This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi all - I've had a lovely BSoD today but can't find out what the trigger was or narrow it down to an actual something, can someone offer any help?
"DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000002aae
"
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\jgretton\Downloads\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
Symbol search path is: SRV*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 17763 MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff806164af000 PsLoadedModuleList = 0xfffff806168c8910
Debug session time: Tue Oct 24 09:18:02.882 2023 (UTC + 1:00)
System Uptime: 0 days 0:29:51.005
Loading Kernel Symbols
...............................................................
....Page 2001e4ba3 too large to be in the dump file.
............................................................
.............................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {ffffffffc0000005, fffff80616528d82, ffffef0dc7e372a8, ffffef0dc7e36af0}
Probably caused by : ntkrnlmp.exe ( nt!CcUnmapVacbArray+182 )
Followup: MachineOwner
7: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80616528d82, The address that the exception occurred at
Arg3: ffffef0dc7e372a8, Exception Record Address
Arg4: ffffef0dc7e36af0, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
nt!CcUnmapVacbArray+182
fffff806`16528d82 66837e1000 cmp word ptr [rsi+10h],0
EXCEPTION_RECORD: ffffef0dc7e372a8 -- (.exr 0xffffef0dc7e372a8)
ExceptionAddress: fffff80616528d82 (nt!CcUnmapVacbArray+0x0000000000000182)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000002aae
Attempt to read from address 0000000000002aae
CONTEXT: ffffef0dc7e36af0 -- (.cxr 0xffffef0dc7e36af0)
rax=0000000000e00000 rbx=0000000000080000 rcx=0000000000000002
rdx=ffffae0acfaf3988 rsi=0000000000002a9e rdi=0000000000100000
rip=fffff80616528d82 rsp=ffffef0dc7e374e0 rbp=ffffae0acfaf3920
r8=ffffef0dc7e374e8 r9=ffffae0acf9ee630 r10=7ffffffffffffffc
r11=ffffae0acc3f8ad0 r12=ffffae0ac720ea00 r13=0000000000000000
r14=0000000000000001 r15=0000000000000001
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!CcUnmapVacbArray+0x182:
fffff80616528d82 66837e1000 cmp word ptr [rsi+10h],0 ds:002b:0000000000002aae=????
Resetting default scope
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000002aae
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000000002aae
FOLLOWUP_IP:
nt!CcUnmapVacbArray+182
fffff806`16528d82 66837e1000 cmp word ptr [rsi+10h],0
BUGCHECK_STR: AV
LAST_CONTROL_TRANSFER: from fffff80616538054 to fffff80616528d82
STACK_TEXT:
ffffef0dc7e374e0 fffff80616538054 : 0000000000000000 0000000000000000 0000000000100000 ffffae0acfaf3920 : nt!CcUnmapVacbArray+0x182
ffffef0dc7e37550 fffff806164e2bbb : ffffae0acfaf3920 fffff80f00000000 ffffef0dc7e37660 ffffef0dc7e37640 : nt!CcGetVirtualAddress+0x444
ffffef0dc7e375f0 fffff806164e1926 : ffffae0acfaf3920 ffff9681c7852000 ffffef0dc7e377d0 ffffae0a00008000 : nt!CcMapAndCopyInToCache+0x49b
ffffef0dc7e37770 fffff80fd046f97c : 0000000000000000 ffffae0ad21a4018 ffffae0a00000000 0000000000000000 : nt!CcCopyWriteEx+0x106
ffffef0dc7e377f0 fffff80fd04649e0 : ffffae0ad21a4018 fffff80fd0464740 0000000000000000 ffffae0ad21a4018 : Ntfs!NtfsCommonWrite+0x3a4c
ffffef0dc7e37a30 fffff8061653ddaa : ffffae0ac7113960 ffffae0acf08b040 ffffae0ad21a4088 ffffae0ac7113960 : Ntfs!NtfsFspDispatch+0x2a0
ffffef0dc7e37b70 fffff806165d7105 : ffffae0acf08b040 ffffae0ac7062500 ffffae0acf08b040 0000000000000000 : nt!ExpWorkerThread+0x16a
ffffef0dc7e37c10 fffff8061667111c : fffff806149a2180 ffffae0acf08b040 fffff806165d70b0 0000000000000000 : nt!PspSystemThreadStartup+0x55
ffffef0dc7e37c60 0000000000000000 : ffffef0dc7e38000 ffffef0dc7e32000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x1c
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CcUnmapVacbArray+182
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 22bee457
STACK_COMMAND: .cxr 0xffffef0dc7e36af0 ; kb
BUCKET_ID_FUNC_OFFSET: 182
FAILURE_BUCKET_ID: AV_nt!CcUnmapVacbArray
BUCKET_ID: OLD_IMAGE_ntkrnlmp.exe
Followup: MachineOwner
7: kd> lmvm nt
start end module name
fffff806164af000 fffff80616f1b000 nt (private pdb symbols) C:\ProgramData\dbg\sym\ntkrnlmp.pdb\50C8F9940EA2460DDC8722B1C47357DA1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Tue Jun 21 23:33:59 1988 (22BEE457)
CheckSum: 009451B7
ImageSize: 00A6C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
We have used WinDbg to get the information as originally posted up which doesn't pinpoint the issue in this case :(
This is a production server so we're going to stuggle to get into safe mode with nothing running, I know it makes troubleshooting hard.
We may just need to write this one off as a one off for now.........
In addition to using a debugging tool (WinDbg) to analyze the Dump file, you can also try to see if there is a blue screen in safe mode, because safe mode only loads a limited set of files and drivers.
If no problems occur in safe mode, it is recommended to disable all drivers and services and then undisable them one by one until a BSOD appears.
Cheers for the replies.
The drivers are fuilly updated, its a virtual machine running on vmware, has the latest vmtools running.
From researching found that ntkrnlmp.exe relates to drives, but it's not explict to assist enough to find the once off issue thus far.
Hello
Thank you for posting in Microsoft Community forum.
The address fffff80616528d82 you mentioned appears to be related to a Blue Screen of Death (BSoD) issue on Windows, specifically a SYSTEM_THREAD_EXCEPTION_NOT_HANDLED error. This type of error is usually caused by a driver or function that failed to handle an exception.
The exception code 0xc0000005 indicates an access violation. This means that a process tried to access memory that it wasn’t allowed to, either reading from or writing to a protected area of memory.
The address fffff80616528d82 is where the exception occurred. In the case you mentioned, it seems to be associated with the nt!CcUnmapVacbArray+182 function in the ntkrnlmp.exe module.
Please note that this is a general interpretation based on the information you provided and the search results. For a more accurate diagnosis, it’s recommended to analyze the memory dump file (MEMORY.DMP) using debugging tools like WinDbg. If you’re not familiar with this process, consider seeking help from someone who is, or from a professional tech support service. Remember to always keep your system and drivers up-to-date to prevent such issues.
Bug Check 0x7E SYSTEM_THREAD_EXCEPTION_NOT_HANDLED - Windows drivers | Microsoft Learn
From what you shared, it is error with a driver.
Try update Windows and all drivers.
Try preforming Clean Boot and see if the problem persists?
Have a look at How to perform a clean boot in Windows - Microsoft Support.
