none
用户注销时蓝屏 RRS feed

  • 问题

  • 问题:

    OS:  Windows server 2008 R2

    次数:3次

    现象:多用户模式使用,当管理员注销某个用户时发生蓝屏。

    windbg分析dump如下:

    10: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SESSION_HAS_VALID_POOL_ON_EXIT (ab)
    Caused by a session driver not freeing its pool allocations prior to a
    session unload.  This indicates a bug in win32k.sys, atmfd.dll,
    rdpdd.dll or a video driver.
    Arguments:
    Arg1: 0000000000000004, session ID
    Arg2: 0000000000001130, number of paged pool bytes that are leaking
    Arg3: 0000000000000000, number of nonpaged pool bytes that are leaking
    Arg4: 0000000000000002, total number of paged and nonpaged allocations that are leaking.
        nonpaged allocations are in the upper half of this word,
        paged allocations are in the lower half of this word.

    Debugging Details:
    ------------------

    PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for details

    CORRUPTING_POOL_TAG:  Gh47

    BUGCHECK_STR:  0xAB_Gh47

    IMAGE_NAME:  win32k.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  53c5e08a

    MODULE_NAME: win32k

    FAULTING_MODULE: fffff960000c0000 win32k

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff8000246779f to fffff800020c1bc0

    STACK_TEXT:  
    fffff880`0e8cd988 fffff800`0246779f : 00000000`000000ab 00000000`00000004 00000000`00001130 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0e8cd990 fffff800`02306927 : fffff880`07a6fb40 fffff880`07a6f000 fffff880`07a6f000 fffffa80`22166720 : nt!MiCheckSessionPoolAllocations+0x13f
    fffff880`0e8cd9d0 fffff800`02402415 : fffff880`0e8cda68 fffffa80`22166720 ffffffff`ffffff89 fffff880`07a6f000 : nt!MiDereferenceSessionFinal+0x137
    fffff880`0e8cda70 fffff800`02092e0c : fffff800`0224f940 00000000`00000001 00000000`00000000 fffffa80`1fe7b630 : nt! ?? ::NNGAKEGL::`string'+0x23fd5
    fffff880`0e8cdaa0 fffff800`0239705a : fffff8a0`039968b0 00000000`00000000 00000000`00000000 fffffa80`22166720 : nt!MmCleanProcessAddressSpace+0x610
    fffff880`0e8cdaf0 fffff800`02397431 : 00000000`00000000 fffff800`0235d701 00000000`00000000 fffffa80`1fdf2770 : nt!PspExitThread+0x56a
    fffff880`0e8cdbf0 fffff800`020b28e6 : fffff800`0223ce80 00000000`00000080 fffffa80`22166720 00000000`00000200 : nt!PspTerminateThreadByPointer+0x4d
    fffff880`0e8cdc40 00000000`00000000 : fffff880`0e8ce000 fffff880`0e8c8000 fffff880`0e8cd840 00000000`00000000 : nt!KiStartSystemThread+0x16


    STACK_COMMAND:  kb

    FOLLOWUP_NAME:  MachineOwner

    FAILURE_BUCKET_ID:  X64_CORRUPTING_POOLTAG_Gh47

    BUCKET_ID:  X64_CORRUPTING_POOLTAG_Gh47

    Followup: MachineOwner

    PS:我在技术论坛上搜过,也发现此问题已经有讨论,按照论坛方法---更新windows 补丁,更新过后,重启前注销用户时又蓝了。

    请各位大牛帮帮我,谢谢!

    2015年1月13日 6:56

答案

  • 你好,

    >>DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
         PROCESS_NAME:  csrss.exe

    根据错误信息,建议更新一下系统驱动。另外,最近装了什么第三方驱动了吗? 如果有的话,请把它卸载掉看问题会不会存在。再有,可以用杀毒软件扫描一下系统。


    2015年1月15日 7:25
    版主