J
jack qwerty
Guest
Hi
On one of out tests setups we are experiencing bugcheck 7F EXCEPTION_DOUBLE_FAULT as shown below. The user mode context of the faulting thread is our .net GUI application i.e. when it is in the process of being terminated via script (using pskill). The crash is random in that sometime the pskill on the process does not bugcheck the system. Earlier I came across this post which looks similar to the issue we are facing.
TSS blog: февраля 2015
Since this is an automation setup I am nor sure exactly what is the UI state of the application. Presumably there are several error popups which could be active at the point when pskill is initiated on out process. Just wanted to understand if there's any way in which we could circumvent this issue ? With that I am assuming that generally and under no circumstance should UM code be able to trigger a KM bugcheck.
The OS is Windows Server 2009 standard edition and is up to the latest patch level was of this writing. Earlier tere was wdfilter also in the call stack which I disable via local group policy. But the crash persists even without wdfilter in the call stack.
12: kd> vertarget
Windows 10 Kernel Version 17763 MP (24 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801`3da08000 PsLoadedModuleList = 0xfffff801`3de21710
Debug session time: Mon Feb 10 17:05:28.677 2020 (UTC - 8:00)
System Uptime: 0 days 11:47:46.778
12: kd> .bugcheck
Bugcheck code 0000007F
Arguments 00000000`00000008 ffffde80`1ff4ce50 ffffc303`18ce3eb0 fffff801`3dbcf6d4
12: kd> !sysinfo machineid
Machine ID Information [From Smbios 2.7, DMIVersion 0, Size=5393]
BiosMajorRelease = 0
BiosMinorRelease = 0
FirmwareMajorRelease = 0
FirmwareMinorRelease = 0
BiosVendor = Intel Corporation
BiosVersion = SE5C610.86B.01.01.0014.121820151719
BiosReleaseDate = 12/18/2015
SystemManufacturer = Intel Corporation
SystemProductName = S2600WT2R
SystemFamily = Family
SystemVersion = ....................
SystemSKU = SKU Number
BaseBoardManufacturer = Intel Corporation
BaseBoardProduct = S2600WT2R
BaseBoardVersion = H21573-366
12: kd> !sysinfo cpuinfo
[CPU Information]
~MHz = REG_DWORD 2394
Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
Identifier = REG_SZ Intel64 Family 6 Model 63 Stepping 2
ProcessorNameString = REG_SZ Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
Update Status = REG_DWORD 0
VendorIdentifier = REG_SZ GenuineIntel
MSR8B = REG_QWORD 3c00000000
12: kd> !thread
THREAD ffffcd8830367080 Cid 09b0.27c0 Teb: 000000377234f000 Win32Thread: ffffcd8832afc530 RUNNING on processor c
Not impersonating
DeviceMap ffff9c85dce03f50
Owning Process ffffcd8830d5f080 Image: NMX Designer.exe
Attached Process ffffc58fb3c17140 Image: Registry
Wait Start TickCount 2717873 Ticks: 0
Context Switch Count 6813275 IdealProcessor: 23
UserTime 00:45:58.484
KernelTime 00:01:29.218
Win32 Start Address 0x000001a0976c0000
Stack Init ffffc30318ce9c90 Current ffffc303156c8a20
Base ffffc30318cea000 Limit ffffc30318ce4000 Call 0000000000000000
Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffde80`1ff4cd08 fffff801`3dbd01e9 : 00000000`0000007f 00000000`00000008 ffffde80`1ff4ce50 ffffc303`18ce3eb0 : nt!KeBugCheckEx
ffffde80`1ff4cd10 fffff801`3dbcb1ee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffde80`1ff4ce50 fffff801`3dbcf6d4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2ae (TrapFrame @ ffffde80`1ff4ce50)
ffffc303`18ce3eb0 fffff801`3dbc2690 : fffff801`3da6ab79 ffffc303`18ce40b0 fffff801`3dd01b22 ffff9c85`dc600340 : nt!KiServiceInternal+0x14 (TrapFrame @ ffffc303`18ce3eb0)
ffffc303`18ce4048 fffff801`3da6ab79 : ffffc303`18ce40b0 fffff801`3dd01b22 ffff9c85`dc600340 00000000`0000001c : nt!KiServiceLinkage
ffffc303`18ce4050 fffff801`3e02ef23 : 00000000`00001000 000001ba`7d957000 3f514e02`328a7012 3f656107`2057b573 : nt!CmSiProtectViewOfSection+0x31
ffffc303`18ce4090 fffff801`3e02eeb6 : ffffffff`ffffffff 00000000`00028000 ffff9c85`e37c3000 fffff801`3dfa0a5e : nt!HvpViewMapMakeViewRangeCOWByCaller+0x47
ffffc303`18ce40f0 fffff801`3e02eb85 : 00000000`00026000 00000000`00001000 fffff801`3dfdd9f0 fffff801`3dfa2400 : nt!HvpViewMapCOWAndUnsealRange+0x4e
ffffc303`18ce4120 fffff801`3e09664e : ffff9c85`e37c3000 ffffc303`18ce41e9 00000000`0002601c 00000000`7fffffff : nt!HvpSetRangeProtection+0xb9
ffffc303`18ce4170 fffff801`3e096495 : ffff9c85`e37c3050 ffff9c85`e37c3000 ffffcd88`00000002 ffff9c85`e37c3050 : nt!HvpMarkDirty+0x15a
ffffc303`18ce4250 fffff801`3dfad998 : 00000000`ffffffff 01d5e077`59a16de3 ffffc303`18ce43a0 ffff9c85`e13f1ab8 : nt!HvpMarkCellDirty+0xc1
ffffc303`18ce42a0 fffff801`3dfae470 : ffffc303`18ce4888 3ff8f1ae`90000000 000f003f`00000000 3ff97d82`90000000 : nt!CmSetValueKey+0x330
ffffc303`18ce4450 fffff801`3dbcfc08 : 3e62999c`25159f11 3e668925`d901c83b 3e415506`dadd3e2a 3e622aee`6c57304e : nt!NtSetValueKey+0x620
ffffc303`18ce4640 fffff801`3dbc2690 : ffffad23`33bec6c4 00000000`00000002 00000000`00000004 ffffc303`18ce49c0 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffc303`18ce46b0)
ffffc303`18ce4848 ffffad23`33bec6c4 : 00000000`00000002 00000000`00000004 ffffc303`18ce49c0 00000000`00000000 : nt!KiServiceLinkage
ffffc303`18ce4850 ffffad23`33bec599 : ffffad45`006084a0 ffffc303`18ce4a30 ffffad45`006084a0 00000000`00000000 : win32kbase!CitpPostUpdateUseInfoSave+0xac
ffffc303`18ce4930 ffffad23`33c5d6f4 : 00000000`00000002 ffffcd88`00000003 80000039`020932b6 ffffc303`18ce5340 : win32kbase!CitpPostUpdateUseInfoLog+0x109
ffffc303`18ce4e10 ffffad23`33beb768 : fffff801`3daf3fb0 ffffad23`33c43da2 00000000`00000000 00000000`00000047 : win32kbase!CitpSetForegroundProcess+0x71f1c
ffffc303`18ce5230 ffffad23`33beb683 : ffffad45`02d5a010 ffffc303`18ce5359 ffffad45`04d92500 ffffad23`33ac7a64 : win32kbase!CitpProcessForegroundChange+0xd8
ffffc303`18ce5280 ffffad23`33882fa1 : 00000000`00000780 00000000`00000001 ffffad23`33c153d0 ffffad23`33894830 : win32kbase!CitProcessForegroundChange+0x43
ffffc303`18ce52c0 ffffad23`33887ff3 : 00000000`00000000 ffffc303`18ce54c0 00000000`00000000 00000410`00000780 : win32kfull!xxxSetForegroundThreadWithWindowHint+0xc5
ffffc303`18ce53c0 ffffad23`3388648b : ffffad45`04d92500 ffffad45`04d92500 00000000`00000000 ffffad45`02d5a010 : win32kfull!xxxSetForegroundWindow2+0x11f
ffffc303`18ce5520 ffffad23`33880c2f : ffffad45`0061f401 ffffad45`0061f4a0 ffffad45`00000000 ffffc303`18ce5630 : win32kfull!xxxSetForegroundWindowWithOptions+0x9f
ffffc303`18ce55d0 ffffad23`33893f9e : 00000000`00000000 ffffad45`04d85500 ffffc303`18ce56e9 ffffad45`0061f4a0 : win32kfull!xxxActivateWindowWithOptions+0x1e3
ffffc303`18ce5650 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85500 ffffad45`04d85280 ffffad45`04d85560 : win32kfull!xxxDestroyWindow+0x67e
ffffc303`18ce5750 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5839 ffffad45`0061f4a0 ffffad45`04d85280 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce57a0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85280 ffffad45`04d85000 ffffad45`04d852e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce58a0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5989 ffffad45`0061f4a0 ffffad45`04d85000 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce58f0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85000 ffffad45`04d84c80 ffffad45`04d85060 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce59f0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5ad9 ffffad45`0061f4a0 ffffad45`04d84c80 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5a40 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84c80 ffffad45`04d84a00 ffffad45`04d84ce0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5b40 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5c29 ffffad45`0061f4a0 ffffad45`04d84a00 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5b90 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84a00 ffffad45`04d84780 ffffad45`04d84a60 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5c90 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5d79 ffffad45`0061f4a0 ffffad45`04d84780 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5ce0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84780 ffffad45`04d84500 ffffad45`04d847e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5de0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5ec9 ffffad45`0061f4a0 ffffad45`04d84500 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5e30 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84500 ffffad45`04d84280 ffffad45`04d84560 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5f30 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce6019 ffffad45`0061f4a0 ffffad45`04d84280 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5f80 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84280 ffffad45`04d84000 ffffad45`04d842e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce6080 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce6169 ffffad45`0061f4a0 ffffad45`04d84000 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
12: kd> !stackusage
Stack Usage By Function
=================================================================================
Size Count Module
0x00003100 49 win32kfull!xxxDestroyWindow
0x00000F50 49 win32kfull!xxxDW_DestroyOwnedWindows
0x000004E0 1 win32kbase!CitpPostUpdateUseInfoLog
0x00000420 1 win32kbase!CitpSetForegroundProcess
0x00000208 1 nt!KiSystemServiceCopyEnd
0x000001F0 1 nt!NtSetValueKey
0x000001C0 1 win32kfull!xxxRealDefWindowProc
0x000001B0 1 nt!CmSetValueKey
0x00000198 1 nt!KiServiceInternal
0x00000160 1 win32kfull!xxxSetForegroundWindow2
0x00000140 1 nt!KiBugCheckDispatch
0x00000100 1 win32kfull!xxxSetForegroundThreadWithWindowHint
0x00000100 1 win32kfull!xxxDestroyWindow
0x000000E0 1 win32kbase!CitpPostUpdateUseInfoSave
0x000000E0 1 nt!HvpMarkDirty
0x000000B0 1 win32kfull!xxxSetForegroundWindowWithOptions
0x00000080 1 win32kfull!xxxActivateWindowWithOptions
0x00000080 1 win32kfull!NtUserMessageCall
0x00000070 1 win32kfull!xxxWrapRealDefWindowProc
0x00000060 1 nt!HvpViewMapMakeViewRangeCOWByCaller
0x00000050 1 win32kbase!CitpProcessForegroundChange
0x00000050 1 nt!HvpSetRangeProtection
0x00000050 1 nt!HvpMarkCellDirty
0x00000040 1 win32kfull!NtUserfnDWORD
0x00000040 1 win32kbase!CitProcessForegroundChange
0x00000040 1 nt!CmSiProtectViewOfSection
0x00000030 1 nt!HvpViewMapCOWAndUnsealRange
0x00000010 2 nt!KiServiceLinkage
0x00000008 2 nt!KeBugCheckEx
Total Size: 0x00005D28
Stack Usage By Module
=================================================================================
Size Count Module
0x000047D0 107 win32kfull
0x00000AE8 15 nt
0x00000A70 5 win32kbase
Total Size: 0x00005D28
12: kd> !process ffffcd8830d5f080
PROCESS ffffcd8830d5f080
SessionId: 1 Cid: 09b0 Peb: 377234e000 ParentCid: 0ce0
DirBase: 2fe155002 ObjectTable: ffff9c85e4cd8000 HandleCount: 988.
Image: NMX Designer.exe
VadRoot ffffcd8832afba40 Vads 835 Clone 0 Private 115044. Modified 3379. Locked 38.
DeviceMap ffff9c85dcc13d20
Token ffff9c85ffbd55f0
ElapsedTime 04:07:48.116
UserTime 00:00:02.859
KernelTime 00:00:00.859
QuotaPoolUsage[PagedPool] 993184
QuotaPoolUsage[NonPagedPool] 289852
Working Set Sizes (now,min,max) (144197, 50, 345) (576788KB, 200KB, 1380KB)
PeakWorkingSetSize 147314
VirtualSize 5495 Mb
PeakVirtualSize 5549 Mb
PageFaultCount 1637927
MemoryPriority FOREGROUND
BasePriority 8
CommitCharge 124792
Job ffffc58fb9811970
THREAD ffffcd8830367080 Cid 09b0.27c0 Teb: 000000377234f000 Win32Thread: ffffcd8832afc530 RUNNING on processor c
Not impersonating
DeviceMap ffff9c85dce03f50
Owning Process ffffcd8830d5f080 Image: NMX Designer.exe
Attached Process ffffc58fb3c17140 Image: Registry
Wait Start TickCount 2717873 Ticks: 0
Context Switch Count 6813275 IdealProcessor: 23
UserTime 00:45:58.484
KernelTime 00:01:29.218
Win32 Start Address 0x000001a0976c0000
Stack Init ffffc30318ce9c90 Current ffffc303156c8a20
Base ffffc30318cea000 Limit ffffc30318ce4000 Call 0000000000000000
Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
Child-SP RetAddr Call Site
ffffde80`1ff4cd08 fffff801`3dbd01e9 nt!KeBugCheckEx
ffffde80`1ff4cd10 fffff801`3dbcb1ee nt!KiBugCheckDispatch+0x69
ffffde80`1ff4ce50 fffff801`3dbcf6d4 nt!KiDoubleFaultAbort+0x2ae (TrapFrame @ ffffde80`1ff4ce50)
ffffc303`18ce3eb0 fffff801`3dbc2690 nt!KiServiceInternal+0x14 (TrapFrame @ ffffc303`18ce3eb0)
ffffc303`18ce4048 fffff801`3da6ab79 nt!KiServiceLinkage
ffffc303`18ce4050 fffff801`3e02ef23 nt!CmSiProtectViewOfSection+0x31
ffffc303`18ce4090 fffff801`3e02eeb6 nt!HvpViewMapMakeViewRangeCOWByCaller+0x47
ffffc303`18ce40f0 fffff801`3e02eb85 nt!HvpViewMapCOWAndUnsealRange+0x4e
ffffc303`18ce4120 fffff801`3e09664e nt!HvpSetRangeProtection+0xb9
ffffc303`18ce4170 fffff801`3e096495 nt!HvpMarkDirty+0x15a
ffffc303`18ce4250 fffff801`3dfad998 nt!HvpMarkCellDirty+0xc1
ffffc303`18ce42a0 fffff801`3dfae470 nt!CmSetValueKey+0x330
ffffc303`18ce4450 fffff801`3dbcfc08 nt!NtSetValueKey+0x620
ffffc303`18ce4640 fffff801`3dbc2690 nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffc303`18ce46b0)
ffffc303`18ce4848 ffffad23`33bec6c4 nt!KiServiceLinkage
ffffc303`18ce4850 ffffad23`33bec599 win32kbase!CitpPostUpdateUseInfoSave+0xac
ffffc303`18ce4930 ffffad23`33c5d6f4 win32kbase!CitpPostUpdateUseInfoLog+0x109
ffffc303`18ce4e10 ffffad23`33beb768 win32kbase!CitpSetForegroundProcess+0x71f1c
ffffc303`18ce5230 ffffad23`33beb683 win32kbase!CitpProcessForegroundChange+0xd8
ffffc303`18ce5280 ffffad23`33882fa1 win32kbase!CitProcessForegroundChange+0x43
ffffc303`18ce52c0 ffffad23`33887ff3 win32kfull!xxxSetForegroundThreadWithWindowHint+0xc5
ffffc303`18ce53c0 ffffad23`3388648b win32kfull!xxxSetForegroundWindow2+0x11f
ffffc303`18ce5520 ffffad23`33880c2f win32kfull!xxxSetForegroundWindowWithOptions+0x9f
ffffc303`18ce55d0 ffffad23`33893f9e win32kfull!xxxActivateWindowWithOptions+0x1e3
ffffc303`18ce5650 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x67e
ffffc303`18ce5750 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce57a0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce58a0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce58f0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce59f0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5a40 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5b40 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5b90 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5c90 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5ce0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5de0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5e30 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5f30 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5f80 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce6080 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
Continue reading...
On one of out tests setups we are experiencing bugcheck 7F EXCEPTION_DOUBLE_FAULT as shown below. The user mode context of the faulting thread is our .net GUI application i.e. when it is in the process of being terminated via script (using pskill). The crash is random in that sometime the pskill on the process does not bugcheck the system. Earlier I came across this post which looks similar to the issue we are facing.
TSS blog: февраля 2015
Since this is an automation setup I am nor sure exactly what is the UI state of the application. Presumably there are several error popups which could be active at the point when pskill is initiated on out process. Just wanted to understand if there's any way in which we could circumvent this issue ? With that I am assuming that generally and under no circumstance should UM code be able to trigger a KM bugcheck.
The OS is Windows Server 2009 standard edition and is up to the latest patch level was of this writing. Earlier tere was wdfilter also in the call stack which I disable via local group policy. But the crash persists even without wdfilter in the call stack.
12: kd> vertarget
Windows 10 Kernel Version 17763 MP (24 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff801`3da08000 PsLoadedModuleList = 0xfffff801`3de21710
Debug session time: Mon Feb 10 17:05:28.677 2020 (UTC - 8:00)
System Uptime: 0 days 11:47:46.778
12: kd> .bugcheck
Bugcheck code 0000007F
Arguments 00000000`00000008 ffffde80`1ff4ce50 ffffc303`18ce3eb0 fffff801`3dbcf6d4
12: kd> !sysinfo machineid
Machine ID Information [From Smbios 2.7, DMIVersion 0, Size=5393]
BiosMajorRelease = 0
BiosMinorRelease = 0
FirmwareMajorRelease = 0
FirmwareMinorRelease = 0
BiosVendor = Intel Corporation
BiosVersion = SE5C610.86B.01.01.0014.121820151719
BiosReleaseDate = 12/18/2015
SystemManufacturer = Intel Corporation
SystemProductName = S2600WT2R
SystemFamily = Family
SystemVersion = ....................
SystemSKU = SKU Number
BaseBoardManufacturer = Intel Corporation
BaseBoardProduct = S2600WT2R
BaseBoardVersion = H21573-366
12: kd> !sysinfo cpuinfo
[CPU Information]
~MHz = REG_DWORD 2394
Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
Identifier = REG_SZ Intel64 Family 6 Model 63 Stepping 2
ProcessorNameString = REG_SZ Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
Update Status = REG_DWORD 0
VendorIdentifier = REG_SZ GenuineIntel
MSR8B = REG_QWORD 3c00000000
12: kd> !thread
THREAD ffffcd8830367080 Cid 09b0.27c0 Teb: 000000377234f000 Win32Thread: ffffcd8832afc530 RUNNING on processor c
Not impersonating
DeviceMap ffff9c85dce03f50
Owning Process ffffcd8830d5f080 Image: NMX Designer.exe
Attached Process ffffc58fb3c17140 Image: Registry
Wait Start TickCount 2717873 Ticks: 0
Context Switch Count 6813275 IdealProcessor: 23
UserTime 00:45:58.484
KernelTime 00:01:29.218
Win32 Start Address 0x000001a0976c0000
Stack Init ffffc30318ce9c90 Current ffffc303156c8a20
Base ffffc30318cea000 Limit ffffc30318ce4000 Call 0000000000000000
Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffde80`1ff4cd08 fffff801`3dbd01e9 : 00000000`0000007f 00000000`00000008 ffffde80`1ff4ce50 ffffc303`18ce3eb0 : nt!KeBugCheckEx
ffffde80`1ff4cd10 fffff801`3dbcb1ee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffde80`1ff4ce50 fffff801`3dbcf6d4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2ae (TrapFrame @ ffffde80`1ff4ce50)
ffffc303`18ce3eb0 fffff801`3dbc2690 : fffff801`3da6ab79 ffffc303`18ce40b0 fffff801`3dd01b22 ffff9c85`dc600340 : nt!KiServiceInternal+0x14 (TrapFrame @ ffffc303`18ce3eb0)
ffffc303`18ce4048 fffff801`3da6ab79 : ffffc303`18ce40b0 fffff801`3dd01b22 ffff9c85`dc600340 00000000`0000001c : nt!KiServiceLinkage
ffffc303`18ce4050 fffff801`3e02ef23 : 00000000`00001000 000001ba`7d957000 3f514e02`328a7012 3f656107`2057b573 : nt!CmSiProtectViewOfSection+0x31
ffffc303`18ce4090 fffff801`3e02eeb6 : ffffffff`ffffffff 00000000`00028000 ffff9c85`e37c3000 fffff801`3dfa0a5e : nt!HvpViewMapMakeViewRangeCOWByCaller+0x47
ffffc303`18ce40f0 fffff801`3e02eb85 : 00000000`00026000 00000000`00001000 fffff801`3dfdd9f0 fffff801`3dfa2400 : nt!HvpViewMapCOWAndUnsealRange+0x4e
ffffc303`18ce4120 fffff801`3e09664e : ffff9c85`e37c3000 ffffc303`18ce41e9 00000000`0002601c 00000000`7fffffff : nt!HvpSetRangeProtection+0xb9
ffffc303`18ce4170 fffff801`3e096495 : ffff9c85`e37c3050 ffff9c85`e37c3000 ffffcd88`00000002 ffff9c85`e37c3050 : nt!HvpMarkDirty+0x15a
ffffc303`18ce4250 fffff801`3dfad998 : 00000000`ffffffff 01d5e077`59a16de3 ffffc303`18ce43a0 ffff9c85`e13f1ab8 : nt!HvpMarkCellDirty+0xc1
ffffc303`18ce42a0 fffff801`3dfae470 : ffffc303`18ce4888 3ff8f1ae`90000000 000f003f`00000000 3ff97d82`90000000 : nt!CmSetValueKey+0x330
ffffc303`18ce4450 fffff801`3dbcfc08 : 3e62999c`25159f11 3e668925`d901c83b 3e415506`dadd3e2a 3e622aee`6c57304e : nt!NtSetValueKey+0x620
ffffc303`18ce4640 fffff801`3dbc2690 : ffffad23`33bec6c4 00000000`00000002 00000000`00000004 ffffc303`18ce49c0 : nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffc303`18ce46b0)
ffffc303`18ce4848 ffffad23`33bec6c4 : 00000000`00000002 00000000`00000004 ffffc303`18ce49c0 00000000`00000000 : nt!KiServiceLinkage
ffffc303`18ce4850 ffffad23`33bec599 : ffffad45`006084a0 ffffc303`18ce4a30 ffffad45`006084a0 00000000`00000000 : win32kbase!CitpPostUpdateUseInfoSave+0xac
ffffc303`18ce4930 ffffad23`33c5d6f4 : 00000000`00000002 ffffcd88`00000003 80000039`020932b6 ffffc303`18ce5340 : win32kbase!CitpPostUpdateUseInfoLog+0x109
ffffc303`18ce4e10 ffffad23`33beb768 : fffff801`3daf3fb0 ffffad23`33c43da2 00000000`00000000 00000000`00000047 : win32kbase!CitpSetForegroundProcess+0x71f1c
ffffc303`18ce5230 ffffad23`33beb683 : ffffad45`02d5a010 ffffc303`18ce5359 ffffad45`04d92500 ffffad23`33ac7a64 : win32kbase!CitpProcessForegroundChange+0xd8
ffffc303`18ce5280 ffffad23`33882fa1 : 00000000`00000780 00000000`00000001 ffffad23`33c153d0 ffffad23`33894830 : win32kbase!CitProcessForegroundChange+0x43
ffffc303`18ce52c0 ffffad23`33887ff3 : 00000000`00000000 ffffc303`18ce54c0 00000000`00000000 00000410`00000780 : win32kfull!xxxSetForegroundThreadWithWindowHint+0xc5
ffffc303`18ce53c0 ffffad23`3388648b : ffffad45`04d92500 ffffad45`04d92500 00000000`00000000 ffffad45`02d5a010 : win32kfull!xxxSetForegroundWindow2+0x11f
ffffc303`18ce5520 ffffad23`33880c2f : ffffad45`0061f401 ffffad45`0061f4a0 ffffad45`00000000 ffffc303`18ce5630 : win32kfull!xxxSetForegroundWindowWithOptions+0x9f
ffffc303`18ce55d0 ffffad23`33893f9e : 00000000`00000000 ffffad45`04d85500 ffffc303`18ce56e9 ffffad45`0061f4a0 : win32kfull!xxxActivateWindowWithOptions+0x1e3
ffffc303`18ce5650 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85500 ffffad45`04d85280 ffffad45`04d85560 : win32kfull!xxxDestroyWindow+0x67e
ffffc303`18ce5750 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5839 ffffad45`0061f4a0 ffffad45`04d85280 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce57a0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85280 ffffad45`04d85000 ffffad45`04d852e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce58a0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5989 ffffad45`0061f4a0 ffffad45`04d85000 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce58f0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d85000 ffffad45`04d84c80 ffffad45`04d85060 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce59f0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5ad9 ffffad45`0061f4a0 ffffad45`04d84c80 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5a40 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84c80 ffffad45`04d84a00 ffffad45`04d84ce0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5b40 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5c29 ffffad45`0061f4a0 ffffad45`04d84a00 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5b90 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84a00 ffffad45`04d84780 ffffad45`04d84a60 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5c90 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5d79 ffffad45`0061f4a0 ffffad45`04d84780 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5ce0 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84780 ffffad45`04d84500 ffffad45`04d847e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5de0 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce5ec9 ffffad45`0061f4a0 ffffad45`04d84500 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5e30 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84500 ffffad45`04d84280 ffffad45`04d84560 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5f30 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce6019 ffffad45`0061f4a0 ffffad45`04d84280 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5f80 ffffad23`338eca77 : 00000000`00000000 ffffad45`04d84280 ffffad45`04d84000 ffffad45`04d842e0 : win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce6080 ffffad23`33893b31 : 00000000`00000000 ffffc303`18ce6169 ffffad45`0061f4a0 ffffad45`04d84000 : win32kfull!xxxDW_DestroyOwnedWindows+0x107
12: kd> !stackusage
Stack Usage By Function
=================================================================================
Size Count Module
0x00003100 49 win32kfull!xxxDestroyWindow
0x00000F50 49 win32kfull!xxxDW_DestroyOwnedWindows
0x000004E0 1 win32kbase!CitpPostUpdateUseInfoLog
0x00000420 1 win32kbase!CitpSetForegroundProcess
0x00000208 1 nt!KiSystemServiceCopyEnd
0x000001F0 1 nt!NtSetValueKey
0x000001C0 1 win32kfull!xxxRealDefWindowProc
0x000001B0 1 nt!CmSetValueKey
0x00000198 1 nt!KiServiceInternal
0x00000160 1 win32kfull!xxxSetForegroundWindow2
0x00000140 1 nt!KiBugCheckDispatch
0x00000100 1 win32kfull!xxxSetForegroundThreadWithWindowHint
0x00000100 1 win32kfull!xxxDestroyWindow
0x000000E0 1 win32kbase!CitpPostUpdateUseInfoSave
0x000000E0 1 nt!HvpMarkDirty
0x000000B0 1 win32kfull!xxxSetForegroundWindowWithOptions
0x00000080 1 win32kfull!xxxActivateWindowWithOptions
0x00000080 1 win32kfull!NtUserMessageCall
0x00000070 1 win32kfull!xxxWrapRealDefWindowProc
0x00000060 1 nt!HvpViewMapMakeViewRangeCOWByCaller
0x00000050 1 win32kbase!CitpProcessForegroundChange
0x00000050 1 nt!HvpSetRangeProtection
0x00000050 1 nt!HvpMarkCellDirty
0x00000040 1 win32kfull!NtUserfnDWORD
0x00000040 1 win32kbase!CitProcessForegroundChange
0x00000040 1 nt!CmSiProtectViewOfSection
0x00000030 1 nt!HvpViewMapCOWAndUnsealRange
0x00000010 2 nt!KiServiceLinkage
0x00000008 2 nt!KeBugCheckEx
Total Size: 0x00005D28
Stack Usage By Module
=================================================================================
Size Count Module
0x000047D0 107 win32kfull
0x00000AE8 15 nt
0x00000A70 5 win32kbase
Total Size: 0x00005D28
12: kd> !process ffffcd8830d5f080
PROCESS ffffcd8830d5f080
SessionId: 1 Cid: 09b0 Peb: 377234e000 ParentCid: 0ce0
DirBase: 2fe155002 ObjectTable: ffff9c85e4cd8000 HandleCount: 988.
Image: NMX Designer.exe
VadRoot ffffcd8832afba40 Vads 835 Clone 0 Private 115044. Modified 3379. Locked 38.
DeviceMap ffff9c85dcc13d20
Token ffff9c85ffbd55f0
ElapsedTime 04:07:48.116
UserTime 00:00:02.859
KernelTime 00:00:00.859
QuotaPoolUsage[PagedPool] 993184
QuotaPoolUsage[NonPagedPool] 289852
Working Set Sizes (now,min,max) (144197, 50, 345) (576788KB, 200KB, 1380KB)
PeakWorkingSetSize 147314
VirtualSize 5495 Mb
PeakVirtualSize 5549 Mb
PageFaultCount 1637927
MemoryPriority FOREGROUND
BasePriority 8
CommitCharge 124792
Job ffffc58fb9811970
THREAD ffffcd8830367080 Cid 09b0.27c0 Teb: 000000377234f000 Win32Thread: ffffcd8832afc530 RUNNING on processor c
Not impersonating
DeviceMap ffff9c85dce03f50
Owning Process ffffcd8830d5f080 Image: NMX Designer.exe
Attached Process ffffc58fb3c17140 Image: Registry
Wait Start TickCount 2717873 Ticks: 0
Context Switch Count 6813275 IdealProcessor: 23
UserTime 00:45:58.484
KernelTime 00:01:29.218
Win32 Start Address 0x000001a0976c0000
Stack Init ffffc30318ce9c90 Current ffffc303156c8a20
Base ffffc30318cea000 Limit ffffc30318ce4000 Call 0000000000000000
Priority 11 BasePriority 8 PriorityDecrement 2 IoPriority 2 PagePriority 5
Child-SP RetAddr Call Site
ffffde80`1ff4cd08 fffff801`3dbd01e9 nt!KeBugCheckEx
ffffde80`1ff4cd10 fffff801`3dbcb1ee nt!KiBugCheckDispatch+0x69
ffffde80`1ff4ce50 fffff801`3dbcf6d4 nt!KiDoubleFaultAbort+0x2ae (TrapFrame @ ffffde80`1ff4ce50)
ffffc303`18ce3eb0 fffff801`3dbc2690 nt!KiServiceInternal+0x14 (TrapFrame @ ffffc303`18ce3eb0)
ffffc303`18ce4048 fffff801`3da6ab79 nt!KiServiceLinkage
ffffc303`18ce4050 fffff801`3e02ef23 nt!CmSiProtectViewOfSection+0x31
ffffc303`18ce4090 fffff801`3e02eeb6 nt!HvpViewMapMakeViewRangeCOWByCaller+0x47
ffffc303`18ce40f0 fffff801`3e02eb85 nt!HvpViewMapCOWAndUnsealRange+0x4e
ffffc303`18ce4120 fffff801`3e09664e nt!HvpSetRangeProtection+0xb9
ffffc303`18ce4170 fffff801`3e096495 nt!HvpMarkDirty+0x15a
ffffc303`18ce4250 fffff801`3dfad998 nt!HvpMarkCellDirty+0xc1
ffffc303`18ce42a0 fffff801`3dfae470 nt!CmSetValueKey+0x330
ffffc303`18ce4450 fffff801`3dbcfc08 nt!NtSetValueKey+0x620
ffffc303`18ce4640 fffff801`3dbc2690 nt!KiSystemServiceCopyEnd+0x28 (TrapFrame @ ffffc303`18ce46b0)
ffffc303`18ce4848 ffffad23`33bec6c4 nt!KiServiceLinkage
ffffc303`18ce4850 ffffad23`33bec599 win32kbase!CitpPostUpdateUseInfoSave+0xac
ffffc303`18ce4930 ffffad23`33c5d6f4 win32kbase!CitpPostUpdateUseInfoLog+0x109
ffffc303`18ce4e10 ffffad23`33beb768 win32kbase!CitpSetForegroundProcess+0x71f1c
ffffc303`18ce5230 ffffad23`33beb683 win32kbase!CitpProcessForegroundChange+0xd8
ffffc303`18ce5280 ffffad23`33882fa1 win32kbase!CitProcessForegroundChange+0x43
ffffc303`18ce52c0 ffffad23`33887ff3 win32kfull!xxxSetForegroundThreadWithWindowHint+0xc5
ffffc303`18ce53c0 ffffad23`3388648b win32kfull!xxxSetForegroundWindow2+0x11f
ffffc303`18ce5520 ffffad23`33880c2f win32kfull!xxxSetForegroundWindowWithOptions+0x9f
ffffc303`18ce55d0 ffffad23`33893f9e win32kfull!xxxActivateWindowWithOptions+0x1e3
ffffc303`18ce5650 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x67e
ffffc303`18ce5750 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce57a0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce58a0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce58f0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce59f0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5a40 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5b40 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5b90 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5c90 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5ce0 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5de0 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5e30 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce5f30 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
ffffc303`18ce5f80 ffffad23`338eca77 win32kfull!xxxDestroyWindow+0x211
ffffc303`18ce6080 ffffad23`33893b31 win32kfull!xxxDW_DestroyOwnedWindows+0x107
Continue reading...