1. 首頁
  2. 問答
  3. 應用程序可能導致BSOD?如何找出原因?

應用程序可能導致BSOD?如何找出原因?

2013-05-31 105 views
0

One liner:BugCheck 50,{fffff8800ca0ec04,0,fffff88005e18c6a,2}; PAGE_FAULT_IN_NONPAGED_AREA; mqac.sys;應用程序可能導致BSOD?如何找出原因?

這個問題是某種可重現的:在過去的幾個月裏,在3個不同的機器上(具有相同的硬件和驅動程序,幾乎相同的軟件,沒有反病毒軟件)發生了幾次。

我們從三臺機器獲得了三個MEMORY.DMP文件,幾乎具有相同的調用堆棧。

將啓用WER對疑似應用程序的幫助? - 它會在崩潰之前生成用戶模式轉儲,並提供更多信息。 (或上下文)?

===== 8 < =====下面:信息。使用WinGDB從MEMORY.DMP ===== 8 < =====

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 
Copyright (c) Microsoft Corporation. All rights reserved. 

Loading Dump File [C:\xxx\MEMORY.DMP] 
Kernel Summary Dump File: Only kernel address space is available 

Symbol search path is: SRV*C:\symcache*http://msdl.microsoft.com/download/symbols 
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 
Product: LanManNt, suite: TerminalServer SingleUserTS 
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850 
Machine Name: 
Kernel base = 0xfffff800`02213000 PsLoadedModuleList = 0xfffff800`02458e90 
Debug session time: Tue May 21 05:05:16.331 2013 (UTC + 8:00) 
System Uptime: 39 days 10:02:15.142 
Loading Kernel Symbols 
............................................................... 
................................................................ 
................ 
Loading User Symbols 
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details 
Loading unloaded module list 
............. 
******************************************************************************* 
*                    * 
*      Bugcheck Analysis         * 
*                    * 
******************************************************************************* 

Use !analyze -v to get detailed debugging information. 

BugCheck 50, {fffff8800ca0ec04, 0, fffff88005e18c6a, 2} 

Probably caused by : mqac.sys (mqac!CPacket::ProcessRRRequest+10a) 

Followup: MachineOwner 
--------- 

4: kd> !analyze -v 
******************************************************************************* 
*                    * 
*      Bugcheck Analysis         * 
*                    * 
******************************************************************************* 

PAGE_FAULT_IN_NONPAGED_AREA (50) 
Invalid system memory was referenced. This cannot be protected by try-except, 
it must be protected by a Probe. Typically the address is just plain bad or it 
is pointing at freed memory. 
Arguments: 
Arg1: fffff8800ca0ec04, memory referenced. 
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. 
Arg3: fffff88005e18c6a, If non-zero, the instruction address which referenced the bad memory address. 
Arg4: 0000000000000002, (reserved) 

Debugging Details: 
------------------ 

READ_ADDRESS: fffff8800ca0ec04 

FAULTING_IP: 
mqac!CPacket::ProcessRRRequest+10a 
fffff880`05e18c6a 4d8b642404  mov  r12,qword ptr [r12+4] 

MM_INTERNAL_CODE: 2 

IMAGE_NAME: mqac.sys 

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd0a5 

MODULE_NAME: mqac 

FAULTING_MODULE: fffff88005e00000 mqac 

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT 

BUGCHECK_STR: 0x50 

PROCESS_NAME: AnExe.exe 

CURRENT_IRQL: 0 

TRAP_FRAME: fffff8800bb00d10 -- (.trap 0xfffff8800bb00d10) 
NOTE: The trap frame does not contain all registers. 
Some register values may be zeroed or incorrect. 
rax=fffff8a009a08948 rbx=0000000000000000 rcx=fffff8a001e047b1 
rdx=fffff8a008cf2621 rsi=0000000000000000 rdi=0000000000000000 
rip=fffff88005e18c6a rsp=fffff8800bb00ea0 rbp=fffff88005e2d110 
r8=fffff8a008cf2620 r9=0000000000000080 r10=fffff880021408a0 
r11=fffff8a001e047b0 r12=0000000000000000 r13=0000000000000000 
r14=0000000000000000 r15=0000000000000000 
iopl=0   nv up ei ng nz na po nc 
mqac!CPacket::ProcessRRRequest+0x10a: 
fffff880`05e18c6a 4d8b642404  mov  r12,qword ptr [r12+4] ds:4a00:0004=???????????????? 
Resetting default scope 

LAST_CONTROL_TRANSFER: from fffff8000223dca0 to fffff80002293640 

STACK_TEXT: 
fffff880`0bb00ba8 fffff800`0223dca0 : 00000000`00000050 fffff880`0ca0ec04 00000000`00000000 fffff880`0bb00d10 : nt!KeBugCheckEx 
fffff880`0bb00bb0 fffff800`0229176e : 00000000`00000000 fffff880`0ca0ec04 00000000`00000000 fffff8a0`0935da10 : nt! ?? ::FNODOBFM::`string'+0x448c6 
fffff880`0bb00d10 fffff880`05e18c6a : fffff8a0`0935da10 fffff880`0000ec00 fffff8a0`01730900 fffff8a0`03dfc730 : nt!KiPageFault+0x16e 
fffff880`0bb00ea0 fffff880`05e18b49 : fffffa80`0e949950 00000000`00000000 fffffa80`0d1e2530 fffff8a0`09a08900 : mqac!CPacket::ProcessRRRequest+0x10a 
fffff880`0bb00ee0 fffff880`05e1f6de : fffffa80`0e949950 fffffa80`0d1e2530 fffffa80`06520000 00000000`00000000 : mqac!CPacket::ProcessRequest+0x141 
fffff880`0bb00f20 fffff880`05e1f25a : 00000000`00000000 fffffa80`0dc84a00 00000000`00000000 fffffa80`0dc84a00 : mqac!CQueue::PutPacket+0x442 
fffff880`0bb01080 fffff880`05e1ee4b : 00000000`00000103 fffffa80`0dc84a00 00000000`00000000 fffffa80`0dc84a00 : mqac!CQueue::HandleCreatePacketCompletedSuccessAsync+0xf2 
fffff880`0bb010c0 fffff880`05e06e26 : 00000000`00000000 fffff880`0bb01ca0 fffffa80`0d1e2530 00000000`00000000 : mqac!CQueue::PutNewPacket+0xa3 
fffff880`0bb01100 fffff880`05e06f59 : 00000000`00000000 00000000`06b6ed58 00000000`00000000 fffffa80`0fcfc950 : mqac!ACFreePacket1+0xdaa 
fffff880`0bb01590 fffff880`05e0cdf6 : fffffa80`0cecb610 00000000`00000000 fffff8a0`04364ce0 fffff800`025a0288 : mqac!ACFreePacket1+0xedd 
fffff880`0bb01970 fffff800`025adf97 : fffffa80`0cecb3d0 fffffa80`0dc84a00 fffffa80`00000011 00000000`00000000 : mqac!ACDeviceControl+0x131a 
fffff880`0bb01a10 fffff800`025ae7f6 : fffffa80`0d910060 00000000`00000be5 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607 
fffff880`0bb01b40 fffff800`022928d3 : fffffa80`0d910060 00000000`00000001 fffffa80`0ed26060 fffff800`0258aa34 : nt!NtDeviceIoControlFile+0x56 
fffff880`0bb01bb0 00000000`75692e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 
00000000`0526f078 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75692e09 


STACK_COMMAND: kb 

FOLLOWUP_IP: 
mqac!CPacket::ProcessRRRequest+10a 
fffff880`05e18c6a 4d8b642404  mov  r12,qword ptr [r12+4] 

SYMBOL_STACK_INDEX: 3 

SYMBOL_NAME: mqac!CPacket::ProcessRRRequest+10a 

FOLLOWUP_NAME: MachineOwner 

FAILURE_BUCKET_ID: X64_0x50_mqac!CPacket::ProcessRRRequest+10a 

BUCKET_ID: X64_0x50_mqac!CPacket::ProcessRRRequest+10a 

Followup: MachineOwner 
---------

來源

2013-05-31 Andrew Xiang

+0

有線卡或閉路電視涉及? – JustinC

+0

我想不是,但稍後會仔細檢查。您是否遇到與特定硬件(有線卡或CCTV)類似的問題,以及型號/品牌? –

+0

這個問題可能不太適合,並且可能會因爲脫離主題而被關閉,但我確實想給你一些可能的工作。 mqac.sys = Microsoft消息隊列; EMMPlayout.exe =沒有任何權威性,但EMM的首字母縮略詞並不常見,並且似乎指向稱爲授權管理消息(EMM)的東西,該授權管理消息用於視頻訂閱系統中的條件訪問。 EMM過程取決於消息隊列,這就是MSMQ/mqac.sys可能涉及的原因。有幾篇論文討論這些概念以及它們如何應用於有線電視。 – JustinC

回答

0

這不是一個真正的答案,只是最終地位的提取。

這是一種MS錯誤:我們與MS升級工程師和開發團隊合作了大約半年,部署了幾個補丁來收集信息,但沒有找到根本原因。

從Windows 2008升級到2012之後,這個問題再也沒有發生過。那時我們停止了進一步調查

並非所有Win2008部署都有此問題。 但是,今天,另一個Win2008部署確實再次出現了這個問題...

來源

2015-05-13 09:30:57

相關問題

 相關問題