Blue Screen by UNEXPECTED_KERNEL_MODE_TRAP

Question

I've been experiencing multiple blue screen errors every so often, the most recent one is: UNEXPECTED_KERNEL_MODE_TRAP

Tried debugging it myself but couldn't figure out the issue.

Below is the mini dump analysis:

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff802`7a400000 PsLoadedModuleList = 0xfffff802`7b02a2d0
Debug session time: Mon Jul 31 17:11:33.777 2023 (UTC + 1:00)
System Uptime: 7 days 21:50:47.512
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000e3`229a5018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..............................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`7a7fc0c0 48894c2408      mov     qword ptr [rsp+8],rcx ss:ffffc000`75f9cd10=000000000000007f
2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
BugCheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: ffffc00075f9ce50
Arg3: ffffda0e00e47fb0
Arg4: fffff8027a80438f

Debugging Details:
------------------

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 3796

    Key  : Analysis.Elapsed.mSec
    Value: 3821

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 531

    Key  : Analysis.Init.Elapsed.mSec
    Value: 6196

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 85

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x7f

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x7f

    Key  : Failure.Bucket
    Value: 0x7f_8_nt!KiDoubleFaultAbort

    Key  : Failure.Hash
    Value: {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 0

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 131072

    Key  : Hypervisor.Flags.ValueHex
    Value: 20000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  7f

BUGCHECK_P1: 8

BUGCHECK_P2: ffffc00075f9ce50

BUGCHECK_P3: ffffda0e00e47fb0

BUGCHECK_P4: fffff8027a80438f

FILE_IN_CAB:  MEMORY.DMP

TRAP_FRAME:  ffffc00075f9ce50 -- (.trap 0xffffc00075f9ce50)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffda0e078b79d0 rbx=0000000000000000 rcx=ffffc0007616c180
rdx=00007ffbd81add95 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8027a80438f rsp=ffffda0e00e47fb0 rbp=ffffda0e078b7a80
 r8=00000000fffffff8  r9=0000000000000001 r10=fffff8027a7f8190
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl nz na pe nc
nt!KiDispatchInterrupt+0x2f:
fffff802`7a80438f 4889442440      mov     qword ptr [rsp+40h],rax ss:ffffda0e`00e47ff0=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME:  lightroom.exe

STACK_TEXT:  
ffffc000`75f9cd08 fffff802`7a810129     : 00000000`0000007f 00000000`00000008 ffffc000`75f9ce50 ffffda0e`00e47fb0 : nt!KeBugCheckEx
ffffc000`75f9cd10 fffff802`7a80a83d     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffc000`75f9ce50 fffff802`7a80438f     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0x2bd
ffffda0e`00e47fb0 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterrupt+0x2f

SYMBOL_NAME:  nt!KiDoubleFaultAbort+2bd

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  2bd

FAILURE_BUCKET_ID:  0x7f_8_nt!KiDoubleFaultAbort

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {d1f8395a-8c58-45da-6ebf-e8bb4aad2fc5}

Followup:     MachineOwner
---------

Answer 1

Hi Isaac118247,

Thanks for sharing the minidump files.

The minidump files did not name any driver only indicate ntkrnlmp.exe which is a Windows component that means something else drove the system to a fault or it could be a memory corruption that usually happens due to driver incompatibility.

To troubleshoot this issue, if you are overclocking your PC, try running everything (CPU, GPU, system memory) at their stock speeds. See if the issue is still reproducible. Or, turn off XMP profile or set it to Auto.

Download then install the latest version of BIOS & Chipset drivers from the manufacturer's website.

Test the RAM with the free utility MemTest86, then run a full 8 pass scan to test your RAM for physical errors:

https://www.tenforums.com/tutorials/14201-memte...

If the issue still persists after the steps above, enable the driver verifier and let the computer crash 3 times then disable it and share the newly created minidump file:

https://www.tenforums.com/tutorials/5470-enable...

Please do not hesitate to ask if you need further assistance.

Stay safe

____________________________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

Answer 2

Link: Mini Dumps

mini dump

Answer 3

Hi Isaac118247,

I'm Dyari. Thanks for reaching out. I will be happy to assist you in this regard.

Kindly check C:\Windows\Minidump and copy available minidump files to the desktop then share them via One Drive or Google Drive in order to be analyzed and indicate which file is causing the crash.

https://answers.microsoft.com/en-us/windows/for...

Also, check C:\Windows and share the MEMORY.DMP file.

If the folder is empty or the MEMORY.DMP is not available, kindly share the Event viewer logs:

https://www.yourwindowsguide.com/2017/12/how-to...

Regards,

____________________________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.