Windows 10 Bluescreen, need help to find my device's problem

louye 0 Reputation points
2023-08-29T17:42:01.1233333+00:00

I encounter with so many bluescreen accidents in this month, this is my new PC and running only about a half of year, installed the newest windows 10 version. I tried using WinDBG to open the minidump .dmg file, here is the file's information, need help to find my computer's problem, thanks.

************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : false
   AllowNugetExeUpdate : false
   AllowNugetMSCredentialProviderInstall : false
   AllowParallelInitializationOfLocalRepositories : true

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 36

Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\louye\Desktop\083023-6765-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff801`4d800000 PsLoadedModuleList = 0xfffff801`4e42a2d0
Debug session time: Wed Aug 30 01:22:41.730 2023 (UTC + 8:00)
System Uptime: 3 days 21:02:45.247
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
................................................................
..........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`009f8018).  Type ".hh dbgerr001" for details
Loading unloaded module list
...................................
PEB is paged out (Peb.Ldr = 009f900c).  Type ".hh dbgerr001" for details
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`4dbfc0c0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff209`e89a7900=0000000000000001
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
BugCheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 00007ffd06578594, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff209e89a7ac0, Call type (0 - system call, 1 - worker routine)

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1390

    Key  : Analysis.Elapsed.mSec
    Value: 11852

    Key  : Analysis.IO.Other.Mb
    Value: 5

    Key  : Analysis.IO.Read.Mb
    Value: 4

    Key  : Analysis.IO.Write.Mb
    Value: 9

    Key  : Analysis.Init.CPU.mSec
    Value: 374

    Key  : Analysis.Init.Elapsed.mSec
    Value: 319158

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 92

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x1

    Key  : Dump.Attributes.AsUlong
    Value: 8

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Failure.Bucket
    Value: 0x1_SysCallNum_1432_nt!KiSystemServiceExitPico

    Key  : Failure.Hash
    Value: {9a8e8bfc-ec23-7b8e-3d90-04366636cbaa}


BUGCHECK_CODE:  1

BUGCHECK_P1: 7ffd06578594

BUGCHECK_P2: 0

BUGCHECK_P3: ffff

BUGCHECK_P4: fffff209e89a7ac0

FILE_IN_CAB:  083023-6765-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  leishenSdk.exe

STACK_TEXT:  
fffff209`e89a78f8 fffff801`4dc10129     : 00000000`00000001 00007ffd`06578594 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
fffff209`e89a7900 fffff801`4dc0ffdf     : ffff8282`3a61b080 00000000`00000001 00000000`00000000 ffff8282`00000000 : nt!KiBugCheckDispatch+0x69
fffff209`e89a7a40 00007ffd`06578594     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x334
00000000`0073e248 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`06578594


SYMBOL_NAME:  nt!KiSystemServiceExitPico+334

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.19041.3208

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  334

FAILURE_BUCKET_ID:  0x1_SysCallNum_1432_nt!KiSystemServiceExitPico

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {9a8e8bfc-ec23-7b8e-3d90-04366636cbaa}

Followup:     MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
BugCheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 00007ffd06578594, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff209e89a7ac0, Call type (0 - system call, 1 - worker routine)

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1312

    Key  : Analysis.Elapsed.mSec
    Value: 1320

    Key  : Analysis.IO.Other.Mb
    Value: 5

    Key  : Analysis.IO.Read.Mb
    Value: 4

    Key  : Analysis.IO.Write.Mb
    Value: 9

    Key  : Analysis.Init.CPU.mSec
    Value: 1765

    Key  : Analysis.Init.Elapsed.mSec
    Value: 331011

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 92

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x1

    Key  : Dump.Attributes.AsUlong
    Value: 8

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Failure.Bucket
    Value: 0x1_SysCallNum_1432_nt!KiSystemServiceExitPico

    Key  : Failure.Hash
    Value: {9a8e8bfc-ec23-7b8e-3d90-04366636cbaa}


BUGCHECK_CODE:  1

BUGCHECK_P1: 7ffd06578594

BUGCHECK_P2: 0

BUGCHECK_P3: ffff

BUGCHECK_P4: fffff209e89a7ac0

FILE_IN_CAB:  083023-6765-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  leishenSdk.exe

STACK_TEXT:  
fffff209`e89a78f8 fffff801`4dc10129     : 00000000`00000001 00007ffd`06578594 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
fffff209`e89a7900 fffff801`4dc0ffdf     : ffff8282`3a61b080 00000000`00000001 00000000`00000000 ffff8282`00000000 : nt!KiBugCheckDispatch+0x69
fffff209`e89a7a40 00007ffd`06578594     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x334
00000000`0073e248 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`06578594


SYMBOL_NAME:  nt!KiSystemServiceExitPico+334

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.19041.3208

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  334

FAILURE_BUCKET_ID:  0x1_SysCallNum_1432_nt!KiSystemServiceExitPico

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {9a8e8bfc-ec23-7b8e-3d90-04366636cbaa}

Followup:     MachineOwner
---------


Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,816 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. louye 0 Reputation points
    2023-08-29T18:21:18.57+00:00

    Maybe first question i found the answer by GPT, that's a program's issue. but here is my earlier bluescreen accident, i dont know why it happened, my computer is not set any login password, please help answer this question, thanks.

    ************* Preparing the environment for Debugger Extensions Gallery repositories **************
       ExtensionRepository : Implicit
       UseExperimentalFeatureForNugetShare : false
       AllowNugetExeUpdate : false
       AllowNugetMSCredentialProviderInstall : false
       AllowParallelInitializationOfLocalRepositories : true
    
       -- Configuring repositories
          ----> Repository : LocalInstalled, Enabled: true
          ----> Repository : UserExtensions, Enabled: true
    
    >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
    
    ************* Waiting for Debugger Extensions Gallery to Initialize **************
    
    >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
       ----> Repository : UserExtensions, Enabled: true, Packages count: 0
       ----> Repository : LocalInstalled, Enabled: true, Packages count: 36
    
    Microsoft (R) Windows Debugger Version 10.0.25921.1001 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Windows\Minidump\082623-22375-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*
    Symbol search path is: srv*
    Executable search path is: 
    Windows 10 Kernel Version 19041 MP (32 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Kernel base = 0xfffff804`1a200000 PsLoadedModuleList = 0xfffff804`1ae2a2d0
    Debug session time: Sat Aug 26 04:19:29.626 2023 (UTC + 8:00)
    System Uptime: 3 days 0:05:35.051
    Loading Kernel Symbols
    ..
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    .............................................................
    ................................................................
    ................................................................
    ..........................
    Loading User Symbols
    
    Loading unloaded module list
    ................................
    For analysis of this file, run !analyze -v
    nt!KeBugCheckEx:
    fffff804`1a5fc0c0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffca85`271aa350=0000000000000139
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
    	buffer overrun.
    Arg2: ffffca85271aa670, Address of the trap frame for the exception that caused the BugCheck
    Arg3: ffffca85271aa5c8, Address of the exception record for the exception that caused the BugCheck
    Arg4: 0000000000000000, Reserved
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
        Key  : Analysis.CPU.mSec
        Value: 1483
    
        Key  : Analysis.Elapsed.mSec
        Value: 4453
    
        Key  : Analysis.IO.Other.Mb
        Value: 0
    
        Key  : Analysis.IO.Read.Mb
        Value: 0
    
        Key  : Analysis.IO.Write.Mb
        Value: 0
    
        Key  : Analysis.Init.CPU.mSec
        Value: 218
    
        Key  : Analysis.Init.Elapsed.mSec
        Value: 8811
    
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 86
    
        Key  : Bugcheck.Code.LegacyAPI
        Value: 0x139
    
        Key  : Dump.Attributes.AsUlong
        Value: 8
    
        Key  : Dump.Attributes.KernelGeneratedTriageDump
        Value: 1
    
        Key  : FailFast.Name
        Value: STACK_COOKIE_CHECK_FAILURE
    
        Key  : FailFast.Type
        Value: 2
    
        Key  : Failure.Bucket
        Value: 0x139_MISSING_GSFRAME_bam!_report_gsfailure
    
        Key  : Failure.Hash
        Value: {0f03f7ee-f69f-ff1a-4d35-6c130d07d63d}
    
    
    BUGCHECK_CODE:  139
    
    BUGCHECK_P1: 2
    
    BUGCHECK_P2: ffffca85271aa670
    
    BUGCHECK_P3: ffffca85271aa5c8
    
    BUGCHECK_P4: 0
    
    FILE_IN_CAB:  082623-22375-01.dmp
    
    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump
    
    TRAP_FRAME:  ffffca85271aa670 -- (.trap 0xffffca85271aa670)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffce0973d730c0 rbx=0000000000000000 rcx=0000000000000002
    rdx=fffff80432ee54a8 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80432ee1255 rsp=ffffca85271aa800 rbp=ffffca85271aa910
     r8=ffffca85271aa818  r9=00000000ffffffff r10=fffff8041a4214a0
    r11=ffffca85271aa7d8 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na po nc
    bam!_report_gsfailure+0x5:
    fffff804`32ee1255 cd29            int     29h
    Resetting default scope
    
    EXCEPTION_RECORD:  ffffca85271aa5c8 -- (.exr 0xffffca85271aa5c8)
    ExceptionAddress: fffff80432ee1255 (bam!_report_gsfailure+0x0000000000000005)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000002
    Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE 
    
    BLACKBOXBSD: 1 (!blackboxbsd)
    
    
    BLACKBOXNTFS: 1 (!blackboxntfs)
    
    
    BLACKBOXPNP: 1 (!blackboxpnp)
    
    
    BLACKBOXWINLOGON: 1
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
    
    EXCEPTION_CODE_STR:  c0000409
    
    EXCEPTION_PARAMETER1:  0000000000000002
    
    EXCEPTION_STR:  0xc0000409
    
    STACK_TEXT:  
    ffffca85`271aa348 fffff804`1a610129     : 00000000`00000139 00000000`00000002 ffffca85`271aa670 ffffca85`271aa5c8 : nt!KeBugCheckEx
    ffffca85`271aa350 fffff804`1a610690     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    ffffca85`271aa490 fffff804`1a60e65d     : 00000000`00000000 00000000`00000000 00000000`00000000 ffff9308`7cc12c30 : nt!KiFastFailDispatch+0xd0
    ffffca85`271aa670 fffff804`32ee1255     : fffff804`32ee9242 00000000`00000001 ffff9308`00000000 ffff9308`00000000 : nt!KiRaiseSecurityCheckFailure+0x31d
    ffffca85`271aa800 fffff804`32ee9242     : 00000000`00000001 ffff9308`00000000 ffff9308`00000000 00000000`00000001 : bam!_report_gsfailure+0x5
    ffffca85`271aa808 00000000`00000000     : fffff804`32ee8f8f 00000000`00000000 ffff9308`7cc12c30 fffff804`32ee54b8 : bam!BampCommitThrottledProcessStateChange+0x162
    
    
    SYMBOL_NAME:  bam!_report_gsfailure+5
    
    MODULE_NAME: bam
    
    IMAGE_NAME:  bam.sys
    
    IMAGE_VERSION:  10.0.19041.1030
    
    STACK_COMMAND:  .cxr; .ecxr ; kb
    
    BUCKET_ID_FUNC_OFFSET:  5
    
    FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_bam!_report_gsfailure
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    FAILURE_ID_HASH:  {0f03f7ee-f69f-ff1a-4d35-6c130d07d63d}
    
    Followup:     MachineOwner
    ---------
    
    
    
    0 comments No comments

  2. S.Sengupta 20,456 Reputation points MVP
    2023-08-30T00:57:17.01+00:00

    "bam.sys." This file is related to the Windows Boot Manager (BOOTMGR) and is used during the startup process of Windows.

    Open Command Prompt as Admin and type the following commands:

    sfc /scannow

    DISM /online /cleanup-image /restorehealth

    If you have installed Trillian software then uninstall it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.