UNEXPECTED_KERNEL_MODE_TRAP exception and windows crash on touch

Question

we are facing a windows crash when Windows 2019 server on touch.

following are the finding from the crash mini dump,

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

BugCheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

    use .tss on the part before the colon, then kv. 

Else if kv shows a trapframe

    use .trap on that value 

Else

    .trap on the appropriate frame will show where the trap was taken 

    (on x86, this will be the ebp that goes with the procedure KiTrap) 

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT

Arg2: fffff8032769ce50

Arg3: fffff88a9cfb2ff0

Arg4: fffff80324a7829f

Debugging Details:

---

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec 

Value: 2171 

Key  : Analysis.Elapsed.mSec 

Value: 2357 

Key  : Analysis.IO.Other.Mb 

Value: 0 

Key  : Analysis.IO.Read.Mb 

Value: 0 

Key  : Analysis.IO.Write.Mb 

Value: 1 

Key  : Analysis.Init.CPU.mSec 

Value: 1687 

Key  : Analysis.Init.Elapsed.mSec 

Value: 23768 

Key  : Analysis.Memory.CommitPeak.Mb 

Value: 99 

Key  : Bugcheck.Code.LegacyAPI 

Value: 0x1000007f 

Key  : Bugcheck.Code.TargetModel 

Value: 0x1000007f 

Key  : Dump.Attributes.AsUlong 

Value: 8 

Key  : Dump.Attributes.KernelGeneratedTriageDump 

Value: 1 

Key  : Failure.Bucket 

Value: 0x7f\_8\_STACK\_USAGE\_RECURSION\_win32kfull!xxxDCEWindowHitTest2Internal 

Key  : Failure.Hash 

Value: {bf1823fb-da15-f301-8ca8-5d738570a28e} 

Key  : Hypervisor.Enlightenments.Value 

Value: 8992 

Key  : Hypervisor.Enlightenments.ValueHex 

Value: 2320 

Key  : Hypervisor.Flags.AnyHypervisorPresent 

Value: 1 

Key  : Hypervisor.Flags.ApicEnlightened 

Value: 0 

Key  : Hypervisor.Flags.AsyncMemoryHint 

Value: 0 

Key  : Hypervisor.Flags.CpuManager 

Value: 0 

Key  : Hypervisor.Flags.DeprecateAutoEoi 

Value: 0 

Key  : Hypervisor.Flags.DynamicCpuDisabled 

Value: 0 

Key  : Hypervisor.Flags.Epf 

Value: 0 

Key  : Hypervisor.Flags.ExtendedProcessorMasks 

Value: 0 

Key  : Hypervisor.Flags.HardwareMbecAvailable 

Value: 1 

Key  : Hypervisor.Flags.MaxBankNumber 

Value: 0 

Key  : Hypervisor.Flags.MemoryZeroingControl 

Value: 0 

Key  : Hypervisor.Flags.NoExtendedRangeFlush 

Value: 1 

Key  : Hypervisor.Flags.NoNonArchCoreSharing 

Value: 0 

Key  : Hypervisor.Flags.Phase0InitDone 

Value: 1 

Key  : Hypervisor.Flags.PowerSchedulerQos 

Value: 0 

Key  : Hypervisor.Flags.RootScheduler 

Value: 0 

Key  : Hypervisor.Flags.SynicAvailable 

Value: 0 

Key  : Hypervisor.Flags.UseQpcBias 

Value: 0 

Key  : Hypervisor.Flags.Value 

Value: 667656 

Key  : Hypervisor.Flags.ValueHex 

Value: a3008 

Key  : Hypervisor.Flags.VpAssistPage 

Value: 1 

Key  : Hypervisor.Flags.VsmAvailable 

Value: 0 

Key  : Hypervisor.RootFlags.Value 

Value: 0 

Key  : Hypervisor.RootFlags.ValueHex 

Value: 0 

BUGCHECK_CODE: 7f

BUGCHECK_P1: 8

BUGCHECK_P2: fffff8032769ce50

BUGCHECK_P3: fffff88a9cfb2ff0

BUGCHECK_P4: fffff80324a7829f

FILE_IN_CAB: 042224-10406-01.dmp

VIRTUAL_MACHINE: VMware

DUMP_FILE_ATTRIBUTES: 0x8

Kernel Generated Triage Dump

STACK_OVERFLOW: Stack Limit: fffff88a9cfb3000. Use (kF) and (!stackusage) to investigate stack usage.

STACKUSAGE_FUNCTION: The function at address 0xffffc40f530ad345 was blamed for the stack overflow. It is using 8512 bytes of stack total in 38 instances (likely recursion).

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXPNP: 1 (!blackboxpnp)

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: <<>>.exe

SYMBOL_NAME: win32kfull!xxxDCEWindowHitTest2Internal+3a5

MODULE_NAME: win32kfull

IMAGE_NAME: win32kfull.sys

IMAGE_VERSION: 10.0.17763.5696

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 3a5

FAILURE_BUCKET_ID: 0x7f_8_STACK_USAGE_RECURSION_win32kfull!xxxDCEWindowHitTest2Internal

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {bf1823fb-da15-f301-8ca8-5d738570a28e}

Followup: MachineOwner

---

0: kd> !stackusage

Stack Usage By Function

=================================================================================

  Size     Count  Module 

0x00002140 38 win32kfull!xxxDCEWindowHitTest2Internal

0x00001110 39 win32kfull!xxxDCEWindowHitTestIndirect

0x000008D0 1 win32kfull!xxxScanSysQueue

0x000005A0 1 win32kbase!CTouchProcessor::SetPointerFrameTargetWindows

0x00000390 1 win32kbase!CTouchProcessor::DeterminePointerTargetWindow

0x000002E0 1 win32kfull!xxxRetrievePointerInputMessage

0x00000260 1 win32kfull!xxxCallHook2

0x00000190 1 win32kfull!xxxRealInternalGetMessage

0x00000170 1 win32kfull!xxxPointerWindowHitTest

0x00000160 1 win32kfull!xxxSendTransformableMessageTimeout

0x00000140 1 win32kbase!ApiSetEditionPointerWindowHitTest

0x00000140 1 win32kfull!EditionPointerWindowHitTest

0x00000110 1 win32kfull!xxxHkCallHook

0x00000110 1 win32kfull!SfnDWORD

0x000000E0 1 win32kbase!EnterCrit

0x000000E0 1 win32kfull!xxxDCEWindowHitTest2Internal

0x000000D0 1 nt!KeWaitForSingleObject

0x000000C0 1 nt!ExpAcquireResourceExclusiveLite

0x000000C0 1 nt!KiSwapThread

0x000000B0 1 win32kfull!NtUserPeekMessage

0x000000A0 1 nt!KiCommitThreadWait

0x00000080 2 nt!KiSearchForNewThreadOnProcessor

0x00000080 1 nt!ExpWaitForResource

0x00000070 1 win32kfull!xxxDCEWindowHitTest

0x00000070 1 nt!KiSearchForNewThread

0x00000050 1 win32kfull!xxxWindowHitTestWithoutTargeting

0x00000040 1 win32kfull!xxxCallHook

0x00000040 1 nt!ExEnterCriticalRegionAndAcquireResourceExclusive

Total Size: 0x00005AA0

Answer 1

Hello

Thank you for posting in Microsoft Community forum.

It looks like you've encountered a system crash with the error code UNEXPECTED_KERNEL_MODE_TRAP (7f). This error indicates that a trap occurred in kernel mode, which is a critical issue. In this case, it seems to be a double fault, meaning that the kernel encountered an error while trying to handle another error.

The debugging details provide information about the arguments passed to the crash handler, including the type of trap and the memory addresses involved. It appears that the crash is related to the win32kfull.sys module, specifically the function xxxDCEWindowHitTest2Internal.

The !stackusage command reveals the stack usage by various functions. It appears that the function xxxDCEWindowHitTest2Internal is using a significant portion of the stack, possibly due to recursion, as indicated by the count of 38 instances.

To further diagnose and troubleshoot the issue, you may need to analyze the code at the address where the crash occurred (win32kfull!xxxDCEWindowHitTest2Internal+3a5) and investigate any potential causes of recursion or excessive stack usage within that function. Additionally, you could examine recent changes or updates to your system that might have triggered this issue.

Best Regards,

Wesley Li