SlipKo
01-02-2017, 06:10
Добрый день!
Жил был сервак 2 года Uptime и вот два дня назад началось его победоносное падение в BSOD. Грешил на питание, сегодня проанализировал minidump и вот чего там нашел.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800d5b87f0, Terminating object
Arg3: fffffa800d5b8ad0, Process image file name
Arg4: fffff80001dd6b70, Explanatory message (ascii)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
SYSTEM_MANUFACTURER: ASUSTeK COMPUTER INC.
SYSTEM_PRODUCT_NAME: TS300-E8-PS4
SYSTEM_SKU: SKU
SYSTEM_VERSION: Rev 1.xx
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 0904
BIOS_DATE: 04/07/2014
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: P9D-E Series
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 1
BUGCHECK_P1: 3
BUGCHECK_P2: fffffa800d5b87f0
BUGCHECK_P3: fffffa800d5b8ad0
BUGCHECK_P4: fffff80001dd6b70
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
EXCEPTION_CODE: (Win32) 0xebf07f0 (247400432) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0xebf07f0 - <Unable to get error code text>
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 17'00000000 (cache) 17'00000000 (init)
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xF4
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SLIPKO-PC
ANALYSIS_SESSION_TIME: 02-01-2017 08:53:33.0406
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
STACK_TEXT:
fffff880`09f6e9d8 fffff800`01e60852 : 00000000`000000f4 00000000`00000003 fffffa80`0d5b87f0 fffffa80`0d5b8ad0 : nt!KeBugCheckEx
fffff880`09f6e9e0 fffff800`01e1e09b : 00000000`00000001 fffffa80`0ebf07f0 fffffa80`0d5b87f0 fffffa80`0f133201 : nt!PspCatchCriticalBreak+0x92
fffff880`09f6ea20 fffff800`01d87454 : 00000000`00000001 00000000`00000248 fffffa80`0d5b87f0 fffffa80`00000008 : nt! ?? ::NNGAKEGL::`string'+0x27296
fffff880`09f6ea70 fffff800`01acb693 : 00000000`00000248 fffffa80`0ebf07f0 fffffa80`0d5b87f0 00000000`0359dbf0 : nt!NtTerminateProcess+0x284
fffff880`09f6eae0 00000000`7706bffa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0010eba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7706bffa
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: e9460336222f4471d8ae88a3d24ad7df3aff8ef1
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 78fb9c444b7807cd1bd5e414e2ce7cd6e803d8b6
THREAD_SHA1_HASH_MOD: f08ac56120cad14894587db086f77ce277bfae84
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
BUCKET_ID: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
PRIMARY_PROBLEM_CLASS: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
TARGET_TIME: 2017-01-31T05:04:00.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-10-11 21:57:55
BUILDDATESTAMP_STR: 161011-0600
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23572.amd64fre.win7sp1_ldr.161011-0600
ANALYSIS_SESSION_ELAPSED_TIME: 6c3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xf4_csrss.exe_bugcheck_critical_process_terminated_by_taskmgr.exe_ebf07f0
FAILURE_ID_HASH: {c6c94e02-4c17-7657-084c-6d70a55b80b8}
Followup: MachineOwner
---------
В чем проблема? На вирусы проверил ничего не нашел. Падает раз в 4 часа. Винты живые, память тоже. Зачем taskmgr.exe убивает csrss.exe?
Жил был сервак 2 года Uptime и вот два дня назад началось его победоносное падение в BSOD. Грешил на питание, сегодня проанализировал minidump и вот чего там нашел.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800d5b87f0, Terminating object
Arg3: fffffa800d5b8ad0, Process image file name
Arg4: fffff80001dd6b70, Explanatory message (ascii)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
SYSTEM_MANUFACTURER: ASUSTeK COMPUTER INC.
SYSTEM_PRODUCT_NAME: TS300-E8-PS4
SYSTEM_SKU: SKU
SYSTEM_VERSION: Rev 1.xx
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 0904
BIOS_DATE: 04/07/2014
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: P9D-E Series
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 1
BUGCHECK_P1: 3
BUGCHECK_P2: fffffa800d5b87f0
BUGCHECK_P3: fffffa800d5b8ad0
BUGCHECK_P4: fffff80001dd6b70
PROCESS_NAME: csrss.exe
CRITICAL_PROCESS: csrss.exe
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
EXCEPTION_CODE: (Win32) 0xebf07f0 (247400432) - <Unable to get error code text>
ERROR_CODE: (NTSTATUS) 0xebf07f0 - <Unable to get error code text>
CPU_COUNT: 4
CPU_MHZ: c15
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 17'00000000 (cache) 17'00000000 (init)
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xF4
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SLIPKO-PC
ANALYSIS_SESSION_TIME: 02-01-2017 08:53:33.0406
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
STACK_TEXT:
fffff880`09f6e9d8 fffff800`01e60852 : 00000000`000000f4 00000000`00000003 fffffa80`0d5b87f0 fffffa80`0d5b8ad0 : nt!KeBugCheckEx
fffff880`09f6e9e0 fffff800`01e1e09b : 00000000`00000001 fffffa80`0ebf07f0 fffffa80`0d5b87f0 fffffa80`0f133201 : nt!PspCatchCriticalBreak+0x92
fffff880`09f6ea20 fffff800`01d87454 : 00000000`00000001 00000000`00000248 fffffa80`0d5b87f0 fffffa80`00000008 : nt! ?? ::NNGAKEGL::`string'+0x27296
fffff880`09f6ea70 fffff800`01acb693 : 00000000`00000248 fffffa80`0ebf07f0 fffffa80`0d5b87f0 00000000`0359dbf0 : nt!NtTerminateProcess+0x284
fffff880`09f6eae0 00000000`7706bffa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0010eba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7706bffa
STACK_COMMAND: kb
THREAD_SHA1_HASH_MOD_FUNC: e9460336222f4471d8ae88a3d24ad7df3aff8ef1
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 78fb9c444b7807cd1bd5e414e2ce7cd6e803d8b6
THREAD_SHA1_HASH_MOD: f08ac56120cad14894587db086f77ce277bfae84
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
BUCKET_ID: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
PRIMARY_PROBLEM_CLASS: X64_0xF4_csrss.exe_BUGCHECK_CRITICAL_PROCESS_TERMINATED_BY_taskmgr.exe_ebf07f0
TARGET_TIME: 2017-01-31T05:04:00.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 16
PRODUCT_TYPE: 3
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-10-11 21:57:55
BUILDDATESTAMP_STR: 161011-0600
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23572.amd64fre.win7sp1_ldr.161011-0600
ANALYSIS_SESSION_ELAPSED_TIME: 6c3
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0xf4_csrss.exe_bugcheck_critical_process_terminated_by_taskmgr.exe_ebf07f0
FAILURE_ID_HASH: {c6c94e02-4c17-7657-084c-6d70a55b80b8}
Followup: MachineOwner
---------
В чем проблема? На вирусы проверил ничего не нашел. Падает раз в 4 часа. Винты живые, память тоже. Зачем taskmgr.exe убивает csrss.exe?