none
蓝屏 RRS feed

  • 问题

  • 我windbg分析,基本上都是因为csrss.exe或者system调用ntkrnlmp.exe引起的,请帮忙看一下是系统原因还是硬件问题

    蓝屏日志链接:https://pan.baidu.com/s/1qxdPrCO44RbsEzF1bUvnfQ 密码:tfpr

    2018年8月29日 6:30

答案

  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7A, {20, ffffffffc000009d, fffffa8009190348, 0}
    
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4c830 )
    
    Followup:     MachineOwner
    ---------
    
    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_DATA_INPAGE_ERROR (7a)
    The requested page of kernel data could not be read in.  Typically caused by
    a bad block in the paging file or disk controller error. Also see
    KERNEL_STACK_INPAGE_ERROR.
    If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
    it means the disk subsystem has experienced a failure.
    If the error status is 0xC000009A, then it means the request failed because
    a filesystem failed to make forward progress.
    Arguments:
    Arg1: 0000000000000020, lock type that was held (value 1,2,3, or PTE address)
    Arg2: ffffffffc000009d, error status (normally i/o status code)
    Arg3: fffffa8009190348, current process (virtual address for lock type 3, or PTE)
    Arg4: 0000000000000000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
    
    TIMELINE_ANALYSIS: 1
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  7600.16385.amd64fre.win7_rtm.090713-1255
    
    SYSTEM_MANUFACTURER:  System manufacturer
    
    SYSTEM_PRODUCT_NAME:  System Product Name
    
    SYSTEM_SKU:  SKU
    
    SYSTEM_VERSION:  System Version
    
    BIOS_VENDOR:  American Megatrends Inc.
    
    BIOS_VERSION:  0610
    
    BIOS_DATE:  05/08/2012
    
    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.
    
    BASEBOARD_PRODUCT:  P8Z77-V LX
    
    BASEBOARD_VERSION:  Rev X.0x
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: 20
    
    BUGCHECK_P2: ffffffffc000009d
    
    BUGCHECK_P3: fffffa8009190348
    
    BUGCHECK_P4: 0
    
    ERROR_CODE: (NTSTATUS) 0xc000009d - STATUS_DEVICE_NOT_CONNECTED
    
    DISK_HARDWARE_ERROR: There was error with disk hardware
    
    BUGCHECK_STR:  0x7a_c000009d
    
    CPU_COUNT: 8
    
    CPU_MHZ: d52
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3a
    
    CPU_STEPPING: 9
    
    CPU_MICROCODE: 6,3a,9,0 (F,M,S,R)  SIG: 12'00000000 (cache) 12'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  1
    
    ANALYSIS_SESSION_HOST:  VLIUTA35VM
    
    ANALYSIS_SESSION_TIME:  08-30-2018 14:45:36.0361
    
    ANALYSIS_VERSION: 10.0.17134.12 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff800044bbbec to fffff80004483f00
    
    STACK_TEXT:  
    fffff880`04d247e8 fffff800`044bbbec : 00000000`0000007a 00000000`00000020 ffffffff`c000009d fffffa80`09190348 : nt!KeBugCheckEx
    fffff880`04d247f0 fffff800`0446de67 : fffffa80`091902e0 00000000`c000009d 00000000`00000000 fffffa80`09190378 : nt! ?? ::FNODOBFM::`string'+0x4c830
    fffff880`04d248b0 fffff800`0446092f : fffffa80`06743680 fffffa80`067436d0 fffffa80`0d75d540 ffffffff`ffffffff : nt!IopCompletePageWrite+0x57
    fffff880`04d248e0 fffff800`0448b25d : fffffa80`06743680 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`04d24960 fffff800`0448754b : 00000000`00000000 00000000`00000000 00000000`00000000 00000004`00000000 : nt!KiCommitThreadWait+0x3dd
    fffff880`04d249f0 fffff800`0441ca8f : fffffa80`00000002 fffff880`04d24ce0 00000000`00000001 fffffa80`00000013 : nt!KeWaitForMultipleObjects+0x271
    fffff880`04d24ca0 fffff800`04727166 : fffffa80`06743680 005eb684`0000007f 00000000`00000080 00000000`00000001 : nt!MiModifiedPageWriter+0xcf
    fffff880`04d24d00 fffff800`04462486 : fffff880`009b2180 fffffa80`06743680 fffff880`009bd0c0 005e3b2c`0000040b : nt!PspSystemThreadStartup+0x5a
    fffff880`04d24d40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  d9832dd82f0cce6cd3c24ff8f8c74719857114c8
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  bf60cce150e18f2897e93a39d6f3dacab83de55d
    
    THREAD_SHA1_HASH_MOD:  9f457f347057f10e1df248e166a3e95e6570ecfe
    
    FOLLOWUP_IP: 
    nt! ?? ::FNODOBFM::`string'+4c830
    fffff800`044bbbec cc              int     3
    
    FAULT_INSTR_CODE:  692d89cc
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4c830
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600
    
    IMAGE_VERSION:  6.1.7600.16385
    
    STACK_COMMAND:  .thread ; .cxr ; kb
    
    FAILURE_BUCKET_ID:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    BUCKET_ID:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    PRIMARY_PROBLEM_CLASS:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    TARGET_TIME:  2018-08-23T05:48:36.000Z
    
    OSBUILD:  7600
    
    OSSERVICEPACK:  16385
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 7
    
    OSEDITION:  Windows 7 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2009-07-14 07:40:48
    
    BUILDDATESTAMP_STR:  090713-1255
    
    BUILDLAB_STR:  win7_rtm
    
    BUILDOSVER_STR:  6.1.7600.16385.amd64fre.win7_rtm.090713-1255
    
    ANALYSIS_SESSION_ELAPSED_TIME:  517
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0x7a_c000009d_nt!_??_::fnodobfm::_string_+4c830
    
    FAILURE_ID_HASH:  {2d4984af-b74d-bb4c-91db-c27022155f76}
    
    Followup:     MachineOwner
    ---------
    
    


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 郗混沌 2018年9月3日 0:45
    2018年8月30日 7:05
  • CSRSS.EXE 与 NTKRNLMP.EXE 都是 Windows 系统进程,并不是它们引起系统蓝屏,而是系统因为蓝屏引起它们无法正常运行。

    磁盘驱动器有毛病的可能性比较大,建议用 HD Tunes 等专业硬盘检测工具对硬盘做一下完整扫描,尤其是机械式硬盘。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 "郗混沌"

    | 我windbg分析,基本上都是因为csrss.exe或者system调用ntkrnlmp.exe引起的,请帮忙看一下是系统原因还是硬件问题
    | 蓝屏日志链接:https://pan.baidu.com/s/1qxdPrCO44RbsEzF1bUvnfQ 密码:tfpr

    • 已标记为答案 郗混沌 2018年9月3日 0:46
    2018年8月30日 12:51

全部回复

  • 你好,我分析了三个minidump文件,WinDbg显示的结果都是

    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4c830 )

    还有这段信息需要注意

    The requested page of kernel data could not be read in.  Typically caused by

    a bad block in the paging file or disk controller error.

    根据上述信息所言,请先检查磁盘健康,修复坏道。

    并检测内存,有条件的话更换一个新内存条,再测试蓝屏情况。

    国外有一些案例是相同的检测结果,我看他们最后解决问题的方法分别为是检测硬盘,更新英伟达或AMD驱动,还有就是卸载诺顿杀毒软件。

    国内安装诺顿的很少,只要保持系统是最新的,剩下就是检查磁盘和内存了。



    如果认为回帖者的回答有所帮助,请将之标记为答复,这样可以帮助更多的用户获取有效信息。



    2018年8月30日 7:04
  • *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7A, {20, ffffffffc000009d, fffffa8009190348, 0}
    
    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4c830 )
    
    Followup:     MachineOwner
    ---------
    
    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_DATA_INPAGE_ERROR (7a)
    The requested page of kernel data could not be read in.  Typically caused by
    a bad block in the paging file or disk controller error. Also see
    KERNEL_STACK_INPAGE_ERROR.
    If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
    it means the disk subsystem has experienced a failure.
    If the error status is 0xC000009A, then it means the request failed because
    a filesystem failed to make forward progress.
    Arguments:
    Arg1: 0000000000000020, lock type that was held (value 1,2,3, or PTE address)
    Arg2: ffffffffc000009d, error status (normally i/o status code)
    Arg3: fffffa8009190348, current process (virtual address for lock type 3, or PTE)
    Arg4: 0000000000000000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
    
    TIMELINE_ANALYSIS: 1
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  7600.16385.amd64fre.win7_rtm.090713-1255
    
    SYSTEM_MANUFACTURER:  System manufacturer
    
    SYSTEM_PRODUCT_NAME:  System Product Name
    
    SYSTEM_SKU:  SKU
    
    SYSTEM_VERSION:  System Version
    
    BIOS_VENDOR:  American Megatrends Inc.
    
    BIOS_VERSION:  0610
    
    BIOS_DATE:  05/08/2012
    
    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.
    
    BASEBOARD_PRODUCT:  P8Z77-V LX
    
    BASEBOARD_VERSION:  Rev X.0x
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: 20
    
    BUGCHECK_P2: ffffffffc000009d
    
    BUGCHECK_P3: fffffa8009190348
    
    BUGCHECK_P4: 0
    
    ERROR_CODE: (NTSTATUS) 0xc000009d - STATUS_DEVICE_NOT_CONNECTED
    
    DISK_HARDWARE_ERROR: There was error with disk hardware
    
    BUGCHECK_STR:  0x7a_c000009d
    
    CPU_COUNT: 8
    
    CPU_MHZ: d52
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3a
    
    CPU_STEPPING: 9
    
    CPU_MICROCODE: 6,3a,9,0 (F,M,S,R)  SIG: 12'00000000 (cache) 12'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  1
    
    ANALYSIS_SESSION_HOST:  VLIUTA35VM
    
    ANALYSIS_SESSION_TIME:  08-30-2018 14:45:36.0361
    
    ANALYSIS_VERSION: 10.0.17134.12 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff800044bbbec to fffff80004483f00
    
    STACK_TEXT:  
    fffff880`04d247e8 fffff800`044bbbec : 00000000`0000007a 00000000`00000020 ffffffff`c000009d fffffa80`09190348 : nt!KeBugCheckEx
    fffff880`04d247f0 fffff800`0446de67 : fffffa80`091902e0 00000000`c000009d 00000000`00000000 fffffa80`09190378 : nt! ?? ::FNODOBFM::`string'+0x4c830
    fffff880`04d248b0 fffff800`0446092f : fffffa80`06743680 fffffa80`067436d0 fffffa80`0d75d540 ffffffff`ffffffff : nt!IopCompletePageWrite+0x57
    fffff880`04d248e0 fffff800`0448b25d : fffffa80`06743680 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`04d24960 fffff800`0448754b : 00000000`00000000 00000000`00000000 00000000`00000000 00000004`00000000 : nt!KiCommitThreadWait+0x3dd
    fffff880`04d249f0 fffff800`0441ca8f : fffffa80`00000002 fffff880`04d24ce0 00000000`00000001 fffffa80`00000013 : nt!KeWaitForMultipleObjects+0x271
    fffff880`04d24ca0 fffff800`04727166 : fffffa80`06743680 005eb684`0000007f 00000000`00000080 00000000`00000001 : nt!MiModifiedPageWriter+0xcf
    fffff880`04d24d00 fffff800`04462486 : fffff880`009b2180 fffffa80`06743680 fffff880`009bd0c0 005e3b2c`0000040b : nt!PspSystemThreadStartup+0x5a
    fffff880`04d24d40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  d9832dd82f0cce6cd3c24ff8f8c74719857114c8
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  bf60cce150e18f2897e93a39d6f3dacab83de55d
    
    THREAD_SHA1_HASH_MOD:  9f457f347057f10e1df248e166a3e95e6570ecfe
    
    FOLLOWUP_IP: 
    nt! ?? ::FNODOBFM::`string'+4c830
    fffff800`044bbbec cc              int     3
    
    FAULT_INSTR_CODE:  692d89cc
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4c830
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600
    
    IMAGE_VERSION:  6.1.7600.16385
    
    STACK_COMMAND:  .thread ; .cxr ; kb
    
    FAILURE_BUCKET_ID:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    BUCKET_ID:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    PRIMARY_PROBLEM_CLASS:  X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c830
    
    TARGET_TIME:  2018-08-23T05:48:36.000Z
    
    OSBUILD:  7600
    
    OSSERVICEPACK:  16385
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  272
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 7
    
    OSEDITION:  Windows 7 WinNt TerminalServer SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2009-07-14 07:40:48
    
    BUILDDATESTAMP_STR:  090713-1255
    
    BUILDLAB_STR:  win7_rtm
    
    BUILDOSVER_STR:  6.1.7600.16385.amd64fre.win7_rtm.090713-1255
    
    ANALYSIS_SESSION_ELAPSED_TIME:  517
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0x7a_c000009d_nt!_??_::fnodobfm::_string_+4c830
    
    FAILURE_ID_HASH:  {2d4984af-b74d-bb4c-91db-c27022155f76}
    
    Followup:     MachineOwner
    ---------
    
    


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 已标记为答案 郗混沌 2018年9月3日 0:45
    2018年8月30日 7:05
  • CSRSS.EXE 与 NTKRNLMP.EXE 都是 Windows 系统进程,并不是它们引起系统蓝屏,而是系统因为蓝屏引起它们无法正常运行。

    磁盘驱动器有毛病的可能性比较大,建议用 HD Tunes 等专业硬盘检测工具对硬盘做一下完整扫描,尤其是机械式硬盘。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 "郗混沌"

    | 我windbg分析,基本上都是因为csrss.exe或者system调用ntkrnlmp.exe引起的,请帮忙看一下是系统原因还是硬件问题
    | 蓝屏日志链接:https://pan.baidu.com/s/1qxdPrCO44RbsEzF1bUvnfQ 密码:tfpr

    • 已标记为答案 郗混沌 2018年9月3日 0:46
    2018年8月30日 12:51