0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
BugCheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: fffff8071ce90e70
Arg3: 0000000000000000
Arg4: fffff807176c0fdd
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3171
Key : Analysis.Elapsed.mSec
Value: 6706
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 405
Key : Analysis.Init.Elapsed.mSec
Value: 2031
Key : Analysis.Memory.CommitPeak.Mb
Value: 95
Key : Bugcheck.Code.LegacyAPI
Value: 0x7f
Key : Failure.Bucket
Value: 0x7f_8_nt!KiDoubleFaultAbort
Key : Failure.Hash
Value: {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}
Key : Hypervisor.Enlightenments.Value
Value: 0
Key : Hypervisor.Enlightenments.ValueHex
Value: 0
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 7f
BUGCHECK_P1: 8
BUGCHECK_P2: fffff8071ce90e70
BUGCHECK_P3: 0
BUGCHECK_P4: fffff807176c0fdd
FILE_IN_CAB: 020324-6609-01.dmp
TRAP_FRAME: fffff8071ce90e70 -- (.trap 0xfffff8071ce90e70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=01da5630df619200 rbx=0000000000000000 rcx=000000005e5f17c8
rdx=fffff80714df8ac0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807176c0fdd rsp=0000000000000000 rbp=fffff8071ce74ad0
r8=000000005e5ce41f r9=fffff78000000000 r10=0000000000000000
r11=fffff78000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiRetireDpcList+0x87d:
fffff807`176c0fdd 000f add byte ptr [rdi],cl ds:00000000`00000000=??
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffff807`1ce90d28 fffff807`178118a9 : 00000000`0000007f 00000000`00000008 fffff807`1ce90e70 00000000`00000000 : nt!KeBugCheckEx
fffff807`1ce90d30 fffff807`1780bebd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff807`1ce90e70 fffff807`176c0fdd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2bd
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRetireDpcList+0x87d
SYMBOL_NAME: nt!KiDoubleFaultAbort+2bd
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.3996
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 2bd
FAILURE_BUCKET_ID: 0x7f_8_nt!KiDoubleFaultAbort
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffff80000003, The exception code that was not handled
Arg2: fffff8011246195c, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: fffff801124618e0, Parameter 1 of the exception
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3858
Key : Analysis.Elapsed.mSec
Value: 5010
Key : Analysis.IO.Other.Mb
Value: 2
Key : Analysis.IO.Read.Mb
Value: 3
Key : Analysis.IO.Write.Mb
Value: 6
Key : Analysis.Init.CPU.mSec
Value: 468
Key : Analysis.Init.Elapsed.mSec
Value: 6781
Key : Analysis.Memory.CommitPeak.Mb
Value: 95
Key : Bugcheck.Code.LegacyAPI
Value: 0x1e
Key : Failure.Bucket
Value: 0x1E_80000003_nt!KeAcquireInStackQueuedSpinLockAtDpcLevel
Key : Failure.Hash
Value: {8e7d8fe2-97af-5762-f572-760cddbaf403}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffff80000003
BUGCHECK_P2: fffff8011246195c
BUGCHECK_P3: 0
BUGCHECK_P4: fffff801124618e0
FILE_IN_CAB: 021524-6312-01.dmp
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: fffff801124618e0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffff801`16c898e8 fffff801`1267a67b : 00000000`0000001e ffffffff`80000003 fffff801`1246195c 00000000`00000000 : nt!KeBugCheckEx
fffff801`16c898f0 fffff801`125fe6e2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x14130b
fffff801`16c89fb0 fffff801`125fe6b0 : fffff801`12611ae5 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxExceptionDispatchOnExceptionStack+0x12
fffff801`16c7b228 fffff801`12611ae5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000007 : nt!KiExceptionDispatchOnExceptionStackContinue
fffff801`16c7b230 fffff801`1260a9d0 : fffff801`16c7b4a0 00000000`00000004 fffff801`16c7b4a8 00000000`00000004 : nt!KiExceptionDispatch+0x125
fffff801`16c7b410 fffff801`1246195d : 00000000`00000000 fffff801`16c7b6a0 ffffa086`baa73000 00000000`00000008 : nt!KiBreakpointTrap+0x310
fffff801`16c7b5a0 00000000`00000000 : fffff801`16c7b6a0 ffffa086`baa73000 00000000`00000008 00000000`00000000 : nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+0x7d
SYMBOL_NAME: nt!KeAcquireInStackQueuedSpinLockAtDpcLevel+7c
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.4046
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 7c
FAILURE_BUCKET_ID: 0x1E_80000003_nt!KeAcquireInStackQueuedSpinLockAtDpcLevel
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {8e7d8fe2-97af-5762-f572-760cddbaf403}
Followup: MachineOwner
---------