本文主要对
DRIVER_POWER_STATE_FAILURE蓝屏分析_xdesk的专栏-CSDN博客_driver_power_state_failure
的一些说明,大佬写得太跳跃了,一些地方不明白,记录一下。不过仍然还是存在一些不明白的地方。
1、先 !analyze -v看一些诊断信息
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
subsystem.
Arg2: 000000000000012c, Timeout in seconds.
Arg3: ffffb10213b0d040, The thread currently holding on to the Pnp lock.
Arg4: fffff80056879800, nt!TRIAGE_9F_PNP on Win7 and higher
Debugging Details:
------------------
Implicit thread is now ffffb102`13b0d040
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3499
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 3513
Key : Analysis.Init.CPU.mSec
Value: 92983
Key : Analysis.Init.Elapsed.mSec
Value: 7591075
Key : Analysis.Memory.CommitPeak.Mb
Value: 112
Key : Hardware.HardwareID
Value: SWD\MSRRAS
Key : WER.OS.Branch
Value: rs5_release
Key : WER.OS.Timestamp
Value: 2018-09-14T14:34:00Z
Key : WER.OS.Version
Value: 10.0.17763.1
FILE_IN_CAB: MEMORY.DMP
BUGCHECK_CODE: 9f
BUGCHECK_P1: 4
BUGCHECK_P2: 12c
BUGCHECK_P3: ffffb10213b0d040
BUGCHECK_P4: fffff80056879800
DRVPOWERSTATE_SUBCODE: 4
HARDWARE_ID: SWD\MSRRAS
FAULTING_THREAD: ffffb10213b0d040
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
PROCESS_NAME: System
LOCK_ADDRESS: fffff80054235cc0 -- (!locks fffff80054235cc0)
Resource @ nt!PiEngineLock (0xfffff80054235cc0) Exclusively owned
Contention Count = 32
NumberOfExclusiveWaiters = 3
Threads: ffffb10213b0d040-01<*>
Threads Waiting On Exclusive Access:
ffffb10221df5040 ffffb10220ecc040 ffffb1021e249080
1 total locks
PNP_TRIAGE_DATA:
Lock address : 0xfffff80054235cc0
Thread Count : 1
Thread address: 0xffffb10213b0d040
Thread wait : 0x12ca7
STACK_TEXT:
ffffa489`1902eec0 fffff800`53e2f467 : ffffb102`13b0d040 00000000`00000000 ffff9301`70989200 00000000`00000001 : nt!KiSwapContext+0x76
ffffa489`1902f000 fffff800`53e2efd9 : ffffb102`13b0d040 00000000`00000000 ffffb102`13b0d140 ffffb102`13b0d040 : nt!KiSwapThread+0x297
ffffa489`1902f0c0 fffff800`53e2dd60 : ffff8cdd`b9b93600 ffff8287`00000000 ffff8287`00000000 ffffa489`1902f1d1 : nt!KiCommitThreadWait+0x549
ffffa489`1902f160 fffff800`598a4370 : ffffb102`204d05d8 fffff800`00000000 ffffb102`204cf100 00000000`00000000 : nt!KeWaitForSingleObject+0x520
ffffa489`1902f230 fffff800`59883d93 : ffffb102`13b0d360 fffff800`53e36e49 ffffb102`13b0d040 ffff8287`d909cad8 : NDIS!KWaitEventBase<wistd::integral_constant<enum _EVENT_TYPE,0> >::Wait+0x28
ffffa489`1902f270 fffff800`5986278d : ffff8287`e86c1d70 fffff800`59862770 ffff8287`d9388a68 ffffb102`204cf1a0 : NDIS!Ndis::BindEngine::ApplyBindChanges+0x14a03
ffffa489`1902f2c0 fffff800`5986e580 : ffff8287`e86c1db0 fffff800`59862770 ffff8287`d9388a68 ffffb102`204cf1a0 : NDIS!<lambda_adb42f86cf839cbbe3c588eaa9665cd9>::<lambda_invoker_cdecl>+0x1d
ffffa489`1902f2f0 fffff800`5986e4c5 : 00000000`00000000 ffffb102`201989b0 00000000`00000000 ffff8287`d9388a60 : NDIS!NDIS_BIND_DRIVER_BASE::ForEachLink+0xa4
ffffa489`1902f340 fffff800`5987ce57 : 00000000`00000000 ffffb102`137146c0 00000000`00007fff fffff800`5986564d : NDIS!NDIS_BIND_DRIVER_BASE::SetRunningDriverIsReady+0x41
ffffa489`1902f370 fffff800`598c67aa : ffffb102`208cebe0 ffffa489`1902f458 00000000`00000000 00000000`00000000 : NDIS!NDIS_BIND_PROTOCOL_DRIVER::SetRunningDriver+0x63
ffffa489`1902f3c0 fffff800`5989c9ec : ffffb102`208cebe0 00000000`00000000 00000000`00000000 00000000`00000000 : NDIS!NdisDeregisterProtocol+0xaa
ffffa489`1902f420 fffff800`527a111a : 00000000`00000000 00000000`00000000 ffffb102`136bd080 ffffb102`136bd080 : NDIS!NdisDeregisterProtocolDriver+0x3c
ffffa489`1902f450 fffff800`527ac484 : 00000000`00000000 00000000`00000000 ffffa489`1902f680 00000000`00000001 : raspppoe!RasPppoeCleanup+0x66
ffffa489`1902f480 fffff800`5989f8a5 : ffffb102`201989b0 ffffa489`1902f680 00000000`00000000 00000000`00000000 : raspppoe!MpUnload+0x44
ffffa489`1902f4b0 fffff800`598a1e12 : ffffb102`208df9f0 fffff800`53f6d264 ffffb102`208df9f0 ffffa489`1902f660 : NDIS!ndisMInvokeDriverUnload+0x3d
ffffa489`1902f4e0 fffff800`5450133e : ffffb102`208df9f0 00000000`00000000 ffffa489`1902f680 ffff8287`e7bed150 : NDIS!ndisMUnloadEx+0x72
ffffa489`1902f520 fffff800`54500f61 : ffffb102`208dfb40 00000000`0000007c fffff800`5455ea01 ffffb102`208df9f0 : nt!IopUnloadDriver+0x3c6
ffffa489`1902f650 fffff800`53f5c62d : ffffb102`208e79e0 ffffd185`ce333680 00000000`0000000a ffffb102`208d09f0 : nt!PnpUnloadAttachedDriver+0x9d
ffffa489`1902f6a0 fffff800`544ddb97 : ffffb102`208e79e0 00000000`00000000 00000000`00000000 00000000`00000008 : nt!PnpRemoveLockedDeviceNode+0x245
ffffa489`1902f700 fffff800`544dd8aa : 00000000`00000000 ffffa489`1902f780 ffff8287`e8551290 fffff800`53f62690 : nt!PnpDeleteLockedDeviceNode+0x8b
ffffa489`1902f740 fffff800`544da8d9 : ffffb102`1ffd28f0 fffff800`00000002 ffffb102`1bf02290 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xba
ffffa489`1902f7b0 fffff800`544db8c4 : 00000000`00000000 ffffa489`1902f830 ffffb102`1ffd28f0 00000000`00000000 : nt!PipRemoveDevicesInRelationList+0x8d
ffffa489`1902f800 fffff800`544dc929 : ffffb102`1bf02290 00000000`00000001 00000000`00000001 00000000`00000007 : nt!PnpDelayedRemoveWorker+0x114
ffffa489`1902f840 fffff800`53f5cbd8 : 00000000`00000007 00000000`00000001 00000000`00000000 ffffb102`1ffd2ae0 : nt!PnpChainDereferenceComplete+0xfd
ffffa489`1902f870 fffff800`544da174 : ffffb102`22545d40 ffffa489`1902f959 00000000`00000003 00000000`00000001 : nt!PnpIsChainDereferenced+0xac
ffffa489`1902f8f0 fffff800`544deb96 : ffffa489`1902fa00 ffffb102`1ffd2a00 fffff800`543f1000 ffff8287`00000008 : nt!PnpProcessQueryRemoveAndEject+0x42c
ffffa489`1902f9c0 fffff800`543f12f0 : ffff8287`f6749ac0 ffff8287`f6384410 ffff8287`f6384410 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0xea
ffffa489`1902f9f0 fffff800`53e9c14a : ffffb102`1366d630 ffffb102`13b0d040 fffff800`543f10e0 ffffb102`18336db0 : nt!PnpDeviceEventWorker+0x210
ffffa489`1902fa70 fffff800`53f30df5 : ffffb102`13b0d040 ffffb102`136bd080 ffffb102`13b0d040 0d000300`28591e16 : nt!ExpWorkerThread+0x16a
ffffa489`1902fb10 fffff800`53fc379c : ffff9301`708c5180 ffffb102`13b0d040 fffff800`53f30da0 0623013d`26222306 : nt!PspSystemThreadStartup+0x55
ffffa489`1902fb60 00000000`00000000 : ffffa489`19030000 ffffa489`19029000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c
SYMBOL_NAME: raspppoe!RasPppoeCleanup+66
MODULE_NAME: raspppoe
IMAGE_NAME: raspppoe.sys
STACK_COMMAND: .process /r /p 0xffffb102136bd080; .thread 0xffffb10213b0d040 ; kb
BUCKET_ID_FUNC_OFFSET: 66
FAILURE_BUCKET_ID: 0x9F_4_raspppoe!RasPppoeCleanup
OS_VERSION: 10.0.17763.1
BUILDLAB_STR: rs5_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e9804e85-a9ce-852f-0dee-ef9be593a2a4}
Followup: MachineOwner
---------可以看到一些基本的参数
| 0x4 |
超时值,以秒为单位。 |
当前持有即插即用 (PnP) 锁的线程。 |
nt!TRIAGE_9F_PNP。 |
等待与 PnP 子系统同步的电源状态转换超时。 |
按照msdn上面的说法
kd> dt nt!TRIAGE_9F_PNP 82931b24
+0x000 Signature : 0x8001
+0x002 Revision : 1
+0x004 CompletionQueue : 0x82970e20 _TRIAGE_PNP_DEVICE_COMPLETION_QUEUE
+0x008 DelayedWorkQueue : 0x829455bc _TRIAGE_EX_WORK_QUEUE我这个转储文件里 没有这个nt!TRIAGE_9F_PNP 符号,版本是这个
0: kd> vertarget
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 17763.1.amd64fre.rs5_release.180914-1434不然可以看这两个队列看到一些信息(怎么看?)
2、上面这个走不通就只能找其他方式了。
看下等待的event信息
0: kd> dt nt!_KEVENT ffffb102`204d05d8
+0x000 Header : _DISPATCHER_HEADER
0: kd> dx -id 0,0,ffffb102136bd080 -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0xffffb102204d05d8))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0xffffb102204d05d8)) [Type: _DISPATCHER_HEADER]
[+0x000] Lock : 393216 [Type: long]
[+0x000] LockNV : 393216 [Type: long]
[+0x000] Type : 0x0 [Type: unsigned char]
[+0x001] Signalling : 0x0 [Type: unsigned char]
[+0x002] Size : 0x6 [Type: unsigned char]
[+0x003] Reserved1 : 0x0 [Type: unsigned char]
[+0x000] TimerType : 0x0 [Type: unsigned char]
[+0x001] TimerControlFlags : 0x0 [Type: unsigned char]
[+0x001 ( 0: 0)] Absolute : 0x0 [Type: unsigned char]
[+0x001 ( 1: 1)] Wake : 0x0 [Type: unsigned char]
[+0x001 ( 7: 2)] EncodedTolerableDelay : 0x0 [Type: unsigned char]
[+0x002] Hand : 0x6 [Type: unsigned char]
[+0x003] TimerMiscFlags : 0x0 [Type: unsigned char]
[+0x003 ( 5: 0)] Index : 0x0 [Type: unsigned char]
[+0x003 ( 6: 6)] Inserted : 0x0 [Type: unsigned char]
[+0x003 ( 7: 7)] Expired : 0x0 [Type: unsigned char]
[+0x000] Timer2Type : 0x0 [Type: unsigned char]
[+0x001] Timer2Flags : 0x0 [Type: unsigned char]
[+0x001 ( 0: 0)] Timer2Inserted : 0x0 [Type: unsigned char]
[+0x001 ( 1: 1)] Timer2Expiring : 0x0 [Type: unsigned char]
[+0x001 ( 2: 2)] Timer2CancelPending : 0x0 [Type: unsigned char]
[+0x001 ( 3: 3)] Timer2SetPending : 0x0 [Type: unsigned char]
[+0x001 ( 4: 4)] Timer2Running : 0x0 [Type: unsigned char]
[+0x001 ( 5: 5)] Timer2Disabled : 0x0 [Type: unsigned char]
[+0x001 ( 7: 6)] Timer2ReservedFlags : 0x0 [Type: unsigned char]
[+0x002] Timer2ComponentId : 0x6 [Type: unsigned char]
[+0x003] Timer2RelativeId : 0x0 [Type: unsigned char]
[+0x000] QueueType : 0x0 [Type: unsigned char]
[+0x001] QueueControlFlags : 0x0 [Type: unsigned char]
[+0x001 ( 0: 0)] Abandoned : 0x0 [Type: unsigned char]
[+0x001 ( 1: 1)] DisableIncrement : 0x0 [Type: unsigned char]
[+0x001 ( 7: 2)] QueueReservedControlFlags : 0x0 [Type: unsigned char]
[+0x002] QueueSize : 0x6 [Type: unsigned char]
[+0x003] QueueReserved : 0x0 [Type: unsigned char]
[+0x000] ThreadType : 0x0 [Type: unsigned char]
[+0x001] ThreadReserved : 0x0 [Type: unsigned char]
[+0x002] ThreadControlFlags : 0x6 [Type: unsigned char]
[+0x002 ( 0: 0)] CycleProfiling : 0x0 [Type: unsigned char]
[+0x002 ( 1: 1)] CounterProfiling : 0x1 [Type: unsigned char]
[+0x002 ( 2: 2)] GroupScheduling : 0x1 [Type: unsigned char]
[+0x002 ( 3: 3)] AffinitySet : 0x0 [Type: unsigned char]
[+0x002 ( 4: 4)] Tagged : 0x0 [Type: unsigned char]
[+0x002 ( 5: 5)] EnergyProfiling : 0x0 [Type: unsigned char]
[+0x002 ( 6: 6)] SchedulerAssist : 0x0 [Type: unsigned char]
[+0x002 ( 7: 7)] ThreadReservedControlFlags : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x003 ( 0: 0)] ActiveDR7 : 0x0 [Type: unsigned char]
[+0x003 ( 1: 1)] Instrumented : 0x0 [Type: unsigned char]
[+0x003 ( 2: 2)] Minimal : 0x0 [Type: unsigned char]
[+0x003 ( 5: 3)] Reserved4 : 0x0 [Type: unsigned char]
[+0x003 ( 6: 6)] UmsScheduled : 0x0 [Type: unsigned char]
[+0x003 ( 7: 7)] UmsPrimary : 0x0 [Type: unsigned char]
[+0x000] MutantType : 0x0 [Type: unsigned char]
[+0x001] MutantSize : 0x0 [Type: unsigned char]
[+0x002] DpcActive : 0x6 [Type: unsigned char]
[+0x003] MutantReserved : 0x0 [Type: unsigned char]
[+0x004] SignalState : 0 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]
;遍历这个list,发现就三个元素
0: kd> dx -id 0,0,ffffb102136bd080 -r1 (*((ntkrnlmp!_LIST_ENTRY *)0xffffb102204d05e0))
(*((ntkrnlmp!_LIST_ENTRY *)0xffffb102204d05e0)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xffffb10213b0d180 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffb1021c54a1c0 [Type: _LIST_ENTRY *]
0: kd> dx -id 0,0,ffffb102136bd080 -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffb1021c54a1c0)
((ntkrnlmp!_LIST_ENTRY *)0xffffb1021c54a1c0) : 0xffffb1021c54a1c0 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffb102204d05e0 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffb10213b0d180 [Type: _LIST_ENTRY *]
0: kd> dx -id 0,0,ffffb102136bd080 -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffb10213b0d180)
((ntkrnlmp!_LIST_ENTRY *)0xffffb10213b0d180) : 0xffffb10213b0d180 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffb1021c54a1c0 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffb102204d05e0 [Type: _LIST_ENTRY *]
;这里是_KTHREAD结构的WaitListEntry的偏移,x64下是140
0: kd> ? 0xffffb10213b0d180-140
Evaluate expression: -86852498304960 = ffffb102`13b0d040
0: kd> ? 0xffffb1021c54a1c0-140
Evaluate expression: -86852353351552 = ffffb102`1c54a080
0: kd> ? 0xffffb102204d05e0-140
Evaluate expression: -86852286741344 = ffffb102`204d04a0
;一个个找线程看栈信息,ffffb102`1c54a080这个线程比较可以,其他的不列举了
0: kd> !thread ffffb102`1c54a080
THREAD ffffb1021c54a080 Cid 1a04.15d4 Teb: 000000bde5fb7000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffb102204d05d8 NotificationEvent
IRP List:
ffffb102202692e0: (0006,0118) Flags: 00000884 Mdl: 00000000
ffffb10220bfada0: (0006,0118) Flags: 00060000 Mdl: 00000000
ffffb10213afee00: (0006,0118) Flags: 00060000 Mdl: 00000000
ffffb1022026e140: (0006,0118) Flags: 00060000 Mdl: 00000000
ffffb102219f61a0: (0006,0118) Flags: 00060000 Mdl: 00000000
Not impersonating
DeviceMap ffff8287d76144e0
Owning Process ffffb102208da080 Image: LvaNac.exe
Attached Process N/A Image: N/A
Wait Start TickCount 77714 Ticks: 18453 (0:00:04:48.328)
Context Switch Count 39595 IdealProcessor: 7
UserTime 00:00:01.062
KernelTime 00:00:02.546
Win32 Start Address 0x00007ff702f7c278
Stack Init ffffa4891bcb7b90 Current ffffa4891bcb6c40
Base ffffa4891bcb8000 Limit ffffa4891bcb1000 Call 0000000000000000
Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffa489`1bcb6c80 fffff800`53e2f467 : ffffb102`1c54a080 00000000`00000000 ffff9301`70ad0200 ffff9301`70ad8000 : nt!KiSwapContext+0x76
ffffa489`1bcb6dc0 fffff800`53e2efd9 : ffff8287`d7000100 00000000`00000000 fffff800`53e04000 00000000`01a00070 : nt!KiSwapThread+0x297
ffffa489`1bcb6e80 fffff800`53e2dd60 : ffff8cdd`bb70a800 ffff8287`00000000 ffff8287`00000000 ffffa489`1bcb6f91 : nt!KiCommitThreadWait+0x549
ffffa489`1bcb6f20 fffff800`598a4370 : ffffb102`204d05d8 fffff800`00000000 ffffa489`1bcb7300 ffff8287`00000000 : nt!KeWaitForSingleObject+0x520
ffffa489`1bcb6ff0 fffff800`59883d93 : 00000000`00000000 ffffa489`1bcb7180 ffffb102`204d05b8 fffff800`5987004f : NDIS!KWaitEventBase<wistd::integral_constant<enum _EVENT_TYPE,0> >::Wait+0x28
ffffa489`1bcb7030 fffff800`5980ea64 : ffffb102`204cf1a0 ffffa489`1bcb7180 00000000`00000000 ffffa489`1bcb7350 : NDIS!Ndis::BindEngine::ApplyBindChanges+0x14a03
ffffa489`1bcb7080 fffff800`598c68dc : ffffb102`1eff5800 ffffa489`1bcb7301 ffffb102`1319c008 ffffb102`1319c000 : NDIS!ndisOpenAdapterLegacyProtocol+0x20c
ffffa489`1bcb7240 fffff800`5e3f2ec9 : ffffb102`1319c000 ffffa489`1bcb7650 ffffb102`202692e0 00000000`00000000 : NDIS!NdisOpenAdapter+0x4c
ffffa489`1bcb72b0 fffff800`53e3bc09 : ffffb102`00000000 00000000`00000000 ffffb102`202693b0 00000000`00000025 : npf_xx+0x2ec9
ffffa489`1bcb7350 fffff800`53e34bc4 : 00000000`00000000 00000000`00000000 ffffb102`22ab6010 fffff800`53e351d3 : nt!IofCallDriver+0x59
ffffa489`1bcb7390 fffff800`543be617 : ffffa489`1bcb7650 00000000`00000025 00000000`00000000 00000000`00000000 : nt!IoCallDriverWithTracing+0x34
ffffa489`1bcb73e0 fffff800`543c6b99 : ffffb102`1eff5780 ffffb102`1eff5750 ffffb102`210f4060 00000000`00000001 : nt!IopParseDevice+0x11e7
ffffa489`1bcb7550 fffff800`543c569f : ffffb102`210f4000 ffffa489`1bcb77b8 ffff8287`00000040 ffffb102`13713900 : nt!ObpLookupObjectName+0x719
ffffa489`1bcb7720 fffff800`5443010d : 00010074`00000001 000000bd`e63fcd98 00000000`00000001 00000000`00000060 : nt!ObOpenObjectByNameEx+0x1df
ffffa489`1bcb7860 fffff800`5442fad9 : 000000bd`e63fcd40 00000000`c0100080 000000bd`e63fcd98 000000bd`e63fcd58 : nt!IopCreateFile+0x61d
ffffa489`1bcb7900 fffff800`53fcd605 : ffffb102`1c54a080 ffffa489`1bcb7a80 000000bd`e63fc6b8 ffffa489`1bcb79a8 : nt!NtCreateFile+0x79
ffffa489`1bcb7990 00007ffd`76980494 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ ffffa489`1bcb7a00)
000000bd`e63fccc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffd`76980494
就可以定位到这个信息了。
3、其他的死锁查看,参考这个文章Windbg内核调试之五: 一次利用Dump文件调试Deadlock的实战 - Da Vinci - 博客园 (cnblogs.com)
;看下死锁的情况
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks..
Resource @ nt!IopDeviceTreeLock (0xfffff80054235bc0) Shared 1 owning threads
Threads: ffffb10213b0d040-01<*>
KD: Scanning for held locks.
Resource @ nt!PiEngineLock (0xfffff80054235cc0) Exclusively owned
Contention Count = 32
NumberOfExclusiveWaiters = 3
Threads: ffffb10213b0d040-01<*>
Threads Waiting On Exclusive Access:
ffffb10221df5040 ffffb10220ecc040 ffffb1021e249080
KD: Scanning for held locks............
Resource @ netbt!NbtConfig (0xfffff8005aec41c8) Exclusively owned
Contention Count = 19
NumberOfExclusiveWaiters = 2
Threads: ffffb1021f171040-01<*>
Threads Waiting On Exclusive Access:
ffffb10218b200c0 ffffb10220226040
0: kd> dt nt!_ERESOURCE -b 0xfffff80054235cc0
+0x000 SystemResourcesList : _LIST_ENTRY [ 0xfffff800`542366c0 - 0xfffff800`54236340 ]
+0x000 Flink : 0xfffff800`542366c0
+0x008 Blink : 0xfffff800`54236340
+0x010 OwnerTable : (null)
+0x018 ActiveCount : 0n1
+0x01a Flag : 0xf86
+0x01a ReservedLowFlags : 0x86 ''
+0x01b WaiterPriority : 0xf ''
+0x020 SharedWaiters : (null)
+0x028 ExclusiveWaiters : 0xffffa489`17ff20c8
+0x030 OwnerEntry : _OWNER_ENTRY
+0x000 OwnerThread : 0xffffb102`13b0d040 ;这个就是最开始那个线程了
+0x008 IoPriorityBoosted : 0y0
+0x008 OwnerReferenced : 0y0
+0x008 IoQoSPriorityBoosted : 0y1
+0x008 OwnerCount : 0y00000000000000000000000000001 (0x1)
+0x008 TableSize : 0xc
+0x040 ActiveEntries : 1
+0x044 ContentionCount : 0x20
+0x048 NumberOfSharedWaiters : 0
+0x04c NumberOfExclusiveWaiters : 3
+0x050 Reserved2 : (null)
+0x058 Address : (null)
+0x058 CreatorBackTraceIndex : 0
+0x060 SpinLock : 0
4、后面的代码和ndis驱动排查 略