Sco*_*ell 5 bsod minidumps windbg
大约六个月前,我升级了我的计算机硬件 - 新的主板、CPU、RAM 等。直到最近它才像冠军一样运行。今天早上,当我去我的电脑时,它有一个蓝屏死机。我使用 WinDbg 来分析小型转储。有人可以帮助分析这些结果吗?
以下是初步结果:
Use !analyze -v to get detailed debugging information.
BugCheck 101, {31, 0, fffff88002f65180, 2}
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
当我运行时,!analyze -v我得到以下输出:
CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000031, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff88002f65180, The PRCB address of the hung processor.
Arg4: 0000000000000002, 0.
Debugging Details:
------------------
BUGCHECK_STR: CLOCK_WATCHDOG_TIMEOUT_4_PROC
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: d
STACK_TEXT:
fffff880`08c33328 fffff800`02d268c9 : 00000000`00000101 00000000`00000031 00000000`00000000 fffff880`02f65180 : nt!KeBugCheckEx
fffff880`08c33330 fffff800`02cd9497 : fffff880`00000000 fffff800`00000002 00000000`00002711 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`08c333c0 fffff800`02c13895 : fffff800`02c39460 fffff880`08c33570 fffff800`02c39460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff880`08c334c0 fffff800`02ccb173 : fffff800`02e44e80 00000000`00000001 00000000`00000001 fffff800`02c52000 : hal!HalpHpetClockInterrupt+0x8d
fffff880`08c334f0 fffff800`02ca4661 : fffff800`02e44e80 fffff800`02e52cc0 00000000`00000046 fffff800`02cca6dc : nt!KiInterruptDispatchNoLock+0x163
fffff880`08c33680 fffff800`02fd8def : 00000000`00000000 fffff880`08c33b60 00000000`00000000 fffff880`00de20b9 : nt!KeFlushProcessWriteBuffers+0x65
fffff880`08c336f0 fffff800`02fd9449 : 00000000`004d5d60 fffff800`02fc54de 00000000`00000000 fffffa80`085c1b60 : nt!ExpQuerySystemInformation+0x13af
fffff880`08c33aa0 fffff800`02ccded3 : 00000000`00000000 fffff880`08c33b60 ffffffff`fffe7960 000007fe`fcd30bd8 : nt!NtQuerySystemInformation+0x4d
fffff880`08c33ae0 00000000`77c4167a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00fbefd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c4167a
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_CLOCK_WATCHDOG_TIMEOUT_4_PROC_ANALYSIS_INCONCLUSIVE
BUCKET_ID: X64_CLOCK_WATCHDOG_TIMEOUT_4_PROC_ANALYSIS_INCONCLUSIVE
Followup: MachineOwner
我的假设是我的 CPU(英特尔酷睿 i5-2400 四核)上的一个处理器出现了问题。但也许这个特定的错误是其他问题的征兆。
我在 Google 上搜索了CLOCK_WATCHDOG_TIMEOUT (101),并且在各种与硬件相关的论坛中有许多帖子。通读其中的一些,似乎问题与处理器没有太大关系,而是应该归咎于堆栈跟踪中的其他东西(通常是驱动程序)。如果是这种情况,是否可以假设这KeUpdateSystemTime是罪魁祸首?我不确定我是否正确阅读了堆栈跟踪,或者我将如何进一步分析它。
好消息是,这(到目前为止)只发生过一次,并且(还)没有再发生过!:-)
我从小型转储运行以下命令:
!thread @@c++((nt!_kprcb *)0xfffff88002f65180)->CurrentThread)
并收到以下输出。
GetPointerFromAddress: unable to read from fffff80002f01000
THREAD fffffa800952db60 Cid 0074.0110 Teb: 000007fffffd5000 Win32Thread: 0000000000000000 RUNNING on processor 0
Impersonation token: fffff8a001fc0060 (Level Delegation)
GetUlongFromAddress: unable to read from fffff80002e40ba4
Owning Process fffffa8009527060 Image: svchost.exe
Attached Process N/A Image: N/A
fffff78000000000: Unable to get shared data
Wait Start TickCount 14245338
Context Switch Count 6898658
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x000007feff54a808
Stack Init fffff88008c33c70 Current fffff88008c33830
Base fffff88008c34000 Limit fffff88008c2e000 Call 0
Priority 27 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
后跟与上述相同的堆栈跟踪。
小智 2
基本上,您的一个处理器已检测到您的其他处理器之一已停止接收时钟中断。检测到该情况的处理器会进行错误检查并告诉您哪个处理器被挂起:
fffff88002f65180, The PRCB address of the hung processor.
那么问题就变成了“挂起的处理器在做什么?” 您可以使用以下命令来回答这个问题:
!thread @@c++((nt!_kprcb *)0xfffff88002f65180)->CurrentThread)
但请注意,它可能不起作用,因为您拥有的只是一个小型转储。如果它不起作用,请配置您的系统以创建内核摘要转储并等待崩溃再次发生。
http://support.microsoft.com/kb/254649
| 归档时间: |
|
| 查看次数: |
4558 次 |
| 最近记录: |