BSOD - probably caused by : ntkrnlmp.exe - Server 2008

omega13 · 29 Nov 2010

Hi,

I know it's not quite win7, but I'm hoping someone can help.

The OS is Server 2008 SP 2 running as a Terminal Services server.

About a week ago it started crashing with BSODs. The only recent change was installing a new Xerox workcentre network printer 3 days earlier. It crashed 5 times over a day and a half, and by this time I was trying to work out what was going wrong.

Ran Windows Memory diagnostic after reboot - found no problems.

Chkdsk found no problems with discs either.

Updated the video drivers to current ATI drivers (were previously MS). And uninstalled all the Xerox software and reinstalled printer with driver only.

It then ran fine for nearly a week, but blue screened again last night.

I've posted the analysis of the latest memory dump and attached some older dump files.

Help would be much, much appreciated.

Thanks.
.

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80001b30bab, 0, bad0b0fc}

Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80001b30bab, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000bad0b0fc, Parameter 1 of the exception

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!RtlMapGenericMask+3b
fffff800`01b30bab 0b02 or eax,dword ptr [rdx]

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 00000000bad0b0fc

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001a86080
00000000bad0b0fc

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR: 0x1E_c0000005

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

PROCESS_NAME: ekrn.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffffa600abc8430 -- (.trap 0xfffffa600abc8430)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000080000400 rbx=0000000000000000 rcx=fffffa600abc8640
rdx=00000000bad0b0fc rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001b30bab rsp=fffffa600abc85c8 rbp=fffffa800a369bb0
r8=fffffa600abc8680 r9=00000000bad0b0fc r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!RtlMapGenericMask+0x3b:
fffff800`01b30bab 0b02 or eax,dword ptr [rdx] ds:0001:00000000`bad0b0fc=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000189bb07 to fffff800018b94d0

STACK_TEXT:
fffffa60`0abc7c48 fffff800`0189bb07 : 00000000`0000001e ffffffff`c0000005 fffff800`01b30bab 00000000`00000000 : nt!KeBugCheckEx
fffffa60`0abc7c50 fffff800`018b9329 : fffffa60`0abc8388 fffffa60`0abc8680 fffffa60`0abc8430 00000000`bad0b0fc : nt! ?? ::FNODOBFM::`string'+0x29117
fffffa60`0abc8250 fffff800`018b8125 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa60`0abc8680 : nt!KiExceptionDispatch+0xa9
fffffa60`0abc8430 fffff800`01b30bab : fffff800`01b36445 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x1e5
fffffa60`0abc85c8 fffff800`01b36445 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlMapGenericMask+0x3b
fffffa60`0abc85d0 fffff800`01b4451e : fffffa80`086f3040 00000000`00000200 00000000`00000000 00000000`00000000 : nt!SeCreateAccessStateEx+0x215
fffffa60`0abc8620 fffffa80`046a4990 : fffffa80`086f3040 fffffa80`086f3040 fffffa80`00000000 fffffa80`00000001 : nt!ObOpenObjectByPointer+0xbe
fffffa60`0abc87a0 fffffa80`086f3040 : fffffa80`086f3040 fffffa80`00000000 fffffa80`00000001 fffffa80`0368a840 : 0xfffffa80`046a4990
fffffa60`0abc87a8 fffffa80`086f3040 : fffffa80`00000000 fffffa80`00000001 fffffa80`0368a840 fffffa80`046a4800 : 0xfffffa80`086f3040
fffffa60`0abc87b0 fffffa80`00000000 : fffffa80`00000001 fffffa80`0368a840 fffffa80`046a4800 fffffa60`0abc8818 : 0xfffffa80`086f3040
fffffa60`0abc87b8 fffffa80`00000001 : fffffa80`0368a840 fffffa80`046a4800 fffffa60`0abc8818 fffffa60`0abc8848 : 0xfffffa80`00000000
fffffa60`0abc87c0 fffffa80`0368a840 : fffffa80`046a4800 fffffa60`0abc8818 fffffa60`0abc8848 fffffa80`086f3040 : 0xfffffa80`00000001
fffffa60`0abc87c8 fffffa80`046a4800 : fffffa60`0abc8818 fffffa60`0abc8848 fffffa80`086f3040 00000000`00000001 : 0xfffffa80`0368a840
fffffa60`0abc87d0 fffffa60`0abc8818 : fffffa60`0abc8848 fffffa80`086f3040 00000000`00000001 00000000`00000000 : 0xfffffa80`046a4800
fffffa60`0abc87d8 fffffa60`0abc8848 : fffffa80`086f3040 00000000`00000001 00000000`00000000 fffffa80`046a4b8a : 0xfffffa60`0abc8818
fffffa60`0abc87e0 fffffa80`086f3040 : 00000000`00000001 00000000`00000000 fffffa80`046a4b8a ffffffff`ffb3b4c0 : 0xfffffa60`0abc8848
fffffa60`0abc87e8 00000000`00000001 : 00000000`00000000 fffffa80`046a4b8a ffffffff`ffb3b4c0 00000000`00000001 : 0xfffffa80`086f3040
fffffa60`0abc87f0 00000000`00000000 : fffffa80`046a4b8a ffffffff`ffb3b4c0 00000000`00000001 00000000`017dec10 : 0x1

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!RtlMapGenericMask+3b
fffff800`01b30bab 0b02 or eax,dword ptr [rdx]

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!RtlMapGenericMask+3b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e5ae3

FAILURE_BUCKET_ID: X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b

BUCKET_ID: X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b

Followup: MachineOwner

CarlTR6 · 29 Nov 2010

Hi, omega, and welcome to the forums. Sorry you are having trouble. Please read this thread, follow the instructions and post back. We will be glad to help you.

https://www.sevenforums.com/crashes-d...tructions.html

omega13 · 30 Nov 2010

Ok, thanks for the response.

Zip file attached as requested.

Thanks.

CarlTR6 · 30 Nov 2010

Thanks, Omega. I have requested help for you. I am not experienced with Server 2008. We have folks here who do have that experience.

Jonathan_King · 30 Nov 2010

Hello,

A quick look reveals ESET might be the cause. Please update it to the 2010 version here: Best Free Antivirus Software Trial: Free Home, Business and Gaming Download from ESET

Also, your Broadcom Ethernet drivers are getting old:

Code:

b57nd60a.sys     Mon Feb 26 17:50:43 2007 (45E36443)

Please install these updated ones: Broadcom.com - Ethernet NIC NetXtreme Server Driver Downloads

Be sure to download the ones for Windows Server 2008 x64.

...Summary of the dumps

Code:


Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 29 05:24:54.224 2010 (UTC - 5:00)
System Uptime: 6 days 6:58:32.733
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 22 22:19:20.741 2010 (UTC - 5:00)
System Uptime: 0 days 0:21:24.323
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 22 18:03:43.599 2010 (UTC - 5:00)
System Uptime: 0 days 15:16:23.251
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 22 02:41:19.461 2010 (UTC - 5:00)
System Uptime: 0 days 0:10:10.148
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 22 02:22:05.890 2010 (UTC - 5:00)
System Uptime: 0 days 9:16:35.183
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Sun Nov 21 16:56:37.315 2010 (UTC - 5:00)
System Uptime: 2 days 11:54:35.104
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
BUGCHECK_STR:  0x1E_c0000005
DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME:  ekrn.exe
FAILURE_BUCKET_ID:  X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

omega13 · 30 Nov 2010

Many thanks for the response.

From my amateur reading of the dumps I thought the crashes may have been due to ESET. And some Dell diagnostics had pointed me in the direction of the NIC - but all things being equal, since they had worked happily for a while now, I was reluctant to change them...

But following another BSOD this morning I've taken the plunge and updated both.

As a side note, since doing this another problem seems to have been resolved - a process / print routine that in the last while (about 2 weeks before crashes started) had become excruciatingly slow has gone back to normal. Seems to support the idea that one of these was the culprit.

But only time will tell - now just have to wait and see.

Thanks again.

CarlTR6 · 30 Nov 2010

Thanks for reporting back. I am glad your system is running better. That is good news.

Jonathan_King · 30 Nov 2010

Glad to hear the news.

It would not be extraordinary if your problem was caused by a combination of things. Who knows, maybe if you had only updated ESET the problem would have been resolved. Or, perhaps the Broadcom driver update would have done the trick.

In any case, good luck.

fmejiaihs · 03 Aug 2015

Hello,

This is my first time posting here. my apologies if posting incorectly.
Would please help me analyze the attached file? I experienced a system crash and I haven't been able to figure out the root cause of the issue.

Let me know if additional information is needed. I figured the file should contain all needed information about the system.

Many Thanks in advance

-Fredy

BSOD - probably caused by : ntkrnlmp.exe - Server 2008

BSOD - probably caused by : ntkrnlmp.exe - Server 2008

BSOD crash