I’m trying to get a clue why our server has suddenly crashed. According to this it could happen when some kernel code tried to close an invalid handle or a protected handle.
Any direction to understand what kind handle could cause this?
Below are the info from windbg and windows recovery window.
This is a report from windbg:
Loading Dump File [C:\TEMP\022015-48594-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred srv*c:\debuggers*http://msdl.microsoft.com/download/symbols Symbol search path is: srv*c:\debuggers*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64 Product: Server, suite: Enterprise TerminalServer SingleUserTS Built by: 7601.18229.amd64fre.win7sp1_gdr.130801-1533 Machine Name: Kernel base = 0xfffff800`0181e000 PsLoadedModuleList = 0xfffff800`01a616d0 Debug session time: Fri Feb 20 10:20:29.194 2015 (UTC - 6:00) System Uptime: 0 days 20:15:34.826 Loading Kernel Symbols ............................................................... ................................................................ ............. Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 93, {a58, 0, 0, 0} Probably caused by : srv2.sys ( srv2!SrvCloseFile+1d1 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* INVALID_KERNEL_HANDLE (93) This message occurs if kernel code attempts to close or reference a handle that is not a valid handle. Only invalid or protected handles passed to NtClose will cause this bugcheck, unless bad handle detection is enabled. Arguments: Arg1: 0000000000000a58, The handle that NtClose was called with Arg2: 0000000000000000, A protected handle was closed. Arg3: 0000000000000000 Arg4: 0000000000000000, The error occurred closing an invalid kernel handle. Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER BUGCHECK_STR: 0x93 PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre LAST_CONTROL_TRANSFER: from fffff80001afee1f to fffff80001893b80 STACK_TEXT: fffff880`0946b888 fffff800`01afee1f : 00000000`00000093 00000000`00000a58 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffff880`0946b890 fffff800`01b8c604 : 00000000`00000a58 fffffa80`2d5d6990 fffff8a0`00001ad0 00000000`00000a58 : nt! ?? ::NNGAKEGL::`string'+0x31e71 fffff880`0946b920 fffff800`01892e13 : fffffa80`2f1fab50 fffff880`0946b9f0 ffffffff`ffffffff 00000000`000001a0 : nt!ObpCloseHandle+0x94 fffff880`0946b970 fffff800`0188f3d0 : fffff880`05a032c1 fffffa80`2e0697a0 fffff8a0`0734d7f0 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x13 fffff880`0946bb08 fffff880`05a032c1 : fffffa80`2e0697a0 fffff8a0`0734d7f0 ffffffff`ffffffff fffffa80`2e0697a0 : nt!KiServiceLinkage fffff880`0946bb10 fffff880`05a28f08 : 00000000`00000000 fffffa80`2df46e20 fffff780`00000320 fffffa80`2f02bce0 : srv2!SrvCloseFile+0x1d1 fffff880`0946bbd0 fffff880`05a285d0 : fffffa80`2f02ba00 fffffa80`00000000 fffff880`05a22110 fffffa80`30b1b010 : srv2!Smb2ExecuteClose+0x98 fffff880`0946bc80 fffff880`05a2839a : 00000000`0000000f 00000000`00000006 fffffa80`6aca9310 fffffa80`2f02ba40 : srv2!SrvProcessPacket+0xa0 fffff880`0946bcc0 fffff800`01b31bae : 00000000`0000206c fffffa80`2f1fab50 00000000`00000080 fffffa80`2d5d6990 : srv2!SrvProcWorkerThread+0x15a fffff880`0946bd40 fffff800`018848c6 : fffff800`01a0ee80 fffffa80`2f1fab50 fffff800`01a1ccc0 00000008`00000008 : nt!PspSystemThreadStartup+0x5a fffff880`0946bd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: srv2!SrvCloseFile+1d1 fffff880`05a032c1 48837f1000 cmp qword ptr [rdi+10h],0 SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: srv2!SrvCloseFile+1d1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: srv2 IMAGE_NAME: srv2.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4dba2b0a IMAGE_VERSION: 6.1.7601.17608 FAILURE_BUCKET_ID: X64_0x93_srv2!SrvCloseFile+1d1 BUCKET_ID: X64_0x93_srv2!SrvCloseFile+1d1 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x93_srv2!srvclosefile+1d1 FAILURE_ID_HASH: {2ed283b0-a827-9f52-d1e7-a37c5d171413} Followup: MachineOwner ---------
This is the message after the server has recovered:
Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.274.10 Locale ID: 1033 Additional information about the problem: BCCode: 93 BCP1: 0000000000000A58 BCP2: 0000000000000000 BCP3: 0000000000000000 BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 274_3
Answer
Attribution
Source : Link , Question Author : theateist , Answer Author : Community