询问者
WINDOWS Server 2012R2出现IRQL_NOT_LESS_OR_EQUAL蓝屏0x0000000a,驱动是tcpip.sys,已附dmp
问题
-
错误信息:IRQL_NOT_LESS_OR_EQUAL
错误代码:0x0000000a
参数1:ffffe000`f6ea72a0
参数2:00000000`00000002
参数3:00000000`00000000
参数4:fffff802`cdd7bb7c
导致崩溃:tcpip.sys
崩溃失败:tcpip.sys + c1e66 故障排除:ntosk
.exe + 153fa0DMP地址:www.lanzous.com/i8mrf5c
———————————以下是我自己的分析,不过下载不了符号———————————
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\011120-5046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 9600 MP (32 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9600.17031.amd64fre.winblue_gdr.140221-1952
Machine Name:
Kernel base = 0xfffff802`cdc80000 PsLoadedModuleList = 0xfffff802`cdf4a2d0
Debug session time: Sat Jan 11 16:57:28.984 2020 (UTC + 8:00)
System Uptime: 0 days 3:53:28.904
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {ffffe000f6ea72a0, 2, 0, fffff802cdd7bb7c}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+fbb7c )
Followup: MachineOwner
---------
0: kd> .reload
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
.......
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffe000f6ea72a0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802cdd7bb7c, address which referenced memory
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: nt
FAULTING_MODULE: fffff802cdc80000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 53085af2
READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffe000f6ea72a0
CURRENT_IRQL: 0
FAULTING_IP:
nt+fbb7c
fffff802`cdd7bb7c 488b8120020000 mov rax,qword ptr [rcx+220h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from fffff802cdddfae9 to fffff802cddd3fa0
STACK_TEXT:
fffff802`cf48f938 fffff802`cdddfae9 : 00000000`0000000a ffffe000`f6ea72a0 00000000`00000002 00000000`00000000 : nt+0x153fa0
fffff802`cf48f940 00000000`0000000a : ffffe000`f6ea72a0 00000000`00000002 00000000`00000000 fffff802`cdd7bb7c : nt+0x15fae9
fffff802`cf48f948 ffffe000`f6ea72a0 : 00000000`00000002 00000000`00000000 fffff802`cdd7bb7c fffff801`d9fafe66 : 0xa
fffff802`cf48f950 00000000`00000002 : 00000000`00000000 fffff802`cdd7bb7c fffff801`d9fafe66 00000000`00000000 : 0xffffe000`f6ea72a0
fffff802`cf48f958 00000000`00000000 : fffff802`cdd7bb7c fffff801`d9fafe66 00000000`00000000 00000000`00000000 : 0x2
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt+fbb7c
fffff802`cdd7bb7c 488b8120020000 mov rax,qword ptr [rcx+220h]
SYMBOL_NAME: nt+fbb7c
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: ntoskrnl.exe
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
- 已编辑 Svlik 2020年1月12日 18:51 更新分析
全部回复
-
你试试在 WinDBG 里把 Symbol Path 设置为 SRV*C:\\symbols*http://msdl.microsoft.com/download/symbols 再试试,假如 C:\symbols 文件夹存在的话。
Alexis Zhang
http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
推荐以 NNTP Bridge 桥接新闻组方式访问论坛。
本帖是回复帖,原帖作者是楼上的 <Svlik>;
| 错误代码:0x0000000a
| ———————————以下是我自己的分析,不过下载不了符号——————————— -
您尝试在WinDBG里把符号路径设置为SRV * C:\\符号* http://msdl.microsoft.com/download/symbols再试试,假如C:\符号文件夹存在的话。
张
http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
推荐以NNTP Bridge介入新闻组方式访问论坛。
本帖是回复帖,原帖作者是楼上的<Svlik>;
| 错误代码:0x0000000a
| ————————————以下是我自己的分析,不过下载不了符号————————————
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\011620-5234-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*d:\\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 9600 MP (32 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9600.17031.amd64fre.winblue_gdr.140221-1952
Machine Name:
Kernel base = 0xfffff801`bc211000 PsLoadedModuleList = 0xfffff801`bc4db2d0
Debug session time: Thu Jan 16 10:31:41.613 2020 (UTC + 8:00)
System Uptime: 0 days 1:01:35.538
Loading Kernel Symbols
...............................................................
...........................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {ffffe800ac2ac2a0, 2, 0, fffff801bc30cb7c}
Probably caused by : ntkrnlmp.exe ( nt!IoThreadToProcess+0 )
Followup: MachineOwner
---------
16: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffe800ac2ac2a0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff801bc30cb7c, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: fffff801bc4c8ce0: Unable to get special pool info
fffff801bc4c8ce0: Unable to get special pool info
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
ffffe800ac2ac2a0
CURRENT_IRQL: 2
FAULTING_IP:
nt!IoThreadToProcess+0
fffff801`bc30cb7c 488b8120020000 mov rax,qword ptr [rcx+220h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from fffff801bc370ae9 to fffff801bc364fa0
STACK_TEXT:
ffffd001`34759938 fffff801`bc370ae9 : 00000000`0000000a ffffe800`ac2ac2a0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffd001`34759940 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!IoThreadToProcess+0
fffff801`bc30cb7c 488b8120020000 mov rax,qword ptr [rcx+220h]
SYMBOL_NAME: nt!IoThreadToProcess+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 53085af2
FAILURE_BUCKET_ID: X64_0xA_nt!IoThreadToProcess+0
BUCKET_ID: X64_0xA_nt!IoThreadToProcess+0
Followup: MachineOwner
---------
16: kd> lmvm nt
start end module name
fffff801`bc211000 fffff801`bc99a000 nt (pdb symbols) d:\\symbols\ntkrnlmp.pdb\6066913DFBAD4EF6B754E136C12BECA31\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: d:\\symbols\ntoskrnl.exe\53085AF2789000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Sat Feb 22 16:08:18 2014 (53085AF2)
CheckSum: 0071FAD2
ImageSize: 00789000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
- 已编辑 Svlik 2020年1月16日 6:49
