Having a BSOD from Win32kfull by closing a specific Winforms Control

Frederic Niquet 25 Reputation points
2024-03-18T17:42:14.27+00:00

Im having a Win32kfull BSOD since KB5034848 with Exception_Double_Fault in the symbol named win32kfull!SetOrClrWF+18e

BSOD is caused while closing a specific WinForms (complex) control in an application developed by my company

Introduced since KB5034848

Stlll present with KB5035853

I attach a mini dump

https://lexifi1-my.sharepoint.com/:u:/g/personal/frederic_niquet_lexifi_com/EY5L7BCeyg1OsNcSWEAR97IB5Ih8bhrFKwHvr_wluJMR4Q?e=7YFM0D

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,194 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wesley Li 4,965 Reputation points
    2024-03-21T02:24:45.75+00:00

    Hello

    If the issue occurred after a windows update, please uninstall the update from the update control panel then check the issue again.

    Right click the update then choose uninstall.

    xumeipo 3.21

    If it is possible, please remove the following software temporarily then check the issue again.

    lmDvmKfeCo11X64

    Browse full module list

    start end module name

    fffff8034d5b0000 fffff8034eb4e000 KfeCo11X64 (deferred)

    Image path: \SystemRoot\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys

    Image name: KfeCo11X64.sys

    Browse all global symbols functions data

    Timestamp: Wed Jul 12 13:15:08 2023 (64AE36DC)

    CheckSum: 00035ADF

    ImageSize: 0159E000

    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

  2. Urs Vogel 0 Reputation points
    2024-03-28T07:22:29.4933333+00:00

    We have exactly the same problem. Windows BSODs with UNEXPECTED_KERNEL_MODE_TRAP in Win32kfull.sys when a WinForm-Window with several layers (Panels) is closed. This happens since KB5035853, on any computer, any brand. According to a debug session, it happens during the Form.Dispose() method, but this information may not be totally accurate.

    Same here, we can't tell our customers not to install Windows Updates...

  3. Gary Nebbett 5,721 Reputation points
    2024-04-03T14:59:09.9633333+00:00

    Hello Frederic,

    One temporary protection measure might be to reduce the limit on the number of nested windows. By default, the limit is 50 but it can be reduced by editing the registry value USERNestedWindowLimit under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows. You might need to use trial and error to determine the maximum value that is safe on your (and your customers) system (it might vary depending on what else requires space on the kernel stack (e.g. some security products)). I would suggest a value of about 30 (rough calculations suggest that about 31 would be the limit, but that would be sailing close to the wind).

    [Update: only values between 35 and 100 can be set as the value for USERNestedWindowLimit, but I think that 30 to 31 would be needed to prevent the issue]

    Obviously, applications that try to nest windows deeply might fail (or fail to work properly).

    It might be possible to increase the kernel stack size instead of reducing the window nesting depth - I am still investigating this. [Update: there appears to be no practical method of influencing this value; it is calculated at boot time based on characteristics of the CPU].

    Nesting windows deeper than 35 is possible, but one would have to ensure that some layers of nested windows are explicitly deleted before allowing the top-level window to be deleted - it is the recursive deletion that causes the kernel stack to overflow.

    UPDATE: see https://support.microsoft.com/en-au/topic/february-13-2024-kb5034768-os-build-17763-5458-f06ecec0-23b0-4860-880b-74a2fd1b56c0:

    This update addresses an issue that affects the Windows nesting limit. You can now set it to a low of 35 instead of 50. This is the registry value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERNestedWindowLimit. To learn more, see What is the window nesting limit?. Do not change this limit unless a kernel stack overflow and a recursion in DestroyWindow() cause stop errors.

    Gary

    0 comments
  4. JR 0 Reputation points
    2024-04-12T14:44:05.88+00:00

    Any updates?
    We are also having this issue as stated above...Windows BSODs with UNEXPECTED_KERNEL_MODE_TRAP in Win32kfull.sys when a WinForm-Window with several layers (Panels) is closed. This happens since KB5035853 in late march 2024.

    In our application's case the appears to be only edge cases in some of the UI screens that can cause this, but is occurring frequently all of a sudden after that update.

  5. workforce45 626 Reputation points
    2024-04-12T21:54:40+00:00

    Hi Frederic Niquet,

    Please refer an article mentioned below to troubleshoot the existed problem with BSOD.TROUBLESHOOT BLUE SCREEN ERROR IN WINDOWS WITH DATA RECOVERY - Microsoft Community

    If the above article doesn’t help, there could be a problem with a Windows Image. Please refer an article mentioned below to troubleshooting Windows image related problems.

    How to Repair Windows Image and Kernel Operations in Windows 10/11 - Microsoft Community

    Please update with your findings!

    Sincerely,

    CK

    0 comments