![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZC%3C/text%3E%3C/svg%3E)
在定时升级过程中,发生操作系统蓝屏,重启操作系统后能正常继续更新,以下是dmp日志信息,帮忙分析一下
************* Preparing the environment for Debugger Extensions Gallery repositories ************** ExtensionRepository : Implicit UseExperimentalFeatureForNugetShare : true AllowNugetExeUpdate : true NonInteractiveNuget : true AllowNugetMSCredentialProviderInstall : true AllowParallelInitializationOfLocalRepositories : true EnableRedirectToChakraJsProvider : false
-- Configuring repositories ----> Repository : LocalInstalled, Enabled: true ----> Repository : UserExtensions, Enabled: true
Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.032 seconds ----> Repository : UserExtensions, Enabled: true, Packages count: 0 ----> Repository : LocalInstalled, Enabled: true, Packages count: 45
Microsoft (R) Windows Debugger Version 10.0.27871.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\cycij\Desktop\蓝屏分析\071025-6000-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (16 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Edition build lab: 26100.1.amd64fre.ge_release.240331-1435
Kernel base = 0xfffff801ab400000 PsLoadedModuleList = 0xfffff801ac2f4aa0
Debug session time: Thu Jul 10 00:06:04.299 2025 (UTC + 8:00)
System Uptime: 9 days 5:28:01.149
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
.................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801ab900a70 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa60aaaa271f0=0000000000000018
7: kd> !analyze -v
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list .................................
*
Bugcheck Analysis *
```*
```sql
*
```*******************************************************************************
REFERENCE_BY_POINTER (18) Arguments: Arg1: 0000000000000000, Object type of the object whose reference count is being lowered Arg2: ffffc906614660c0, Object whose reference count is being lowered Arg3: 0000000000000002, Reserved Arg4: ffffffffffffffff, Reserved The reference count of an object is illegal for the current state of the object. Each time a driver uses a pointer to an object the driver calls a kernel routine to increment the reference count of the object. When the driver is done with the pointer the driver calls another kernel routine to decrement the reference count. Drivers must match calls to the increment and decrement routines. This BugCheck can occur because an object's reference count goes to zero while there are still open handles to the object, in which case the fourth parameter indicates the number of opened handles. It may also occur when the object's reference count drops below zero whether or not there are open handles to the object, and in that case the fourth parameter contains the actual value of the pointer references count.
*** WARNING: Unable to verify timestamp for sysdiag.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1390
Key : Analysis.Elapsed.mSec
Value: 6515
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 390
Key : Analysis.Init.Elapsed.mSec
Value: 2377
Key : Analysis.Memory.CommitPeak.Mb
Value: 112
Key : Analysis.Version.DbgEng
Value: 10.0.27871.1001
Key : Analysis.Version.Description
Value: 10.2505.01.02 amd64fre
Key : Analysis.Version.Ext
Value: 1.2505.1.2
Key : Bugcheck.Code.LegacyAPI
Value: 0x18
Key : Bugcheck.Code.TargetModel
Value: 0x18
Key : Failure.Bucket
Value: 0x18_OVER_DEREFERENCE_sysdiag!unknown_function
Key : Failure.Hash
Value: {f92fc026-5609-fbfb-4a18-bd6d2630b7e9}
Key : Hypervisor.Enlightenments.Value
Value: 368
Key : Hypervisor.Enlightenments.ValueHex
Value: 0x170
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 1
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 0
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 1
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 536617
Key : Hypervisor.Flags.ValueHex
Value: 0x83029
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0x0
Key : WER.OS.Branch
Value: ge_release
Key : WER.OS.Version
Value: 10.0.26100.1
BUGCHECK_CODE: 18
BUGCHECK_P1: 0
BUGCHECK_P2: ffffc906614660c0
BUGCHECK_P3: 2
BUGCHECK_P4: ffffffffffffffff
FILE_IN_CAB: 071025-6000-01.dmp
FAULTING_THREAD: ffffc9066d392040
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXSCM: 1 (!blackboxscm)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffa60a`aaa271e8 fffff801`ab62dd2d : 00000000`00000018 00000000`00000000 ffffc906`614660c0 00000000`00000002 : nt!KeBugCheckEx
ffffa60a`aaa271f0 fffff801`3f7d1f87 : ffffc906`61519000 ffffc906`61519648 ffffc906`5c100000 ffffb686`5dff2ff0 : nt!ObfDereferenceObject+0x7d
ffffa60a`aaa27230 ffffc906`61519000 : ffffc906`61519648 ffffc906`5c100000 ffffb686`5dff2ff0 00000000`00000000 : sysdiag+0x31f87
ffffa60a`aaa27238 ffffc906`61519648 : ffffc906`5c100000 ffffb686`5dff2ff0 00000000`00000000 ffffb686`5dff2ff0 : 0xffffc906`61519000
ffffa60a`aaa27240 ffffc906`5c100000 : ffffb686`5dff2ff0 00000000`00000000 ffffb686`5dff2ff0 00000000`00000000 : 0xffffc906`61519648
ffffa60a`aaa27248 ffffb686`5dff2ff0 : 00000000`00000000 ffffb686`5dff2ff0 00000000`00000000 fffff801`3f7d2a25 : 0xffffc906`5c100000
ffffa60a`aaa27250 00000000`00000000 : ffffb686`5dff2ff0 00000000`00000000 fffff801`3f7d2a25 00000000`000200ff : 0xffffb686`5dff2ff0
SYMBOL_NAME: sysdiag+31f87
MODULE_NAME: sysdiag
IMAGE_NAME: sysdiag.sys
STACK_COMMAND: .process /r /p 0xffffc9065caa3040; .thread 0xffffc9066d392040 ; kb
BUCKET_ID_FUNC_OFFSET: 31f87
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_sysdiag!unknown_function
OS_VERSION: 10.0.26100.1
BUILDLAB_STR: ge_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f92fc026-5609-fbfb-4a18-bd6d2630b7e9}
Followup: MachineOwner
---------
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 45
Microsoft (R) Windows Debugger Version 10.0.27871.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\cycij\Desktop\蓝屏分析\081425-8578-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 26100 MP (16 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Edition build lab: 26100.1.amd64fre.ge_release.240331-1435
Kernel base = 0xfffff802`b7800000 PsLoadedModuleList = 0xfffff802`b86f4c40
Debug session time: Thu Aug 14 00:39:05.004 2025 (UTC + 8:00)
System Uptime: 35 days 0:22:41.276
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`b7d005d0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8407`c189f220=0000000000000018
0: kd> !analyze -v
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REFERENCE_BY_POINTER (18)
Arguments:
Arg1: 0000000000000000, Object type of the object whose reference count is being lowered
Arg2: ffff990c222ef340, Object whose reference count is being lowered
Arg3: 0000000000000002, Reserved
Arg4: ffffffffffffffff, Reserved
The reference count of an object is illegal for the current state of the object.
Each time a driver uses a pointer to an object the driver calls a kernel routine
to increment the reference count of the object. When the driver is done with the
pointer the driver calls another kernel routine to decrement the reference count.
Drivers must match calls to the increment and decrement routines. This BugCheck
can occur because an object's reference count goes to zero while there are still
open handles to the object, in which case the fourth parameter indicates the number
of opened handles. It may also occur when the object's reference count drops below zero
whether or not there are open handles to the object, and in that case the fourth parameter
contains the actual value of the pointer references count.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec Value: 4546
Key : Analysis.Elapsed.mSec Value: 19476
Key : Analysis.IO.Other.Mb Value: 0
Key : Analysis.IO.Read.Mb Value: 1
Key : Analysis.IO.Write.Mb Value: 0
Key : Analysis.Init.CPU.mSec Value: 531
Key : Analysis.Init.Elapsed.mSec Value: 5838
Key : Analysis.Memory.CommitPeak.Mb Value: 103
Key : Analysis.Version.DbgEng Value: 10.0.27871.1001
Key : Analysis.Version.Description Value: 10.2505.01.02 amd64fre
Key : Analysis.Version.Ext Value: 1.2505.1.2
Key : Bugcheck.Code.LegacyAPI Value: 0x18
Key : Bugcheck.Code.TargetModel Value: 0x18
Key : Failure.Bucket Value: 0x18_OVER_DEREFERENCE_nt!ObfDereferenceObjectWithTag
Key : Failure.Hash Value: {4139309c-4e9f-52f0-ac5e-4041e7a86a20}
Key : Hypervisor.Enlightenments.Value Value: 368
Key : Hypervisor.Enlightenments.ValueHex Value: 0x170
Key : Hypervisor.Flags.AnyHypervisorPresent Value: 1
Key : Hypervisor.Flags.ApicEnlightened Value: 1
Key : Hypervisor.Flags.ApicVirtualizationAvailable Value: 0
Key : Hypervisor.Flags.AsyncMemoryHint Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested Value: 0
Key : Hypervisor.Flags.CpuManager Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled Value: 0
Key : Hypervisor.Flags.Epf Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable Value: 0
Key : Hypervisor.Flags.MaxBankNumber Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush Value: 1
Key : Hypervisor.Flags.NoNonArchCoreSharing Value: 0
Key : Hypervisor.Flags.Phase0InitDone Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos Value: 0
Key : Hypervisor.Flags.RootScheduler Value: 0
Key : Hypervisor.Flags.SynicAvailable Value: 1
Key : Hypervisor.Flags.UseQpcBias Value: 0
Key : Hypervisor.Flags.Value Value: 536617
Key : Hypervisor.Flags.ValueHex Value: 0x83029
Key : Hypervisor.Flags.VpAssistPage Value: 1
Key : Hypervisor.Flags.VsmAvailable Value: 0
Key : Hypervisor.RootFlags.AccessStats Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled Value: 0
Key : Hypervisor.RootFlags.IsHyperV Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt Value: 0
Key : Hypervisor.RootFlags.MceEnlightened Value: 0
Key : Hypervisor.RootFlags.Nested Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor Value: 0
Key : Hypervisor.RootFlags.Value Value: 0
Key : Hypervisor.RootFlags.ValueHex Value: 0x0
Key : WER.OS.Branch Value: ge_release
Key : WER.OS.Version Value: 10.0.26100.1
BUGCHECK_P1: 0
BUGCHECK_P2: ffff990c222ef340
BUGCHECK_P3: 2
BUGCHECK_P4: ffffffffffffffff
FILE_IN_CAB: 081425-8578-01.dmp
FAULTING_THREAD: ffff990c320d7040
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXSCM: 1 (!blackboxscm)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffff8407`c189f218 fffff802`b7b0507a : 00000000`00000018 00000000`00000000 ffff990c`222ef340 00000000`00000002 : nt!KeBugCheckEx
ffff8407`c189f220 fffff802`b80de809 : 00000000`00000000 ffff990c`222ef508 00000000`00000000 00000000`00000000 : nt!ObfDereferenceObjectWithTag+0x7a
ffff8407`c189f260 fffff802`b805191a : 00000000`00000000 00000000`00000000 ffff990c`2ef29250 00000000`00000000 : nt!PspThreadDelete+0x369
ffff8407`c189f2c0 fffff802`b7b05108 : 00000000`00000000 00000000`00000000 ffff8407`c189f490 ffff990c`2ef29280 : nt!ObpRemoveObjectRoutine+0x11a
ffff8407`c189f320 fffff802`b7b56f1e : 00000000`00000000 00000000`00000000 ffff990c`17a80e60 ffff990c`17b2eca0 : nt!ObfDereferenceObjectWithTag+0x108
ffff8407`c189f360 fffff802`b7a3072c : ffff990c`320d7040 ffff990c`17b2eca0 ffff990c`17b2ec00 fffff802`b7b72e30 : nt!PspReaper+0x6e
ffff8407`c189f390 fffff802`b7c9e2da : ffff990c`320d7040 ffff990c`320d7040 fffff802`b7a30140 ffff990c`17b2eca0 : nt!ExpWorkerThread+0x5ec
ffff8407`c189f570 fffff802`b7ea67e4 : ffffe101`92651180 ffff990c`320d7040 fffff802`b7c9e280 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
ffff8407`c189f5c0 00000000`00000000 : ffff8407`c18a0000 ffff8407`c1899000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: nt!ObfDereferenceObjectWithTag+7a
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.26100.4652
STACK_COMMAND: .process /r /p 0xffff990c17a90040; .thread 0xffff990c320d7040 ; kb
BUCKET_ID_FUNC_OFFSET: 7a
FAILURE_BUCKET_ID: 0x18_OVER_DEREFERENCE_nt!ObfDereferenceObjectWithTag
OS_VERSION: 10.0.26100.1
BUILDLAB_STR: ge_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4139309c-4e9f-52f0-ac5e-4041e7a86a20}
Followup: MachineOwner
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 57.99999999999999%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
您能否将071025-6000-01.dmp、081425-8578-01.dmp 以及更多的内存转储文件通过网盘发送出来?这才可以准确的分析
您可以参考这个页面:
https://learn.microsoft.com/zh-cn/answers/questions/4370395/onedrive
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
亲爱的陈泽杰,
根据转储分析,该错误表示对象引用计数不一致,通常是由于驱动程序未能正确管理对象生命周期造成的。当句柄仍处于打开状态时引用计数降至零,或者由于增量/递减调用不匹配而变为负数时,可能会发生这种情况。
由于系统能够成功重新启动并恢复更新过程,这可能表明在升级阶段触发了与驱动程序相关的暂时性问题。我们建议采取以下作:
确保所有第三方驱动程序和固件均已更新并针对 Windows Server 2025 进行认证。
查看升级期间可能处于活动状态的任何非 Microsoft 内核模式驱动程序。
启用驱动程序验证程序以帮助识别未来升级周期中有问题的驱动程序。
此致敬意
哈里·潘
