Bonjour à tous,
J'ai depuis plusieurs mois des blues screen qui apparaissent à tout bout de champ. Cela arrivait moins souvent depuis quelques temps, mais le problème recommence sérieusement (2 à 3 par semaine). J'ai utilisé WinDbg pour analyser les dumps mais l'application en cause est différente sur chaque dump, et je dois avouer que je ne comprends pas grand chose. Est-ce que quelqu'un aurait une idée?
Merci pour votre aide.
Voici 2 analyses de dumps
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini100609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6002.18005.x86fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0x81c08000 PsLoadedModuleList = 0x81d1fc70
Debug session time: Tue Oct 6 18:30:05.547 2009 (GMT+2)
System Uptime: 0 days 0:01:40.577
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 27, {baad0075, a0a50854, a0a50550, 99526cf0}
Probably caused by : hardware ( HTTP!UlFastSendHttpResponse+745 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
exception record and context record. Do a .cxr on the 3rd parameter and then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: baad0075
Arg2: a0a50854
Arg3: a0a50550
Arg4: 99526cf0
Debugging Details:
------------------
EXCEPTION_RECORD: a0a50854 -- (.exr 0xffffffffa0a50854)
ExceptionAddress: 99526cf0 (HTTP!UlFastSendHttpResponse+0x00000745)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: a0a50550 -- (.cxr 0xffffffffa0a50550)
eax=00000000 ebx=874d4bd0 ecx=00000001 edx=00000000 esi=00000200 edi=a12ed568
eip=99526cf0 esp=a0a5091c ebp=a0a50a34 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
HTTP!UlFastSendHttpResponse+0x745:
99526cf0 c4 ???
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x27
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Instruction non autoris e Tentative d'ex cution d'une instruction interdite.
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Instruction non autoris e Tentative d'ex cution d'une instruction interdite.
LAST_CONTROL_TRANSFER: from 813d1390 to 99526cf0
MISALIGNED_IP:
HTTP!UlFastSendHttpResponse+745
99526cf0 c4 ???
STACK_TEXT:
a0a50a34 813d1390 874d4bd0 a0a50ac0 8cf495c2 HTTP!UlFastSendHttpResponse+0x745
a0a50a40 8cf495c2 874d4bd0 2c529c4a 874d4c78 mrxsmb!SmbShellQueryDirectory+0x1e
a0a50ac0 8cf1e75e 874d4bd0 2c55ea98 87399910 csc!CscQueryDirectory+0x3bd
a0a50b0c 8cf1e8f5 874d4bd0 87399910 a5b4f008 rdbss!RxQueryDirectory+0x4fa
a0a50b34 8cefb208 874d4bd0 a5b4f2a8 2c55ea20 rdbss!RxCommonDirectoryControl+0xad
a0a50bb4 8cf11fae 8cf0e240 87399910 87003e48 rdbss!RxFsdCommonDispatch+0x59c
a0a50be4 813e109e 87574020 0c399910 873999ec rdbss!RxFsdDispatch+0x19f
a0a50c00 81c4c976 87574020 01399910 87399a10 mrxsmb!MRxSmbFsdDispatch+0x99
a0a50c18 8835da89 00000103 8794a360 00000000 nt!IofCallDriver+0x63
a0a50c34 8835d172 8794a360 87003e48 87399910 mup!MupiCallUncProvider+0x10d
a0a50c4c 8835dba0 8794a360 00000000 84fed7e0 mup!MupStateMachine+0x9b
a0a50c64 81c4c976 84fed7e0 8794a360 87399910 mup!MupFsdIrpPassThrough+0xcc
a0a50c7c 87e2fba7 84fedab0 87399910 00000000 nt!IofCallDriver+0x63
a0a50ca0 87e2fd64 a0a50cc0 84fedab0 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x251
a0a50cd8 81c4c976 84fedab0 87399910 87399910 fltmgr!FltpDispatch+0xc2
a0a50cf0 81e4e6a1 00000a90 07a8f5d0 81e10cb2 nt!IofCallDriver+0x63
a0a50d10 81e10d0d 84fedab0 87003e48 00000001 nt!IopSynchronousServiceTail+0x1d9
a0a50d30 81c52c7a 00000a90 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
a0a50d30 772b5e74 00000a90 00000000 00000000 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
07a8f830 00000000 00000000 00000000 00000000 0x772b5e74
FOLLOWUP_IP:
HTTP!UlFastSendHttpResponse+745
99526cf0 c4 ???
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: HTTP!UlFastSendHttpResponse+745
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffffffffa0a50550 ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED_HTTP.sys
BUCKET_ID: IP_MISALIGNED_HTTP.sys
Followup: MachineOwner
---------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\Mini072409-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18226.x86fre.vistasp1_gdr.090302-1506
Machine Name:
Kernel base = 0x81c09000 PsLoadedModuleList = 0x81d20c70
Debug session time: Fri Jul 24 16:16:22.818 2009 (GMT+2)
System Uptime: 0 days 0:01:48.989
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {88f31008, 0, 0, 81c47349}
Probably caused by : Unknown_Image ( PAGE_NOT_ZERO )
Followup: MachineOwner
---------
*** Memory manager detected 1 instance(s) of page corruption, target is likely to have memory corruption.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 88f31008, memory referenced
Arg2: 00000000, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 81c47349, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d40868
Unable to read MiSystemVaType memory at 81d20420
88f31008
CURRENT_IRQL: 0
FAULTING_IP:
nt!MiDeleteVirtualAddresses+63e
81c47349 8b0482 mov eax,dword ptr [edx+eax*4]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: ashServ.exe
BAD_PAGES_DETECTED: 1
TRAP_FRAME: 95fd3a4c -- (.trap 0xffffffff95fd3a4c)
ErrCode = 00000000
eax=00800000 ebx=86e898d8 ecx=10000000 edx=86f31008 esi=86f31000 edi=c0038c48
eip=81c47349 esp=95fd3ac0 ebp=95fd3bd8 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!MiDeleteVirtualAddresses+0x63e:
81c47349 8b0482 mov eax,dword ptr [edx+eax*4] ds:0023:88f31008=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81c47349 to 81c63d24
STACK_TEXT:
95fd3a4c 81c47349 badb0d00 86f31008 00000000 nt!KiTrap0E+0x2ac
95fd3bd8 81c9a7cc 064e0002 071d0fff 873bb020 nt!MiDeleteVirtualAddresses+0x63e
95fd3ca8 81c99d65 873bb020 87402768 873c3ac0 nt!MiRemoveMappedView+0x4aa
95fd3cd0 81e2dc79 873c3ac0 00000000 ffffffff nt!MiRemoveVadAndView+0xe3
95fd3d34 81e2ddca 873bb020 064e0000 00000000 nt!MiUnmapViewOfSection+0x265
95fd3d54 81c60a1a ffffffff 064e0000 02b5fd98 nt!NtUnmapViewOfSection+0x55
95fd3d54 779d9a94 ffffffff 064e0000 02b5fd98 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
02b5fd98 00000000 00000000 00000000 00000000 0x779d9a94
STACK_COMMAND: kb
SYMBOL_NAME: PAGE_NOT_ZERO
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: PAGE_NOT_ZERO
Followup: MachineOwner
---------
*** Memory manager detected 1 instance(s) of page corruption, target is likely to have memory corruption.
---------------
--