共用方式為


Windows Server Crashes when enabling MSMQ service

When I enable MSMQ service, the Windows Server crashes with
BSOD.

I collected a full memory dump by configuring HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled
= 1

Reproduce the issue, collected the dump file and after
analysis found as below.

========================================================================

ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
(fc)

An attempt was made to execute non-executable memory.  The guilty driver

is on the stack trace (and is typically the current instruction
pointer).

When possible, the guilty driver's name (Unicode string) is
printed on

the bugcheck screen and saved in KiBugCheckDriver.

Arguments:

Arg1: 000007fa5afc40e0, Virtual address for the attempted
execute.

Arg2: 2ee000011baef025, PTE contents.

Arg3: fffff88004f1d500, (reserved)

Arg4: 0000000080000005, (reserved)

Debugging Details:

------------------

DEFAULT_BUCKET_ID: 
WIN8_DRIVER_FAULT

BUGCHECK_STR:  0xFC

PROCESS_NAME: 
mqsvc.exe

CURRENT_IRQL:  0

TRAP_FRAME: 
fffff88004f1d500 -- (.trap 0xfffff88004f1d500)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=000007fa5af9c950 rbx=0000000000000000
rcx=000000fb06e509a0

rdx=000000fb0a4be8d8 rsi=0000000000000000
rdi=0000000000000000

rip=000007fa5afc40e0 rsp=fffff88004f1d698
rbp=fffff88004f1d831

 r8=fffffa8008449880  r9=0000000000000521 r10=fffffa8008b50640

r11=0000000000000006 r12=0000000000000000
r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0         nv up
ei pl nz na po nc

MQQM!operator
delete:

000007fa`5afc40e0
c20000          ret     0

Resetting default scope

LAST_CONTROL_TRANSFER: 
from fffff8038e004f75 to fffff8038de73240

STACK_TEXT: 

fffff880`04f1d328 fffff803`8e004f75 : 00000000`000000fc
000007fa`5afc40e0 2ee00001`1baef025 fffff880`04f1d500 : nt!KeBugCheckEx

fffff880`04f1d330 fffff803`8df2bf3c : fffff880`04f1d500
fffff803`8e24b3e9 00000000`00000244 fffff880`04f1d42c : nt! ??
::FNODOBFM::`string'+0x3337b

fffff880`04f1d370 fffff803`8deaddad : fffff880`04f1d440
00000000`c0000016 fffffa80`08e5bb00 fffffa80`08449880 : nt! ??
::FNODOBFM::`string'+0x332d3

fffff880`04f1d3c0 fffff803`8de70cee : 00000000`00000008
00000000`00000000 fffff880`009c4100 fffff880`04f1d500 : nt!MmAccessFault+0x3ed

fffff880`04f1d500 000007fa`5afc40e0 : fffff880`05bc7297
00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e

fffff880`04f1d698 fffff880`05bc7297 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : MQQM!operator delete

fffff880`04f1d6a0 fffff880`05bc80d7 : 00000000`00000000
000000fb`0a4be8d8 00000000`00000000 00000000`00000000 :
mqac!ACCreateQueue+0xa77

fffff880`04f1d710 fffff803`8e2890a8 : fffffa80`084012b0
fffffa80`095b4850 fffffa80`00000521 00000000`00000000 :
mqac!ACDeviceControl+0x62b

fffff880`04f1d7b0 fffff803`8e248a23 : fffffa80`08b50604
00000000`00000003 00000000`00000000 fffffa80`08b50640 : nt!IopSynchronousServiceTail+0x158

fffff880`04f1d880 fffff803`8e262106 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
nt!IopXxxControlFile+0xde0

fffff880`04f1da20 fffff803`8de72253 : fffff880`04f1dad8
00000000`00000000 00000000`00000001 00000000`00000000 :
nt!NtDeviceIoControlFile+0x56

fffff880`04f1da90 000007fa`64442bda : 000007fa`5afc6302
00000000`00000000 00000000`00000000 00000000`00000000 :
nt!KiSystemServiceCopyEnd+0x13

000000fb`0a4be878 000007fa`5afc6302 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : ntdll!NtDeviceIoControlFile+0xa

000000fb`0a4be880 000007fa`5afc6ae1 : 000000fb`06e509a0
000000fb`0a4be950 000000fb`06e50c10 00000000`00000000 :
MQQM!ACCreateRemoteProxy+0xce

000000fb`0a4be900 000007fa`5b02bd6d : 000000fb`06e50c10
00000000`00000000 000000fb`00000001 000000fb`06e985f0 :
MQQM!CQueueMgr::OpenRRQueue+0x185

000000fb`0a4be990 000007fa`5b02bf57 : 00000000`00000000
000000fb`0a4beaa1 00000000`00000000 000007fa`5b05ba57 :
MQQM!CAutoCloseNewRemoteReadCtxAndBind::CloseRRContext+0x1b5

000000fb`0a4bea20 000007fa`5afde2c3 : 00000000`00000000
000000fb`06dd455c 000000fb`06e50c10 00000000`00000001 :
MQQM!ImpersonateAndOpenRRQueue+0x17f

000000fb`0a4beb00 000007fa`5afde529 : 00000000`00000001
000000fb`06e50c10 00000000`00000001 000000fb`0a4bf2a8 :
MQQM!OpenQueueForRequest+0xf3

000000fb`0a4beb80 000007fa`5afb3052 : 000000fb`0a4bf020
000000fb`06dd6670 00000000`00000040 00000000`00000040 :
MQQM!qmcomm_v1_0_S_QMOpenQueue+0x1c9

000000fb`0a4bebf0 000007fa`61e94f6d : 000007fa`5af92a92
000000fb`0a4bf020 00000000`00000000 000000fb`0a4bf2a8 :
MQQM!qmcomm_R_QMOpenQueue_Thunk+0x2e

000000fb`0a4bec30 000007fa`61e9604d : 00000000`00000002
00000000`000001ab 000000fb`06dd54b0 00000000`00001060 :
RPCRT4!NdrStubCall2+0x9fd

000000fb`0a4bf270 000007fa`61e821a4 : 000000fb`06d55532
000000fb`00000001 00000000`00000182 000000fb`06dd6520 :
RPCRT4!NdrServerCall2+0x1d

000000fb`0a4bf2a0 000007fa`61e820bd : 00000001`00000000
000000fb`06dd54c0 000000fb`0a4bf4e0 00000001`00000000 : RPCRT4!DispatchToStubInCNoAvrf+0x14

000000fb`0a4bf2f0 000007fa`61e829b3 : 00000002`00000001
00000000`00000000 00000000`00000000 000007fa`61530000 :
RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x17d

000000fb`0a4bf490 000007fa`61e825fc : 00000000`000003a0
00000000`00000001 00000000`00000000 00000000`002f499c :
RPCRT4!LRPC_SCALL::DispatchRequest+0x91e

000000fb`0a4bf590 000007fa`61f14f32 : 000000fb`06dd6520
000000fb`06dd54e0 000000fb`06dd54e0 00000000`00000000 :
RPCRT4!LRPC_SCALL::HandleRequest+0x7d2

000000fb`0a4bf6e0 000007fa`61f14d08 : 00000000`00000000
000000fb`06dd6520 00000000`00000000 00000000`00000000 :
RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x172

000000fb`0a4bf750 000007fa`61f11b63 : 000000fb`06d9cae0
000000fb`06dd4480 000000fb`0a4bf8c0 000000fb`06d9cae0 : RPCRT4!LRPC_ADDRESS::HandleRequest+0x128

000000fb`0a4bf7c0 000007fa`61e815eb : 00000000`00000000
000000fb`06da9530 000000fb`06d9cbe8 00000000`00000000 :
RPCRT4!LRPC_ADDRESS::ProcessIO+0xbfc

000000fb`0a4bf970 000007fa`64450656 : 000000fb`06dd40e0
00000000`00000000 000000fb`06d90210 000000fb`06dd4440 :
RPCRT4!LrpcIoComplete+0x97

000000fb`0a4bfa00 000007fa`644477d6 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
ntdll!TppAlpcpExecuteCallback+0x1f6

000000fb`0a4bfa70 000007fa`61841842 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
ntdll!TppWorkerThread+0x388

000000fb`0a4bfd10 000007fa`64480dfd : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
KERNEL32!BaseThreadInitThunk+0x1a

000000fb`0a4bfd40 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
ntdll!RtlUserThreadStart+0x1d

STACK_COMMAND:  kb

FOLLOWUP_IP:

mqac!ACCreateQueue+a77

fffff880`05bc7297 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME: 
mqac!ACCreateQueue+a77

FOLLOWUP_NAME: 
MachineOwner

MODULE_NAME: mqac

IMAGE_NAME:  mqac.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 
5010abc2

BUCKET_ID_FUNC_OFFSET: 
a77

FAILURE_BUCKET_ID: 
0xFC_mqac!ACCreateQueue

BUCKET_ID: 
0xFC_mqac!ACCreateQueue

Followup: MachineOwner

===========================================================================================================

This is the exact same issue as mentioned in https://support.microsoft.com/en-us/kb/2840622

Install the hotfix 2840622 to resolve this issue.

Hope this helps.