Назад | Перейти на главную страницу

Windows Server 2008 R2 "WIN7_DRIVER_FAULT_SERVER SYSTEM_SERVICE_EXCEPTION STOP: 0x0000003B

Мне нужна помощь с выводом Windbg для нашей установки Win Server 2008 R2 Standard. Это наш критически важный производственный сервер, и он дает сбой примерно каждые 2 месяца. Пару раз уже делал. Журналы говорят, что это может быть драйвер, но какой? кто разбился говорит:

On Tue 6/2/2015 2:36:19 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\060215-12854-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0xC3B43) 
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF96000123B43, 0xFFFFF8800AF02EA0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. 
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 

вывод windbg:

*******************************************************************************
*                                                                                  *
*                        Bugcheck Analysis                                        *
*                                                                                 * 
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000123b43, Address of the instruction which caused the bugcheck
Arg3: fffff8800af02ea0, Address of the context record for the exception that      caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k!HMAllocObject+43
fffff960`00123b43 488bbd58010000  mov     rdi,qword ptr [rbp+158h]

CONTEXT:  fffff8800af02ea0 -- (.cxr 0xfffff8800af02ea0;r)
rax=0000000000000000 rbx=0000000000000020 rcx=fffff96000319200
rdx=0000000000000000 rsi=0000000000008802 rdi=0000000000000000
rip=fffff96000123b43 rsp=fffff8800af03880 rbp=0000000000000000
 r8=0000000000000010  r9=0000000000000080 r10=0000000000000000
r11=fffffa801a87a420 r12=0000000000000000 r13=0000000000000000
r14=0000000000000080 r15=0000000000000010
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b                 efl=00010202
win32k!HMAllocObject+0x43:
fffff960`00123b43 488bbd58010000  mov     rdi,qword ptr [rbp+158h]     ss:0018:00000000`00000158=????????????????
Last set context:
rax=0000000000000000 rbx=0000000000000020 rcx=fffff96000319200
rdx=0000000000000000 rsi=0000000000008802 rdi=0000000000000000
rip=fffff96000123b43 rsp=fffff8800af03880 rbp=0000000000000000
 r8=0000000000000010  r9=0000000000000080 r10=0000000000000000
r11=fffffa801a87a420 r12=0000000000000000 r13=0000000000000000
r14=0000000000000080 r15=0000000000000010
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
win32k!HMAllocObject+0x43:
fffff960`00123b43 488bbd58010000  mov     rdi,qword ptr [rbp+158h] ss:0018:00000000`00000158=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0x3B

PROCESS_NAME:  conhost.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff96000123b43

STACK_TEXT:  
fffff880`0af03880 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!HMAllocObject+0x43


FOLLOWUP_IP: 
win32k!HMAllocObject+43
fffff960`00123b43 488bbd58010000  mov     rdi,qword ptr [rbp+158h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!HMAllocObject+43

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54372ef1

IMAGE_VERSION:  6.1.7601.18635

STACK_COMMAND:  .cxr 0xfffff8800af02ea0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k!HMAllocObject+43

BUCKET_ID:  X64_0x3B_win32k!HMAllocObject+43

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x3b_win32k!hmallocobject+43

FAILURE_ID_HASH:  {9363ac24-db12-dd42-fe3b-b3a794764f0d}

Followup: MachineOwner
---------

Я загрузил сюда файл минидампа на случай, если кто-то захочет его просмотреть: https://onedrive.live.com/redir?resid=C5803CB16D4F7842!113&authkey=!ADrMX0cv07mIJpg&ithint=file%2cdmp

У меня также есть файл MEMORY.DMP на случай, если кому-то понадобится дополнительная информация. Всякий раз, когда я открываю его в windbg, он выглядит так же, как и минидамп, есть ли способ увидеть более подробную информацию о нем?

Stop-ошибка 0x3B, когда приложение изменяет z-порядок окна в Windows 7 с пакетом обновления 1 и Windows Server 2008 R2 с пакетом обновления 1
https://support.microsoft.com/kb/2965768