none
麻烦请帮看一下这个蓝屏是由于什么原因导致的。十分感谢 ! RRS feed

  • 问题

  • Microsoft (R) Windows Debugger  Version 6.6.0007.5
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\all\040513-53773-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: .sympath+ SRV*d:\tmp*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Vista Kernel Version 7601 (Service Pack 1) MP (32 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Kernel base = 0xfffff800`01a4f000 PsLoadedModuleList = 0xfffff800`01c94670
    Debug session time: Fri Apr  5 12:15:06.270 2013 (GMT+8)
    System Uptime: 41 days 23:13:48.559
    Loading Kernel Symbols
    ................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {99, fffff8a04bf00010, 0, 0}

    Probably caused by : memory_corruption ( nt!MiDeleteSegmentPages+112 )

    Followup: MachineOwner
    ---------

    24: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 0000000000000099, Attempt to free pool with invalid address  (or corruption in pool header)
    Arg2: fffff8a04bf00010, Address being freed
    Arg3: 0000000000000000, 0
    Arg4: 0000000000000000, 0

    Debugging Details:
    ------------------


    FAULTING_IP:
    nt!MiDeleteSegmentPages+112
    fffff800`01a92a52 4c8b8424d0000000 mov     r8,qword ptr [rsp+0D0h]

    BUGCHECK_STR:  0xc2_99

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001f553dc to fffff80001acbc40

    STACK_TEXT: 
    fffff880`031a29b8 fffff800`01f553dc : 00000000`000000c2 00000000`00000099 fffff8a0`4bf00010 00000000`00000000 : nt!KeBugCheckEx
    fffff880`031a29c0 fffff800`01b7b6e1 : 00000000`00000000 fffff8a0`95d87300 fffff8a0`00000000 fffff800`01bfafbd : nt!VerifierBugCheckIfAppropriate+0x3c
    fffff880`031a2a00 fffff800`01bf9c73 : fffff8a0`4bf00000 00000000`00000870 00000000`0000007f 00000000`00000110 : nt!VerifierFreeTrackedPool+0x41
    fffff880`031a2a40 fffff800`01a92a52 : 00000000`00000000 fffff8a0`4bf00210 fffffa80`26609500 fffff800`01dc2d86 : nt!ExDeferredFreePool+0x129f
    fffff880`031a2af0 fffff800`01d6b25f : fffffa80`26609480 00000000`00000011 00000000`0008c081 fffffa80`26259830 : nt!MiDeleteSegmentPages+0x112
    fffff880`031a2bc0 fffff800`01b1918d : fffffa80`26609488 00000000`00000001 00000000`00000000 00000000`00000631 : nt!MiSegmentDelete+0x7b
    fffff880`031a2c00 fffff800`01b19051 : 00000000`00000000 00000000`00000080 fffffa80`19a70040 fffffa80`00000012 : nt!MiProcessDereferenceList+0x131
    fffff880`031a2cc0 fffff800`01d66fee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiDereferenceSegmentThread+0x10d
    fffff880`031a2d40 fffff800`01abd5e6 : fffff880`02881180 fffffa80`19abd9c0 fffff880`0288c6c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
    fffff880`031a2d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!MiDeleteSegmentPages+112
    fffff800`01a92a52 4c8b8424d0000000 mov     r8,qword ptr [rsp+0D0h]

    SYMBOL_STACK_INDEX:  4

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

    SYMBOL_NAME:  nt!MiDeleteSegmentPages+112

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  X64_0xc2_99_nt!MiDeleteSegmentPages+112

    BUCKET_ID:  X64_0xc2_99_nt!MiDeleteSegmentPages+112

    Followup: MachineOwner
    ---------

    2013年4月7日 2:30

答案

  • 楼主这个CrashDump是mini的,意义不大,只能看到Stack,看不到stack里refer出去的指针值。

    从Bugcheck Code C2来看,罪魁祸首未必能在此dump中体现出来。简单说来,是一个含BUG的驱动程序在Crash之前的很早之前破坏了内存中的一些引用指针,而当你的一个进程退出时,系统的后台内存释放线程再次试图释放那篇内存时,造成了违规。

    诊断这种问题,需要启用Driver Verifier(系统内置,运行verifier并进行配置),以便在下次问题发生时,第一时间Crash系统并产生Dump,以便抓到该BUG驱动的Call Stack。

    并且,建议你把Dump类型先改为Kernel Dump,因为minidump实在不利于分析。

    2013年4月9日 7:41

全部回复

  • 0x000000C2 错误表示一个内核层的进程或驱动程序错误地访问内存,通常是因为内存品质有问题,或者驱动程序或应用软件存在 BUG 引起的。

    在IT的路上,You'll never walk alone

    2013年4月7日 2:42
  • 楼主这个CrashDump是mini的,意义不大,只能看到Stack,看不到stack里refer出去的指针值。

    从Bugcheck Code C2来看,罪魁祸首未必能在此dump中体现出来。简单说来,是一个含BUG的驱动程序在Crash之前的很早之前破坏了内存中的一些引用指针,而当你的一个进程退出时,系统的后台内存释放线程再次试图释放那篇内存时,造成了违规。

    诊断这种问题,需要启用Driver Verifier(系统内置,运行verifier并进行配置),以便在下次问题发生时,第一时间Crash系统并产生Dump,以便抓到该BUG驱动的Call Stack。

    并且,建议你把Dump类型先改为Kernel Dump,因为minidump实在不利于分析。

    2013年4月9日 7:41