This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
I have been having trouble with my computer since swapping out some hardware and upgrading to Windows 11 at the same time, which has made it particularly hard to identify the culprit(s). Never again.
I have been getting BSODs. I have already done the following to reduce them but they are still happening, though less frequently.
-WIndows 11 fully up to date
-BIOS up to date
-Reinstalled windows from USB --> More stable.
-Reupdated Windows 11
-Run chkdsk / SFC / DISM commands several times
-Reset Windows 11 again from download --> More stable again.
Still not quite there. Here is the latest crash log. What is happening? Any help would be appreciated. Thanks!
Microsoft (R) Windows Debugger Version 10.0.22549.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff806`21e00000 PsLoadedModuleList = 0xfffff806`22a29c70
Debug session time: Mon Apr 4 07:29:54.495 2022 (UTC - 6:00)
System Uptime: 0 days 0:00:41.114
Loading Kernel Symbols
...............................................................
.....Page 233cbe not present in the dump file. Type ".hh dbgerr004" for details
...........................................................
..............................................................
Loading User Symbols
......................
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff806`22216990 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb400`8bdaec00=00000000000000ef
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffd7023183c140, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000, The process object that initiated the termination.
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4656
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 4653
Key : Analysis.Init.CPU.mSec
Value: 2203
Key : Analysis.Init.Elapsed.mSec
Value: 6676888
Key : Analysis.Memory.CommitPeak.Mb
Value: 130
Key : CriticalProcessDied.ExceptionCode
Value: 31964080
Key : CriticalProcessDied.Process
Value: csrss.exe
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: MEMORY.DMP
DUMP_FILE_ATTRIBUTES: 0x1000
BUGCHECK_CODE: ef
BUGCHECK_P1: ffffd7023183c140
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
EXCEPTION_RECORD: 0000000000000002 -- (.exr 0x2)
Cannot read Exception record @ 0000000000000002
ERROR_CODE: (NTSTATUS) 0x31964080 - <Unable to get error code text>
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
TRAP_FRAME: ffffb4008bdafa20 -- (.trap 0xffffb4008bdafa20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007ffa2c98aef9 rsp=000000c65155e0c8 rbp=000000c65155e1a1
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
kernelbase!LookupHandlerByName+0x49:
0033:00007ffa`2c98aef9 3a043a cmp al,byte ptr [rdx+rdi] ds:00000000`00000000=??
Resetting default scope
STACK_TEXT:
ffffb400`8bdaebf8 fffff806`227aeef3 : 00000000`000000ef ffffd702`3183c140 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffb400`8bdaec00 fffff806`2268f7bb : ffffd702`3183c140 fffff806`220c67cd 00000000`00000002 fffff806`220c66bb : nt!PspCatchCriticalBreak+0x11b
ffffb400`8bdaec90 fffff806`225290e4 : ffffd702`3183c140 00000000`c0000005 ffffd702`3183c140 ffffb400`8bdaf800 : nt!PspTerminateAllThreads+0x1b5fff
ffffb400`8bdaed00 fffff806`22528ec0 : ffffffff`ffffffff ffffd702`3183c140 ffffd702`31964080 00000000`00000000 : nt!PspTerminateProcess+0xe0
ffffb400`8bdaed40 fffff806`22228f75 : ffffb400`000003fc ffffd702`31964080 ffffd702`3183c140 fffff806`22560ef2 : nt!NtTerminateProcess+0xb0
ffffb400`8bdaedc0 fffff806`2221b1e0 : fffff806`222618b4 ffffffff`ffffffff ffffffff`ffffffff 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x25
ffffb400`8bdaef58 fffff806`222618b4 : ffffffff`ffffffff ffffffff`ffffffff 00000000`00000001 ffffb400`8bdaef90 : nt!KiServiceLinkage
ffffb400`8bdaef60 fffff806`223727be : 00000000`00000002 00007ffa`2ce53701 ffffb400`8bdafa20 ffffd702`3183c7c0 : nt!KiDispatchException+0x243a34
ffffb400`8bdaf7c0 fffff806`2221744b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseException+0x10e
ffffb400`8bdaf8e0 fffff806`22228f75 : ffffd702`31964080 00000000`00000000 000000c6`5155d210 ffffd702`00000000 : nt!NtRaiseException+0x7b
ffffb400`8bdafa20 00007ffa`2c98aef9 : 00007ffa`2c98ad5f 00007ffa`2ce537f2 00000000`00000000 00007ffa`2ce256a0 : nt!KiSystemServiceCopyEnd+0x25
000000c6`5155e0c8 00007ffa`2c98ad5f : 00007ffa`2ce537f2 00000000`00000000 00007ffa`2ce256a0 00000000`00000000 : kernelbase!LookupHandlerByName+0x49
000000c6`5155e0d0 00007ffa`2f32a365 : 00007ffa`2ce537f2 00007ffa`000001cb 000001dd`53a05d60 00000000`00000000 : kernelbase!DelayLoadFailureHook+0x3f
000000c6`5155e110 00007ffa`2f2dc5a2 : 00007ffa`00000000 00007ffa`2ce537f2 00007ffa`2ce53608 00000000`c000000d : ntdll!LdrpRedirectDelayloadFailure+0xe9
000000c6`5155e1f0 00007ffa`2f2d5f6e : 00000000`00000000 00000000`00000000 00007ffa`2ce6d030 00007ffa`2cda49ff : ntdll!LdrpHandleProtectedDelayload+0x742
000000c6`5155e7d0 00007ffa`2cd948d2 : 00000000`00000000 000001dd`53a34a20 00000000`00000000 00000000`00000000 : ntdll!LdrResolveDelayLoadedAPI+0xbe
000000c6`5155e850 00007ffa`2cda4977 : 0000b7c6`22e00dc5 00007ffa`2e735370 00007ffa`2e7335f0 00007ffa`2e721d78 : gdi32full!_delayLoadHelper2+0x32
000000c6`5155e890 0000b7c6`22e00dc5 : 00007ffa`2e735370 00007ffa`2e7335f0 00007ffa`2e721d78 00000000`00000000 : gdi32full!_tailMerge_textshaping_dll+0x3f
000000c6`5155e898 00007ffa`2e735370 : 00007ffa`2e7335f0 00007ffa`2e721d78 00000000`00000000 00000000`00000000 : 0x0000b7c6`22e00dc5
000000c6`5155e8a0 00007ffa`2e7335f0 : 00007ffa`2e721d78 00000000`00000000 00000000`00000000 00000000`00000000 : GDI32!_imp_GetTextExtentPointW
000000c6`5155e8a8 00007ffa`2e721d78 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : GDI32!_hmod__ext_ms_win_gdi_font_l1_1_2_dll
000000c6`5155e8b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : GDI32!_DELAY_IMPORT_DESCRIPTOR_ext_ms_win_gdi_font_l1_1_2_dll
SYMBOL_NAME: kernelbase!LookupHandlerByName+49
MODULE_NAME: kernelbase
IMAGE_NAME: kernelbase.dll
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 49
FAILURE_BUCKET_ID: 0xEF_csrss.exe_BUGCHECK_CRITICAL_PROCESS_31964080_kernelbase!LookupHandlerByName
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6676deb7-e0a1-4e4e-1e2e-c380e5ecb2d9}
Followup: MachineOwner
---------
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
HI,
The recent minidump file still points to "ntkrnlmp.exe" but it also indicates the "nvlddmkm.sys".
I will recommend that you clean uninstall the currently installed NVidia driver using DDU then download and install the older/different driver version from the PC manufacturer's/NVidia support website.
I hope this helps. Feel free to ask back any questions and keep me posted.
Hello, I set up the verifier as per the instructions. I have added two more minidumps - the first actually occurred before I set up the verifier and the second after. I am having trouble replicating the crash or finding a common source. Anecdotally, a game crashed during start up a week ago and then crashed subsequently at every start up; I had to completely reinstall it to resolve the issue.
HI,
All of the minidump files point to a System kernel driver "ntkrnlmp.exe".
I recommend that you run Driver Verifier to find any misbehaving, corrupted, or outdated driver.
Follow the instructions from this article.
https://www.tenforums.com/tutorials/5470-enable...
Reminders:
=> Disable Driver Verifier after 48 hours or after receiving a BSOD.
=> Create a Restore Point before running Driver Verifier.
Share the minidump file once you receive a BSOD error.
Standard Disclaimer: There are links to non-Microsoft websites.
The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.
Hi, thank you.
Here is a link to the recent Minidumps. There were five in the folder. https://www.dropbox.com/sh/gjl5oudswn6ujq6/AAD4-vzb_pyU9cO9-X_Lgrfta?dl=0
Hi CriticalProcess,
I'm Paul and I'm here to help you with your concern.
The dump file report didn't name any driver. It only indicated a system file "kernelbase.dll". Since it's a system file it means something else drove it into a fault. It could be hardware, software, or a driver.
Do you have other minidump files that I can also analyze? Go to C:/Windows/Minidump folder and upload the minidump files to One Drive or Google then share the link here.
Thanks.
