Help me with this BSOD please

Alanthor

Reputable
Mar 17, 2014
417
0
4,810
Hi,

I got this BSOD recently, and I opened the minidump with WinDBG. But im not experienced with WinDBG, so im having a hard time to understand everything. Does it locate the actual hardware/software or cause?


C++:
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\081514-13046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       [url=http://msdl.microsoft.com/download/symbols]http://msdl.microsoft.com/download/symbols[/url]
Symbol search path is: [url=http://msdl.microsoft.com/download/symbols]http://msdl.microsoft.com/download/symbols[/url]
Executable search path is: 
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.16384.amd64fre.winblue_rtm.130821-1623
Machine Name:
Kernel base = 0xfffff803`cb41e000 PsLoadedModuleList = 0xfffff803`cb6e59b0
Debug session time: Fri Aug 15 15:17:06.821 2014 (UTC + 2:00)
System Uptime: 0 days 2:28:36.497
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
.......................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff803cb57133e, ffffd00024ddb990, 0}

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchLdtBypass+12 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff803cb57133e, Address of the instruction which caused the bugcheck
Arg3: ffffd00024ddb990, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!SwapContext_PatchLdtBypass+12
fffff803`cb57133e 49896f04        mov     qword ptr [r15+4],rbp

CONTEXT:  ffffd00024ddb990 -- (.cxr 0xffffd00024ddb990;r)
rax=0000000000000000 rbx=ffffd00020a69180 rcx=0000000000000007
rdx=00000001160e6000 rsi=ffffe00001500080 rdi=ffffe00001537080
rip=fffff803cb57133e rsp=ffffd00024ddc3c0 rbp=ffffd00024ddcc10
 r8=0000000000000000  r9=00000000000000a5 r10=fffff803cb41e000
r11=ffffd0002a3cf7c0 r12=0000000000000001 r13=fffff803cb41e000
r14=ffffe00005021900 r15=0800000200010000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!SwapContext_PatchLdtBypass+0x12:
fffff803`cb57133e 49896f04        mov     qword ptr [r15+4],rbp ds:002b:08000002`00010004=????????????????
Last set context:
rax=0000000000000000 rbx=ffffd00020a69180 rcx=0000000000000007
rdx=00000001160e6000 rsi=ffffe00001500080 rdi=ffffe00001537080
rip=fffff803cb57133e rsp=ffffd00024ddc3c0 rbp=ffffd00024ddcc10
 r8=0000000000000000  r9=00000000000000a5 r10=fffff803cb41e000
r11=ffffd0002a3cf7c0 r12=0000000000000001 r13=fffff803cb41e000
r14=ffffe00005021900 r15=0800000200010000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!SwapContext_PatchLdtBypass+0x12:
fffff803`cb57133e 49896f04        mov     qword ptr [r15+4],rbp ds:002b:08000002`00010004=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  aaHMSvc.exe

CURRENT_IRQL:  2

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

LAST_CONTROL_TRANSFER:  from fffff803cb570f36 to fffff803cb57133e

STACK_TEXT:  
ffffd000`24ddc3c0 fffff803`cb570f36 : 00000000`00000000 00000000`00000000 00000001`00000001 00000000`00b00000 : nt!SwapContext_PatchLdtBypass+0x12
ffffd000`24ddc400 fffff803`cb45db1e : ffffd000`20a69180 ffffe000`01500080 ffffc000`fffffffe 00000000`fffffffe : nt!KiSwapContext+0x76
ffffd000`24ddc540 fffff803`cb45d5b7 : ffffe000`01500080 00000000`00000000 00000000`00000001 ffffd000`24ddc6d0 : nt!KiSwapThread+0x14e
ffffd000`24ddc5e0 fffff803`cb45ce35 : ffffe000`05bcc070 ffffd000`24ddc950 ffffc000`000000a5 00000000`00000000 : nt!KiCommitThreadWait+0x127
ffffd000`24ddc640 fffff803`cb45c9aa : ffffe000`05439c40 ffffc000`08c7a601 ffffe000`01500501 00000000`00000002 : nt!KeRemoveQueueEx+0x275
ffffd000`24ddc6d0 fffff803`cb45bf4a : 00000000`00000001 00000000`00000000 ffffd000`24ddc818 00000000`0103fd1c : nt!IoRemoveIoCompletion+0x8a
ffffd000`24ddc7f0 fffff803`cb5798b3 : 00000000`00000120 00000000`0053ef00 00000000`00000010 00000000`0103ff34 : nt!NtWaitForWorkViaWorkerFactory+0x30a
ffffd000`24ddca10 00007ffe`c96495ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0053e7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`c96495ca


FOLLOWUP_IP: 
nt!SwapContext_PatchLdtBypass+12
fffff803`cb57133e 49896f04        mov     qword ptr [r15+4],rbp

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!SwapContext_PatchLdtBypass+12

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5215d156

IMAGE_VERSION:  6.3.9600.16384

STACK_COMMAND:  .cxr 0xffffd00024ddb990 ; kb

BUCKET_ID_FUNC_OFFSET:  12

FAILURE_BUCKET_ID:  0x3B_nt!SwapContext_PatchLdtBypass

BUCKET_ID:  0x3B_nt!SwapContext_PatchLdtBypass

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x3b_nt!swapcontext_patchldtbypass

FAILURE_ID_HASH:  {bb68b297-1eee-41b4-f4d5-514bd4aadcb4}

Followup: MachineOwner
---------
 
Solution
do you have an asustek motherboard? seems to be caused by - PROCESS_NAME: aaHMSvc.exe, The aaHMSvc.exe is the ASUS HM Com Service - motherboard servicing utility (system service), part of the ASUS Ai Suite.

te100

Distinguished
do you have an asustek motherboard? seems to be caused by - PROCESS_NAME: aaHMSvc.exe, The aaHMSvc.exe is the ASUS HM Com Service - motherboard servicing utility (system service), part of the ASUS Ai Suite.
 
Solution