none
win server 2008 R2 频繁蓝屏

    问题

  • 最近服务器一直蓝屏,两台服务器同时重装后发生相同问题,dump日志如下:

    前几天的dump日志指向了rvd.exe以及tdx.sys,再加上最近一直是WmiPrvSE.exe及LswNFlt64.sys或者ntkrnlmp.exe,那么是不是可以初步判断是由于网卡驱动或其他硬件驱动与系统交互出现问题造成的呢?

    堆栈这里实在看不懂,还请大神指教。

    Loading Dump File [E:\dump\MEMORY-01.DMP]
    Kernel Summary Dump File: Only kernel address space is available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.23539.amd64fre.win7sp1_ldr.160902-0600
    Machine Name:
    Kernel base = 0xfffff800`01a10000 PsLoadedModuleList = 0xfffff800`01c52730
    Debug session time: Wed Jan 18 19:03:51.535 2017 (UTC + 8:00)
    System Uptime: 4 days 17:02:34.128
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........................
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 000007ff`fffde018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    ........................
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {0, 2, 8, 0}

    Page 7fa6f4 not present in the dump file. Type ".hh dbgerr004" for details
    *** ERROR: Module load completed but symbols could not be loaded for LswNFlt64.sys
    *** ERROR: Module load completed but symbols could not be loaded for iansw60e.sys
    *** ERROR: Module load completed but symbols could not be loaded for e1r62x64.sys
    *** ERROR: Module load completed but symbols could not be loaded for ATamptNt.sys
    Probably caused by : LswNFlt64.sys ( LswNFlt64+78c5 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
    Arg4: 0000000000000000, address which referenced memory

    Debugging Details:
    ------------------

    Page 7fa6f4 not present in the dump file. Type ".hh dbgerr004" for details

    READ_ADDRESS:  0000000000000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    +980
    00000000`00000000 ??              ???

    PROCESS_NAME:  WmiPrvSE.exe

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

    DPC_STACK_BASE:  FFFFF80003218FB0

    TRAP_FRAME:  fffff80003217340 -- (.trap 0xfffff80003217340)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa807051ba60 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
    rip=0000000000000000 rsp=fffff800032174d8 rbp=0000000000000060
     r8=fffff800032176b0  r9=0000000000000018 r10=fffffa8032dea020
    r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    00000000`00000000 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001a7f729 to fffff80001a80180

    FAILED_INSTRUCTION_ADDRESS:
    +980
    00000000`00000000 ??              ???

    STACK_TEXT: 
    fffff800`032174d8 fffff880`017f08c5 : fffffa80`31b01510 fffff800`03217568 00000000`00000000 00000000`00000000 : 0x0
    fffff800`032174e0 fffff880`017c8325 : fffffa80`7051ba60 00000000`00000016 fffff800`032176b0 fffffa80`00000018 : LswNFlt64+0x78c5
    fffff800`032175a0 fffff880`01884825 : fffffa80`70058950 fffffa80`6f696280 fffffa80`70058950 fffff800`03217800 : tdx!TdxEventReceiveMessagesTransportAddress+0x315
    fffff800`03217790 fffff880`0187f23b : 00000000`00000018 fffffa80`70058950 fffffa80`00000000 fffff800`032179d0 : tcpip!UdpDeliverDatagrams+0x155
    fffff800`03217920 fffff880`0185af97 : fffffa80`6e3d7960 fffffa80`31d1f100 01b26800`a1ed3500 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x21b
    fffff800`032179c0 fffff880`0185aaaa : 00000000`00000000 fffff880`0196d9a0 fffff800`03217b80 fffffa80`323b8e20 : tcpip!IppDeliverListToProtocol+0xf7
    fffff800`03217a80 fffff880`0185a0a9 : fffff880`0196d9a0 fffffa80`323a7d80 00000000`00000011 fffff800`03217b70 : tcpip!IppProcessDeliverList+0x5a
    fffff800`03217b20 fffff880`01857d4f : 00000000`6402786d fffff880`0196d9a0 fffff880`0196d9a0 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x23a
    fffff800`03217c00 fffff880`01845a52 : fffffa80`6e3e5ed0 00000000`00000000 01b26800`a1ed3501 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f
    fffff800`03217e00 fffff880`01856712 : fffffa80`6e3e5ed0 fffffa80`6e3d7960 fffffa80`6e3d0011 00000000`00000011 : tcpip!IpFlcReceivePreValidatedPackets+0x992
    fffff800`03217f60 fffff800`01a8be98 : 00000000`00000000 00000000`00004800 fffffa80`33d9e4b0 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xa2
    fffff800`03217fb0 fffff880`01856e42 : fffff880`01856670 fffff880`03e445b9 fffff800`03218102 fffffa80`31d1f100 : nt!KeExpandKernelStackAndCalloutEx+0xd8
    fffff800`03218090 fffff880`00f190eb : fffffa80`6e3e08c0 00000000`00000000 fffffa80`31d1f1a0 fffff880`00000000 : tcpip!FlReceiveNetBufferListChain+0xb2
    fffff800`03218100 fffff880`00ee2ad6 : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb
    fffff800`03218170 fffff880`00e5baa1 : fffffa80`31d1f1a0 00000000`00000002 00000000`00000001 fffff880`00e65490 : NDIS!ndisMDispatchReceiveNetBufferLists+0x1d6
    fffff800`032185f0 fffff880`03e444b5 : fffffa80`33d9a150 00000000`00000001 fffffa80`6e665000 00000000`00000000 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1
    fffff800`03218640 fffff880`03e44383 : fffffa80`325bf010 fffff800`03218758 00000000`00000000 00000000`00000801 : iansw60e+0x74b5
    fffff800`032186b0 fffff880`03e40347 : 00000000`00000801 00000000`00000000 00000000`00000000 fffffa80`323a7c50 : iansw60e+0x7383
    fffff800`032186f0 fffff880`00f190eb : fffffa80`6e3a68c0 fffffa80`323a7c50 fffffa80`31cc61a0 fffff880`00000001 : iansw60e+0x3347
    fffff800`03218750 fffff880`00ee2c75 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff215a`3dbf1fc3 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb
    fffff800`032187c0 fffff880`00e5baa1 : fffffa80`31cc61a0 00000000`00002328 00000000`00000000 00000000`00002328 : NDIS!ndisMDispatchReceiveNetBufferLists+0x375
    fffff800`03218c40 fffff880`03edeed3 : fffffa80`31e29000 00000000`00000001 fffffa80`323a7c50 fffffa80`323a7c50 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1
    fffff800`03218c90 fffff880`03edf0c2 : 00000000`00000001 fffffa80`323a7c50 fffffa80`31e29000 fffffa80`31e29000 : e1r62x64+0x25ed3
    fffff800`03218cd0 fffff880`03ecef56 : 00000000`00000000 fffffa80`31e29080 00000000`00008000 00000000`00000000 : e1r62x64+0x260c2
    fffff800`03218d50 fffff880`03eced0a : fffffa80`31bb0250 ffff0001`00000000 ffff0001`00000000 fffff800`01b1ddd6 : e1r62x64+0x15f56
    fffff800`03218dc0 fffff880`03ed0f48 : 00000000`00000000 ffff0001`00000000 00000000`00000000 00000000`00000000 : e1r62x64+0x15d0a
    fffff800`03218e30 fffff880`00e5b921 : 00000000`00003547 00000000`00000064 00000000`00000000 431bde82`d7b634db : e1r62x64+0x17f48
    fffff800`03218e70 fffff800`01a8ae8c : fffffa80`32318d18 fffffa80`00000000 00000000`00000000 fffff800`01bfee80 : NDIS!ndisInterruptDpc+0x151
    fffff800`03218f00 fffff800`01a83315 : 00000000`00000000 fffffa80`33d9e4b0 00000000`00000000 fffff880`00e5b7d0 : nt!KiRetireDpcList+0x1bc
    fffff800`03218fb0 fffff800`01a8312c : 00000000`00016a00 00000000`00000000 00000000`00000000 fffff8a0`00000000 : nt!KxRetireDpcList+0x5
    fffff880`0ad23050 fffff800`01acb3f3 : fffff800`01a7c016 fffff800`01a7c082 fffffa80`33d27a90 fffff8a0`00341e01 : nt!KiDispatchInterruptContinue
    fffff880`0ad23080 fffff800`01a7c082 : fffffa80`33d27a90 fffff8a0`00341e01 00000000`00000001 00000000`00000000 : nt!KiDpcInterruptBypass+0x13
    fffff880`0ad23090 fffff880`01204ad7 : 00000000`00000000 fffff880`0ad23690 fffff880`0ad23690 fffff8a0`00341a90 : nt!KiInterruptDispatch+0x212
    fffff880`0ad23220 fffff880`012063b7 : fffffa80`3170f580 00000000`00000000 fffffa80`313ec050 00000000`00000000 : fltmgr!FltpGetStreamListCtrl+0xb7
    fffff880`0ad23280 fffff880`01211b44 : fffffa80`6f757600 00000000`00000000 fffffa80`31831010 00000000`00000102 : fltmgr!FltpGetFileNameInformation+0x127
    fffff880`0ad23300 fffff880`01d960c4 : fffffa80`33764b20 fffffa80`6f82be00 fffffa80`31a01230 fffffa80`6f82bcb0 : fltmgr!FltGetFileNameInformation+0x184
    fffff880`0ad23390 fffff880`01d962e9 : fffffa80`6f82bd60 fffff880`0ad234a8 fffffa80`6fc04280 fffff800`01bb7d1e : ATamptNt+0xe0c4
    fffff880`0ad233e0 fffff880`01202067 : fffffa80`6f82bd60 fffff880`0ad234a8 fffff880`0ad23480 00000000`00000801 : ATamptNt+0xe2e9
    fffff880`0ad23430 fffff880`012049aa : fffffa80`6f757600 fffffa80`33d27a00 fffffa80`3170da00 fffffa80`3170f500 : fltmgr!FltpPerformPreCallbacks+0x2f7
    fffff880`0ad23530 fffff880`012222a3 : fffffa80`6f7576c0 fffffa80`6f7576c0 fffffa80`6f7576c0 fffffa80`33d27a90 : fltmgr!FltpPassThroughInternal+0x4a
    fffff880`0ad23560 fffff800`01d8467b : 00000000`00000025 00000000`00000040 fffffa80`33d27a90 00000000`00000000 : fltmgr!FltpCreate+0x293
    fffff880`0ad23610 fffff800`01d8019e : fffffa80`315a1ad0 00000000`00000000 fffffa80`6f818b10 00000000`00000001 : nt!IopParseDevice+0x14e2
    fffff880`0ad23770 fffff800`01d80c86 : 00000000`00000000 fffff880`0ad238f0 fffffa80`00000040 fffffa80`3104d210 : nt!ObpLookupObjectName+0x784
    fffff880`0ad23870 fffff800`01d82a7c : fffffa80`33d9e4b0 00000000`00000000 fffffa80`337e8e01 fffffa80`337e8ea0 : nt!ObOpenObjectByName+0x306
    fffff880`0ad23940 fffff800`01d6bd98 : 00000000`0423cee8 fffff880`00100100 00000000`0423cf18 00000000`0423cf08 : nt!IopCreateFile+0x2bc
    fffff880`0ad239e0 fffff800`01a7f413 : fffffa80`33d9e4b0 00000000`0423ce68 fffff880`0ad23a88 000007fe`f8343c60 : nt!NtOpenFile+0x58
    fffff880`0ad23a70 00000000`7757be6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0423ce88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7757be6a


    STACK_COMMAND:  .trap 0xfffff80003217340 ; kb

    FOLLOWUP_IP:
    LswNFlt64+78c5
    fffff880`017f08c5 eb05            jmp     LswNFlt64+0x78cc (fffff880`017f08cc)

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  LswNFlt64+78c5

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: LswNFlt64

    IMAGE_NAME:  LswNFlt64.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  54b5f6f9

    FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_LswNFlt64+78c5

    BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_LswNFlt64+78c5

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xd1_code_av_null_ip_lswnflt64+78c5

    FAILURE_ID_HASH:  {989c70f2-fd57-4294-31ce-294d794d2f7a}

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
    Arg4: 0000000000000000, address which referenced memory

    Debugging Details:
    ------------------

    Page 7fa6f4 not present in the dump file. Type ".hh dbgerr004" for details

    READ_ADDRESS:  0000000000000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    +980
    00000000`00000000 ??              ???

    PROCESS_NAME:  WmiPrvSE.exe

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

    DPC_STACK_BASE:  FFFFF80003218FB0

    TRAP_FRAME:  fffff80003217340 -- (.trap 0xfffff80003217340)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa807051ba60 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000016 rsi=0000000000000000 rdi=0000000000000000
    rip=0000000000000000 rsp=fffff800032174d8 rbp=0000000000000060
     r8=fffff800032176b0  r9=0000000000000018 r10=fffffa8032dea020
    r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    00000000`00000000 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001a7f729 to fffff80001a80180

    FAILED_INSTRUCTION_ADDRESS:
    +980
    00000000`00000000 ??              ???

    STACK_TEXT: 
    fffff800`032174d8 fffff880`017f08c5 : fffffa80`31b01510 fffff800`03217568 00000000`00000000 00000000`00000000 : 0x0
    fffff800`032174e0 fffff880`017c8325 : fffffa80`7051ba60 00000000`00000016 fffff800`032176b0 fffffa80`00000018 : LswNFlt64+0x78c5
    fffff800`032175a0 fffff880`01884825 : fffffa80`70058950 fffffa80`6f696280 fffffa80`70058950 fffff800`03217800 : tdx!TdxEventReceiveMessagesTransportAddress+0x315
    fffff800`03217790 fffff880`0187f23b : 00000000`00000018 fffffa80`70058950 fffffa80`00000000 fffff800`032179d0 : tcpip!UdpDeliverDatagrams+0x155
    fffff800`03217920 fffff880`0185af97 : fffffa80`6e3d7960 fffffa80`31d1f100 01b26800`a1ed3500 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x21b
    fffff800`032179c0 fffff880`0185aaaa : 00000000`00000000 fffff880`0196d9a0 fffff800`03217b80 fffffa80`323b8e20 : tcpip!IppDeliverListToProtocol+0xf7
    fffff800`03217a80 fffff880`0185a0a9 : fffff880`0196d9a0 fffffa80`323a7d80 00000000`00000011 fffff800`03217b70 : tcpip!IppProcessDeliverList+0x5a
    fffff800`03217b20 fffff880`01857d4f : 00000000`6402786d fffff880`0196d9a0 fffff880`0196d9a0 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x23a
    fffff800`03217c00 fffff880`01845a52 : fffffa80`6e3e5ed0 00000000`00000000 01b26800`a1ed3501 00000000`00000001 : tcpip!IpFlcReceivePackets+0x64f
    fffff800`03217e00 fffff880`01856712 : fffffa80`6e3e5ed0 fffffa80`6e3d7960 fffffa80`6e3d0011 00000000`00000011 : tcpip!IpFlcReceivePreValidatedPackets+0x992
    fffff800`03217f60 fffff800`01a8be98 : 00000000`00000000 00000000`00004800 fffffa80`33d9e4b0 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xa2
    fffff800`03217fb0 fffff880`01856e42 : fffff880`01856670 fffff880`03e445b9 fffff800`03218102 fffffa80`31d1f100 : nt!KeExpandKernelStackAndCalloutEx+0xd8
    fffff800`03218090 fffff880`00f190eb : fffffa80`6e3e08c0 00000000`00000000 fffffa80`31d1f1a0 fffff880`00000000 : tcpip!FlReceiveNetBufferListChain+0xb2
    fffff800`03218100 fffff880`00ee2ad6 : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb
    fffff800`03218170 fffff880`00e5baa1 : fffffa80`31d1f1a0 00000000`00000002 00000000`00000001 fffff880`00e65490 : NDIS!ndisMDispatchReceiveNetBufferLists+0x1d6
    fffff800`032185f0 fffff880`03e444b5 : fffffa80`33d9a150 00000000`00000001 fffffa80`6e665000 00000000`00000000 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1
    fffff800`03218640 fffff880`03e44383 : fffffa80`325bf010 fffff800`03218758 00000000`00000000 00000000`00000801 : iansw60e+0x74b5
    fffff800`032186b0 fffff880`03e40347 : 00000000`00000801 00000000`00000000 00000000`00000000 fffffa80`323a7c50 : iansw60e+0x7383
    fffff800`032186f0 fffff880`00f190eb : fffffa80`6e3a68c0 fffffa80`323a7c50 fffffa80`31cc61a0 fffff880`00000001 : iansw60e+0x3347
    fffff800`03218750 fffff880`00ee2c75 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff215a`3dbf1fc3 : NDIS!ndisMIndicateNetBufferListsToOpen+0xdb
    fffff800`032187c0 fffff880`00e5baa1 : fffffa80`31cc61a0 00000000`00002328 00000000`00000000 00000000`00002328 : NDIS!ndisMDispatchReceiveNetBufferLists+0x375
    fffff800`03218c40 fffff880`03edeed3 : fffffa80`31e29000 00000000`00000001 fffffa80`323a7c50 fffffa80`323a7c50 : NDIS!NdisMIndicateReceiveNetBufferLists+0xc1
    fffff800`03218c90 fffff880`03edf0c2 : 00000000`00000001 fffffa80`323a7c50 fffffa80`31e29000 fffffa80`31e29000 : e1r62x64+0x25ed3
    fffff800`03218cd0 fffff880`03ecef56 : 00000000`00000000 fffffa80`31e29080 00000000`00008000 00000000`00000000 : e1r62x64+0x260c2
    fffff800`03218d50 fffff880`03eced0a : fffffa80`31bb0250 ffff0001`00000000 ffff0001`00000000 fffff800`01b1ddd6 : e1r62x64+0x15f56
    fffff800`03218dc0 fffff880`03ed0f48 : 00000000`00000000 ffff0001`00000000 00000000`00000000 00000000`00000000 : e1r62x64+0x15d0a
    fffff800`03218e30 fffff880`00e5b921 : 00000000`00003547 00000000`00000064 00000000`00000000 431bde82`d7b634db : e1r62x64+0x17f48
    fffff800`03218e70 fffff800`01a8ae8c : fffffa80`32318d18 fffffa80`00000000 00000000`00000000 fffff800`01bfee80 : NDIS!ndisInterruptDpc+0x151
    fffff800`03218f00 fffff800`01a83315 : 00000000`00000000 fffffa80`33d9e4b0 00000000`00000000 fffff880`00e5b7d0 : nt!KiRetireDpcList+0x1bc
    fffff800`03218fb0 fffff800`01a8312c : 00000000`00016a00 00000000`00000000 00000000`00000000 fffff8a0`00000000 : nt!KxRetireDpcList+0x5
    fffff880`0ad23050 fffff800`01acb3f3 : fffff800`01a7c016 fffff800`01a7c082 fffffa80`33d27a90 fffff8a0`00341e01 : nt!KiDispatchInterruptContinue
    fffff880`0ad23080 fffff800`01a7c082 : fffffa80`33d27a90 fffff8a0`00341e01 00000000`00000001 00000000`00000000 : nt!KiDpcInterruptBypass+0x13
    fffff880`0ad23090 fffff880`01204ad7 : 00000000`00000000 fffff880`0ad23690 fffff880`0ad23690 fffff8a0`00341a90 : nt!KiInterruptDispatch+0x212
    fffff880`0ad23220 fffff880`012063b7 : fffffa80`3170f580 00000000`00000000 fffffa80`313ec050 00000000`00000000 : fltmgr!FltpGetStreamListCtrl+0xb7
    fffff880`0ad23280 fffff880`01211b44 : fffffa80`6f757600 00000000`00000000 fffffa80`31831010 00000000`00000102 : fltmgr!FltpGetFileNameInformation+0x127
    fffff880`0ad23300 fffff880`01d960c4 : fffffa80`33764b20 fffffa80`6f82be00 fffffa80`31a01230 fffffa80`6f82bcb0 : fltmgr!FltGetFileNameInformation+0x184
    fffff880`0ad23390 fffff880`01d962e9 : fffffa80`6f82bd60 fffff880`0ad234a8 fffffa80`6fc04280 fffff800`01bb7d1e : ATamptNt+0xe0c4
    fffff880`0ad233e0 fffff880`01202067 : fffffa80`6f82bd60 fffff880`0ad234a8 fffff880`0ad23480 00000000`00000801 : ATamptNt+0xe2e9
    fffff880`0ad23430 fffff880`012049aa : fffffa80`6f757600 fffffa80`33d27a00 fffffa80`3170da00 fffffa80`3170f500 : fltmgr!FltpPerformPreCallbacks+0x2f7
    fffff880`0ad23530 fffff880`012222a3 : fffffa80`6f7576c0 fffffa80`6f7576c0 fffffa80`6f7576c0 fffffa80`33d27a90 : fltmgr!FltpPassThroughInternal+0x4a
    fffff880`0ad23560 fffff800`01d8467b : 00000000`00000025 00000000`00000040 fffffa80`33d27a90 00000000`00000000 : fltmgr!FltpCreate+0x293
    fffff880`0ad23610 fffff800`01d8019e : fffffa80`315a1ad0 00000000`00000000 fffffa80`6f818b10 00000000`00000001 : nt!IopParseDevice+0x14e2
    fffff880`0ad23770 fffff800`01d80c86 : 00000000`00000000 fffff880`0ad238f0 fffffa80`00000040 fffffa80`3104d210 : nt!ObpLookupObjectName+0x784
    fffff880`0ad23870 fffff800`01d82a7c : fffffa80`33d9e4b0 00000000`00000000 fffffa80`337e8e01 fffffa80`337e8ea0 : nt!ObOpenObjectByName+0x306
    fffff880`0ad23940 fffff800`01d6bd98 : 00000000`0423cee8 fffff880`00100100 00000000`0423cf18 00000000`0423cf08 : nt!IopCreateFile+0x2bc
    fffff880`0ad239e0 fffff800`01a7f413 : fffffa80`33d9e4b0 00000000`0423ce68 fffff880`0ad23a88 000007fe`f8343c60 : nt!NtOpenFile+0x58
    fffff880`0ad23a70 00000000`7757be6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0423ce88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7757be6a


    STACK_COMMAND:  .trap 0xfffff80003217340 ; kb

    FOLLOWUP_IP:
    LswNFlt64+78c5
    fffff880`017f08c5 eb05            jmp     LswNFlt64+0x78cc (fffff880`017f08cc)

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  LswNFlt64+78c5

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: LswNFlt64

    IMAGE_NAME:  LswNFlt64.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  54b5f6f9

    FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_LswNFlt64+78c5

    BUCKET_ID:  X64_0xD1_CODE_AV_NULL_IP_LswNFlt64+78c5

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xd1_code_av_null_ip_lswnflt64+78c5

    FAILURE_ID_HASH:  {989c70f2-fd57-4294-31ce-294d794d2f7a}

    Followup: MachineOwner
    ---------

    0: kd> lmvm LswNFlt64
    start             end                 module name
    fffff880`017e9000 fffff880`017fe000   LswNFlt64   (no symbols)          
        Loaded symbol image file: LswNFlt64.sys
        Image path: \SystemRoot\system32\drivers\LswNFlt64.sys
        Image name: LswNFlt64.sys
        Timestamp:        Wed Jan 14 12:56:25 2015 (54B5F6F9)
        CheckSum:         0001596B
        ImageSize:        00015000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    0: kd> !process
    PROCESS fffffa806f42f720
        SessionId: 0  Cid: 0c54    Peb: 7fffffde000  ParentCid: 03b0
        DirBase: fe0fd1000  ObjectTable: fffff8a005fc4010  HandleCount: 438.
        Image: WmiPrvSE.exe
        VadRoot fffffa806f432ee0 Vads 205 Clone 0 Private 6127. Modified 46756. Locked 0.
        DeviceMap fffff8a00a573de0
        Token                             fffff8a0060b8060
        ElapsedTime                       4 Days 17:01:46.980
        UserTime                          00:33:08.747
        KernelTime                        01:17:52.697
        QuotaPoolUsage[PagedPool]         164728
        QuotaPoolUsage[NonPagedPool]      24592
        Working Set Sizes (now,min,max)  (9981, 50, 345) (39924KB, 200KB, 1380KB)
        PeakWorkingSetSize                10919
        VirtualSize                       114 Mb
        PeakVirtualSize                   162 Mb
        PageFaultCount                    16945600
        MemoryPriority                    BACKGROUND
        BasePriority                      8
        CommitCharge                      7275
        Job                               fffffa806f3ec770

            THREAD fffffa806f417b50  Cid 0c54.0c58  Teb: 000007fffffdc000 Win32Thread: fffff900c1c93810 WAIT: (WrUserRequest) UserMode Non-Alertable
                fffffa8032726d30  SynchronizationEvent

            THREAD fffffa803291a060  Cid 0c54.0c60  Teb: 000007fffffda000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
                fffffa8032915280  SynchronizationTimer
                fffffa8031930320  SynchronizationTimer
                fffffa80329134b0  SynchronizationTimer

            THREAD fffffa803291d060  Cid 0c54.0c80  Teb: 000007fffffae000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) UserMode Non-Alertable
                fffffa803290b190  SynchronizationEvent

            THREAD fffffa803291db50  Cid 0c54.0c88  Teb: 000007fffffac000 Win32Thread: fffff900c1c98810 WAIT: (UserRequest) UserMode Alertable
                fffffa8032902710  SynchronizationEvent
                fffffa80327e6ca0  SynchronizationEvent
                fffffa80327ff570  SynchronizationEvent
                fffffa8031833970  SynchronizationEvent
                fffffa80328165a0  SynchronizationEvent

            THREAD fffffa803291f060  Cid 0c54.0c90  Teb: 000007fffffa8000 Win32Thread: fffff900c1c9c530 WAIT: (UserRequest) UserMode Alertable
                fffffa8032919420  SynchronizationEvent
                fffffa8032900330  SynchronizationEvent
                fffffa8032919600  SynchronizationEvent

            THREAD fffffa8032929940  Cid 0c54.0ca0  Teb: 000007fffffa2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
                fffffa8032928060  SynchronizationEvent

            THREAD fffffa8032930060  Cid 0c54.0ca4  Teb: 000007fffffa0000 Win32Thread: fffff900c1c9e010 WAIT: (UserRequest) UserMode Alertable
                fffffa803291ee50  SynchronizationEvent
                fffffa8032920fe0  SynchronizationEvent
                fffffa803292df60  SynchronizationEvent

            THREAD fffffa8033dcb580  Cid 0c54.1be0  Teb: 000007fffffd6000 Win32Thread: fffff900c1ca7c10 WAIT: (WrQueue) UserMode Alertable
                fffffa80328e91c0  QueueObject

            THREAD fffffa80703a2060  Cid 0c54.1984  Teb: 000007fffffaa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
                fffffa8033a3a340  SynchronizationEvent

            THREAD fffffa8033d9e4b0  Cid 0c54.15d0  Teb: 000007fffffd8000 Win32Thread: fffff900c1d17c10 RUNNING on processor 0
            THREAD fffffa806f991b50  Cid 0c54.1f50  Teb: 000007fffffd4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
                fffffa80328e91c0  QueueObject

            THREAD fffffa8033ee3810  Cid 0c54.0304  Teb: 000007fffffa6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
                fffffa8033030470  SynchronizationEvent

    2017年1月20日 0:42

全部回复