locked
System_Service_Exception Bugcheck Stops and kernel Power RRS feed

  • Question

  • I hope that someone can assist with some stops occurring on a new PC (64bit Win 8.1). The computer crashed four time today and it's only several weeks old. 

    Looking at the Event Viewer, the Critical Events that would appear to be related to these incidents also occurred before I took delivery of the PC in mid June. So I suspect it is nothing that I have introduced, though since receiving the PC I have increased the RAM from 8GB to 16GB. I know the crash has happened twice while the game SIMS 4 was running, but that may be coincidental. I have definitely seen a minidump produced from a crash where no game was being run. The bugstop codes are not always the same by the way. I have included three minidumps, some event viewer screen grabs, msinfo and some PC specs. I hope this may be helpful. 

    I have the latest Nvidia Graphics Driver and have not yet run a test on my memory. 

    Plewase find a zip file with my dumps here:

    https://onedrive.live.com/redir?resid=D41EF5091247B693!107&authkey=!ABx0EB2hIdfZH3w&ithint=file%2czip

    Manny

    Sunday, July 5, 2015 8:52 AM

Answers

  • Driver verified and Related to the aswNdisFlt.sys avast! Filtering NDIS driver from AVAST Software> I would remove it and use the built in defender in its place.  I would also disable the nvidia streaming service (unless you need it) as it is often problematic

    Microsoft (R) Windows Debugger Version 10.0.10158.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\zigza\Desktop\070515-7765-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    Symbol search path is:  srv*E:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17736.amd64fre.winblue_r9.150322-1500
    Machine Name:
    Kernel base = 0xfffff803`bf880000 PsLoadedModuleList = 0xfffff803`bfb59850
    Debug session time: Sun Jul  5 06:18:11.784 2015 (UTC - 4:00)
    System Uptime: 0 days 0:05:32.461
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7F, {8, fffff803c15b3e70, ffffd00028ceeea0, fffff803bf815f7d}
    
    *** WARNING: Unable to verify timestamp for aswNdisFlt.sys
    *** ERROR: Module load completed but symbols could not be loaded for aswNdisFlt.sys
    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b4 )
    
    Followup:     MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: fffff803c15b3e70
    Arg3: ffffd00028ceeea0
    Arg4: fffff803bf815f7d
    
    Debugging Details:
    ------------------
    
    
    SYSTEM_SKU:  All
    
    SYSTEM_VERSION:  System Version
    
    BIOS_DATE:  12/08/2014
    
    BASEBOARD_PRODUCT:  Z97M-PLUS
    
    BASEBOARD_VERSION:  Rev X.0x
    
    BUGCHECK_P1: 8
    
    BUGCHECK_P2: fffff803c15b3e70
    
    BUGCHECK_P3: ffffd00028ceeea0
    
    BUGCHECK_P4: fffff803bf815f7d
    
    BUGCHECK_STR:  0x7f_8
    
    TRAP_FRAME:  fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430
    rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160
     r8=000000000000318a  r9=0000000000000002 r10=fffff803bfb88b34
    r11=0000000000000091 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    hal!HalRequestSoftwareInterrupt+0x5e:
    fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: daa
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  nvstreamsvc.ex
    
    CURRENT_IRQL:  d
    
    ANALYSIS_VERSION: 10.0.10158.9 amd64fre
    
    EXCEPTION_RECORD:  ffffe0001e413e40 -- (.exr 0xffffe0001e413e40)
    Cannot read Exception record @ ffffe0001e413e40
    
    STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage.
    
    LAST_CONTROL_TRANSFER:  from fffff803bf9dc7e9 to fffff803bf9d0ca0
    
    STACK_TEXT:  
    fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx
    fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4
    ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e
    ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4
    ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39
    ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa
    ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94
    ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378
    ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0
    ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70
    ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3
    ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0
    ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270
    ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e
    ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b4
    fffff803`bf9da8f4 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b4
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  550f41a6
    
    IMAGE_VERSION:  6.3.9600.17736
    
    BUCKET_ID_FUNC_OFFSET:  b4
    
    FAILURE_BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    PRIMARY_PROBLEM_CLASS:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x7f_8_vrf_nt!kidoublefaultabort
    
    FAILURE_ID_HASH:  {2575f830-7dd8-52d7-e1be-20f8274db764}
    
    Followup:     MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: fffff803c15b3e70
    Arg3: ffffd00028ceeea0
    Arg4: fffff803bf815f7d
    
    Debugging Details:
    ------------------
    
    
    SYSTEM_SKU:  All
    
    SYSTEM_VERSION:  System Version
    
    BIOS_DATE:  12/08/2014
    
    BASEBOARD_PRODUCT:  Z97M-PLUS
    
    BASEBOARD_VERSION:  Rev X.0x
    
    BUGCHECK_P1: 8
    
    BUGCHECK_P2: fffff803c15b3e70
    
    BUGCHECK_P3: ffffd00028ceeea0
    
    BUGCHECK_P4: fffff803bf815f7d
    
    BUGCHECK_STR:  0x7f_8
    
    TRAP_FRAME:  fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430
    rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160
     r8=000000000000318a  r9=0000000000000002 r10=fffff803bfb88b34
    r11=0000000000000091 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    hal!HalRequestSoftwareInterrupt+0x5e:
    fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: daa
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  nvstreamsvc.ex
    
    CURRENT_IRQL:  d
    
    ANALYSIS_VERSION: 10.0.10158.9 amd64fre
    
    EXCEPTION_RECORD:  ffffe0001e413e40 -- (.exr 0xffffe0001e413e40)
    Cannot read Exception record @ ffffe0001e413e40
    
    STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage.
    
    LAST_CONTROL_TRANSFER:  from fffff803bf9dc7e9 to fffff803bf9d0ca0
    
    STACK_TEXT:  
    fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx
    fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4
    ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e
    ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4
    ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39
    ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa
    ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94
    ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378
    ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0
    ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70
    ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3
    ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0
    ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270
    ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e
    ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b4
    fffff803`bf9da8f4 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b4
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  550f41a6
    
    IMAGE_VERSION:  6.3.9600.17736
    
    BUCKET_ID_FUNC_OFFSET:  b4
    
    FAILURE_BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    PRIMARY_PROBLEM_CLASS:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x7f_8_vrf_nt!kidoublefaultabort
    
    FAILURE_ID_HASH:  {2575f830-7dd8-52d7-e1be-20f8274db764}
    
    Followup:     MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Proposed as answer by Deason Wu Tuesday, July 7, 2015 4:03 AM
    • Marked as answer by Deason Wu Wednesday, July 8, 2015 1:34 AM
    Sunday, July 5, 2015 11:26 AM

All replies

  • These crashes were related to memory corruption (probably caused by a driver). 

    Please run these two tests to verify your memory and find which driver is causing the problem.  Please run verifier first.  You do not need to run memtest yet unless verifier does not find the cause, or you want to.


    If you are over-clocking anything reset to default before running these tests.
    In other words STOP!!!  If you do not know what this means you probably are not


    1-Driver verifier (for complete directions see our wiki here)

    2-Memtest. (You can read more about running memtest here)



    Wanikiya and Dyami--Team Zigzag

    Sunday, July 5, 2015 9:32 AM
  • Thank you. 

    I have enabled the driver verifier following the wiki instructions. Shortly after, I captured a BSOD that displayed a KERNEL_MODE_TRAP message on the display. 

    The dump is here:

    https://onedrive.live.com/redir?resid=D41EF5091247B693!108&authkey=!AH2WYLH52OtJUnc&ithint=file%2cdmp

    The stop occurred following this sequence: I was signed in using a local account. I signed out of the account and asked my daughter to sign in to her account to play SIMS 4. Shortly after she entered her password to sign into her local account, the KERNEL_MODE_TRAP occurred. 

    Thank you.

    Sunday, July 5, 2015 10:31 AM
  • Driver verified and Related to the aswNdisFlt.sys avast! Filtering NDIS driver from AVAST Software> I would remove it and use the built in defender in its place.  I would also disable the nvidia streaming service (unless you need it) as it is often problematic

    Microsoft (R) Windows Debugger Version 10.0.10158.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\zigza\Desktop\070515-7765-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    Symbol search path is:  srv*E:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 9600.17736.amd64fre.winblue_r9.150322-1500
    Machine Name:
    Kernel base = 0xfffff803`bf880000 PsLoadedModuleList = 0xfffff803`bfb59850
    Debug session time: Sun Jul  5 06:18:11.784 2015 (UTC - 4:00)
    System Uptime: 0 days 0:05:32.461
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7F, {8, fffff803c15b3e70, ffffd00028ceeea0, fffff803bf815f7d}
    
    *** WARNING: Unable to verify timestamp for aswNdisFlt.sys
    *** ERROR: Module load completed but symbols could not be loaded for aswNdisFlt.sys
    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b4 )
    
    Followup:     MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: fffff803c15b3e70
    Arg3: ffffd00028ceeea0
    Arg4: fffff803bf815f7d
    
    Debugging Details:
    ------------------
    
    
    SYSTEM_SKU:  All
    
    SYSTEM_VERSION:  System Version
    
    BIOS_DATE:  12/08/2014
    
    BASEBOARD_PRODUCT:  Z97M-PLUS
    
    BASEBOARD_VERSION:  Rev X.0x
    
    BUGCHECK_P1: 8
    
    BUGCHECK_P2: fffff803c15b3e70
    
    BUGCHECK_P3: ffffd00028ceeea0
    
    BUGCHECK_P4: fffff803bf815f7d
    
    BUGCHECK_STR:  0x7f_8
    
    TRAP_FRAME:  fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430
    rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160
     r8=000000000000318a  r9=0000000000000002 r10=fffff803bfb88b34
    r11=0000000000000091 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    hal!HalRequestSoftwareInterrupt+0x5e:
    fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: daa
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  nvstreamsvc.ex
    
    CURRENT_IRQL:  d
    
    ANALYSIS_VERSION: 10.0.10158.9 amd64fre
    
    EXCEPTION_RECORD:  ffffe0001e413e40 -- (.exr 0xffffe0001e413e40)
    Cannot read Exception record @ ffffe0001e413e40
    
    STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage.
    
    LAST_CONTROL_TRANSFER:  from fffff803bf9dc7e9 to fffff803bf9d0ca0
    
    STACK_TEXT:  
    fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx
    fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4
    ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e
    ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4
    ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39
    ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa
    ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94
    ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378
    ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0
    ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70
    ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3
    ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0
    ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270
    ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e
    ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b4
    fffff803`bf9da8f4 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b4
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  550f41a6
    
    IMAGE_VERSION:  6.3.9600.17736
    
    BUCKET_ID_FUNC_OFFSET:  b4
    
    FAILURE_BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    PRIMARY_PROBLEM_CLASS:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x7f_8_vrf_nt!kidoublefaultabort
    
    FAILURE_ID_HASH:  {2575f830-7dd8-52d7-e1be-20f8274db764}
    
    Followup:     MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: fffff803c15b3e70
    Arg3: ffffd00028ceeea0
    Arg4: fffff803bf815f7d
    
    Debugging Details:
    ------------------
    
    
    SYSTEM_SKU:  All
    
    SYSTEM_VERSION:  System Version
    
    BIOS_DATE:  12/08/2014
    
    BASEBOARD_PRODUCT:  Z97M-PLUS
    
    BASEBOARD_VERSION:  Rev X.0x
    
    BUGCHECK_P1: 8
    
    BUGCHECK_P2: fffff803c15b3e70
    
    BUGCHECK_P3: ffffd00028ceeea0
    
    BUGCHECK_P4: fffff803bf815f7d
    
    BUGCHECK_STR:  0x7f_8
    
    TRAP_FRAME:  fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430
    rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160
     r8=000000000000318a  r9=0000000000000002 r10=fffff803bfb88b34
    r11=0000000000000091 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl zr na po nc
    hal!HalRequestSoftwareInterrupt+0x5e:
    fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=????????
    Resetting default scope
    
    CPU_COUNT: 4
    
    CPU_MHZ: daa
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    PROCESS_NAME:  nvstreamsvc.ex
    
    CURRENT_IRQL:  d
    
    ANALYSIS_VERSION: 10.0.10158.9 amd64fre
    
    EXCEPTION_RECORD:  ffffe0001e413e40 -- (.exr 0xffffe0001e413e40)
    Cannot read Exception record @ ffffe0001e413e40
    
    STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage.
    
    LAST_CONTROL_TRANSFER:  from fffff803bf9dc7e9 to fffff803bf9d0ca0
    
    STACK_TEXT:  
    fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx
    fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4
    ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e
    ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4
    ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39
    ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa
    ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94
    ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378
    ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0
    ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70
    ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3
    ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0
    ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270
    ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e
    ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b4
    fffff803`bf9da8f4 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b4
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  550f41a6
    
    IMAGE_VERSION:  6.3.9600.17736
    
    BUCKET_ID_FUNC_OFFSET:  b4
    
    FAILURE_BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    BUCKET_ID:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    PRIMARY_PROBLEM_CLASS:  0x7f_8_VRF_nt!KiDoubleFaultAbort
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x7f_8_vrf_nt!kidoublefaultabort
    
    FAILURE_ID_HASH:  {2575f830-7dd8-52d7-e1be-20f8274db764}
    
    Followup:     MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    • Proposed as answer by Deason Wu Tuesday, July 7, 2015 4:03 AM
    • Marked as answer by Deason Wu Wednesday, July 8, 2015 1:34 AM
    Sunday, July 5, 2015 11:26 AM
  • Many thanks for your prompt assistance. I will disable nvidia streaming, remove avast and continue to monitor. 


    Monday, July 6, 2015 12:39 AM
  • Avast has been removed, and Nvidia streaming service has been disabled. No STOPs encountered since. 

    Thank you very much for your help.

    Wednesday, July 8, 2015 12:40 AM
  • Thanks for letting us know & happy to help

    Wanikiya and Dyami--Team Zigzag

    Wednesday, July 8, 2015 1:09 AM