Windows 11 VM Crashing, bugcheck 0x0000007e

Tilden Hagan 0 Reputation points
2024-06-26T03:36:21.6366667+00:00

I have a Windows 11 VM I'm running on a machine with ubuntu KVM as the hypervisor that crashes occasionally and I'm trying to determine the cause. It happened with the below info from Event Viewer and WinDbg of the .dmp file and I would love help determining if this is pointing to any particular driver or some specific virtio driver and if I need to maybe use a different controller for a particular device instead. Please let me know if any further details are needed.

The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff806353b3bf9, 0xfffff280586df378, 0xfffff280586deb90). A dump was saved in: C:\Windows\Minidump\062124-6031-01.dmp. Report Id: 1a71093c-5cb5-4900-a543-c2defc7e8f64.

************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   NonInteractiveNuget : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true

   EnableRedirectToV8JsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.203 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 41

Microsoft (R) Windows Debugger Version 10.0.27553.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\tilden\Downloads\062124-6031-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 22621 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff806`30c00000 PsLoadedModuleList = 0xfffff806`31813150
Debug session time: Fri Jun 21 19:49:55.848 2024 (UTC - 4:00)
System Uptime: 0 days 15:52:37.588
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols

Loading unloaded module list
................
For analysis of this file, run !analyze -v
Ntfs!NtfsFspCloseInternal+0xcfae9:
fffff806`353b3bf9 0f1001          movups  xmm0,xmmword ptr [rcx] ds:002b:00000000`80000000=????????????????????????????????
3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common BugCheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff806353b3bf9, The address that the exception occurred at
Arg3: fffff280586df378, Exception Record Address
Arg4: fffff280586deb90, Context Record Address

Debugging Details:
------------------

*** WARNING: Check Image - Checksum mismatch - Dump: 0x33a920, File: 0x3327f9 - C:\ProgramData\Dbg\sym\Ntfs.sys\A64A083C333000\Ntfs.sys

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 2905

    Key  : Analysis.Elapsed.mSec
    Value: 5245

    Key  : Analysis.IO.Other.Mb
    Value: 14

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 40

    Key  : Analysis.Init.CPU.mSec
    Value: 655

    Key  : Analysis.Init.Elapsed.mSec
    Value: 28857

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 105

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x1000007e

    Key  : Bugcheck.Code.TargetModel
    Value: 0x1000007e

    Key  : Dump.Attributes.AsUlong
    Value: 8

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Failure.Bucket
    Value: AV_Ntfs!NtfsFspCloseInternal

    Key  : Failure.Hash
    Value: {f49caf99-9c23-80ae-2a52-afc5db1e4243}

    Key  : Hypervisor.Enlightenments.Value
    Value: 368

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 170

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 1

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 1

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 0

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 0

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 1

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 1

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 536585

    Key  : Hypervisor.Flags.ValueHex
    Value: 83009

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 1

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0


BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff806353b3bf9

BUGCHECK_P3: fffff280586df378

BUGCHECK_P4: fffff280586deb90

FILE_IN_CAB:  062124-6031-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

EXCEPTION_RECORD:  fffff280586df378 -- (.exr 0xfffff280586df378)
ExceptionAddress: fffff806353b3bf9 (Ntfs!NtfsFspCloseInternal+0x00000000000cfae9)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000080000000
Attempt to read from address 0000000080000000

CONTEXT:  fffff280586deb90 -- (.cxr 0xfffff280586deb90)
rax=ffffdc87e4f21a20 rbx=0000000000000000 rcx=0000000080000000
rdx=0000000000000000 rsi=ffffdc87e4f21a20 rdi=fffff280586df750
rip=fffff806353b3bf9 rsp=fffff280586df5b0 rbp=fffff280586dfb00
 r8=0000000000000000  r9=7ffffffffffffffc r10=fffff80630f36360
r11=000000000001fb60 r12=0000000000000001 r13=ffffa50bf44621b0
r14=ffffdc87d55f97c0 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050206
Ntfs!NtfsFspCloseInternal+0xcfae9:
fffff806`353b3bf9 0f1001          movups  xmm0,xmmword ptr [rcx] ds:002b:00000000`80000000=????????????????????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

READ_ADDRESS: fffff8063191c4a8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 0000000080000000 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000080000000

EXCEPTION_STR:  0xc0000005

STACK_TEXT:  
fffff280`586df5b0 fffff806`3531edd8     : ffff320f`926a8700 ffffa50b`f44621b0 fffff280`586dfb00 ffffa50b`f14d5cb0 : Ntfs!NtfsFspCloseInternal+0xcfae9
fffff280`586df710 fffff806`30ece2d5     : ffffa50b`f14d5cb0 ffffa50b`f8453500 ffffa50b`00000000 fffff806`00000000 : Ntfs!NtfsFspClose+0x88
fffff280`586dfa00 fffff806`30e0e957     : ffffa50b`f84535c0 00000000`000000b9 ffffa50b`f84535c0 fffff806`30ece180 : nt!ExpWorkerThread+0x155
fffff280`586dfbf0 fffff806`3101f3b4     : fffff806`2de14180 ffffa50b`f84535c0 fffff806`30e0e900 0a0d3e22`65646f43 : nt!PspSystemThreadStartup+0x57
fffff280`586dfc40 00000000`00000000     : fffff280`586e0000 fffff280`586da000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34


SYMBOL_NAME:  Ntfs!NtfsFspCloseInternal+cfae9

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

IMAGE_VERSION:  10.0.22621.3733

STACK_COMMAND:  .cxr 0xfffff280586deb90 ; kb

BUCKET_ID_FUNC_OFFSET:  cfae9

FAILURE_BUCKET_ID:  AV_Ntfs!NtfsFspCloseInternal

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {f49caf99-9c23-80ae-2a52-afc5db1e4243}

Followup:     MachineOwner
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,941 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hania Lian 11,036 Reputation points Microsoft Vendor
    2024-06-27T03:01:49.8733333+00:00

    Hello,

    The minidump files did not name any driver only indicate ntkrnlmp.exe which is a Windows component that means something else drove the system to a fault or it could be a memory corruption that usually happens due to driver incompatibility.

    Press Win + R and in the Run dialog box, type eventvwr.

    Navigate to the Windows Logs menu and expand it, then select System.

    Look for if it has related log named system_thread_exception_not_handled and click on it to find out which driver is causing the issue.

    Bug Check 0x7E SYSTEM_THREAD_EXCEPTION_NOT_HANDLED - Windows drivers | Microsoft Learn

    Meanwhile, I suggest that check for Windows updates. Make sure your Windows operating system is up to date. Windows updates often include bug fixes and stability improvements, including updates to system drivers.

     Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments