winnt: Re: BSOD - Probably caused by : ntkrnlmp.exe

Autor: Leszek <leszek47usunto_at_poczta.onet.pl>
Data: Fri 24 Jul 2009 - 21:18:16 MET DST
Message-ID: <h4d1e3$d7u$1@news.onet.pl>
Content-Type: text/plain; charset=UTF-8; format=flowed

Piotr B. (pb2004) pisze:
> In article <h4cdp4$rj5$1@news.onet.pl>, leszek47usunto@poczta.onet.pl
> says...
>> CzeĹÄ,
>>
>> W systemie Windows 7 x64 build 7100 wyskoczyĹ mi bluescreen podczas
>> grania w Prince of Percia. OtworzyĹem go narzÄdziach do debugowania,
>> ktĂłre jako prawdopodobnÄ przyczynÄ podajÄ: ntkrnlmp.exe
>>
>> Co to oznacza?
>>
>
> Wpisz w skonfigurowanym Windbg !analyze -v i wklej wynik. Bez tego
> potrzebna byĹaby szklana kula aby odpowiedzieÄ na twoje pytanie.
>

Nie wiem czy to dobrze zrobiĹem, ale wyszĹo coĹ takiego:

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrnlmp.exe -
Windows 7 Kernel Version 7100 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7100.0.amd64fre.winmain_win7rc.090421-1700
Machine Name:
Kernel base = 0xfffff800`02c01000 PsLoadedModuleList = 0xfffff800`02e3ae90
Debug session time: Fri Jul 24 14:54:44.973 2009 (GMT+2)
System Uptime: 0 days 5:17:16.799
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001"
for details
Loading unloaded module list
........
*******************************************************************************
*
       *
* Bugcheck Analysis
       *
*
       *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002c18b98, 0, ffffffffffffffff}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Probably caused by : ntkrnlmp.exe ( nt!FsRtlAllocateFileLock+7c )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*
       *
* Bugcheck Analysis
       *
*
       *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c18b98, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload'
to set symbol path and load symbols.

MODULE_NAME: nt

FAULTING_MODULE: fffff80002c01000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 49ee9439

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo

FAULTING_IP:
nt!FsRtlAllocateFileLock+7c
fffff800`02c18b98 488b3f mov rdi,qword ptr [rdi]

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffffffffffffff

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x1E

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80002ce5a1a to fffff80002c7ff80

STACK_TEXT:
fffff880`009afe48 fffff800`02ce5a1a : 00000000`0000001e
ffffffff`c0000005 fffff800`02c18b98 00000000`00000000 : nt!KeBugCheckEx
fffff880`009afe50 fffff800`02c7f5c2 : fffff880`009b0628
748b4820`246c89a4 fffff880`009b06d0 fffff800`02fd3100 : nt!wcsncat_s+0x30cb2
fffff880`009b04f0 fffff800`02c7deca : 00000000`00000000
fffffa80`06607c80 00000000`00000000 00000000`00000000 :
nt!KeSynchronizeExecution+0x3e32
fffff880`009b06d0 fffff800`02c18b98 : fffffa80`04257060
fffffa80`04257060 fffff800`02fd3100 00000000`00000000 :
nt!KeSynchronizeExecution+0x273a
fffff880`009b0860 fffff800`02c82b50 : fffffa80`04fe5930
00000000`00000000 fffff800`02fd3180 00000000`00000000 :
nt!FsRtlAllocateFileLock+0x7c
fffff880`009b0890 fffff800`02c829e2 : 0000002c`52d1098c
00000000`00129ecb fffff880`02fd6ee0 00000000`00000002 :
nt!KeRemoveQueueEx+0x1720
fffff880`009b0ee0 fffff800`02c826cf : fffffa80`039ebbc1
fffff880`02fd6ee8 00000000`000000cb 00000000`00000000 :
nt!KeRemoveQueueEx+0x15b2
fffff880`009b0f80 fffff800`02c82095 : fffff880`02fd3180
fffff880`080d8ca0 00000000`2ab31740 00000000`04d60800 :
nt!KeRemoveQueueEx+0x129f
fffff880`009b0fb0 fffff800`02c81eac : fffff880`02fd3180
fffff800`02c8b978 00000000`0769e6b0 00000000`00000400 :
nt!KeRemoveQueueEx+0xc65
fffff880`080d8be0 fffff800`02cadfd3 : fffff800`02c8b70c
fffff800`02c8b778 00000000`00000000 fffff880`080d8ca0 :
nt!KeRemoveQueueEx+0xa7c
fffff880`080d8c10 fffff800`02c8b778 : 00000000`00000000
fffff880`080d8ca0 00000000`2ab31740 00000000`04d60800 :
nt!NtFreeVirtualMemory+0x2123
fffff880`080d8c20 00000000`70b6146d : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
nt!KdPollBreakIn+0x368
00000000`097eff04 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x70b6146d

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!FsRtlAllocateFileLock+7c
fffff800`02c18b98 488b3f mov rdi,qword ptr [rdi]

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!FsRtlAllocateFileLock+7c

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------
Received on Fri Jul 24 21:20:05 2009

To archiwum zostało wygenerowane przez hypermail 2.1.8 : Fri 24 Jul 2009 - 21:42:01 MET DST