蓝屏文件分析内容:
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffffc70e0e1f0c40, Object whose reference count is being lowered
Arg3: 0000000000000006, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This BugCheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
KEY_VALUES_STRING: 1
-
-
-
-
Key : Analysis.Elapsed.mSec
-
-
-
Key : Analysis.IO.Other.Mb
-
-
-
Key : Analysis.IO.Read.Mb
-
-
-
Key : Analysis.IO.Write.Mb
-
-
-
Key : Analysis.Init.CPU.mSec
-
-
-
Key : Analysis.Init.Elapsed.mSec
-
-
-
Key : Analysis.Memory.CommitPeak.Mb
-
-
-
Key : Bugcheck.Code.LegacyAPI
-
-
-
-
Value: 0x18_nt!IopDecrementDeviceObjectRef
-
-
-
Value: {5152315d-027b-14f6-89cb-14807d0ae67b}
-
-
Key : Hypervisor.Enlightenments.Value
-
-
-
Key : Hypervisor.Enlightenments.ValueHex
-
-
-
Key : Hypervisor.Flags.AnyHypervisorPresent
-
-
-
Key : Hypervisor.Flags.ApicEnlightened
-
-
-
Key : Hypervisor.Flags.AsyncMemoryHint
-
-
-
Key : Hypervisor.Flags.CpuManager
-
-
-
Key : Hypervisor.Flags.DeprecateAutoEoi
-
-
-
Key : Hypervisor.Flags.DynamicCpuDisabled
-
-
-
Key : Hypervisor.Flags.Epf
-
-
-
Key : Hypervisor.Flags.ExtendedProcessorMasks
-
-
-
Key : Hypervisor.Flags.HardwareMbecAvailable
-
-
-
Key : Hypervisor.Flags.MaxBankNumber
-
-
-
Key : Hypervisor.Flags.MemoryZeroingControl
-
-
-
Key : Hypervisor.Flags.NoExtendedRangeFlush
-
-
-
Key : Hypervisor.Flags.NoNonArchCoreSharing
-
-
-
Key : Hypervisor.Flags.Phase0InitDone
-
-
-
Key : Hypervisor.Flags.PowerSchedulerQos
-
-
-
Key : Hypervisor.Flags.RootScheduler
-
-
-
Key : Hypervisor.Flags.SynicAvailable
-
-
-
Key : Hypervisor.Flags.UseQpcBias
-
-
-
Key : Hypervisor.Flags.Value
-
-
-
Key : Hypervisor.Flags.ValueHex
-
-
-
Key : Hypervisor.Flags.VpAssistPage
-
-
-
Key : Hypervisor.Flags.VsmAvailable
-
-
-
Key : Hypervisor.RootFlags.Value
-
-
-
Key : Hypervisor.RootFlags.ValueHex
-
-
-
-
-
-
-
BUGCHECK_CODE: 18
BUGCHECK_P1: 0
BUGCHECK_P2: ffffc70e0e1f0c40
BUGCHECK_P3: 6
BUGCHECK_P4: ffffffffffffffff
FILE_IN_CAB: 010824-17218-01.dmp
VIRTUAL_MACHINE: VMware
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffff8109ec9b7118 fffff80732c2a096 : 0000000000000018 0000000000000000 ffffc70e0e1f0c40 0000000000000006 : nt!KeBugCheckEx
ffff8109ec9b7120 fffff80732ff495a : ffffcc6359d9c3d0 ffffcc6353beebc0 ffffcc6353d96030 ffffd1b1e0007910 : nt!IopDecrementDeviceObjectRef+0x17dd66
ffff8109ec9b7170 fffff80732fff200 : ffffd1b1e0007910 ffffd1b1f7d06910 ffffcc6359d9c3a0 fffff80732af2b93 : nt!IopDeleteFile+0x1fa
ffff8109ec9b71f0 fffff80732a6b7c4 : 0000000000000000 0000000000000000 ffffa48c20051810 ffffcc6359d9c3d0 : nt!ObpRemoveObjectRoutine+0x80
ffff8109ec9b7250 fffff8073307baf9 : 0000000000000000 ffffcc6359d9c3d0 ffffa48c20051810 0000000000000000 : nt!ObfDereferenceObject+0xa4
ffff8109ec9b7290 fffff80732b6e574 : fffff80700000001 fffff80732e578c0 ffff8109ec9b7360 ffffd1b1f7d068d8 : nt!MiSegmentDelete+0x171
ffff8109ec9b72e0 fffff80732ba3289 : 0000000000000000 fffff80700000001 0000000000000000 fffff80732e578c0 : nt!MiProcessDereferenceList+0xb4
ffff8109ec9b73a0 fffff80732b44185 : ffffd1b1e07ed040 ffffd1b1e07ed040 0000000000000080 fffff80732ba3160 : nt!MiDereferenceSegmentThread+0x129
ffff8109ec9b75d0 fffff80732bde39c : ffff9481ee6e5180 ffffd1b1e07ed040 fffff80732b44130 0000000000000000 : nt!PspSystemThreadStartup+0x55
ffff8109ec9b7620 0000000000000000 : ffff8109ec9b8000 ffff8109ec9b1000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x1c
SYMBOL_NAME: nt!IopDecrementDeviceObjectRef+17dd66
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.17763.5202
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 17dd66
FAILURE_BUCKET_ID: 0x18_nt!IopDecrementDeviceObjectRef
OS_VERSION: 10.0.17763.1
BUILDLAB_STR: rs5_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {5152315d-027b-14f6-89cb-14807d0ae67b}
Followup: MachineOwner
15: kd> lmvm nt
Browse full module list
start end module name
fffff80732a1c000 fffff80733489000 nt (pdb symbols) C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\AA44BDCCE47E33E9B131260A6B98E1991\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\Dbg\sym\ntkrnlmp.exe\1830EB69a6d000\ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: 1830EB69 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00938B32
ImageSize: 00A6D000
File version: 10.0.17763.5202
Product version: 10.0.17763.5202
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 10.0.17763.5202
FileVersion: 10.0.17763.5202 (WinBuild.160101.0800)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
