Answered by:
System_Service_Exception Bugcheck Stops and kernel Power
Question
-
I hope that someone can assist with some stops occurring on a new PC (64bit Win 8.1). The computer crashed four time today and it's only several weeks old.
Looking at the Event Viewer, the Critical Events that would appear to be related to these incidents also occurred before I took delivery of the PC in mid June. So I suspect it is nothing that I have introduced, though since receiving the PC I have increased the RAM from 8GB to 16GB. I know the crash has happened twice while the game SIMS 4 was running, but that may be coincidental. I have definitely seen a minidump produced from a crash where no game was being run. The bugstop codes are not always the same by the way. I have included three minidumps, some event viewer screen grabs, msinfo and some PC specs. I hope this may be helpful.
I have the latest Nvidia Graphics Driver and have not yet run a test on my memory.
Plewase find a zip file with my dumps here:
https://onedrive.live.com/redir?resid=D41EF5091247B693!107&authkey=!ABx0EB2hIdfZH3w&ithint=file%2czip
Manny
Sunday, July 5, 2015 8:52 AM
Answers
-
Driver verified and Related to the aswNdisFlt.sys avast! Filtering NDIS driver from AVAST Software> I would remove it and use the built in defender in its place. I would also disable the nvidia streaming service (unless you need it) as it is often problematic
Microsoft (R) Windows Debugger Version 10.0.10158.9 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\zigza\Desktop\070515-7765-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available WARNING: Whitespace at start of path element Error: Empty Path. Symbol search path is: srv*E:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers. Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 9600.17736.amd64fre.winblue_r9.150322-1500 Machine Name: Kernel base = 0xfffff803`bf880000 PsLoadedModuleList = 0xfffff803`bfb59850 Debug session time: Sun Jul 5 06:18:11.784 2015 (UTC - 4:00) System Uptime: 0 days 0:05:32.461 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, fffff803c15b3e70, ffffd00028ceeea0, fffff803bf815f7d} *** WARNING: Unable to verify timestamp for aswNdisFlt.sys *** ERROR: Module load completed but symbols could not be loaded for aswNdisFlt.sys Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b4 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: fffff803c15b3e70 Arg3: ffffd00028ceeea0 Arg4: fffff803bf815f7d Debugging Details: ------------------ SYSTEM_SKU: All SYSTEM_VERSION: System Version BIOS_DATE: 12/08/2014 BASEBOARD_PRODUCT: Z97M-PLUS BASEBOARD_VERSION: Rev X.0x BUGCHECK_P1: 8 BUGCHECK_P2: fffff803c15b3e70 BUGCHECK_P3: ffffd00028ceeea0 BUGCHECK_P4: fffff803bf815f7d BUGCHECK_STR: 0x7f_8 TRAP_FRAME: fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430 rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000 rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160 r8=000000000000318a r9=0000000000000002 r10=fffff803bfb88b34 r11=0000000000000091 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na po nc hal!HalRequestSoftwareInterrupt+0x5e: fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=???????? Resetting default scope CPU_COUNT: 4 CPU_MHZ: daa CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP PROCESS_NAME: nvstreamsvc.ex CURRENT_IRQL: d ANALYSIS_VERSION: 10.0.10158.9 amd64fre EXCEPTION_RECORD: ffffe0001e413e40 -- (.exr 0xffffe0001e413e40) Cannot read Exception record @ ffffe0001e413e40 STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage. LAST_CONTROL_TRANSFER: from fffff803bf9dc7e9 to fffff803bf9d0ca0 STACK_TEXT: fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4 ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4 ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39 ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94 ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378 ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0 ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70 ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3 ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0 ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270 ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDoubleFaultAbort+b4 fffff803`bf9da8f4 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6 IMAGE_VERSION: 6.3.9600.17736 BUCKET_ID_FUNC_OFFSET: b4 FAILURE_BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_VRF_nt!KiDoubleFaultAbort ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_vrf_nt!kidoublefaultabort FAILURE_ID_HASH: {2575f830-7dd8-52d7-e1be-20f8274db764} Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: fffff803c15b3e70 Arg3: ffffd00028ceeea0 Arg4: fffff803bf815f7d Debugging Details: ------------------ SYSTEM_SKU: All SYSTEM_VERSION: System Version BIOS_DATE: 12/08/2014 BASEBOARD_PRODUCT: Z97M-PLUS BASEBOARD_VERSION: Rev X.0x BUGCHECK_P1: 8 BUGCHECK_P2: fffff803c15b3e70 BUGCHECK_P3: ffffd00028ceeea0 BUGCHECK_P4: fffff803bf815f7d BUGCHECK_STR: 0x7f_8 TRAP_FRAME: fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430 rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000 rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160 r8=000000000000318a r9=0000000000000002 r10=fffff803bfb88b34 r11=0000000000000091 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na po nc hal!HalRequestSoftwareInterrupt+0x5e: fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=???????? Resetting default scope CPU_COUNT: 4 CPU_MHZ: daa CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP PROCESS_NAME: nvstreamsvc.ex CURRENT_IRQL: d ANALYSIS_VERSION: 10.0.10158.9 amd64fre EXCEPTION_RECORD: ffffe0001e413e40 -- (.exr 0xffffe0001e413e40) Cannot read Exception record @ ffffe0001e413e40 STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage. LAST_CONTROL_TRANSFER: from fffff803bf9dc7e9 to fffff803bf9d0ca0 STACK_TEXT: fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4 ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4 ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39 ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94 ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378 ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0 ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70 ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3 ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0 ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270 ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDoubleFaultAbort+b4 fffff803`bf9da8f4 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6 IMAGE_VERSION: 6.3.9600.17736 BUCKET_ID_FUNC_OFFSET: b4 FAILURE_BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_VRF_nt!KiDoubleFaultAbort ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_vrf_nt!kidoublefaultabort FAILURE_ID_HASH: {2575f830-7dd8-52d7-e1be-20f8274db764} Followup: MachineOwner ---------
Wanikiya and Dyami--Team Zigzag
Sunday, July 5, 2015 11:26 AM
All replies
-
These crashes were related to memory corruption (probably caused by a driver).
Please run these two tests to verify your memory and find which driver is causing the problem. Please run verifier first. You do not need to run memtest yet unless verifier does not find the cause, or you want to.
If you are over-clocking anything reset to default before running these tests.In other words STOP!!! If you do not know what this means you probably are not
1-Driver verifier (for complete directions see our wiki here)
2-Memtest. (You can read more about running memtest here)
Wanikiya and Dyami--Team Zigzag
Sunday, July 5, 2015 9:32 AM -
Thank you.
I have enabled the driver verifier following the wiki instructions. Shortly after, I captured a BSOD that displayed a KERNEL_MODE_TRAP message on the display.
The dump is here:
https://onedrive.live.com/redir?resid=D41EF5091247B693!108&authkey=!AH2WYLH52OtJUnc&ithint=file%2cdmp
The stop occurred following this sequence: I was signed in using a local account. I signed out of the account and asked my daughter to sign in to her account to play SIMS 4. Shortly after she entered her password to sign into her local account, the KERNEL_MODE_TRAP occurred.
Thank you.
Sunday, July 5, 2015 10:31 AM -
Driver verified and Related to the aswNdisFlt.sys avast! Filtering NDIS driver from AVAST Software> I would remove it and use the built in defender in its place. I would also disable the nvidia streaming service (unless you need it) as it is often problematic
Microsoft (R) Windows Debugger Version 10.0.10158.9 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\zigza\Desktop\070515-7765-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available WARNING: Whitespace at start of path element Error: Empty Path. Symbol search path is: srv*E:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers. Windows 8.1 Kernel Version 9600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 9600.17736.amd64fre.winblue_r9.150322-1500 Machine Name: Kernel base = 0xfffff803`bf880000 PsLoadedModuleList = 0xfffff803`bfb59850 Debug session time: Sun Jul 5 06:18:11.784 2015 (UTC - 4:00) System Uptime: 0 days 0:05:32.461 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, fffff803c15b3e70, ffffd00028ceeea0, fffff803bf815f7d} *** WARNING: Unable to verify timestamp for aswNdisFlt.sys *** ERROR: Module load completed but symbols could not be loaded for aswNdisFlt.sys Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b4 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: fffff803c15b3e70 Arg3: ffffd00028ceeea0 Arg4: fffff803bf815f7d Debugging Details: ------------------ SYSTEM_SKU: All SYSTEM_VERSION: System Version BIOS_DATE: 12/08/2014 BASEBOARD_PRODUCT: Z97M-PLUS BASEBOARD_VERSION: Rev X.0x BUGCHECK_P1: 8 BUGCHECK_P2: fffff803c15b3e70 BUGCHECK_P3: ffffd00028ceeea0 BUGCHECK_P4: fffff803bf815f7d BUGCHECK_STR: 0x7f_8 TRAP_FRAME: fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430 rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000 rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160 r8=000000000000318a r9=0000000000000002 r10=fffff803bfb88b34 r11=0000000000000091 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na po nc hal!HalRequestSoftwareInterrupt+0x5e: fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=???????? Resetting default scope CPU_COUNT: 4 CPU_MHZ: daa CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP PROCESS_NAME: nvstreamsvc.ex CURRENT_IRQL: d ANALYSIS_VERSION: 10.0.10158.9 amd64fre EXCEPTION_RECORD: ffffe0001e413e40 -- (.exr 0xffffe0001e413e40) Cannot read Exception record @ ffffe0001e413e40 STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage. LAST_CONTROL_TRANSFER: from fffff803bf9dc7e9 to fffff803bf9d0ca0 STACK_TEXT: fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4 ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4 ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39 ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94 ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378 ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0 ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70 ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3 ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0 ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270 ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDoubleFaultAbort+b4 fffff803`bf9da8f4 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6 IMAGE_VERSION: 6.3.9600.17736 BUCKET_ID_FUNC_OFFSET: b4 FAILURE_BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_VRF_nt!KiDoubleFaultAbort ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_vrf_nt!kidoublefaultabort FAILURE_ID_HASH: {2575f830-7dd8-52d7-e1be-20f8274db764} Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: fffff803c15b3e70 Arg3: ffffd00028ceeea0 Arg4: fffff803bf815f7d Debugging Details: ------------------ SYSTEM_SKU: All SYSTEM_VERSION: System Version BIOS_DATE: 12/08/2014 BASEBOARD_PRODUCT: Z97M-PLUS BASEBOARD_VERSION: Rev X.0x BUGCHECK_P1: 8 BUGCHECK_P2: fffff803c15b3e70 BUGCHECK_P3: ffffd00028ceeea0 BUGCHECK_P4: fffff803bf815f7d BUGCHECK_STR: 0x7f_8 TRAP_FRAME: fffff803c15b3e70 -- (.trap 0xfffff803c15b3e70) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000ff rbx=0000000000000000 rcx=ffffffffffd07430 rdx=ffffffffffd01520 rsi=0000000000000000 rdi=0000000000000000 rip=fffff803bf815f7d rsp=ffffd00028ceeea0 rbp=ffffd00028cef160 r8=000000000000318a r9=0000000000000002 r10=fffff803bfb88b34 r11=0000000000000091 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na po nc hal!HalRequestSoftwareInterrupt+0x5e: fffff803`bf815f7d c78424a800000003000000 mov dword ptr [rsp+0A8h],3 ss:0018:ffffd000`28ceef48=???????? Resetting default scope CPU_COUNT: 4 CPU_MHZ: daa CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP PROCESS_NAME: nvstreamsvc.ex CURRENT_IRQL: d ANALYSIS_VERSION: 10.0.10158.9 amd64fre EXCEPTION_RECORD: ffffe0001e413e40 -- (.exr 0xffffe0001e413e40) Cannot read Exception record @ ffffe0001e413e40 STACK_OVERFLOW: Stack Limit: ffffd00028cef000. Use (kF) and (!stackusage) to investigate stack usage. LAST_CONTROL_TRANSFER: from fffff803bf9dc7e9 to fffff803bf9d0ca0 STACK_TEXT: fffff803`c15b3d28 fffff803`bf9dc7e9 : 00000000`0000007f 00000000`00000008 fffff803`c15b3e70 ffffd000`28ceeea0 : nt!KeBugCheckEx fffff803`c15b3d30 fffff803`bf9da8f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff803`c15b3e70 fffff803`bf815f7d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb4 ffffd000`28ceeea0 fffff803`bf9d2594 : fffffff6`00000008 ffffe000`24148c78 ffffe000`21a65328 00000000`be4bae60 : hal!HalRequestSoftwareInterrupt+0x5e ffffd000`28cef0e0 fffff803`bff1434d : ffffe000`1e413e40 00000000`00000005 00000000`00000000 00000000`00080000 : nt!KiInterruptDispatchLBControl+0x1a4 ffffd000`28cef270 fffff803`bff12bd6 : 00000000`0000531d ffffd000`28cef341 00000000`00000005 ffffe000`21a65310 : nt!ViDeadlockCheckDuplicatesAmongRoots+0x39 ffffd000`28cef2a0 fffff803`bff0ba64 : fffff801`411dd2b8 00000000`00000002 ffffd000`28cefd70 ffffd000`00000000 : nt!VfDeadlockAcquireResource+0x4aa ffffd000`28cef3a0 fffff801`4117a378 : fffff801`411dd2a0 ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x94 ffffd000`28cef3e0 fffff801`411dd2a0 : ffffd000`28cefd70 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 : aswNdisFlt+0x2378 ffffd000`28cef3e8 ffffd000`28cefd70 : 00000000`00000003 ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e : aswNdisFlt+0x652a0 ffffd000`28cef3f0 00000000`00000003 : ffffe000`1d7f6cf0 ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 : 0xffffd000`28cefd70 ffffd000`28cef3f8 ffffe000`1d7f6cf0 : ffffe000`256ca270 fffff801`4117d88e ffffe000`256ca270 00000000`00000000 : 0x3 ffffd000`28cef400 ffffe000`256ca270 : fffff801`4117d88e ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 : 0xffffe000`1d7f6cf0 ffffd000`28cef408 fffff801`4117d88e : ffffe000`256ca270 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 : 0xffffe000`256ca270 ffffd000`28cef410 ffffe000`256ca270 : 00000000`00000000 ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 : aswNdisFlt+0x588e ffffd000`28cef418 00000000`00000000 : ffffd000`28cefd70 ffffd000`28cef5c0 00000000`00000002 00000000`00000000 : 0xffffe000`256ca270 STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDoubleFaultAbort+b4 fffff803`bf9da8f4 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6 IMAGE_VERSION: 6.3.9600.17736 BUCKET_ID_FUNC_OFFSET: b4 FAILURE_BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_VRF_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_VRF_nt!KiDoubleFaultAbort ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_vrf_nt!kidoublefaultabort FAILURE_ID_HASH: {2575f830-7dd8-52d7-e1be-20f8274db764} Followup: MachineOwner ---------
Wanikiya and Dyami--Team Zigzag
Sunday, July 5, 2015 11:26 AM -
Many thanks for your prompt assistance. I will disable nvidia streaming, remove avast and continue to monitor.
Monday, July 6, 2015 12:39 AM -
Avast has been removed, and Nvidia streaming service has been disabled. No STOPs encountered since.
Thank you very much for your help.
Wednesday, July 8, 2015 12:40 AM -
Thanks for letting us know & happy to help
Wanikiya and Dyami--Team Zigzag
Wednesday, July 8, 2015 1:09 AM
