none
你好 我的2008R2 一直蓝屏 请帮我看一下到底什么原因

    问题

  • Kernel base = 0xfffff800`01a5b000 PsLoadedModuleList = 0xfffff800`01c9d730 Debug session time: Fri Jul 29 17:54:32.621 2016 (UTC + 8:00) System Uptime: 0 days 3:42:10.199 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ .. Loading User Symbols Loading unloaded module list .......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff900c00d7038, 0, fffff9600022b5eb, 0} Could not read faulting driver name Probably caused by : win32k.sys ( win32k!vRestartKillRFONTList+e7 ) Followup: MachineOwner --------- 9: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* 蓝屏代码以及可能的原因: ================ PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff900c00d7038, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff9600022b5eb, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 7601.23418.amd64fre.win7sp1_ldr.160408-2045 SYSTEM_MANUFACTURER: Dell Inc. SYSTEM_PRODUCT_NAME: PowerEdge R730 SYSTEM_SKU: SKU=NotProvided;ModelName=PowerEdge R730 BIOS_VENDOR: Dell Inc. BIOS_VERSION: 2.1.5 BIOS_DATE: 04/11/2016 BASEBOARD_MANUFACTURER: Dell Inc. BASEBOARD_PRODUCT: 0WCJNT BASEBOARD_VERSION: A01 DUMP_TYPE: 2 BUGCHECK_P1: fffff900c00d7038 BUGCHECK_P2: 0 BUGCHECK_P3: fffff9600022b5eb BUGCHECK_P4: 0 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001d07100 Unable to get MmSystemRangeStart fffff900c00d7038 FAULTING_IP: win32k!vRestartKillRFONTList+e7 fffff960`0022b5eb 410fba633817 bt dword ptr [r11+38h],17h MM_INTERNAL_CODE: 0 CPU_COUNT: 28 CPU_MHZ: 8fc CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3f CPU_STEPPING: 2 CPU_MICROCODE: 6,3f,2,0 (F,M,S,R) SIG: 37'00000000 (cache) 37'00000000 (init) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER BUGCHECK_STR: 0x50 PROCESS_NAME: csrss.exe CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: ROGER ANALYSIS_SESSION_TIME: 07-30-2016 09:35:44.0794 ANALYSIS_VERSION: 10.0.10586.567 amd64fre TRAP_FRAME: fffff8801394d700 -- (.trap 0xfffff8801394d700) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff900c0096ba0 rbx=0000000000000000 rcx=fffffab023f7a1a0 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff9600022b5eb rsp=fffff8801394d890 rbp=fffff900c0d34ca0 r8=00000000ffffffff r9=0000000000002800 r10=0000000000000000 r11=fffff900c00d7000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc win32k!vRestartKillRFONTList+0xe7: fffff960`0022b5eb 410fba633817 bt dword ptr [r11+38h],17h ds:fffff900`c00d7038=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80001b482ee to fffff80001aca400 STACK_TEXT: fffff880`1394d598 fffff800`01b482ee : 00000000`00000050 fffff900`c00d7038 00000000`00000000 fffff880`1394d700 : nt!KeBugCheckEx fffff880`1394d5a0 fffff800`01ac852e : 00000000`00000000 fffff900`c00d7038 00000000`6b6e7100 fffffab0`25b14b10 : nt! ?? ::FNODOBFM::`string'+0x3bc6f fffff880`1394d700 fffff960`0022b5eb : fffff800`01a5b000 fffff800`01c03557 00000000`00000000 fffff880`1394d960 : nt!KiPageFault+0x16e fffff880`1394d890 fffff960`0022b895 : fffff900`c0096c48 00000000`0000020a fffff900`c0d34ca0 00000000`00000000 : win32k!vRestartKillRFONTList+0xe7 fffff880`1394d8f0 fffff960`0023a4bd : fffff960`002df1ec 00000000`000007ff 00000000`00000001 00000000`00000000 : win32k!vRestartKillRFONTList+0x391 fffff880`1394d950 fffff960`00239bd4 : fffff880`121c0c00 00000000`00003dd4 00000000`00000000 00000000`4d504f47 : win32k!GdiMultiUserFontCleanup+0xad fffff880`1394d980 fffff960`000f2d95 : 00000000`00000000 fffff880`121c0000 fffff8a0`295125a0 fffff880`1394d9d8 : win32k!MultiUserNtGreCleanup+0x78 fffff880`1394d9c0 fffff800`01d1492c : 00000000`00000001 00000000`00000000 fffff880`121c0000 fffffab0`48849370 : win32k!Win32KDriverUnload+0xa5 fffff880`1394da10 fffff800`01e1b725 : fffff880`1394daa8 00000000`0000002a 00000000`00000000 fffff880`121c0000 : nt!MiDereferenceSessionFinal+0xfc fffff880`1394dab0 fffff800`01a9d244 : fffff800`01c5c940 fffff8a0`2ad4ec50 00000000`00000000 fffffab0`2596f060 : nt! ?? ::NNGAKEGL::`string'+0x28455 fffff880`1394dae0 fffff800`01d9f7a4 : fffff8a0`2ad4ec50 00000000`00000000 fffffab0`48849370 fffffab0`48849370 : nt!MmCleanProcessAddressSpace+0x628 fffff880`1394db30 fffff800`01d9fa51 : 00000000`00000000 fffff800`01d62b01 00000000`00000000 fffffab0`25ec0650 : nt!PspExitThread+0x944 fffff880`1394dbf0 fffff800`01abc6a6 : fffff880`02189180 00000000`00000080 fffffab0`48849370 00000000`00000246 : nt!PspTerminateThreadByPointer+0x4d fffff880`1394dc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb THREAD_SHA1_HASH_MOD_FUNC: f2db32413f9534bf9483d1476c7012031d6c61df THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0e95462b5306c4851091745268ffc90f570809ab THREAD_SHA1_HASH_MOD: 0a82ca7386ce0fa1d74eaf1112473ef2427af391 FOLLOWUP_IP: win32k!vRestartKillRFONTList+e7 fffff960`0022b5eb 410fba633817 bt dword ptr [r11+38h],17h FAULT_INSTR_CODE: 63ba0f41 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!vRestartKillRFONTList+e7 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 57601cb7 IMAGE_VERSION: 6.1.7601.23471 FAILURE_BUCKET_ID: X64_0x50_win32k!vRestartKillRFONTList+e7 BUCKET_ID: X64_0x50_win32k!vRestartKillRFONTList+e7 PRIMARY_PROBLEM_CLASS: X64_0x50_win32k!vRestartKillRFONTList+e7 TARGET_TIME: 2016-07-29T09:54:32.000Z OSBUILD: 7601 OSSERVICEPACK: 1000 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 144 PRODUCT_TYPE: 3 OSPLATFORM_TYPE: x64 OSNAME: Windows 7 OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer DataCenter OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-04-09 13:46:22 BUILDDATESTAMP_STR: 160408-2045 BUILDLAB_STR: win7sp1_ldr BUILDOSVER_STR: 6.1.7601.23418.amd64fre.win7sp1_ldr.160408-2045 ANALYSIS_SESSION_ELAPSED_TIME: 61e ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x50_win32k!vrestartkillrfontlist+e7 FAILURE_ID_HASH: {2d566953-b14b-2c10-7af2-e2427825f8ca} Followup: MachineOwner --------- 通过下面的分析,我们可以看到win32k.sys试图访问的地址跟处理器返回的地址一致,都是fffff900`c00d7038,表明处理器没有问题(以前遇到过这种类似的报错,后来分析发现是cpu有问题,换了处理器,后来问题消失),但是检查该地址的信息,发现无法读取,这个也正是导致此次蓝屏的原因。 ======================================================================= 9: kd> .trap 0xfffff8801394d700 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff900c0096ba0 rbx=0000000000000000 rcx=fffffab023f7a1a0 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff9600022b5eb rsp=fffff8801394d890 rbp=fffff900c0d34ca0 r8=00000000ffffffff r9=0000000000002800 r10=0000000000000000 r11=fffff900c00d7000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc win32k!vRestartKillRFONTList+0xe7: fffff960`0022b5eb 410fba633817 bt dword ptr [r11+38h],17h ds:fffff900`c00d7038=???????? 9: kd> !pte fffff900`c00d7038 VA fffff900c00d7038 PXE at FFFFF6FB7DBEDF90 PPE at FFFFF6FB7DBF2018 PDE at FFFFF6FB7E403000 PTE at FFFFF6FC806006B8 Unable to get PXE FFFFF6FB7DBEDF90 9: kd> dd fffff900`c00d7038 fffff900`c00d7038 ???????? ???????? ???????? ???????? fffff900`c00d7048 ???????? ???????? ???????? ???????? fffff900`c00d7058 ???????? ???????? ???????? ???????? fffff900`c00d7068 ???????? ???????? ???????? ???????? fffff900`c00d7078 ???????? ???????? ???????? ???????? fffff900`c00d7088 ???????? ???????? ???????? ???????? fffff900`c00d7098 ???????? ???????? ???????? ???????? fffff900`c00d70a8 ???????? ???????? ???????? ???????? 9: kd> .bugcheck Bugcheck code 00000050 Arguments fffff900`c00d7038 00000000`00000000 fffff960`0022b5eb 00000000`00000000 Win32k驱动信息: =========== 9: kd> lmvm win32k Browse full module list start end module name fffff960`00000000 fffff960`00326000 win32k (pdb symbols) e:\symbols\win32k.pdb\B2E109F3901245C6B686B614B13893962\win32k.pdb Loaded symbol image file: win32k.sys Mapped memory image file: e:\symbols\win32k.sys\57601CB7326000\win32k.sys Image path: \SystemRoot\System32\win32k.sys Image name: win32k.sys Browse all global symbols functions data Timestamp: Tue Jun 14 23:03:19 2016 (57601CB7) CheckSum: 00315DA6 ImageSize: 00326000 File version: 6.1.7601.23471 Product version: 6.1.7601.23471 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft? Windows? Operating System InternalName: win32k.sys OriginalFilename: win32k.sys ProductVersion: 6.1.7601.23471 FileVersion: 6.1.7601.23471 (win7sp1_ldr.160614-0600) FileDescription: Multi-User Win32 Driver LegalCopyright: ? Microsoft Corporation. All rights reserved. 系统信息: ====== 9: kd> vertarget Windows 7 Kernel Version 7601 (Service Pack 1) MP (40 procs) Free x64 Product: Server, suite: TerminalServer DataCenter Built by: 7601.23418.amd64fre.win7sp1_ldr.160408-2045 Machine Name: Kernel base = 0xfffff800`01a5b000 PsLoadedModuleList = 0xfffff800`01c9d730 Debug session time: Fri Jul 29 17:54:32.621 2016 (UTC + 8:00) System Uptime: 0 days 3:42:10.199
    2016年8月1日 8:15

答案

全部回复