20,221 questions
svchost gpsvc failing
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 77%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Adrian Chirtoc
126
Reputation points
Hi,
Any ideeas:
The only thing that i found is : https://social.technet.microsoft.com/Forums/en-US/ee06df83-4cf8-4790-9df1-698fedf0d5d0/error-with-svchostexegpsvc-with-module-auditcsedll-after-updating-the-advanced-audit-policy?forum=winserverGP
And i still get the errors, also other applications are failing.
CONTEXT: (.ecxr)
rax=0000011661b52520 rbx=00000116628206d0 rcx=000000007ffe0380
rdx=00007fff8515a348 rsi=0000000000000000 rdi=0000000000000000
rip=00007fff9367626c rsp=0000001465fffa50 rbp=0000001465fffb50
r8=0000000000000000 r9=0000000000000000 r10=0000011661b52260
r11=0000000000000000 r12=00000116628206d0 r13=0000000000000008
r14=0000000000000000 r15=0000011661e4c788
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x280:
00007fff9367626c 440fb74202 movzx r8d,word ptr [rdx+2] ds:00007fff8515a34a=????
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fff9367626c (auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x0000000000000280)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00007fff8515a34a
Attempt to read from address 00007fff8515a34a
PROCESS_NAME: svchost.exe
READ_ADDRESS: 00007fff8515a34a
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00007fff8515a34a
GROUP: netsvcs
FAULTING_SERVICE_NAME: gpsvc
STACK_TEXT:
0000001465fffa50 00007fff93675de7 : 0000011661e4c760 0000000000000000 00007fff9369e000 0000000000000000 : auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+0x280
0000001465fffbc0 00007fff936756b5 : 0000001465fffdc8 0000001465fffdc8 00007fff9368ffe0 00007fff9369e000 : auditcse!CPolicyEnforcer::ConfigureGlobalSaclSettings+0xab
0000001465fffc70 00007fff93675479 : 0000001465fffdc8 0000001465fffdc8 0000001465fffdf0 00007fff9369e000 : auditcse!CPolicyEnforcer::ConfigureAuditSettingsOnSystem+0x1a5
0000001465fffd10 00007fff93672649 : 000001166283e120 0000000000000001 000001166283e120 0000001465fffdf0 : auditcse!CPolicyEnforcer::EnforcePolicy+0x101
0000001465fffda0 00007fff936724c0 : 000001166283e120 0000000000000000 0000011662820790 0000011662820790 : auditcse!PerformPolicyProcessing+0x111
0000001465fffe20 00007fff936723fc : 000001166283e120 0000000000000000 000001166283e120 00007fff9369e000 : auditcse!ProcessGroupPolicyInternal+0x88
0000001465fffe80 00007fffb6867974 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : auditcse!ProcessGroupPolicyThreadProc+0x4c
0000001465fffeb0 00007fffb8efa2f1 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x14
0000001465fffee0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21
SYMBOL_NAME: auditcse!CPolicyEnforcer::MergeGlobalSaclSettings+280
MODULE_NAME: auditcse
IMAGE_NAME: auditcse.dll
STACK_COMMAND: ~12s ; .ecxr ; kb
FAILURE_BUCKET_ID: SVCHOSTGROUP_netsvcs_INVALID_POINTER_READ_c0000005_auditcse.dll!CPolicyEnforcer::MergeGlobalSaclSettings
OS_VERSION: 10.0.17763.1
BUILDLAB_STR: rs5_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 10.0.17763.1
FAILURE_ID_HASH: {af1e6b4e-1438-6229-ed01-861384a2b064}
Followup: MachineOwner
Windows for business | Windows Server | User experience | Other
Sign in to answer