none
windows 2008R2 tcpip.sys蓝屏报错,请帮忙分析什么问题导致的 RRS feed

  • 问题

  • Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\wangc\Desktop\122618-51230-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (12 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7600.16988.amd64fre.win7_gdr.120401-1505
    Machine Name:
    Kernel base = 0xfffff800`01e06000 PsLoadedModuleList = 0xfffff800`02042e70
    Debug session time: Tue Dec 25 18:58:47.811 2018 (UTC + 8:00)
    System Uptime: 0 days 9:52:13.373
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..................
    Loading User Symbols
    Loading unloaded module list
    ....
    ERROR: FindPlugIns 8007007b
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {1c, 2, 1, fffff88001c77c1a}

    *** WARNING: Unable to verify timestamp for win32k.sys
    *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
    Probably caused by : tcpip.sys ( tcpip!TcpBeginTcbSend+32a )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    ERROR: FindPlugIns 8007007b
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 000000000000001c, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff88001c77c1a, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800020ad0e0
     000000000000001c 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    tcpip!TcpBeginTcbSend+32a
    fffff880`01c77c1a f083401c01      lock add dword ptr [rax+1Ch],1

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  fffff80003c5b630 -- (.trap 0xfffff80003c5b630)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8015a608e0
    rdx=fffffa8015a608d0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88001c77c1a rsp=fffff80003c5b7c0 rbp=fffff80003c5b8c8
     r8=fffffa8015a606e0  r9=fffff80003c5b860 r10=fffffa8015a60810
    r11=0000000000000014 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    tcpip!TcpBeginTcbSend+0x32a:
    fffff880`01c77c1a f083401c01      lock add dword ptr [rax+1Ch],1 ds:b860:00000000`0000001c=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001e755a9 to fffff80001e76040

    STACK_TEXT:  
    fffff800`03c5b4e8 fffff800`01e755a9 : 00000000`0000000a 00000000`0000001c 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff800`03c5b4f0 fffff800`01e74220 : fffffa80`135d3168 00000000`00000001 fffffa80`1624cc00 00000000`00000266 : nt!KiBugCheckDispatch+0x69
    fffff800`03c5b630 fffff880`01c77c1a : 00000000`00000001 fffffa80`1624cc00 0000111c`c3a2401c 00006700`000005b4 : nt!KiPageFault+0x260
    fffff800`03c5b7c0 fffff880`01c76429 : ffff0080`0213d805 ffff0080`0213d815 00000000`00000000 00000000`00000001 : tcpip!TcpBeginTcbSend+0x32a
    fffff800`03c5ba40 fffff880`01c722b6 : 00000000`00000000 fffffa80`1624cc01 fffff880`01d66128 00000000`00004500 : tcpip!TcpTcbSend+0x1d9
    fffff800`03c5bcc0 fffff880`01c79cac : fffffa80`13ec3000 00000000`00000000 00000000`00000000 fffff880`01c5d300 : tcpip!TcpFlushDelay+0x316
    fffff800`03c5bda0 fffff880`01c5c3c7 : fffffa80`135dd270 fffffa80`134b0820 fffffa80`134bc44d 00000000`00000002 : tcpip!TcpPreValidatedReceive+0x20c
    fffff800`03c5be50 fffff880`01c5c499 : fffff800`03c5bfd0 fffff880`01d6c9a0 fffff800`03c5bfe0 00000000`00000001 : tcpip!IppDeliverListToProtocol+0x97
    fffff800`03c5bf10 fffff880`01c5c990 : fffffa80`13c37ea8 00000000`00000000 fffffa80`13a8c170 fffff800`03c5bfd0 : tcpip!IppProcessDeliverList+0x59
    fffff800`03c5bf80 fffff880`01c5b821 : 00000000`00000000 fffffa80`135dd270 fffff880`01d6c9a0 00000000`13f3a801 : tcpip!IppReceiveHeaderBatch+0x231
    fffff800`03c5c060 fffff880`01c5a272 : fffffa80`13f407b0 00000000`00000000 fffffa80`13f3a801 00000000`00000003 : tcpip!IpFlcReceivePackets+0x651
    fffff800`03c5c260 fffff880`01c736ba : fffffa80`13f3a840 fffff800`03c5c390 fffffa80`13f3a840 fffff800`03c50000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2
    fffff800`03c5c340 fffff800`01e856ca : fffffa80`13e8fe20 fffff800`03c57000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda
    fffff800`03c5c390 fffff880`01c730e2 : fffff880`01c735e0 fffff800`03c5c4a0 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
    fffff800`03c5c470 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!FlReceiveNetBufferListChain+0xb2


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    tcpip!TcpBeginTcbSend+32a
    fffff880`01c77c1a f083401c01      lock add dword ptr [rax+1Ch],1

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  tcpip!TcpBeginTcbSend+32a

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: tcpip

    IMAGE_NAME:  tcpip.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc26e

    FAILURE_BUCKET_ID:  X64_0xD1_tcpip!TcpBeginTcbSend+32a

    BUCKET_ID:  X64_0xD1_tcpip!TcpBeginTcbSend+32a

    Followup: MachineOwner
    ---------

    0: kd> !process
    GetPointerFromAddress: unable to read from fffff800020ad000
    PROCESS fffffa800d938b30
        SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
        DirBase: 0001b000  ObjectTable: fffff8a000001a50  HandleCount: <Data Not Accessible>
        Image: System
        VadRoot fffffa80135b4820 Vads 5 Clone 0 Private 9. Modified 39324. Locked 0.
        DeviceMap fffff8a000008ca0
        Token                             fffff8a000004040
        ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    fffff78000000000: Unable to get shared data
        ElapsedTime                       00:00:00.000
        UserTime                          00:00:00.000
        KernelTime                        00:00:00.000
        QuotaPoolUsage[PagedPool]         0
        QuotaPoolUsage[NonPagedPool]      0
        Working Set Sizes (now,min,max)  (92, 0, 0) (368KB, 0KB, 0KB)
        PeakWorkingSetSize                1417
        VirtualSize                       3 Mb
        PeakVirtualSize                   9 Mb
        PageFaultCount                    22941
        MemoryPriority                    BACKGROUND
        BasePriority                      8
        CommitCharge                      28

            *** Error in reading nt!_ETHREAD @ fffffa800d99e040
    2018年12月26日 3:17

全部回复