Windows蓝屏PAGE_FAULT_IN_NONPAGED_AREA

显示全部楼层 · 发表于 2015-10-29 23:51:32

本帖最后由注册个用户名于 2015-11-4 16:25 编辑

windows server 2012 r2，锁屏状态下，插入优盘，立刻蓝屏了PAGE_FAULT_IN_NONPAGED_AREA

显示全部楼层 · 发表于 2015-10-31 08:54:53

蓝屏页面有写出是什么导致蓝屏吗

显示全部楼层 · 发表于 2015-11-1 15:24:20

扬帆起航发表于 2015-10-31 08:54
蓝屏页面有写出是什么导致蓝屏吗

PAGE_FAULT_IN_NONPAGED_AREA（rxfcv.sys）

显示全部楼层 · 发表于 2015-11-1 17:04:33

注册个用户名发表于 2015-11-1 15:24
PAGE_FAULT_IN_NONPAGED_AREA（rxfcv.sys）

windbg分析结果

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\360安全浏览器下载\1029\102915-59296-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 9600 MP (4 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 9600.18066.amd64fre.winblue_ltsb.150928-1002
Machine Name:
Kernel base = 0xfffff801`2a207000 PsLoadedModuleList = 0xfffff801`2a4dc630
Debug session time: Thu Oct 29 23:17:31.903 2015 (UTC + 8:00)
System Uptime: 5 days 20:12:05.409
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffe001432a49a0, 1, fffff800849c018e, 0}

Could not read faulting driver name
Unable to load image \SystemRoot\system32\DRIVERS\rxfcv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rxfcv.sys
*** ERROR: Module load completed but symbols could not be loaded for rxfcv.sys
Probably caused by : rxfcv.sys ( rxfcv+2318e )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                            *
*                      Bugcheck Analysis                                  *
*                                                                            *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffe001432a49a0, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff800849c018e, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

Could not read faulting driver name

WRITE_ADDRESS: fffff8012a4ca040: Unable to get special pool info
fffff8012a4ca040: Unable to get special pool info
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffe001432a49a0

FAULTING_IP:
rxfcv+2318e
fffff800`849c018e 498933       mov    qword ptr [r11],rsi

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  1

TRAP_FRAME:  ffffd000207fb4d0 -- (.trap 0xffffd000207fb4d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff800849be348 rbx=0000000000000000 rcx=fffff800849be358
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800849c018e rsp=ffffd000207fb660 rbp=0000000000000003
r8=0000000000000000  r9=0000000000000000 r10=ffffe0013e7857a8
r11=ffffe001432a49a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0       nv up ei ng nz na po nc
rxfcv+0x2318e:
fffff800`849c018e 498933       mov    qword ptr [r11],rsi ds:ffffe001`432a49a0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8012a36ab2a to fffff8012a3568a0

STACK_TEXT:
ffffd000`207fb268 fffff801`2a36ab2a : 00000000`00000050 ffffe001`432a49a0 00000000`00000001 ffffd000`207fb4d0 : nt!KeBugCheckEx
ffffd000`207fb270 fffff801`2a25a4c9 : 00000000`00000001 ffffe001`384a1040 ffffd000`207fb4d0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x3d6a
ffffd000`207fb310 fffff801`2a360b2f : 00000000`00000001 ffffe001`3e9bc060 ffffe001`3e785600 ffffd000`207fb5e0 : nt!MmAccessFault+0x769
ffffd000`207fb4d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x12f

STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
rxfcv+2318e
fffff800`849c018e 498933       mov    qword ptr [r11],rsi

SYMBOL_NAME:  rxfcv+2318e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rxfcv

IMAGE_NAME:  rxfcv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  558104c3

FAILURE_BUCKET_ID:  X64_0x50_rxfcv+2318e

BUCKET_ID:  X64_0x50_rxfcv+2318e

Followup: MachineOwner
---------

1: kd> .trap 0xffffd000207fb4d0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff800849be348 rbx=0000000000000000 rcx=fffff800849be358
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800849c018e rsp=ffffd000207fb660 rbp=0000000000000003
r8=0000000000000000  r9=0000000000000000 r10=ffffe0013e7857a8
r11=ffffe001432a49a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0       nv up ei ng nz na po nc
rxfcv+0x2318e:
fffff800`849c018e 498933       mov    qword ptr [r11],rsi ds:ffffe001`432a49a0=????????????????
1: kd> lmvm rxfcv
start          end                module name
fffff800`8499d000 fffff800`849c9000 rxfcv T (no symbols)
Loaded symbol image file: rxfcv.sys
Image path: \SystemRoot\system32\DRIVERS\rxfcv.sys
Image name: rxfcv.sys
Timestamp:       Wed Jun 17 13:25:23 2015 (558104C3)
CheckSum:       00033ABB
ImageSize:       0002C000
Translations:    0000.04b0 0000.04e4 0409.04b0 0409.04e4

rxfcv.sys是FancyCache For Volume 的驱动.

好像是一个硬盘加速器?

显示全部楼层 · 发表于 2015-11-2 10:56:02

扬帆起航发表于 2015-11-1 17:04
windbg分析结果

yes, 它是硬盘加速器

把它卸载就好了吗？

显示全部楼层 · 发表于 2015-11-2 12:00:51

注册个用户名发表于 2015-11-2 10:56
yes, 它是硬盘加速器

把它卸载就好了吗？

是的，它的驱动可能与系统的驱动有冲突

显示全部楼层 · 发表于 2015-11-2 16:33:43

提示: 该帖被管理员或版主屏蔽

显示全部楼层 · 发表于 2015-11-2 18:04:30

注册个用户名发表于 2015-11-2 16:33

请将帖子修改为已解决，方便锁帖

注册个用户名头像被屏蔽	楼主\| 发表于 2015-11-2 16:33:43 \| 显示全部楼层提示: 该帖被管理员或版主屏蔽
注册个用户名头像被屏蔽
	回复举报

[已解决] Windows蓝屏PAGE_FAULT_IN_NONPAGED_AREA

评分