none
系统蓝屏 RRS feed

  • 问题

  • 服务器是 HP DL388 G7 SmartStart 新装的系统。上面的应用有TMG SP2 2010和Hyper-V。之前这台机器就有了蓝屏问题,这次特地重装,并打完了TMG的补丁。但是由于时间问题,系统补丁没打。3天后查看系统日志,发现蓝屏过2次,具体信息如下:


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\042813-19562-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*D:symbolsDown*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: Server, suite: TerminalServer DataCenter SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`0160f000 PsLoadedModuleList = 0xfffff800`01854e90
    Debug session time: Sun Apr 28 20:43:00.931 2013 (UTC + 8:00)
    System Uptime: 0 days 0:52:14.681
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 80050033, 6f8, fffff80001698ef5}

    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 0000000080050033
    Arg3: 00000000000006f8
    Arg4: fffff80001698ef5

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x7f_8

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff8000168ebe9 to fffff8000168f640

    STACK_TEXT:  
    fffff880`009ccce8 fffff800`0168ebe9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
    fffff880`009cccf0 fffff800`0168d0b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`009cce30 fffff800`01698ef5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
    fffff880`00959ca0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PoIdle+0x516


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b2
    fffff800`0168d0b2 90              nop

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7951a

    FAILURE_BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

    BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

    Followup: MachineOwner
    ---------


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\050113-15147-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*D:symbolsDown*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: Server, suite: TerminalServer DataCenter SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`0164c000 PsLoadedModuleList = 0xfffff800`01891e90
    Debug session time: Wed May  1 19:04:26.087 2013 (UTC + 8:00)
    System Uptime: 2 days 22:14:12.384
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..................
    Loading User Symbols
    Loading unloaded module list
    .....
    Unable to load image \SystemRoot\system32\drivers\hvboot.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for hvboot.sys
    *** ERROR: Module load completed but symbols could not be loaded for hvboot.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 20001, {6, 4, fffff8810024f000, 1012}

    Probably caused by : hvboot.sys ( hvboot+282e )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    HYPERVISOR_ERROR (20001)
    The hypervisor has encountered a fatal error.
    Arguments:
    Arg1: 0000000000000006
    Arg2: 0000000000000004
    Arg3: fffff8810024f000
    Arg4: 0000000000001012

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x20001_6_4

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    PROCESS_NAME:  cqmghost.exe

    CURRENT_IRQL:  f

    LAST_CONTROL_TRANSFER:  from fffff88000d9482e to fffff800016cc640

    STACK_TEXT:  
    fffff800`02c7cc58 fffff880`00d9482e : 00000000`00020001 00000000`00000006 00000000`00000004 fffff881`0024f000 : nt!KeBugCheckEx
    fffff800`02c7cc60 00000000`00020001 : 00000000`00000006 00000000`00000004 fffff881`0024f000 00000000`00001012 : hvboot+0x282e
    fffff800`02c7cc68 00000000`00000006 : 00000000`00000004 fffff881`0024f000 00000000`00001012 00000000`00000000 : 0x20001
    fffff800`02c7cc70 00000000`00000004 : fffff881`0024f000 00000000`00001012 00000000`00000000 00000000`00000000 : 0x6
    fffff800`02c7cc78 fffff881`0024f000 : 00000000`00001012 00000000`00000000 00000000`00000000 fffff800`01754700 : 0x4
    fffff800`02c7cc80 00000000`00001012 : 00000000`00000000 00000000`00000000 fffff800`01754700 00000000`00000000 : 0xfffff881`0024f000
    fffff800`02c7cc88 00000000`00000000 : 00000000`00000000 fffff800`01754700 00000000`00000000 00000000`00000000 : 0x1012


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    hvboot+282e
    fffff880`00d9482e ??              ???

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  hvboot+282e

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: hvboot

    IMAGE_NAME:  hvboot.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce792cc

    FAILURE_BUCKET_ID:  X64_0x20001_6_4_hvboot+282e

    BUCKET_ID:  X64_0x20001_6_4_hvboot+282e

    Followup: MachineOwner
    ---------

    HYPERVISOR_ERROR (20001)估计能通过系统补丁解决,UNEXPECTED_KERNEL_MODE_TRAP (7f)不是很清楚,请教!谢谢!

    2013年5月2日 9:12

答案

  • 0x20001那个Crash,里面显示你的\SystemRoot\system32\drivers\hvboot.sys 是2010年11月的,这显然还没打过kb2550569,打完应该是12-May-2011的时间戳。

    那么这个就不必看了,打完补丁再说吧。

    ------------------------------------------------

    0x7F那个Crash,双误(Double Faut)的首误发生在另一个已经被切换的线程里,但很遗憾,你是minidump,只记录了当前线程的信息,没法看到那个出错线程的Stack,连它的Base和Limit都看不到,不过我估计是Overflow了

    1: kd> !thread
    GetPointerFromAddress: unable to read from fffff800018c0000
    THREAD fffff880009d0fc0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
    Not impersonating
    GetUlongFromAddress: unable to read from fffff800017fdba4
    Owning Process            0       Image:         <Unknown>
    Attached Process          fffffa8007ee0890       Image:         System
    fffff78000000000: Unable to get shared data
    Wait Start TickCount      168165      
    Context Switch Count      630031            
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime                  00:00:00.000
    KernelTime                00:00:00.000
    Win32 Start Address nt!KiIdleLoop (0xfffff80001687310)
    Stack Init fffff880009d9db0 Current fffff880009d9d40
    Base fffff880009da000 Limit fffff880009d4000 Call 0
    Priority 16 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    fffff880`009ccce8 fffff800`0168ebe9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
    fffff880`009cccf0 fffff800`0168d0b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`009cce30 fffff800`01698ef5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 (TrapFrame @ fffff880`009cce30)
    fffff880`00959ca0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PoIdle+0x516

    1: kd> .trap fffff880`009cce30
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=00000000400000c3
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80001698ef5 rsp=fffff88000959ca0 rbp=0000000000000000
     r8=fffff8000160f000  r9=00000006e47b5e07 r10=00000000000206d0
    r11=fffff880009c6180 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl nz na pe nc
    nt!PoIdle+0x516:
    fffff800`01698ef5 48898424f0000000 mov     qword ptr [rsp+0F0h],rax ss:0018:fffff880`00959d90=????????????????
    1: kd> r ss
    Last set context:
    ss=0018
    1: kd> dd fffff880`00959d90-F0h
    fffff880`00959ca0  ???????? ???????? ???????? ????????
    fffff880`00959cb0  ???????? ???????? ???????? ????????
    fffff880`00959cc0  ???????? ???????? ???????? ????????
    fffff880`00959cd0  ???????? ???????? ???????? ????????
    fffff880`00959ce0  ???????? ???????? ???????? ????????
    fffff880`00959cf0  ???????? ???????? ???????? ????????
    fffff880`00959d00  ???????? ???????? ???????? ????????
    fffff880`00959d10  ???????? ???????? ???????? ????????

    ----------------------------------------------------------------------------

    所以,为了让你的问题尽早得到定位,赶紧把dump类型设置为kernel甚至full吧!(理论上你这个问题kernel dump够了)

    2013年5月6日 10:23

全部回复

  • HYPERVISOR那个,装一下kb2550569看看是不是就不会再出现了?

    0x7F那个,首个参数8,是Double Fault,很可能是x64下24K的内核栈overflow了,因为这种情况下BugCheck时保存现场的栈内存不够用,才会Double Fault,那么理论上你只要找出是哪个驱动占满了某个内核线程的栈(很可能是它有递归调用自己的函数,走不出来了),就可以隔离问题了。

    有debugging基础的话,可以读一下ntdebugging的这两篇blog了解一下

    Kernel Stack Overflows
    http://blogs.msdn.com/b/ntdebugging/archive/2008/02/01/kernel-stack-overflows.aspx

    Part 1: Got Stack? No. We ran out of Kernel Mode Stack and kv won’t tell me why!
    http://blogs.msdn.com/b/ntdebugging/archive/2009/11/25/got-stack-no-we-ran-out-of-kernel-mode-stack-and-kv-won-t-tell-me-why-part-1.aspx

    最后,你的dump在吗?是kernel dump吗?BSOD问题,一般请把dump献出来(如果没什么机密信息的话)





    • 已编辑 Finy 2013年5月2日 9:39
    2013年5月2日 9:34
  • 谢谢!不好意思,周五没上班,回复晚了。附上 MEMORY.dmp ,麻烦看下,谢谢了!!!


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: C:\Users\administrator.XD-UPADI\Desktop
    Executable search path is: 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: Server, suite: TerminalServer DataCenter SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`0164c000 PsLoadedModuleList = 0xfffff800`01891e90
    Debug session time: Wed May  1 19:04:26.087 2013 (UTC + 8:00)
    System Uptime: 2 days 22:14:12.384
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 000007ff`fffd9018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    .....
    *** ERROR: Module load completed but symbols could not be loaded for hvboot.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 20001, {6, 4, fffff8810024f000, 1012}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : hvboot.sys ( hvboot+282e )

    Followup: MachineOwner
    ---------

    2013年5月6日 3:10
  • 第一次蓝屏的full dump已经被覆盖了,附上mini dump文件,麻烦看下,谢谢!!!


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\042813-19562-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\Users\administrator.XD-UPADI\Desktop
    Executable search path is: 
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: Server, suite: TerminalServer DataCenter SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`0160f000 PsLoadedModuleList = 0xfffff800`01854e90
    Debug session time: Sun Apr 28 20:43:00.931 2013 (UTC + 8:00)
    System Uptime: 0 days 0:52:14.681
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 80050033, 6f8, fffff80001698ef5}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!KPRCB                                      ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : ntoskrnl.exe ( nt+80640 )

    Followup: MachineOwner
    ---------

    2013年5月6日 3:17
  • 你没指向正确的Symbol,贴出来的!analyze -v信息毫无意义,除了BugCheck Code和4个参数值。

    至少你把symbol指好,再贴出来,才有那么一点点意义。

    更有意义的做法是把你的dump(最好是非minidump)文件share出来,而不是仅仅!analyze -v的输出。

    2013年5月6日 3:22
  • 我主贴里贴出来的是Bugcheck Analysis,我以为你要是的单独的dump信息就特定指了个不存在的目录。我现在的full dump已经被hypervisor的那次蓝屏覆盖了。要么麻烦你加我下QQ我把minidump传你,谢了!QQ: 786157780
    2013年5月6日 6:02
  • 我主贴里贴出来的是Bugcheck Analysis,我以为你要是的单独的dump信息就特定指了个不存在的目录。我现在的full dump已经被hypervisor的那次蓝屏覆盖了。要么麻烦你加我下QQ我把minidump传你,谢了!QQ: 786157780

    抱歉,我不是微软技术支持人员。。。

    论坛上的交流,还是以公开方式为主吧,QQ就免了,方便的话你把dump上传到一个大家都可以下载的地方吧。

    2013年5月6日 6:11
  • 没事,主要是我自己不用网盘平时。问同事要了个华为网盘,链接是两个mini dump文件,麻烦看下,谢了!

    http://dl.vmall.com/c0a6djbuz0

    http://dl.vmall.com/c0y3jb9d6b

    2013年5月6日 9:05
  • 0x20001那个Crash,里面显示你的\SystemRoot\system32\drivers\hvboot.sys 是2010年11月的,这显然还没打过kb2550569,打完应该是12-May-2011的时间戳。

    那么这个就不必看了,打完补丁再说吧。

    ------------------------------------------------

    0x7F那个Crash,双误(Double Faut)的首误发生在另一个已经被切换的线程里,但很遗憾,你是minidump,只记录了当前线程的信息,没法看到那个出错线程的Stack,连它的Base和Limit都看不到,不过我估计是Overflow了

    1: kd> !thread
    GetPointerFromAddress: unable to read from fffff800018c0000
    THREAD fffff880009d0fc0  Cid 0000.0000  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1
    Not impersonating
    GetUlongFromAddress: unable to read from fffff800017fdba4
    Owning Process            0       Image:         <Unknown>
    Attached Process          fffffa8007ee0890       Image:         System
    fffff78000000000: Unable to get shared data
    Wait Start TickCount      168165      
    Context Switch Count      630031            
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime                  00:00:00.000
    KernelTime                00:00:00.000
    Win32 Start Address nt!KiIdleLoop (0xfffff80001687310)
    Stack Init fffff880009d9db0 Current fffff880009d9d40
    Base fffff880009da000 Limit fffff880009d4000 Call 0
    Priority 16 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
    Child-SP          RetAddr           : Args to Child                                                           : Call Site
    fffff880`009ccce8 fffff800`0168ebe9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
    fffff880`009cccf0 fffff800`0168d0b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`009cce30 fffff800`01698ef5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 (TrapFrame @ fffff880`009cce30)
    fffff880`00959ca0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PoIdle+0x516

    1: kd> .trap fffff880`009cce30
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=00000000400000c3
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80001698ef5 rsp=fffff88000959ca0 rbp=0000000000000000
     r8=fffff8000160f000  r9=00000006e47b5e07 r10=00000000000206d0
    r11=fffff880009c6180 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up di pl nz na pe nc
    nt!PoIdle+0x516:
    fffff800`01698ef5 48898424f0000000 mov     qword ptr [rsp+0F0h],rax ss:0018:fffff880`00959d90=????????????????
    1: kd> r ss
    Last set context:
    ss=0018
    1: kd> dd fffff880`00959d90-F0h
    fffff880`00959ca0  ???????? ???????? ???????? ????????
    fffff880`00959cb0  ???????? ???????? ???????? ????????
    fffff880`00959cc0  ???????? ???????? ???????? ????????
    fffff880`00959cd0  ???????? ???????? ???????? ????????
    fffff880`00959ce0  ???????? ???????? ???????? ????????
    fffff880`00959cf0  ???????? ???????? ???????? ????????
    fffff880`00959d00  ???????? ???????? ???????? ????????
    fffff880`00959d10  ???????? ???????? ???????? ????????

    ----------------------------------------------------------------------------

    所以,为了让你的问题尽早得到定位,赶紧把dump类型设置为kernel甚至full吧!(理论上你这个问题kernel dump够了)

    2013年5月6日 10:23
  • 谢谢!!!!
    2013年5月7日 1:25
  • 期待下次故障发生后产出的Kernel Dump...
    2013年5月7日 8:20