码迷,mamicode.com
首页 > 其他好文 > 详细

iis频繁奔溃,求大神帮忙分析dump

时间:2018-09-19 14:48:58      阅读:447      评论:0      收藏:0      [点我收藏+]

标签:and   window   number   exec   png   fse   symbol   技术分享   glob   

直接上图了

技术分享图片

 

技术分享图片

 

 技术分享图片

上图三个错误最近频繁出现,出现一次iis就奔溃一次,抓取的dump分析后如下:

Couldnt resolve error at ls0:100> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
rax=736f686c61636f6c rbx=000001ac72f5c580 rcx=000001ac72f5c580
rdx=736f686c61636f6c rsi=0000000000000000 rdi=0000000020000000
rip=00007ffd0e0d1744 rsp=0000005a9667d6a0 rbp=000001ac72f5c580
 r8=000001ac72f5c580  r9=000001ac6666cd50 r10=00000fffa0b9f15a
r11=5555555515555555 r12=000001a7513e5ab0 r13=000001ac72f5c580
r14=0000000000000000 r15=000001ac6666cd50
iopl=0         nv up ei pl zr na po cy
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010247
loghttp!RequestDoWork+0x84:
00007ffd`0e0d1744 488b08          mov     rcx,qword ptr [rax] ds:736f686c`61636f6c=????????????????
Resetting default scope

FAULTING_IP: 
loghttp!RequestDoWork+84
00007ffd`0e0d1744 488b08          mov     rcx,qword ptr [rax]

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffd0e0d1744 (loghttp!RequestDoWork+0x0000000000000084)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

PROCESS_NAME:  w3wp.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

FOLLOWUP_IP: 
loghttp!RequestDoWork+84
00007ffd`0e0d1744 488b08          mov     rcx,qword ptr [rax]

READ_ADDRESS:  ffffffffffffffff 

WATSON_BKT_PROCSTAMP:  57899b8a

WATSON_BKT_PROCVER:  10.0.14393.0

PROCESS_VER_PRODUCT:  Internet Information Services

WATSON_BKT_MODULE:  loghttp.dll

WATSON_BKT_MODSTAMP:  57899b80

WATSON_BKT_MODOFFSET:  1744

WATSON_BKT_MODVER:  10.0.14393.0

MODULE_VER_PRODUCT:  Internet Information Services

BUILD_VERSION_STRING:  10.0.14393.2214 (rs1_release_1.180402-1758)

MODLIST_WITH_TSCHKSUM_HASH:  a0ec544a1ec8d5dfa0a915fcd0de4fe39c075455

MODLIST_SHA1_HASH:  8789da5e655c37daf1ea0c1b0559023ff06eb1fc

NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  3

SUITE_MASK:  400

DUMP_FLAGS:  8000c07

DUMP_TYPE:  3

MISSING_CLR_SYMBOL: 0

ANALYSIS_SESSION_HOST:  DESKTOP-UO1I8RL

ANALYSIS_SESSION_TIME:  09-19-2018 13:47:13.0800

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

MANAGED_CODE: 1

MANAGED_ENGINE_MODULE:  clr

MANAGED_ANALYSIS_PROVIDER:  SOS

MANAGED_THREAD_ID: f94

THREAD_ATTRIBUTES: 
ADDITIONAL_DEBUG_TEXT:  SOS.DLL is not loaded for managed code. Analysis might be incomplete

OS_LOCALE:  CHS

PROBLEM_CLASSES: 

    ID:     [0n292]
    Type:   [@ACCESS_VIOLATION]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Omit
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0xf94]
    Frame:  [0] : loghttp!RequestDoWork

    ID:     [0n264]
    Type:   [INVALID_POINTER_READ]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0xf94]
    Frame:  [0] : loghttp!RequestDoWork

    ID:     [0n234]
    Type:   [NOSOS]
    Class:  Addendum
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [Unspecified]
    Frame:  [0]

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_NOSOS

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ_NOSOS

PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

LAST_CONTROL_TRANSFER:  from 00007ffd0e0d16ad to 00007ffd0e0d1744

STACK_TEXT:  
0000005a`9667d6a0 00007ffd`0e0d16ad : 000001ac`72f5c580 00000000`00000001 00000000`00000000 00000000`00000000 : loghttp!RequestDoWork+0x84
0000005a`9667d8a0 00007ffd`05ced3d9 : 00000000`00000000 00000000`00000000 000001ac`72f5c580 000001ac`6666ccc8 : loghttp!CIISHttpModule::OnSendResponse+0x1d
0000005a`9667d8e0 00007ffd`05cecd7c : 000001ac`6666ccc8 0000005a`9667d9f1 00000000`00000001 000001ac`6666cd50 : iiscore!NOTIFICATION_CONTEXT::RequestDoWork+0xb9
0000005a`9667d930 00007ffd`05cecbc6 : 000001a7`51ac36b0 00000000`00000000 000001ac`6666ccc8 00000000`00000000 : iiscore!NOTIFICATION_CONTEXT::CallModulesInternal+0x19c
0000005a`9667da40 00007ffd`05cf1147 : 0000005a`9667dac0 00000100`00000000 000001ac`72f5c580 00007ffc`c2fbaef6 : iiscore!NOTIFICATION_CONTEXT::CallModules+0x36
0000005a`9667daa0 00007ffd`05cefd4c : 00000000`00000000 00007ffd`05cf15e0 00000000`80004005 00000000`00000000 : iiscore!NOTIFICATION_SEND_RESPONSE::DoWork+0x87
0000005a`9667db20 00007ffd`05cedca2 : 000001aa`00000000 00000000`00000001 00000000`00000000 000001ac`72f5c580 : iiscore!W3_RESPONSE::Flush+0x39c
0000005a`9667dbb0 00007ffd`05ce7956 : 00007ffd`05ce7880 000001a9`9346f610 000001ac`6666bc08 000001a7`51ac36b0 : iiscore!NOTIFICATION_MAIN::DoWork+0x272
0000005a`9667ded0 00007ffd`1fcdfb01 : 000001ac`72f5c580 00007ffd`05ce7880 0000005a`9667e060 00007ffd`22574cd5 : iiscore!W3_CONTEXT_BASE::IndicateCompletion+0xd6
0000005a`9667df50 00007ffd`1fce25e2 : 0000005a`9667e1b0 0000005a`9667e1b0 0000005a`9667e178 00007ffc`c5413be5 : webengine4!W3_MGD_HANDLER::IndicateCompletion+0x5d
0000005a`9667df80 00007ffc`c542240e : 000001a9`9346e970 0000005a`9667e050 0000005a`9667dfa0 00006dc0`f7918fa1 : webengine4!MgdIndicateCompletion+0x22
0000005a`9667dfb0 00007ffc`c5411a14 : 000001aa`1208fc40 000001a9`9346e698 0000005a`9667e180 0000005a`9667e138 : 0x00007ffc`c542240e
0000005a`9667e070 00007ffc`c54107f3 : ffffffff`fffffffe 000001ac`6666b7f0 ffffffff`fffffffe 00000000`00000000 : 0x00007ffc`c5411a14
0000005a`9667e210 00007ffc`c540f5e2 : 00000000`00000000 000001ac`66364ee0 ffffffff`fffffffe 0000005a`00000000 : 0x00007ffc`c54107f3
0000005a`9667e250 00007ffd`22572473 : ffffffff`ffffffff 00007ffd`00000001 000001a7`51949801 00007ffd`2257a528 : 0x00007ffc`c540f5e2
0000005a`9667e2c0 00007ffd`2263cfba : 00460054`0045004e 00007ffd`22575b35 ffffffff`fffffffe 00007ffd`2257a270 : clr!UM2MThunk_WrapperHelper+0x43
0000005a`9667e300 00007ffd`2257a9c8 : 0000005a`9667e428 00000000`00000000 000001ac`66364ee0 00007ffd`225766af : clr!UM2MThunk_Wrapper+0x60
0000005a`9667e350 00007ffd`2263d065 : 0000005a`9667e501 0000005a`00000002 0000373d`d1759c7a 0000005a`9667e560 : clr!Thread::DoADCallBack+0x13d
0000005a`9667e510 00007ffd`2257241d : 000001ac`6007b8a0 ffffffff`ffffffff 00000000`00000002 00000000`00000000 : clr!UM2MDoADCallBack+0xb3
0000005a`9667e590 00007ffd`1fc8184f : 000001a7`51f618c0 000001ac`6666b7f0 00000000`00000002 00000000`00000000 : clr!UMThunkStub+0x26d
0000005a`9667e620 00007ffd`1fc817a2 : 0000005a`00000000 000001ac`6666b7f0 00007ffd`22eb4410 0000005a`9667e800 : webengine4!W3_MGD_HANDLER::ProcessNotification+0x8e
0000005a`9667e650 00007ffd`225799e7 : 000001ac`6666b7f0 00007ffd`1fc81760 00007ffd`22eb4410 00000000`00000000 : webengine4!ProcessNotificationCallback+0x42
0000005a`9667e680 00007ffd`2257819c : 00007ffd`22579a70 0000005a`9667e700 0000005a`9667e801 00000000`0b089504 : clr!UnManagedPerAppDomainTPCount::DispatchWorkItem+0x1bc
0000005a`9667e720 00007ffd`22577f45 : 0007000e`00260026 00000000`00000001 000001ac`66364ee0 000001ac`66364ee0 : clr!ThreadpoolMgr::ExecuteWorkRequest+0x64
0000005a`9667e750 00007ffd`22622e8f : 00000000`00000000 000001a7`50c10e01 00000000`00000001 00000000`00000804 : clr!ThreadpoolMgr::WorkerThreadStart+0xf5
0000005a`9667e7f0 00007ffd`2fdb8364 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!Thread::intermediateThreadProc+0x86
0000005a`9667f7b0 00007ffd`31ede851 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
0000005a`9667f7e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


THREAD_SHA1_HASH_MOD_FUNC:  48176150c99086579b8115dc211b995cc4b07226

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  1d00c3832e4d0c79a48c8f97b4ed56fa80edffda

THREAD_SHA1_HASH_MOD:  5921a8f24cf922df9ee28e5c41febefcb341d312

FAULT_INSTR_CODE:  48088b48

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  loghttp!RequestDoWork+84

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: loghttp

IMAGE_NAME:  loghttp.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  57899b80

STACK_COMMAND:  .ecxr ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_NOSOS_c0000005_loghttp.dll!RequestDoWork

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_NOSOS_loghttp!RequestDoWork+84

FAILURE_EXCEPTION_CODE:  c0000005

FAILURE_IMAGE_NAME:  loghttp.dll

BUCKET_ID_IMAGE_STR:  loghttp.dll

FAILURE_MODULE_NAME:  loghttp

BUCKET_ID_MODULE_STR:  loghttp

FAILURE_FUNCTION_NAME:  RequestDoWork

BUCKET_ID_FUNCTION_STR:  RequestDoWork

BUCKET_ID_OFFSET:  84

BUCKET_ID_MODTIMEDATESTAMP:  57899b80

BUCKET_ID_MODCHECKSUM:  134fa

BUCKET_ID_MODVER_STR:  10.0.14393.0

BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_NOSOS_

FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT

FAILURE_SYMBOL_NAME:  loghttp.dll!RequestDoWork

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/w3wp.exe/10.0.14393.0/57899b8a/loghttp.dll/10.0.14393.0/57899b80/c0000005/00001744.htm?Retriage=1

TARGET_TIME:  2018-09-19T04:26:43.000Z

OSBUILD:  14393

OSSERVICEPACK:  2214

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 Server TerminalServer DataCenter SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-04-03 11:45:42

BUILDDATESTAMP_STR:  180402-1758

BUILDLAB_STR:  rs1_release_1

BUILDOSVER_STR:  10.0.14393.2214

ANALYSIS_SESSION_ELAPSED_TIME:  61eb

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_nosos_c0000005_loghttp.dll!requestdowork

FAILURE_ID_HASH:  {7fc5e7af-2508-9c33-c2b7-8a9e10458ef1}

Followup:     MachineOwner
---------

 跪求大神分析此次iis频繁奔溃的原因。

 

iis频繁奔溃,求大神帮忙分析dump

标签:and   window   number   exec   png   fse   symbol   技术分享   glob   

原文地址:https://www.cnblogs.com/drzhong/p/9674225.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!