How do I fix FLTMGR.SYS BSOD SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) issue on my Window Server 2019??

Question

Hello~ I am using Windows Server 2019. I opened the memory dump file because it was automatically rebooted every two months, and I still don't know how to use the debugging tool, so I am going to ask here.

StartFragment

20: kd> !analyze -vv -f -hang

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

This is a very common BugCheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Arguments:

Arg1: ffffffffc0000005, The exception code that was not handled

Arg2: fffff80dcda676c9, The address that the exception occurred at

Arg3: ffffb50d93747128, Exception Record Address

Arg4: ffffb50d93746970, Context Record Address

Debugging Details:

---

Scanning for threads blocked on locks ...

Cannot get _ERESOURCE type

KEY_VALUES_STRING: 1

Key  : AV.Dereference

Value: NullPtr

Key  : AV.Type

Value: Read

Key  : Analysis.CPU.mSec

Value: 2421

Key  : Analysis.Elapsed.mSec

Value: 2456

Key  : Analysis.IO.Other.Mb

Value: 19

Key  : Analysis.IO.Read.Mb

Value: 6

Key  : Analysis.IO.Write.Mb

Value: 35

Key  : Analysis.Init.CPU.mSec

Value: 18625

Key  : Analysis.Init.Elapsed.mSec

Value: 13289752

Key  : Analysis.Memory.CommitPeak.Mb

Value: 135

Key  : Analysis.Version.DbgEng

Value: 10.0.27829.1001

Key  : Analysis.Version.Description

Value: 10.2503.24.01 amd64fre

Key  : Analysis.Version.Ext

Value: 1.2503.24.1

Key  : Bugcheck.Code.KiBugCheckData

Value: 0x7e

Key  : Bugcheck.Code.LegacyAPI

Value: 0x7e

Key  : Bugcheck.Code.TargetModel

Value: 0x7e

Key  : Failure.Bucket

Value: AV_FLTMGR!FltpFreeVolume

Key  : Failure.Exception.Code

Value: 0xc0000005

Key  : Failure.Exception.IP.Address

Value: 0xfffff80dcda676c9

Key  : Failure.Exception.IP.Module

Value: FLTMGR

Key  : Failure.Exception.IP.Offset

Value: 0x376c9

Key  : Failure.Exception.Record

Value: 0xffffb50d93747128

Key  : Failure.Hash

Value: {23aa5329-ee53-7347-8048-d659dd9757d7}

Key  : Hypervisor.Enlightenments.Value

Value: 0

Key  : Hypervisor.Enlightenments.ValueHex

Value: 0x0

Key  : Hypervisor.Flags.AnyHypervisorPresent

Value: 0

Key  : Hypervisor.Flags.ApicEnlightened

Value: 0

Key  : Hypervisor.Flags.AsyncMemoryHint

Value: 0

Key  : Hypervisor.Flags.CpuManager

Value: 0

Key  : Hypervisor.Flags.DeprecateAutoEoi

Value: 0

Key  : Hypervisor.Flags.DynamicCpuDisabled

Value: 0

Key  : Hypervisor.Flags.Epf

Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks

Value: 0

Key  : Hypervisor.Flags.HardwareMbecAvailable

Value: 1

Key  : Hypervisor.Flags.MaxBankNumber

Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl

Value: 0

Key  : Hypervisor.Flags.NoExtendedRangeFlush

Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing

Value: 0

Key  : Hypervisor.Flags.Phase0InitDone

Value: 0

Key  : Hypervisor.Flags.PowerSchedulerQos

Value: 0

Key  : Hypervisor.Flags.RootScheduler

Value: 0

Key  : Hypervisor.Flags.SynicAvailable

Value: 0

Key  : Hypervisor.Flags.UseQpcBias

Value: 0

Key  : Hypervisor.Flags.Value

Value: 131072

Key  : Hypervisor.Flags.ValueHex

Value: 0x20000

Key  : Hypervisor.Flags.VpAssistPage

Value: 0

Key  : Hypervisor.Flags.VsmAvailable

Value: 0

Key  : Hypervisor.RootFlags.Value

Value: 0

Key  : Hypervisor.RootFlags.ValueHex

Value: 0x0

Key  : WER.OS.Branch

Value: rs5_release

Key  : WER.OS.Version

Value: 10.0.17763.1

KEY_VALUES_DEVOPS: 1

Key  : Analysis.CPU.mSec

Value: 2421

Key  : Analysis.Elapsed.mSec

Value: 2456

Key  : Analysis.IO.Other.Mb

Value: 19

Key  : Analysis.IO.Read.Mb

Value: 6

Key  : Analysis.IO.Write.Mb

Value: 35

Key  : Analysis.Init.CPU.mSec

Value: 18625

Key  : Analysis.Init.Elapsed.mSec

Value: 13289752

Key  : Analysis.Memory.CommitPeak.Mb

Value: 135

Key  : Analysis.Version.DbgEng

Value: 10.0.27829.1001

Key  : Analysis.Version.Description

Value: 10.2503.24.01 amd64fre

Key  : Analysis.Version.Ext

Value: 1.2503.24.1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

TIMELINE_ANALYSIS: 1

BUGCHECK_CODE: 7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff80dcda676c9

BUGCHECK_P3: ffffb50d93747128

BUGCHECK_P4: ffffb50d93746970

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

FILE_IN_CAB: MEMORY.DMP

BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER: TAEJIN T&S

SYSTEM_PRODUCT_NAME: TNS-2100

SYSTEM_SKU: SKU=8EF0;ModelName=TNS-2100

BIOS_VENDOR: TAEJIN T&S

BIOS_VERSION: 2.11.2

BIOS_DATE: 004/21/2021

BASEBOARD_MANUFACTURER: TAEJIN T&S

BASEBOARD_PRODUCT: 0DY2X0

BASEBOARD_VERSION: A02

BIOS_REVISION: 2.11.0.0

EC_FIRMWARE_REVISION: 255.255.0.0

DUMP_TYPE: 1

FAULTING_THREAD: ffffab8b6ede9040

FAULTING_IP:

FLTMGR!FltpFreeVolume+21

fffff80d`cda676c9 8b01 mov eax,dword ptr [rcx]

EXCEPTION_RECORD: ffffb50d93747128 -- (.exr 0xffffb50d93747128)

ExceptionAddress: fffff80dcda676c9 (FLTMGR!FltpFreeVolume+0x0000000000000021)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 0000000000000000

Parameter[1]: 0000000000000000

Attempt to read from address 0000000000000000

CONTEXT: ffffb50d93746970 -- (.cxr 0xffffb50d93746970)

rax=fffff80dcda59060 rbx=ffffab8b6e999eb0 rcx=0000000000000000

rdx=0000000000000008 rsi=0000000000000000 rdi=0000000000000000

rip=fffff80dcda676c9 rsp=ffffb50d93747360 rbp=0000000000000008

r8=000000000000000c r9=0000000000000000 r10=fffff80dcda67290

r11=0000000000000000 r12=0000000000000100 r13=0000000000000000

r14=ffffa3841880bd90 r15=0000000000000008

iopl=0 nv up ei ng nz na po nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286

FLTMGR!FltpFreeVolume+0x21:

fffff80dcda676c9 8b01 mov eax,dword ptr [rcx] ds:002b:0000000000000000=????????

Resetting default scope

CPU_COUNT: 20

CPU_MHZ: 3292

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 55

CPU_STEPPING: 7

CPU_MICROCODE: 6,55,7,0 (F,M,S,R) SIG: 5003102'00000000 (cache) 5003102'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)

Version: 0xa8

Product type: 3

Auto advanced boot: FALSE

Advanced boot menu timeout: 30

Last boot succeeded: TRUE

Last boot shutdown: FALSE

Sleep in progress: FALSE

Power button timestamp: 0x0

System running: TRUE

Connected standby in progress: FALSE

User shutdown in progress: FALSE

System shutdown in progress: FALSE

Sleep in progress: 0

Connected standby scenario instance id: 0

Connected standby entry reason: 0

Connected standby exit reason: 0

System sleep transitions to on: 0

Last reference time: 0x1dbb4d2ee9307a0

2025-04-24T04:39:57.630Z

Last reference time checksum: 0x5d1f10a4

Last update boot id: 15

Boot attempt count: 1

Last boot checkpoint: TRUE

Checksum: 0x3f

Last boot id: 15

Last successful shutdown boot id: 14

Last reported abnormal shutdown boot id: 14

Error info boot id: 0

Error info repeat count: 0

Error info other error count: 0

Error info code: 0

Error info status: 0x0

Power button last press time: 0x0

Power button cumulative press count: 0

Power button last press boot id: 0

Power button last power watchdog stage: 0

Power button watchdog armed: FALSE

Power button shutdown in progress: FALSE

Power button last release time: 0x0

Power button cumulative release count: 0

Power button last release boot id: 0

Power button error count: 0

Power button current connected standby phase: 0

Power button transition latest checkpoint id: 0

Power button transition latest checkpoint type: 0

Power button transition latest checkpoint sequence number: 0

Power transition Shutdown Device Type: 0

Power transition Setup In Progress: FALSE

Power transition OOBE In Progress: FALSE

Power transition Sleep Checkpoint Source: 0

Power transition Sleep Checkpoint: 0

Power transition Connected Standby Entry Reason Category: 0

Power transition Connected Standby Exit Reason Category: 0

Power transition Connected Standby Entry Scenario Instance Id: 0x0

BLACKBOXPNP: 1 (!blackboxpnp)

PnpActivityId      : {00000000-0000-0000-0000-000000000000}

PnpActivityTime    : 133947686434074861

PnpEventInformation: 3

PnpEventInProgress : 0

PnpProblemCode     : 24

PnpVetoType        : 0

DeviceId           : STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot1

VetoString         : 

DEFAULT_BUCKET_ID: NULL_DEREFERENCE

PROCESS_NAME: System

CURRENT_IRQL: 0

FOLLOWUP_IP:

FLTMGR!FltpFreeVolume+21

fffff80d`cda676c9 8b01 mov eax,dword ptr [rcx]

READ_ADDRESS: 0000000000000000

ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p . %s .

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000000

ANALYSIS_SESSION_HOST: DESKTOP-A9P2GUN

ANALYSIS_SESSION_TIME: 06-20-2025 00:59:14.0640

ANALYSIS_VERSION: 10.2503.24.01 amd64fre

EXCEPTION_STR: 0xc0000005

BLOCKED_THREAD: ffffab8b6ede9040

LAST_CONTROL_TRANSFER: from fffff80dcda67667 to fffff80dcda676c9

STACK_TEXT:

ffffb50d93747360 fffff80dcda67667 : ffffab8b6e999eb0 0000000000000008 ffffab8b6e999d60 fffff80059af7f00 : FLTMGR!FltpFreeVolume+0x21

ffffb50d937473a0 fffff80dcda672a5 : ffffa3841880bd90 fffff80dcda67290 ffffa3841880bd98 ffffab8b65c02a50 : FLTMGR!FltpCleanupDeviceObject+0x6b

ffffb50d93747400 fffff80059a76cba : ffffab8b65c03450 fffff80059e115a0 ffffa3840d826800 ffffab8b00000000 : FLTMGR!FltpFastIoDetachDeviceWorker+0x15

ffffb50d93747430 fffff80059a3fbf5 : ffffab8b6ede9040 ffffa38407281040 ffffab8b6ede9040 0000000000000000 : nt!ExpWorkerThread+0x16a

ffffb50d937474d0 fffff80059bbd4bc : ffff9181ab913180 ffffab8b6ede9040 fffff80059a3fba0 0000000000000246 : nt!PspSystemThreadStartup+0x55

ffffb50d93747520 0000000000000000 : ffffb50d93748000 ffffb50d93741000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x1c

THREAD_SHA1_HASH_MOD_FUNC: 6b51179c41ff02d4c4028b6bf1b80f39a5d8705a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 17472bf5b6f1bd467804ca7f03cf01e3ccdec2ff

THREAD_SHA1_HASH_MOD: e06a8e1d654fec570c2ad25485278673f5e4f7b8

FAULT_INSTR_CODE: 8b44018b

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: FLTMGR!FltpFreeVolume+21

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: FLTMGR

IMAGE_NAME: FLTMGR.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .cxr 0xffffb50d93746970 ; kb

BUCKET_ID_FUNC_OFFSET: 21

FAILURE_BUCKET_ID: AV_FLTMGR!FltpFreeVolume

BUCKET_ID: AV_FLTMGR!FltpFreeVolume

PRIMARY_PROBLEM_CLASS: AV_FLTMGR!FltpFreeVolume

OS_VERSION: 10.0.17763.1

OS_MAJOR: 10

OS_MINOR: 0

OS_BUILD: 17763

OS_REVISION: 1

BUILDDATESTAMP_STR: 180914-1434

OSBUILD_TIMESTAMP: 2018-09-14T14:34:00Z

BUILDLAB_STR: rs5_release

OS_BUILD_STRING: 17763.1.amd64fre.rs5_release.180914-1434

BUILDFLAVOR_STR: Checked

TARGET_TIME: 2025-06-19T01:04:04.000Z

OSSERVICEPACK: 0

SUITE_MASK: 272

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 Server TerminalServer SingleUserTS

ANALYSIS_SESSION_ELAPSED_TIME: 998

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_fltmgr!fltpfreevolume

FAILURE_ID_HASH: {23aa5329-ee53-7347-8048-d659dd9757d7}

Followup: MachineOwner

---

Answer 1

Hello,

Here are some ideas and thoughts that I would like to share and discuss with you.

Thanks for sharing the full WinDbg output — you've done a great job collecting detailed diagnostics. Based on the memory dump analysis, here's a breakdown of the issue and what you can do to resolve it.

Summary of the Problem

BSOD Code: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (0x7E)

Faulting module: FLTMGR.SYS

Faulting function: FltpFreeVolume+0x21

Exception: 0xc0000005 — Access violation, trying to read a null pointer (rcx=0x0)

Process: System (kernel-level crash)

FLTMGR.SYS is the Filter Manager, which handles file system filter drivers (like antivirus, backup, encryption, etc.).

Cause

The crash is caused by a null pointer dereference in FLTMGR.SYS during volume cleanup (FltpFreeVolume), likely when a snapshot, shadow copy, or volume was unmounted or detached.

This typically occurs when:

A filter driver (like antivirus, backup agent, or disk management tool) registers improperly with the Filter Manager

There is a race condition or timing issue during volume detach

A driver forgets to unregister or releases resources incorrectly

Steps to Fix It

1. Update All Filter Drivers

Common culprits include:

Antivirus (e.g., Symantec, McAfee, Windows Defender)

Backup software (e.g., Veeam, Acronis, Windows Server Backup)

Disk encryption (e.g., BitLocker, VeraCrypt)

Snapshot tools

Make sure all are updated to the latest version. If you're not using any — check for old, leftover drivers using:

fltmc filters

This will list active filter drivers. Take note of unfamiliar entries.

2. Check Volume Shadow Copy (VSS) Usage

If you're using snapshot or backup utilities:

Inspect Task Scheduler and vssadmin list shadows

Use vssadmin list providers to identify which VSS provider is in use

You might have ghost snapshots or VSS jobs causing cleanup issues. Clear them using:

vssadmin delete shadows /all

(Only if you're sure you don't need them.)

3. Use Driver Verifier

To catch the faulty driver more precisely:

verifier /standard /all

Reboot and reproduce the crash (on test machine ideally)

A BSOD will now point directly to the misbehaving driver

To disable Driver Verifier after test:

verifier /reset

4. Apply Windows Server 2019 Updates

You are on:

Build 17763.1 (rs5_release) — this is the original RTM build.

Apply latest cumulative updates (as of 2025, it should be KB5034233 or newer). Some FLTMGR.SYS issues have been patched in later builds.

Run:

Get-HotFix

Or use Windows Update / WSUS / manual patching to update to latest LTS build.

5. Workaround – Delay Cleanup or Avoid Conflicts

If the crash is tied to shutdowns or backup jobs, consider:

• Delaying shutdown to ensure all backup agents or filters clean up gracefully
• Scheduling backups at low-activity times
• Disabling fast startup (if enabled via policy)
• Monitoring the service that invokes volume unmounts (e.g., backup task)

Regards,

Allison