[SOLVED] SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

Status
Not open for further replies.
M

Marquel

Member
Joined
Jan 1, 2019
Posts
5
· OS - Windows 10, 8.1, 8, 7, Vista ? Windows 10
· x86 (32-bit) or x64 ? x64
· What was original installed OS on system? Windows 10
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM
· Age of system (hardware)- 1 year
· Age of OS installation - have you re-installed the OS? - 1 year, no

· CPU- intel(R) Core(TM) i7-6700k CPU @ 4.0GHz
· Video Card NVIDIA GeForce GTX 970
· MotherBoard - Aurora R5

· Power Supply - [h=1]Dell Alienware Aurora R5 460W Watt Power Supply AC460AM-01 DM1RW 0DM1RW[/h]· System Manufacturer- AlienWare
· Exact model number- I didnt know where to find the model number, but this is the express service code: 303-492-969-02 and service tag: DXX6RD2

· Laptop or Desktop?

 

Attachments

Hi Marquel,

The bugcheck code is consistent which makes me suspect a driver bug. Have you used the Dell tool to check for and apply the latest updates for your computer? I think the video on this page shows how to do so for your system. At the very least, there seems to be newer BIOS available for your system according to this page.

Both dump files appear to be crashing while or after performing a sanity check in the Windows kernel function [FONT=Verdana,Arial,Tahoma,Calibri,Geneva,sans-serif]KeCheckStackAndTargetAddress[/FONT][FONT=Verdana,Arial,Tahoma,Calibri,Geneva,sans-serif] hitting a break point (int 3). I suspect it's finding guard page corruption and immediately triggering the software interrupt.

Please check for and apply any driver/app/BIOS updates using the Dell tool if you haven't already done so. I've often found it necessary to do a "run, install, and reboot" followed by a rerun of the tool several times in a row until the tool no longer offers any newer updates.

Please test the system after applying any and all new updates the Dell tool or product support site have available. Rerun the collection app if the problems continue and attach the resulting zip to your reply.
[/FONT]
 
Enable Driver Verifier on your system and upload the following crash dump(s).
 
Thank you guys for your help and input. I went to the dell website and downloaded the new updates, however I still crashed a couple times. So therefore I am now doing a driver verifier. I was wondering what a VERIFIER_ENABLED BSOD is and when I should get the crash dump from C:\Windows\Minidump. Either way i'm attaching a new sysnative and a file from the minidump I do not know if its useful since I just started the verifier.
 

Attachments

Also I've had this error before. I had NVIDIA gefore experience and after cleaning the drivers and stopped using the application I did not get the error anymore. Is this most likely a video card driver issue? If so I do not know how to fix it I've tried resetting my computer, cleaning the drivers on the video card and doing clean driver installs.
 
Code: 
Bugcheck code 1000007E
Arguments ffffffff`80000003 fffff802`43f4d0a5 ffffb404`dd476588 ffffb404`dd475dd0

We have an 0x1000007E bugcheck, very similar (entirely similar, actually) to 0x7E which actually has documentation on it per the MSDN. This bugcheck in layman terms happens when a thread within kernel (system) space encounters violates a specific ruleset and the CPU raises an exception, and obviously it cannot recover so Windows throws a bugcheck to protect your data. When normal processes encounter an exception and the CPU raises an exception, typically the program will just crash.

Code: 
ExceptionAddress: fffff80243f4d0a5 (nt!KeCheckStackAndTargetAddress+0x0000000000000045) [COLOR=#006400]//Where the exception occurred[/COLOR]
   ExceptionCode: 80000003 (Break instruction exception) [COLOR=#006400]//Our specific exception type[/COLOR]
  ExceptionFlags: 00000010
NumberParameters: 1
   Parameter[0]: 0000000000000000 [COLOR=#006400]//It was a read-based exception[/COLOR]

Our actual exception was 0x80000003, which indicates a breakpoint or ASSERT was encountered when no kernel debugger was attached to the system. This is a really interesting exception to see because you obviously aren't setting any breakpoints in kernel/system space.

Code: 
rax=ffffb404dd4767e8 rbx=ffffb404dd4779a8 rcx=0000000000000000
rdx=ffffb404dd4779a8 rsi=ffffb404dd476e50 rdi=0000000000000000
rip=fffff80243f4d0a5 rsp=ffffb404dd4767c0 rbp=ffffb404dd476990
 r8=ffffb404dd476fb0  r9=ffffb404dd476930 r10=00007ffffffeffff
r11=fffff80244014cc0 r12=ffffb404dd477b10 r13=ffffb404dd477768
r14=ffffb404dd476930 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
nt!KeCheckStackAndTargetAddress+0x45:
fffff802`43f4d0a5 cc              int     3

Jumping to the assembler shows us a very consistent instruction that the exception is being raised on - nt!KeCheckStackAndTargetAddress+0x45. This is the faulting instruction in every dump you've attached.

Code: 
00 ffffb404`dd4767c0 fffff802`44014cfb nt!KeCheckStackAndTargetAddress+0x45
01 ffffb404`dd4767f0 fffff802`4404094d nt!_C_specific_handler+0x3b
02 ffffb404`dd476860 fffff802`43f4cb16 nt!RtlpExecuteHandlerForException+0xd
03 ffffb404`dd476890 fffff802`43f4e613 nt!RtlDispatchException+0x416
04 ffffb404`dd476f80 fffff802`44048d42 nt!KiDispatchException+0x1f3
05 ffffb404`dd477630 fffff802`440458bf nt!KiExceptionDispatch+0xc2
06 ffffb404`dd477810 00000000`00000000 nt!KiPageFault+0x3ff

We can see from frame 06 that we hit a pagefault and from there on out, the exception handling is carried out and nt!_C_specific_handler+0x3b attempts to figure out what to do with the exception that was raised.


So there's a few things I am going to recommend first:

1. Perhaps OS corruption, so try a repair - How To Repair Windows 10

2. If #1 doesn't work, run a malware scan with Malwarebytes. I'm curious.

3. Update all of your drivers and if they already are, try rolling back to a previous GPU driver version since you mentioned nVidia drivers have given you trouble in the past.

Due to the consistency I doubt this is a RAM issue, but it's possible as well. You may also run Memtest86 if you wish.
 
There is a newer version of the Intel Rapid Storage Technology software available from Intel compared to the version available on your computer's Dell product support site. Personally, I'd uninstall IRST unless it was used to create a RAID array on the computer but if you need it or would prefer to continue using it the newer versions should be available here.
 
I tried the repair tool and it came back with "windows could not repair your pc." Malwarebytes came up with nothing. I updated the intel drivers including the rapid storage. Other than that I have not crashed since the last dump and if I do I'll roll back the NVIDIA drivers, but after that I do not know what to do.
 
Anytime you have a bugcheck please rerun the collection app and make the zip available. They can give clues which help find a pattern or help with offering suggestions.

Based on the dump files it looks like the computer ran for as long as 19 hours between bugchecks so it seems like it can stay hidden for a while. Please continue using the computer normally and let us know how it goes. If you haven't done so already, I'd suggest disabling Driver Verifier.
 
Last edited:
For the next crash dump, can you please upload the kernel variant of it (MEMORY.DMP) in your C:/Windows directory somewhere please? Onedrive, Google Drive, doesn't matter. Just paste the link here when it's uploaded. This kernel dump will give us more information to try and figure this one out.
 
It really is rare to see a 0x80000003 hard assert in a post-mortem dump. I've seen them in user-mode dumps, but only when I was the one issuing the break by attaching a process to Windbg.

Could it be that a 3rd party driver was released with the hard assert accidentally left behind in it?
 
Yes, most likely a driver but IDK why DV isn't catching it. I'd like to see the kernel, but OP hasn't been on in 2 days, not sure we will see anything unless they're just waiting still for a crash.
 
I'm definitely rusty as far as system level programming but I'm wondering if it's a calling convention mismatch problem. My understanding is some compilers use INT 3 as padding between functions and this post seems to confirm that to be the case.

Unassembling memory backwards and forward from the function at the top of the callstack gives me this in the first dump:
Code: 
[COLOR=#222222][FONT=Verdana] 0: kd> ub nt!KeCheckStackAndTargetAddress+0x45
nt!KeCheckStackAndTargetAddress+0x32:
fffff802`70f4f092 12483b          adc     cl,byte ptr [rax+3Bh]
fffff802`70f4f095 5c              pop     rsp
fffff802`70f4f096 2448            and     al,48h
fffff802`70f4f098 730b            jae     nt!KeCheckStackAndTargetAddress+0x45 (fffff802`70f4f0a5)
fffff802`70f4f09a 488b5c2438      mov     rbx,qword ptr [rsp+38h]
fffff802`70f4f09f 4883c420        add     rsp,20h
fffff802`70f4f0a3 5f              pop     rdi
[/FONT][/COLOR][COLOR=#008000][FONT=Verdana]fffff802`70f4f0a4 c3              ret[/FONT][/COLOR][COLOR=#222222][FONT=Verdana]        << 2) but perhaps should be pointing here?

0: kd> u nt!KeCheckStackAndTargetAddress+0x45
nt!KeCheckStackAndTargetAddress+0x45:
[/FONT][/COLOR][COLOR=#ff0000][FONT=Verdana]fffff802`70f4f0a5 cc              int     3[/FONT][/COLOR][COLOR=#222222][FONT=Verdana]  << 1) Instruction pointer currently pointing here
fffff802`70f4f0a6 488bcf          mov     rcx,rdi
fffff802`70f4f0a9 e882350f00      call    nt!guard_icall_bugcheck (fffff802`71042630)
fffff802`70f4f0ae cc              int     3
fffff802`70f4f0af cc              int     3
fffff802`70f4f0b0 cc              int     3
fffff802`70f4f0b1 cc              int     3
fffff802`70f4f0b2 cc              int     3
[/FONT][/COLOR]


Basically, I'm wondering if the instruction pointer ends up pointing at the wrong address and the previous call in the callstack nt!_C_specific_handler+0x3b makes me wonder if a C style calling convention is being used on something built for a C++ (or other) calling convention - possibly causing an extra pop or preventing a pop from happening and corrupting the instruction pointer. It's a bug which can be introduced simply by using the wrong switch while compiling a binary. I'm not sure if that's something DV checks by default (or at all) but it seems like it should be something it could check.

The third dump seems to show the same thing while the second dump seems to have gone completely off the rails.

Any thoughts?

 
Last edited by a moderator:
I have good news after updating the Intel drivers my computer has not crashed since so fingers crossed its fixed and I like to thank you all!
 
Thank you for the update and I'm glad it's working more reliably now. Please do let us know if the problems return. Good luck!
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top