停止错误或蓝屏错误问题的高级疑难解答Advanced troubleshooting for Stop error or blue screen error issue

备注

如果你不是支持代理或 IT 专业人员,你将在解决蓝屏错误中查找有关停止错误 ("蓝) 消息 的更多有用信息If you're not a support agent or IT professional, you'll find more helpful information about Stop error ("blue screen") messages in Troubleshoot blue screen errors.

什么原因导致停止错误?What causes Stop errors?

停止错误显示为包含出错驱动程序名称的蓝屏,例如以下任一示例驱动程序:A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:

  • atikmpag.sys
  • igdkmd64.sys
  • nvlddmkm.sys

对于停止错误的原因没有简单的 (也称为蓝屏错误或错误检查错误) 。There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). 可能会涉及许多不同的因素。Many different factors can be involved. 但是,各种研究表明停止错误通常不是由 Microsoft Windows 组件引起的。However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. 相反,这些错误通常与第三方软件安装的硬件驱动程序或驱动程序出现故障有关。Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. 这包括视频卡、无线网卡、安全程序等。This includes video cards, wireless network cards, security programs, and so on.

我们对崩溃的根本原因的分析表明:Our analysis of the root causes of crashes indicates the following:

  • 70% 由第三方驱动程序代码导致70 percent are caused by third-party driver code
  • 10% 由硬件问题导致10 percent are caused by hardware issues
  • 5% 由 Microsoft 代码导致5 percent are caused by Microsoft code
  • 15% 的原因未知 (因为内存损坏,无法分析) 15 percent have unknown causes (because the memory is too corrupted to analyze)

常规疑难解答步骤General troubleshooting steps

若要解决"停止错误消息"问题,请按照以下常规步骤操作:To troubleshoot Stop error messages, follow these general steps:

  1. 查看事件日志中找到的停止错误代码。Review the Stop error code that you find in the event logs. 联机搜索特定的停止错误代码,以查看该问题是否有已知的问题、解决方法或解决方法。Search online for the specific Stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.

  2. 作为最佳实践,我们建议您执行以下操作:As a best practice, we recommend that you do the following:

    a.a. 请务必安装最新的 Windows 更新、累积更新和汇总更新。Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. 若要验证更新状态,请参阅系统相应的更新历史记录:To verify the update status, refer to the appropriate update history for your system:

  3. 运行 计算机内存转储收集器 Windows 诊断包。Run the Machine Memory Dump Collector Windows diagnostic package. 此诊断工具用于收集计算机内存转储文件并检查已知解决方案。This diagnostic tool is used to collect machine memory dump files and check for known solutions.

  4. 运行 Microsoft 安全扫描 程序或其他任何病毒检测程序,包括检查主启动记录是否感染。Run Microsoft Safety Scanner or any other virus detection program that includes checks of the Master Boot Record for infections.

  5. 确保硬盘上有足够的可用空间。Make sure that there is sufficient free space on the hard disk. 具体要求各不相同,但我们建议使用 10% 到 15% 的可用磁盘空间。The exact requirement varies, but we recommend 10–15 percent free disk space.

  6. 在下列情况下,请与相应的硬件或软件供应商联系以更新驱动程序和应用程序:Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:

    • 错误消息指示特定驱动程序导致该问题。The error message indicates that a specific driver is causing the problem.

    • 你将看到服务在崩溃发生前正在启动或停止的指示。You are seeing an indication of a service that is starting or stopping before the crash occurred. 在这种情况下,请确定服务行为在崩溃的所有实例中是否一致。In this situation, determine whether the service behavior is consistent across all instances of the crash.

    • 您进行了任何软件或硬件更改。You have made any software or hardware changes.

      备注

      如果特定制造商没有可用的更新,建议您禁用相关服务。If there are no updates available from a specific manufacturer, it is recommended that you disable the related service.

      若要执行此操作,请参阅 如何在 Windows 中执行干净启动To do this, see How to perform a clean boot in Windows

      你可以按照如何在 Windows 中临时停用内核模式 筛选器驱动程序中的步骤禁用驱动程序You can disable a driver by following the steps in How to temporarily deactivate the kernel mode filter driver in Windows.

      您可能还需要考虑回滚更改或还原到上次已知工作状态的选项。You may also want to consider the option of rolling back changes or reverting to the last-known working state. 有关详细信息,请参阅将设备 驱动程序回滚到以前版本For more information, see Roll Back a Device Driver to a Previous Version.

内存转储集合Memory dump collection

若要为系统配置内存转储文件,请按照以下步骤操作:To configure the system for memory dump files, follow these steps:

  1. 下载 DumpConfigurator 工具Download DumpConfigurator tool.
  2. 提取 .zip 文件并导航到 "源代码" 文件夹。Extract the .zip file and navigate to Source Code folder.
  3. 运行工具 DumpConfigurator.hta,然后选择提升此 HTA。Run the tool DumpConfigurator.hta, and then select Elevate this HTA.
  4. 选择 "自动配置内核"。Select Auto Config Kernel.
  5. 重新启动计算机,设置才能生效。Restart the computer for the setting to take effect.
  6. 停止和禁用 ASR (自动) 重新启动服务,以防止写入转储文件。Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written.
  7. 如果服务器已虚拟化,则创建内存转储文件后禁用自动重启。If the server is virtualized, disable auto reboot after the memory dump file is created. 这使你可以拍摄服务器状态快照,以及问题重复出现时。This lets you take a snapshot of the server in-state and also if the problem recurs.

内存转储文件保存在以下位置:The memory dump file is saved at the following locations:

转储文件类型Dump file type 位置Location
(无)(none) %SystemRoot%\MEMORY。DMP (处于非活动状态或灰显) %SystemRoot%\MEMORY.DMP (inactive, or grayed out)
小型内存转储文件 (256 kb) Small memory dump file (256 kb) %SystemRoot%\Minidump%SystemRoot%\Minidump
内核内存转储文件Kernel memory dump file %SystemRoot%\MEMORY。DMP%SystemRoot%\MEMORY.DMP
完成内存转储文件Complete memory dump file %SystemRoot%\MEMORY。DMP%SystemRoot%\MEMORY.DMP
自动内存转储文件Automatic memory dump file %SystemRoot%\MEMORY。DMP%SystemRoot%\MEMORY.DMP
活动内存转储文件Active memory dump file %SystemRoot%\MEMORY。DMP%SystemRoot%\MEMORY.DMP

可以使用 Microsoft DumpChk (故障转储文件检查) 检查器工具验证内存转储文件是否已损坏或无效。You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. 有关详细信息,请参阅以下视频:For more information, see the following video:

有关如何使用Dumpchk.exe转储文件的信息:More information on how to use Dumpchk.exe to check your dump files:

页面文件设置Pagefile Settings

内存转储分析Memory dump analysis

查找崩溃的根本原因可能并不简单。Finding the root cause of the crash may not be easy. 硬件问题特别难以诊断,因为它们可能导致错误和不可预知的行为,这些行为可能以各种症状显示。Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.

发生 Stop 错误时,应首先隔离有问题的组件,然后尝试使这些组件再次触发 Stop 错误。When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. 如果可以复制该问题,通常可以确定原因。If you can replicate the problem, you can usually determine the cause.

可以使用 Windows 软件开发工具包和 SDK (和) 等工具来诊断转储日志。You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs. 下一节将讨论如何使用此工具。The next section discusses how to use this tool.

高级疑难解答步骤Advanced troubleshooting steps

备注

如果你没有使用编程和内部 Windows 机制经验,则故障转储的高级疑难解答可能非常具有挑战性。Advanced troubleshooting of crash dumps can be very challenging if you are not experienced with programming and internal Windows mechanisms. 我们尝试在此处简要了解所使用的一些技术,包括一些示例。We have attempted to provide a brief insight here into some of the techniques used, including some examples. 但是,若要真正有效地解决故障转储问题,你应该花时间熟悉高级调试技术。However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. 有关视频概述,请参阅 高级 Windows 调试调试内核模式崩溃和挂起For a video overview, see Advanced Windows Debugging and Debugging Kernel Mode Crashes and Hangs. 另请参阅下面列出的高级参考。Also see the advanced references listed below.

高级调试参考Advanced debugging references

高级 Windows 调试Advanced Windows Debugging
Windows 调试工具(WinDbg、KD、CDB 和 NTSD)Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)

调试步骤Debugging steps

  1. 验证计算机是否设置为在崩溃时生成完整的内存转储文件。Verify that the computer is set up to generate a complete memory dump file when a crash occurs. 有关详细信息 ,请参阅 此处的步骤。See the steps here for more information.
  2. 在正在崩溃的计算机上找到 Windows 目录中的 memory.dmp 文件,将该文件复制到另一台计算机。Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
  3. 在其他计算机上,下载 Windows 10 SDK。On the other computer, download the Windows 10 SDK.
  4. 开始安装,然后选择 "Windows 调试工具"。Start the install and choose Debugging Tools for Windows. 这将安装 WinDbg 工具。This installs the WinDbg tool.
  5. 打开 WinDbg 工具并设置符号路径,方法是单击"文件 ",然后单击"符号文件路径"。Open the WinDbg tool and set the symbol path by clicking File and then clicking Symbol File Path.
    a.a. 如果计算机已连接到 Internet,请输入 Microsoft公共符号 ( https://msdl.microsoft.com/download/symbols) 然后单击"确定 "。If the computer is connected to the Internet, enter the Microsoft public symbol server (https://msdl.microsoft.com/download/symbols) and click OK. 这是推荐的方法。This is the recommended method.
    b.b. 如果计算机未连接到 Internet,则必须指定本地 符号路径If the computer is not connected to the Internet, you must specify a local symbol path.
  6. 单击" 打开故障转储",然后打开您复制的 memory.dmp 文件。Click on Open Crash Dump, and then open the memory.dmp file that you copied. 请参阅下面的示例。See the example below. WinDbg img
  7. 应该有一个链接,在"Bugcheck 分析"下显示 "!analyze -v"。 ****There should be a link that says !analyze -v under Bugcheck Analysis. 单击该链接。Click that link. 这将在页面底部的提示符中输入命令 !analyze -v。This will enter the command !analyze -v in the prompt at the bottom of the page.
  8. 将显示详细的检测错误分析。A detailed bugcheck analysis will appear. 请参阅下面的示例。See the example below. 检测错误分析
  9. 向下滚动到其中显示 "STACK_TEXT"部分Scroll down to the section where it says STACK_TEXT. 有一行数字,每行后跟一个冒号和一些文本。There will be rows of numbers with each row followed by a colon and some text. 该文本应告诉你什么 DLL 导致崩溃以及哪些服务导致 DLL 崩溃(如果适用)。That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
  10. 请参阅 使用 !analyze Extension 了解有关如何解释扩展STACK_TEXT的详细信息。See Using the !analyze Extension for details about how to interpret the STACK_TEXT output.

检测错误的原因有很多,并且每个情况都是唯一的。There are many possible causes of a bugcheck and each case is unique. 在以上示例中,可以从以下两个示例中标识的重要行STACK_TEXT 20、21 和 22:In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:

(删除十六进制数据,并针对清晰起见对行进行) (HEX data is removed here and lines are numbered for clarity)

1  : nt!KeBugCheckEx
2  : nt!PspCatchCriticalBreak+0xff
3  : nt!PspTerminateAllThreads+0x1134cf
4  : nt!PspTerminateProcess+0xe0
5  : nt!NtTerminateProcess+0xa9
6  : nt!KiSystemServiceCopyEnd+0x13
7  : nt!KiServiceLinkage
8  : nt!KiDispatchException+0x1107fe
9  : nt!KiFastFailDispatch+0xe4
10 : nt!KiRaiseSecurityCheckFailure+0x3d3
11 : ntdll!RtlpHpFreeWithExceptionProtection$filt$0+0x44
12 : ntdll!_C_specific_handler+0x96
13 : ntdll!RtlpExecuteHandlerForException+0xd
14 : ntdll!RtlDispatchException+0x358
15 : ntdll!KiUserExceptionDispatch+0x2e
16 : ntdll!RtlpHpVsContextFree+0x11e
17 : ntdll!RtlpHpFreeHeap+0x48c
18 : ntdll!RtlpHpFreeWithExceptionProtection+0xda
19 : ntdll!RtlFreeHeap+0x24a
20 : FWPolicyIOMgr!FwBinariesFree+0xa7c2
21 : mpssvc!FwMoneisDiagEdpPolicyUpdate+0x1584f
22 : mpssvc!FwEdpMonUpdate+0x6c
23 : ntdll!RtlpWnfWalkUserSubscriptionList+0x29b
24 : ntdll!RtlpWnfProcessCurrentDescriptor+0x105
25 : ntdll!RtlpWnfNotificationThread+0x80
26 : ntdll!TppExecuteWaitCallback+0xe1
27 : ntdll!TppWorkerThread+0x8d0
28 : KERNEL32!BaseThreadInitThunk+0x14
29 : ntdll!RtlUserThreadStart+0x21

此处的问题是 mpssvc, 它是 Windows 防火墙的一个组件。The problem here is with mpssvc which is a component of the Windows Firewall. 通过暂时禁用防火墙,然后重置防火墙策略来修复此问题。The problem was repaired by disabling the firewall temporarily and then resetting firewall policies.

本文底部的调试 示例 部分提供了其他示例。Additional examples are provided in the Debugging examples section at the bottom of this article.

视频资源Video resources

以下视频演示用于分析转储文件的各种疑难解答技术。The following videos illustrate various troubleshooting techniques for analyzing dump files.

使用驱动程序验证程序进行高级疑难解答Advanced troubleshooting using Driver Verifier

我们估计所有停止错误中大约 75% 是由错误的驱动程序引起的。We estimate that about 75 percent of all Stop errors are caused by faulty drivers. 驱动程序验证程序工具提供了多种方法来帮助你排除故障。The Driver Verifier tool provides several methods to help you troubleshoot. 这包括在隔离的内存池中运行驱动程序 (无需与其他组件共享) 、产生极端内存压力和验证参数。These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. 如果该工具在执行驱动程序代码时遇到错误,它会主动创建异常,以允许进一步检查代码的这一部分。If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further.

警告

驱动程序验证程序会消耗大量 CPU,并且可能会显著降低计算机速度。Driver Verifier consumes lots of CPU and can slow down the computer significantly. 你还可能会遇到其他崩溃。You may also experience additional crashes. 发生停止错误后,验证程序将禁用出错的驱动程序,并继续执行此操作,直到你可以成功重新启动系统并访问桌面。Verifier disables faulty drivers after a Stop error occurs, and continues to do this until you can successfully restart the system and access the desktop. 您还可以看到创建的多个转储文件。You can also expect to see several dump files created.

不要尝试一次验证所有驱动程序。Don’t try to verify all the drivers at one time. 这会降低性能,使系统不可用。This can degrade performance and make the system unusable. 这还会限制工具的有效性。This also limits the effectiveness of the tool.

使用驱动程序验证程序时,请使用以下指南:Use the following guidelines when you use Driver Verifier:

  • 测试最近更新 (已知存在问题的驱动程序的任何"可疑"驱动程序) 。Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
  • 如果你仍然遇到不可分析的崩溃,请尝试在所有第三方和未签名的驱动程序上启用验证。If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
  • 在 10–20 个驱动程序组上启用并发验证。Enable concurrent verification on groups of 10–20 drivers.
  • 此外,如果计算机由于驱动程序验证程序无法启动到桌面,可以通过在安全模式下启动来禁用该工具。Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. 这是因为该工具无法在安全模式下运行。This is because the tool cannot run in Safe mode.

有关详细信息,请参阅驱动程序 验证程序For more information, see Driver Verifier.

常见的 Windows 停止错误Common Windows Stop errors

此部分不包含所有错误代码的列表,但由于许多错误代码具有相同的潜在解决方法,因此最佳匹配是按照以下步骤对错误进行疑难解答。This section doesn't contain a list of all error codes, but since many error codes have the same potential resolutions, your best bet is to follow the steps below to troubleshoot your error.

下表列出了常见停止错误代码的常规疑难解答过程。The following table lists general troubleshooting procedures for common Stop error codes.

停止错误消息和代码Stop error message and code 缓解Mitigation
VIDEO_ENGINE_TIMEOUT_DETECTED 或 VIDEO_TDR_TIMEOUT_DETECTEDVIDEO_ENGINE_TIMEOUT_DETECTED or VIDEO_TDR_TIMEOUT_DETECTED
停止错误代码0x00000141或停止0x00000117Stop error code 0x00000141, or 0x00000117
请与列出的显示驱动程序的供应商联系,获取该驱动程序的适当更新。Contact the vendor of the listed display driver to get an appropriate update for that driver.
DRIVER_IRQL_NOT_LESS_OR_EQUALDRIVER_IRQL_NOT_LESS_OR_EQUAL
停止错误代码0x0000000D1Stop error code 0x0000000D1
通过 Microsoft 更新目录网站应用系统的最新累积更新,应用驱动程序的最新更新。更新过时的 NIC 驱动程序。Apply the latest updates for the driver by applying the latest cumulative updates for the system through the Microsoft Update Catalog website.Update an outdated NIC driver. 虚拟化 VMware 系统通常运行"Intel (R) PRO/1000 MT 网络连接" (e1g6032e.sys) 。Virtualized VMware systems often run “Intel(R) PRO/1000 MT Network Connection” (e1g6032e.sys). 此驱动程序在 http://downloadcenter.intel.com 中提供。This driver is available at http://downloadcenter.intel.com. 请与硬件供应商联系以更新 NIC 驱动程序以解决问题。Contact the hardware vendor to update the NIC driver for a resolution. 对于 VMware 系统,使用 VMware 集成 NIC 驱动程序 (VMXNET 或 VMXNET2 类型,VMXNET3) 而不是 Intel e1g6032e.sys。For VMware systems, use the VMware integrated NIC driver (types VMXNET or VMXNET2 , VMXNET3 can be used) instead of Intel e1g6032e.sys.
PAGE_FAULT_IN_NONPAGED_AREAPAGE_FAULT_IN_NONPAGED_AREA
停止错误代码0x000000050Stop error code 0x000000050
如果在停止错误消息中标识了驱动程序,请与制造商联系以进行更新。如果没有可用的更新,请禁用驱动程序,并监视系统的稳定性。If a driver is identified in the Stop error message, contact the manufacturer for an update.If no updates are available, disable the driver, and monitor the system for stability. 运行 Chkdsk /f /r 以检测和修复磁盘错误。Run Chkdsk /f /r to detect and repair disk errors. 在系统分区上开始磁盘扫描之前,必须重新启动系统。You must restart the system before the disk scan begins on a system partition. 请与制造商联系,联系他们可能会为硬盘子系统提供的任何诊断工具。Contact the manufacturer for any diagnostic tools that they may provide for the hard disk subsystem. 尝试重新安装最近安装或更新的任何应用程序或服务。Try to reinstall any application or service that was recently installed or updated. 系统启动应用程序和读取注册表的首选项设置时,可能会触发崩溃。It's possible that the crash was triggered while the system was starting applications and reading the registry for preference settings. 重新安装应用程序可以修复损坏的注册表项。如果问题仍然存在,并且您运行了最近的系统状态备份,请尝试从备份还原注册表配置单元。Reinstalling the application can fix corrupted registry keys.If the problem persists, and you have run a recent system state backup, try to restore the registry hives from the backup.
SYSTEM_SERVICE_EXCEPTIONSYSTEM_SERVICE_EXCEPTION
停止错误代码 c000021a {Fatal System Error} Windows SubSystem 系统进程意外终止,0xc0000005。Stop error code c000021a {Fatal System Error} The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005. 系统已关闭。The system has been shut down.
使用系统文件检查器工具修复丢失或损坏的系统文件。Use the System File Checker tool to repair missing or corrupted system files. 系统文件检查器允许用户扫描 Windows 系统文件是否损坏,并还原损坏的文件。The System File Checker lets users scan for corruptions in Windows system files and restore corrupted files. 有关详细信息,请参阅 使用系统文件检查器工具For more information, see Use the System File Checker tool.
NTFS_FILE_SYSTEMNTFS_FILE_SYSTEM
停止错误代码0x000000024Stop error code 0x000000024
此 Stop 错误通常由 NTFS 文件系统损坏或硬盘上 (扇区) 损坏导致。This Stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. SATA 或 IDE (硬盘的损坏) 也会对系统读取和写入磁盘的能力产生不利影响。Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. 运行存储子系统的制造商提供的任何硬件诊断。Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. 使用扫描磁盘工具验证没有文件系统错误。Use the scan disk tool to verify that there are no file system errors. 为此,请右键单击要扫描的驱动器,选择"属性",选择"工具",然后选择"立即检查"按钮。我们还建议你更新 NTFS 文件系统驱动程序 (Ntfs.sys) ,并应用遇到问题的当前操作系统的最新累积更新。To do this, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button.We also suggest that you update the NTFS file system driver (Ntfs.sys), and apply the latest cumulative updates for the current operating system that is experiencing the problem.
KMODE_EXCEPTION_NOT_HANDLEDKMODE_EXCEPTION_NOT_HANDLED
停止错误代码0x0000001EStop error code 0x0000001E
如果驱动程序在停止错误消息中标识,请禁用或删除该驱动程序。If a driver is identified in the Stop error message, disable or remove that driver. 禁用或删除最近添加的任何驱动程序或服务。Disable or remove any drivers or services that were recently added.

如果错误在启动序列期间发生,并且系统分区是使用 NTFS 文件系统格式化的,则你可能可以使用安全模式在设备管理器中禁用驱动程序。If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use Safe mode to disable the driver in Device Manager. 为此,请执行下列步骤:To do this, follow these steps:

转到设置 > & 更新安全>恢复Go to Settings > Update & security > Recovery. "高级启动" 下,选择 "立即重启"。Under Advanced startup, select Restart now. 在电脑重启到"选择选项"屏幕后,选择"高级选项疑难解答** > > ""启动设置 > 重启"。**After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart. 重新启动计算机后,你将看到选项列表。After the computer restarts, you'll see a list of options. 4F4 以在安全模式下启动计算机。Press 4 or F4 to start the computer in Safe mode. 或者,如果你打算在安全模式下使用 Internet,请按 5F5 作为带网络的安全模式选项。Or, if you intend to use the Internet while in Safe mode, press 5 or F5 for the Safe Mode with Networking option.
DPC_WATCHDOG_VIOLATIONDPC_WATCHDOG_VIOLATION
停止错误代码0x00000133Stop error code 0x00000133
此停止错误代码由错误的驱动程序导致,该驱动程序在某些条件下未在所分配的时间范围内完成其工作。This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. 若要帮助我们缓解此错误,请从系统收集内存转储文件,然后使用 Windows 调试器查找出错的驱动程序。To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. 如果在停止错误消息中标识驱动程序,请禁用驱动程序以隔离问题。If a driver is identified in the Stop error message, disable the driver to isolate the problem. 请与制造商联系,了解驱动程序更新。Check with the manufacturer for driver updates. 在事件查看器中检查系统日志,查看其他错误消息,这些错误消息可能会帮助识别导致停止错误0x133。Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. 验证安装的任何新硬件是否与已安装的 Windows 版本兼容。Verify that any new hardware that is installed is compatible with the installed version of Windows. 例如,你可以从 Windows 10 规范获取有关所需硬件的信息。For example, you can get information about required hardware at Windows 10 Specifications. 如果安装了 Windows 调试器,并且你有权访问公共符号,可以将 c:\windows\memory.dmp 文件加载到调试器中,然后参考确定 Windows Server 2012 上 Bug 检查 0x133 (DPC_WATCHDOG_VIOLATION) 错误的来源,以从内存转储中查找有问题的驱动程序。If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012 to find the problematic driver from the memory dump.
USER_MODE_HEALTH_MONITORUSER_MODE_HEALTH_MONITOR
停止错误代码0x0000009EStop error code 0x0000009E
此停止错误指示用户模式运行状况检查以阻止正常关闭的方式失败。This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. 因此,Windows 通过重新启动或启用到其他服务器的应用程序故障转移来还原关键服务。Therefore, Windows restores critical services by restarting or enabling application failover to other servers. 群集服务包含一种检测机制,该检测机制可检测用户模式组件中的无响应性。The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
此停止错误通常发生在群集环境中,并且指示的错误驱动程序RHS.exe。检查事件日志中是否有存储失败,以确定失败进程。This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process. 尝试更新事件日志中指示的组件或进程。Try to update the component or process that is indicated in the event logs. 您应该会看到以下记录的事件:You should see the following event recorded:
事件 ID:4870Event ID: 4870
源:Microsoft-Windows-FailoverClusteringSource: Microsoft-Windows-FailoverClustering
说明:用户模式运行状况监视检测到系统没有响应。Description: User mode health monitoring has detected that the system is not being responsive. 故障转移群集虚拟适配器已失去与进程 ID 为"%1"的群集服务器进程的联系,时间为"%2"秒。The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. 执行恢复操作。Recovery action is taken. 查看群集日志以标识进程并调查哪些项目可能会导致进程挂起。Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
有关详细信息,请参阅"为什么我的故障转移群集节点蓝色屏蔽具有停止0x0000009E?For more information, see "Why is my Failover Clustering node blue screening with a Stop 0x0000009E?" 另请参阅以下 Microsoft 视频 发生 9E 时要执行哪些操作Also, see the following Microsoft video What to do if a 9E occurs.

调试示例Debugging examples

示例 1Example 1

此检测错误是由升级期间驱动程序挂起导致的,导致 Microsoft 驱动程序NDIS.sys (检查 D1) 。This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). the IMAGE_NAME tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed.The IMAGE_NAME tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. 解决方法是在设备管理器中禁用网络设备,然后再次尝试升级。The resolution method is to disable the network device in device manager and try the upgrade again.

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000011092a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff807aa74f4c4, address which referenced memory
Debugging Details:
------------------

KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
SIMULTANEOUS_TELSVC_INSTANCES:  0
SIMULTANEOUS_TELWP_INSTANCES:  0
BUILD_VERSION_STRING:  16299.15.amd64fre.rs3_release.170928-1534
SYSTEM_MANUFACTURER:  Alienware
SYSTEM_PRODUCT_NAME:  Alienware 15 R2
SYSTEM_SKU:  Alienware 15 R2
SYSTEM_VERSION:  1.2.8
BIOS_VENDOR:  Alienware
BIOS_VERSION:  1.2.8
BIOS_DATE:  01/29/2016
BASEBOARD_MANUFACTURER:  Alienware
BASEBOARD_PRODUCT:  Alienware 15 R2
BASEBOARD_VERSION:  A00
DUMP_TYPE:  2
BUGCHECK_P1: 11092a
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff807aa74f4c4
WRITE_ADDRESS: fffff80060602380: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
000000000011092a 
CURRENT_IRQL:  2
FAULTING_IP: 
NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx
CPU_COUNT: 8
CPU_MHZ: a20
CPU_VENDOR:  GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 5e
CPU_STEPPING: 3
CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: BA'00000000 (cache) BA'00000000 (init)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  System
ANALYSIS_SESSION_HOST:  SHENDRIX-DEV0
ANALYSIS_SESSION_TIME:  01-17-2019 11:06:05.0653
ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
TRAP_FRAME:  ffffa884c0c3f6b0 -- (.trap 0xffffa884c0c3f6b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff807ad018bf0 rbx=0000000000000000 rcx=000000000011090a
rdx=fffff807ad018c10 rsi=0000000000000000 rdi=0000000000000000
rip=fffff807aa74f4c4 rsp=ffffa884c0c3f840 rbp=000000002408fd00
r8=ffffb30e0e99ea30  r9=0000000001d371c1 r10=0000000020000080
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
NDIS!NdisQueueIoWorkItem+0x4:
fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx ds:00000000`0011092a=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800603799e9 to fffff8006036e0e0

STACK_TEXT:  
ffffa884`c0c3f568 fffff800`603799e9 : 00000000`0000000a 00000000`0011092a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134] 
ffffa884`c0c3f570 fffff800`60377d7d : fffff78a`4000a150 ffffb30e`03fba001 ffff8180`f0b5d180 00000000`000000ff : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998] 
ffffa884`c0c3f6b0 fffff807`aa74f4c4 : 00000000`00000002 ffff8180`f0754180 00000000`00269fb1 ffff8180`f0754180 : nt!KiPageFault+0x23d [minkernel\ntos\ke\amd64\trap.asm @ 1248] 
ffffa884`c0c3f840 fffff800`60256b63 : ffffb30e`0e18f710 ffff8180`f0754180 ffffa884`c0c3fa18 00000000`00000002 : NDIS!NdisQueueIoWorkItem+0x4 [minio\ndis\sys\miniport.c @ 9708] 
ffffa884`c0c3f870 fffff800`60257bfd : 00000000`00000008 00000000`00000000 00000000`00269fb1 ffff8180`f0754180 : nt!KiProcessExpiredTimerList+0x153 [minkernel\ntos\ke\dpcsup.c @ 2078] 
ffffa884`c0c3f960 fffff800`6037123a : 00000000`00000000 ffff8180`f0754180 00000000`00000000 ffff8180`f0760cc0 : nt!KiRetireDpcList+0x43d [minkernel\ntos\ke\dpcsup.c @ 1512] 
ffffa884`c0c3fb60 00000000`00000000 : ffffa884`c0c40000 ffffa884`c0c39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a [minkernel\ntos\ke\amd64\idle.asm @ 166] 

RETRACER_ANALYSIS_TAG_STATUS:  Failed in getting KPCR for core 2
THREAD_SHA1_HASH_MOD_FUNC:  5b59a784f22d4b5cbd5a8452fe39914b8fd7961d
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  5643383f9cae3ca39073f7721b53f0c633bfb948
THREAD_SHA1_HASH_MOD:  20edda059578820e64b723e466deea47f59bd675
FOLLOWUP_IP: 
NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx
FAULT_INSTR_CODE:  20518948
FAULTING_SOURCE_LINE:  minio\ndis\sys\miniport.c
FAULTING_SOURCE_FILE:  minio\ndis\sys\miniport.c
FAULTING_SOURCE_LINE_NUMBER:  9708
FAULTING_SOURCE_CODE:  
  9704:     _In_ _Points_to_data_      PVOID                       WorkItemContext
  9705:     )
  9706: {
  9707: 
> 9708:     ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->Routine = Routine;
  9709:     ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->WorkItemContext = WorkItemContext;
  9710: 
  9711:     IoQueueWorkItem(((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->IoWorkItem,
  9712:                     ndisDispatchIoWorkItem,
  9713:                     CriticalWorkQueue,

SYMBOL_STACK_INDEX:  3
SYMBOL_NAME:  NDIS!NdisQueueIoWorkItem+4
FOLLOWUP_NAME:  ndiscore
MODULE_NAME: NDIS
IMAGE_NAME:  NDIS.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  0
IMAGE_VERSION:  10.0.16299.99
DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR:  Hybrid_FALSE
DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR:  GPU0_VenId0x1414_DevId0x8d_WDDM1.3_Active;
STACK_COMMAND:  .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET:  4
FAILURE_BUCKET_ID:  AV_NDIS!NdisQueueIoWorkItem
BUCKET_ID:  AV_NDIS!NdisQueueIoWorkItem
PRIMARY_PROBLEM_CLASS:  AV_NDIS!NdisQueueIoWorkItem
TARGET_TIME:  2017-12-10T14:16:08.000Z
OSBUILD:  16299
OSSERVICEPACK:  98
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK:  784
PRODUCT_TYPE:  1
OSPLATFORM_TYPE:  x64
OSNAME:  Windows 10
OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:  
USER_LCID:  0
OSBUILD_TIMESTAMP:  2017-11-26 03:49:20
BUILDDATESTAMP_STR:  170928-1534
BUILDLAB_STR:  rs3_release
BUILDOSVER_STR:  10.0.16299.15.amd64fre.rs3_release.170928-1534
ANALYSIS_SESSION_ELAPSED_TIME:  8377
ANALYSIS_SOURCE:  KM
FAILURE_ID_HASH_STRING:  km:av_ndis!ndisqueueioworkitem
FAILURE_ID_HASH:  {10686423-afa1-4852-ad1b-9324ac44ac96}
FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
Followup:     ndiscore
---------

示例 2Example 2

此示例中,非 Microsoft 驱动程序导致了页面错误,因此,我们对此驱动程序没有符号。In this example, a non-Microsoft driver caused page fault, so we don’t have symbols for this driver. 但是,查看 IMAGE_NAMEMODULE_NAME 表明 **WwanUsbMP.sys问题的原因 ** 。However, looking at IMAGE_NAME and or MODULE_NAME indicates it’s WwanUsbMP.sys that caused the issue. 断开设备连接并重试升级是一种可能的解决方案。Disconnecting the device and retrying the upgrade is a possible solution.


1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: 8ba10000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 82154573, If non-zero, the instruction address which referenced the bad memory
                address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for WwanUsbMp.sys
*** ERROR: Module load completed but symbols could not be loaded for WwanUsbMp.sys

KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING:  16299.15.x86fre.rs3_release.170928-1534
MARKER_MODULE_NAME:  IBM_ibmpmdrv
SYSTEM_MANUFACTURER:  LENOVO
SYSTEM_PRODUCT_NAME:  20AWS07H00
SYSTEM_SKU:  LENOVO_MT_20AW_BU_Think_FM_ThinkPad T440p
SYSTEM_VERSION:  ThinkPad T440p
BIOS_VENDOR:  LENOVO
BIOS_VERSION:  GLET85WW (2.39 )
BIOS_DATE:  09/29/2016
BASEBOARD_MANUFACTURER:  LENOVO
BASEBOARD_PRODUCT:  20AWS07H00
BASEBOARD_VERSION:  Not Defined
DUMP_TYPE:  2
BUGCHECK_P1: ffffffff8ba10000
BUGCHECK_P2: 0
BUGCHECK_P3: ffffffff82154573
BUGCHECK_P4: 0
READ_ADDRESS: 822821d0: Unable to get MiVisibleState
8ba10000 
FAULTING_IP: 
nt!memcpy+33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213
82154573 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
MM_INTERNAL_CODE:  0
CPU_COUNT: 4
CPU_MHZ: 95a
CPU_VENDOR:  GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 21'00000000 (cache) 21'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
BUGCHECK_STR:  AV
PROCESS_NAME:  System
CURRENT_IRQL:  2
ANALYSIS_SESSION_HOST:  SHENDRIX-DEV0
ANALYSIS_SESSION_TIME:  01-17-2019 10:54:53.0780
ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
TRAP_FRAME:  8ba0efa8 -- (.trap 0xffffffff8ba0efa8)
ErrCode = 00000000
eax=8ba1759e ebx=a2bfd314 ecx=00001d67 edx=00000002 esi=8ba10000 edi=a2bfe280
eip=82154573 esp=8ba0f01c ebp=8ba0f024 iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010216
nt!memcpy+0x33:
82154573 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
Resetting default scope
LOCK_ADDRESS:  8226c6e0 -- (!locks 8226c6e0)
Cannot get _ERESOURCE type
Resource @ nt!PiEngineLock (0x8226c6e0)    Available
1 total locks
PNP_TRIAGE_DATA: 
                Lock address  : 0x8226c6e0
                Thread Count  : 0
                Thread address: 0x00000000
                Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from 82076708 to 821507e8

STACK_TEXT:  
8ba0ede4 82076708 00000050 8ba10000 00000000 nt!KeBugCheckEx [minkernel\ntos\ke\i386\procstat.asm @ 114] 
8ba0ee40 8207771e 8ba0efa8 8ba10000 8ba0eea0 nt!MiSystemFault+0x13c8 [minkernel\ntos\mm\mmfault.c @ 4755] 
8ba0ef08 821652ac 00000000 8ba10000 00000000 nt!MmAccessFault+0x83e [minkernel\ntos\mm\mmfault.c @ 6868] 
8ba0ef08 82154573 00000000 8ba10000 00000000 nt!_KiTrap0E+0xec [minkernel\ntos\ke\i386\trap.asm @ 5153] 
8ba0f024 86692866 a2bfd314 8ba0f094 0000850a nt!memcpy+0x33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213] 
8ba0f040 866961bc 8ba0f19c a2bfd0e8 00000000 NDIS!ndisMSetPowerManagementCapabilities+0x8a [minio\ndis\sys\miniport.c @ 7969] 
8ba0f060 866e1f66 866e1caf adfb9000 00000000 NDIS!ndisMSetGeneralAttributes+0x23d [minio\ndis\sys\miniport.c @ 8198] 
8ba0f078 ac50c15f a2bfd0e8 0000009f 00000001 NDIS!NdisMSetMiniportAttributes+0x2b7 [minio\ndis\sys\miniport.c @ 7184] 
WARNING: Stack unwind information not available. Following frames may be wrong.
8ba0f270 ac526f96 adfb9000 a2bfd0e8 8269b9b0 WwanUsbMp+0x1c15f
8ba0f3cc 866e368a a2bfd0e8 00000000 8ba0f4c0 WwanUsbMp+0x36f96
8ba0f410 867004b0 a2bfd0e8 a2bfd0e8 a2be2a70 NDIS!ndisMInvokeInitialize+0x60 [minio\ndis\sys\miniport.c @ 13834] 
8ba0f7ac 866dbc8e a2acf730 866b807c 00000000 NDIS!ndisMInitializeAdapter+0xa23 [minio\ndis\sys\miniport.c @ 601] 
8ba0f7d8 866e687d a2bfd0e8 00000000 00000000 NDIS!ndisInitializeAdapter+0x4c [minio\ndis\sys\initpnp.c @ 931] 
8ba0f800 866e90bb adfb64d8 00000000 a2bfd0e8 NDIS!ndisPnPStartDevice+0x118 [minio\ndis\sys\configm.c @ 4235] 
8ba0f820 866e8a58 adfb64d8 a2bfd0e8 00000000 NDIS!ndisStartDeviceSynchronous+0xbd [minio\ndis\sys\ndispnp.c @ 3096] 
8ba0f838 866e81df adfb64d8 8ba0f85e 8ba0f85f NDIS!ndisPnPIrpStartDevice+0xb4 [minio\ndis\sys\ndispnp.c @ 1067] 
8ba0f860 820a7e98 a2bfd030 adfb64d8 8ba0f910 NDIS!ndisPnPDispatch+0x108 [minio\ndis\sys\ndispnp.c @ 2429] 
8ba0f878 8231f07e 8ba0f8ec adf5d4c8 872e2eb8 nt!IofCallDriver+0x48 [minkernel\ntos\io\iomgr\iosubs.c @ 3149] 
8ba0f898 820b8569 820c92b8 872e2eb8 8ba0f910 nt!PnpAsynchronousCall+0x9e [minkernel\ntos\io\pnpmgr\irp.c @ 3005] 
8ba0f8cc 820c9a76 00000000 820c92b8 872e2eb8 nt!PnpSendIrp+0x67 [minkernel\ntos\io\pnpmgr\irp.h @ 286] 
8ba0f914 8234577b 872e2eb8 adf638b0 adf638b0 nt!PnpStartDevice+0x60 [minkernel\ntos\io\pnpmgr\irp.c @ 3187] 
8ba0f94c 82346cc7 872e2eb8 adf638b0 adf638b0 nt!PnpStartDeviceNode+0xc3 [minkernel\ntos\io\pnpmgr\start.c @ 1712] 
8ba0f96c 82343c68 00000000 a2bdb3d8 adf638b0 nt!PipProcessStartPhase1+0x4d [minkernel\ntos\io\pnpmgr\start.c @ 114] 
8ba0fb5c 824db885 8ba0fb80 00000000 00000000 nt!PipProcessDevNodeTree+0x386 [minkernel\ntos\io\pnpmgr\enum.c @ 6129] 
8ba0fb88 8219571b 85852520 8c601040 8226ba90 nt!PiRestartDevice+0x91 [minkernel\ntos\io\pnpmgr\enum.c @ 4743] 
8ba0fbe8 820804af 00000000 00000000 8c601040 nt!PnpDeviceActionWorker+0xdb4b7 [minkernel\ntos\io\pnpmgr\action.c @ 674] 
8ba0fc38 8211485c 85852520 421de295 00000000 nt!ExpWorkerThread+0xcf [minkernel\ntos\ex\worker.c @ 4270] 
8ba0fc70 82166785 820803e0 85852520 00000000 nt!PspSystemThreadStartup+0x4a [minkernel\ntos\ps\psexec.c @ 7756] 
8ba0fc88 82051e07 85943940 8ba0fcd8 82051bb9 nt!KiThreadStartup+0x15 [minkernel\ntos\ke\i386\threadbg.asm @ 82] 
8ba0fc94 82051bb9 8b9cc600 8ba10000 8ba0d000 nt!KiProcessDeferredReadyList+0x17 [minkernel\ntos\ke\thredsup.c @ 5309] 
8ba0fcd8 00000000 00000000 00000000 00000000 nt!KeSetPriorityThread+0x249 [minkernel\ntos\ke\thredobj.c @ 3881] 


RETRACER_ANALYSIS_TAG_STATUS:  Failed in getting KPCR for core 1
THREAD_SHA1_HASH_MOD_FUNC:  e029276c66aea80ba36903e89947127118d31128
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  012389f065d31c8eedd6204846a560146a38099b
THREAD_SHA1_HASH_MOD:  44dc639eb162a28d47eaeeae4afe6f9eeccced3d
FOLLOWUP_IP: 
WwanUsbMp+1c15f
ac50c15f 8bf0            mov     esi,eax
FAULT_INSTR_CODE:  f33bf08b
SYMBOL_STACK_INDEX:  8
SYMBOL_NAME:  WwanUsbMp+1c15f
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: WwanUsbMp
IMAGE_NAME:  WwanUsbMp.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  5211bb0c
DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR:  Hybrid_FALSE
DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR:  GPU0_VenId0x1414_DevId0x8d_WDDM1.3_NotActive;GPU1_VenId0x8086_DevId0x416_WDDM1.3_Active_Post;
STACK_COMMAND:  .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET:  1c15f
FAILURE_BUCKET_ID:  AV_R_INVALID_WwanUsbMp!unknown_function
BUCKET_ID:  AV_R_INVALID_WwanUsbMp!unknown_function
PRIMARY_PROBLEM_CLASS:  AV_R_INVALID_WwanUsbMp!unknown_function
TARGET_TIME:  2018-02-12T11:33:51.000Z
OSBUILD:  16299
OSSERVICEPACK:  15
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK:  272
PRODUCT_TYPE:  1
OSPLATFORM_TYPE:  x86
OSNAME:  Windows 10
OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:  
USER_LCID:  0
OSBUILD_TIMESTAMP:  2017-09-28 18:32:28
BUILDDATESTAMP_STR:  170928-1534
BUILDLAB_STR:  rs3_release
BUILDOSVER_STR:  10.0.16299.15.x86fre.rs3_release.170928-1534
ANALYSIS_SESSION_ELAPSED_TIME:  162bd
ANALYSIS_SOURCE:  KM
FAILURE_ID_HASH_STRING:  km:av_r_invalid_wwanusbmp!unknown_function
FAILURE_ID_HASH:  {31e4d053-0758-e43a-06a7-55f69b072cb3}
FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3

Followup:     MachineOwner
---------

ReadVirtual: 812d1248 not properly sign extended

参考References

错误检查代码参考Bug Check Code Reference