none
Windows 2003 服务器蓝屏dump文件分析 RRS feed

  • 问题

  • windows 2003 服务器蓝屏重启,以下是dupm文件内容,各位高手帮忙分析下,谢谢!

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Documents and Settings\Administrator\桌面\MEMORY.DMP]
    Kernel Complete Dump File: Full address space is available

    Symbol search path is: SRV*C:\WINDOWS\Symbols2003SP2*C:\WINDOWS\Symbols2003SP2check*C:\WINDOWS\Symbols2008SP2x64*http://msdl.microsoft.com/download/symbols;SRV*C:\WINDOWS\Symbols2003SP2*C:\WINDOWS\Symbols2003SP2check*C:\WINDOWS\Symbols2008SP2x64*http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx*http://msdl.microsoft.com/download/symbols;C:\WINDOWS\Symbols2003SP2check
    Executable search path is: 
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 3790.srv03_sp2_qfe.130703-1535
    Machine Name:
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808b1a08
    Debug session time: Sun Apr 27 00:45:55.426 2014 (GMT+8)
    System Uptime: 0 days 0:51:22.226
    WARNING: Process directory table base 2FBD1000 doesn't match CR3 00039000
    WARNING: Process directory table base 2FBD1000 doesn't match CR3 00039000
    Loading Kernel Symbols
    ...............................................................
    ..........Missing image name, possible paged-out or corrupt data.
    .*** WARNING: Unable to verify timestamp for Unknown_Module_00000000
    Unable to add module at 00000000
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147

    Loading unloaded module list
    ....
    WARNING: .reload failed, module list may be incomplete
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, f7737ff0, 0, 0}

    Missing image name, possible paged-out or corrupt data.
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
    WARNING: .reload failed, module list may be incomplete
    Missing image name, possible paged-out or corrupt data.
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
    WARNING: .reload failed, module list may be incomplete
    Probably caused by : memory_corruption

    Followup: memory_corruption
    ---------

    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: f7737ff0
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    Missing image name, possible paged-out or corrupt data.
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
    WARNING: .reload failed, module list may be incomplete
    Missing image name, possible paged-out or corrupt data.
    Unable to read KLDR_DATA_TABLE_ENTRY at 00000000 - NTSTATUS 0xC0000147
    WARNING: .reload failed, module list may be incomplete

    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=ba85402c ebx=8a65d470 ecx=8a57a020 edx=8480fbf8 esi=8a5552a0 edi=00000000
    eip=f71ad1ef esp=ba854000 ebp=ba85400c iopl=0         nv up ei ng nz na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
    Ntfs!NtfsInitializeTopLevelIrp+0x8:
    f71ad1ef 53              push    ebx
    Resetting default scope

    DEFAULT_BUCKET_ID:  CODE_CORRUPTION

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  1

    TRAP_FRAME:  ba8542d8 -- (.trap 0xffffffffba8542d8)
    ErrCode = 00000000
    eax=cb8bb000 ebx=0000000f ecx=0000000f edx=00000000 esi=8481b020 edi=00000000
    eip=80938c95 esp=ba85434c ebp=ba854388 iopl=0         nv up ei ng nz ac po cy
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293
    nt!CcMapData+0x8c:
    80938c95 8a10            mov     dl,byte ptr [eax]          ds:0023:cb8bb000=e3
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from f71adfc9 to f71ad1ef

    STACK_TEXT:  
    ba85400c f71adfc9 ba85402c 00000001 00000001 Ntfs!NtfsInitializeTopLevelIrp+0x8
    ba8540b0 8083fd13 8a57a020 8480fbf8 8480fbf8 Ntfs!NtfsFsdRead+0x31
    ba8540c4 f7267d3f 8480fdac 8a6e85c0 8480fdd0 nt!IofCallDriver+0x45
    ba8540f0 8083fd13 8a6e53f0 8480fbf8 8480fbf8 fltmgr!FltpDispatch+0x155
    ba854104 ba7a3f00 8a201238 8480fbf8 ba854158 nt!IofCallDriver+0x45
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    ba854174 8083fd13 8a201238 8480fbf8 8480fbf8 0xba7a3f00
    ba854188 f7267d3f 031fb000 8a6e85c0 00000000 nt!IofCallDriver+0x45
    ba8541b4 8083fd13 89a926c8 8480fbf8 8480fbf8 fltmgr!FltpDispatch+0x155
    ba8541c8 808249b4 8a65d158 8481b020 8a65d148 nt!IofCallDriver+0x45
    ba8541e0 808263f4 8a70620b 8a65d180 8a65d160 nt!IoPageRead+0x109
    ba854264 8084732e 00000001 cb8bb000 c032e2ec nt!MiDispatchFault+0xd74
    ba8542c0 8083692c 00000000 cb8bb000 00000000 nt!MmAccessFault+0x64a
    ba8542c0 80938c95 00000000 cb8bb000 00000000 nt!KiTrap0E+0xdc
    ba854388 f71edf2d 8a7062a8 ba8543b8 00000400 nt!CcMapData+0x8c
    ba8543a8 f71eb494 ba854a48 8a45a008 031fb000 Ntfs!NtfsMapStream+0x4b
    ba85441c f71eddf0 ba854a48 8a57a100 e1671ce0 Ntfs!NtfsReadMftRecord+0x86
    ba854454 f71edfac ba854a48 8a57a100 e1671ce0 Ntfs!NtfsReadFileRecord+0x7a
    ba85448c f71ac8a8 ba854a48 e1671cd8 e1671ce0 Ntfs!NtfsLookupInFileRecord+0x37
    ba85459c f71ad674 ba854a48 e1671da0 00000008 Ntfs!NtfsLookupAllocation+0xdd
    ba85476c f71ad82c ba854a48 8480fe00 e1671da0 Ntfs!NtfsPrepareBuffers+0x25d
    ba854948 f71ae156 ba854a48 8480fe00 e1671da0 Ntfs!NtfsNonCachedIo+0x1ee
    ba854a34 f71ae079 ba854a48 8480fe00 00000001 Ntfs!NtfsCommonRead+0xaf5
    ba854be0 8083fd13 8a57a020 8480fe00 8480fe00 Ntfs!NtfsFsdRead+0x113
    ba854bf4 f7267d3f 8480ffb4 8a6e85c0 8480ffd8 nt!IofCallDriver+0x45
    ba854c20 8083fd13 8a6e53f0 8480fe00 8480fe00 fltmgr!FltpDispatch+0x155
    ba854c34 ba7a3f00 8a201238 8480fe00 ba854c88 nt!IofCallDriver+0x45
    ba854ca4 8083fd13 8a201238 8480fe00 8480fe00 0xba7a3f00
    ba854cb8 f7267d3f 00008000 8a6e85c0 00000000 nt!IofCallDriver+0x45
    ba854ce4 8083fd13 89a926c8 8480fe00 8480fe00 fltmgr!FltpDispatch+0x155
    ba854cf8 808249b4 899fd968 8481b020 899fd958 nt!IofCallDriver+0x45
    ba854d10 808263f4 8a2c2c0b 899fd990 899fd970 nt!IoPageRead+0x109
    ba854d94 8084732e 00000001 c94c8000 c0325320 nt!MiDispatchFault+0xd74
    ba854df0 808266b5 00000000 c94c8000 00000000 nt!MmAccessFault+0x64a
    ba854e20 8091e7cb c94c8000 00000000 8480e3f0 nt!MmCheckCachedPageState+0x48e
    ba854eac f71adf03 8a4c8f80 ba854f70 00010000 nt!CcCopyRead+0x391
    ba854f94 f71ae079 84813460 8480e3d8 00000001 Ntfs!NtfsCommonRead+0xc14
    ba855038 8083fd13 8a57a020 8480e3d8 8480e3d8 Ntfs!NtfsFsdRead+0x113
    ba85504c f7267d3f 00000000 8a6e85c0 8a1fecc8 nt!IofCallDriver+0x45
    ba855078 8083fd13 8a6e53f0 8480e3d8 8480e3d8 fltmgr!FltpDispatch+0x155
    ba85508c ba79b5de 8a201238 8480e3d8 00000000 nt!IofCallDriver+0x45
    ba85513c 8083fd13 8a201238 8480e3d8 8480e3d8 0xba79b5de
    ba855150 f7267d3f 8a4c8f80 8a6e85c0 8480e3d8 nt!IofCallDriver+0x45
    ba85517c 8083fd13 89a926c8 8480e3d8 8480e3d8 fltmgr!FltpDispatch+0x155
    ba855190 8092d29a 8480e5b0 8480e3d8 8a4c8f80 nt!IofCallDriver+0x45
    ba8551a4 8093ae07 89a926c8 8480e3d8 8a4c8f80 nt!IopSynchronousServiceTail+0x10b
    ba85523c 808338db 8000631c 00000000 00000000 nt!NtReadFile+0x5d5
    ba85523c 8083b8d5 8000631c 00000000 00000000 nt!KiSystemServicePostCall
    ba8552d8 b9d72d86 8000631c 00000000 00000000 nt!ZwReadFile+0x11
    ba855310 b9d77978 ba855640 00000000 00000000 0xb9d72d86
    ba85543c 8083b641 00000008 00000246 b9d72fe2 0xb9d77978
    ba8554b4 80a87456 e10ab820 8a231e01 ba855568 nt!ZwQueryInformationFile+0x11
    ba855500 80a8556d 8a201300 00000000 f7737120 hal!KfLowerIrql+0x62
    ba855504 8a201300 00000000 f7737120 e42bc338 hal!KeReleaseQueuedSpinLock+0x2d
    ba855524 ba855640 00000000 00000000 00010222 0x8a201300
    ba855528 00000000 00000000 00010222 00000000 0xba855640


    STACK_COMMAND:  .tss 0x28 ; kb

    CHKIMG_EXTENSION: !chkimg -lo 50 -d !hal
        80a853e6-80a853eb  6 bytes - hal!KeAcquireSpinLockRaiseToSynch+16
    [ f7 01 01 00 00 00:e8 1a dd 89 76 90 ]
        80a85515-80a8551b  7 bytes - hal!KeAcquireQueuedSpinLockRaiseToSynch+35 (+0x12f)
    [ f7 40 04 01 00 00 00:e9 dc db 89 76 cc cc ]
    13 errors : !hal (80a853e6-80a8551b)

    MODULE_NAME: memory_corruption

    IMAGE_NAME:  memory_corruption

    FOLLOWUP_NAME:  memory_corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MEMORY_CORRUPTOR:  LARGE

    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

    BUCKET_ID:  MEMORY_CORRUPTION_LARGE

    Followup: memory_corruption
    ---------

    1: kd> lmvm memory_corruption
    start    end        module name

    2014年4月28日 6:00

答案

  • 内存崩溃,应该是ECC 校验错误或者运行的程序的核心驱动错误

    MVP 技术群:66140619,如果想聊Powershell,234454246,如果希望换工作,加12298654,如果只聊技术,加235818241

    2014年4月28日 14:47
    版主