New
#1
BSOD - probably caused by : ntkrnlmp.exe - Server 2008
Hi,
I know it's not quite win7, but I'm hoping someone can help.
The OS is Server 2008 SP 2 running as a Terminal Services server.
About a week ago it started crashing with BSODs. The only recent change was installing a new Xerox workcentre network printer 3 days earlier. It crashed 5 times over a day and a half, and by this time I was trying to work out what was going wrong.
Ran Windows Memory diagnostic after reboot - found no problems.
Chkdsk found no problems with discs either.
Updated the video drivers to current ATI drivers (were previously MS). And uninstalled all the Xerox software and reinstalled printer with driver only.
It then ran fine for nearly a week, but blue screened again last night.
I've posted the analysis of the latest memory dump and attached some older dump files.
Help would be much, much appreciated.
Thanks.
.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80001b30bab, 0, bad0b0fc}
Probably caused by : ntkrnlmp.exe ( nt!RtlMapGenericMask+3b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80001b30bab, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000bad0b0fc, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!RtlMapGenericMask+3b
fffff800`01b30bab 0b02 or eax,dword ptr [rdx]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000000bad0b0fc
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001a86080
00000000bad0b0fc
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
PROCESS_NAME: ekrn.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffffa600abc8430 -- (.trap 0xfffffa600abc8430)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000080000400 rbx=0000000000000000 rcx=fffffa600abc8640
rdx=00000000bad0b0fc rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001b30bab rsp=fffffa600abc85c8 rbp=fffffa800a369bb0
r8=fffffa600abc8680 r9=00000000bad0b0fc r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!RtlMapGenericMask+0x3b:
fffff800`01b30bab 0b02 or eax,dword ptr [rdx] ds:0001:00000000`bad0b0fc=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000189bb07 to fffff800018b94d0
STACK_TEXT:
fffffa60`0abc7c48 fffff800`0189bb07 : 00000000`0000001e ffffffff`c0000005 fffff800`01b30bab 00000000`00000000 : nt!KeBugCheckEx
fffffa60`0abc7c50 fffff800`018b9329 : fffffa60`0abc8388 fffffa60`0abc8680 fffffa60`0abc8430 00000000`bad0b0fc : nt! ?? ::FNODOBFM::`string'+0x29117
fffffa60`0abc8250 fffff800`018b8125 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa60`0abc8680 : nt!KiExceptionDispatch+0xa9
fffffa60`0abc8430 fffff800`01b30bab : fffff800`01b36445 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x1e5
fffffa60`0abc85c8 fffff800`01b36445 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlMapGenericMask+0x3b
fffffa60`0abc85d0 fffff800`01b4451e : fffffa80`086f3040 00000000`00000200 00000000`00000000 00000000`00000000 : nt!SeCreateAccessStateEx+0x215
fffffa60`0abc8620 fffffa80`046a4990 : fffffa80`086f3040 fffffa80`086f3040 fffffa80`00000000 fffffa80`00000001 : nt!ObOpenObjectByPointer+0xbe
fffffa60`0abc87a0 fffffa80`086f3040 : fffffa80`086f3040 fffffa80`00000000 fffffa80`00000001 fffffa80`0368a840 : 0xfffffa80`046a4990
fffffa60`0abc87a8 fffffa80`086f3040 : fffffa80`00000000 fffffa80`00000001 fffffa80`0368a840 fffffa80`046a4800 : 0xfffffa80`086f3040
fffffa60`0abc87b0 fffffa80`00000000 : fffffa80`00000001 fffffa80`0368a840 fffffa80`046a4800 fffffa60`0abc8818 : 0xfffffa80`086f3040
fffffa60`0abc87b8 fffffa80`00000001 : fffffa80`0368a840 fffffa80`046a4800 fffffa60`0abc8818 fffffa60`0abc8848 : 0xfffffa80`00000000
fffffa60`0abc87c0 fffffa80`0368a840 : fffffa80`046a4800 fffffa60`0abc8818 fffffa60`0abc8848 fffffa80`086f3040 : 0xfffffa80`00000001
fffffa60`0abc87c8 fffffa80`046a4800 : fffffa60`0abc8818 fffffa60`0abc8848 fffffa80`086f3040 00000000`00000001 : 0xfffffa80`0368a840
fffffa60`0abc87d0 fffffa60`0abc8818 : fffffa60`0abc8848 fffffa80`086f3040 00000000`00000001 00000000`00000000 : 0xfffffa80`046a4800
fffffa60`0abc87d8 fffffa60`0abc8848 : fffffa80`086f3040 00000000`00000001 00000000`00000000 fffffa80`046a4b8a : 0xfffffa60`0abc8818
fffffa60`0abc87e0 fffffa80`086f3040 : 00000000`00000001 00000000`00000000 fffffa80`046a4b8a ffffffff`ffb3b4c0 : 0xfffffa60`0abc8848
fffffa60`0abc87e8 00000000`00000001 : 00000000`00000000 fffffa80`046a4b8a ffffffff`ffb3b4c0 00000000`00000001 : 0xfffffa80`086f3040
fffffa60`0abc87f0 00000000`00000000 : fffffa80`046a4b8a ffffffff`ffb3b4c0 00000000`00000001 00000000`017dec10 : 0x1
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!RtlMapGenericMask+3b
fffff800`01b30bab 0b02 or eax,dword ptr [rdx]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!RtlMapGenericMask+3b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e5ae3
FAILURE_BUCKET_ID: X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b
BUCKET_ID: X64_0x1E_c0000005_BADMEMREF_nt!RtlMapGenericMask+3b
Followup: MachineOwner