none
Windows Server 2012 总是重启,已附上dmp文件截图 RRS feed

  • 问题

  • Windows Server 2012 服务器总是重启,获取了MEMORY.dmp和MiniDmp文件,能否帮忙分析一下原因。

    ----------------------------MEMORY.dmp

    Microsoft (R) Windows Debugger Version 10.0.18914.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\futur\Desktop\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 8 Kernel Version 9200 MP (80 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700 Machine Name: Kernel base = 0xfffff801`0061c000 PsLoadedModuleList = 0xfffff801`008b89c0 Debug session time: Thu Jul 4 09:56:14.729 2019 (UTC + 8:00) System Uptime: 0 days 0:37:13.437 Loading Kernel Symbols ............................................................... ........................................................Page 110b6a not present in the dump file. Type ".hh dbgerr004" for details ........ ............................ Loading User Symbols PEB is paged out (Peb.Ldr = 00000000`7ffdf018). Type ".hh dbgerr001" for details Loading unloaded module list ........ For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`007cb720 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff880`059cb5b0=000000000000003b 28: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff880015024c4, Address of the instruction which caused the bugcheck Arg3: fffff880059cbea0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 3 Key : Analysis.Elapsed.Sec Value: 27 Key : Analysis.Memory.CommitPeak.Mb Value: 67 PROCESSES_ANALYSIS: 1 SERVICE_ANALYSIS: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700 SYSTEM_MANUFACTURER: Huawei SYSTEM_PRODUCT_NAME: RH5885 V3 SYSTEM_SKU: Type1Sku0 SYSTEM_VERSION: V100R003 BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: BLISV787 BIOS_DATE: 11/04/2016 BASEBOARD_MANUFACTURER: Huawei BASEBOARD_PRODUCT: BC61BLCB BASEBOARD_VERSION: V100R003 DUMP_TYPE: 1 BUGCHECK_P1: c0000005 BUGCHECK_P2: fffff880015024c4 BUGCHECK_P3: fffff880059cbea0 BUGCHECK_P4: 0 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s FAULTING_IP: NDIS!ndisFreePacketPool+30 fffff880`015024c4 488b11 mov rdx,qword ptr [rcx] CONTEXT: fffff880059cbea0 -- (.cxr 0xfffff880059cbea0) rax=0000000000000000 rbx=fffffab000003d09 rcx=00fffffab000003d rdx=0000000000000000 rsi=fffffab01ec65fb0 rdi=fffffab000003d51 rip=fffff880015024c4 rsp=fffff880059cc890 rbp=0000000000000000 r8=0000000000000000 r9=0000000000000012 r10=fffffab000618f00 r11=0000000000000000 r12=fffffab05d6b2240 r13=fffffab009cdb060 r14=0000000000000001 r15=fffffab05d6b2240 iopl=0 nv up ei pl nz na pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010203 NDIS!ndisFreePacketPool+0x30: fffff880`015024c4 488b11 mov rdx,qword ptr [rcx] ds:002b:00fffffa`b000003d=???????????????? Resetting default scope BUGCHECK_STR: 0x3B_c0000005 CPU_COUNT: 50 CPU_MHZ: 767 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3f CPU_STEPPING: 4 CPU_MICROCODE: 6,3f,4,0 (F,M,S,R) SIG: E'00000000 (cache) E'00000000 (init) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: vrvarp.exe CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: DESKTOP-DA2M5V3 ANALYSIS_SESSION_TIME: 07-04-2019 13:19:00.0431 ANALYSIS_VERSION: 10.0.18914.1001 amd64fre LAST_CONTROL_TRANSFER: from fffff880015025f1 to fffff880015024c4 STACK_TEXT: fffff880`059cc890 fffff880`015025f1 : fffffab0`00003d09 00000000`00000000 fffffab0`1ec65fb0 fffffab0`1ec65ee0 : NDIS!ndisFreePacketPool+0x30 fffff880`059cc8c0 fffff880`12486c13 : 00000000`00000001 fffffab0`1e890000 00000000`00000000 fffffab0`1ec65ee0 : NDIS!NdisFreePacketPool+0x2e fffff880`059cc8f0 fffff801`0099db36 : fffffab0`5c39d620 00000000`00000000 fffffab0`5c39d620 00000000`00000000 : EdpPcap+0x2c13 fffff880`059cc930 fffff801`0099d69a : 00000000`00000000 00000000`0008fd00 fffffab0`005d8e90 00000000`00000000 : nt!IopCloseFile+0x146 fffff880`059cc9c0 fffff801`0099d463 : 00000000`00000144 fffffab0`5c39d5f0 fffffab0`5d6b2240 00000000`7ffdb000 : nt!ObpDecrementHandleCount+0x9a fffff880`059cca60 fffff801`007db483 : fffffab0`5d5adb00 00000000`7ffdb000 00000000`7ffdb000 00000000`0008fdb0 : nt!NtClose+0x383 fffff880`059ccb00 000007fb`8c8d34aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0008e518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fb`8c8d34aa THREAD_SHA1_HASH_MOD_FUNC: 3739a9629eb3b5f0524b7f88ec78babca54c29ce THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a2ff24136b4f3520b8ff8659d14c1fc0ed3b5bdf THREAD_SHA1_HASH_MOD: 0fc2728c969489861c16401cca0840677517fd69 FOLLOWUP_IP: EdpPcap+2c13 fffff880`12486c13 488b8b501d0000 mov rcx,qword ptr [rbx+1D50h] FAULT_INSTR_CODE: 508b8b48 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: EdpPcap+2c13 FOLLOWUP_NAME: MachineOwner MODULE_NAME: EdpPcap IMAGE_NAME: EdpPcap.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a002bbb STACK_COMMAND: .cxr 0xfffff880059cbea0 ; kb BUCKET_ID_FUNC_OFFSET: 2c13 FAILURE_BUCKET_ID: 0x3B_c0000005_EdpPcap!unknown_function BUCKET_ID: 0x3B_c0000005_EdpPcap!unknown_function PRIMARY_PROBLEM_CLASS: 0x3B_c0000005_EdpPcap!unknown_function TARGET_TIME: 2019-07-04T01:56:14.000Z OSBUILD: 9200 OSSERVICEPACK: 22775 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 3 OSPLATFORM_TYPE: x64 OSNAME: Windows 8 OSEDITION: Windows 8 Server TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2019-05-23 10:22:34 BUILDDATESTAMP_STR: 190522-1700 BUILDLAB_STR: win8_ldr_escrow BUILDOSVER_STR: 6.2.9200.22775.amd64fre.win8_ldr_escrow.190522-1700 ANALYSIS_SESSION_ELAPSED_TIME: 6c7a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x3b_c0000005_edppcap!unknown_function FAILURE_ID_HASH: {7c5d7973-da6b-e48a-64f2-2ad03744647d} Followup: MachineOwner ---------

    --------------------070319-39796-01.dmp


    Microsoft (R) Windows Debugger Version 10.0.18914.1001 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\futur\Desktop\新建文件夹 (2)\070319-39796-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available


    ************* Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*
    Symbol search path is: srv*
    Executable search path is: 
    Windows 8 Kernel Version 9200 MP (80 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 9200.22775.amd64fre.win8_ldr_escrow.190522-1700
    Machine Name:
    Kernel base = 0xfffff803`2be77000 PsLoadedModuleList = 0xfffff803`2c1139c0
    Debug session time: Wed Jul  3 18:16:25.679 2019 (UTC + 8:00)
    System Uptime: 0 days 6:43:05.100
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    ........
    For analysis of this file, run !analyze -v
    nt!KeBugCheckEx:
    fffff803`2c026720 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`13fe1840=0000000000000019
    42: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 0000000000000021, the data following the pool block being freed is corrupt.  Typically this means the consumer (call stack ) has overrun the block.
    Arg2: fffffab04100c000, The pool pointer being freed.
    Arg3: 0000000000002990, The number of bytes allocated for the pool block.
    Arg4: 0000000000000000, The corrupted value found following the pool block.

    Debugging Details:
    ------------------

    *** WARNING: Unable to verify timestamp for EdpPcap.sys
    GetUlongPtrFromAddress: unable to read from fffff8032c196318

    KEY_VALUES_STRING: 1

        Key  : Analysis.CPU.Sec
        Value: 2

        Key  : Analysis.Elapsed.Sec
        Value: 7

        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 61


    PROCESSES_ANALYSIS: 1

    SERVICE_ANALYSIS: 1

    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 400

    BUILD_VERSION_STRING:  9200.22775.amd64fre.win8_ldr_escrow.190522-1700

    SYSTEM_MANUFACTURER:  Huawei

    SYSTEM_PRODUCT_NAME:  RH5885 V3

    SYSTEM_SKU:  Type1Sku0

    SYSTEM_VERSION:  V100R003

    BIOS_VENDOR:  American Megatrends Inc.

    BIOS_VERSION:  BLISV787

    BIOS_DATE:  11/04/2016

    BASEBOARD_MANUFACTURER:  Huawei

    BASEBOARD_PRODUCT:  BC61BLCB

    BASEBOARD_VERSION:  V100R003

    DUMP_TYPE:  2

    BUGCHECK_P1: 21

    BUGCHECK_P2: fffffab04100c000

    BUGCHECK_P3: 2990

    BUGCHECK_P4: 0

    BUGCHECK_STR:  0x19_21

    POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff8032c196170
    Unable to get MmSystemRangeStart
    GetUlongPtrFromAddress: unable to read from fffff8032c196380
    GetUlongPtrFromAddress: unable to read from fffff8032c1964a8
    GetPointerFromAddress: unable to read from fffff8032c196070
     fffffab04100c000 Nonpaged pool

    CPU_COUNT: 50

    CPU_MHZ: 767

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3f

    CPU_STEPPING: 4

    CPU_MICROCODE: 6,3f,4,0 (F,M,S,R)  SIG: E'00000000 (cache) E'00000000 (init)

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER

    PROCESS_NAME:  vrvarp.exe

    CURRENT_IRQL:  0

    ANALYSIS_SESSION_HOST:  DESKTOP-DA2M5V3

    ANALYSIS_SESSION_TIME:  07-04-2019 13:43:03.0564

    ANALYSIS_VERSION: 10.0.18914.1001 amd64fre

    LAST_CONTROL_TRANSFER:  from fffff8032c0b6493 to fffff8032c026720

    STACK_TEXT:  
    fffff880`13fe1838 fffff803`2c0b6493 : 00000000`00000019 00000000`00000021 fffffab0`4100c000 00000000`00002990 : nt!KeBugCheckEx
    fffff880`13fe1840 fffff880`11481c8b : fffffab0`40f62060 fffffab0`3e05d5e0 00000000`00000000 fffffab0`304f5741 : nt!ExFreePoolWithTag+0x493
    fffff880`13fe18f0 fffffab0`40f62060 : fffffab0`3e05d5e0 00000000`00000000 fffffab0`304f5741 00000000`00000000 : EdpPcap+0x2c8b
    fffff880`13fe18f8 fffffab0`3e05d5e0 : 00000000`00000000 fffffab0`304f5741 00000000`00000000 fffffab0`3e05d510 : 0xfffffab0`40f62060
    fffff880`13fe1900 00000000`00000000 : fffffab0`304f5741 00000000`00000000 fffffab0`3e05d510 00000000`00000000 : 0xfffffab0`3e05d5e0


    THREAD_SHA1_HASH_MOD_FUNC:  6ba027c83e9976149ffacba9fbfa88024f6e8a27

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d4a74348b3d10f364f9e78e1bc5ffeb4a4fa95bc

    THREAD_SHA1_HASH_MOD:  d3b72f2dd4f628a9a9ddeddf2c8d495199d321c1

    FOLLOWUP_IP: 
    EdpPcap+2c8b
    fffff880`11481c8b ??              ???

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  EdpPcap+2c8b

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: EdpPcap

    IMAGE_NAME:  EdpPcap.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a002bbb

    STACK_COMMAND:  .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET:  2c8b

    FAILURE_BUCKET_ID:  0x19_21_EdpPcap!unknown_function

    BUCKET_ID:  0x19_21_EdpPcap!unknown_function

    PRIMARY_PROBLEM_CLASS:  0x19_21_EdpPcap!unknown_function

    TARGET_TIME:  2019-07-03T10:16:25.000Z

    OSBUILD:  9200

    OSSERVICEPACK:  22775

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  3

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 8

    OSEDITION:  Windows 8 Server TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2019-05-23 10:22:34

    BUILDDATESTAMP_STR:  190522-1700

    BUILDLAB_STR:  win8_ldr_escrow

    BUILDOSVER_STR:  6.2.9200.22775.amd64fre.win8_ldr_escrow.190522-1700

    ANALYSIS_SESSION_ELAPSED_TIME:  1c3f

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:0x19_21_edppcap!unknown_function

    FAILURE_ID_HASH:  {18c84e6f-2058-fffc-9ece-e896e7b640a0}

    Followup:     MachineOwner
    ---------

    2019年7月4日 5:43

全部回复

  • 更新重置一下
    2019年7月8日 5:31
  • 你好,

    根据你提供的memory dump和mini dump 文件来看,主要受到问题的进程是vrvarp.exe。堆栈中:EdpPcap+0x2c8b,出现问题的文件IMAGE_NAME:  EdpPcap.sys,这三个似乎显示你的电脑中安装的是三方的安全软件,这个安全软件的进程阻止了某些文件的运行,导致系统重启。可以进行卸载,或者更换一下软件的版本。

    希望对您有帮助,如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年7月8日 7:59
  • 感谢您的回答,您说的更新重置一下是指系统更新么?
    2019年7月12日 4:53
  • 你好,

    根据dump来看就是基本就是这个安全软件引起的。可以卸载一下或者更新一下软件的版本。

    您指的更新应该是系统的安全更新。例如下方链接中的windows server 2012更新历史,显示了每个月的安全更新。可以手动下载安装。

    https://support.microsoft.com/en-sg/help/4009471/windows-server-2012-update-history

    或者就直接通过系统自带的check for update。

    希望对您有帮助,如果回答是有帮助的, 请将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年7月12日 7:47
  • 你好,
    几天没收到你的留言了, 请问问题有什么进展吗?
    我正在建议有帮助的答复为 "回答"。请随时尝试一下, 让我知道结果。如果回答是有帮助的, 请记住将其标记为答案, 可以帮助其他有相同问题的社区成员, 并快速找到有用的答复。

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年7月29日 9:31