Stop Error Dump File Analysis - Dump file analysed: 092119-32359-01.dmp] on 21/09/19

Analysed using Microsoft (R) Windows Debugger Version 10.0.18362.1 X86 and PCT Analyser V5.2 (Copyright 2019)

Click on each button to view the relevant information

General Tips for Stop Errors (BSOD)

Firstly, you can follow the Microsoft online Blue Screen wizard here.

Diagnostic / Testing Tools

What are Stop Errors?

Firstly, it is worth clarifying that a BSOD is only attributed to Windows, for example, where Windows has a Blue Screen, Linux actually has something known as a System Panic. However, you’ll find Linux is much less prone to them.

Microsoft defines a blue screen very well:

“When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. A hardware device, its driver, or related software might have caused this error.”

In simple terms – it’s when Windows has detected a problem that could have caused damage or corruption to the operating system, or your computer itself, and therefore needed to STOP.

That’s why technically it’s called a stop error, stop code, or a bug check. They are more indicative of a fatal system crash. For the purpose of standardisation, we will call this a bug check (Bugcheck = BSOD).

So, there are some important considerations to take before continuing:

Summary

Debug session time: Sat Sep 21 08:39:34.235 2019 (UTC + 1:00)System Uptime: 0 days 0:00:15.967

BugCheck 1000007F ----- UNEXPECTED_KERNEL_MODE_TRAP

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+360 )

Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT

Arg2: ffffdb800e0a91b0

Arg3: fffff4020e885ea0

Arg4: fffff80141b1a6ad

PROCESS_NAME: System

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe -----> Windows NT operating system kernel


Bugcheck Description:

UNEXPECTED_KERNEL_MODE_TRAP

This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap. Most common traps include: Divide by Zero Error, Overflow, Opcode validity problems, Bounds Check Faults or Double faults.

About your bugcheck / typical cause:

"Bug check 0x7F typically occurs after you install a faulty or mismatched hardware (especially memory) or if installed hardware fails. A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recurses back in, the stack overflows."

System Information

This includes BIOS, Motherboard, Processor, and Memory. Not all dump files will contain hardware information, and therefore this will not always be complete

Operating System

OSNAME: Windows 10

OSBUILD: 18362

OSPLATFORM_TYPE: x64

OSSERVICEPACK: 295

BIOS Information

No data

Mainboard Information

No Data

Processor Information

No data

Memory Information

Slot Size Speed Part Number
Memory Slot 1 No Data
Memory Slot 2 No Data
Memory Slot 3 No Data
Memory Slot 4 No Data

Loaded Modules

To disable third party modules, use Autoruns (Microsoft Program)

Modules are listed from OLDEST to NEWEST - typically out of drivers should be looked at first. Total Modules Loaded = Total 8
1- ModuleName Column1 2- Time Stamp 3- Company 4- Description
amdgpio3.sys 14/03/2016 AMD AMD GPIO Controller Driver
nvhda64v.sys 15/12/2017 NVIDIA NVIDIA Audio HDMI Driver (nForce Chip)
nvlddmkm.sys 23/03/2018 NVIDIA NVIDIA Video Drivers
RTKVHD64.sys 13/11/2018 Realtek Realtek HD Audio Driver
rt640x64.sys 10/05/2019 Realtek Realtek Audio Driver
amdgpio2.sys 17/05/2019 AMD AMD GPIO Controller Driver
amdpsp.sys 19/06/2019 AMD AMD Chipset Driver
AMDPCIDev.sys 24/07/2019 AMD AMD Ryzen OC Utility

Column1 Dump File

Microsoft (R) Windows Debugger Version 10.0.18362.1 X86

Copyright (c) Microsoft Corporation. All rights reserved.

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 18362 MP (12 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Machine Name:

Kernel base = 0xfffff801`41aa8000 PsLoadedModuleList = 0xfffff801`41eee490

Debug session time: Sat Sep 21 08:39:34.235 2019 (UTC + 1:00)

System Uptime: 0 days 0:00:15.967

Loading Kernel Symbols

..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.

Run !sym noisy before .reload to track down problems loading symbols.

.............................................................

.............................................................

Loading User Symbols

Loading unloaded module list

...

For analysis of this file, run !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, ffffdb800e0a91b0, fffff4020e885ea0, fffff80141b1a6ad}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+360 )

Followup: MachineOwner

---------

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

The reference count of an object is illegal for the current state of the object. bugcheck params is the number of the trap (8 = double fault, etc)

Each time a driver uses a pointer to an object the driver calls a kernel routine Consult an Intel x86 family manual to learn more about what these

to increment the reference count of the object. When the driver is done with the traps are. Here is a *portion* of those codes:

pointer the driver calls another kernel routine to decrement the reference count. If kv shows a taskGate

Drivers must match calls to the increment and decrement routines. This bugcheck use .tss on the part before the colon, then kv.

can occur because an object's reference count goes to zero while there are still Else if kv shows a trapframe

open handles to the object, in which case the fourth parameter indicates the number use .trap on that value

of opened handles. It may also occur when the object's reference count drops below zero Else

whether or not there are open handles to the object, and in that case the fourth parameter .trap on the appropriate frame will show where the trap was taken

contains the actual value of the pointer references count. (on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT

Arg2: ffffdb800e0a91b0

Arg3: fffff4020e885ea0

Arg4: fffff80141b1a6ad

Debugging Details:

------------------

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 10.0.18362.295 (WinBuild.160101.0800)

DUMP_FILE_ATTRIBUTES: 0x8

Kernel Generated Triage Dump

DUMP_TYPE: 2

BUGCHECK_P1: 8

BUGCHECK_P2: ffffdb800e0a91b0

BUGCHECK_P3: fffff4020e885ea0

BUGCHECK_P4: fffff80141b1a6ad

BUGCHECK_STR: 0x7f_8

STACK_OVERFLOW: Stack Limit: fffff4020e886000. Use (kF) and (!stackusage) to investigate stack usage.

CPU_COUNT: c

CPU_MHZ: e09

CPU_VENDOR: AuthenticAMD

CPU_FAMILY: 17

CPU_MODEL: 8

CPU_STEPPING: 2

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-CL34DUR

ANALYSIS_SESSION_TIME: 09-21-2019 16:04:10.0717

ANALYSIS_VERSION: 10.0.18362.1 x86fre

TRAP_FRAME: fffff40200000001 -- (.trap 0xfffff40200000001)

Unable to read trap frame at fffff402`00000001

EXCEPTION_RECORD: fffff8014320466c -- (.exr 0xfffff8014320466c)

ExceptionAddress: f54d840f283c0242

ExceptionCode: ffff6be9

ExceptionFlags: d28548ff

NumberParameters: 256114689

Parameter[0]: c3840fc0854d4842

Parameter[1]: 850fc98545fffffd

Parameter[2]: 00b60f41fffffdba

Parameter[3]: 0874aa3c0c742a3c

Parameter[4]: fffffda6850f8a3c

Parameter[5]: 0f08a80140b60f41

Parameter[6]: 41f724fffffd9984

Parameter[7]: fffffd8ee9014088

Parameter[8]: 0000049ce8ce8b48

Parameter[9]: 48000000a0968b4c

Parameter[10]: 0000a89e8b4cf88b

Parameter[11]: 01ac840fd2854d00

Parameter[12]: 0000e0868b480000

Parameter[13]: 01d9840fc0854800

Parameter[14]: c1c18b60488b0000

LAST_CONTROL_TRANSFER: from fffff80141c75d20 to fffff80141b1a6ad

THREAD_SHA1_HASH_MOD_FUNC: 435caa0d319e6f3b0ad5cf75ed0be3ddf6ec4562

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a2323ae3013acda3f3f0d794b00c7c0c3e2f5793

THREAD_SHA1_HASH_MOD: 9c57764a4b522a2a8b0bf2c15ddec5954001feed

FOLLOWUP_IP:

nt!KiPageFault+360

fffff801`41c75d20 85c0 test eax,eax

FAULT_INSTR_CODE: 367cc085

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiPageFault+360

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 35707659

IMAGE_VERSION: 10.0.18362.295

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 360

FAILURE_BUCKET_ID: 0x7f_8_nt!KiPageFault

BUCKET_ID: 0x7f_8_nt!KiPageFault

PRIMARY_PROBLEM_CLASS: 0x7f_8_nt!KiPageFault

TARGET_TIME: 2019-09-21T07:39:34.000Z

OSBUILD: 18362

OSSERVICEPACK: 295

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 1998-05-30 22:12:57

BUILDDATESTAMP_STR: 160101.0800

BUILDLAB_STR: WinBuild

BUILDOSVER_STR: 10.0.18362.295

ANALYSIS_SESSION_ELAPSED_TIME: 140c

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x7f_8_nt!kipagefault

FAILURE_ID_HASH: {2f8e6272-1536-8847-15b3-d73bdf95dfe4}

Followup: MachineOwner

---------

@ hal.dll 4e924194

@ E:\WinDBG\Debuggers\x86\sym\ntkrnlmp.pdb\11BC9A513F1140CA359ECDF50F0122C11\ntkrnlmp.pdb 35707659

@ kdcom.dll 5a75d524

@ mcupdate.dll f9972f7b

@ werkernel.sys 958e14b2

@ ksecdd.sys a35f28f6

@ msrpc.sys 8e1a4f15

@ tm.sys 2adb549a

@ CLFS.SYS 296cbb1a

@ PSHED.dll b21f9dda

@ BOOTVID.dll 0f301604

@ clipsp.sys 5c90178f

@ FLTMGR.SYS 801a5f11

@ cmimcext.sys c7f022b4

@ ntosext.sys bac877d8

@ CI.dll 8d6fde01

@ cng.sys 5444b5a1

@ E:\WinDBG\Debuggers\x86\sym\VerifierExt.pdb\49B8FA6FD9D04B632AE771CC45A6D91C1\VerifierExt.pdb 1a0e4e4f

@ Wdf01000.sys 116a658a

@ WDFLDR.SYS 3b396780

@ SleepStudyHelper.sys ba6e2346

@ WppRecorder.sys 34a54231

@ acpiex.sys 2b91edb2

@ mssecflt.sys 3517dbfe

@ SgrmAgent.sys f851a195

@ ACPI.sys 26fd2214

@ WMILIB.SYS 59021e3d

@ intelpep.sys 8a1b7970

@ WindowsTrustedRT.sys cb95ce3d

@ WindowsTrustedRTProxy.sys 514e3023

@ pcw.sys 6b731527

@ msisadrv.sys 5e470a0e

@ pci.sys 79450d16

@ vdrvroot.sys 0101bcc6

@ pdc.sys 87c34d95

@ CEA.sys f3811107

@ E:\WinDBG\Debuggers\x86\sym\partmgr.pdb\2B40EC8A3CD8DC73B413FD4734766CE61\partmgr.pdb 89c96ad1

@ spaceport.sys dc82b965

@ E:\WinDBG\Debuggers\x86\sym\volmgr.pdb\53F2E600057E143870235921A0EA85D01\volmgr.pdb 211cef76

@ volmgrx.sys d6f366b7

@ mountmgr.sys 242db05f

@ storahci.sys 381e77bb

@ E:\WinDBG\Debuggers\x86\sym\storport.pdb\3616ECB9B39B07AA535A46720261934B1\storport.pdb a692ce5b

@ EhStorClass.sys 526cc202

@ fileinfo.sys 24bbed20

@ Wof.sys 3cb75347

@ WdFilter.sys 8a73d08b

@ Fs_Rec.sys 49e932ba

@ ndis.sys a6d0fb1e

@ NETIO.SYS e3375155

@ ksecpkg.sys e1e129d5

@ Ntfs.sys d9a3ce82

@ amdpsp.sys 5d0a4a77

@ tcpip.sys 61ae2576

@ fwpkclnt.sys 58c1e6ed

@ wfplwfs.sys 60902cbb

@ E:\WinDBG\Debuggers\x86\sym\fvevol.pdb\89E3593EC23315E5AF7488ED01B185511\fvevol.pdb d4b5a2e7

@ volume.sys a4e9fdfa

@ volsnap.sys 1876f533

@ storufs.sys c45b8940

@ E:\WinDBG\Debuggers\x86\sym\rdyboost.pdb\549804AC488F4B759032AE7E2140E4B01\rdyboost.pdb f450ceb3

@ mup.sys 565e0311

@ E:\WinDBG\Debuggers\x86\sym\iorate.pdb\70BA68D42BA61730C122AA2AC1880B071\iorate.pdb 18d52dda

@ disk.sys 384fefed

@ E:\WinDBG\Debuggers\x86\sym\classpnp.pdb\824B67C6B056B40866C7D7CEFE41A4721\classpnp.pdb 09ed6e49

@ tbs.sys 965bac31

@ Null.SYS e822087b

@ Beep.SYS 528ec21a

@ dxgkrnl.sys 3a1abc64

@ watchdog.sys 21474799

@ BasicDisplay.sys 4e6e05e1

@ BasicRender.sys 82a93228

@ Npfs.SYS b03ecfd3

@ Msfs.SYS 91fe0ff4

@ tdx.sys 0a1f3dc4

@ TDI.SYS 894065a0

@ netbt.sys 113d2a22

@ afunix.sys 9d6c12c4

@ afd.sys b88dd13e

@ vwififlt.sys 39396289

@ pacer.sys e7276bde

@ netbios.sys b37fd2e9

@ rdbss.sys bce0ed0a

@ csc.sys b2d84c51

@ nsiproxy.sys 528da18a

@ npsvctrig.sys 0e7ac006

@ E:\WinDBG\Debuggers\x86\sym\mssmbios.pdb\7CE0C1D2DD53B809A668DE8F5F91012E1\mssmbios.pdb e6dc521d

@ gpuenergydrv.sys 0cc24294

@ dfsc.sys fabe3f7d

@ bam.sys 22198778

@ ahcache.sys a8473be2

@ Vid.sys bde3e73c

@ winhvr.sys 5eb9ff62

@ CompositeBus.sys f050d616

@ kdnic.sys 1ff5f7f5

@ umbus.sys 3104a4ad

@ USBXHCI.SYS 951b0a79

@ ucx01000.sys 04268533

@ amdgpio2.sys 5cde452f

@ crashdmp.sys 2985cb13

@ dump_storport.sys 5cc3d020

@ dump_storahci.sys 381e77bb

@ dump_dumpfve.sys 4bedf38a

@ cdrom.sys 9f6b0b7b

@ filecrypt.sys 4ead73c1

@ ks.sys 1f5fe6fb

@ serial.sys b6549b39

@ rt640x64.sys 5cd53d6b

@ amdppm.sys dd8872d0

@ msgpioclx.sys 764cde46

@ wmiacpi.sys af7efce5

@ amdgpio3.sys 56e69038

@ NdisVirtualBus.sys d217410a

@ swenum.sys c4d73525

@ rdpbus.sys 4e9899f8

@ nvhda64v.sys 5a338527

@ ksthunk.sys 15502221

@ portcls.sys d4f15bf0

@ drmk.sys a3e06fb0

@ AMDPCIDev.sys 5d3848ec

@ nvlddmkm.sys 5ab5877e

@ HDAudBus.sys aecd2958

@ serenum.sys 0b8b1db3

@ RTKVHD64.sys 5beab150

@ UsbHub3.sys d4267d67

sysinfo: could not find necessary interfaces.

sysinfo: note that mssmbios.sys must be loaded (XPSP2+).

sysinfo: could not find necessary interfaces.

sysinfo: note that mssmbios.sys must be loaded (XPSP2+).

Additional Commands

8: kd> .trap fffff402`0e886040

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=0000000000000500 rbx=0000000000000000 rcx=0000000000000500

rdx=fffff4020e886208 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80141c706f6 rsp=fffff4020e8861d8 rbp=fffff4020e886230

r8=fffff4020e8861d0 r9=00000000000004d0 r10=fffff4020e885000

r11=fffff4020e885000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei ng nz na po cy

nt!_chkstk+0x36:

fffff801`41c706f6 45841b test byte ptr [r11],r11b ds:fffff402`0e885000=??