ser2016 经常重启 跪求大佬给定位下问题

本文记录了一次使用Microsoft Windows Debugger对Windows 10系统中出现的PAGE_FAULT_IN_NONPAGED_AREA错误进行调试的过程。该错误通常表明系统内存被非法引用,分析了导致此故障的具体原因并提供了详细的调试步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Microsoft (R) Windows Debugger Version 10.0.22621.755 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\DELL\Desktop\120622-7546-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 14393 MP (16 procs) Free x64
Product: Server, suite: TerminalServer
Edition build lab: 14393.447.amd64fre.rs1_release_inmarket.161102-0100
Machine Name:
Kernel base = 0xfffff802`38e03000 PsLoadedModuleList = 0xfffff802`39108060
Debug session time: Tue Dec  6 16:06:27.561 2022 (UTC + 8:00)
System Uptime: 0 days 0:37:28.496
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
12: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffb18d40018000, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff800ea5928b0, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1

    Key  : AV.Type
    Value: Write

    Key  : Analysis.CPU.mSec
    Value: 2718

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 35868

    Key  : Analysis.Init.CPU.mSec
    Value: 5030

    Key  : Analysis.Init.Elapsed.mSec
    Value: 61932

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 105

    Key  : WER.OS.Branch
    Value: rs1_release_inmarket

    Key  : WER.OS.Timestamp
    Value: 2016-11-02T01:00:00Z

    Key  : WER.OS.Version
    Value: 10.0.14393.447


FILE_IN_CAB:  120622-7546-01.dmp

BUGCHECK_CODE:  50

BUGCHECK_P1: ffffb18d40018000

BUGCHECK_P2: 2

BUGCHECK_P3: fffff800ea5928b0

BUGCHECK_P4: 0

READ_ADDRESS: fffff802391aa338: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
 ffffb18d40018000 

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

TRAP_FRAME:  ffff9080fe403820 -- (.trap 0xffff9080fe403820)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffb18d40018000
rdx=ffffc2054558e09a rsi=0000000000000000 rdi=0000000000000000
rip=fffff800ea5928b0 rsp=ffff9080fe4039b0 rbp=ffffc2054558e095
 r8=0000000000000000  r9=0000000000000000 r10=0000000000010000
r11=ffffb18d40018000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
srv!SrvOs2FeaToNt+0x48:
fffff800`ea5928b0 c60300          mov     byte ptr [rbx],0 ds:00000000`00000000=??
Resetting default scope

STACK_TEXT:  
ffff9080`fe403528 fffff802`38f9ea47     : 00000000`00000050 ffffb18d`40018000 00000000`00000002 ffff9080`fe403820 : nt!KeBugCheckEx
ffff9080`fe403530 fffff802`38eab5da     : 00000000`00000002 00000000`00000000 ffff9080`fe403820 ffff9080`fbf89d60 : nt! ?? ::FNODOBFM::`string'+0x420a7
ffff9080`fe403620 fffff802`38f56afc     : ffff8f61`00000000 ffff9080`fe403a90 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x9ca
ffff9080`fe403820 fffff800`ea5928b0     : ffffef87`6264534c 00000000`00000ff8 ffff9080`fe403ad8 ffff9080`fe403ad0 : nt!KiPageFault+0x13c
ffff9080`fe4039b0 fffff800`ea5927f9     : ffffc205`4558e095 ffffb18d`40017ff8 00000004`052a0f9a ffffc205`4558e138 : srv!SrvOs2FeaToNt+0x48
ffff9080`fe4039e0 fffff800`ea5b3ec3     : ffffb18d`3f59b940 00000000`00000000 ffffc205`4557e010 ffffb18d`3f528180 : srv!SrvOs2FeaListToNt+0x125
ffff9080`fe403a30 fffff800`ea5bcebe     : 00000000`00000000 fffff800`00010fe8 ffffb18d`40007010 ffffb18d`3f59b940 : srv!SrvSmbOpen2+0xc3
ffff9080`fe403ad0 fffff800`ea5c007b     : ffffb18d`3fea6b30 ffffc205`4557e010 00000000`00000002 00000000`00001000 : srv!ExecuteTransaction+0x1be
ffff9080`fe403b10 fffff800`ea54da4e     : fffff800`00000000 00000000`00000000 ffffb18d`00000035 00000000`0000f3d0 : srv!SrvSmbTransactionSecondary+0x40b
ffff9080`fe403bb0 fffff800`ea54dc24     : ffffb18d`3f59b940 00000000`00000000 ffffb18d`3f59c3b0 fffff800`ea558000 : srv!SrvProcessSmb+0x236
ffff9080`fe403c30 fffff800`ea58ca36     : ffffb18d`3f552020 ffffb18d`3f59b950 00000000`00000000 ffffb18d`3f59b950 : srv!SrvRestartReceive+0x114
ffff9080`fe403c70 fffff802`39337668     : ffffc205`45cceb30 ffffb18d`3b637700 ffffb18d`3f528040 00000000`00000080 : srv!WorkerThread+0x67a6
ffff9080`fe403cf0 fffff802`38e05729     : ffff9080`fe403eb8 ffff9080`fe9e7340 ffff9080`fe403e10 00000000`00000000 : nt!IopThreadStart+0x34
ffff9080`fe403d50 fffff802`38f529d6     : fffff802`39145180 ffffb18d`3f528040 fffff802`38e056e8 ffffb18d`3cd68180 : nt!PspSystemThreadStartup+0x41
ffff9080`fe403da0 00000000`00000000     : ffff9080`fe404000 ffff9080`fe3fe000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_NAME:  srv!SrvOs2FeaToNt+48

MODULE_NAME: srv

IMAGE_NAME:  srv.sys

IMAGE_VERSION:  10.0.14393.187

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  48

FAILURE_BUCKET_ID:  AV_W_(null)_srv!SrvOs2FeaToNt

OS_VERSION:  10.0.14393.447

BUILDLAB_STR:  rs1_release_inmarket

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {76d8dedf-2864-2055-350f-9d345eca667c}

Followup:     MachineOwner
---------

12: kd> lmvm srv
Browse full module list
start             end                 module name
fffff800`ea540000 fffff800`ea5cc000   srv        (pdb symbols)          C:\ProgramData\dbg\sym\srv.pdb\485F3D1BEC9049749B6D73851324530C1\srv.pdb
    Loaded symbol image file: srv.sys
    Mapped memory image file: C:\ProgramData\dbg\sym\srv.sys\57CF9C458c000\srv.sys
    Image path: \SystemRoot\System32\DRIVERS\srv.sys
    Image name: srv.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Sep  7 12:49:09 2016 (57CF9C45)
    CheckSum:         00067DAC
    ImageSize:        0008C000
    File version:     10.0.14393.187
    Product version:  10.0.14393.187
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.6 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     SRV.SYS
        OriginalFilename: SRV.SYS
        ProductVersion:   10.0.14393.187
        FileVersion:      10.0.14393.187 (rs1_release_inmarket.160906-1818)
        FileDescription:  Server driver
        LegalCopyright:   © Microsoft Corporation. All rights reserved.
 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值