none
windows server 2008R2频繁蓝屏重启 RRS feed

  • 问题

  • 环境:windows server 2008R2安装在vmware虚拟机,8c,16g

    网络:vmware NAT模式。注:网络配置了多个虚拟IP。

    应用:java应用程序使用不同的虚拟IP与其它服务器走TCP通信。

    现象:不定时蓝屏重启,BugCheck A、BugCheck C5都出现过。注:网络未配置多个虚拟IP之前,7天出现一次重启,配置多个虚拟IP后,重启频率基本一天一次。

    dmp文件下载地址

    https://pan.baidu.com/s/1YyLQHufTunEahuME-b53vw

    https://pan.baidu.com/s/1afYUfclAja9-eDBK09NuuQ

    dmp1

    Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\leepan\Desktop\111518-19484-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*DownstreamStore*https://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*DownstreamStore*https://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (8 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`01806000 PsLoadedModuleList = 0xfffff800`01a43e50
    Debug session time: Thu Nov 15 08:55:36.354 2018 (UTC + 8:00)
    System Uptime: 0 days 3:13:11.979
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .....................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {ffff, 2, 0, fffff8000186e2e8}

    Probably caused by : NETIO.SYS ( NETIO!NsiEnumerateObjectsAllParametersEx+24f )

    Followup: MachineOwner
    ---------

    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 000000000000ffff, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff8000186e2e8, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001aae0e0
    GetUlongFromAddress: unable to read from fffff80001aae198
     000000000000ffff Nonpaged pool

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nt!RtlEnumerateEntryHashTable+b2
    fffff800`0186e2e8 498b09          mov     rcx,qword ptr [r9]

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  svchost.exe

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

    TRAP_FRAME:  fffff88005e1c340 -- (.trap 0xfffff88005e1c340)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa80c327e3d0 rbx=0000000000000000 rcx=fffffa80c327e3d0
    rdx=fffffa80c308f010 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000186e2e8 rsp=fffff88005e1c4d8 rbp=fffffa80c1d03b40
     r8=0000000000005400  r9=000000000000ffff r10=fffffa80c1d03f80
    r11=0000000000001cbc r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe cy
    nt!RtlEnumerateEntryHashTable+0xb2:
    fffff800`0186e2e8 498b09          mov     rcx,qword ptr [r9] ds:00000000`0000ffff=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80001877469 to fffff80001877f00

    STACK_TEXT:  
    fffff880`05e1c1f8 fffff800`01877469 : 00000000`0000000a 00000000`0000ffff 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`05e1c200 fffff800`018760e0 : 00000000`00000000 fffffa80`c2e83a80 fffff880`05e1c528 fffff8a0`00c53060 : nt!KiBugCheckDispatch+0x69
    fffff880`05e1c340 fffff800`0186e2e8 : fffff880`0165bac4 fffffa80`c2e83a80 00000000`00000006 fffffa80`c307e110 : nt!KiPageFault+0x260
    fffff880`05e1c4d8 fffff880`0165bac4 : fffffa80`c2e83a80 00000000`00000006 fffffa80`c307e110 00000000`00000000 : nt!RtlEnumerateEntryHashTable+0xb2
    fffff880`05e1c4e0 fffff880`00e0302b : fffff880`05e1c6a0 fffffa80`00000001 00000000`00000000 fffffa80`c307e088 : tcpip!Ipv4EnumerateAllPaths+0x164
    fffff880`05e1c590 fffff880`018b6e29 : fffffa80`c307e000 fffff8a0`00000070 fffffa80`c2ab1670 00000000`01f1f580 : NETIO!NsiEnumerateObjectsAllParametersEx+0x24f
    fffff880`05e1c770 fffff880`018b88e8 : fffffa80`c2ab1670 fffffa80`c2ab15a0 00000000`00000003 fffffa80`c2ab15d8 : nsiproxy!NsippEnumerateObjectsAllParameters+0x305
    fffff880`05e1c960 fffff880`018b89db : fffffa80`c1db1c50 00000000`00000000 00000000`00000001 00000000`00000003 : nsiproxy!NsippDispatchDeviceControl+0x70
    fffff880`05e1c9a0 fffff800`01b903a7 : fffffa80`c27ff6f0 fffffa80`c27ff6f0 fffffa80`c2ab16b8 fffffa80`c2ab15a0 : nsiproxy!NsippDispatch+0x4b
    fffff880`05e1c9d0 fffff800`01b90c06 : 00000000`01f1f400 00000000`000004e8 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
    fffff880`05e1cb00 fffff800`01877153 : fffffa80`c28af3a0 00000000`01f1f3e8 fffff880`05e1cb88 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
    fffff880`05e1cb70 00000000`77bdff2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`01f1f478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77bdff2a


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    NETIO!NsiEnumerateObjectsAllParametersEx+24f
    fffff880`00e0302b 8bd8            mov     ebx,eax

    SYMBOL_STACK_INDEX:  5

    SYMBOL_NAME:  NETIO!NsiEnumerateObjectsAllParametersEx+24f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: NETIO

    IMAGE_NAME:  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc18a

    IMAGE_VERSION:  6.1.7600.16385

    FAILURE_BUCKET_ID:  X64_0xA_NETIO!NsiEnumerateObjectsAllParametersEx+24f

    BUCKET_ID:  X64_0xA_NETIO!NsiEnumerateObjectsAllParametersEx+24f

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xa_netio!nsienumerateobjectsallparametersex+24f

    FAILURE_ID_HASH:  {784cf53a-5849-0d93-69ce-c128a6fd1ea8}

    Followup: MachineOwner

    dmp2

    Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\leepan\Desktop\110918-14991-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*DownstreamStore*https://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*DownstreamStore*https://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (8 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`0185a000 PsLoadedModuleList = 0xfffff800`01a97e50
    Debug session time: Fri Nov  9 12:16:41.763 2018 (UTC + 8:00)
    System Uptime: 0 days 0:25:25.403
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {ffff, 2, 0, fffff800019fe907}

    Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+537 )

    Followup: MachineOwner
    ---------

    5: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 000000000000ffff, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff800019fe907, address which referenced memory

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0xC5_2

    CURRENT_IRQL:  2

    FAULTING_IP: 
    nt!ExAllocatePoolWithTag+537
    fffff800`019fe907 488b01          mov     rax,qword ptr [rcx]

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

    PROCESS_NAME:  conhost.exe

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre

    TRAP_FRAME:  fffff88005d8b1b0 -- (.trap 0xfffff88005d8b1b0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa80c2923b40 rbx=0000000000000000 rcx=000000000000ffff
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800019fe907 rsp=fffff88005d8b340 rbp=fffff80001a59880
     r8=0000000000000000  r9=fffff80001a59a30 r10=fffff80001a59888
    r11=fffff88005d8b460 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!ExAllocatePoolWithTag+0x537:
    fffff800`019fe907 488b01          mov     rax,qword ptr [rcx] ds:00000000`0000ffff=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800018cb469 to fffff800018cbf00

    STACK_TEXT:  
    fffff880`05d8b068 fffff800`018cb469 : 00000000`0000000a 00000000`0000ffff 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`05d8b070 fffff800`018ca0e0 : fffffa80`c29f6060 fffff800`01a59a30 fffffa80`c14f7f01 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`05d8b1b0 fffff800`019fe907 : fffff6fb`40000008 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiPageFault+0x260
    fffff880`05d8b340 fffff800`01bc2034 : 00000000`00000000 fffffa80`c153f570 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x537
    fffff880`05d8b430 fffff800`01bc4e9b : 00000000`00000001 fffffa80`c1525a01 ffff85cf`b6b37081 fffff880`05d8b4c8 : nt!ObpAllocateObject+0xc4
    fffff880`05d8b490 fffff800`01b9912b : 00000000`00bbd688 fffff880`05d8b660 00000000`00000000 00000000`00000001 : nt!ObCreateObject+0xdb
    fffff880`05d8b500 fffff800`018cb153 : fffffa80`c2923060 00000000`00bbd668 fffff880`05d8b588 000007fe`fe2659d8 : nt!NtCreateEvent+0x9b
    fffff880`05d8b570 00000000`77ce033a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`00bbd648 fffff800`018c3840 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ce033a
    fffff880`05d8ba30 fffff880`00961000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff900`c077c544 : nt!KiCallUserMode
    fffff880`05d8ba38 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff900`c077c544 fffff880`05d8c3b0 : 0xfffff880`00961000


    STACK_COMMAND:  kb

    FOLLOWUP_IP: 
    nt!ExAllocatePoolWithTag+537
    fffff800`019fe907 488b01          mov     rax,qword ptr [rcx]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nt!ExAllocatePoolWithTag+537

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

    IMAGE_VERSION:  6.1.7600.16385

    FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+537

    BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+537

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:x64_0xc5_2_nt!exallocatepoolwithtag+537

    FAILURE_ID_HASH:  {43cff6e0-04a0-5241-566f-b8c56ee24a18}

    Followup: MachineOwner


    • 已编辑 lp121 2018年11月15日 2:52
    2018年11月15日 2:49

全部回复

  • NETIO.SYS 是 Windows 网络 I/O 子系统驱动,它引起的蓝屏倒不一定是说这个文件本身有问题,而是通常因为与其它网络相关的驱动或组件,或者可能会监控网络的防火墙之类安全软件的驱动存在冲突。

    如果你可以确定没配置多个虚拟 IP 时比较正常,可以基本说明是虚拟 IP 设置引起的问题。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <lp121>;

    | *现象*:不定时蓝屏重启,BugCheck A、BugCheck C5都出现过。注:网络未配置多个虚拟IP之前,7天出现一次重启,配置多个虚拟IP后,重启频率基本一天一次。

    2018年11月16日 14:43
    版主
  • 谢谢回复。

    请问您有没有建议的解决方案呢?

    2018年11月19日 9:41
  • 服务器应该基本上不会对驱动程序做改动吧?在这次蓝屏出现之前有没有配置过虚拟 IP?

    如果以前曾经正常配置过,最近才出现问题,可能与最近安装的 Windows 更新程序有关。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <lp121>;

    | 谢谢回复。
    | 请问您有没有建议的解决方案呢?

    2018年11月19日 14:26
    版主