WinDbg分析出系统0xD1蓝屏,哪位大神帮忙指点一二?


昨天上午设置服务器使用Windows Update安装补丁,结果在下午6:30的时候出现蓝屏,使用WinDbg分析dmp文件,现在贴出分析的文本,哪位大牛看看具体是什么原因引起的。

补充一下,这台服务器主要主要是台数据库服务器,公司所有的服务器基本都放在上面,在分析的文本中有提到[NETIO.SYS ( NETIO!RtlGetNextExpiredTimerWheelEntry+ea )]这段,哪位大神可以解释下不?


 
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\060815-26613-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: Server, suite: Enterprise TerminalServer SingleUserTS Built by: 7601.18798.amd64fre.win7sp1_gdr.150316-1654 Machine Name: Kernel base = 0xfffff800`01663000 PsLoadedModuleList = 0xfffff800`018a8890 Debug session time: Mon Jun 8 18:26:48.323 2015 (GMT+8) System Uptime: 0 days 5:59:02.901 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ........................................................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {10, 2, 0, fffff880010c40f9} Probably caused by : NETIO.SYS ( NETIO!RtlGetNextExpiredTimerWheelEntry+ea ) Followup: MachineOwner --------- 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff880010c40f9, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001912100 0000000000000010 CURRENT_IRQL: 2 FAULTING_IP: NETIO!RtlGetNextExpiredTimerWheelEntry+ea fffff880`010c40f9 8b4210 mov eax,dword ptr [rdx+10h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff880021dc0c0 -- (.trap 0xfffff880021dc0c0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa80102402f8 rbx=0000000000000000 rcx=fffffa800cea8518 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880010c40f9 rsp=fffff880021dc258 rbp=0000000000000000 r8=000000000020def4 r9=fffffa800cea8000 r10=000000000020e9ad r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc NETIO!RtlGetNextExpiredTimerWheelEntry+0xea: fffff880`010c40f9 8b4210 mov eax,dword ptr [rdx+10h] ds:56b8:00000000`00000010=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff800016d4fe9 to fffff800016d5a40 STACK_TEXT: fffff880`021dbf78 fffff800`016d4fe9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`021dbf80 fffff800`016d3c60 : fffff880`021dc101 00000000`00000015 fffffa80`10c8f720 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`021dc0c0 fffff880`010c40f9 : fffff880`018aaf02 fffffa80`10240010 fffffa80`0cdcaa70 fffffa80`0cdbd9e8 : nt!KiPageFault+0x260 fffff880`021dc258 fffff880`018aaf02 : fffffa80`10240010 fffffa80`0cdcaa70 fffffa80`0cdbd9e8 00000000`0020df03 : NETIO!RtlGetNextExpiredTimerWheelEntry+0xea fffff880`021dc260 fffff880`018ab327 : 00000000`00000008 00000000`00000005 00000000`00000005 00000000`00000000 : tcpip!TcpProcessExpiredTcbTimers+0x1c2 fffff880`021dc330 fffff800`016e191c : fffff880`021b4180 00000000`00000005 fffff880`021dc4c0 00000000`00000000 : tcpip!TcpPeriodicTimeoutHandler+0x297 fffff880`021dc430 fffff800`016e17b6 : fffffa80`0cf367e8 00000000`00151252 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c fffff880`021dc4a0 fffff800`016e169e : 00000032`2891dae0 fffff880`021dcb18 00000000`00151252 fffff880`021b6fc8 : nt!KiProcessExpiredTimerList+0xc6 fffff880`021dcaf0 fffff800`016e1487 : 00000010`9db8e2c1 00000010`00151252 00000010`9db8e251 00000000`00000052 : nt!KiTimerExpiration+0x1be fffff880`021dcb90 fffff800`016cd74a : fffff880`021b4180 fffff880`021bf0c0 00000000`00000001 fffff800`00000000 : nt!KiRetireDpcList+0x277 fffff880`021dcc40 00000000`00000000 : fffff880`021dd000 fffff880`021d7000 fffff880`021dcc00 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: NETIO!RtlGetNextExpiredTimerWheelEntry+ea fffff880`010c40f9 8b4210 mov eax,dword ptr [rdx+10h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: NETIO!RtlGetNextExpiredTimerWheelEntry+ea FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381 FAILURE_BUCKET_ID: X64_0xD1_NETIO!RtlGetNextExpiredTimerWheelEntry+ea BUCKET_ID: X64_0xD1_NETIO!RtlGetNextExpiredTimerWheelEntry+ea Followup: MachineOwner --------- 5: kd> !process GetPointerFromAddress: unable to read from fffff80001912000 PROCESS fffffa800ca7d840 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000001bb0 HandleCount: <Data Not Accessible> Image: System VadRoot fffffa800ca70630 Vads 5 Clone 0 Private 8. Modified 2469127. Locked 0. DeviceMap fffff8a000008ca0 Token fffff8a000004040 ReadMemory error: Cannot get nt!KeMaximumIncrement value. fffff78000000000: Unable to get shared data ElapsedTime 00:00:00.000 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (92, 0, 0) (368KB, 0KB, 0KB) PeakWorkingSetSize 1214 VirtualSize 3 Mb PeakVirtualSize 7 Mb PageFaultCount 20306 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 28 *** Error in reading nt!_ETHREAD @ fffffa800ca7d2b0

windows-server windows-蓝屏 windows windbg

sbthere 10 years, 3 months ago

Your Answer