BSOD - System_Service_Exception and Kmode_Exception_Not_Handled

C

caolong32

Please help. About two weeks ago my Windows Server 2016 is BSOD and rebooting. Can't figure out what the problem is. Here is my dump analysis:




Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\nguyenl\Desktop\New folder (2)\012920-5859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`2500b000 PsLoadedModuleList = 0xfffff800`2530e020
Debug session time: Wed Jan 29 12:27:34.516 2020 (UTC - 8:00)
System Uptime: 0 days 5:26:42.253
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: 0000000000000000, Address of the instruction which caused the bugcheck
Arg3: ffffa1810dda82b0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816

SYSTEM_MANUFACTURER: VMware, Inc.

VIRTUAL_MACHINE: VMware

SYSTEM_PRODUCT_NAME: VMware Virtual Platform

SYSTEM_VERSION: None

BIOS_VENDOR: Phoenix Technologies LTD

BIOS_VERSION: 6.00

BIOS_DATE: 12/12/2018

BASEBOARD_MANUFACTURER: Intel Corporation

BASEBOARD_PRODUCT: 440BX Desktop Reference Platform

BASEBOARD_VERSION: None

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

DUMP_TYPE: 2

BUGCHECK_P1: c0000005

BUGCHECK_P2: 0

BUGCHECK_P3: ffffa1810dda82b0

BUGCHECK_P4: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

FAULTING_IP:
+0
00000000`00000000 ?? ???

CONTEXT: ffffa1810dda82b0 -- (.cxr 0xffffa1810dda82b0)
rax=0000000000000002 rbx=ffffb88db4ac7118 rcx=ffffb88db4ed6840
rdx=ffffb88db6297e10 rsi=ffffe50c528a4048 rdi=ffffb88db4ac73a0
rip=0000000000000000 rsp=ffffa1810dda8ca0 rbp=ffffe50cc0000010
r8=ffffb88db3d92080 r9=ffffa1810b367180 r10=ffffb88db26946a0
r11=ffffb88db4ed6840 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=fffff8031d9fa000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
00000000`00000000 ?? ???
Resetting default scope

BUGCHECK_STR: 0x3B_c0000005

CPU_COUNT: 4

CPU_MHZ: 893

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3f

CPU_STEPPING: 0

CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER

PROCESS_NAME: lfs.exe

CURRENT_IRQL: 1

ANALYSIS_SESSION_HOST: 25I4GVBMR2

ANALYSIS_SESSION_TIME: 01-29-2020 14:59:06.0208

ANALYSIS_VERSION: 10.0.18362.1 x86fre

LAST_CONTROL_TRANSFER: from ffffb88db4ac73a0 to 0000000000000000

IP_IN_FREE_BLOCK: 0

STACK_TEXT:
ffffa181`0dda8ca0 ffffb88d`b4ac73a0 : ffffe50c`49fe10e8 fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 : 0x0
ffffa181`0dda8ca8 ffffe50c`49fe10e8 : fffff803`00000028 ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a : 0xffffb88d`b4ac73a0
ffffa181`0dda8cb0 fffff803`00000028 : ffffe50c`4835d1a0 ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 : 0xffffe50c`49fe10e8
ffffa181`0dda8cb8 ffffe50c`4835d1a0 : ffffe50c`52b97010 fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 : 0xfffff803`00000028
ffffa181`0dda8cc0 ffffe50c`52b97010 : fffff800`2510095a 00000000`00000103 fffff803`1d9e5604 00000000`00000000 : 0xffffe50c`4835d1a0
ffffa181`0dda8cc8 fffff800`2510095a : 00000000`00000103 fffff803`1d9e5604 00000000`00000000 ffffb88d`b4956c88 : 0xffffe50c`52b97010
ffffa181`0dda8cd0 fffff803`1d9e7822 : ffffe50c`528a4010 ffffe50c`00000000 00000000`00000103 ffffe50c`49fe10d0 : nt!ExAcquirePushLockExclusiveEx+0x13a
ffffa181`0dda8d10 fffff803`1d9e72e8 : ffffe50c`00000000 fffff803`000000e0 01d5886c`d57f6895 00000000`00000000 : peerdistkm!ProcessTrackers+0x4c6
ffffa181`0dda8e20 fffff803`1d9e6e05 : ffffe50c`528a4010 ffffe50c`4914e010 ffffe50c`49fe10d0 ffffe50c`00000000 : peerdistkm!QueueTracker+0x98
ffffa181`0dda8e60 fffff803`1da01df0 : 00000000`00000000 ffffb88d`b4956c88 ffffa181`0dda9020 ffffb88d`b4956c40 : peerdistkm!CreateTransferObject+0x4c9
ffffa181`0dda8ed0 fffff803`1d5df4f1 : 00000000`00000103 ffffb88d`bc36d1e8 ffffa181`0dda9259 00000000`00000000 : peerdistkm!VtHkePublishResponse+0xf00
ffffa181`0dda9120 fffff803`1d687d34 : ffffb88d`b9493780 ffffa181`0dda9259 ffffb88d`bf110010 00000000`00000000 : HTTP!UlHkeIndicatePublishRequest+0xcd
ffffa181`0dda9190 fffff803`1d5cf4c7 : ffffb88d`b81f2460 ffffb88d`b9493780 ffffb88d`b81f2460 ffffb88d`00000000 : HTTP!UlpSendResponseToExtension+0x2e8
ffffa181`0dda92c0 fffff803`1d62c2a9 : ffffb88d`ba4dbe10 000001f0`cc149500 00000000`00000000 ffffb88d`ba4dbe0d : HTTP!UlSendHttpResponse+0x134f7
ffffa181`0dda9390 fffff803`1d5b19c2 : ffffb88d`b4ac7118 fffff800`254b3928 ffffb88d`ba4dbe10 00000000`0000002d : HTTP!UlSendHttpResponseIoctl+0x18a9
ffffa181`0dda97e0 fffff800`25486bc0 : ffffb88d`b36aa570 00000000`00000002 00000000`00000000 fffff803`1d62ca83 : HTTP!UxDeviceControl+0x72
ffffa181`0dda9820 fffff800`25485f5c : ffffb88d`b36aa500 ffffa181`0dda9b04 fffff780`000002dc ffffa181`0dda9b80 : nt!IopSynchronousServiceTail+0x1a0
ffffa181`0dda98e0 fffff800`254851b6 : b88dbf23`6c90a8c9 00000000`00000000 00000000`00000000 000001f0`cb81f540 : nt!IopXxxControlFile+0xd9c
ffffa181`0dda9a20 fffff800`25177903 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffffa181`0dda9a90 00007ffe`66a75b24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000042`1f5fe698 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`66a75b24


THREAD_SHA1_HASH_MOD_FUNC: bf1237ec8bf5093bd9fc09ee9faf4f858117412a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a4960018624ac19b0f80c66b1b212557457e6f3e

THREAD_SHA1_HASH_MOD: af5aad70cf6610539bb2f12a6684d3fa4cc655e3

FOLLOWUP_IP:
peerdistkm!ProcessTrackers+4c6
fffff803`1d9e7822 8bb42410010000 mov esi,dword ptr [rsp+110h]

FAULT_INSTR_CODE: 1024b48b

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: peerdistkm!ProcessTrackers+4c6

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: peerdistkm

IMAGE_NAME: peerdistkm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 57899b6e

IMAGE_VERSION: 10.0.14393.0

STACK_COMMAND: .cxr 0xffffa1810dda82b0 ; kb

BUCKET_ID_FUNC_OFFSET: 4c6

FAILURE_BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers

BUCKET_ID: 0x3B_c0000005_peerdistkm!ProcessTrackers

PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_peerdistkm!ProcessTrackers

TARGET_TIME: 2020-01-29T20:27:34.000Z

OSBUILD: 14393

OSSERVICEPACK: 3383

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 Server TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2019-11-25 21:39:13

BUILDDATESTAMP_STR: 191125-1816

BUILDLAB_STR: rs1_release

BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816

ANALYSIS_SESSION_ELAPSED_TIME: 89e

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x3b_c0000005_peerdistkm!processtrackers

FAILURE_ID_HASH: {245cc320-65d6-a580-60b8-b9f6b2cfa945}

Followup: MachineOwner
**************************************************************************************************************************************************

2nd Dump File Analysis


**************************************************************************************************************************************************




Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\012820-6015-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 14393.3383.amd64fre.rs1_release.191125-1816
Machine Name:
Kernel base = 0xfffff800`02814000 PsLoadedModuleList = 0xfffff800`02b17020
Debug session time: Tue Jan 28 17:28:06.527 2020 (UTC - 8:00)
System Uptime: 0 days 4:58:11.877
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

Debugging Details:
------------------

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************

KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 14393.3383.amd64fre.rs1_release.191125-1816

SYSTEM_MANUFACTURER: VMware, Inc.

VIRTUAL_MACHINE: VMware

SYSTEM_PRODUCT_NAME: VMware Virtual Platform

SYSTEM_VERSION: None

BIOS_VENDOR: Phoenix Technologies LTD

BIOS_VERSION: 6.00

BIOS_DATE: 12/12/2018

BASEBOARD_MANUFACTURER: Intel Corporation

BASEBOARD_PRODUCT: 440BX Desktop Reference Platform

BASEBOARD_VERSION: None

DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump

DUMP_TYPE: 2

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: 0

BUGCHECK_P3: 8

BUGCHECK_P4: 0

CPU_COUNT: 4

CPU_MHZ: 893

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3f

CPU_STEPPING: 0

CPU_MICROCODE: 6,3f,0,0 (F,M,S,R) SIG: 500002C'00000000 (cache) 500002C'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER

BUGCHECK_STR: 0x1E

PROCESS_NAME: lfs.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: 25I4GVBMR2

ANALYSIS_SESSION_TIME: 01-29-2020 15:05:08.0774

ANALYSIS_VERSION: 10.0.18362.1 x86fre

TRAP_FRAME: ffffd18166eceb10 -- (.trap 0xffffd18166eceb10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffd181685efff0 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=ffffd18166ececa0 rbp=ffffaa0a4cb5a2e0
r8=ffffd181685efff0 r9=ffffe38000000000 r10=ffffc28000007920
r11=ffffd18166eceb50 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
00000000`00000000 ?? ???
Resetting default scope

IP_IN_FREE_BLOCK: 0

LAST_CONTROL_TRANSFER: from fffff800029198bd to fffff80002970e00

STACK_TEXT:
ffffd181`66ece278 fffff800`029198bd : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
ffffd181`66ece280 fffff800`02980f02 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x22d
ffffd181`66ece930 fffff800`0297df46 : 00000000`00000001 ffffd181`62a99000 ffffaa0a`00000000 ffff9a06`0a330080 : nt!KiExceptionDispatch+0xc2
ffffd181`66eceb10 00000000`00000000 : 00000000`00000001 00000000`00000000 ffffaa0a`4cb5a010 00000000`00000000 : nt!KiPageFault+0x406


THREAD_SHA1_HASH_MOD_FUNC: 2e9ab7e93b3f60731b8608f9c5cc37cdb42d594f

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e0135b9f23b3f301c86826a28800a02c41ff5583

THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791

FOLLOWUP_IP:
nt!KiDispatchException+22d
fffff800`029198bd cc int 3

FAULT_INSTR_CODE: b68b49cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KiDispatchException+22d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 5ddcba81

IMAGE_VERSION: 10.0.14393.3383

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 22d

FAILURE_BUCKET_ID: 0x1E_nt!KiDispatchException

BUCKET_ID: 0x1E_nt!KiDispatchException

PRIMARY_PROBLEM_CLASS: 0x1E_nt!KiDispatchException

TARGET_TIME: 2020-01-29T01:28:06.000Z

OSBUILD: 14393

OSSERVICEPACK: 3383

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 Server TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2019-11-25 21:39:13

BUILDDATESTAMP_STR: 191125-1816

BUILDLAB_STR: rs1_release

BUILDOSVER_STR: 10.0.14393.3383.amd64fre.rs1_release.191125-1816

ANALYSIS_SESSION_ELAPSED_TIME: b84

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1e_nt!kidispatchexception

FAILURE_ID_HASH: {4c003660-11e1-3fb7-2474-3522eb7ee67b}

Followup: MachineOwner
---------

Continue reading...
 
Back
Top Bottom