CyberDocSupport
asked on
Need help interpreting Crash dump analysis
I have a win2k3 R2 SP2 server that randomly BSODs. The only hardware I have tried replacing is the RAM chips though that doesn't seem to have made a difference. I recently ran a crash dump analysis with Microsofts tool. I have never used it before and am not very familiar with how to read it but my impression is it's a driver issue. Any additional input would be appreciated, thanks. Let me know if I need to submit something further to help.
Loading unloaded module list
.................
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
Debugging Details:
------------------
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
*** WARNING: Unable to verify timestamp for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
GetContextState failed, 0x80070026
Unable to read selector for PCR for processor 1
READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
+1b9952f00e8dfe0
00000000 ?? ???
PROCESS_NAME: Idle
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: 8089a538 -- (.trap 0xffffffff8089a538)
ErrCode = 00000010
eax=89ecd000 ebx=00000000 ecx=ffdffa48 edx=ffdffa40 esi=8a544240 edi=ffdffa40
eip=00000000 esp=8089a5ac ebp=8089a600 iopl=0 vif nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00090246
00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 00000000 to 8088c963
FAILED_INSTRUCTION_ADDRESS:
+1b9952f00e8dfe0
00000000 ?? ???
STACK_TEXT:
8089a538 00000000 badb0d00 ffdffa40 8a5188bc nt!KiTrap0E+0x2a7
WARNING: Frame IP not in any known module. Following frames may be wrong.
8089a5a8 808320f0 8a544240 00000000 b9c9e160 0x0
8089a600 8088de1f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca
8089a604 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+2a7
8088c963 833da0628a8000 cmp dword ptr [nt!KiFreezeFlag (808a62a0)],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+2a7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45d69710
FAILURE_BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
BUCKET_ID: 0xD1_CODE_AV_NULL_IP_nt!KiTrap0E+2a7
Followup: MachineOwner
---------
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ran Memtest for 12+ hours with no errors reported.
So we have to wait for the next crash, I reckon ...
ASKER
Seems that way. The way things are going that won't be very long..........
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER