My PC is blue screening every day or two (they seem to be different every time), I have recently got a minidump file of the latest crash and would like help in understanding what is creating the BSOD.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801
Debug session time: Wed Mar 27 19:48:52.825 2019 (UTC + 0:00)
System Uptime: 0 days 1:14:29.579
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
.........
***
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, ffffe7018a2ca270, ffffc80541e58b52, fffff80173700e5e}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+2a8 )
Followup: MachineOwner
---------
3: kd> !analyze -v
***
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffe7018a2ca270
Arg3: ffffc80541e58b52
Arg4: fffff80173700e5e
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 2
BUGCHECK_P1: 8
BUGCHECK_P2: ffffe7018a2ca270
BUGCHECK_P3: ffffc80541e58b52
BUGCHECK_P4: fffff80173700e5e
BUGCHECK_STR: 0x7f_8
TRAP_FRAME: ffffe7018a2ca270 -- (.trap 0xffffe7018a2ca270)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000000f
rdx=ffffc80541e57b38 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80173700e5e rsp=ffffc80541e58b52 rbp=ffffc80541e57b58
r8=0000000000000000 r9=ffffc80541e57bb8 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!PpmParkDistributeUtility+0x12cbae:
fffff801
Resetting default scope
CPU_COUNT: 10
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: c
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: EpicGamesLauncher.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-AACK5FL
ANALYSIS_SESSION_TIME: 03-27-2019 20:41:04.0864
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
BAD_STACK_POINTER: ffffc80541e58b52
UNALIGNED_STACK_POINTER: ffffc80541e58b52
LAST_CONTROL_TRANSFER: from fffff8017366ed69 to fffff8017365d5e0
STACK_TEXT:
ffffe701
ffffe701
ffffe701
ffffc805
THREAD_SHA1_HASH_MOD_FUNC: 11c7e87e308cc6277cc1aae88e49b2120a73ab62
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 383ee6e360796e3595a17c3a9d328ab8980370a7
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+2a8
fffff801`73669da8 90 nop
FAULT_INSTR_CODE: 6666c390
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+2a8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.379
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2a8
FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
BUCKET_ID: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
PRIMARY_PROBLEM_CLASS: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
TARGET_TIME: 2019-03-27T19:48:52.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 4f6a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x7f_8_stackptr_error_nt!kidoublefaultabort
FAILURE_ID_HASH: {c5b9990d-856b-1bb5-7662-4621e5941c84}
Followup: MachineOwner
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801
734aa000 PsLoadedModuleList = 0xfffff801
738c59f0Debug session time: Wed Mar 27 19:48:52.825 2019 (UTC + 0:00)
System Uptime: 0 days 1:14:29.579
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
.........
***
- *
- Bugcheck Analysis *
- *
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, ffffe7018a2ca270, ffffc80541e58b52, fffff80173700e5e}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+2a8 )
Followup: MachineOwner
---------
3: kd> !analyze -v
***
- *
- Bugcheck Analysis *
- *
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffe7018a2ca270
Arg3: ffffc80541e58b52
Arg4: fffff80173700e5e
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
DUMP_TYPE: 2
BUGCHECK_P1: 8
BUGCHECK_P2: ffffe7018a2ca270
BUGCHECK_P3: ffffc80541e58b52
BUGCHECK_P4: fffff80173700e5e
BUGCHECK_STR: 0x7f_8
TRAP_FRAME: ffffe7018a2ca270 -- (.trap 0xffffe7018a2ca270)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000000000000f
rdx=ffffc80541e57b38 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80173700e5e rsp=ffffc80541e58b52 rbp=ffffc80541e57b58
r8=0000000000000000 r9=ffffc80541e57bb8 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!PpmParkDistributeUtility+0x12cbae:
fffff801
73700e5e e80d92e1ff call nt!KeGetPrcb (fffff801
7351a070)Resetting default scope
CPU_COUNT: 10
CPU_MHZ: e10
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: c
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: EpicGamesLauncher.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-AACK5FL
ANALYSIS_SESSION_TIME: 03-27-2019 20:41:04.0864
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
BAD_STACK_POINTER: ffffc80541e58b52
UNALIGNED_STACK_POINTER: ffffc80541e58b52
LAST_CONTROL_TRANSFER: from fffff8017366ed69 to fffff8017365d5e0
STACK_TEXT:
ffffe701
8a2ca128 fffff801
7366ed69 : 000000000000007f 00000000
00000008 ffffe7018a2ca270 ffffc805
41e58b52 : nt!KeBugCheckExffffe701
8a2ca130 fffff801
73669da8 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiBugCheckDispatch+0x69ffffe701
8a2ca270 fffff801
73700e5e : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiDoubleFaultAbort+0x2a8ffffc805
41e58b52 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!PpmParkDistributeUtility+0x12cbaeTHREAD_SHA1_HASH_MOD_FUNC: 11c7e87e308cc6277cc1aae88e49b2120a73ab62
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 383ee6e360796e3595a17c3a9d328ab8980370a7
THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+2a8
fffff801`73669da8 90 nop
FAULT_INSTR_CODE: 6666c390
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+2a8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 10.0.17763.379
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2a8
FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
BUCKET_ID: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
PRIMARY_PROBLEM_CLASS: 0x7f_8_STACKPTR_ERROR_nt!KiDoubleFaultAbort
TARGET_TIME: 2019-03-27T19:48:52.000Z
OSBUILD: 17763
OSSERVICEPACK: 379
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 4f6a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x7f_8_stackptr_error_nt!kidoublefaultabort
FAILURE_ID_HASH: {c5b9990d-856b-1bb5-7662-4621e5941c84}
Followup: MachineOwner