Windows 10: Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP

Discus and support Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP in Windows 10 BSOD Crashes and Debugging to solve the problem; Hey, I've been dealing (unsuccessfully) with this issue all day. From time to time today, often at truly awful times, be it in the middle of a game or... Discussion in 'Windows 10 BSOD Crashes and Debugging' started by Nierfenhimer, Jul 10, 2016.

  1. Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP


    Hey, I've been dealing (unsuccessfully) with this issue all day. From time to time today, often at truly awful times, be it in the middle of a game or otherwise, I'll be treated to an awful freeze, the sound - whatever was playing at the time, if anything - will do that typical crash stutter, and after a scant few seconds, I'll be treated to a BSOD claiming, as the title implies, UNEXPECTED_KERNEL_MODE_TRAP.

    I've looked all day with no luck, run test after test (will be running Memtest86 tonight after I got to bed once I'm done here) - chkdsk, memory diagnostic, virus/malware scans, and the like - with no useful results, and have updated every driver I could think of, to no avail. I have completely uninstalled both Kaspersky and Malwarebytes, and even rolled back to a system restore point from a week ago, but, maddeningly, it yet persists.

    Frankly, this has me in panic attack territory. This is a computer I built not a few weeks ago and it's been performing wonderfully until just today. I'm at my wit's end. I have a minidump from the last crash, and have finally gotten it set to record a complete dump in the event it happens again, so hopefully this is some help in figuring out my issue. -.-;;

    Pardon me if there is extraneous info. For all my tinkering, I've never had problems where I've had to deal with memory dumps of any kind before (fortunately, at least to this point). Pardon me again if it is not enough. I will update if I hit this again with a complete dump if necessary.

    Code: Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\symbols*Symbol information Symbol search path is: SRV*C:\symbols*Symbol information Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.420.amd64fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0xfffff803`98673000 PsLoadedModuleList = 0xfffff803`98951cf0 Debug session time: Mon Jul 11 01:06:01.820 2016 (UTC - 4:00) System Uptime: 0 days 4:41:00.348 Loading Kernel Symbols ............................................................... ................................................................ ..................................................... Loading User Symbols PEB is paged out (Peb.Ldr = 00000000`00d9c018). Type ".hh dbgerr001" for details Loading unloaded module list ................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, ffffd00136812b30, b6dc80, 754f78cd} Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b3 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: ffffd00136812b30 Arg3: 0000000000b6dc80 Arg4: 00000000754f78cd Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 10586.420.amd64fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1701 BIOS_DATE: 03/25/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: MAXIMUS VIII HERO BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 1 BUGCHECK_P1: 8 BUGCHECK_P2: ffffd00136812b30 BUGCHECK_P3: b6dc80 BUGCHECK_P4: 754f78cd BUGCHECK_STR: 0x7f_8 TRAP_FRAME: ffffd00136812b30 -- (.trap 0xffffd00136812b30) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000000000d rbx=0000000000000000 rcx=0000000000bc3054 rdx=0000000011d2d8c8 rsi=0000000000000000 rdi=0000000000000000 rip=00000000754f78cd rsp=0000000000b6dc80 rbp=0000000000ba0000 r8=0000000011d2d8c8 r9=0000000000bc3034 r10=0000000000000005 r11=00000000ffffffff r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc 0033:00000000`754f78cd ?? ??? Resetting default scope CPU_COUNT: 8 CPU_MHZ: fa8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: RzSynapse.exe CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: SYLVANDELL ANALYSIS_SESSION_TIME: 07-11-2016 01:20:58.0912 ANALYSIS_VERSION: 10.0.10586.567 amd64fre LAST_CONTROL_TRANSFER: from fffff803987c03e9 to fffff803987b57a0 STACK_TEXT: ffffd001`368129e8 fffff803`987c03e9 : 00000000`0000007f 00000000`00000008 ffffd001`36812b30 00000000`00b6dc80 : nt!KeBugCheckEx ffffd001`368129f0 fffff803`987be473 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 ffffd001`36812b30 00000000`754f78cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb3 00000000`00b6dc80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x754f78cd STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: 51182814aa74dd715a6e07997b1a1ce85754d2a6 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 4758b05c49bbbaa93da617d056de321d1beb10a3 THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b FOLLOWUP_IP: nt!KiDoubleFaultAbort+b3 fffff803`987be473 90 nop FAULT_INSTR_CODE: 6666c390 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b3 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 5749178b BUCKET_ID_FUNC_OFFSET: b3 FAILURE_BUCKET_ID: 0x7f_8_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_nt!KiDoubleFaultAbort TARGET_TIME: 2016-07-11T05:06:01.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-27 23:59:07 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.amd64fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 2ba ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_nt!kidoublefaultabort FAILURE_ID_HASH: {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5} Followup: MachineOwner ---------[/quote] EDIT: No problems detected by Memtest. However, at some point this morning, about 15 minutes ago, I ran into another BSOD for IRQL_NOT_LESS_OR_EQUAL, which maybe points this specifically to a driver issue in particular, from what I know on my own (provided the two are related, which I sort of hope).

    Including the crash dump for the new BSOD below, as well as the diagnostic log (Mon_07_11_2016__92635_60).

    Code: Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\CrashDump\MEMORY.DMP] Kernel Bitmap Dump File: Full address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\symbols*Symbol information Symbol search path is: SRV*C:\symbols*Symbol information Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.420.amd64fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0xfffff800`8fa18000 PsLoadedModuleList = 0xfffff800`8fcf6cf0 Debug session time: Mon Jul 11 09:18:35.682 2016 (UTC - 4:00) System Uptime: 0 days 0:56:16.371 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols .............................................. Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {96, 2, 1, fffff8008fa2b973} Probably caused by : ntkrnlmp.exe ( nt!CcInitializeCacheMap+123 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000096, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8008fa2b973, address which referenced memory Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 402 BUILD_VERSION_STRING: 10586.420.amd64fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1701 BIOS_DATE: 03/25/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: MAXIMUS VIII HERO BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 0 BUGCHECK_P1: 96 BUGCHECK_P2: 2 BUGCHECK_P3: 1 BUGCHECK_P4: fffff8008fa2b973 WRITE_ADDRESS: 0000000000000096 CURRENT_IRQL: 2 FAULTING_IP: nt!CcInitializeCacheMap+123 fffff800`8fa2b973 83a398000000bf and dword ptr [rbx+98h],0FFFFFFBFh CPU_COUNT: 8 CPU_MHZ: fa8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: TiWorker.exe ANALYSIS_SESSION_HOST: SYLVANDELL ANALYSIS_SESSION_TIME: 07-11-2016 09:21:29.0302 ANALYSIS_VERSION: 10.0.10586.567 amd64fre TRAP_FRAME: ffffd000259abc20 -- (.trap 0xffffd000259abc20) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000040100 rbx=0000000000000000 rcx=ffffd000b23f1840 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8008fa2b973 rsp=ffffd000259abdb0 rbp=ffffc001d5fb96d0 r8=fffff8008fdaa740 r9=fffff801d6903df0 r10=7fffe000a37e2848 r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!CcInitializeCacheMap+0x123: fffff800`8fa2b973 83a398000000bf and dword ptr [rbx+98h],0FFFFFFBFh ds:00000000`00000098=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8008fb653e9 to fffff8008fb5a7a0 STACK_TEXT: ffffd000`259abad8 fffff800`8fb653e9 : 00000000`0000000a 00000000`00000096 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx ffffd000`259abae0 fffff800`8fb63bc7 : 00000000`00000168 fffff801`d696707a 00000000`e400ba09 fffff800`00000001 : nt!KiBugCheckDispatch+0x69 ffffd000`259abc20 fffff800`8fa2b973 : ffffd000`00000001 00000000`00000030 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x247 ffffd000`259abdb0 fffff801`d692e0df : ffffc001`d5fb96d0 ffffe000`00000001 ffffc001`d5fb96d0 ffffc001`d5fb96d0 : nt!CcInitializeCacheMap+0x123 ffffd000`259abe70 fffff801`d6989bed : ffffc001`d5fb96d0 ffffd000`259ac020 ffffc001`d5fb96d0 ffffd000`259ac018 : NTFS!NtfsCreateInternalAttributeStream+0x2bf ffffd000`259abf60 fffff801`d6989872 : ffffc001`d5fb96d0 ffffc001`d5fb9590 ffffd000`259ac7a9 fffff801`d69630cb : NTFS!NtfsUpdateRecordAllocationContext+0x199 ffffd000`259abfd0 fffff801`d6988a48 : ffffd000`b2d45460 ffffc001`d5fb96d0 ffffd000`259ac4c0 ffffc001`d5fb96d0 : NTFS!GetIndexBuffer+0x56 ffffd000`259ac0a0 fffff801`d694aa2b : ffffd000`b2d45460 ffffd000`259ac410 ffffd000`259ac480 ffffd000`259ac410 : NTFS!PushIndexRoot+0x2ac ffffd000`259ac2a0 fffff801`d694a6d9 : 00000000`00000000 ffffc001`d5fb96d0 ffffd000`259ac3f0 ffffd000`259ac4c0 : NTFS!AddToIndex+0x1df ffffd000`259ac360 fffff801`d694af14 : ffffe000`a3115bc0 00000000`00000000 ffffe000`a3fb6f08 00000000`142c0001 : NTFS!NtfsAddIndexEntry+0x139 ffffd000`259ac5d0 fffff801`d694b0dc : ffffc001`f063b010 ffffc001`d5fb96d0 ffffd000`b2d45460 ffffd000`259ac741 : NTFS!NtfsAddNameToParent+0x428 ffffd000`259ac6d0 fffff801`d69c787e : ffffc001`eaa5b210 ffffc001`eaa5b210 ffffc001`eaa5b210 ffffc001`f063b420 : NTFS!NtfsAddLink+0x198 ffffd000`259ac7f0 fffff801`d6978422 : ffffd000`b2d45460 ffffc001`f063b300 ffffe000`a3115802 ffffd000`b2d45400 : NTFS!TxfDeleteFile+0x542 ffffd000`259acb00 fffff801`d6974f79 : ffffe000`ae52ba78 ffffe000`a3232290 ffffd000`b2d453f0 ffffe000`a3115840 : NTFS!NtfsCommonCleanup+0x3482 ffffd000`259acf50 fffff800`8fb5d367 : ffffd000`b2d453f0 00000000`0019e168 00000000`00e4d000 00000000`0198d888 : NTFS!NtfsCommonCleanupCallout+0x19 ffffd000`259acf80 fffff800`8fb5d32d : 00000000`00006000 00000000`00000012 ffffd000`259ad000 fffff800`8fabf201 : nt!KxSwitchKernelStackCallout+0x27 ffffd000`b2d45260 fffff800`8fabf201 : ffffc001`00000007 00000000`00006000 ffffe000`ae52ba78 00000000`00000000 : nt!KiSwitchKernelStackContinue ffffd000`b2d45280 fffff800`8fabef76 : 00000000`00000009 00000000`00006000 ffffc001`f063d048 ffffd000`b2d45300 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x131 ffffd000`b2d45300 fffff800`8fabee3f : 00000000`00000001 ffffd000`b2d453f0 00000000`00000000 ffffd000`b2d45420 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6 ffffd000`b2d45360 fffff801`d695ca2c : ffffe000`a3232290 ffffd000`b2d45460 00000000`00000000 ffffd000`b2d45420 : nt!KeExpandKernelStackAndCalloutInternal+0x2f ffffd000`b2d453b0 fffff801`d5667895 : ffffe000`ae4ab470 fffff800`8fa18000 ffffe000`a3232290 ffffe000`a3232200 : NTFS!NtfsFsdCleanup+0x1cc ffffd000`b2d456e0 fffff801`d5665816 : ffffffff`fffe7960 ffffe000`a3f04df0 00000000`00000001 00000000`00000001 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a5 ffffd000`b2d45770 fffff800`8fe17250 : ffffe000`a1f4bf20 ffffe000`a3f04df0 00000000`00000000 00000000`ae53a500 : FLTMGR!FltpDispatch+0xb6 ffffd000`b2d457d0 fffff800`8fe234c0 : ffffe000`a1f4bef0 00000000`00000000 ffffe000`a1f4bef0 00000000`00000001 : nt!IopCloseFile+0x150 ffffd000`b2d45860 fffff800`8fdd6ced : 000000d0`c0e7de7c 00000000`00000001 00007ff8`0000000d 00007ff8`00000000 : nt!ObCloseHandleTableEntry+0x250 ffffd000`b2d459a0 fffff800`8fb650a3 : ffffe000`a3115840 ffffe000`a3115840 ffffe000`a3115840 ffffd000`b2d45a80 : nt!NtClose+0xcd ffffd000`b2d45a00 00007ff8`826252c4 : 00007ff8`51c21c4e 00007ff8`51e170a8 00007ff8`51be048a 000000d0`c0e7d7c0 : nt!KiSystemServiceCopyEnd+0x13 000000d0`c0e7dcc8 00007ff8`51c21c4e : 00007ff8`51e170a8 00007ff8`51be048a 000000d0`c0e7d7c0 00007ff8`51c703a0 : ntdll!NtClose+0x14 000000d0`c0e7dcd0 00007ff8`51c19dce : 00000000`000006ea 0000023c`330d6aa0 00007ff8`51c21b10 00007ff8`51c75ee7 : wcp!Windows::Rtl::SystemImplementation:Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP :DirectFileSystemProvider::SysClose+0x13e 000000d0`c0e7e2e0 00007ff8`51c1765e : 00007ff8`51c4df00 0000023c`330d6ac0 000000d0`c0e7e550 00007ff8`51eabe00 : wcp!Windows::Rtl::SystemImplementation::CSilHandle::Close+0x52 000000d0`c0e7e320 00007ff8`51c17699 : 0000023c`330d6ab0 00000000`000000e0 0000023c`31c72468 00000000`00000001 : wcp!Windows::Rtl::SystemImplementation::CSilHandle::~CSilHandle+0xe 000000d0`c0e7e350 00007ff8`51c17628 : 00007ff8`51bb3f10 000000d0`c0e7e550 00007ff8`51eabe00 00007ff8`51e1c680 : wcp!Windows::Rtl::SystemImplementation::CSystemObject::~CSystemObject+0x25 000000d0`c0e7e380 00007ff8`51c17a04 : 00000000`00000001 00000000`00000000 00000000`00000000 00007ff8`51c2fed0 : wcp!Windows::Rtl::SystemImplementation::CFile::~CFile+0x64 000000d0`c0e7e3c0 00007ff8`51c3850c : 00007ff8`51c179f0 00007ff8`51bb8931 0000429c`065c82d6 0000429c`065c8306 : wcp!Windows::Rtl::SystemImplementation::CFile::`vector deleting destructor'+0x14 000000d0`c0e7e3f0 00007ff8`51c19d42 : 00007ff8`51c384d0 00000000`0000009c 0000023c`32ad3240 00007ff8`51c2ec70 : wcp!Windows::Rtl::CRtlRefCountedObjectBase<Windows::Rtl::SystemImplementation::CFile,Windows::Rtl::IRtlFile,Windows::Rtl::IRtlSystemObject,Windows::Rtl:Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP :Detail::CRtlRefCountedObjectBaseNoInterface,Windows::Rtl:Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP :Detail::CRtlRefCountedObjectBaseNoInterface>::Release+0x3c 000000d0`c0e7e420 00007ff8`51d315d7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wcp!Windows::Auto<Windows::Rtl::IRtlEnumDirectoryEntries * __ptr64>::~Auto<Windows::Rtl::IRtlEnumDirectoryEntries * __ptr64>+0x2a 000000d0`c0e7e450 00007ff8`51d31ba6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wcp!ComponentStore::CRawStoreLayout::RemoveComponentFootprint+0x4f3 000000d0`c0e7e5b0 00007ff8`51d324c3 : 00007ff8`51e04718 00000000`00000000 00000000`00000000 00000000`00000000 : wcp!ComponentStore::CRawStoreLayout::RemoveComponents+0x16a 000000d0`c0e7e6b0 00007ff8`51d26fe7 : 00007ff8`00000001 00000000`00000000 00000000`00000020 00000000`00000000 : wcp!ComponentStore::CRawStoreLayout::Scavenge+0x3db 000000d0`c0e7e8e0 00007ff8`51d25ac4 : 000000d0`c0e7eae0 00000000`00000000 0000023c`31c00000 0000023c`3296c050 : wcp!CCSDirectTransaction::Scavenge+0x343 000000d0`c0e7ea20 00007ff8`51d4767d : 000000d0`c0e7ee60 00007ff8`51db4b6f 0000023c`00000002 000000d0`c0e7eec8 : wcp!CCSDirectTransaction::Operate+0x304 000000d0`c0e7ecc0 00007ff8`51bd1695 : 00000000`00000000 00007ff8`51bb2c00 00000000`00000000 0000023c`31c34720 : wcp!CCSDirectTransaction_IRtlTransaction::Operate+0xbd 000000d0`c0e7ed60 00007ff8`51bd490a : 000000d0`c0e7f179 000000d0`c0e7f158 000000d0`c0e7f110 00000000`00000000 : wcp!Windows::COM::CComponentStore::InternalTransact+0xe0d 000000d0`c0e7f060 00007ff8`51dd97c6 : 0000023c`32c1b168 00000000`00000000 00000000`00000000 0000023c`32c1b168 : wcp!Windows::COM::CComponentStore_IStore::Transact2+0x4a 000000d0`c0e7f0c0 00007ff8`51ddc92c : 00007ff8`5210a2d0 0000023c`32c1b168 0000023c`32c1afa0 0000023c`31c6dc60 : wcp!Windows::ServicingAPI::CCSITransaction::GeneratePendingTransactionContent+0x282 000000d0`c0e7f1e0 00007ff8`51de8c81 : 00000000`00000000 00007ff8`51e044f4 00007ff8`51c703f0 00000000`00000000 : wcp!Windows::ServicingAPI::CCSITransaction::ICSITransaction_Commit+0x27c 000000d0`c0e7f470 00007ff8`51ff660c : 00000000`00000016 00000000`00000016 0000023c`3296bc70 00007ff8`51ddfc90 : wcp!Windows::ServicingAPI::CCSITransaction_ICSITransaction::Commit+0x131 000000d0`c0e7f680 00007ff8`51fdaba4 : 00007ff8`51ddfc90 000000d0`c0e7f741 00000000`0000000c 00007ff8`520ed1b0 : cbscore!TransactionCommit+0x60 000000d0`c0e7f6b0 00007ff8`5202aa3c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : cbscore!PackageStoreCsiScavenge+0x244 000000d0`c0e7f790 00007ff8`52029a1f : 00000000`00000000 000000d0`c0e7f880 00000000`00000000 00007ff8`5210ac60 : cbscore!CCbsMaintenanceExecutionObject::Scavenge+0x14c 000000d0`c0e7f820 00007ff8`52052bb1 : 00007ff8`52024970 00007ff8`520291d0 0000023c`31e9ecd0 0000023c`33338cf0 : cbscore!CCbsMaintenanceExecutionObject::Execute+0x84f 000000d0`c0e7f920 00007ff8`821d8102 : 00000000`00000000 00007ff8`52052a90 0000023c`31e9ecd0 0000023c`31e9ecd0 : cbscore!QueueThreadProc+0x121 000000d0`c0e7f980 00007ff8`825dc5b4 : 00007ff8`821d80e0 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x22 000000d0`c0e7f9b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: f03b7ab3fb0322f3446c08d2b888da14ec597e22 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: f8d71c77b5d80b4e1caeb7356620dc591247eb57 THREAD_SHA1_HASH_MOD: d24a5900d3b06c79216eafcddd59adb8de842d85 FOLLOWUP_IP: nt!CcInitializeCacheMap+123 fffff800`8fa2b973 83a398000000bf and dword ptr [rbx+98h],0FFFFFFBFh FAULT_INSTR_CODE: 98a383 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!CcInitializeCacheMap+123 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 5749178b BUCKET_ID_FUNC_OFFSET: 123 FAILURE_BUCKET_ID: AV_nt!CcInitializeCacheMap BUCKET_ID: AV_nt!CcInitializeCacheMap PRIMARY_PROBLEM_CLASS: AV_nt!CcInitializeCacheMap TARGET_TIME: 2016-07-11T13:18:35.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-27 23:59:07 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.amd64fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 333 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_nt!ccinitializecachemap FAILURE_ID_HASH: {0d0f37af-c24b-f883-54e8-be36e71beb21} Followup: MachineOwner --------- 2: kd> .trap 0xffffd000259abc20 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000040100 rbx=0000000000000000 rcx=ffffd000b23f1840 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8008fa2b973 rsp=ffffd000259abdb0 rbp=ffffc001d5fb96d0 r8=fffff8008fdaa740 r9=fffff801d6903df0 r10=7fffe000a37e2848 r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!CcInitializeCacheMap+0x123: fffff800`8fa2b973 83a398000000bf and dword ptr [rbx+98h],0FFFFFFBFh ds:00000000`00000098=????????[/quote]

    :)
     
    Nierfenhimer, Jul 10, 2016
    #1

  2. BSOD - KMODE_EXCEPTION_NOT_HANDLED

    Also, the most recent BSOD displayed a new error message: UNEXPECTED_KERNEL_MODE_TRAP
     
    CWilliamson31, Jul 10, 2016
    #2
  3. BSOD: UNEXPECTED_KERNEL_MODE_TRAP

    I keep getting this blue screen at random times(sometimes multiple times a day), and I sincerely have no idea what to do with it. I have run memcheck and dskchk and got no errors.

    I have seen some posts saying it might be some driver, but I'd like some help.

    Here is the dump file.
     
    Fernando Sabalete, Jul 10, 2016
    #3
  4. philc43 Win User

    Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP

    Hello Nierfenhimer,

    Welcome to the TenForums *Smile

    I had a look at the thread in your dump file and noticed that two drivers were named:
    Code: ffffd000`2317c708 fffff801`8e848f74Unable to load image \??\C:\Windows\system32\drivers\mwac.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for mwac.sys *** ERROR: Module load completed but symbols could not be loaded for mwac.sys mwac+0x8f74 ffffd000`2317d608 fffff801`8a58b024Unable to load image \SystemRoot\system32\DRIVERS\klif.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for klif.sys *** ERROR: Module load completed but symbols could not be loaded for klif.sys klif+0x3b024[/quote] This suggests that there are parts of Kaspersky and Malwarebytes still loading in your system. Can you check that you have completely uninstalled them. The driver details are shown below, the mwac.sys is dated 2014 and is an old outdated driver and could be the culprit.

    Code: 2: kd> lmvm mwac Browse full module list start end module name fffff801`8e840000 fffff801`8e853000 mwac T (no symbols) Loaded symbol image file: mwac.sys Image path: \??\C:\Windows\system32\drivers\mwac.sys Image name: mwac.sys Browse all global symbols functions data Timestamp: Wed Jun 18 03:07:00 2014 (53A0F444) CheckSum: 000134E6 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 2: kd> lmvm klif Browse full module list start end module name fffff801`8a550000 fffff801`8a647000 klif T (no symbols) Loaded symbol image file: klif.sys Image path: \SystemRoot\system32\DRIVERS\klif.sys Image name: klif.sys Browse all global symbols functions data Timestamp: Mon Apr 11 21:29:29 2016 (570C0929) CheckSum: 000F86D8 ImageSize: 000F7000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4[/quote]
     
    philc43, Jul 10, 2016
    #4
  5. Yikes. Thank you! I'll get on removing those remnants, then. However, that leaves me completely unprotected. Any suggestions as to good anti-malware/virus programs that I can grab that are known to be compatible with Win10?
     
    Nierfenhimer, Jul 10, 2016
    #5
  6. philc43 Win User
    Windows defender is all I use and is probably OK for you until we sort out your problem.

    I have just seen that you have posted a new set of log files in your first post. Those two drivers were not mentioned this time so there may be other causes to track down. The error is below and it still looks like driver issues:

    Code: IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000000096, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8008fa2b973, address which referenced memory[/quote]
     
    philc43, Jul 10, 2016
    #6
  7. Alright. I'll keep an eye on things on my side and will make sure to update with any new information if anything new occurs. So far, I've noticed that things have been stable for a bit longer than I've gotten so far this morning after combing through for remnant drivers, though it was happy to fake me out last night after a few hours of stability, so I'll keep my fingers crossed. Thanks for all your help so far!

    EDIT: Nothing for half an hour, so keeping my fingers crossed. I'll boot up WoW and just let it run to see if anything happens.
     
    Nierfenhimer, Jul 10, 2016
    #7
  8. Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP

    Well, half an hour later, not minutes after I try to do something I normally do by booting up a game, I get a BSOD I've never seen before: MULTIPLE_IRP_COMPLETE_REQUESTS. I'm not even sure what to make of this one. =-/

    Code: Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\CrashDump\MEMORY.DMP] Kernel Bitmap Dump File: Full address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\symbols*Symbol information Symbol search path is: SRV*C:\symbols*Symbol information Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.420.amd64fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0xfffff800`5220f000 PsLoadedModuleList = 0xfffff800`524edcf0 Debug session time: Mon Jul 11 10:37:01.815 2016 (UTC - 4:00) System Uptime: 0 days 0:40:19.495 Loading Kernel Symbols ............................................................... ................................................................ .................................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 44, {ffffe000b67c6010, fe7, 0, 0} Probably caused by : afd.sys ( afd!AfdCompletePollIrp+87 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* MULTIPLE_IRP_COMPLETE_REQUESTS (44) A driver has requested that an IRP be completed (IoCompleteRequest()), but the packet has already been completed. This is a tough bug to find because the easiest case, a driver actually attempted to complete its own packet twice, is generally not what happened. Rather, two separate drivers each believe that they own the packet, and each attempts to complete it. The first actually works, and the second fails. Tracking down which drivers in the system actually did this is difficult, generally because the trails of the first driver have been covered by the second. However, the driver stack for the current request can be found by examining the DeviceObject fields in each of the stack locations. Arguments: Arg1: ffffe000b67c6010, Address of the IRP Arg2: 0000000000000fe7 Arg3: 0000000000000000 Arg4: 0000000000000000 Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 402 BUILD_VERSION_STRING: 10586.420.amd64fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1701 BIOS_DATE: 03/25/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: MAXIMUS VIII HERO BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 0 BUGCHECK_P1: ffffe000b67c6010 BUGCHECK_P2: fe7 BUGCHECK_P3: 0 BUGCHECK_P4: 0 IRP_ADDRESS: ffffe000b67c6010 FOLLOWUP_IP: afd!AfdCompletePollIrp+87 fffff800`487a29bb 488b5c2450 mov rbx,qword ptr [rsp+50h] CPU_COUNT: 8 CPU_MHZ: fa8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0x44 PROCESS_NAME: System CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: SYLVANDELL ANALYSIS_SESSION_TIME: 07-11-2016 10:40:29.0672 ANALYSIS_VERSION: 10.0.10586.567 amd64fre LAST_CONTROL_TRANSFER: from fffff8005238559c to fffff800523517a0 STACK_TEXT: fffff800`543b1768 fffff800`5238559c : 00000000`00000044 ffffe000`b67c6010 00000000`00000fe7 00000000`00000000 : nt!KeBugCheckEx fffff800`543b1770 fffff800`487a29bb : fffff800`543b1a00 ffffe000`b67c6002 fffff800`00000002 fffff800`52250f45 : nt! ?? ::FNODOBFM::`string'+0x2539c fffff800`543b1890 fffff800`487a5f5e : fffff800`543b1ad0 00000000`00000000 00000000`00000001 00000000`00000001 : afd!AfdCompletePollIrp+0x87 fffff800`543b18e0 fffff800`5225d786 : ffffe000`b75e5c90 fffff800`543b1a10 00000000`00000001 00000000`00000001 : afd!AfdTimeoutPoll+0x2e fffff800`543b1910 fffff800`5235455a : 00000000`00000000 fffff800`5252c180 fffff800`525a2740 ffffe000`b73a1080 : nt!KiRetireDpcList+0x5f6 fffff800`543b1b60 00000000`00000000 : fffff800`543b2000 fffff800`543ab000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: 42a9f8e33995348d8935be209d77e17434badd04 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 47b870d97d4581e6ba9a30a21a52ec575a5bd995 THREAD_SHA1_HASH_MOD: 27635b1bd20fa3349118df06bdc79992561b2ec5 FAULT_INSTR_CODE: 245c8b48 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: afd!AfdCompletePollIrp+87 FOLLOWUP_NAME: MachineOwner MODULE_NAME: afd IMAGE_NAME: afd.sys DEBUG_FLR_IMAGE_TIMESTAMP: 563b2123 BUCKET_ID_FUNC_OFFSET: 87 FAILURE_BUCKET_ID: 0x44_afd!AfdCompletePollIrp BUCKET_ID: 0x44_afd!AfdCompletePollIrp PRIMARY_PROBLEM_CLASS: 0x44_afd!AfdCompletePollIrp TARGET_TIME: 2016-07-11T14:37:01.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-27 23:59:07 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.amd64fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 2bc ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x44_afd!afdcompletepollirp FAILURE_ID_HASH: {fea7859b-cf30-17ea-4324-1331fe347401} Followup: MachineOwner ---------[/quote]
     
    Nierfenhimer, Jul 10, 2016
    #8
  9. philc43 Win User
    This is not such a common error but also not easy to identify since the faulty driver details are overwritten. So something you have done in the past few days might be triggering this as it is a new BSOD. Maybe you can determine what might have happened by looking through your reliability history. (Type reliability in the search box if you don't know how to find this view).
     
    philc43, Jul 10, 2016
    #9
  10. Looking through the reliability monitor, what I see recurring most often is the NVIDIA Network Stream Service stops working nigh constantly, and consistently before crashes. I've completely disabled it, so with any luck maybe that will help to improve something. I just got another UNEXPECTED_KERNEL_MODE_TRAP so hopefully this shines some new light on things. The dump and logs are attached.

    Code: Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\CrashDump\MEMORY.DMP] Kernel Bitmap Dump File: Full address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\symbols*Symbol information Symbol search path is: SRV*C:\symbols*Symbol information Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.420.amd64fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0xfffff800`de079000 PsLoadedModuleList = 0xfffff800`de357cf0 Debug session time: Mon Jul 11 11:37:59.606 2016 (UTC - 4:00) System Uptime: 0 days 0:08:57.286 Loading Kernel Symbols ............................................................... ................................................................ ..................................... Loading User Symbols ..... Loading unloaded module list ....... Loading Wow64 Symbols ................................................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, ffffd001666c8b30, 76ccf8, 69910a70} *** ERROR: Symbol file could not be found. Defaulted to export symbols for chrome_child.dll - "KERNELBASE.dll" was not found in the image list. Debugger will attempt to load "KERNELBASE.dll" at given base 00000000`00000000. Please provide the full image name, including the extension (i.e. kernel32.dll) for more reliable results.Base address and size overrides can be given as .reload <image.ext>=<base>,<size>. Unable to add module at 00000000`00000000 Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b3 ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: ffffd001666c8b30 Arg3: 000000000076ccf8 Arg4: 0000000069910a70 Debugging Details: ------------------ "KERNELBASE.dll" was not found in the image list. Debugger will attempt to load "KERNELBASE.dll" at given base 00000000`00000000. Please provide the full image name, including the extension (i.e. kernel32.dll) for more reliable results.Base address and size overrides can be given as .reload <image.ext>=<base>,<size>. Unable to add module at 00000000`00000000 DUMP_CLASS: 1 DUMP_QUALIFIER: 402 BUILD_VERSION_STRING: 10586.420.amd64fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1701 BIOS_DATE: 03/25/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: MAXIMUS VIII HERO BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 0 BUGCHECK_P1: 8 BUGCHECK_P2: ffffd001666c8b30 BUGCHECK_P3: 76ccf8 BUGCHECK_P4: 69910a70 BUGCHECK_STR: 0x7f_8 TRAP_FRAME: ffffd001666c8b30 -- (.trap 0xffffd001666c8b30) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000006b669f00 rbx=0000000000000000 rcx=000000000076cfe0 rdx=000000000076cfe0 rsi=0000000000000000 rdi=0000000000000000 rip=0000000069910a70 rsp=000000000076ccf8 rbp=000000000076cf1c r8=000000000000002b r9=00000000777b6d3c r10=0000000000000000 r11=000000000066e4b0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac po nc chrome_child!GetHandleVerifier+0xb829c0: 0023:69910a70 ?? ??? Resetting default scope CPU_COUNT: 8 CPU_MHZ: fa8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: chrome.exe CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: SYLVANDELL ANALYSIS_SESSION_TIME: 07-11-2016 11:41:00.0564 ANALYSIS_VERSION: 10.0.10586.567 amd64fre LAST_CONTROL_TRANSFER: from fffff800de1c63e9 to fffff800de1bb7a0 STACK_TEXT: ffffd001`666c89e8 fffff800`de1c63e9 : 00000000`0000007f 00000000`00000008 ffffd001`666c8b30 00000000`0076ccf8 : nt!KeBugCheckEx ffffd001`666c89f0 fffff800`de1c4473 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 ffffd001`666c8b30 00000000`69910a70 : 0076cd60`69ac4dae 0076d460`0076cfe0 68ffc395`00c04750 00000043`00c372f8 : nt!KiDoubleFaultAbort+0xb3 00000000`0076ccf8 0076cd60`69ac4dae : 0076d460`0076cfe0 68ffc395`00c04750 00000043`00c372f8 0076cd38`00c09050 : chrome_child!GetHandleVerifier+0xb829c0 00000000`0076cd00 0076d460`0076cfe0 : 68ffc395`00c04750 00000043`00c372f8 0076cd38`00c09050 00000043`68ffc54d : 0x0076cd60`69ac4dae 00000000`0076cd08 68ffc395`00c04750 : 00000043`00c372f8 0076cd38`00c09050 00000043`68ffc54d 0076cfe0`0076cdec : 0x0076d460`0076cfe0 00000000`0076cd10 00000043`00c372f8 : 0076cd38`00c09050 00000043`68ffc54d 0076cfe0`0076cdec 00000000`698b472c : 0x68ffc395`00c04750 00000000`0076cd18 0076cd38`00c09050 : 00000043`68ffc54d 0076cfe0`0076cdec 00000000`698b472c 00c04750`0076d220 : 0x00000043`00c372f8 00000000`0076cd20 00000043`68ffc54d : 0076cfe0`0076cdec 00000000`698b472c 00c04750`0076d220 0076cf60`03ab9cb8 : 0x0076cd38`00c09050 00000000`0076cd28 0076cfe0`0076cdec : 00000000`698b472c 00c04750`0076d220 0076cf60`03ab9cb8 69a5d5ea`698b4831 : 0x00000043`68ffc54d 00000000`0076cd30 00000000`698b472c : 00c04750`0076d220 0076cf60`03ab9cb8 69a5d5ea`698b4831 0076cd70`00000000 : 0x0076cfe0`0076cdec 00000000`0076cd38 00c04750`0076d220 : 0076cf60`03ab9cb8 69a5d5ea`698b4831 0076cd70`00000000 0076d0c8`0076d050 : chrome_child!GetHandleVerifier+0xb2667c 00000000`0076cd40 0076cf60`03ab9cb8 : 69a5d5ea`698b4831 0076cd70`00000000 0076d0c8`0076d050 69acc9c0`0076cda0 : 0x00c04750`0076d220 00000000`0076cd48 69a5d5ea`698b4831 : 0076cd70`00000000 0076d0c8`0076d050 69acc9c0`0076cda0 0076cdbc`00000000 : 0x0076cf60`03ab9cb8 00000000`0076cd50 0076cd70`00000000 : 0076d0c8`0076d050 69acc9c0`0076cda0 0076cdbc`00000000 68fe7cc8`03aea1a0 : 0x69a5d5ea`698b4831 00000000`0076cd58 0076d0c8`0076d050 : 69acc9c0`0076cda0 0076cdbc`00000000 68fe7cc8`03aea1a0 03ae3e24`0000008f : 0x0076cd70`00000000 00000000`0076cd60 69acc9c0`0076cda0 : 0076cdbc`00000000 68fe7cc8`03aea1a0 03ae3e24`0000008f 0076d250`03af2e28 : 0x0076d0c8`0076d050 00000000`0076cd68 0076cdbc`00000000 : 68fe7cc8`03aea1a0 03ae3e24`0000008f 0076d250`03af2e28 00000000`00000000 : 0x69acc9c0`0076cda0 00000000`0076cd70 68fe7cc8`03aea1a0 : 03ae3e24`0000008f 0076d250`03af2e28 00000000`00000000 0000000a`00c04750 : 0x0076cdbc`00000000 00000000`0076cd78 03ae3e24`0000008f : 0076d250`03af2e28 00000000`00000000 0000000a`00c04750 69010305`00000000 : 0x68fe7cc8`03aea1a0 00000000`0076cd80 0076d250`03af2e28 : 00000000`00000000 0000000a`00c04750 69010305`00000000 0076ce00`0000000a : 0x03ae3e24`0000008f 00000000`0076cd88 00000000`00000000 : 0000000a`00c04750 69010305`00000000 0076ce00`0000000a 0076cdc0`03aea280 : 0x0076d250`03af2e28 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: c33529a322865ee6ac30532b3530902f2a4a4565 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 04921e2de11cd46c7d17183bff7f326bf515178e THREAD_SHA1_HASH_MOD: 8a073c82ee208a8edf92167047bd7216aeb1a6d3 FOLLOWUP_IP: nt!KiDoubleFaultAbort+b3 fffff800`de1c4473 90 nop FAULT_INSTR_CODE: 6666c390 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b3 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 5749178b BUCKET_ID_FUNC_OFFSET: b3 FAILURE_BUCKET_ID: 0x7f_8_nt!KiDoubleFaultAbort BUCKET_ID: 0x7f_8_nt!KiDoubleFaultAbort PRIMARY_PROBLEM_CLASS: 0x7f_8_nt!KiDoubleFaultAbort TARGET_TIME: 2016-07-11T15:37:59.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-27 23:59:07 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.amd64fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 2e7 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_nt!kidoublefaultabort FAILURE_ID_HASH: {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5} Followup: MachineOwner ---------[/quote]
     
    Nierfenhimer, Jul 10, 2016
    #10
  11. philc43 Win User
    The driver named in the dump this time is:

    Code: ffffd000`253b42e8 fffff800`fcff40b8Unable to load image \??\C:\Windows\system32\drivers\rzpnk.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for rzpnk.sys *** ERROR: Module load completed but symbols could not be loaded for rzpnk.sys rzpnk+0x40b8[/quote] Details of this driver which I think is related to Razor and Google says it is an overlay driver. Not sure why that is loading but it might be something else to remove.

    Code: 3: kd> lmvm rzpnk Browse full module list start end module name fffff800`fcff0000 fffff800`fd00e080 rzpnk T (no symbols) Loaded symbol image file: rzpnk.sys Image path: \??\C:\Windows\system32\drivers\rzpnk.sys Image name: rzpnk.sys Timestamp: Thu Sep 17 01:16:35 2015 (55FA0663) CheckSum: 00027E0F ImageSize: 0001E080 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4[/quote] Edit: Looking through your drivers it may be something to do with the Mouse. Maybe try completely uninstalling the Mouse drivers and update with newer ones if there are any.
     
    philc43, Jul 10, 2016
    #11
  12. Well, in my attempts to find a way to remove the Razer overlay support driver, I was very rudely interrupted by this CRITICAL_PROCESS_DIED BSOD. Seems like this is going further and further down the rabbit hole. =-( In the reliability monitor, I'm given this for the svchost.exe Remote Procedure Call:

    Code: Source Remote Procedure Call (RPC) Summary Stopped working Date ‎7/‎11/‎2016 12:12 PM Status Report sent Description Faulting Application Path: C:\Windows\System32\svchost.exe Problem signature Problem Event Name: CriticalProcessFault2 Application Name: svchost.exe_RpcSs Application Version: 10.0.10586.0 Application Timestamp: 5632d7ba Fault Module Name: rpcss.dll Fault Module Version: 10.0.10586.0 Fault Module Timestamp: 5632d595 Exception Code: c0000005 Exception Offset: 0000000000031654 Exception Data: 00000000 Exception Flags: 0x00000000 OS Version: 10.0.10586.2.0.0.256.48 Locale ID: 1033 Additional Information 1: fe04 Additional Information 2: fe0425ff63b66152db9fb679faae4ab7 Additional Information 3: 2057 Additional Information 4: 2057127893a14d4a38efc2a769aed7ac Extra information about the problem Bucket ID: b4daa735e5c65f84a3e90b6ef3553147 (126713468288)[/quote]
    And the dump is as follows:

    Code: Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\CrashDump\MEMORY.DMP] Kernel Bitmap Dump File: Full address space is available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\symbols*Symbol information Symbol search path is: SRV*C:\symbols*Symbol information Executable search path is: Windows 10 Kernel Version 10586 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 10586.420.amd64fre.th2_release_sec.160527-1834 Machine Name: Kernel base = 0xfffff803`9c808000 PsLoadedModuleList = 0xfffff803`9cae6cf0 Debug session time: Mon Jul 11 12:12:02.773 2016 (UTC - 4:00) System Uptime: 0 days 0:06:11.454 Loading Kernel Symbols ............................................................... ................................................................ .................................... Loading User Symbols ............................... Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck EF, {ffffe00181f94400, 0, 0, 0} Probably caused by : ntdll.dll ( ntdll!NtTerminateProcess+14 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_PROCESS_DIED (ef) A critical system process died Arguments: Arg1: ffffe00181f94400, Process object or thread object Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died. Arg3: 0000000000000000 Arg4: 0000000000000000 Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 402 BUILD_VERSION_STRING: 10586.420.amd64fre.th2_release_sec.160527-1834 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 1701 BIOS_DATE: 03/25/2016 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: MAXIMUS VIII HERO BASEBOARD_VERSION: Rev 1.xx DUMP_TYPE: 0 BUGCHECK_P1: ffffe00181f94400 BUGCHECK_P2: 0 BUGCHECK_P3: 0 BUGCHECK_P4: 0 PROCESS_NAME: svchost.exe CRITICAL_PROCESS: svchost.exe EXCEPTION_CODE: (HRESULT) 0x81ff9080 (2181009536) - <Unable to get error code text> ERROR_CODE: (NTSTATUS) 0x81ff9080 - <Unable to get error code text> CPU_COUNT: 8 CPU_MHZ: fa8 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 5e CPU_STEPPING: 3 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 74'00000000 (cache) 74'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0xEF CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: SYLVANDELL ANALYSIS_SESSION_TIME: 07-11-2016 12:14:41.0760 ANALYSIS_VERSION: 10.0.10586.567 amd64fre LAST_CONTROL_TRANSFER: from fffff8039ce48a10 to fffff8039c94a7a0 STACK_TEXT: ffffd000`209e78a8 fffff803`9ce48a10 : 00000000`000000ef ffffe001`81f94400 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx ffffd000`209e78b0 fffff803`9cbd5464 : 00000000`00000000 ffffe001`81ff93a0 00000000`00000001 fffff803`9c839dee : nt!PspCatchCriticalBreak+0xa4 ffffd000`209e78f0 fffff803`9cbd4a0d : ffffe001`81f94400 ffffe001`81f94400 ffffe001`81ff93a0 00000000`00000000 : nt!PspTerminateAllThreads+0x74 ffffd000`209e7950 fffff803`9ccb40dc : ffffe001`81f94400 00000000`c0000005 ffffe001`81f94400 ffffe001`81ff9080 : nt!PspTerminateProcess+0x101 ffffd000`209e7990 fffff803`9c9550a3 : ffffe001`81f94400 ffffe001`81ff9080 ffffd000`209e7a80 ffffd000`209e7a80 : nt!NtTerminateProcess+0x9c ffffd000`209e7a00 00007ff8`1d1c5664 : 00007ff8`1d17c5d8 00007ff8`1bf880e0 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000077`104fff08 00007ff8`1d17c5d8 : 00007ff8`1bf880e0 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTerminateProcess+0x14 00000077`104fff10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x58 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: e5752f15e3b51b6ed6b06ad4b1b119110c0e160a THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1f1c112713a08aee1bf907f7b75c040cd4a04065 THREAD_SHA1_HASH_MOD: 3a9d0b0249cd63b29881dc83383bf349c92708d0 FOLLOWUP_IP: ntdll!NtTerminateProcess+14 00007ff8`1d1c5664 c3 ret FAULT_INSTR_CODE: c32ecdc3 SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: ntdll!NtTerminateProcess+14 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ntdll IMAGE_NAME: ntdll.dll DEBUG_FLR_IMAGE_TIMESTAMP: 571af2eb BUCKET_ID_FUNC_OFFSET: 14 FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_81ff9080_ntdll!NtTerminateProcess BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_81ff9080_ntdll!NtTerminateProcess PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_81ff9080_ntdll!NtTerminateProcess TARGET_TIME: 2016-07-11T16:12:02.000Z OSBUILD: 10586 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-05-27 23:59:07 BUILDDATESTAMP_STR: 160527-1834 BUILDLAB_STR: th2_release_sec BUILDOSVER_STR: 10.0.10586.420.amd64fre.th2_release_sec.160527-1834 ANALYSIS_SESSION_ELAPSED_TIME: 35b ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_81ff9080_ntdll!ntterminateprocess FAILURE_ID_HASH: {a5bf45fe-05e1-2fa3-d40a-fe4fec6ad02a} Followup: MachineOwner ---------[/quote]
     
    Nierfenhimer, Jul 10, 2016
    #12
  13. philc43 Win User

    Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP

    As you have been getting so many crashes today it would be worth running the System File Checker to check and repair in case any system files have got corrupted.
     
    philc43, Jul 10, 2016
    #13
  14. Running that now. Just uninstalled and reinstalled the drivers for all my Razer devices - both the keyboard and mouse. I'll update this post with what is found or if I crash again.

    EDIT:

    Windows Resource Protection found corrupt files but was unable to fix some
    of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
    example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
    supported in offline servicing scenarios.

    Uploading the CBS log. This definitely looks more than a little sketchy...
     
    Nierfenhimer, Jul 10, 2016
    #14
  15. philc43 Win User
    Actually it is not all that bad, the CBS.log refers to the opencl.dll file which is a known issue that will be repaired in a future release of W10. So I think you are OK for system files *Smile

    For more information see the note in the SFC Tutorial.
     
    philc43, Jul 10, 2016
    #15
Thema:

Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP

Loading...
  1. Periodic BSOD: UNEXPECTED_KERNEL_MODE_TRAP - Similar Threads - Periodic BSOD UNEXPECTED_KERNEL_MODE_TRAP

  2. UNEXPECTED_KERNEL_MODE_TRAP BSOD

    in Windows 10 Gaming
    UNEXPECTED_KERNEL_MODE_TRAP BSOD: im getting this BSOD error please help me what is the cause of the BSOD thanks in advanceim getting this when im playing path of exile gamehttps://drive.google.com/file/d/1gg2obiYGdWbgNGx1h_-_8C3G9LlCepbQ/view?usp=share_link...
  3. UNEXPECTED_KERNEL_MODE_TRAP BSOD

    in Windows 10 BSOD Crashes and Debugging
    UNEXPECTED_KERNEL_MODE_TRAP BSOD: Hello all, I am having a UNEXPECTED_KERNEL_MODE_TRAP BSOD whenever I am using apps like davinci resolve, adobe apps and other applications that use a lot of ram and the graphics card. This BSOD comes up whenever I am using the app and stop using my pc to take a break or...
  4. UNEXPECTED_KERNEL_MODE_TRAP BSOD

    in Windows 10 Software and Apps
    UNEXPECTED_KERNEL_MODE_TRAP BSOD: Hello all, I am having a UNEXPECTED_KERNEL_MODE_TRAP BSOD whenever I am using apps like davinci resolve, adobe apps and other applications that use a lot of ram and the graphics card. This BSOD comes up whenever I am using the app and stop using my pc to take a break or...
  5. BSOD: UNEXPECTED_KERNEL_MODE_TRAP

    in Windows 10 Software and Apps
    BSOD: UNEXPECTED_KERNEL_MODE_TRAP: I've been getting this error too much now and I'm aggressively saving my work every time I use my laptop but even then it's too annoying and just not feasible.I've tried so many cmd commands, several times and made some changes to the memory dump. also have run memory...
  6. UNEXPECTED_KERNEL_MODE_TRAP BSOD

    in Windows 10 Gaming
    UNEXPECTED_KERNEL_MODE_TRAP BSOD: HelloI have an HP Laptop which came shipped with Windows 11. I have been facing this blue screen since some months which occurs occasionally, but frequently when I put my laptop to sleep. I have run: Windows memory diag tool-No errorsMemtest86- no errorsfc scan-no errorI am...
  7. BSOD Stopcode: UNEXPECTED_KERNEL_MODE_TRAP

    in Windows 10 BSOD Crashes and Debugging
    BSOD Stopcode: UNEXPECTED_KERNEL_MODE_TRAP: So when I play League of Legends and I use alt+tab to tab out of the game I get BSOD with that stopcode. I have tried many things to fix it and nothing works. I have no idea what to do at this point. Please help me....
  8. BSOD UNEXPECTED_KERNEL_MODE_TRAP

    in Windows 10 BSOD Crashes and Debugging
    BSOD UNEXPECTED_KERNEL_MODE_TRAP: I thought the problem was fixed from my last post, but it seems the problem still persists. The problem first started when I noticed several visual bugs like red and green stripes in the below image. This would appear when I'm using Battle.net launcher, Steam, Uplay,...
  9. BSOD Unexpected_kernel_mode_trap

    in Windows 10 BSOD Crashes and Debugging
    BSOD Unexpected_kernel_mode_trap: Hello everyone, First time posting here and I am completely lost on what to do. I have tried everything I could think of to fix this issue and have not been able to find a solution. Hoping someone here can help. I have been getting random BSOD's for a few months now. I...
  10. BSOD (Unexpected_Kernel_Mode_TRAP)

    in Windows 10 BSOD Crashes and Debugging
    BSOD (Unexpected_Kernel_Mode_TRAP): Every time I get on league of legends or any thing that uses graphics, I get the BSOD UNEXEPECTED_KERNEL_MODE_TRAP. This is extremely annoying and also happens when I watch YouTube videos. This is a brand new computer I built myself and didn't have any problems until I...

Users found this page by searching for:

  1. cbscore error critical died