windows 2016 bluescreen Help to fix

永安 张 0 Reputation points
2023-10-28T10:47:51.43+00:00
************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 14393 MP (64 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Edition build lab: 14393.4283.amd64fre.rs1_release.210303-1802
Kernel base = 0xfffff803`f5e08000 PsLoadedModuleList = 0xfffff803`f610c0a0
Debug session time: Sun Sep 24 16:44:13.277 2023 (UTC + 8:00)
System Uptime: 8 days 23:02:54.415
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000022`63849018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`f5f652f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffb881`a8971fa0=000000000000000a
windbg> .hh dbgerr001
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000000e, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff803f5e6f407, address which referenced memory

Debugging Details:
------------------

Page 2006e63 not present in the dump file. Type ".hh dbgerr004" for details
Page 4000 not present in the dump file. Type ".hh dbgerr004" for details
Page 4000 not present in the dump file. Type ".hh dbgerr004" for details
Page 4000 not present in the dump file. Type ".hh dbgerr004" for details

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 562

    Key  : Analysis.Elapsed.mSec
    Value: 1751

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 187

    Key  : Analysis.Init.Elapsed.mSec
    Value: 80831

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 114

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0xa

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xa

    Key  : Failure.Bucket
    Value: AV_win32kfull!xxxRealSleepThread

    Key  : Failure.Hash
    Value: {a48ba98b-7527-8694-30d3-c64b01844bf9}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 0

    Key  : Hypervisor.Flags.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : WER.OS.Branch
    Value: rs1_release

    Key  : WER.OS.Version
    Value: 10.0.14393.4283


BUGCHECK_CODE:  a

BUGCHECK_P1: e

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff803f5e6f407

FILE_IN_CAB:  MEMORY.DMP

READ_ADDRESS:  000000000000000e 

PROCESS_NAME:  conhost.exe

IRP_ADDRESS: ffffffffffffff88

TRAP_FRAME:  ffffb881a89720e0 -- (.trap 0xffffb881a89720e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd50ef541ce00 rbx=0000000000000000 rcx=0000000000000004
rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803f5e6f407 rsp=ffffb881a8972270 rbp=ffffb881a89723b0
 r8=0000000000000002  r9=fffff803f5e08000 r10=fffff803f6149ca0
r11=ffffc90cb1e55b70 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac po cy
nt!IopCompleteRequest+0xb47:
fffff803`f5e6f407 48394208        cmp     qword ptr [rdx+8],rax ds:00000000`0000000e=????????????????
Resetting default scope

STACK_TEXT:  
ffffb881`a8971f98 fffff803`f5f75329     : 00000000`0000000a 00000000`0000000e 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffb881`a8971fa0 fffff803`f5f7246c     : ffffb881`a3451d40 00000020`00000001 00000001`6d717355 00000000`000000b0 : nt!KiBugCheckDispatch+0x69
ffffb881`a89720e0 fffff803`f5e6f407     : ffffc90c`b1e55b70 00000000`00000000 00000000`00000000 00000000`00000008 : nt!KiPageFault+0x42c
ffffb881`a8972270 fffff803`f5e77854     : 00000000`00000000 ffffb881`a0643780 fffff803`f5e08000 00000000`00000000 : nt!IopCompleteRequest+0xb47
ffffb881`a8972360 fffff803`f5f690f2     : 00000000`00000000 fffff803`f5f6c2c3 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x134
ffffb881`a89723f0 fffff803`f5e74ee0     : 00000000`00000000 00000000`00000001 00000000`40fa0088 ffffd10d`c6620080 : nt!KiApcInterrupt+0x2a2
ffffb881`a8972580 fffff803`f5e7495f     : ffffd10d`c66f5000 00000000`00000000 00000000`00000000 ffffffff`00000000 : nt!KiSwapThread+0x1a0
ffffb881`a8972630 fffff803`f5e7431e     : ffffd10d`00000000 00000000`00000000 ffffd10d`c6620080 ffffb881`a8972769 : nt!KiCommitThreadWait+0x14f
ffffb881`a89726d0 ffff80ba`bdd92792     : ffff80dd`00000000 ffffb881`a8972860 ffff80dd`c1a63010 ffff3bc6`0000000d : nt!KeWaitForMultipleObjects+0x4fe
ffffb881`a89727b0 ffff80ba`bdd92368     : ffff80dd`c1a63010 ffff80dd`c1a63010 00000000`00003dff ffff80ba`bdd92213 : win32kfull!xxxRealSleepThread+0x382
ffffb881`a89728c0 ffff80ba`bdd9154a     : ffffb881`a8972b80 00000000`00000000 ffff80dd`c1a63010 00000000`00000000 : win32kfull!xxxSleepThread2+0x98
ffffb881`a8972910 ffff80ba`bdd8fb62     : ffffb881`a8972ab8 00000000`0000c240 00000000`00000000 00000000`ffffffff : win32kfull!xxxRealInternalGetMessage+0xd8a
ffffb881`a8972a70 fffff803`f5f74e03     : ffffd10d`c66f5080 00000000`00000000 00000000`00000020 ffffd10d`c647d150 : win32kfull!NtUserGetMessage+0x92
ffffb881`a8972b00 00007ffa`52681164     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000022`63a3fd18 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`52681164


SYMBOL_NAME:  win32kfull!xxxRealSleepThread+382

MODULE_NAME: win32kfull

IMAGE_NAME:  win32kfull.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  382

FAILURE_BUCKET_ID:  AV_win32kfull!xxxRealSleepThread

OS_VERSION:  10.0.14393.4283

BUILDLAB_STR:  rs1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {a48ba98b-7527-8694-30d3-c64b01844bf9}

Followup:     MachineOwner
---------


Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,535 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 10,415 Reputation points
    2023-12-25T07:39:19.0133333+00:00

    Hello

    It seems like there's a crash dump analysis from a Windows system pointing to an IRQL_NOT_LESS_OR_EQUAL error, indicating an attempt to access an invalid memory address at an elevated interrupt request level.

    The crash appears related to the win32kfull.sys driver, particularly within the function xxxRealSleepThread. This could be caused by a driver attempting to access invalid memory or using improper addresses.

    The crash dump provides details of the system state at the time of the crash, including register values, stack trace, and loaded modules. However, without access to the actual memory dump or more specific context, it's challenging to provide a precise solution.

    If this issue is recurring, consider the following steps:

    Check for Updates: Ensure all drivers, especially graphics and system-related drivers, are updated to their latest versions.

    Memory Diagnostics: Run a memory diagnostic tool to check for any issues with the system's RAM.

    Debugging Tools: Use Windows Debugger (WinDbg) or similar tools with the actual memory dump for more detailed analysis. This might reveal specific drivers or modules causing the issue.

    System Restore: If the problem started recently, consider using System Restore to revert the system to a state where it was functioning correctly.

    Hardware Check: Sometimes, hardware issues can lead to such errors. Check for any loose connections or hardware malfunctions.

    If you're not familiar with memory dump analysis or debugging, seeking assistance from a professional or a community dedicated to debugging Windows crashes might be beneficial.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.