none
0x7_8停止錯誤,Memory dump 的內容請教 NTFS+5f74代表什麼 ? RRS feed

  • 一般討論

  •  server2003連續兩天在接近的時間點自動重開機了

     使用windbg分析memory dump的結果如下,但是找不到類似的案例,接下來不知道該如何解決了,還請幫幫忙 !

     感謝

    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\temp\ads02 memory dump 20140218\MEMORY_20140217.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Whitespace at end of path element
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols.sympath

    Executable search path is:
    Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
    Product: LanManNt, suite: TerminalServer SingleUserTS
    Built by: 3790.srv03_sp2_qfe.130703-1535
    Machine Name:
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
    Debug session time: Mon Feb 17 08:37:34.653 2014 (UTC + 8:00)
    System Uptime: 1 days 2:57:43.093
    WARNING: Process directory table base BFF9C6C0 doesn't match CR3 005F2000
    WARNING: Unable to reset page directories
    Loading Kernel Symbols
    ...............................................................
    ..............................................................
    Loading User Symbols
    WARNING: Process directory table base BFF9C6C0 doesn't match CR3 005F2000
    Unable to get PEB pointer
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, 80042000, 0, 0}

    *** WARNING: Unable to verify timestamp for mssmbios.sys
    *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
    *** WARNING: Unable to verify timestamp for Ntfs.sys
    *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    Probably caused by : Ntfs.sys ( Ntfs+5f74 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 80042000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3

    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=00000000 ebx=8b4f1100 ecx=8ac87d03 edx=8687ddc0 esi=b83481a0 edi=b8348028
    eip=f7addf74 esp=b8348000 ebp=b8348014 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    Ntfs+0x5f74:
    f7addf74 0000            add     byte ptr [eax],al          ds:0023:00000000=??
    Resetting default scope

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  1

    LAST_CONTROL_TRANSFER:  from 00000000 to f7addf74

    STACK_TEXT: 
    b8348014 00000000 00000000 00000000 00000000 Ntfs+0x5f74


    STACK_COMMAND:  .tss 0x28 ; kb

    FOLLOWUP_IP:
    Ntfs+5f74
    f7addf74 0000            add     byte ptr [eax],al

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  Ntfs+5f74

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: Ntfs

    IMAGE_NAME:  Ntfs.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    FAILURE_BUCKET_ID:  0x7f_8_Ntfs+5f74

    BUCKET_ID:  0x7f_8_Ntfs+5f74

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 80042000
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------

    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3
    Unable to read selector for PCR for processor 1
    Unable to read selector for PCR for processor 2
    Unable to read selector for PCR for processor 3

    BUGCHECK_STR:  0x7f_8

    TSS:  00000028 -- (.tss 0x28)
    eax=00000000 ebx=8b4f1100 ecx=8ac87d03 edx=8687ddc0 esi=b83481a0 edi=b8348028
    eip=f7addf74 esp=b8348000 ebp=b8348014 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    Ntfs+0x5f74:
    f7addf74 0000            add     byte ptr [eax],al          ds:0023:00000000=??
    Resetting default scope

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  1

    LAST_CONTROL_TRANSFER:  from 00000000 to f7addf74

    STACK_TEXT: 
    b8348014 00000000 00000000 00000000 00000000 Ntfs+0x5f74


    STACK_COMMAND:  .tss 0x28 ; kb

    FOLLOWUP_IP:
    Ntfs+5f74
    f7addf74 0000            add     byte ptr [eax],al

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  Ntfs+5f74

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: Ntfs

    IMAGE_NAME:  Ntfs.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    FAILURE_BUCKET_ID:  0x7f_8_Ntfs+5f74

    BUCKET_ID:  0x7f_8_Ntfs+5f74

    Followup: MachineOwner
    ---------

     

    • 已變更類型 AskaSuModerator 2014年2月25日 下午 02:32 超過三天無回應
    2014年2月20日 上午 03:57

所有回覆

  • Hi Tom Chang_1019

    從你提供的log裡面看到感覺像是驅動程式有問題

    所導致系統不穩定

    那你最近有更新過驅動程式還是有安裝過哪一些應用程式嗎

    另外你有設定排成服務嗎

    2014年2月20日 上午 06:21
  • Hi Lissam

       這台server是 domain controller,硬體是IBM的 X series server,最近也沒更新過driver

       的確windbg提到driver_fault,但看不出來確切是哪一個driver..........

       另外,server上面有排程在 AM 6:00跑 (也用了很久了)

       昨天的reboot發生在8:30左右

       今天約在6:30

       感覺跟排程關係不大

       非常感謝

    2014年2月20日 上午 06:35
  • Hi Tom Chang_1019 您好,

    因為只有部分dump,無法確定真正造成原因,

    您可以先幫我確認您Ntfs.sys的版本嗎?是否已經更新到最新版本了呢?

    謝謝您~

    2014年2月20日 上午 06:37
  • hi Tom Chang_1019 您好

    歡迎您將後續測試結果回報至論壇,以利討論的進行並幫助其他有類似問題的朋友~謝謝您!

    2014年2月25日 上午 07:31