Skip to main content

BSOD Unexpected Kernel Mode Trap

 BSOD

In Windows, the blue screen of death is what is shown to users when the operating system encounters something it wasn't expecting so bad that it decides to just quit rather than attempting to continue operating.

This isn't a single task that has failed, like Windows Explorer.  If that dies you lose the ability to interact with windows, but you can restart the process using keyboard shortcuts.

The behavior

My Windows 11 desktop had always been a little flaky, occasionally hanging every few weeks. It was annoying, but not enough to actually go through the effort to diagnose or re-install everything.  But after a recent patch Tuesday, the behavior had changed.  Rather than hanging, it started displaying a BSOD, rebooting and then running just fine.

I also have three different accounts on my desktop:
  • My standard, low permission account I use for day to day activities and development, games, etc.
  • An Administrator account that is linked to my Microsoft account
  • An Administrator account that is not linked to anything
I have these accounts because it has saved me in the past multiple times.  If the auto-start of one of the accounts is causing issues you can use a different account to research what is going on, rather than being stuck in a reboot loop.

The analysis

Changing from a hang to a BSOD was a vast improvement.  One great thing about a BSOD is that Windows, if it can, will dump the OS memory (and possibly the application memory too) to a file that you can examine.

WinDbg to the rescue

Windows allows you look at the memory dump, when I loaded up the memory dump here is what I saw:

What stood out to me is that the kernel was freaking out while accessing and trying to lock a USB drive.  Now I had some older USB drives attached to my PC (all of them much older than the 3 year old Windows machine), so I had a few initial thoughts (non of them mutually exclusive):
  • Since I hadn't updated the firmware on any of them, it's possible that they were hitting a bug and giving Windows a response it wasn't ready for.
  • It's possible that they were just failing.
  • It's possible that a Windows update had made the OS more picky about what USB behavior it would accept.
Regardless of the reason, the first step was to disconnect the USB drives.

Success!

Bingo, after removing the drives the system became stable again (it's been running over a week without issue).

Lessons learned:

  • If you OS is giving you error messages, it probably not going to get better if you ignore them.
  • Microsoft has some really good free tools that allow you to delve into the operation of your PC.
  • Computer components do wear out and you shouldn't discount the need to prepare for failures.
  • I'm glad I have backups :-)

Comments

Post a Comment

Popular posts from this blog

Spring Boot native builds when internet downloads are blocked made simple

 No direct access to the internet If you work at a company that controls their software bill of materials, it's quite common to be blocked from directly downloading from: Maven Central Docker hub GitHub (the public parts) Getting the bits Maven Maven is first, because without it, you won't be able to compile your Spring Boot application, let alone move on to turning it into a native docker image. I will be showing changes need to work with artifactory, but you should be able to adapt it to other mirror solutions.  repositories {   maven {     name = "central"     url = "https://artifactory.example.com/central"     credentials {       username = "${project.ext.properties.artifactory_username}"       password = "${project.ext.properties.artifactory_apikey}"     }   } } With this configuration change, you should be able to download your plugins and dependencies, allowing you to compile and ...
Post a Comment
Read more

Kotlin Notebook when you're blocked from Maven Central

 TLDR; If you are blocked getting to maven central when first using Kotlin Notebooks because of company firewalls, you can use a tool like Fiddler Tool to redirect to a different network location. Kotlin Notebooks Kotlin Notebooks are a JDK based environment that brings the Python based Jupyter Notebooks  expressiveness to IntelliJ. From the blog post announcing the plugin, it looks like this: At home, the installation of jar files looked like this: I played around with it at home, but I couldn't use it at work.  Many companies, mine included, do not allow software components to be used when downloaded directly from the internet. In my companies case, we use a product called Artifactory, which allows you to mirror the content from Maven Central while still applying policies like CVE scanning, tracking, etc. The way it should work IntelliJ, as one of the leading IDE's, generally supports this quite well.  In fact, there is a whole setting page dedicated to dealing wi...
Post a Comment
Read more

Active vs. Passive Log4jShell remediation

 Log4jShell  All computer professionals should be aware of the Log4jShell ( CVE-2021-44228 ) and it follow on defects.  There is no shortage of opinions and lessons to be be learned: The difficulty of performing safe interpretation The problems when assumptions are not clearly documented.  I, for one, was completely shocked to find out that a logging system would actually attempt to do variable substitution in an actual message. The difficulty of finding and resolving issues with such a common library that is not provided by an OS package manager. IT'S A LOG4J CHRISTMAS One of my favorite podcasts, Security Now - episode 850 , discussed an analysis by Google regarding the depth of log4j dependencies.  From the show notes : One contributing reason is because Log4j is, more often than not, an indirect dependency. Java libraries are built by writing some code which uses functions from other Java libraries, which are built by writing some code which uses functions f...
Post a Comment
Read more