Code:
[B]KERNEL_THREAD_PRIORITY_FLOOR_VIOLATION (157)[/B]
An illegal operation was attempted on the priority floor of a particular
thread.
Arguments:
Arg1: [COLOR=#008000]ffffe000d1c1b880[/COLOR], The address of the thread
Arg2: 0000000000000005, The target priority value
Arg3: 0000000000000002, The priority counter for the target priority underflowed
Arg4: 0000000000000000, Reserved
This bugcheck contains no documentation at all, meaning we have to use prior knowledge to work things out.
Code:
0: kd> [COLOR=#008000]!thread ffffe000d1c1b880[/COLOR]
GetPointerFromAddress: unable to read from fffff802bf7ed000
THREAD ffffe000d1c1b880 Cid 1b0c.1b14 Teb: 000000007f03c000 Win32Thread: fffff901451c8010 RUNNING on processor 0
Not impersonating
GetUlongFromAddress: unable to read from fffff802bf739ac0
Owning Process ffffe000d1bca900 Image: OAWrapper.exe
Attached Process N/A Image: N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount 64038
Context Switch Count 16 IdealProcessor: 3
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x0000000000fe9800
Stack Init ffffd00021a56c90 Current ffffd00021a55ec0
Base ffffd00021a57000 Limit ffffd00021a51000 Call 0
Priority 14 BasePriority 8 UnusualBoost 5 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd000`21a55c68 fffff802`bf632beb : 00000000`00000157 ffffe000`d1c1b880 00000000`00000005 00000000`00000002 : [COLOR=#008000]nt!KeBugCheckEx[/COLOR]
ffffd000`21a55c70 fffff802`bf57cbcd : 00000000`000036b0 00000000`00000001 ffffe000`d1c1b880 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x47c3b
ffffd000`21a55cb0 fffff802`bf5089ca : fffff802`bf48a000 00000000`00000000 00000000`00000000 0000001b`00000000 : [COLOR=#ff0000]nt!KiAbThreadUnboostCpuPriority+0x39[/COLOR]
ffffd000`21a55ce0 fffff802`bf535a96 : fffff802`bf48a000 fffff802`bf770d18 00000000`00000000 00000000`00000000 : [COLOR=#ff8c00]nt!KeAbEntryFree+0x66[/COLOR]
ffffd000`21a55d10 fffff802`bf86d559 : ffffd000`21a56210 00000000`00000000 00000000`00000001 ffffd000`21a55f40 : [COLOR=#ff8c00]nt!KeAbPreAcquire+0x136[/COLOR]
ffffd000`21a55d40 fffff802`bf876437 : 00000000`00000008 ffffd000`21a55f40 ffffe000`00000001 ffffc001`00000017 : [COLOR=#8b4513]nt!CmpCallCallBacks+0xf9[/COLOR]
ffffd000`21a55e30 fffff802`bf5e62b3 : 00000000`00000000 fffff901`42bfc750 00000000`00000000 fffff802`bf916c86 : [COLOR=#8b4513]nt!NtQueryValueKey+0x607[/COLOR]
ffffd000`21a56120 fffff802`bf5de700 : fffff802`bf8cb93b 00000000`00000000 ffffd000`21a563b9 ffffd000`21a56818 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ [COLOR=#008000]ffffd000`21a56190[/COLOR])
ffffd000`21a56328 fffff802`bf8cb93b : 00000000`00000000 ffffd000`21a563b9 ffffd000`21a56818 ffffd000`21a563e8 : nt!KiServiceLinkage
ffffd000`21a56330 fffff802`bf9341d2 : 00000000`00000000 00000000`00000001 fffff901`44f71000 00000000`00000000 : nt!RtlpQueryRegistryValues+0x12f
ffffd000`21a56410 fffff960`002adc98 : fffff901`400a9320 00000000`00000001 00000000`00000000 00000000`00000000 : nt!RtlQueryRegistryValues+0xe
ffffd000`21a56450 fffff960`0036a26d : 00000000`00000000 fffff901`400d8220 00000000`00000000 00000000`00000100 : win32k!DrvGetDisplayDriverParameters+0x44c
ffffd000`21a569f0 fffff960`00346e0c : 00000000`00000000 00000000`00000000 00000000`00c03800 00000000`00c03800 : win32k!DrvEnumDisplaySettings+0x7d9
ffffd000`21a56ac0 fffff802`bf5e62b3 : ffffe000`d1c1b880 ffffd000`21a56b80 00000000`00000000 00000000`00abee3c : win32k!NtUserEnumDisplaySettings+0x48
ffffd000`21a56b00 00000000`77a36afa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`21a56b00)
00000000`009be188 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77a36afa
It appears to be some kind of thread inversion, meaning a thread is misbehaving with its priority levels. It's a complex subject that I won't go into unless requested.
Code:
0: kd> [COLOR=#008000].trap ffffd000`21a56190[/COLOR]
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802bf5de700 rsp=ffffd00021a56328 rbp=ffffd00021a563b9
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na po nc
nt!KiServiceLinkage:
fffff802`bf5de700 c3 [COLOR=#ff0000]ret[/COLOR]
Due to the dump file(s) being minidumps, there is little information saved.
It's extremely difficult to say what the cause is, we'd have to take a guess.
I do recommend Driver Verifier, it will help us identify the cause; if a driver is responsible (most likely).
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
- If you have the system set to generate Small Memory Dumps, they will be located in
%systemroot%\Minidump.
- If you have the system set to generate Kernel-Memory Dumps, it will be located in
%systemroot% and labeled MEMORY.DMP.
