BSOD SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)

  • Thread starter Thread starter JieWWWW
  • Start date Start date
J

JieWWWW

Guest
Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\041421-18953-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff807`85600000 PsLoadedModuleList = 0xfffff807`8622a490
Debug session time: Wed Apr 14 11:40:06.441 2021 (UTC + 8:00)
System Uptime: 1 days 0:03:06.268
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
................................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
..................................
For analysis of this file, run !analyze -v
fffff807`8a0591a6 488b05d3000000 mov rax,qword ptr [fffff807`8a059280] ds:002b:fffff807`8a059280=fffff8078aaf96f8
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8078a0591a6, The address that the exception occurred at
Arg3: ffff8085bf08ee68, Exception Record Address
Arg4: ffff8085bf08e6a0, Context Record Address

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : AV.Fault
Value: Execute

Key : Analysis.CPU.mSec
Value: 2874

Key : Analysis.DebugAnalysisManager
Value: Create

Key : Analysis.Elapsed.mSec
Value: 164577

Key : Analysis.Init.CPU.mSec
Value: 889

Key : Analysis.Init.Elapsed.mSec
Value: 585924

Key : Analysis.Memory.CommitPeak.Mb
Value: 82


DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8078a0591a6

BUGCHECK_P3: ffff8085bf08ee68

BUGCHECK_P4: ffff8085bf08e6a0

EXCEPTION_RECORD: ffff8085bf08ee68 -- (.exr 0xffff8085bf08ee68)
ExceptionAddress: fffff8078a0591a6
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000008
Parameter[1]: fffff8078a0591a6
Attempt to execute non-executable address fffff8078a0591a6

CONTEXT: ffff8085bf08e6a0 -- (.cxr 0xffff8085bf08e6a0)
rax=fffff8078a0591a6 rbx=ffffda03536ec000 rcx=ffff8085bf08f0f8
rdx=ffff8085bf08f150 rsi=0000000000000000 rdi=0000000000002000
rip=fffff8078a0591a6 rsp=ffff8085bf08f0a8 rbp=ffff8085bf08f1b0
r8=ffff8085bf08f130 r9=ffffda03611c8040 r10=0000000000000100
r11=0000000000000000 r12=00000000c0000023 r13=0000000000000020
r14=0000000000000000 r15=ffff8085bf08f501
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00050246
fffff807`8a0591a6 488b05d3000000 mov rax,qword ptr [fffff807`8a059280] ds:002b:fffff807`8a059280=fffff8078aaf96f8
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

EXECUTE_ADDRESS: fffff8078a0591a6

FAILED_INSTRUCTION_ADDRESS:
+0
fffff807`8a0591a6 488b05d3000000 mov rax,qword ptr [fffff807`8a059280]

ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000008

EXCEPTION_PARAMETER2: fffff8078a0591a6

EXCEPTION_STR: 0xc0000005

STACK_TEXT:
ffff8085`bf08f0a8 fffff807`85ab68cf : 00000000`00000000 00000000`00000000 ffffda03`536ec000 00000000`00000000 : 0xfffff807`8a0591a6
ffff8085`bf08f0b0 fffff807`85e95c50 : 00000000`00000000 00000000`00000000 00000000`001e001c fffff807`85dc21d0 : nt!HalpEnumerateEnvironmentVariablesWithFilter+0x15f
ffff8085`bf08f3a0 fffff807`85e954b8 : 00000000`00002000 ffff8085`bf08f489 00000000`00000002 ffffc402`4b687bb0 : nt!IopEnumerateEnvironmentVariablesHal+0x20
ffff8085`bf08f3e0 fffff807`85f4eca8 : 00000000`00002000 ffff8085`bf08f680 ffff8800`321b7000 00000000`00000000 : nt!IoEnumerateEnvironmentVariablesEx+0x7c
ffff8085`bf08f4f0 fffff807`85a075b5 : 00000000`00002000 ffff8085`bf08f7f0 ffffc402`6eefe000 00000000`4b444342 : nt!NtEnumerateBootEntries+0x1d8
ffff8085`bf08f600 fffff807`859f9ab0 : fffff807`85f6d287 00000000`00000000 ffff8085`bf08f899 ffff8085`bf08f858 : nt!KiSystemServiceCopyEnd+0x25
ffff8085`bf08f798 fffff807`85f6d287 : 00000000`00000000 ffff8085`bf08f899 ffff8085`bf08f858 00000000`00000000 : nt!KiServiceLinkage
ffff8085`bf08f7a0 fffff807`85f6c41d : ffffc402`6ea030d0 ffff8085`bf08f899 00000000`00002000 00000000`00000016 : nt!BiEnumerateBootEntries+0x97
ffff8085`bf08f7e0 fffff807`85f6c11f : 00000000`00000000 00000000`00000000 ffffc402`443d6072 00000000`00000002 : nt!BiBuildIdentifierList+0x29d
ffff8085`bf08f900 fffff807`85e3d8de : 00000000`00000000 ffffc402`00000000 00000000`00000000 00000000`00000002 : nt!BiBindEfiNamespaceObjects+0x3f
ffff8085`bf08f940 fffff807`85d6e766 : ffff8085`bf08fa40 00000000`00000000 00000000`00000006 00000000`00000001 : nt!BiOpenSystemStore+0xce812
ffff8085`bf08f9c0 fffff807`85d5fa52 : ffffda03`4accd600 fffff807`85f8cc40 00000000`00000000 fffff807`00000000 : nt!BcdOpenStore+0x6e
ffff8085`bf08fa00 fffff807`85f8ccaf : 00000000`00000000 ffffda03`611c8040 ffffda03`3d8bfa20 fffff807`86221120 : nt!PopFreeHiberContext+0x32
ffff8085`bf08fa40 fffff807`85825975 : ffffda03`00000000 fffff807`85d6a900 ffffda03`3d8bfa20 ffffda03`00000000 : nt!PopUnlockAfterSleepWorker+0x6f
ffff8085`bf08fa70 fffff807`85917e85 : ffffda03`611c8040 00000000`00000080 ffffda03`3d8be040 fffff807`0000001b : nt!ExpWorkerThread+0x105
ffff8085`bf08fb10 fffff807`859fd2a8 : ffff8800`32d80180 ffffda03`611c8040 fffff807`85917e30 ffffda03`56fe01f0 : nt!PspSystemThreadStartup+0x55
ffff8085`bf08fb60 00000000`00000000 : ffff8085`bf090000 ffff8085`bf089000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28


SYMBOL_NAME: nt!HalpEnumerateEnvironmentVariablesWithFilter+15f

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.19041.867

STACK_COMMAND: .cxr 0xffff8085bf08e6a0 ; kb

BUCKET_ID_FUNC_OFFSET: 15f

FAILURE_BUCKET_ID: AV_BAD_IP_nt!HalpEnumerateEnvironmentVariablesWithFilter

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {fd56276f-2304-350a-452e-dbd82b30536f}

Followup: MachineOwner
---------

8: kd> !process
PROCESS ffffda033d8be040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001ad002 ObjectTable: ffffc40239465bc0 HandleCount: <Data Not Accessible>
Image: System
VadRoot ffffda035fc98940 Vads 56 Clone 0 Private 28. Modified 8590423. Locked 128.
DeviceMap ffffc402394464e0
Token ffffc4023948d610
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 272
Working Set Sizes (now,min,max) (2238, 50, 450) (8952KB, 200KB, 1800KB)
PeakWorkingSetSize 4226
VirtualSize 12 Mb
PeakVirtualSize 31 Mb
PageFaultCount 24330
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 53

*** Error in reading nt!_ETHREAD @ ffffda033d8a7300

Continue reading...
 
Back
Top