question

JackParker-6028 avatar image
0 Votes"
JackParker-6028 asked PercivalYang-MSFT commented

Windows 10 BSOD (hal.dll ntoskrnl.exe PSHED.dll)

Hi,

Firstly, I'll start with a list of my specs, I'm sure I know all of the needed specs other than the exact model of my RAM.

Motherboard: MSI MEG Z390 ACE
GPU: Nvidia GTX 1080ti
CPU: Intel i9-9900K
RAM: 32GB (16x2) not sure what brand

I encountered a BSOD today which was initially unnamed but was found to be an UNEXPECTED_KERNEL_MODE_TRAP error. This was found through a bugcheck analysis, which I will show the results to further on. I found, using Bluescreenview, that there was three files (hal.dll ntoskrnl.exe PSHED.dll) that supposedly caused the BSOD to occur.

From the bugcheck analysis I found that the PROCESS_NAME was "System" and the IMAGE_NAME and MODULE_NAME were both "hardware", using this information I kind of gathered that the problem is a piece of hardware within the actual PC although, I'm not 100% sure that's what it's actually telling me. I can confirm that both of my RAM sticks aren't the problem as I ran memtest86 over night and received 0 errors through 4 passes.

Here's the actual minidump file and bugcheck analysis, if anyone is able to tell me what's going on with my PC, I would be extremely grateful as this has been going on for a while now.

Thanks

Minidump: https://drive.google.com/file/d/1fFvb7FwkJbEK7TQk-f97ciPDyE42rg08/view?usp=sharing



  •                      Bugcheck Analysis                                    *
    



UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
BugCheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffd5011886b290
Arg3: 000000003b48ffff
Arg4: fffff8010c439bdc

Debugging Details:



*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

 Key  : Analysis.CPU.mSec
 Value: 4702

 Key  : Analysis.DebugAnalysisManager
 Value: Create

 Key  : Analysis.Elapsed.mSec
 Value: 11993

 Key  : Analysis.Init.CPU.mSec
 Value: 1015

 Key  : Analysis.Init.Elapsed.mSec
 Value: 9098

 Key  : Analysis.Memory.CommitPeak.Mb
 Value: 78

 Key  : WER.OS.Branch
 Value: 19h1_release

 Key  : WER.OS.Timestamp
 Value: 2019-03-18T12:02:00Z

 Key  : WER.OS.Version
 Value: 10.0.18362.1


BUGCHECK_CODE: 7f

BUGCHECK_P1: 8

BUGCHECK_P2: ffffd5011886b290

BUGCHECK_P3: 3b48ffff

BUGCHECK_P4: fffff8010c439bdc

TRAP_FRAME: ffffd5011886b290 -- (.trap 0xffffd5011886b290)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffbc6a808eba58
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8010c439bdc rsp=000000003b48ffff rbp=000000000011d74a
r8=8000000000000000 r9=ffffe4fca1323ae8 r10=0000000000000c00
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!MiPteInShadowRange+0xc:
fffff801`0c439bdc c8730333 enter 373h,33h
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

BAD_STACK_POINTER: 000000003b48ffff

MISALIGNED_IP:
nt!MiPteInShadowRange+c
fffff801`0c439bdc c8730333 enter 373h,33h

UNALIGNED_STACK_POINTER: 000000003b48ffff

STACK_TEXT:
ffffd501`1886b148 fffff801`0c5d5d29 : 00000000`0000007f 00000000`00000008 ffffd501`1886b290 00000000`3b48ffff : nt!KeBugCheckEx
ffffd501`1886b150 fffff801`0c5d0b83 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd501`1886b290 fffff801`0c439bdc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2c3
00000000`3b48ffff 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiPteInShadowRange+0xc


SYMBOL_NAME: nt!KiDoubleFaultAbort+2c3

IMAGE_NAME: hardware

IMAGE_VERSION: 10.0.18362.1621

STACK_COMMAND: .thread ; .cxr ; kb

MODULE_NAME: hardware

FAILURE_BUCKET_ID: IP_MISALIGNED

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {201b0e5d-db2a-63d2-77be-8ce8ff234750}

windows-10-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.

0 Votes 0 ·
Docs-4663 avatar image
0 Votes"
Docs-4663 answered

1) Please run the V2 log collector and post a share link into this thread (one drive, drop box, or google drive):

https://www.windowsq.com/resources/v2-log-collector.8/
https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html


2) Run this script using administrative Powershell > post an image or share link


 [Cmdletbinding()] 
  Param( 
      [string]$Computername = "localhost" 
  ) 
  cls 
  $PysicalMemory = Get-WmiObject -class "win32_physicalmemory" -namespace "root\CIMV2" -ComputerName $Computername 
         
  Write-Host "Memore Modules:" -ForegroundColor Green 
  $PysicalMemory | Format-Table Tag,BankLabel,@{n="Capacity(GB)";e={$_.Capacity/1GB}},Manufacturer,PartNumber,Speed -AutoSize 
         
  Write-Host "Total Memory:" -ForegroundColor Green 
  Write-Host "$((($PysicalMemory).Capacity | Measure-Object -Sum).Sum/1GB)GB" 
         
  $TotalSlots = ((Get-WmiObject -Class "win32_PhysicalMemoryArray" -namespace "root\CIMV2" -ComputerName $Computername).MemoryDevices | Measure-Object -Sum).Sum 
  Write-Host "`nTotal Memory Slots:" -ForegroundColor Green 
  Write-Host $TotalSlots 
         
  $UsedSlots = (($PysicalMemory) | Measure-Object).Count  
  Write-Host "`nUsed Memory Slots:" -ForegroundColor Green 
  Write-Host $UsedSlots 
         
  If($UsedSlots -eq $TotalSlots) 
  { 
      Write-Host "All memory slots are filled up, none is empty!" -ForegroundColor Yellow 
  } 


.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JackParker-6028 avatar image
0 Votes"
JackParker-6028 answered

Hi,

Here's the link that you've asked for

V2 Log Collector: https://drive.google.com/file/d/1pQfRGeh_VOFaP0BcQcPSiA_wNS4-nLYB/view?usp=sharing


And here's the image of Powershell:

115612-powershell.jpg



Thanks


powershell.jpg (58.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

1) Open administrative command prompt (ACP) and type or copy and paste:
2) sfc /scannow
3) dism /online /cleanup-image /scanhealth
4) dism /online /cleanup-image /restorehealth
5) sfc /scannow
6) chkdsk /scan
7) wmic recoveros set autoreboot = false
8) wmic recoveros set DebugInfoType = 7
9) wmic recoveros get autoreboot
10) wmic recoveros get DebugInfoType
11) wmic Computersystem where name="%computername%" set AutomaticManagedPagefile=True
12) wmic Computersystem where name="%computername%" get AutomaticManagedPagefile
11) bcdedit /enum {badmemory}

12) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread





How come the computer has a beta BIOS?: 1.B1, 28/12/2020


Unless there is a specific indication always use the most up to date non-beta BIOS:
https://www.msi.com/Motherboard/support/MEG-Z390-ACE


The installed RAM modules were not seen on the Qualified Vendor List (QVL).
CMW32GX4M2C3000C15
https://www.msi.com/Motherboard/support/MEG-Z390-ACE#support-mem-3

Memtest86 is designed to test for malfunctioning RAM.
It is not designed to test for incompatible RAM.
See if you can find RAM modules on the QVL for testing purposes.



.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JackParker-6028 avatar image
0 Votes"
JackParker-6028 answered JackParker-6028 published

Hi,

I'm not sure why the beta BIOS is selected, I'll downgrade the BIOS tomorrow. Also, with the RAM, I'll also see tomorrow if I can find modules that are on the QVL.

Here's the log from command prompt, just a note the first time I attempted the first sfc /scannow, my PC crashed but no minidump was generated which I've seen online could mean a hard drive issue but I'm not 100% sure.

Microsoft Windows [Version 10.0.18363.1679]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>dism /online /cleanup-image /scanhealth

Deployment Image Servicing and Management tool
Version: 10.0.18362.1379

Image Version: 10.0.18363.1679

[==========================100.0%==========================] No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>dism /online /cleanup-image /restorehealth

Deployment Image Servicing and Management tool
Version: 10.0.18362.1379

Image Version: 10.0.18363.1679

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>chkdsk /scan
The type of the file system is NTFS.

Stage 1: Examining basic file system structure ...
1372928 file records processed.
File verification completed.
22130 large file records processed.
0 bad file records processed.

Stage 2: Examining file name linkage ...
1491 reparse records processed.
1778650 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
1491 reparse records processed.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
202862 data files processed.
CHKDSK is verifying Usn Journal...
41948280 USN bytes processed.
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

468190207 KB total disk space.
377452668 KB in 970561 files.
613860 KB in 202863 indexes.
0 KB in bad sectors.
1503767 KB in use by the system.
65536 KB occupied by the log file.
88619912 KB available on disk.

   4096 bytes in each allocation unit.

117047551 total allocation units on disk.
22154978 allocation units available on disk.

C:\Windows\system32>wmic recoveros set autoreboot = false
Updating property(s) of '\\DESKTOP-OUKN0LD\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Education|C:\\Windows|\\Device\\Harddisk0\\Partition4"'
Property(s) update successful.

C:\Windows\system32>wmic recoveros set DebugInfoType = 7
Updating property(s) of '\\DESKTOP-OUKN0LD\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Education|C:\\Windows|\\Device\\Harddisk0\\Partition4"'
Property(s) update successful.

C:\Windows\system32>wmic recoveros get autoreboot
AutoReboot
FALSE


C:\Windows\system32>wmic recoveros get DebugInfoType
DebugInfoType
7


C:\Windows\system32>wmic Computersystem where name="%computername%" set AutomaticManagedPagefile=True
Updating property(s) of '\\DESKTOP-OUKN0LD\ROOT\CIMV2:Win32_ComputerSystem.Name="DESKTOP-OUKN0LD"'
Property(s) update successful.

C:\Windows\system32>wmic Computersystem where name="%computername%" get AutomaticManagedPagefile
AutomaticManagedPagefile
TRUE


C:\Windows\system32>bcdedit /enum {badmemory}

RAM Defects


identifier {badmemory}

C:\Windows\system32>

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

The above administrative command prompt results were good.


Uninstall Malwarebytes using the applicable uninstall tool:
https://downloads.malwarebytes.com/file/mb_clean

Make sure Microsoft defender is on.


Check computer stability / instability using a non-beta BIOS and RAM on the QVL.

If there are no unexpected shutdowns and restarts / BSOD then that will complete the troubleshooting.

If there are continued unexpected shutdowns and restarts / BSOD then other hardware components will be tested.

Malwarebytes can be reinstalled after the troubleshooting has completed.



Choose one of the temperature monitoring software applications: Speecy, HW monitor, Speed fan:
Speccy - Free Download - Piriform: Speccy - System Information - Free
https://www.piriform.com/speccy
https://www.ccleaner.com/speccy
HWMONITOR | Softwares | CPUID: HWMONITOR | Softwares | CPUID
http://www.cpuid.com/softwares/hwmonitor.html
SpeedFan - Access temperature sensor in your computer: SpeedFan - Access temperature sensor in your computer
http://www.almico.com/speedfan.php



Download and install:
https://downloadcenter.intel.com/download/19792/Intel-Processor-Diagnostic-Tool

It typically takes less than 20 minutes to run > post an image of the test results.








.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PercivalYang-MSFT avatar image
0 Votes"
PercivalYang-MSFT answered

Hi
@JackParker-6028

In view of your deluxe PC hardware. It's not easy to get BSOD unless most likely you have overclock your cpu/gpu/ram frequency. and this setting is incompatible with the latest update from Microsoft or your MSI center.

I'm afraid you have to do some experiment to find out that the issue is due to OS(operating system) or Hardware configuration.
Bascially, you could clean install a new win10 21H1 or roll back to a former one by uninstall the latest update.
As for the hardware settings, you can reset the bios setting by press the cmos on your motherboard I/O. and do AIDA64 test.

In fact, the important question is that you have to know in what circumstance have you encounter the BSOD, In 2K&3A games? or just normal daily use.
Finally, How much importance you should attach on depends on the frequency of BSOD, if you want to dig in, a kernel dump and 32g page file is needed, however we don't support to read dump file on forum.


Hope this can help you
If your need further help, be free reply to me at your convenience.

==============================================================================
If the Answer is helpful, please click "Accept Answer" and upvote it

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.