none
win2008 R2 ntoskrnl.exe导致蓝屏 RRS feed

  • 问题

  • 最近经常服务器经常蓝屏重启,工作日平均每天都自动重启一次,下面是蓝屏文件,麻烦哪位大佬帮忙分析下

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\haichs\Desktop\061917-13291-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: *** Invalid ***
    ****************************************************************************
    * Symbol loading may be unreliable without a symbol search path.           *
    * Use .symfix to have the debugger choose a symbol path.                   *
    * After setting your symbol path, use .reload to refresh symbol locations. *
    ****************************************************************************
    Executable search path is: 
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer
    Machine Name:
    Kernel base = 0xfffff800`01a0d000 PsLoadedModuleList = 0xfffff800`01c4f730
    Debug session time: Mon Jun 19 17:53:13.992 2017 (GMT+8)
    System Uptime: 2 days 22:36:42.528
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Unable to load image ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 50, {fffff900c00dc038, 0, fffff960002ebac7, 0}

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    Probably caused by : win32k.sys ( win32k+22bac7 )

    Followup: MachineOwner
    ---------

    7: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except,
    it must be protected by a Probe.  Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: fffff900c00dc038, memory referenced.
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
    Arg3: fffff960002ebac7, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 0000000000000000, (reserved)

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************

    ADDITIONAL_DEBUG_TEXT:  
    Use '!findthebuild' command to search for the target build information.
    If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

    MODULE_NAME: win32k

    FAULTING_MODULE: fffff80001a0d000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  589c921a

    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
     fffff900c00dc038 

    FAULTING_IP: 
    win32k+22bac7
    fffff960`002ebac7 410fba633817    bt      dword ptr [r11+38h],17h

    MM_INTERNAL_CODE:  0

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0x50

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001afa46e to fffff80001a7c440

    STACK_TEXT:  
    fffff880`0b4df598 fffff800`01afa46e : 00000000`00000050 fffff900`c00dc038 00000000`00000000 fffff880`0b4df700 : nt+0x6f440
    fffff880`0b4df5a0 00000000`00000050 : fffff900`c00dc038 00000000`00000000 fffff880`0b4df700 00000000`00000000 : nt+0xed46e
    fffff880`0b4df5a8 fffff900`c00dc038 : 00000000`00000000 fffff880`0b4df700 00000000`00000000 00000000`00000001 : 0x50
    fffff880`0b4df5b0 00000000`00000000 : fffff880`0b4df700 00000000`00000000 00000000`00000001 00000000`00000000 : 0xfffff900`c00dc038


    STACK_COMMAND:  .bugcheck ; kb

    FOLLOWUP_IP: 
    win32k+22bac7
    fffff960`002ebac7 410fba633817    bt      dword ptr [r11+38h],17h

    SYMBOL_NAME:  win32k+22bac7

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  win32k.sys

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    2017年6月26日 2:22

全部回复

  • 您好 haichs

    由于对于蓝屏问题进行排错的步骤比较复杂,很可能需要分析dump文件,而分析dump文件超出了我们论坛的支持范围。为了让您的问题得到及时解决,我建议您使用微软为正版用户提供的8008203800技术支持专线,以便于更好的沟通和交流。您可以初步尝试以下的步骤:

    1. 您可以尝试一次Clean Boot,因为如果启动的程序太多,这使系统资源消耗殆尽,使个别程序需要的数据在内存或虚拟内存中找不到,也会出现异常错误。

    Clean Boot具体步骤:

    a. 运行MSCONFIG。

    b. 在常规下选择 选择性启动。

    d. 在服务下,先点隐藏所有windows 服务,然后选择 全部禁用。

    e. 然后重新启动。观察问题是否依旧发生。

    2.近期是否有做过特殊的操作,比如说安装更新/驱动或者是更换硬件。可以通过卸载近期安装的更新/驱动或者是卸载最近安装的硬件来进行排错。

    3.运行 sfc /scannow的命令来检测系统文件是否有损坏。

    此致

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年6月27日 2:00
    版主
  • 您好 haichs

    目前问题有解决吗? 您可以把有用的回复标记为答复,方便论坛其他相同问题的用户快速找到答案。

    此致

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2017年7月3日 6:30
    版主