question

Byty avatar image
0 Votes"
Byty asked Byty published

svchost gpsvc failing

Hi,
Any ideeas:
The only thing that i found is : https://social.technet.microsoft.com/Forums/en-US/ee06df83-4cf8-4790-9df1-698fedf0d5d0/error-with-svchostexegpsvc-with-module-auditcsedll-after-updating-the-advanced-audit-policy?forum=winserverGP
And i still get the errors, also other applications are failing.


CONTEXT: (.ecxr)
rax=0000011661b52520 rbx=00000116628206d0 rcx=000000007ffe0380
rdx=00007fff8515a348 rsi=0000000000000000 rdi=0000000000000000
rip=00007fff9367626c rsp=0000001465fffa50 rbp=0000001465fffb50
r8=0000000000000000 r9=0000000000000000 r10=0000011661b52260
r11=0000000000000000 r12=00000116628206d0 r13=0000000000000008
r14=0000000000000000 r15=0000011661e4c788
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x280:
00007fff`9367626c 440fb74202 movzx r8d,word ptr [rdx+2] ds:00007fff`8515a34a=????
Resetting default scope

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fff9367626c (auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x0000000000000280)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00007fff8515a34a
Attempt to read from address 00007fff8515a34a

PROCESS_NAME: svchost.exe

READ_ADDRESS: 00007fff8515a34a

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 00007fff8515a34a

GROUP: netsvcs

FAULTING_SERVICE_NAME: gpsvc

STACK_TEXT:
00000014`65fffa50 00007fff`93675de7 : 00000116`61e4c760 00000000`00000000 00007fff`9369e000 00000000`00000000 : auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x280
00000014`65fffbc0 00007fff`936756b5 : 00000014`65fffdc8 00000014`65fffdc8 00007fff`9368ffe0 00007fff`9369e000 : auditcse!CPolicyEnforcer::ConfigureGlobalSaclSettings+0xab
00000014`65fffc70 00007fff`93675479 : 00000014`65fffdc8 00000014`65fffdc8 00000014`65fffdf0 00007fff`9369e000 : auditcse!CPolicyEnforcer::ConfigureAuditSettingsOnSystem+0x1a5
00000014`65fffd10 00007fff`93672649 : 00000116`6283e120 00000000`00000001 00000116`6283e120 00000014`65fffdf0 : auditcse!CPolicyEnforcer::EnforcePolicy+0x101
00000014`65fffda0 00007fff`936724c0 : 00000116`6283e120 00000000`00000000 00000116`62820790 00000116`62820790 : auditcse!PerformPolicyProcessing+0x111
00000014`65fffe20 00007fff`936723fc : 00000116`6283e120 00000000`00000000 00000116`6283e120 00007fff`9369e000 : auditcse!ProcessGroupPolicyInternal+0x88
00000014`65fffe80 00007fff`b6867974 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : auditcse!ProcessGroupPolicyThreadProc+0x4c
00000014`65fffeb0 00007fff`b8efa2f1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
00000014`65fffee0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


SYMBOL_NAME: auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+280

MODULE_NAME: auditcse

IMAGE_NAME: auditcse.dll

STACK_COMMAND: ~12s ; .ecxr ; kb

FAILURE_BUCKET_ID: SVCHOSTGROUP_netsvcs_INVALID_POINTER_READ_c0000005_auditcse.dll!CPolicyEnforcer::MergeGlobalSaclSettings

OS_VERSION: 10.0.17763.1

BUILDLAB_STR: rs5_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

IMAGE_VERSION: 10.0.17763.1

FAILURE_ID_HASH: {af1e6b4e-1438-6229-ed01-861384a2b064}

Followup: MachineOwner





windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers