Hello,

my windows 2008 server (datacenter ed) 64bit , have recently created a series of BSOD on a different applications. the error message is in general EXCEPTION_DOUBLE_FAULT.

Can anyone please help with the analysis of the dump file bellow-

Best regards, Mark

2: kd> !analyze -v

• *
• Bugcheck Analysis *
• *

  ---

UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a portion of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: 0000000080050033 Arg3: 00000000000006f8 Arg4: fffff800018b1678

Debugging Details:

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

PROCESS_NAME: CustomerService.

CURRENT_IRQL: 1

EXCEPTION_RECORD: fffffa6004e45568 -- (.exr 0xfffffa6004e45568) ExceptionAddress: fffff800018a0150 (nt!RtlVirtualUnwind+0x0000000000000250) ExceptionCode: 10000004 ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000000000d8

TRAP_FRAME: fffffa6004e45610 -- (.trap 0xfffffa6004e45610) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000050 rbx=0000000000000000 rcx=0000000000000004 rdx=00000000000000d8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800018a0150 rsp=fffffa6004e457a0 rbp=fffffa6004e459e0 r8=0000000000000006 r9=fffff8000181e000 r10=ffffffffffffff88 r11=fffff80001a1c000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!RtlVirtualUnwind+0x250: fffff800018a0150 488b02 mov rax,qword ptr [rdx] ds:00000000000000d8=???????????????? Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800018781ee to fffff80001878450

STACK_TEXT:
fffffa6001768a68 fffff800018781ee : 000000000000007f 0000000000000008 0000000080050033 00000000000006f8 : nt!KeBugCheckEx fffffa6001768a70 fffff80001876a38 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiBugCheckDispatch+0x6e fffffa6001768bb0 fffff800018b1678 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiDoubleFaultAbort+0xb8 fffffa6004e44e30 fffff800018782a9 : fffffa6004e45568 0000000000000001 fffffa6004e45610 000000000000023b : nt!KiDispatchException+0x34 fffffa6004e45430 fffff800018770a5 : 0000000000000000 0000000000000000 0000000000000000 0000000000000001 : nt!KiExceptionDispatch+0xa9 fffffa6004e45610 fffff800018a0150 : fffffa6004e46638 fffffa6004e46010 fffff80001965190 fffff8000181e000 : nt!KiPageFault+0x1e5 fffffa6004e457a0 fffff800018a3f78 : fffffa6000000001 0000000000000000 0000000000000000 ffffffffffffff88 : nt!RtlVirtualUnwind+0x250 fffffa6004e45810 fffff800018b1706 : fffffa6004e46638 fffffa6004e46010 fffffa6000000000 0000000000000000 : nt!RtlDispatchException+0x118 fffffa6004e45f00 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiDispatchException+0xc2

STACK_COMMAND: kb FOLLOWUP_IP: nt!KiDoubleFaultAbort+b8 fffff800`01876a38 90 nop SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!KiDoubleFaultAbort+b8 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4a7801eb FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b8 BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b8

Followup: MachineOwner