dxgkrnl!DxgkQueryAdapterInfo
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_dxgkrnl!dxgkqueryadapterinfo
FAILURE_ID_HASH: {082458e2-fc2f-23a7-98ef-32c209dd81c0}I tried to gather a bit more of informations out of the dumpfile:
Code:
1: kd> # Child-SP RetAddr Call Site
00 ffffd001`08fcc6b8 fffff802`bbf625e9 nt!KeBugCheckEx
01 ffffd001`08fcc6c0 fffff802`bbf61efc nt!KiBugCheckDispatch+0x69
02 ffffd001`08fcc800 fffff802`bbf5dfed nt!KiSystemServiceHandler+0x7c
03 ffffd001`08fcc840 fffff802`bbee0d35 nt!RtlpExecuteHandlerForException+0xd
04 ffffd001`08fcc870 fffff802`bbee50ee nt!RtlDispatchException+0x1a5
05 ffffd001`08fccf40 fffff802`bbf626c2 nt!KiDispatchException+0x646
06 ffffd001`08fcd630 fffff802`bbf60e14 nt!KiExceptionDispatch+0xc2
07 ffffd001`08fcd810 fffff801`6188cdf7 nt!KiPageFault+0x214
08 ffffd001`08fcd9a0 fffff802`bbf622b3 dxgkrnl!DxgkQueryAdapterInfo+0x517
09 ffffd001`08fcdb00 00007fff`c712175a nt!KiSystemServiceCopyEnd+0x13
0a 00000075`7683f738 00000000`00000000 0x00007fff`c712175a
1: kd> .cxr 0xffffd00108fccf70 ; kb
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe000a6648400
rdx=0000000001f876f2 rsi=ffffffffffffffff rdi=ffffc001c36cae30
rip=fffff8016188cdf7 rsp=ffffd00108fcd9a0 rbp=ffffd00108fcdb80
r8=ffffe000a4f6aa80 r9=0000000000000000 r10=0000000000000801
r11=ffffc001cda31ad0 r12=ffffc001c2bb3170 r13=ffffc001cc48aad0
r14=ffffe000a4aab010 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
dxgkrnl!DxgkQueryAdapterInfo+0x517:
fffff801`6188cdf7 483908 cmp qword ptr [rax],rcx ds:002b:00000000`00000000=????????????????
*** Stack trace for last set context - .thread/.cxr resets it
# RetAddr : Args to Child : Call Site
00 fffff802`bbf622b3 : 00000000`00000004 ffffe000`000007df 00007fff`c331b620 00000000`00000008 : dxgkrnl!DxgkQueryAdapterInfo+0x517
01 00007fff`c712175a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
02 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`c712175a
1: kd> !pte 0xffffd00108fccf70
VA ffffd00108fccf70
PXE at FFFFF6FB7DBEDD00 PPE at FFFFF6FB7DBA0020 PDE at FFFFF6FB74004238 PTE at FFFFF6E800847E60
contains 0000000000425863 contains 00000000009B7863 contains 0000000007562863 contains 8000000095C48963
pfn 425 ---DA--KWEV pfn 9b7 ---DA--KWEV pfn 7562 ---DA--KWEV pfn 95c48 -G-DA--KW-VI found a post in this forum (https://www.sysnative.com/forums/bsod-crashes-kernel-debugging/12553-server-2012-r2-bsod.html) where the problem looks a bit like mine, but there the error looks a bit different the user Patrick ( https://www.sysnative.com/forums/members/208-patrick/ ) posted there the following comments:
Code:
dxgkrnl!DxgkQueryAdapterInfo+0x994 // DirectX kernel query adapter info.And I think the problem got the same root but I'm not sure about that mine looks like
Code:
dxgkrnl!DxgkQueryAdapterInfo+0x517Since the Dumpfile has a huge size I'm not able to upload it online at the moment.
I hope you can help me based on my informations - if you need more please tell me.
Kind regards
BSOD Hunter
