Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Go Back   OSR Online Lists > windbg
Welcome, Guest
You must login to post to this list
  Message 1 of 3  
22 Dec 17 10:20
Ron Hyatt
xxxxxx@yahoo.com
Join Date: 22 Dec 2017
Posts To This List: 1
SYSTEM_SERVICE_EXCEPTION (3b)

My 2012 R2 terminal server has been crashing every once in a while. I've tried to go through the dump files but I'm not good at reading them to get to the root cause. Thought I could get some help here at understanding them so I can find a solution to this problem. Here is the dump log. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com) Online Crash Dump Analysis Service See http://www.osronline.com for more information Windows 8 Kernel Version 9600 MP (8 procs) Free x64 Product: Server, suite: TerminalServer Built by: 9600.18821.amd64fre.winblue_ltsb.170914-0600 Machine Name: Kernel base = 0xfffff803`0ec75000 PsLoadedModuleList = 0xfffff803`0ef47650 Debug session time: Thu Dec 21 16:25:28.310 2017 (UTC - 5:00) System Uptime: 31 days 21:12:06.352 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff8030f25e572, Address of the instruction which caused the bugcheck Arg3: ffffd0002e264e60, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". FAULTING_IP: nt!AlpcpReferenceMessageByWaitingThreadPortQueue+12 fffff803`0f25e572 4d395020 cmp qword ptr [r8+20h],r10 CONTEXT: ffffd0002e264e60 -- (.cxr 0xffffd0002e264e60) rax=0000000000000000 rbx=ffffffffffffffff rcx=ffffe0004da9d580 rdx=ffffe0004ceb5ef8 rsi=ffffe0004ceb5f88 rdi=ffffe0004ceb5ef0 rip=fffff8030f25e572 rsp=ffffd0002e265890 rbp=0000000000000000 r8=0000000000000000 r9=ffffe0004ceb5ef8 r10=ffffe0004da9d580 r11=fffff8030edce398 r12=0000000000000000 r13=0000000000000011 r14=ffffe0004ceb5e40 r15=ffffe0004da9d580 iopl=0 nv up ei pl nz ac pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010213 nt!AlpcpReferenceMessageByWaitingThreadPortQueue+0x12: fffff803`0f25e572 4d395020 cmp qword ptr [r8+20h],r10 ds:002b:00000000`00000020=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER BUGCHECK_STR: 0x3B PROCESS_NAME: WerFault.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff8030f25e518 to fffff8030f25e572 STACK_TEXT: ffffd000`2e265890 fffff803`0f25e518 : ffffe000`56801918 00000000`04aeebf0 00000000`04aee458 ffffffff`ffffffff : nt!AlpcpReferenceMessageByWaitingThreadPortQueue+0x12 ffffd000`2e2658d0 fffff803`0f25e2cf : ffffffff`ffffffff fffff803`0ef48038 ffffe000`4ceb5e40 ffffffff`ffffffff : nt!AlpcpReferenceMessageByWaitingThreadPort+0x184 ffffd000`2e265920 fffff803`0f25e74a : 00000000`00000120 ffffd000`2e265b80 00000000`00000000 ffffe000`5a268080 : nt!AlpcpReferenceMessageByWaitingThread+0xcb ffffd000`2e265970 fffff803`0f1c11d6 : 00000000`00000000 fffff960`00181575 ffffe000`00000120 00000000`04aee458 : nt!AlpcpPortQueryServerInfo+0xca ffffd000`2e265a30 fffff803`0edce3b3 : ffffe000`5a268080 00000000`04aee408 fffff6fb`40001de0 fffff680`00000120 : nt! ?? ::NNGAKEGL::`string'+0x2c036 ffffd000`2e265a90 00007ffb`357c0f2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`04aee3e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ffb`357c0f2a FOLLOWUP_IP: nt!AlpcpReferenceMessageByWaitingThreadPortQueue+12 fffff803`0f25e572 4d395020 cmp qword ptr [r8+20h],r10 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!AlpcpReferenceMessageByWaitingThreadPortQueue+12 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 59ba8548 STACK_COMMAND: .cxr 0xffffd0002e264e60 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!AlpcpReferenceMessageByWaitingThreadPortQueue+12 BUCKET_ID: X64_0x3B_nt!AlpcpReferenceMessageByWaitingThreadPortQueue+12 Followup: MachineOwner --------- Any help is appreciated.
  Message 2 of 3  
22 Dec 17 15:11
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 500
SYSTEM_SERVICE_EXCEPTION (3b)

xxxxx@yahoo.com windbg"@lists.osr.com wrote: > My 2012 R2 terminal server has been crashing every once in a while. I've tried to go through the dump files but I'm not good at reading them to get to the root cause. Thought I could get some help here at understanding them so I can find a solution to this problem. Here is the dump log. There's really nothing to be learned here.  You're getting a null pointer dereference inside the Asynchronous Local Procedure Call subsystem.  About all you can do is open a support incident with Microsoft technical support, and hope your dump reaches the proper hands. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
  Message 3 of 3  
28 Dec 17 04:38
Tom Monahan
xxxxxx@gmail.com
Join Date: 05 Mar 2007
Posts To This List: 9
SYSTEM_SERVICE_EXCEPTION (3b)

Your going to have to dig deeper into this dump or likely capture a full memory dump. What I'm interested in is that this process is werfault.exe so I'd like to see the peb block to see what process its attaching too and then see why what that process was doing. [!peb] I'm not sure why werfault.exe is generating an SYSTEM_SERVICE_EXCEPTION but maybe it's down to the process it's attaching to. I guess a non windbg diagnosis avenue is to see if there is anything about app crashes in the eventlog. Kind Regards, Tom On Fri, Dec 22, 2017 at 3:20 PM, xxxxx@yahoo.com <xxxxx@lists.osr.com> wrote: > My 2012 R2 terminal server has been crashing every once in a while. I've > tried to go through the dump files but I'm not good at reading them to get > to the root cause. Thought I could get some help here at understanding them > so I can find a solution to this problem. Here is the dump log. > > Crash Dump Analysis provided by OSR Open Systems Resources, Inc. ( > http://www.osr.com) > Online Crash Dump Analysis Service > See http://www.osronline.com for more information > Windows 8 Kernel Version 9600 MP (8 procs) Free x64 <...excess quoted lines suppressed...> --
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the windbg list to be able to post.

All times are GMT -5. The time now is 12:59.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license