A
Andreas.Konrad
Hi,
one of our terminalserver crashes quite often with BugCheck 100000D1!
Could someone analyse my minidump and tell me what is the faulting module?
Thanks a lot!
Regards
Andi
************************************************************
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\d\Analysedaten\BSOD_NTCL0512\Mini012308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free
x86 compatible
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_sp2_gdr.070304-2240
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Jan 23 18:54:02.559 2008 (GMT+1)
System Uptime: 2 days 3:32:48.671
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, d0000002, 8, 0}
Probably caused by : ntkrpamp.exe ( nt!KiIdleLoop+a )
Followup: MachineOwner
---------
14: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
+0
00000000 ?? ???
PROCESS_NAME: Idle
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from f779fee0 to 00000000
FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f7916d30 f779fee0 8086efcf f779f000 a37c2c70 0x0
f7916d50 8088ddf2 00000000 0000000e 00000000 0xf779fee0
f7916d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiIdleLoop+a
8088ddf2 f390 pause
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiIdleLoop+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ec0a19
FAILURE_BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiIdleLoop+a
BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiIdleLoop+a
Followup: MachineOwner
---------
************************************************************
one of our terminalserver crashes quite often with BugCheck 100000D1!
Could someone analyse my minidump and tell me what is the faulting module?
Thanks a lot!
Regards
Andi
************************************************************
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\d\Analysedaten\BSOD_NTCL0512\Mini012308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (16 procs) Free
x86 compatible
Product: Server, suite: Enterprise TerminalServer
Built by: 3790.srv03_sp2_gdr.070304-2240
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Jan 23 18:54:02.559 2008 (GMT+1)
System Uptime: 2 days 3:32:48.671
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, d0000002, 8, 0}
Probably caused by : ntkrpamp.exe ( nt!KiIdleLoop+a )
Followup: MachineOwner
---------
14: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
+0
00000000 ?? ???
PROCESS_NAME: Idle
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from f779fee0 to 00000000
FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
f7916d30 f779fee0 8086efcf f779f000 a37c2c70 0x0
f7916d50 8088ddf2 00000000 0000000e 00000000 0xf779fee0
f7916d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0xa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiIdleLoop+a
8088ddf2 f390 pause
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiIdleLoop+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ec0a19
FAILURE_BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiIdleLoop+a
BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiIdleLoop+a
Followup: MachineOwner
---------
************************************************************