none
系统蓝屏帮忙分析DMP文件看看什么问题导致 RRS feed

  • 问题

  • Use !analyze -v to get detailed debugging information.

    BugCheck D1, {38, 2, 0, fffff80271713a32}

    Unable to load image \SystemRoot\system32\drivers\afd.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for afd.sys
    *** ERROR: Module load completed but symbols could not be loaded for afd.sys
    Unable to load image \??\C:\Windows\SysWOW64\Drivers\LdTDI.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for LdTDI.sys
    *** ERROR: Module load completed but symbols could not be loaded for LdTDI.sys
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    Probably caused by : afd.sys ( afd+3a32 )

    Followup: MachineOwner

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000038, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff80271713a32, address which referenced memory

    Debugging Details:
    ------------------

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    MODULE_NAME: afd

    FAULTING_MODULE: fffff80267e0e000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  5a820baa

    READ_ADDRESS:  0000000000000038 

    CURRENT_IRQL:  0

    FAULTING_IP: 
    afd+3a32
    fffff802`71713a32 8b4138          mov     eax,dword ptr [rcx+38h]

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

    BUGCHECK_STR:  0xD1

    LAST_CONTROL_TRANSFER:  from fffff80267f7b029 to fffff80267f69940
    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    afd+3a32
    fffff802`71713a32 8b4138          mov     eax,dword ptr [rcx+38h]

    SYMBOL_STACK_INDEX:  6

    SYMBOL_NAME:  afd+3a32

    FOLLOWUP_NAME:  MachineOwner

    IMAGE_NAME:  afd.sys

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    0: kd> lmvm afd
    start             end                 module name
    fffff802`71710000 fffff802`717a5000   afd      T (no symbols)           
        Loaded symbol image file: afd.sys
        Image path: \SystemRoot\system32\drivers\afd.sys
        Image name: afd.sys
        Timestamp:        Tue Feb 13 05:48:26 2018 (5A820BAA)
        CheckSum:         00090097
        ImageSize:        00095000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    0: kd> lmvm nt
    start             end                 module name
    fffff802`67e0e000 fffff802`6862f000   nt       T (no symbols)           
        Loaded symbol image file: ntoskrnl.exe
        Image path: \SystemRoot\system32\ntoskrnl.exe
        Image name: ntoskrnl.exe
        Timestamp:        Sat Apr 28 12:31:38 2018 (5AE3F92A)
        CheckSum:         00772F4E
        ImageSize:        00821000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    0: kd> lmvm afd
    start             end                 module name
    fffff802`71710000 fffff802`717a5000   afd      T (no symbols)           
        Loaded symbol image file: afd.sys
        Image path: \SystemRoot\system32\drivers\afd.sys
        Image name: afd.sys
        Timestamp:        Tue Feb 13 05:48:26 2018 (5A820BAA)
        CheckSum:         00090097
        ImageSize:        00095000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    0: kd> lmvm nt
    start             end                 module name
    fffff802`67e0e000 fffff802`6862f000   nt       T (no symbols)           
        Loaded symbol image file: ntoskrnl.exe
        Image path: \SystemRoot\system32\ntoskrnl.exe
        Image name: ntoskrnl.exe
        Timestamp:        Sat Apr 28 12:31:38 2018 (5AE3F92A)
        CheckSum:         00772F4E
        ImageSize:        00821000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4


    2020年7月22日 2:59

全部回复

  • 您好,

    请问问题发生之前是否有对机器做更新或者更改(打补丁/软硬件更新等)?
    故障发生时间和频率如何?

    根据您提供的dump信息来看,问题可能与afd.sys有关,建议您对网卡驱动进行一个更新,检查蓝屏问题是否还会复现。



    针对Windows 2008/2008R2的扩展支持将于2020年结束,之后微软将不再为其提供安全更新。点击此处或扫描二维码获取《在 Azure 上运行 Windows Server 的终极指南》,把握良机完成云迁移并实现业务现代化。

    2020年7月23日 8:30