surr0und
New member
- Oct 20, 2019
- 3
Hello, people.
Sorry for the inconvenience but I need the help of some experts hehe. So, it turns out that I have a VM in Azure with windows 2008 R2 3 since years ago and 2 days ago began to give me problems for no apparent reason.
The bsod is the typical "IRQL_NOT_LESS_OR_EQUAL" but until now I did not find a solution and i tried everything I saw in google, i've salso "re-implemented" the VM with azure portal thinking maybe it was his phsyical server with failires but no success.
VM started crashing 2 days ago after being almost 2 years (+600 days) without a reboot and I haven't made any changes to the PC.
It just started to crashing out of nowhere and does it constantly every 1 or 2 hours, until now I haven't been able to find a solution so I came here.
I left here the only dumps that generated the VM in its lifetime, which the first was yesterday with the first crash: MEGA
I also was able to take a screen from the azure panel and this is what the bsod shows:
And this is one of the open dumps with windbg:
Thank you very much in advance!
Sorry for the inconvenience but I need the help of some experts hehe. So, it turns out that I have a VM in Azure with windows 2008 R2 3 since years ago and 2 days ago began to give me problems for no apparent reason.
The bsod is the typical "IRQL_NOT_LESS_OR_EQUAL" but until now I did not find a solution and i tried everything I saw in google, i've salso "re-implemented" the VM with azure portal thinking maybe it was his phsyical server with failires but no success.
VM started crashing 2 days ago after being almost 2 years (+600 days) without a reboot and I haven't made any changes to the PC.
It just started to crashing out of nowhere and does it constantly every 1 or 2 hours, until now I haven't been able to find a solution so I came here.
I left here the only dumps that generated the VM in its lifetime, which the first was yesterday with the first crash: MEGA
I also was able to take a screen from the azure panel and this is what the bsod shows:
And this is one of the open dumps with windbg:
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Desktop\dumps\101919-113734-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) UP Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 7601.24384.amd64fre.win7sp1_ldr_escrow.190220-1800
Machine Name:
Kernel base = 0xfffff800`01406000 PsLoadedModuleList = 0xfffff800`0163fc90
Debug session time: Sat Oct 19 09:46:56.609 2019 (UTC - 3:00)
System Uptime: 0 days 2:35:58.375
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
........
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 1, fffff80001424a5e}
Probably caused by : termdd.sys ( termdd!IcaDereferenceChannel+8c )
Followup: MachineOwner
---------
kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001424a5e, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800016a3100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeleteResourceLite+ce
fffff800`01424a5e 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff880046d77c0 -- (.trap 0xfffff880046d77c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000000000000f rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001424a5e rsp=fffff880046d7950 rbp=fffffa8c00ece6b0
r8=0000000000000000 r9=0000000000000000 r10=fffffa8c1065c450
r11=fffffa8c105a3730 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeleteResourceLite+0xce:
fffff800`01424a5e 488908 mov qword ptr [rax],rcx ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800014a7f69 to fffff80001499ba0
STACK_TEXT:
fffff880`046d7678 fffff800`014a7f69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`046d7680 fffff800`014a5d88 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa8c`1045b648 : nt!KiBugCheckDispatch+0x69
fffff880`046d77c0 fffff800`01424a5e : fffffa8c`1045b648 00000000`00000005 00000000`00000020 fffffa8c`1045b630 : nt!KiPageFault+0x448
fffff880`046d7950 fffff880`0264a5ac : fffffa8c`00ece4a0 fffffa8c`00ece6b0 00000000`00000000 fffffa8c`1045b648 : nt!ExDeleteResourceLite+0xce
fffff880`046d79b0 fffff880`0264a3c3 : fffffa8c`00ece4a0 fffffa8c`00ece4a0 fffffa8c`1045b630 00000000`00000000 : termdd!IcaDereferenceChannel+0x8c
fffff880`046d79f0 fffff880`02649e01 : fffffa8c`0cb9abd0 fffff880`0264d18f 00000000`00000000 fffffa8c`106f4f3c : termdd!IcaChannelInputInternal+0x5af
fffff880`046d7ad0 fffff880`0458425e : fffff8a0`02a4a010 fffff8a0`02a4a010 00000000`00000001 fffff8a0`02a4a1e8 : termdd!IcaChannelInput+0xdd
fffff880`046d7b10 fffff880`045833fc : fffff880`046d7c30 fffff8a0`02187010 00000000`00000001 fffffa8c`105e4d98 : RDPWD!HandleDisconnectProviderUlt+0xe2
fffff880`046d7ba0 fffff880`04582fe4 : 00000000`00000009 00000000`00000000 00000000`00000000 fffff880`0455015d : RDPWD!RecognizeMCSFrame+0x50
fffff880`046d7be0 fffff880`0264d1f8 : fffff8a0`0049b000 fffffa8c`0cb9abd0 fffffa8c`0cb4b690 fffff880`0454ef00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`046d7c80 fffff880`0454e900 : 00000000`00000000 fffff880`046d7db0 fffff880`046d7da8 ffc08370`ed030d00 : termdd!IcaRawInput+0x50
fffff880`046d7cb0 fffff880`0454ddde : fffffa8c`0000016b 00000000`00000000 00000000`00000000 fffffa8c`105e4d50 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`046d7ce0 fffff880`0454d7c2 : 00000000`00000003 fffff880`00000e27 fffffa8c`0000011e fffff880`00000e27 : tssecsrv!CFilter::FilterIncomingData+0x122
fffff880`046d7d90 fffff880`0264d1f8 : 00000000`00000000 fffffa8c`00610b80 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`046d7e00 fffff880`045434bd : fffffa8c`012adf90 fffffa8c`105e4ba8 00000000`00000103 fffffa8c`012adf90 : termdd!IcaRawInput+0x50
fffff880`046d7e30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tdtcp!TdInputThread+0x465
STACK_COMMAND: kb
FOLLOWUP_IP:
termdd!IcaDereferenceChannel+8c
fffff880`0264a5ac 488d8f80000000 lea rcx,[rdi+80h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: termdd!IcaDereferenceChannel+8c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: termdd
IMAGE_NAME: termdd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab0c
FAILURE_BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
Followup: MachineOwner
---------
kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001424a5e, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeleteResourceLite+ce
fffff800`01424a5e 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff880046d77c0 -- (.trap 0xfffff880046d77c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000000000000f rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001424a5e rsp=fffff880046d7950 rbp=fffffa8c00ece6b0
r8=0000000000000000 r9=0000000000000000 r10=fffffa8c1065c450
r11=fffffa8c105a3730 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeleteResourceLite+0xce:
fffff800`01424a5e 488908 mov qword ptr [rax],rcx ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800014a7f69 to fffff80001499ba0
STACK_TEXT:
fffff880`046d7678 fffff800`014a7f69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`046d7680 fffff800`014a5d88 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa8c`1045b648 : nt!KiBugCheckDispatch+0x69
fffff880`046d77c0 fffff800`01424a5e : fffffa8c`1045b648 00000000`00000005 00000000`00000020 fffffa8c`1045b630 : nt!KiPageFault+0x448
fffff880`046d7950 fffff880`0264a5ac : fffffa8c`00ece4a0 fffffa8c`00ece6b0 00000000`00000000 fffffa8c`1045b648 : nt!ExDeleteResourceLite+0xce
fffff880`046d79b0 fffff880`0264a3c3 : fffffa8c`00ece4a0 fffffa8c`00ece4a0 fffffa8c`1045b630 00000000`00000000 : termdd!IcaDereferenceChannel+0x8c
fffff880`046d79f0 fffff880`02649e01 : fffffa8c`0cb9abd0 fffff880`0264d18f 00000000`00000000 fffffa8c`106f4f3c : termdd!IcaChannelInputInternal+0x5af
fffff880`046d7ad0 fffff880`0458425e : fffff8a0`02a4a010 fffff8a0`02a4a010 00000000`00000001 fffff8a0`02a4a1e8 : termdd!IcaChannelInput+0xdd
fffff880`046d7b10 fffff880`045833fc : fffff880`046d7c30 fffff8a0`02187010 00000000`00000001 fffffa8c`105e4d98 : RDPWD!HandleDisconnectProviderUlt+0xe2
fffff880`046d7ba0 fffff880`04582fe4 : 00000000`00000009 00000000`00000000 00000000`00000000 fffff880`0455015d : RDPWD!RecognizeMCSFrame+0x50
fffff880`046d7be0 fffff880`0264d1f8 : fffff8a0`0049b000 fffffa8c`0cb9abd0 fffffa8c`0cb4b690 fffff880`0454ef00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`046d7c80 fffff880`0454e900 : 00000000`00000000 fffff880`046d7db0 fffff880`046d7da8 ffc08370`ed030d00 : termdd!IcaRawInput+0x50
fffff880`046d7cb0 fffff880`0454ddde : fffffa8c`0000016b 00000000`00000000 00000000`00000000 fffffa8c`105e4d50 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`046d7ce0 fffff880`0454d7c2 : 00000000`00000003 fffff880`00000e27 fffffa8c`0000011e fffff880`00000e27 : tssecsrv!CFilter::FilterIncomingData+0x122
fffff880`046d7d90 fffff880`0264d1f8 : 00000000`00000000 fffffa8c`00610b80 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`046d7e00 fffff880`045434bd : fffffa8c`012adf90 fffffa8c`105e4ba8 00000000`00000103 fffffa8c`012adf90 : termdd!IcaRawInput+0x50
fffff880`046d7e30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tdtcp!TdInputThread+0x465
STACK_COMMAND: kb
FOLLOWUP_IP:
termdd!IcaDereferenceChannel+8c
fffff880`0264a5ac 488d8f80000000 lea rcx,[rdi+80h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: termdd!IcaDereferenceChannel+8c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: termdd
IMAGE_NAME: termdd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab0c
FAILURE_BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
Followup: MachineOwner
---------
kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80001424a5e, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeleteResourceLite+ce
fffff800`01424a5e 488908 mov qword ptr [rax],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff880046d77c0 -- (.trap 0xfffff880046d77c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000000000000f rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001424a5e rsp=fffff880046d7950 rbp=fffffa8c00ece6b0
r8=0000000000000000 r9=0000000000000000 r10=fffffa8c1065c450
r11=fffffa8c105a3730 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeleteResourceLite+0xce:
fffff800`01424a5e 488908 mov qword ptr [rax],rcx ds:0002:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800014a7f69 to fffff80001499ba0
STACK_TEXT:
fffff880`046d7678 fffff800`014a7f69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`046d7680 fffff800`014a5d88 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa8c`1045b648 : nt!KiBugCheckDispatch+0x69
fffff880`046d77c0 fffff800`01424a5e : fffffa8c`1045b648 00000000`00000005 00000000`00000020 fffffa8c`1045b630 : nt!KiPageFault+0x448
fffff880`046d7950 fffff880`0264a5ac : fffffa8c`00ece4a0 fffffa8c`00ece6b0 00000000`00000000 fffffa8c`1045b648 : nt!ExDeleteResourceLite+0xce
fffff880`046d79b0 fffff880`0264a3c3 : fffffa8c`00ece4a0 fffffa8c`00ece4a0 fffffa8c`1045b630 00000000`00000000 : termdd!IcaDereferenceChannel+0x8c
fffff880`046d79f0 fffff880`02649e01 : fffffa8c`0cb9abd0 fffff880`0264d18f 00000000`00000000 fffffa8c`106f4f3c : termdd!IcaChannelInputInternal+0x5af
fffff880`046d7ad0 fffff880`0458425e : fffff8a0`02a4a010 fffff8a0`02a4a010 00000000`00000001 fffff8a0`02a4a1e8 : termdd!IcaChannelInput+0xdd
fffff880`046d7b10 fffff880`045833fc : fffff880`046d7c30 fffff8a0`02187010 00000000`00000001 fffffa8c`105e4d98 : RDPWD!HandleDisconnectProviderUlt+0xe2
fffff880`046d7ba0 fffff880`04582fe4 : 00000000`00000009 00000000`00000000 00000000`00000000 fffff880`0455015d : RDPWD!RecognizeMCSFrame+0x50
fffff880`046d7be0 fffff880`0264d1f8 : fffff8a0`0049b000 fffffa8c`0cb9abd0 fffffa8c`0cb4b690 fffff880`0454ef00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`046d7c80 fffff880`0454e900 : 00000000`00000000 fffff880`046d7db0 fffff880`046d7da8 ffc08370`ed030d00 : termdd!IcaRawInput+0x50
fffff880`046d7cb0 fffff880`0454ddde : fffffa8c`0000016b 00000000`00000000 00000000`00000000 fffffa8c`105e4d50 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`046d7ce0 fffff880`0454d7c2 : 00000000`00000003 fffff880`00000e27 fffffa8c`0000011e fffff880`00000e27 : tssecsrv!CFilter::FilterIncomingData+0x122
fffff880`046d7d90 fffff880`0264d1f8 : 00000000`00000000 fffffa8c`00610b80 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`046d7e00 fffff880`045434bd : fffffa8c`012adf90 fffffa8c`105e4ba8 00000000`00000103 fffffa8c`012adf90 : termdd!IcaRawInput+0x50
fffff880`046d7e30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tdtcp!TdInputThread+0x465
STACK_COMMAND: kb
FOLLOWUP_IP:
termdd!IcaDereferenceChannel+8c
fffff880`0264a5ac 488d8f80000000 lea rcx,[rdi+80h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: termdd!IcaDereferenceChannel+8c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: termdd
IMAGE_NAME: termdd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab0c
FAILURE_BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
BUCKET_ID: X64_0xA_termdd!IcaDereferenceChannel+8c
Followup: MachineOwner
---------Thank you very much in advance!