6,849
社区成员
发帖
与我相关
我的任务
分享求助afd.sys 蓝屏
最近服务器经常早上开机出现蓝屏,重启后正常,系统是winserver 2008 x86,请各位大神帮助下
下面是Windbg分析的:
Microsoft (R) Windows Debugger Version 10.0.16299.91 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\nix\Desktop\log\Mini051618-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Error: Empty Path.
WARNING: Whitespace at end of path element
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
WARNING: Whitespace at end of path element
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x81c45000 PsLoadedModuleList = 0x81d5cc70
Debug session time: Wed May 16 07:59:26.523 2018 (UTC + 8:00)
System Uptime: 0 days 0:15:59.557
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 8737c413, a1869aa0, a186979c}
Probably caused by : afd.sys ( afd!AfdWskDispatchInternalDeviceControl+21 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8737c413, The address that the exception occurred at
Arg3: a1869aa0, Exception Record Address
Arg4: a186979c, Context Record Address
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 6002.18005.x86fre.lh_sp2rtm.090410-1830
SYSTEM_MANUFACTURER: IBM
SYSTEM_PRODUCT_NAME: IBM System x3100 M5: -[5457AC1]-
SYSTEM_VERSION: 05
BIOS_VENDOR: IBM
BIOS_VERSION: -[J9E120EUS-1.20]-
BIOS_DATE: 09/24/2015
BASEBOARD_MANUFACTURER: IBM
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: ffffffff8737c413
BUGCHECK_P3: ffffffffa1869aa0
BUGCHECK_P4: ffffffffa186979c
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
+0
8737c413 8b36 mov esi,dword ptr [esi]
EXCEPTION_RECORD: a1869aa0 -- (.exr 0xffffffffa1869aa0)
ExceptionAddress: 8737c413
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: a186979c -- (.cxr 0xffffffffa186979c)
eax=86a6ea78 ebx=81c45000 ecx=85984a98 edx=00507308 esi=00000000 edi=a1869b8c
eip=8737c413 esp=a1869b68 ebp=8737c000 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
8737c413 8b36 mov esi,dword ptr [esi] ds:0023:00000000=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: c14
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1D'00000000 (cache) 1D'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
FOLLOWUP_IP:
afd!AfdWskDispatchInternalDeviceControl+21
929260fc eb18 jmp afd!AfdWskDispatchInternalDeviceControl+0x3b (92926116)
BUGCHECK_STR: 0x7E
READ_ADDRESS: Target machine operating system not supported
00000000
ANALYSIS_SESSION_HOST: DESKTOP-5947LAN
ANALYSIS_SESSION_TIME: 05-17-2018 12:22:46.0472
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
LAST_CONTROL_TRANSFER: from 8737c219 to 8737c413
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a1869b84 8737c219 81c50b56 81d339b1 81cf6e49 0x8737c413
a1869bd8 929260fc a1869bf8 81c89976 8646d2f8 0x8737c219
a1869be0 81c89976 8646d2f8 86e253f0 86e25800 afd!AfdWskDispatchInternalDeviceControl+0x21
a1869bf8 9292871e a1869c30 86e25800 86f36608 nt!IofCallDriver+0x63
a1869c00 86e25800 86f36608 a1869c30 a5208709 afd!WskProAPISend+0x67
a1869ca4 a528e1c5 86e21040 86e21040 81c8aed0 0x86e25800
a1869cb8 a528eb8d a525f680 86e21040 00000000 srv!ExecuteTransaction+0x101
a1869d30 a525ade1 86a6d058 86a6d020 86e21048 srv!SrvSmbTransaction+0x76f
a1869d54 a5269c23 00000000 86a6ea78 00000000 srv!SrvProcessSmb+0x151
a1869d7c 81e1ac42 00a6d020 180104ac 00000000 srv!WorkerThread+0x132
a1869dc0 81c83efe a5269af1 86a6d020 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD_SHA1_HASH_MOD_FUNC: 5e49b588d544734f0740f09785acfd621dca245b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 744e761f7de7edeb54bb1079d2e6bd8bbe61f133
THREAD_SHA1_HASH_MOD: 6279f4f462abd4ba573fe43776b65b0115d28dfe
FAULT_INSTR_CODE: 41c718eb
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: afd!AfdWskDispatchInternalDeviceControl+21
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e020c5
IMAGE_VERSION: 6.0.6002.18005
STACK_COMMAND: .cxr 0xffffffffa186979c ; kb
FAILURE_BUCKET_ID: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
BUCKET_ID: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
PRIMARY_PROBLEM_CLASS: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
TARGET_TIME: 2018-05-15T23:59:26.000Z
OSBUILD: 6002
OSSERVICEPACK: 2000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x86
OSNAME: Windows Vista
OSEDITION: Windows Vista Server (Service Pack 2) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2009-04-11 12:16:30
BUILDDATESTAMP_STR: 090410-1830
BUILDLAB_STR: lh_sp2rtm
BUILDOSVER_STR: 6.0.6002.18005.x86fre.lh_sp2rtm.090410-1830
ANALYSIS_SESSION_ELAPSED_TIME: 2fe
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x7e_afd!afdwskdispatchinternaldevicecontrol+21
FAILURE_ID_HASH: {89ba529a-7b64-0be6-fd97-a50021c39416}
Followup: MachineOwner
下面是Windbg分析的:
Microsoft (R) Windows Debugger Version 10.0.16299.91 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\nix\Desktop\log\Mini051618-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Error: Empty Path.
WARNING: Whitespace at end of path element
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
WARNING: Whitespace at end of path element
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x81c45000 PsLoadedModuleList = 0x81d5cc70
Debug session time: Wed May 16 07:59:26.523 2018 (UTC + 8:00)
System Uptime: 0 days 0:15:59.557
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 8737c413, a1869aa0, a186979c}
Probably caused by : afd.sys ( afd!AfdWskDispatchInternalDeviceControl+21 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8737c413, The address that the exception occurred at
Arg3: a1869aa0, Exception Record Address
Arg4: a186979c, Context Record Address
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 6002.18005.x86fre.lh_sp2rtm.090410-1830
SYSTEM_MANUFACTURER: IBM
SYSTEM_PRODUCT_NAME: IBM System x3100 M5: -[5457AC1]-
SYSTEM_VERSION: 05
BIOS_VENDOR: IBM
BIOS_VERSION: -[J9E120EUS-1.20]-
BIOS_DATE: 09/24/2015
BASEBOARD_MANUFACTURER: IBM
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: ffffffff8737c413
BUGCHECK_P3: ffffffffa1869aa0
BUGCHECK_P4: ffffffffa186979c
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
+0
8737c413 8b36 mov esi,dword ptr [esi]
EXCEPTION_RECORD: a1869aa0 -- (.exr 0xffffffffa1869aa0)
ExceptionAddress: 8737c413
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: a186979c -- (.cxr 0xffffffffa186979c)
eax=86a6ea78 ebx=81c45000 ecx=85984a98 edx=00507308 esi=00000000 edi=a1869b8c
eip=8737c413 esp=a1869b68 ebp=8737c000 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
8737c413 8b36 mov esi,dword ptr [esi] ds:0023:00000000=????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: c14
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1D'00000000 (cache) 1D'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
FOLLOWUP_IP:
afd!AfdWskDispatchInternalDeviceControl+21
929260fc eb18 jmp afd!AfdWskDispatchInternalDeviceControl+0x3b (92926116)
BUGCHECK_STR: 0x7E
READ_ADDRESS: Target machine operating system not supported
00000000
ANALYSIS_SESSION_HOST: DESKTOP-5947LAN
ANALYSIS_SESSION_TIME: 05-17-2018 12:22:46.0472
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
LAST_CONTROL_TRANSFER: from 8737c219 to 8737c413
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a1869b84 8737c219 81c50b56 81d339b1 81cf6e49 0x8737c413
a1869bd8 929260fc a1869bf8 81c89976 8646d2f8 0x8737c219
a1869be0 81c89976 8646d2f8 86e253f0 86e25800 afd!AfdWskDispatchInternalDeviceControl+0x21
a1869bf8 9292871e a1869c30 86e25800 86f36608 nt!IofCallDriver+0x63
a1869c00 86e25800 86f36608 a1869c30 a5208709 afd!WskProAPISend+0x67
a1869ca4 a528e1c5 86e21040 86e21040 81c8aed0 0x86e25800
a1869cb8 a528eb8d a525f680 86e21040 00000000 srv!ExecuteTransaction+0x101
a1869d30 a525ade1 86a6d058 86a6d020 86e21048 srv!SrvSmbTransaction+0x76f
a1869d54 a5269c23 00000000 86a6ea78 00000000 srv!SrvProcessSmb+0x151
a1869d7c 81e1ac42 00a6d020 180104ac 00000000 srv!WorkerThread+0x132
a1869dc0 81c83efe a5269af1 86a6d020 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD_SHA1_HASH_MOD_FUNC: 5e49b588d544734f0740f09785acfd621dca245b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 744e761f7de7edeb54bb1079d2e6bd8bbe61f133
THREAD_SHA1_HASH_MOD: 6279f4f462abd4ba573fe43776b65b0115d28dfe
FAULT_INSTR_CODE: 41c718eb
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: afd!AfdWskDispatchInternalDeviceControl+21
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e020c5
IMAGE_VERSION: 6.0.6002.18005
STACK_COMMAND: .cxr 0xffffffffa186979c ; kb
FAILURE_BUCKET_ID: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
BUCKET_ID: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
PRIMARY_PROBLEM_CLASS: 0x7E_afd!AfdWskDispatchInternalDeviceControl+21
TARGET_TIME: 2018-05-15T23:59:26.000Z
OSBUILD: 6002
OSSERVICEPACK: 2000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x86
OSNAME: Windows Vista
OSEDITION: Windows Vista Server (Service Pack 2) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2009-04-11 12:16:30
BUILDDATESTAMP_STR: 090410-1830
BUILDLAB_STR: lh_sp2rtm
BUILDOSVER_STR: 6.0.6002.18005.x86fre.lh_sp2rtm.090410-1830
ANALYSIS_SESSION_ELAPSED_TIME: 2fe
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x7e_afd!afdwskdispatchinternaldevicecontrol+21
FAILURE_ID_HASH: {89ba529a-7b64-0be6-fd97-a50021c39416}
Followup: MachineOwner
...全文
请发表友善的回复…
发表回复
