我的 Windows 2003 R2 SP2 服务器大约每月崩溃一次。我分析了崩溃转储,但无法真正弄清楚这意味着什么。任何帮助都非常感谢……
Microsoft (R) Windows 调试器版本 6.2.9200.20512 AMD64 版权所有 (c) Microsoft Corporation。保留所有权利。
加载转储文件 [C:\Users\noam\Downloads\MEMORY.DMP] 内核摘要转储文件:只有内核地址空间可用
符号搜索路径为:SRVC:\Windows\符号http://msdl.microsoft.com/download/symbols 可执行文件搜索路径为:Windows Server 2003 内核版本 3790 (Service Pack 2) MP (4 个进程) 免费 x64 产品:服务器,套件:TerminalServer SingleUserTS 构建者:3790.srv03_sp2_qfe.120821-0338 计算机名称:内核基数 = 0xfffff800
01000000 PsLoadedModuleList = 0xfffff800011d8280 调试会话时间:2013 年 3 月 21 日星期四 10:48:04.909 (UTC - 4:00) 系统启动时间:24 天 13:36:09.953 加载内核符号 ................................................................ ................................................................. 加载用户符号 PEB 已分页 (Peb.Ldr = 000007ff`fffdf018)。输入“.hh dbgerr001”了解详细信息 正在加载未加载的模块列表 ....
- *
- 错误检测分析 *
- *
使用!analyze -v获取详细的调试信息。
错误检查 50,{fffffadf28a13000,0,fffff800012c532e,0}
*** 错误:模块加载已完成,但无法为 sptd.sys 加载符号,可能原因为:sptd.sys ( sptd+5fe75 )
后续:MachineOwner
分析-v
- *
- 错误检测分析 *
- *
PAGE_FAULT_IN_NONPAGED_AREA (50) 引用了无效的系统内存。这不能通过 try-except 进行保护,必须通过 Probe 进行保护。通常,地址是坏的,或者指向已释放的内存。参数:Arg1:fffffadf28a13000,引用的内存。Arg2:0000000000000000,值 0 = 读取操作,1 = 写入操作。Arg3:fffff800012c532e,如果非零,则引用坏内存地址的指令地址。Arg4:0000000000000000,(保留)
调试细节:
读取地址:fffffadf28a13000
FAULTING_IP:nt!PspGetSetContextInternal + 203 fffff800`012c532e 488b58f8 mov rbx,qword ptr [rax-8]
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID:驱动程序故障
BUGCHECK_STR: 0x50
进程名称: w3wp.exe
当前 IRQL: 1
TRAP_FRAME: fffffadf1fb32710 -- (.trap 0xfffffadf1fb32710) 注意:陷阱框架不包含所有寄存器。某些寄存器值可能为零或不正确。 rax=fffffadf28a13007 rbx=0000000000000000 rcx=0000000000000001 rdx=000000000000000 rsi=0000000000000000 rdi=000000000000000 rip=fffff800012c532e rsp=fffffadf1fb328a0 rbp=fffffadf228d0b10 r8=0000000000000000 r9=000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=00000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz ac pe nc nt!PspGetSetContextInternal+0x203: fffff800
012c532e 488b58f8 mov rbx,qword ptr [rax-8] ds:fffffadf28a12fff=???????????????? 重置默认范围LAST_CONTROL_TRANSFER:从 fffff800010a69dd 到 fffff8000102eb90
STACK_TEXT:ffffffadf
1fb32638 fffff800010a69dd:0000000000000050 fffffadf28a13000 0000000000000000 fffffadf1fb32710:nt!KeBugCheckEx fffffadf1fb32640 fffff8000102d759:0000000000000000 0000000000000000 0000000000000000 0000000000000000:nt!MmAccessFault + 0xa1f fffffadf1fb32710 fffff800012c532e:0000000000000000 0000000000000000 fffffadf1fb33c70 fffffadf228d05c0:nt!KiPageFault + 0x119 fffffadf1fb328a0 fffff800010425bb:ffffffadf35821040 fffffadf1fb32fa0 fffffadf35821088 0000000000000000: nt!PspGetSetContextInternal+0x203 fffffadf1fb32df0 fffff80001028081: fffffadf385ce018 fffff80000810310 0000000000000001 fffffadf385ce018:nt!PspGetSetContextSpecialApc+0xab fffffadf1fb32f00 fffff80001027c8d: fffffadf358210b8 0000000000000000 0000000000000000 fffffadf35c06558:nt!KiDeliverApc+0x215 fffffadf1fb32fa0 fffffadf28b33e75: fffffadf28b3b91c fffffadf35c06558 fffffadf35c06440 0000000000000000:nt!KiApcInterrupt+0xdd fffffadf1fb33138 fffffadf28b3b91c: fffffadf35c06558 fffffadf35c06440 0000000000000000 0000000000000000 : sptd+0x5fe75 fffffadf1fb33140 fffffadf38ddd2de : fffffadf1fb33240 fffff8000102550f 0000000000000000 fffffadf1fb33248 : sptd+0x6791c fffffadf1fb33220 fffffadf1fb33240 : fffff8000102550f 0000000000000000 fffffadf1fb33248 fffffadf385cc050 : 0xfffffadf38ddd2de fffffadf1fb33228 fffff8000102550f : 0000000000000000 fffffadf1fb33248 fffffadf385cc050 0000000000000000 : 0xfffffadf1fb33240 fffffadf1fb33230 fffff800011ad8fd : 0001100000000000 fffffadf385cc050 0000000180392000 0000000000000002 : nt!IopfCompleteRequest+0x9c8 fffffadf1fb332a0 fffffadf358a8ca0 : 0000000000001000 0000000a1f1e5000 fffffadf385d3040 fffffadf289da2b7 : nt!ExFreePoolWithTag+0x67b fffffadf1fb33360 0000000000001000 : 0000000a1f1e5000 fffffadf385d3040 fffffadf289da2b7 fffffadf385d4cb0 : 0xfffffadf358a8ca0 fffffadf1fb33368 0000000a1f1e5000 : fffffadf385d3040 fffffadf289da2b7 fffffadf385d4cb0 fffffadf1fb33860 : 0x1000 fffffadf1fb33370 fffffadf385d3040 : fffffadf289da2b7 fffffadf385d4cb0 fffffadf1fb33860 fffffadf358a8f68 : 0x0000000a1f1e5000 fffffadf1fb33378 fffffadf289da2b7 : fffffadf385d4cb0 fffffadf1fb33860 fffffadf358a8f68 fffffadf358a8ca0:0xfffffadf385d3040 fffffadf1fb33380 fffffadf28943f92 : fffffadf358a8ca0 fffffadf37eee640 fffffadf358a8f68 fffffadf385d3190 : ftdisk!FtDiskReadWrite+0x1e7 fffffadf1fb333d0 fffffadf2874f361 : 0000000000000000 fffffadf2676915c fffffadf37b811c8 fffffadf 1fb33410358a8ca0 : volsnap!VolSnapRead+0xa2 fffffadffffffadf2875e582 : fffffadf00000000 fffffadf00001000 fffffadf37eee640 fffffadf00000000 : Ntfs!NtfsPagingFileIo+0x202 fffffadf1fb33510 fffffadf28751e2e : fffffadf1fb336a0 fffffadf358a8ca0 fffffadf1fb33601 fffffadf1fb336e0 : Ntfs!NtfsCommonRead+0x4d3 fffffadf1fb336a0 2444c7c88b48d233 : 44c7487346635328 15ff000000982024 762d8b4800002f0d 8b481445ff00008d : Ntfs!NtfsFsdRead+0x262 fffffadf289da3a7 44c7487346635328 : 15ff000000982024 762d8b4800002f0d 8b481445ff00008d 4800002f0a15ffcd : 0x2444c7c88b48d233 fffffadf289da3af 15ff000000982024: 762d8b4800002f0d 8b481445ff00008d 4800002f0a15ffcd 8b1875f08b48c085: 0x44c7487346635328 fffffadf289da3b7 762d8b4800002f0d : 8b481445ff00008d 4800002f0a15ffcd 8b1875f08b48c085 4d8b28458b442c55 : 0x15ff000000982024 fffffadf289da3bf 8b481445ff00008d: 4800002f0a15ffcd 8b1875f08b48c085 4d8b28458b442c55 483055ff1845ff24: 0x762d8b4800002f0d fffffadf289da3c7 4800002f0a15ffcd : 8b1875f08b48c085 4d8b28458b442c55 483055ff1845ff24 c62474f08b48c085 : 0x8b481445ff00008d fffffadf289da3cf 8b1875f08b48c085:4d8b28458b442c55 483055ff1845ff24 c62474f08b48c085 3807058d48017a46:0x4800002f0a15ffcd fffffadf289da3d7 4d8b28458b442c55 : 483055ff1845ff24 c62474f08b48c085 3807058d48017a46 46c6007846c60000 : 0x8b1875f08b48c085 fffffadf289da3df 483055ff1845ff24:c62474f08b48c085 3807058d48017a46 46c6007846c60000 c748004246c60079:0x4d8b28458b442c55 fffffadf289da3e7 c62474f08b48c085 : 3807058d48017a46 46c6007846c60000 c748004246c60079 8948000000001046 : 0x483055ff1845ff24 fffffadf289da3ef 3807058d48017a46 : 46c6007846c60000 c748004246c60079 8948000000001046 ff184b8d486beb06 : 0xc62474f08b48c085 fffffadf289da3f7 46c6007846c60000 : c748004246c60079 8948000000001046 ff184b8d486beb06 a8bb8000002ea415 : 0x3807058d48017a46 fffffadf289da3ff c748004246c60079 : 8948000000001046 ff184b8d486beb06 a8bb8000002ea415 8b483d7400000000 : 0x46c6007846c60000 fffffadf289da407 8948000000001046 : ff184b8d486beb06 a8bb8000002ea415 8b483d7400000000 878d4c000000b897 : 0xc748004246c60079 fffffadf289da40f ff184b8d486beb06 : a8bb8000002ea415 8b483d7400000000 878d4c000000b897 988b8d4c000000a8 : 0x8948000000001046 fffffadf289da417 a8bb8000002ea415 : 8b483d7400000000 878d4c000000b897 988b8d4c000000a8 4901034a80000000 : 0xff184b8d486beb06 fffffadf289da41f 8b483d7400000000 : 878d4c000000b897 988b8d4c000000a8 4901034a80000000 894908894d08518b : 0xa8bb8000002ea415 fffffadf289da427 878d4c000000b897 : 988b8d4c000000a8 4901034a80000000 894908894d08518b 4b8d4802894c0850 : 0x8b483d7400000000 fffffadf289da42f 988b8d4c000000a8:4901034a80000000 894908894d08518b 4b8d4802894c0850 0841894dd0b60f18:0x878d4c000000b897 fffffadf289da437 4901034a80000000 : 894908894d08518b 4b8d4802894c0850 0841894dd0b60f18 abe900002cdb15ff : 0x988b8d4c000000a8 fffffadf289da43f 894908894d08518b:4b8d4802894c0850 0841894dd0b60f18 abe900002cdb15ff 0090b38b48000000:0x4901034a80000000 fffffadf289da447 4b8d4802894c0850 : 0841894dd0b60f18 abe900002cdb15ff 0090b38b48000000 b60f184b8d480000 : 0x894908894d08518b fffffadf289da44f 0841894dd0b60f18 : abe900002cdb15ff 0090b38b48000000 b60f184b8d480000 01000000a883c6d0 : 0x4b8d4802894c0850 fffffadf289da457 abe900002cdb15ff : 0090b38b48000000 b60f184b8d480000 01000000a883c6d0 8b4c00002cbb15ff : 0x0841894dd0b60f18 fffffadf289da45f 0090b38b48000000 : b60f184b8d480000 01000000a883c6d0 8b4c00002cbb15ff 478b48000000b887 : 0xabe900002cdb15ff fffffadf289da467 b60f184b8d480000 : 01000000a883c6d0 8b4c00002cbb15ff 478b48000000b887 468948107e894808 : 0x0090b38b48000000 fffffadf289da46f 01000000a883c6d0:8b4c00002cbb15ff 478b48000000b887 468948107e894808 508d4918408b4908:0xb60f184b8d480000 fffffadf289da477 8b4c00002cbb15ff : 478b48000000b887 468948107e894808 508d4918408b4908 4c028b2046894808 : 0x01000000a883c6d0 fffffadf289da47f 478b48000000b887:46894810 408b49087e894808 508d49184c028b2046894808 8d48184689306689:0x8b4c00002cbb15ff fffffadf289da487 468948107e894808 : 508d4918408b4908 4c028b2046894808 8d48184689306689 46894800024b1405 : 0x478b48000000b887 fffffadf289da48f 508d4918408b4908:4c028b2046894808 8d48184689306689 46894800024b1405 00000098878b4828:0x468948107e894808 fffffadf289da497 4c028b2046894808 : 8d48184689306689 46894800024b1405 00000098878b4828 40b60f4138468948 : 0x508d4918408b4908 fffffadf289da49f 8d48184689306689:46894800024b1405 00000098878b4828 40b60f4138468948 0338804140468802:0x4c028b2046894808 fffffadf289da4a7 46894800024b1405 : 00000098878b4828 40b60f4138468948 0338804140468802 0f00000080be8948 : 0x8d48184689306689 fffffadf289da4af 00000098878b4828: 40b60f4138468948 0338804140468802 0f00000080be8948 0000889e8948c094: 0x46894800024b1405 fffffadf289da4b7 40b60f4138468948 : 0338804140468802 0f00000080be8948 0000889e8948c094 0164bb8041468800 : 0x00000098878b4828 fffffadf289da4bf 0338804140468802: 0f00000080be8948 0000889e8948c094 0164bb8041468800 438b481174000000: 0x40b60f4138468948 fffffadf289da4c7 0f00000080be8948 : 0000889e8948c094 0164bb8041468800 438b481174000000 000001708b8b4808 : 0x0338804140468802 fffffadf289da4cf 0000889e8948c094 : 0164bb8041468800 438b481174000000 000001708b8b4808 8b480000011090ff : 0x0f00000080be8948 fffffadf289da4d7 0164bb8041468800 : 438b481174000000 000001708b8b4808 8b480000011090ff d68b48000000b887 : 0x0000889e8948c094 fffffadf289da4df 438b481174000000 : 000001708b8b4808 8b480000011090ff d68b48000000b887 304e8b4801034880 : 0x0164bb8041468800 fffffadf289da4e7 000001708b8b4808 : 8b480000011090ff d68b4800 01034880 8b483050 74000000 fffffadf 011090ff:d68b48000000b887 304e8b4801034880 8b483050 4c58246c:0x00000170 289da4f7 d68b4800 01034880 8b483050 4c58246c 7c8b4860 011090ff fffffadf 01034880:8b483050 4c58246c 7c8b4860 8b486824: 0xd68b4800 289da507 8b483050 4c58246c 7c8b4860 8b486824 48c48348 01034880 fffffadf 4c58246c: 7c8b4860 8b486824 48c48348 ccccccc3: 0x8b483050 289da517 7c8b4860 8b486824 48c48348 ccccccc3 cccccccc 4c58246c fffffadf 8b486824: 48c48348 ccccccc3 cccccccc ec8348cc: 0x7c8b4860 289da527 48c48348 ccccccc3 cccccccc ec8348cc 246c8948 8b486824 fffffadf ccccccc3: cccccccc ec8348cc 246c8948 6a8b4848: 0x48c48348 289da537 cccccccc ec8348cc 246c8948 6a8b4848 c000000d ccccccc3 fffffadf ec8348cc: 246c8948 6a8b4848 c000000d 246c8b48: 0xcccccccc 289da547 246c8948 6a8b4848 c000000d 246c8b48 4840245c ec8348ccff018b48 : 0x438b4811289da4ef 8b4800000000b887 304e8b48ff018b48 4024648b8b8b4808 fffffadf0000b887 : 304e8b48ff018b48 4024648b24748b48 : 0x8b480000289da4ff 304e8b48ff018b48 4024648b24748b48 b850245c0000b887 fffffadfff018b48 : 4024648b24748b48 b850245c00000103 : 0x304e8b48289da50f 4024648b24748b48 b850245c00000103 ccccccccff018b48 fffffadf24748b48 : b850245c00000103 cccccccccccccccc : 0x4024648b289da51f b850245c00000103 cccccccccccccccc 828b483824748b48 fffffadf00000103 : cccccccccccccccc 828b4838000000b8 : 0xb850245c289da52f cccccccccccccccc 828b4838000000b8 1078831800000103 fffffadfcccccccc : 828b4838000000b8 10788318b80f7318 : 0xcccccccc289da53f 828b4838000000b8 10788318b80f7318 c4834848cccccccc fffffadf000000b8 : 10788318b80f7318 c48348488948c338 : 0x828b4838堆栈命令:kb
FOLLOWUP_IP:sptd+5fe75 fffffadf`28b33e75 0000 添加
字节指针 [rax],al符号堆栈索引: 7
符号名称:sptd+5fe75
FOLLOWUP_NAME:机器所有者
模块名称:sptd
图像名称: sptd.sys
调试_FLR_IMAGE_时间戳:4611064e
故障存储桶 ID:X64_0x50_sptd+5fe75
BUCKET_ID:X64_0x50_sptd+5fe75
后续:MachineOwner
3:kd> lmvm sptd 开始结束模块名称 fffffadf
28ad4000 fffffadf28bf2000 sptd (无符号)Loaded symbol image file: sptd.sys Image path: sptd.sys Image name: sptd.sys Timestamp: Mon Apr 02 09:34:06 2007 (4611064E) CheckSum: 000D960A ImageSize: 0011E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
答案1
我不是最好的操作系统调试者,但这是我所看到的:
PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced.
导致这种情况的原因通常是“释放后使用”的情况,即内存被释放,然后线程引用它,就好像它仍然被分配一样。当用户模式程序执行此操作时,通常最终会导致该程序崩溃。但是当内核模式组件(例如驱动程序)执行此操作时,它会导致错误检查。当线程尝试写入标记为只读的地址时也会导致这种情况。但由于错误代码的第二个参数指定错误发生在读取操作期间,我们可以排除这种可能性。
其他因素也可能导致此错误检查,例如硬件故障以及宇宙射线翻转 RAM 中的位。但为了讨论方便,我们也会忽略这些可能性。
如果你看一下堆栈文本 - 这对我来说很突出:
ExFreePoolWithTag+0x67b fffffadf1fb33360
该函数释放了位于内核空间的池内存。我不确定它是否释放了后来导致机器崩溃的引用内存,但我对此非常怀疑。通常是驱动程序分配和释放池内存。编写驱动程序的人必须是极其谨慎分配和释放内存,因为如果你不这样做完美,要么导致内存泄漏,要么导致机器崩溃。
如果你看看这里,您将看到错误检查代码的参数:
Parameter Description
---------------------------
1 Memory address referenced
2 0: Read operation 1: Write operation
3 Address that referenced memory (if known)
4 Reserved
Windbg 认为 sptd.sys 可能是导致崩溃的原因。我猜 Windbg 认为 sptd.sys 是罪魁祸首,因为它恰好加载到了 bug chuck 代码的参数 3 中找到的地址中。(但我可能错了。我不确定 Windbg 是如何得出这些信息的。)无论如何,这些信息都不能保证准确无误,但 stpd.sys 似乎是与 Daemon Tools 和 Alcohol 120% 等 CD/DVD 刻录软件相关的非 Microsoft 驱动程序。
我肯定会先升级或卸载该软件。
编辑:看起来您可以在这里找到 sptd.sys 的更新版本:http://www.disc-tools.com/download/sptd