none
Restart and Blue Screen Happens everyday!

    问题

  • dear all:

    It's been happening these days in a row, somebody please tell me what's going on, thank you so much!

    OS :windows server 2008R2

    PS :crash dump

     kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: fffff8a01eac14e8, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff80001a03b05, address which referenced memory

    Debugging Details:
    ------------------


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  7601.18247.amd64fre.win7sp1_gdr.130828-1532

    SYSTEM_MANUFACTURER:  Intel Corporation

    SYSTEM_PRODUCT_NAME:  S2600CP

    SYSTEM_SKU:  00

    SYSTEM_VERSION:  ....................

    BIOS_VENDOR:  Intel Corp.

    BIOS_VERSION:  SE5C600.86B.02.03.0003.041920141333

    BIOS_DATE:  04/19/2014

    BASEBOARD_MANUFACTURER:  Intel Corporation

    BASEBOARD_PRODUCT:  S2600CP

    BASEBOARD_VERSION:  G50768-511

    DUMP_TYPE:  2

    BUGCHECK_P1: fffff8a01eac14e8

    BUGCHECK_P2: 2

    BUGCHECK_P3: 0

    BUGCHECK_P4: fffff80001a03b05

    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nt!ExDeferredFreePool+249
    fffff800`01a03b05 4c395808        cmp     qword ptr [rax+8],r11

    CPU_COUNT: 20

    CPU_MHZ: 7cb

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3e

    CPU_STEPPING: 4

    CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 424'00000000 (cache) 424'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

    PROCESS_NAME:  w3wp.exe

    ANALYSIS_SESSION_HOST:  svr12

    ANALYSIS_SESSION_TIME:  08-11-2016 09:51:23.0959

    ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

    DPC_STACK_BASE:  FFFFF88006A62FB0

    TRAP_FRAME:  fffff88006a628d0 -- (.trap 0xfffff88006a628d0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8a01eac14e0 rbx=0000000000000000 rcx=fffff88000967240
    rdx=fffff8a00a587270 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80001a03b05 rsp=fffff88006a62a60 rbp=0000000000000000
     r8=fffff8a02fc71540  r9=fffff8a00a5872a0 r10=0000000000000001
    r11=fffff8a00a5872b0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    nt!ExDeferredFreePool+0x249:
    fffff800`01a03b05 4c395808        cmp     qword ptr [rax+8],r11 ds:fffff8a0`1eac14e8=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800018ce169 to fffff800018cebc0

    STACK_TEXT:  
    fffff880`06a62788 fffff800`018ce169 : 00000000`0000000a fffff8a0`1eac14e8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`06a62790 fffff800`018ccde0 : 00000000`00000003 00000000`00000006 00000000`00000148 00000000`00000001 : nt!KiBugCheckDispatch+0x69
    fffff880`06a628d0 fffff800`01a03b05 : 00000000`253cab90 00000000`00000000 fffffa83`17078a50 fffff800`018d25d1 : nt!KiPageFault+0x260
    fffff880`06a62a60 fffff800`01a024f1 : fffffa83`17158100 fffff8a0`41939510 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0x249
    fffff880`06a62af0 fffff880`00d8f02e : fffff880`088e3000 00000000`00000000 00000000`20206d56 fffffa83`00000535 : nt!ExFreePoolWithTag+0x411
    fffff880`06a62ba0 fffff800`018d25d1 : fffffa83`7ffd67db fffff880`012d307d fffffa83`02f98008 fffff880`01334eb4 : volmgrx!VmxpDiskExtentManageAttributesCompletionRoutine+0x5e
    fffff880`06a62bd0 fffff880`061f4404 : 00000000`0000000b 00000000`00000000 00000000`00000002 00000000`00000000 : nt!IopfCompleteRequest+0x341
    fffff880`06a62cc0 00000000`0000000b : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa83`178c0de0 : iaStorF+0x2404
    fffff880`06a62cc8 00000000`00000000 : 00000000`00000002 00000000`00000000 fffffa83`178c0de0 fffff800`018d25d1 : 0xb


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  57607a092ee72c7897fbee2f49a3d6603babe736

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  34145761e543af4c8e21630e60b768494d1a9713

    THREAD_SHA1_HASH_MOD:  622712256f7a17c9c27e869138ff162368c10574

    FOLLOWUP_IP: 
    nt!ExDeferredFreePool+249
    fffff800`01a03b05 4c395808        cmp     qword ptr [rax+8],r11

    FAULT_INSTR_CODE:  858394c

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nt!ExDeferredFreePool+249

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    IMAGE_VERSION:  6.1.7601.18247

    MODULE_NAME: Pool_Corruption

    FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExDeferredFreePool+249

    BUCKET_ID:  X64_0xC5_2_nt!ExDeferredFreePool+249

    PRIMARY_PROBLEM_CLASS:  X64_0xC5_2_nt!ExDeferredFreePool+249

    TARGET_TIME:  2016-08-10T23:37:50.000Z

    OSBUILD:  7601

    OSSERVICEPACK:  1000

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  274

    PRODUCT_TYPE:  3

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 7

    OSEDITION:  Windows 7 Server (Service Pack 1) Enterprise TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2013-08-29 09:13:25

    BUILDDATESTAMP_STR:  130828-1532

    BUILDLAB_STR:  win7sp1_gdr

    BUILDOSVER_STR:  6.1.7601.18247.amd64fre.win7sp1_gdr.130828-1532

    ANALYSIS_SESSION_ELAPSED_TIME: 77e

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xc5_2_nt!exdeferredfreepool+249

    FAILURE_ID_HASH:  {d7d883d2-bf7a-4d64-421b-e996f9e683cf}

    Followup:     Pool_corruption
    ---------




    2016年8月11日 6:14

答案

全部回复

  • Hi Kesterchan 你好,

    一般来说,DRIVER_CORRUPTED_EXPOOL (c5)这个错误提示表示的是: The kernel attempted to access pageable memory (or perhaps completely invalid memory) when the IRQL was too high.  在很多情况下,可能是驱动坏了。你可以用驱动检测工具去查看一下。

    这是微软关于对应这个error 的解释,你可以仔细阅读一下

    https://msdn.microsoft.com/en-us/library/windows/hardware/ff560192%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

    这是类似的debug log 在window 7 蓝屏的情况,你可以参考一下.

    https://social.technet.microsoft.com/Forums/en-US/864e2085-a34b-43a5-9a53-30437f18a786/blue-screen-happens-everyday?forum=w7itprogeneral

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年8月11日 7:51
    版主
  • Hi Mary Dong :

            还有我的windows server 2008 R2 最近非常多非正常重启的情况,会出现ID 6008的错误事件,最近每天都有2~3次自动的重启情况,如何解决此问题?

    看到你们之前的答复是操作如下:

    1. 在启动与故障恢复中取消自动重新启动选项。

    a. 右键点击“我的电脑”→“属性”→“高级”→“启动与故障恢复”→“设置”→取消“自动重新重启”选项。

    取消自动重新启动选项对系统的稳定性等各方面会有哪些影响的?其实这样是不是只是解决事情的表面,还是需要查出导致系统不稳定的主要原因的呢?十分期待您的答复,感谢!

    Best Regards,

    Kester

    2016年8月11日 9:51
  • Hi Kester,

    如果服务器出现了非正常重启的话,会出现ID 6008的错误事件.  如果仅仅只是这个event, 没有其他的信息,那我们可以尝试用你提到的方法作为一种排错,可以尝试看看取消后是不是还有会出现这样的情况。但你这边出现了蓝屏,和具体的log,那么主要原因应该还是看具体的log。因为event 6008的记录是由于非正常重启导致,还是要找到具体的原因。

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年8月11日 11:46
    版主
  • Hi Mary,

           非法自动重启,Eventlog ID 6008的错误事件日志:【上一次系统的 21:XX:XX 在 ‎2016/‎8/‎10 上的关闭是意外的。】似乎并没有太多可用的信息,最近三天发生6次重启的情况,其中只有一次是上面crash dump蓝屏,其他均为非法自动重启情况,windows日志并没有太多的日志提供判断,而且从第三方监控当时系统资源负载并不会太高。6008的记录,我们将如何查找具体原因?其他您的答复,十分感谢!

    Best Regards,

    Kester

    2016年8月12日 3:07
  • Hi Kester,

    确实有很多非正常的启动会引起事件event 6008。硬件问题,电源突然断电等都有可能,在你的情况中,频繁的重启,肯定不太正常。这个蓝屏的crash log 能够说明一些问题。

    你可以参考下面具体的基本排错方法做一个简单排错,如果最后还是无法找出原因,你可以尝试致电微软得到更专业的支持。

    https://support.microsoft.com/zh-cn/kb/3106831

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年8月12日 5:32
    版主
  • dear  mary,

          我们停止其他服务只保留IIS服务,平稳运行6天左右之后,再次发生蓝屏,(以下为蓝屏代码,似乎和之前的是一致的),之前您说的关于驱动问题,微软有提供哪些tools检查驱动等工具的吗?我需要彻底排除造成蓝屏的原因,十分感谢!

    Best Regards,

    Kester

    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: fffff8a03ad4a230, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff800019feb13, address which referenced memory

    Debugging Details:
    ------------------


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  7601.18247.amd64fre.win7sp1_gdr.130828-1532

    SYSTEM_MANUFACTURER:  Intel Corporation

    SYSTEM_PRODUCT_NAME:  S2600CP

    SYSTEM_SKU:  00

    SYSTEM_VERSION:  ....................

    BIOS_VENDOR:  Intel Corp.

    BIOS_VERSION:  SE5C600.86B.02.03.0003.041920141333

    BIOS_DATE:  04/19/2014

    BASEBOARD_MANUFACTURER:  Intel Corporation

    BASEBOARD_PRODUCT:  S2600CP

    BASEBOARD_VERSION:  G50768-511

    DUMP_TYPE:  2

    BUGCHECK_P1: fffff8a03ad4a230

    BUGCHECK_P2: 2

    BUGCHECK_P3: 0

    BUGCHECK_P4: fffff800019feb13

    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nt!ExDeferredFreePool+257
    fffff800`019feb13 4c3918          cmp     qword ptr [rax],r11

    CPU_COUNT: 20

    CPU_MHZ: 7cb

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3e

    CPU_STEPPING: 4

    CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 424'00000000 (cache) 424'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

    PROCESS_NAME:  System

    ANALYSIS_SESSION_HOST:  SVR12

    ANALYSIS_SESSION_TIME:  08-16-2016 14:52:46.0317

    ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

    TRAP_FRAME:  fffff88006a5b560 -- (.trap 0xfffff88006a5b560)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8a03ad4a230 rbx=0000000000000000 rcx=fffff880009692f0
    rdx=fffff8a03ae1c780 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800019feb13 rsp=fffff88006a5b6f0 rbp=0000000000000000
     r8=fffff8a0bbd0b010  r9=fffff8a03ae1c940 r10=0000000000000001
    r11=fffff8a03ae1c950 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!ExDeferredFreePool+0x257:
    fffff800`019feb13 4c3918          cmp     qword ptr [rax],r11 ds:fffff8a0`3ad4a230=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800018c9169 to fffff800018c9bc0

    STACK_TEXT:  
    fffff880`06a5b418 fffff800`018c9169 : 00000000`0000000a fffff8a0`3ad4a230 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`06a5b420 fffff800`018c7de0 : 00000000`00000000 00000000`55550000 00000000`00000000 00000000`00000002 : nt!KiBugCheckDispatch+0x69
    fffff880`06a5b560 fffff800`019feb13 : fffffa83`02fb9008 fffff880`012d6091 b0ec6710`00000000 00000000`580c0000 : nt!KiPageFault+0x260
    fffff880`06a5b6f0 fffff800`019fd4f1 : fffffa83`8276b5e0 fffff8a0`0abc3220 fffff880`0811f0c8 fffff880`012d30f5 : nt!ExDeferredFreePool+0x257
    fffff880`06a5b780 fffff880`0102c02e : fffff880`08167000 00000000`00000000 00000000`20206d56 fffffa83`00000535 : nt!ExFreePoolWithTag+0x411
    fffff880`06a5b830 fffff800`018cd5d1 : fffffa83`29e7b6eb fffff880`0126607d fffffa83`02fb9008 fffff880`012c7eb4 : volmgrx!VmxpDiskExtentManageAttributesCompletionRoutine+0x5e
    fffff880`06a5b860 fffff880`061f8404 : 00000000`0000000b 00000000`00000000 00000000`00000002 00000000`00000000 : nt!IopfCompleteRequest+0x341
    fffff880`06a5b950 00000000`0000000b : 00000000`00000000 00000000`00000002 00000000`00000000 fffffa83`2942e730 : iaStorF+0x2404
    fffff880`06a5b958 00000000`00000000 : 00000000`00000002 00000000`00000000 fffffa83`2942e730 fffff800`018cd5d1 : 0xb


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  57607a092ee72c7897fbee2f49a3d6603babe736

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  debe4c5d73e221aaf1882719bef1b50341367f18

    THREAD_SHA1_HASH_MOD:  622712256f7a17c9c27e869138ff162368c10574

    FOLLOWUP_IP: 
    nt!ExDeferredFreePool+257
    fffff800`019feb13 4c3918          cmp     qword ptr [rax],r11

    FAULT_INSTR_CODE:  f18394c

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nt!ExDeferredFreePool+257

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    IMAGE_VERSION:  6.1.7601.18247

    MODULE_NAME: Pool_Corruption

    FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExDeferredFreePool+257

    BUCKET_ID:  X64_0xC5_2_nt!ExDeferredFreePool+257

    PRIMARY_PROBLEM_CLASS:  X64_0xC5_2_nt!ExDeferredFreePool+257

    TARGET_TIME:  2016-08-16T06:39:54.000Z

    OSBUILD:  7601

    OSSERVICEPACK:  1000

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  274

    PRODUCT_TYPE:  3

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 7

    OSEDITION:  Windows 7 Server (Service Pack 1) Enterprise TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2013-08-29 09:13:25

    BUILDDATESTAMP_STR:  130828-1532

    BUILDLAB_STR:  win7sp1_gdr

    BUILDOSVER_STR:  6.1.7601.18247.amd64fre.win7sp1_gdr.130828-1532

    ANALYSIS_SESSION_ELAPSED_TIME: 7cc

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xc5_2_nt!exdeferredfreepool+257

    FAILURE_ID_HASH:  {b4898942-bb59-7211-75d7-b9fcb3aac8aa}

    Followup:     Pool_corruption
    ---------

    2016年8月16日 7:03
  • Hi Kester,

    你可以查看一下Driver Verifier 去查看一下。另外对于更专业的debug log 分析,你可能需要致电微软得到更权威的支持.

    谢谢你的支持.

    https://support.microsoft.com/en-us/kb/244617

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2016年8月16日 7:21
    版主