none
Win2008 R2 企业版蓝屏请帮忙分析下原因 RRS feed

  • 问题

  • Microsoft (R) Windows Debugger Version 10.0.18972.1001 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\stars\Desktop\091519-28626-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*
    Symbol search path is: srv*
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`01c66000 PsLoadedModuleList = 0xfffff800`01eabe90
    Debug session time: Sun Sep 15 12:42:09.118 2019 (UTC + 8:00)
    System Uptime: 0 days 0:42:26.680
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ........................
    Loading User Symbols
    Loading unloaded module list
    ....
    For analysis of this file, run !analyze -v
    00000000`00000000 ??              ???
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 000000000000ffff, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    	bit 0 : value 0 = read operation, 1 = write operation
    	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80001cc42c6, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    KEY_VALUES_STRING: 1
    
        Key  : Analysis.CPU.Sec
        Value: 1
    
        Key  : Analysis.DebugAnalysisProvider.CPP
        Value: Create: 8007007e on DESKTOP-JF04E0H
    
        Key  : Analysis.DebugData
        Value: CreateObject
    
        Key  : Analysis.DebugModel
        Value: CreateObject
    
        Key  : Analysis.Elapsed.Sec
        Value: 1
    
        Key  : Analysis.Memory.CommitPeak.Mb
        Value: 67
    
        Key  : Analysis.System
        Value: CreateObject
    
    
    BUGCHECK_CODE:  a
    
    BUGCHECK_P1: ffff
    
    BUGCHECK_P2: 2
    
    BUGCHECK_P3: 0
    
    BUGCHECK_P4: fffff80001cc42c6
    
    READ_ADDRESS: fffff80001e57068: Unable to get Flags value from nt!KdVersionBlock
    fffff80001e57068: Unable to get Flags value from nt!KdVersionBlock
    fffff80001e57068: Unable to get Flags value from nt!KdVersionBlock
    Unable to get MmSystemRangeStart
    GetUlongPtrFromAddress: unable to read from fffff80001f17280
    GetUlongPtrFromAddress: unable to read from fffff80001f17408
     000000000000ffff 
    
    CUSTOMER_CRASH_COUNT:  1
    
    PROCESS_NAME:  System
    
    IP_IN_FREE_BLOCK: 0
    
    BAD_STACK_POINTER:  0000000000000000
    
    STACK_TEXT:  
    00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
    
    
    SYMBOL_NAME:  nt!RtlLookupEntryHashTable+66
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    IMAGE_VERSION:  6.1.7601.17514
    
    STACK_COMMAND:  .thread ; .cxr ; kb
    
    FAILURE_BUCKET_ID:  INVALID_KERNEL_CONTEXT_0xA
    
    OS_VERSION:  7.1.7601.17514
    
    BUILDLAB_STR:  win7sp1_rtm
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 7
    
    FAILURE_ID_HASH:  {e1670dde-ec4b-aafd-0053-25c657509baa}
    
    Followup:     MachineOwner
    ---------
    2019年9月15日 5:07

全部回复

  • The Stop 0x0000000A (IRQL_NOT_LESS_OR_EQUAL) indicates that Microsoft Windows or a kernel-mode driver accessed paged memory (for writing, according to the value of the third parameter) at DISPATCH_LEVEL or above.

    The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

    Windbg显示的问题源仅是ntkrnlmp.exe,指向系统内核,没有显示具体原因。

    进行以下尝试:

    卸载最近安装的更新

    更新任何可以更新的设备驱动

    检测内存

    禁用安全软件

    msconfig中禁用所有非Windows自带的开机启动项

    分析其他的mini dump



    如果认为回帖者的回答有所帮助,请将之标记为答复,这样可以帮助更多的用户获取有效信息
    2019年9月16日 1:28