一行:BugCheck 50, {fffff8800ca0ec04, 0, fffff88005e18c6a, 2}; PAGE_FAULT_IN_NONPAGED_AREA;mqac.sys;
这个问题是某种可重现的:在过去的几个月里发生了好几次,在 3 台不同的机器上(具有相同的硬件和驱动程序,几乎相同的软件,没有防病毒软件)。
我们从三台机器获得了三个 MEMORY.DMP 文件,调用堆栈几乎相同。
对疑似应用启用WER会有所帮助吗?-- 它会在崩溃之前生成用户模式转储并提供更多信息。(或上下文)?
=====8<===== 下面:信息。使用 WinGDB 从 MEMORY.DMP 中提取 =====8<=====
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\xxx\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*C:\symcache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02213000 PsLoadedModuleList = 0xfffff800`02458e90
Debug session time: Tue May 21 05:05:16.331 2013 (UTC + 8:00)
System Uptime: 39 days 10:02:15.142
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8800ca0ec04, 0, fffff88005e18c6a, 2}
Probably caused by : mqac.sys ( mqac!CPacket::ProcessRRRequest+10a )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8800ca0ec04, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88005e18c6a, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
READ_ADDRESS: fffff8800ca0ec04
FAULTING_IP:
mqac!CPacket::ProcessRRRequest+10a
fffff880`05e18c6a 4d8b642404 mov r12,qword ptr [r12+4]
MM_INTERNAL_CODE: 2
IMAGE_NAME: mqac.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd0a5
MODULE_NAME: mqac
FAULTING_MODULE: fffff88005e00000 mqac
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: AnExe.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800bb00d10 -- (.trap 0xfffff8800bb00d10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a009a08948 rbx=0000000000000000 rcx=fffff8a001e047b1
rdx=fffff8a008cf2621 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88005e18c6a rsp=fffff8800bb00ea0 rbp=fffff88005e2d110
r8=fffff8a008cf2620 r9=0000000000000080 r10=fffff880021408a0
r11=fffff8a001e047b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
mqac!CPacket::ProcessRRRequest+0x10a:
fffff880`05e18c6a 4d8b642404 mov r12,qword ptr [r12+4] ds:4a00:0004=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000223dca0 to fffff80002293640
STACK_TEXT:
fffff880`0bb00ba8 fffff800`0223dca0 : 00000000`00000050 fffff880`0ca0ec04 00000000`00000000 fffff880`0bb00d10 : nt!KeBugCheckEx
fffff880`0bb00bb0 fffff800`0229176e : 00000000`00000000 fffff880`0ca0ec04 00000000`00000000 fffff8a0`0935da10 : nt! ?? ::FNODOBFM::`string'+0x448c6
fffff880`0bb00d10 fffff880`05e18c6a : fffff8a0`0935da10 fffff880`0000ec00 fffff8a0`01730900 fffff8a0`03dfc730 : nt!KiPageFault+0x16e
fffff880`0bb00ea0 fffff880`05e18b49 : fffffa80`0e949950 00000000`00000000 fffffa80`0d1e2530 fffff8a0`09a08900 : mqac!CPacket::ProcessRRRequest+0x10a
fffff880`0bb00ee0 fffff880`05e1f6de : fffffa80`0e949950 fffffa80`0d1e2530 fffffa80`06520000 00000000`00000000 : mqac!CPacket::ProcessRequest+0x141
fffff880`0bb00f20 fffff880`05e1f25a : 00000000`00000000 fffffa80`0dc84a00 00000000`00000000 fffffa80`0dc84a00 : mqac!CQueue::PutPacket+0x442
fffff880`0bb01080 fffff880`05e1ee4b : 00000000`00000103 fffffa80`0dc84a00 00000000`00000000 fffffa80`0dc84a00 : mqac!CQueue::HandleCreatePacketCompletedSuccessAsync+0xf2
fffff880`0bb010c0 fffff880`05e06e26 : 00000000`00000000 fffff880`0bb01ca0 fffffa80`0d1e2530 00000000`00000000 : mqac!CQueue::PutNewPacket+0xa3
fffff880`0bb01100 fffff880`05e06f59 : 00000000`00000000 00000000`06b6ed58 00000000`00000000 fffffa80`0fcfc950 : mqac!ACFreePacket1+0xdaa
fffff880`0bb01590 fffff880`05e0cdf6 : fffffa80`0cecb610 00000000`00000000 fffff8a0`04364ce0 fffff800`025a0288 : mqac!ACFreePacket1+0xedd
fffff880`0bb01970 fffff800`025adf97 : fffffa80`0cecb3d0 fffffa80`0dc84a00 fffffa80`00000011 00000000`00000000 : mqac!ACDeviceControl+0x131a
fffff880`0bb01a10 fffff800`025ae7f6 : fffffa80`0d910060 00000000`00000be5 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0bb01b40 fffff800`022928d3 : fffffa80`0d910060 00000000`00000001 fffffa80`0ed26060 fffff800`0258aa34 : nt!NtDeviceIoControlFile+0x56
fffff880`0bb01bb0 00000000`75692e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0526f078 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75692e09
STACK_COMMAND: kb
FOLLOWUP_IP:
mqac!CPacket::ProcessRRRequest+10a
fffff880`05e18c6a 4d8b642404 mov r12,qword ptr [r12+4]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: mqac!CPacket::ProcessRRRequest+10a
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0x50_mqac!CPacket::ProcessRRRequest+10a
BUCKET_ID: X64_0x50_mqac!CPacket::ProcessRRRequest+10a
Followup: MachineOwner
---------