トップ回答者
システム障害: STOP エラーについて
質問
-
Windows Server 2003 SP2にて、予期せぬシャットダウンが発生しましたが、
なかなか原因特定まで至らずご協力頂きたく質問させて頂きます。以下のイベントログ、メモリダンプの情報から何か得られないでしょうか。
また、調査にあたりどのような切り口で進んでよいかなど教えて頂ければと思います。ちなみに、WinDbgからメモリダンプ結果を確認したところ「\WINDOWS\system32\ntoskrnl.exe」が
クラッシュしたようにも取れますが解決策などあるのでしょうか。がわかりません。
■イベントのプロパティより
ソース(S):Save Dump
分類(R):なし
種類(E):情報
イベントID(I):1001
ユーザ(U):N/A
説明(D):
システム障害: STOP エラー
このコンピュータはバグチェック後、再起動されました。
バグチェック: 0x0000008e (0xc0000005, 0xbf866e12, 0xb50ce764, 0x00000000)
ダンプが保存されました: C:\WINDOWS\MEMORY.DMP
■メモリダンプ結果
Loading Dump File [D:Mini020410-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8
Debug session time: Thu Feb 4 12:16:20.610 2010 (GMT+9)
System Uptime: 10 days 20:24:39.656
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \WINDOWS\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
Loading unloaded module list
..................................................
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf866e12, b50ce764, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. &2010年2月6日 10:52
回答
-
> WinDbgからメモリダンプ結果を確認したところ「\WINDOWS\system32\ntoskrnl.exe」が
> クラッシュしたようにも取れますが解決策などあるのでしょうか
これは Symbol が Load されていないために表示されています。
Debugger を使用するときに 適切な Symbol File を load してください。
Symbola が Load されていない状態での表示ですが、 原因は Win32k.sys にもとめられると思います。
Event Viewer の Log は Minidump を生成した記録だけでしょうか?
とりあえず、 下記の文書を参照してみてください。
Windows Server 2003 ベースのコンピュータがクラッシュし、エラー メッセージ "STOP: 0x0000008E" が生成される
http://support.microsoft.com/kb/907966
画面の再描画後に、Win32k.sys ファイルを参照する STOP エラーが発生する
http://support.microsoft.com/default.aspx/kb/842910- 回答としてマーク 三沢健二 2010年2月25日 5:41
2010年2月6日 14:18
すべての返信
-
追加情報です。
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : win32k.sys ( win32k+66e12 )Followup: MachineOwner
---------2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf866e12, The address that the exception occurred at
Arg3: b50ce764, Trap Frame
Arg4: 00000000Debugging Details:
------------------***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.MODULE_NAME: win32k
FAULTING_MODULE: 80800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4a8417a6
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" フ ス ェ "0x%08lx" フ Q ニ オ ワ オ ス B ェ "%s" ノ ネ ア ニ ヘ ナ ォ ワ ケ ナ オ ス B
FAULTING_IP:
win32k+66e12
bf866e12 ?? ???TRAP_FRAME: b50ce764 -- (.trap 0xffffffffb50ce764)
ErrCode = 00000000
eax=e3b383c0 ebx=8084575e ecx=bcdc0000 edx=00000000 esi=b50ce84c edi=bcdc0588
eip=bf866e12 esp=b50ce7d8 ebp=b50ce7f8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
win32k+0x66e12:
bf866e12 ?? ???
Resetting default scopeCUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x8E
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from b50ce84c to bf866e12
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b50ce7d4 b50ce84c bcdc0608 0000002e 00000783 win32k+0x66e12
b50ce7f8 80906f2e bcdc0000 b50ce82c b50ce84c 0xb50ce84c
b50ce820 80906ea2 bcdc0000 bcdc2000 b50ce84c nt+0x106f2e
b50ce858 80906e10 00dc0000 00000068 bcd4bc20 nt+0x106ea2
b50cea1c bf8565eb bcdc0000 00000009 0000005c nt+0x106e10
b50cea30 bf859e2f 875652b8 0000005c 00000001 win32k+0x565eb
b50cea54 bf83cf79 bcd4dea8 bcdc1e80 e6011848 win32k+0x59e2f
b50cea70 bf84ad32 bcdc1e80 e6011848 0000001a win32k+0x3cf79
b50ceabc bf899f91 00000001 bf83d9bf 87436b68 win32k+0x4ad32
b50ceb30 bf826b11 bcdc06e8 0000001a 00000000 win32k+0x99f91
b50ceb78 bf83dab8 0000001a 00000000 b50cebb8 win32k+0x26b11
b50cebf8 bf8a1267 00000000 0000001a 00000000 win32k+0x3dab8
b50cec38 bf8c62b2 ffffffff 0000001a 00000000 win32k+0xa1267
b50ceca0 bf8d2787 ffffffff 0000001a 00000000 win32k+0xc62b2
b50cecbc bf88f6e3 bcd406e8 0000001a 00000000 win32k+0xd2787
b50ced08 bf8c1739 bcd406e8 0000001a 00000000 win32k+0x8f6e3
b50ced40 80833bef 00040200 0000001a 00000000 win32k+0xc1739
b50ced64 7c97860c badb0d00 029af060 00000000 nt+0x33bef
b50ced68 badb0d00 029af060 00000000 00000000 0x7c97860c
b50ced6c 029af060 00000000 00000000 00000000 0xbadb0d00
b50ced70 00000000 00000000 00000000 00000000 0x29af060
STACK_COMMAND: kbFOLLOWUP_IP:
win32k+66e12
bf866e12 ?? ???SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k+66e12
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: win32k.sys
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------2010年2月6日 13:18 -
> WinDbgからメモリダンプ結果を確認したところ「\WINDOWS\system32\ntoskrnl.exe」が
> クラッシュしたようにも取れますが解決策などあるのでしょうか
これは Symbol が Load されていないために表示されています。
Debugger を使用するときに 適切な Symbol File を load してください。
Symbola が Load されていない状態での表示ですが、 原因は Win32k.sys にもとめられると思います。
Event Viewer の Log は Minidump を生成した記録だけでしょうか?
とりあえず、 下記の文書を参照してみてください。
Windows Server 2003 ベースのコンピュータがクラッシュし、エラー メッセージ "STOP: 0x0000008E" が生成される
http://support.microsoft.com/kb/907966
画面の再描画後に、Win32k.sys ファイルを参照する STOP エラーが発生する
http://support.microsoft.com/default.aspx/kb/842910- 回答としてマーク 三沢健二 2010年2月25日 5:41
2010年2月6日 14:18 -
ご返信頂きありがとうございます。
>Event Viewer の Log は Minidump を生成した記録だけでしょうか?
その通りです。Minidumpです。
>Windows Server 2003 ベースのコンピュータがクラッシュし、エラー メッセージ "STOP: 0x0000008E" が生成される
>http://support.microsoft.com/kb/907966
>画面の再描画後に、Win32k.sys ファイルを参照する STOP エラーが発生する
>http://support.microsoft.com/default.aspx/kb/842910
頂きました上記情報を確認させていただきます。
以上、よろしくお願いいたします。2010年2月8日 6:01 -
こんにちは、フォーラムオペレーターの三沢健二です。
JR K Yoshikawa さん、アドバイスありがとうございます。
案内いただいた内容が参考になられたようですので、ひとまず私の方で [回答としてマーク] を付けさせていただきました。
なお、どうしても原因が分からない場合には、弊社有償サポートにダンプファイルの解析を依頼されてみてはいかがでしょうか?
(必ずしも原因が特定できるとは限らないのですが、何か新しいヒントなどが見付かるかもしれませんので)
それでは、今後とも TechNet Forum をよろしくお願いします。______________________________________
マイクロソフト株式会社 フォーラムオペレーター 三沢健二2010年2月25日 5:42
