Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
 
  ACPI调试
Linux内核调试
Windows内核调试
 
  调试战役
调试原理
新工具观察
 
  Linux
Windows Vista
Windows
 
  Linux驱动
WDF
WDM
 
  PCI Express
PCI/PCI-X
USB
无线通信协议
 
  64位CPU
ARM
IA-32
  CPU Info Center
 
  ACPI标准
系统认证
Desktop
服务器
 
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
 
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

WinDbg

帖子发起人: Jerry   发起时间: 2009-12-07 14:36 下午   回复: 1

Print Search
帖子排序:    
   2009-12-07, 14:36 下午
j8525 离线,最后访问时间: 2010/6/22 1:48:17 Jerry

发帖数前75位
男
注册: 2009-11-20
发 贴: 16
BSOD 7F, 张老师能否进来指点下?
Reply Quote

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

TSS:  00000028 -- (.tss 0x28)
eax=00000000 ebx=00000003 ecx=f7787101 edx=f7956000 esi=00000000 edi=f7787121
eip=80545c8f esp=f79567b8 ebp=f7956804 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!KiFlushSingleTb+0x3:
80545c8f c3              ret
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

TRAP_FRAME:  f7956cac -- (.trap 0xfffffffff7956cac)
ErrCode = 00000002
eax=0000e808 ebx=ffdff000 ecx=000017f8 edx=00000000 esi=85fc1020 edi=85fc28b8
eip=85fc28b9 esp=f7956d20 ebp=f7956d74 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
85fc28b9 007000          add     byte ptr [eax],dh          ds:0023:0000e808=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from 804ffb5e to 80545c8f

STACK_TEXT: 
f7956804 804ffb5e f7787121 00000001 00000003 nt!KiFlushSingleTb+0x3
f7956824 806e6100 f795683c 00000000 0000001c nt!KiIpiServiceRoutine+0x5e
f7956824 80501e37 f795683c 00000000 0000001c hal!HalpIpiHandler+0xb8
f7956c8c 805446e0 0000000a 0000e808 0000001c nt!KiSaveProcessorControlState+0x63
f7956c8c 85fc28b9 0000000a 0000e808 0000001c nt!KiTrap0E+0x238
WARNING: Frame IP not in any known module. Following frames may be wrong.
f7956d74 8053874a 00000001 ffffff01 00000000 0x85fc28b9
f7956dac 805cff64 85bf1120 00000000 00000000 nt!ExpWorkerThread+0xcc
f7956ddc 805460de 8053867e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
nt!KiFlushSingleTb+3
80545c8f c3              ret

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!KiFlushSingleTb+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4802516a

FAILURE_BUCKET_ID:  0x7f_8_nt!KiFlushSingleTb+3

BUCKET_ID:  0x7f_8_nt!KiFlushSingleTb+3

Followup: MachineOwner
---------

我连着debugger给一台电脑跑reboot aging时,在3000次左右时出现bugcheck 7F , Double Fault。

1.我看debugger help 提示可能是kernel stack overflow,我该怎么确定是不是stack overflow呢?

2.如果确定是stack overflow,通常采取什么操作找出问题所在?遇到这种很难复制问题的情况,改怎么办呢?

3.我trace回去,觉得问题出在KeRemoveQueue里。thread显示是system进程的3C号thread出现了异常,我在另外一台电脑上看3C的thread是与NtBuildGUID有关,但不知道这个有问题的机器的3C是不是也与NtBuildGUID有关?

 

 


IP 地址: 已记录   报告
   2009-12-07, 22:18 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: BSOD 7F, 张老师能否进来指点下?
Reply Quote
3000次,感觉差不多是个人电脑可以接受的次数了,你测的是服务器么?测试的目的是什么呢?在复现问题?如果希望我帮忙看下,那么请把dump文件上传一份(请自己找FTP或者服务器)或者email发过来
IP 地址: 已记录   报告
高端调试 » 软件调试 » WinDbg » BSOD 7F, 张老师能否进来指点下?

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.