Share via

BSOD SYSTEM_SERVICE_EXCEPTION

Anonymous
2024-08-20T19:20:50+00:00

Hi! I recently get some Bluescreens which have the Error Code SYSTEM_SERVICE_EXCEPTION . I really dont know what this means, and the internet also didnt help me a lot. I got the dump file and I would kindly ask someone, if they could help me. The last 2 BSOD happened right when I logged into Windows and waited a bit. But both had other causes. I already updated my BIOS and ran Memtest86, which said that everything was fine with my RAM. Dump file:

************* Preparing the environment for Debugger Extensions Gallery repositories **************

ExtensionRepository : Implicit

UseExperimentalFeatureForNugetShare : true

AllowNugetExeUpdate : true

NonInteractiveNuget : true

AllowNugetMSCredentialProviderInstall : true

AllowParallelInitializationOfLocalRepositories : true

EnableRedirectToChakraJsProvider : false

-- Configuring repositories 

  ----> Repository : LocalInstalled, Enabled: true 

  ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds

----> Repository : UserExtensions, Enabled: true, Packages count: 0

----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27668.1000 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Path validation summary **************

Response Time (ms) Location

Deferred srv*

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP (12 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Edition build lab: 19041.1.amd64fre.vb_release.191206-1406

Kernel base = 0xfffff8036a200000 PsLoadedModuleList = 0xfffff8036ae2a830

Debug session time: Tue Aug 20 21:09:06.869 2024 (UTC + 2:00)

System Uptime: 0 days 4:03:50.478

Loading Kernel Symbols

...............................................................

........Page 76f6cd not present in the dump file. Type ".hh dbgerr004" for details

........................................................

.......................................Page 3ff97f not present in the dump file. Type ".hh dbgerr004" for details

..Page 79e425 not present in the dump file. Type ".hh dbgerr004" for details

..Page 3fdbfe not present in the dump file. Type ".hh dbgerr004" for details

.....................

.............................

Loading User Symbols

PEB is paged out (Peb.Ldr = 000000da`e0a5b018). Type ".hh dbgerr001" for details

Loading unloaded module list

.............

For analysis of this file, run !analyze -v

nt!KeBugCheckEx:

fffff8036a5fe2a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffd301754dd870=000000000000003b

3: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c000001d, Exception code that caused the BugCheck

Arg2: fffff8036e0a5ffe, Address of the instruction which caused the BugCheck

Arg3: ffffd301754de170, Address of the context record for the exception that caused the BugCheck

Arg4: 0000000000000000, zero.

Debugging Details:

KEY_VALUES_STRING: 1 

Key  : Analysis.CPU.mSec 

Value: 1546 

Key  : Analysis.Elapsed.mSec 

Value: 1571 

Key  : Analysis.IO.Other.Mb 

Value: 9 

Key  : Analysis.IO.Read.Mb 

Value: 0 

Key  : Analysis.IO.Write.Mb 

Value: 26 

Key  : Analysis.Init.CPU.mSec 

Value: 452 

Key  : Analysis.Init.Elapsed.mSec 

Value: 27795 

Key  : Analysis.Memory.CommitPeak.Mb 

Value: 101 

Key  : Bugcheck.Code.KiBugCheckData 

Value: 0x3b 

Key  : Bugcheck.Code.LegacyAPI 

Value: 0x3b 

Key  : Bugcheck.Code.TargetModel 

Value: 0x3b 

Key  : Failure.Bucket 

Value: 0x3B\_C000001D\_CI!Gv5ce9b7 

Key  : Failure.Hash 

Value: {4f198501-d289-cef5-c85d-4d73d82524e7} 

Key  : Hypervisor.Enlightenments.Value 

Value: 0 

Key  : Hypervisor.Enlightenments.ValueHex 

Value: 0 

Key  : Hypervisor.Flags.AnyHypervisorPresent 

Value: 0 

Key  : Hypervisor.Flags.ApicEnlightened 

Value: 0 

Key  : Hypervisor.Flags.ApicVirtualizationAvailable 

Value: 1 

Key  : Hypervisor.Flags.AsyncMemoryHint 

Value: 0 

Key  : Hypervisor.Flags.CoreSchedulerRequested 

Value: 0 

Key  : Hypervisor.Flags.CpuManager 

Value: 0 

Key  : Hypervisor.Flags.DeprecateAutoEoi 

Value: 0 

Key  : Hypervisor.Flags.DynamicCpuDisabled 

Value: 0 

Key  : Hypervisor.Flags.Epf 

Value: 0 

Key  : Hypervisor.Flags.ExtendedProcessorMasks 

Value: 0 

Key  : Hypervisor.Flags.HardwareMbecAvailable 

Value: 1 

Key  : Hypervisor.Flags.MaxBankNumber 

Value: 0 

Key  : Hypervisor.Flags.MemoryZeroingControl 

Value: 0 

Key  : Hypervisor.Flags.NoExtendedRangeFlush 

Value: 0 

Key  : Hypervisor.Flags.NoNonArchCoreSharing 

Value: 0 

Key  : Hypervisor.Flags.Phase0InitDone 

Value: 0 

Key  : Hypervisor.Flags.PowerSchedulerQos 

Value: 0 

Key  : Hypervisor.Flags.RootScheduler 

Value: 0 

Key  : Hypervisor.Flags.SynicAvailable 

Value: 0 

Key  : Hypervisor.Flags.UseQpcBias 

Value: 0 

Key  : Hypervisor.Flags.Value 

Value: 16908288 

Key  : Hypervisor.Flags.ValueHex 

Value: 1020000 

Key  : Hypervisor.Flags.VpAssistPage 

Value: 0 

Key  : Hypervisor.Flags.VsmAvailable 

Value: 0 

Key  : Hypervisor.RootFlags.AccessStats 

Value: 0 

Key  : Hypervisor.RootFlags.CrashdumpEnlightened 

Value: 0 

Key  : Hypervisor.RootFlags.CreateVirtualProcessor 

Value: 0 

Key  : Hypervisor.RootFlags.DisableHyperthreading 

Value: 0 

Key  : Hypervisor.RootFlags.HostTimelineSync 

Value: 0 

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled 

Value: 0 

Key  : Hypervisor.RootFlags.IsHyperV 

Value: 0 

Key  : Hypervisor.RootFlags.LivedumpEnlightened 

Value: 0 

Key  : Hypervisor.RootFlags.MapDeviceInterrupt 

Value: 0 

Key  : Hypervisor.RootFlags.MceEnlightened 

Value: 0 

Key  : Hypervisor.RootFlags.Nested 

Value: 0 

Key  : Hypervisor.RootFlags.StartLogicalProcessor 

Value: 0 

Key  : Hypervisor.RootFlags.Value 

Value: 0 

Key  : Hypervisor.RootFlags.ValueHex 

Value: 0 

Key  : SecureKernel.HalpHvciEnabled 

Value: 0 

Key  : WER.OS.Branch 

Value: vb\_release 

Key  : WER.OS.Version 

Value: 10.0.19041.1

BUGCHECK_CODE: 3b

BUGCHECK_P1: c000001d

BUGCHECK_P2: fffff8036e0a5ffe

BUGCHECK_P3: ffffd301754de170

BUGCHECK_P4: 0

FILE_IN_CAB: MEMORY.DMP

FAULTING_THREAD: ffffbe8cb2997040

CONTEXT: ffffd301754de170 -- (.cxr 0xffffd301754de170)

rax=00000000dfdb277f rbx=0000000027995d12 rcx=fffff8036e0c40e0

rdx=c95c83fb00000000 rsi=ffffd301754decf0 rdi=0000000032dfafe4

rip=fffff8036e0a5ffe rsp=ffffd301754deb70 rbp=ffffd301754dece0

r8=0000000000374cc0 r9=0000000000000097 r10=0000000015fa5b7d

r11=00000000752bb141 r12=0000000000000001 r13=0000000000000000

r14=0000000000000005 r15=ffffe5888ce48ba0

iopl=0 ov up ei ng nz ac po nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050a96

CI!Gv5ce9b7+0xae:

fffff803`6e0a5ffe ea ???

Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: sppsvc.exe

STACK_TEXT:

ffffd301754deb70 0000000027995d12 : fffff8036e0c000f ffffd301754deba0 0000000000000000 32dfafe41546f2f6 : CI!Gv5ce9b7+0xae

ffffd301754deb78 fffff8036e0c000f : ffffd301754deba0 0000000000000000 32dfafe41546f2f6 2df0b5b3e865df30 : 0x27995d12

ffffd301754deb80 fffff8036e0abc99 : 0000000000000000 00000000000e499e 0000000000000005 0000000000000000 : CI!Gvb3afc4+0x137

ffffd301754deee0 fffff8036e009fff : c11b999c187b4d0e 0000000000000005 0000000000000000 00000000000e499e : CI!peauthvbn_StoreParameter+0x3d

ffffd301754def30 fffff8036e0807af : 0000000000000000 0000000000000000 ffffe588b393ec50 ffffe588b393ec50 : CI!PEAuthStoreParameter+0x5f

ffffd301754def60 fffff8036e080a74 : 0000000000004668 ffffd301754df039 ffffbe8c9e4e14a0 ffffbe8cae73c0c0 : CI!I_PEUpdatePEHashBucket+0x157

ffffd301754defa0 fffff8036a84fb41 : 0000000000000000 0000000000000000 000000000000ff00 ffffbe8cba6eb0c0 : CI!I_PEProcessNotify+0x34

ffffd301754defd0 fffff8036a7e6d70 : ffffbe8cae73c000 ffffbe8cae73c0c0 0000000000000000 0000000000000000 : nt!PspCallProcessNotifyRoutines+0x255

ffffd301754df0a0 fffff8036a8498ee : ffffbe8cb2997478 0000000000000000 ffffd301754df269 0000000000000000 : nt!PspExitProcess+0x70

ffffd301754df0d0 fffff8036a8483b8 : ffffbe8c00000000 fffff8036a42df01 0000000000000000 000000dae0a70000 : nt!PspExitThread+0x5b2

ffffd301754df1d0 fffff8036a4265bd : 0000000000000000 fffff8036a453201 ffffbe8cbb330101 fffff80300000010 : nt!KiSchedulerApcTerminate+0x38

ffffd301754df210 fffff8036a603940 : 000002d4cc760b50 ffffd301754df2d0 ffffd301754df480 ffffd301754df300 : nt!KiDeliverApc+0x60d

ffffd301754df2d0 fffff8036a6122af : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiInitiateUserApc+0x70

ffffd301754df410 00007fff38b70ff4 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceExit+0x9f

000000dae13ffb78 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007fff`38b70ff4

SYMBOL_NAME: CI!Gv5ce9b7+ae

MODULE_NAME: CI

IMAGE_NAME: CI.dll

STACK_COMMAND: .cxr 0xffffd301754de170 ; kb

BUCKET_ID_FUNC_OFFSET: ae

FAILURE_BUCKET_ID: 0x3B_C000001D_CI!Gv5ce9b7

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {4f198501-d289-cef5-c85d-4d73d82524e7}

Followup: MachineOwner

Windows for home | Windows 10 | Devices and drivers

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-08-30T05:41:06+00:00

    According to the information provided by this new blue screen log, the system has a KERNEL_MODE_HEAP_CORRUPTION (13a) error. This error usually means that the kernel mode heap manager has detected heap corruption. The problem is usually related to the incorrect operation of memory by kernel mode drivers or system components.

    The faulty module is ntkrnlmp.exe, which is the Windows kernel.

    The related process with the error is svchost.exe, which is a system process used to host Windows services.

    According to the information of these errors, some system processes of Windows have errors, causing the blue screen.

    If the system process has errors, generally speaking, the effective method is SFC repair or performing an in-place upgrade. There is no better way than this. So, please try to uninstall OneDrive first. If there is still a problem, please try to upgrade in place.

    Best regards

    Brian - Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-08-29T20:05:30+00:00

    Hi! So I actually wanted to delete OneDrive but wanted to wait a bit. But then got another BSOD with a different error. I think I will try to do the in place upgrade. But please still tell me what this dump file says, maybe it could give a hint about whats really wrong. Dump File: 

    ************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   NonInteractiveNuget : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true
   EnableRedirectToChakraJsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.047 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27668.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff801`2a800000 PsLoadedModuleList = 0xfffff801`2b42a830
Debug session time: Thu Aug 29 21:27:45.778 2024 (UTC + 2:00)
System Uptime: 0 days 1:56:49.379
Loading Kernel Symbols
...............................................................
.........Page 3254ce not present in the dump file. Type ".hh dbgerr004" for details
.......Page 325397 not present in the dump file. Type ".hh dbgerr004" for details
................................................
..................................Page 1214fe not present in the dump file. Type ".hh dbgerr004" for details
.Page 1216a3 not present in the dump file. Type ".hh dbgerr004" for details
..Page 11ff7d not present in the dump file. Type ".hh dbgerr004" for details
...........................
....................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000c8`5b1e1018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`2abfe2a0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff900d`575d6d90=000000000000013a
6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_HEAP_CORRUPTION (13a)
The kernel mode heap manager has detected corruption in a heap.
Arguments:
Arg1: 0000000000000012, Type of corruption detected
Arg2: ffffce0c43c00100, Address of the heap that reported the corruption
Arg3: ffffce0c47668000, Address at which the corruption was detected
Arg4: 0000000000000000

Debugging Details:
------------------

Page 165729 not present in the dump file. Type ".hh dbgerr004" for details
Page 165729 not present in the dump file. Type ".hh dbgerr004" for details
Page 161dd3 not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1875

    Key  : Analysis.Elapsed.mSec
    Value: 1899

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 1

    Key  : Analysis.Init.CPU.mSec
    Value: 640

    Key  : Analysis.Init.Elapsed.mSec
    Value: 15689

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 90

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x13a

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x13a

    Key  : Bugcheck.Code.TargetModel
    Value: 0x13a

    Key  : Failure.Bucket
    Value: 0x13a_12_nt!RtlpHeapHandleError

    Key  : Failure.Hash
    Value: {a85913b6-c397-d802-0080-5739aea016dc}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 16908288

    Key  : Hypervisor.Flags.ValueHex
    Value: 1020000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  13a

BUGCHECK_P1: 12

BUGCHECK_P2: ffffce0c43c00100

BUGCHECK_P3: ffffce0c47668000

BUGCHECK_P4: 0

FILE_IN_CAB:  MEMORY.DMP

FAULTING_THREAD:  ffffbd8204d09080

CORRUPTING_POOL_ADDRESS: unable to get nt!PspSessionIdBitmap
 ffffce0c47668000 Paged pool

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  svchost.exe

STACK_TEXT:  
ffff900d`575d6d88 fffff801`2ad94b4c     : 00000000`0000013a 00000000`00000012 ffffce0c`43c00100 ffffce0c`47668000 : nt!KeBugCheckEx
ffff900d`575d6d90 fffff801`2ad94bac     : 00000000`00000012 ffff900d`575d6ea0 ffffce0c`43c00100 00000000`00000000 : nt!RtlpHeapHandleError+0x40
ffff900d`575d6dd0 fffff801`2ad947d9     : ffffce0c`4766e2a0 ffffce0c`43c00280 00000000`00000010 00000000`00050286 : nt!RtlpHpHeapHandleError+0x58
ffff900d`575d6e00 fffff801`2ac38229     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlpLogHeapFailure+0x45
ffff900d`575d6e30 fffff801`2aa51584     : 00000000`00000002 ffffbd82`08803980 00000000`00000000 ffffce0c`00000000 : nt!RtlpHpVsContextFree+0x1e8f49
ffff900d`575d6ed0 fffff801`2b1b70b9     : 00000000`00000000 ffffce0c`4766e2c0 00000000`0000076c 01000000`00100000 : nt!ExFreeHeapPool+0x4d4
ffff900d`575d6fb0 fffff801`2ae2db94     : ffffce0c`4766e2e0 ffffce0c`4766e2e0 ffffbd81`dfd54380 ffffbd81`f8bded80 : nt!ExFreePool+0x9
ffff900d`575d6fe0 fffff801`2ae2d9a8     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpFreeObject+0x194
ffff900d`575d7040 fffff801`2aa5ac67     : 00000000`00000000 00000000`00000000 ffffce0c`681b0370 ffffce0c`4766e310 : nt!ObpRemoveObjectRoutine+0x88
ffff900d`575d70a0 fffff801`2aa5ab8e     : 00000000`00000000 ffffce0c`6470c280 ffffbd82`03a909f0 ffffce0c`681b0370 : nt!ObfDereferenceObjectWithTag+0xc7
ffff900d`575d70e0 fffff801`2ae63d70     : ffffffff`00000000 ffffbd82`00000000 ffffce0c`6470c280 00000000`00000000 : nt!HalPutDmaAdapter+0xe
ffff900d`575d7110 fffff801`2ae2d9a0     : ffffbd82`03a909c0 00000000`00000000 ffffbd81`f7755ae0 ffffce0c`4766e310 : nt!AlpcpDeletePort+0x170
ffff900d`575d7140 fffff801`2aa5ac67     : 00000000`00000000 00000000`00000000 ffffce0c`681b0370 ffffbd82`03a909f0 : nt!ObpRemoveObjectRoutine+0x80
ffff900d`575d71a0 fffff801`2aa5ab8e     : ffffce0c`681b0370 ffffce0c`681b0340 ffffbd81`f7755ae0 ffffffff`fa000000 : nt!ObfDereferenceObjectWithTag+0xc7
ffff900d`575d71e0 fffff801`2ae63b10     : ffffce0c`681b0370 00000000`00000000 000000c8`5c0ff978 ffffe300`00000010 : nt!HalPutDmaAdapter+0xe
ffff900d`575d7210 fffff801`2aeb83a1     : 00000000`00000001 00000000`00000000 000002b8`def75470 00000000`fa000000 : nt!AlpcMessageCleanupProcedure+0x30
ffff900d`575d7240 fffff801`2ae0a2a6     : ffffffff`ffffffff 00000000`00000000 ffffce0c`681b0340 000000c8`5c0ff978 : nt!AlpcpDestroyBlob+0x35
ffff900d`575d7270 fffff801`2ae09aae     : 00000000`00000030 ffffbd81`f7755ae0 000000c8`5c0ff958 00000000`00000000 : nt!AlpcpReceiveMessage+0x676
ffff900d`575d7350 fffff801`2ac12208     : ffffbd82`04d09080 ffff900d`575d7500 000000c8`5c0ff928 ffff900d`575d7428 : nt!NtAlpcSendWaitReceivePort+0xfe
ffff900d`575d7410 00007ff8`ecd6e6d4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000c8`5c0ff908 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`ecd6e6d4

SYMBOL_NAME:  nt!RtlpHeapHandleError+40

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

STACK_COMMAND:  .process /r /p 0xffffbd81f74090c0; .thread 0xffffbd8204d09080 ; kb

BUCKET_ID_FUNC_OFFSET:  40

FAILURE_BUCKET_ID:  0x13a_12_nt!RtlpHeapHandleError

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {a85913b6-c397-d802-0080-5739aea016dc}

Followup:     MachineOwner
---------

    Was this answer helpful?

    0 comments
  3. Anonymous
    2024-08-28T10:00:11+00:00

    Thank you for your reply. According to the log information you provided, there seems to be a problem with the files in these folders.

    C:\Program Files (x86)\

    C:\ProgramData\Microsoft\Windows\Start Menu\

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    These directories are marked as duplicated by the same component (Microsoft-Windows-shell32, version 10.0.19041.4780, architecture amd64 Guest=x86).

    What is the warning of overlapping ownership?

    When Windows records that a directory has ownership or security settings set twice by multiple components or the same component, it will issue a warning. This may occur in a variety of situations:

    1. During the system or component update process, some directories may reset their ownership or security settings due to the update component.
    2. System repair operations may reconfigure the permissions and ownership of folders.
    3. Duplicate records do not necessarily indicate an error, but may cause permission conflicts in some cases.

    The first error message indicates that the system is repairing the OneDrive.lnk shortcut file located in C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs, which may have a problem.

    Based on the above analysis, I suggest that you try to uninstall OneDrive first. The detailed steps are as follows.

    Press Win + I to open "Settings".

    In "Settings", select "Apps".

    In the search box in the "Apps & Features" section, enter "OneDrive".

    You will see Microsoft OneDrive appear in the list.

    Click the OneDrive item and select the "Uninstall" button.

    Select "Uninstall" again in the confirmation dialog box that pops up.

    Please note: Uninstalling OneDrive may cause the loss of some of your synchronized files. For the safety of your data, I suggest that you back up your important personal data first, and then uninstall.

    If the problem persists after uninstalling, please try the in-place upgrade method I mentioned above.

    Best regards

    Brian - Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  4. Anonymous
    2024-08-25T16:49:26+00:00

    Hi! Thank you for your response. So I did the command sfc /scannow and it detected a broken file. It was something from OneDrive.
    This was in CBS:

    2024-08-25 17:03:30, Info CSI 00000219 [SR] Repairing file ??\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk from store

    But there was also something else in the CBS, maybe it has some meaning, maybe not:

    2024-08-25 17:03:24, Info CSI 000001d9 Warning: Overlap: Directory ??\C:\Program Files (x86)\ is owned twice or has its security set twice

    Original owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    New owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    2024-08-25 17:03:24, Info CSI 000001da Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice

    Original owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    New owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    2024-08-25 17:03:24, Info CSI 000001db Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice

    Original owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    New owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    2024-08-25 17:03:24, Info CSI 000001dc Warning: Overlap: Directory ??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice

    Original owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    New owner: Microsoft-Windows-shell32, version 10.0.19041.4780, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

    When the files were repaired, I didnt get any BSOD for many days, which is why I haven't replied for so long, but today, I got one again and I did the sfc/ scannow and it was the same OneDrive File again.

    Why is that and what can I do?

    Was this answer helpful?

    0 comments
  5. Anonymous
    2024-08-21T09:14:10+00:00

    Hello, ArunSh

    Welcome to the Microsoft Community

    Thank you for your feedback. I analyzed the blue screen log you provided.

    According to the information provided by the dmp file, the system has a SYSTEM_SERVICE_EXCEPTION error, which usually means that the Windows operating system encountered an exception when trying to execute a system service routine. The following is a detailed analysis.

    The error code is 0xC000001D, which indicates an illegal instruction error. This means that the CPU encountered an instruction that could not be recognized or executed, usually caused by a driver or software problem.

    The fault module where the error occurred is CI.dll, which is the Windows code integrity module responsible for verifying the signatures of system files and drivers. The error may also be related to the file integrity check

    Based on the above analysis, I suggest that you try the following methods, which may help your current problem.

    Method 1: Update Drivers

    Make sure all device drivers are up to date. Pay special attention to graphics card, sound card, and network adapter drivers.

    You can press Win + X, select Device Manager, find the device category that needs to be updated and expand it.

    Right-click the device name and select "Update Driver".

    Select "Search automatically for updated driver software". Windows will search online and install the latest drivers.

    Of course, you can also download the motherboard setup software provided by the motherboard manufacturer and then update all drivers.

    Method 2: Run SFC and DISM commands to repair system files

    System File Checker (SFC) and Deployment Image Servicing and Management Tool (DISM) are two built-in tools provided by Windows for scanning and repairing system files.

    Press Win + X or right-click the "Start" button and select "Command Prompt (Admin)" or "Windows PowerShell (Admin)".

    Enter and run the SFC command: 

    sfc /scannow

    This command will scan all protected system files and replace damaged files. This process may take some time, so please be patient.

    DISM can repair problems in Windows image files and is the next step when SFC cannot repair files.

    Continue to use the command prompt with administrator privileges.

    Enter and run the following commands: 

    DISM /Online /Cleanup-Image /CheckHealth 

DISM /Online /Cleanup-Image /ScanHealth 

DISM /Online /Cleanup-Image /RestoreHealth

    These commands will check and fix problems in the Windows image file. /RestoreHealth You may need to connect to the Internet to download and replace damaged files.

    Method 3: In-place upgrade is a method of reinstalling Windows. The principle of in-place upgrade is to upgrade the system from the old version to the latest version while retaining the original system and user data, overwriting only the system files, and restoring the normal use of the system. The detailed steps are as follows.

    Visit the official Microsoft website, Download Windows 10(Download Windows 10 (microsoft.com))

    Use the installation tool to create a USB installation disk or ISO file.

    Insert the USB installation disk or mount the ISO file, and then run setup.exe.

    Select the "Upgrade this PC" option, and then click "Next".

    Make sure to select the "Keep personal files and apps" option, and then click "Install".

    The process may take some time, please be patient.

    Disclaimer: Let's try to perform an in-place upgrade, which will refresh your Windows files and operating system without deleting files or applications. But if there is important data in the computer, we still recommend backing it up in advance.

    If the problem persists after you have tried these methods, although it is uncommon, some hardware problems (such as memory failure) may also cause this error. You may need to use some third-party detection software to detect it, but due to the rules of the forum, I cannot give you the specific names of these software. You can search for related content on the search engine to find them.

    Best regards

    Brian - Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments