Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on 2012 server


  • Please log in to reply
2 replies to this topic

#1 vintage_car

vintage_car

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 26 April 2017 - 12:57 PM

rebooting server works for awhile, but then server locks up. below is what I get from dump file- I have no idea what is causing it and any help would surely be appreciated. 

 

 
 
Could not read faulting driver name
 
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8039b575138
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 ffffe80026708000 
 
FAULTING_IP: 
srv!SrvOs2FeaToNt+48
fffff801`c0452c20 c60300          mov     byte ptr [rbx],0
 
MM_INTERNAL_CODE:  0
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER
 
BUGCHECK_STR:  AV
 
PROCESS_NAME:  System
 
CURRENT_IRQL:  0
 
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
 
TRAP_FRAME:  ffffd00130f3f700 -- (.trap 0xffffd00130f3f700)
.trap 0xffffd00130f3f700
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe80026708000
rdx=ffffc0018330c09a rsi=0000000000000000 rdi=0000000000000000
rip=fffff801c0452c20 rsp=ffffd00130f3f890 rbp=ffffc0018330c095
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000200
r11=ffffe80026708000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
srv!SrvOs2FeaToNt+0x48:
fffff801`c0452c20 c60300          mov     byte ptr [rbx],0 ds:00000000`00000000=??
.trap
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from fffff8039b37be8c to fffff8039b3673a0
 
STACK_TEXT:  
ffffd001`30f3f498 fffff803`9b37be8c : 00000000`00000050 ffffe800`26708000 00000000`00000001 ffffd001`30f3f700 : nt!KeBugCheckEx
ffffd001`30f3f4a0 fffff803`9b268d79 : 00000000`00000001 ffffe000`46e1f900 ffffd001`30f3f700 fffff803`9b2fff82 : nt! ?? ::FNODOBFM::`string'+0x45cc
ffffd001`30f3f540 fffff803`9b37162f : 00000000`00000001 ffffe800`26708000 00000000`00000200 fffff803`9b4b74d3 : nt!MmAccessFault+0x769
ffffd001`30f3f700 fffff801`c0452c20 : 00000000`00000000 63495744`6e2f6b46 ffffd001`30f3f9b8 ffffd001`30f3f9b0 : nt!KiPageFault+0x12f
ffffd001`30f3f890 fffff801`c0452b65 : ffffc001`8330c095 ffffe800`26707ff8 00000000`00000010 ffffc001`8330c138 : srv!SrvOs2FeaToNt+0x48
ffffd001`30f3f8c0 fffff801`c047403b : ffffe800`1e083240 00000000`00000000 ffffc001`832fc010 00000000`0000001c : srv!SrvOs2FeaListToNt+0x125
ffffd001`30f3f910 fffff801`c047d25a : 00000000`00000000 fffff801`00010fe8 ffffe800`266f7010 ffffe800`1e083240 : srv!SrvSmbOpen2+0xc3
ffffd001`30f3f9b0 fffff801`c04804ce : ffffe800`1df93db0 ffffe800`1e083240 ffffc001`832fc010 00000000`00000002 : srv!ExecuteTransaction+0x2ca
ffffd001`30f3f9f0 fffff801`c040d7bf : fffff801`00000000 00000000`00000000 ffffe800`00000035 00000000`0000f3d0 : srv!SrvSmbTransactionSecondary+0x40b
ffffd001`30f3fa90 fffff801`c040d990 : ffffe800`1e083240 ffffe800`1df6f068 ffffe800`1e083cb0 fffff801`c041b010 : srv!SrvProcessSmb+0x237
ffffd001`30f3fb10 fffff801`c0447035 : ffffe800`1df6f020 ffffe800`1e083240 00000000`00000000 ffffe800`1e083250 : srv!SrvRestartReceive+0x114
ffffd001`30f3fb50 fffff803`9b7247ee : 00000000`00000000 ffffc001`82614320 ffffe800`1df6f020 00000000`00000080 : srv!WorkerThread+0xffffffff`ffffbda5
ffffd001`30f3fbd0 fffff803`9b249f34 : ffffe800`25bd1440 ffffe800`25bd1440 00000045`00000000 00000000`00000000 : nt!IopThreadStart+0x26
ffffd001`30f3fc00 fffff803`9b36d9c6 : ffffd001`24f80180 ffffe800`25bd1440 ffffd001`24f8fdc0 fffff803`9b2688e7 : nt!PspSystemThreadStartup+0x58
ffffd001`30f3fc60 00000000`00000000 : ffffd001`30f40000 ffffd001`30f3a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
srv!SrvOs2FeaToNt+48
fffff801`c0452c20 c60300          mov     byte ptr [rbx],0
 
SYMBOL_STACK_INDEX:  4
 
SYMBOL_NAME:  srv!SrvOs2FeaToNt+48
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: srv
 
IMAGE_NAME:  srv.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  57a34e80
 
IMAGE_VERSION:  6.3.9600.18432
 
BUCKET_ID_FUNC_OFFSET:  48
 
FAILURE_BUCKET_ID:  AV_srv!SrvOs2FeaToNt
 
BUCKET_ID:  AV_srv!SrvOs2FeaToNt
 
ANALYSIS_SOURCE:  KM
 
FAILURE_ID_HASH_STRING:  km:av_srv!srvos2featont
 
FAILURE_ID_HASH:  {d5f1a37d-2c94-f55b-5042-7a5dbaa092e1}
 
Followup: MachineOwner
---------
 
rax=0000000000000000 rbx=006a006200000000 rcx=0000000000000050
rdx=ffffe80026708000 rsi=ffffd00130f3f6a8 rdi=ffffd00130f3f711
rip=fffff8039b3673a0 rsp=ffffd00130f3f498 rbp=0000000000000000
 r8=0000000000000001  r9=ffffd00130f3f700 r10=0000000000000000
r11=ffffd00130f3f700 r12=0000000000000000 r13=fffff8039b56dec0
r14=fffff8039b56ded0 r15=ffffe80026708000
iopl=0         nv up ei ng nz ac po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000297
nt!KeBugCheckEx:
fffff803`9b3673a0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffd001`30f3f4a0=0000000000000050
Child-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd001`30f3f498 fffff803`9b37be8c : 00000000`00000050 ffffe800`26708000 00000000`00000001 ffffd001`30f3f700 : nt!KeBugCheckEx
ffffd001`30f3f4a0 fffff803`9b268d79 : 00000000`00000001 ffffe000`46e1f900 ffffd001`30f3f700 fffff803`9b2fff82 : nt! ?? ::FNODOBFM::`string'+0x45cc
ffffd001`30f3f540 fffff803`9b37162f : 00000000`00000001 ffffe800`26708000 00000000`00000200 fffff803`9b4b74d3 : nt!MmAccessFault+0x769
ffffd001`30f3f700 fffff801`c0452c20 : 00000000`00000000 63495744`6e2f6b46 ffffd001`30f3f9b8 ffffd001`30f3f9b0 : nt!KiPageFault+0x12f (TrapFrame @ ffffd001`30f3f700)
ffffd001`30f3f890 fffff801`c0452b65 : ffffc001`8330c095 ffffe800`26707ff8 00000000`00000010 ffffc001`8330c138 : srv!SrvOs2FeaToNt+0x48
ffffd001`30f3f8c0 fffff801`c047403b : ffffe800`1e083240 00000000`00000000 ffffc001`832fc010 00000000`0000001c : srv!SrvOs2FeaListToNt+0x125
ffffd001`30f3f910 fffff801`c047d25a : 00000000`00000000 fffff801`00010fe8 ffffe800`266f7010 ffffe800`1e083240 : srv!SrvSmbOpen2+0xc3
ffffd001`30f3f9b0 fffff801`c04804ce : ffffe800`1df93db0 ffffe800`1e083240 ffffc001`832fc010 00000000`00000002 : srv!ExecuteTransaction+0x2ca
ffffd001`30f3f9f0 fffff801`c040d7bf : fffff801`00000000 00000000`00000000 ffffe800`00000035 00000000`0000f3d0 : srv!SrvSmbTransactionSecondary+0x40b
ffffd001`30f3fa90 fffff801`c040d990 : ffffe800`1e083240 ffffe800`1df6f068 ffffe800`1e083cb0 fffff801`c041b010 : srv!SrvProcessSmb+0x237
ffffd001`30f3fb10 fffff801`c0447035 : ffffe800`1df6f020 ffffe800`1e083240 00000000`00000000 ffffe800`1e083250 : srv!SrvRestartReceive+0x114
ffffd001`30f3fb50 fffff803`9b7247ee : 00000000`00000000 ffffc001`82614320 ffffe800`1df6f020 00000000`00000080 : srv!WorkerThread+0xffffffff`ffffbda5
ffffd001`30f3fbd0 fffff803`9b249f34 : ffffe800`25bd1440 ffffe800`25bd1440 00000045`00000000 00000000`00000000 : nt!IopThreadStart+0x26
ffffd001`30f3fc00 fffff803`9b36d9c6 : ffffd001`24f80180 ffffe800`25bd1440 ffffd001`24f8fdc0 fffff803`9b2688e7 : nt!PspSystemThreadStartup+0x58
ffffd001`30f3fc60 00000000`00000000 : ffffd001`30f40000 ffffd001`30f3a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
 

Edited by vintage_car, 26 April 2017 - 01:09 PM.


BC AdBot (Login to Remove)

 


#2 SQx

SQx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 27 April 2017 - 12:45 AM

Hi,

maybe  NSA Eternalblue SMB bug

you can reference  NSA Eternalblue SMB vulnerability analysis-vulnerability warning-the black bar safety net

and MS notice



#3 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,027 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:12:32 PM

Posted 27 April 2017 - 04:46 PM

Greetings, and :welcome: to BleepingComputer's Windows Crashes, BSOD, and Hangs Help and Support forum!

Please follow these BSOD posting instructions and attach the requested files by replying to this topic.

Thank you.

Regards,
bwv848

Useful information!
Please only use the ZIP compression format, do not use 7z, RAR, etc.!!!


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users