none
WINDOWS SERVER 2012 R2自动重启问题 RRS feed

  • 问题

  • WINDOWS SERVER 2012 R2出现自动重启的情况,用WINDBG对MEMORY.DPM进行分析,结果如下。请问微软技术人员,这个具体是什么原因?是系统漏洞,通过打17年3月的补丁解决吗?还是内存问题?急盼回复,谢谢。

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced.  This cannot be protected by try-except.
    Typically the address is just plain bad or it is pointing at freed memory.
    Arguments:
    Arg1: ffffe0002e7ea000, memory referenced.
    Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
    Arg3: fffff8000229b400, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 0000000000000000, (reserved)

    Debugging Details:
    ------------------

    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details
    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details
    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details
    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details
    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details
    Page 267a00 not present in the dump file. Type ".hh dbgerr004" for details

    KEY_VALUES_STRING: 1


    PROCESSES_ANALYSIS: 1

    SERVICE_ANALYSIS: 1

    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 401

    BUILD_VERSION_STRING:  9600.16384.amd64fre.winblue_rtm.130821-1623

    SYSTEM_MANUFACTURER:  LENOVO

    SYSTEM_PRODUCT_NAME:  RQ750                           

    SYSTEM_VERSION:  70FVCTO1WW          

    BIOS_VENDOR:  LENOVO

    BIOS_VERSION:  7.11

    BIOS_DATE:  11/14/2016

    BASEBOARD_MANUFACTURER:  LENOVO

    BASEBOARD_PRODUCT:  RQ750      

    BASEBOARD_VERSION:  4519WN38L01

    DUMP_TYPE:  1

    BUGCHECK_P1: ffffe0002e7ea000

    BUGCHECK_P2: 1

    BUGCHECK_P3: fffff8000229b400

    BUGCHECK_P4: 0

    WRITE_ADDRESS:  ffffe0002e7ea000 Nonpaged pool

    FAULTING_IP: 
    srv!SrvOs2FeaToNt+48
    fffff800`0229b400 c60300          mov     byte ptr [rbx],0

    MM_INTERNAL_CODE:  0

    IMAGE_NAME:  srv.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  5215f7ea

    MODULE_NAME: srv

    FAULTING_MODULE: fffff80002225000 srv

    CPU_COUNT: 28

    CPU_MHZ: 7cb

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3f

    CPU_STEPPING: 2

    CPU_MICROCODE: 6,3f,2,0 (F,M,S,R)  SIG: 38'00000000 (cache) 38'00000000 (init)

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  AV

    PROCESS_NAME:  System

    CURRENT_IRQL:  0

    ANALYSIS_SESSION_HOST:  DOULAGAS

    ANALYSIS_SESSION_TIME:  06-11-2019 00:58:35.0976

    ANALYSIS_VERSION: 10.0.18362.1 amd64fre

    TRAP_FRAME:  ffffd00023cfa720 -- (.trap 0xffffd00023cfa720)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffe0002e7ea000
    rdx=ffffc00015d6d09a rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000229b400 rsp=ffffd00023cfa8b0 rbp=ffffc00015d6d095
     r8=0000000000000000  r9=0000000000000000 r10=0000000000000801
    r11=ffffe0002e7ea000 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    srv!SrvOs2FeaToNt+0x48:
    fffff800`0229b400 c60300          mov     byte ptr [rbx],0 ds:00000000`00000000=??
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800ac1e8462 to fffff800ac1cf0a0

    STACK_TEXT:  
    ffffd000`23cfa538 fffff800`ac1e8462 : 00000000`00000050 ffffe000`2e7ea000 00000000`00000001 ffffd000`23cfa720 : nt!KeBugCheckEx
    ffffd000`23cfa540 fffff800`ac0e7ffd : 00000000`00000001 ffffe000`0f952040 ffffd000`23cfa720 ffffe000`2e7d9000 : nt! ?? ::FNODOBFM::`string'+0x8ed2
    ffffd000`23cfa5e0 fffff800`ac1d932f : 00000000`00000001 ffffe000`2e7ea000 00000000`00010f00 ffffd000`23cfa720 : nt!MmAccessFault+0x7ed
    ffffd000`23cfa720 fffff800`0229b400 : 00000000`00010fe8 00000000`00000018 ffffd000`23cfa9d8 ffffd000`23cfa9d0 : nt!KiPageFault+0x12f
    ffffd000`23cfa8b0 fffff800`0229b345 : ffffc000`15d6d095 ffffe000`2e7e9ff8 44653662`66613539 ffffc000`15d6d138 : srv!SrvOs2FeaToNt+0x48
    ffffd000`23cfa8e0 fffff800`022aaae7 : ffffe000`2e7cb010 00000000`00000000 ffffc000`15d5d010 00000000`00000002 : srv!SrvOs2FeaListToNt+0x125
    ffffd000`23cfa930 fffff800`02270cc7 : 00000000`00000000 fffff800`00010fe8 ffffe000`2e7d9010 ffffe000`2e7cb010 : srv!SrvSmbOpen2+0xc3
    ffffd000`23cfa9d0 fffff800`022b07a6 : ffffc000`15d5d010 00000000`00001000 ffffe000`0f9d8240 ffffe000`2e7cb010 : srv!ExecuteTransaction+0x117
    ffffd000`23cfaa10 fffff800`02227d6d : ffffe000`00000000 fffff800`00000000 fffff800`00000035 ffffe000`0000f3d0 : srv!SrvSmbTransactionSecondary+0x40b
    ffffd000`23cfaab0 fffff800`02227c54 : fffff800`02243010 ffffe000`2e7cba80 ffffe000`2e7cb010 00000000`00000000 : srv!SrvProcessSmb+0xdd
    ffffd000`23cfab30 fffff800`0227d4e0 : ffffe000`0f972ca0 00000000`0000000d 00000000`00000006 ffffe000`2e7cb020 : srv!SrvRestartReceive+0xc4
    ffffd000`23cfab70 fffff800`ac569d32 : 00000000`00000000 ffffe000`2e7cb010 00000000`00000000 a41e0d8b`20206f49 : srv!WorkerThread+0x111
    ffffd000`23cfabd0 fffff800`ac166664 : ffffe000`0f952040 ffffe000`0f952040 4d8b486c`74c08548 8b4c4845`b70f4460 : nt!IopThreadStart+0x26
    ffffd000`23cfac00 fffff800`ac1d56c6 : ffffd000`20d23180 ffffe000`0f952040 ffffd000`20d2fa00 ffff6ae9`c0000003 : nt!PspSystemThreadStartup+0x58
    ffffd000`23cfac60 00000000`00000000 : ffffd000`23cfb000 ffffd000`23cf5000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


    THREAD_SHA1_HASH_MOD_FUNC:  9fc67a809a80c1143874aa0b8e74457296ca0384

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  72b8d0de8d6e8b21b0151deb59f8a9458d146a02

    THREAD_SHA1_HASH_MOD:  8f10e91895468b5b2a56df2106350f23f731e5ce

    FOLLOWUP_IP: 
    srv!SrvOs2FeaToNt+48
    fffff800`0229b400 c60300          mov     byte ptr [rbx],0

    FAULT_INSTR_CODE:  f0003c6

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  srv!SrvOs2FeaToNt+48

    FOLLOWUP_NAME:  MachineOwner

    STACK_COMMAND:  .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET:  48

    FAILURE_BUCKET_ID:  AV_srv!SrvOs2FeaToNt

    BUCKET_ID:  AV_srv!SrvOs2FeaToNt

    PRIMARY_PROBLEM_CLASS:  AV_srv!SrvOs2FeaToNt

    TARGET_TIME:  2019-06-10T04:57:33.000Z

    OSBUILD:  9600

    OSSERVICEPACK:  0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  2

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 8.1

    OSEDITION:  Windows 8.1 LanManNt TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2013-08-22 16:52:38

    BUILDDATESTAMP_STR:  130821-1623

    BUILDLAB_STR:  winblue_rtm

    BUILDOSVER_STR:  6.3.9600.16384.amd64fre.winblue_rtm.130821-1623

    ANALYSIS_SESSION_ELAPSED_TIME:  a64f

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:av_srv!srvos2featont

    FAILURE_ID_HASH:  {d5f1a37d-2c94-f55b-5042-7a5dbaa092e1}

    Followup:     MachineOwner

    2019年6月11日 4:17

答案

全部回复

  • 你好,

    根据您的这个memory dump来看的话,需要打17年3月的补丁。但是还是推荐打上最新的补丁。

    下方是WIndows server2012 R2的更新历史,对应了各个月的安全补丁。

    https://support.microsoft.com/zh-cn/help/4009470/windows-8-1-windows-server-2012-r2-update-history

    希望对您有帮助,如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    2019年6月11日 7:36
  • 收到。

    by the way,请问这条是什么意思?

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    2019年6月11日 7:42
  • 你好,

    这条指的是错误类型,意思是系统中的某一个driver出现了错误,导致process name:system出现了调用的错误,看栈的信息和IMAGE_NAME:  srv.sys,也和srv的文件有关,可能是driver版本老了,需要打补丁。

    希望对您有帮助,如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年6月11日 7:54
  • 收到,谢谢。

    请问关于WINDBG对MEMORY.DPM的分析结果,请问微软是否有相关的解读指引?

    2019年6月11日 9:16
  • 你好,我看了2017年3月份有3个补丁,处理此问题具体打哪个补丁 ?

    2019年8月8日 1:52