BSOD PAGE_FAULT_IN_NONPAGED_AREA (50)
-
Friday, November 30, 2012 9:50 PM
I am running Server 2008 R2 as a hyper-v host. Twice in the last nine days i have gotten a BSOD. Here is the analysis from windbg
first BSOD
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\111812-19032-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\symbolfiles*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504
Machine Name:
Kernel base = 0xfffff800`01809000 PsLoadedModuleList = 0xfffff800`01a4d670
Debug session time: Sun Nov 18 00:07:59.690 2012 (UTC - 6:00)
System Uptime: 65 days 13:12:18.620
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 0, fffff8000188c925}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KeSetEvent+1e3 )
Followup: MachineOwner
---------
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000188c925, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001ab7100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeSetEvent+1e3
fffff800`0188c925 488b00 mov rax,qword ptr [rax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88002be9a70 -- (.trap 0xfffff88002be9a70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa803bdeb510
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000188c925 rsp=fffff88002be9c00 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8056dccd20 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!KeSetEvent+0x1e3:
fffff800`0188c925 488b00 mov rax,qword ptr [rax] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001887769 to fffff800018881c0
STACK_TEXT:
fffff880`02be9928 fffff800`01887769 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02be9930 fffff800`018863e0 : 000067f0`a898a918 00000000`00000000 00000000`00000000 fffffa80`3bdeb508 : nt!KiBugCheckDispatch+0x69
fffff880`02be9a70 fffff800`0188c925 : 00000000`00000001 00000000`00000000 00000000`00000001 fffffa80`3bdea378 : nt!KiPageFault+0x260
fffff880`02be9c00 fffff880`01390ef3 : 00000000`00000000 00000000`00000000 fffffa80`24f97900 00000000`00000001 : nt!KeSetEvent+0x1e3
fffff880`02be9c70 fffff800`01891851 : fffff880`01390eb0 fffff800`01a252d8 fffffa80`24c42b50 fffffa80`538b9168 : fltmgr!FltpProcessGenericWorkItem+0x43
fffff880`02be9cb0 fffff800`01b1ee6a : 00000000`00000000 fffffa80`24c42b50 00000000`00000080 fffffa80`24c12040 : nt!ExpWorkerThread+0x111
fffff880`02be9d40 fffff800`01878f06 : fffff880`026b1180 fffffa80`24c42b50 fffff880`026bc4c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02be9d80 00000000`00000000 : fffff880`02bea000 fffff880`02be4000 fffff880`02be99e0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeSetEvent+1e3
fffff800`0188c925 488b00 mov rax,qword ptr [rax]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeSetEvent+1e3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4f76721c
FAILURE_BUCKET_ID: X64_0xA_nt!KeSetEvent+1e3
BUCKET_ID: X64_0xA_nt!KeSetEvent+1e3
Followup: MachineOwner
---------
Second BSOD
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\112912-19562-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\symbolfiles*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504
Machine Name:
Kernel base = 0xfffff800`01855000 PsLoadedModuleList = 0xfffff800`01a99670
Debug session time: Thu Nov 29 22:51:58.252 2012 (UTC - 6:00)
System Uptime: 11 days 22:40:59.207
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa80313066c0, 0, fffff800018d8766, 0}
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : ntkrnlmp.exe ( nt!KeSetEvent+16 )
Followup: MachineOwner
---------
8: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa80313066c0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800018d8766, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001b03100
fffffa80313066c0
FAULTING_IP:
nt!KeSetEvent+16
fffff800`018d8766 f6037f test byte ptr [rbx],7Fh
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff88002bd4a70 -- (.trap 0xfffff88002bd4a70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8028544810 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800018d8766 rsp=fffff88002bd4c00 rbp=0000000000000001
r8=0000000000000000 r9=00000000000003d0 r10=fffff880013377c0
r11=fffffa8029c35790 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!KeSetEvent+0x16:
fffff800`018d8766 f6037f test byte ptr [rbx],7Fh ds:b7b0:00000000`00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000187c55c to fffff800018d41c0
STACK_TEXT:
fffff880`02bd4908 fffff800`0187c55c : 00000000`00000050 fffffa80`313066c0 00000000`00000000 fffff880`02bd4a70 : nt!KeBugCheckEx
fffff880`02bd4910 fffff800`018d22ee : 00000000`00000000 fffffa80`313066c0 00000000`00000000 fffffa80`313066c0 : nt! ?? ::FNODOBFM::`string'+0x456df
fffff880`02bd4a70 fffff800`018d8766 : fffffa80`24fbb6f0 fffff880`013215d9 fffffa80`4f797010 fffffa80`24fbbc00 : nt!KiPageFault+0x16e
fffff880`02bd4c00 fffff880`0134aef3 : 00000000`00000000 00000000`00000000 fffffa80`24fbbc00 00000000`00000001 : nt!KeSetEvent+0x16
fffff880`02bd4c70 fffff800`018dd851 : fffff880`0134aeb0 fffff800`01a712d8 fffffa80`24c45b50 fffffa80`2b7859b8 : fltmgr!FltpProcessGenericWorkItem+0x43
fffff880`02bd4cb0 fffff800`01b6ae6a : 00000000`00000000 fffffa80`24c45b50 00000000`00000080 fffffa80`24c30040 : nt!ExpWorkerThread+0x111
fffff880`02bd4d40 fffff800`018c4f06 : fffff880`02471180 fffffa80`24c45b50 fffff880`0247c4c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`02bd4d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeSetEvent+16
fffff800`018d8766 f6037f test byte ptr [rbx],7Fh
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeSetEvent+16
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4f76721c
FAILURE_BUCKET_ID: X64_0x50_nt!KeSetEvent+16
BUCKET_ID: X64_0x50_nt!KeSetEvent+16
Followup: MachineOwner
---------
All Replies
-
Saturday, December 01, 2012 7:35 PM
According to above post info, we noticed that BUGCHECK_STR:0xA & BUGCHECK_STR:0x50 are the cause of BSOD. Seems your server facing memory/Physical RAM related issue.
The below are the links are for your reference, check it and troubleshoot accordingly.
- for error code 0XA:http://msdn.microsoft.com/en-us/library/windows/hardware/ff560129(v=vs.85).aspx
- for error code 0X50:http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Regards, Ravikumar P
-
Sunday, December 02, 2012 8:24 AMModerator I would also like to point out that you can contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. Please be advised that contacting phone support will be a charged call.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US please see http://support.microsoft.com for regional support phone numbers.
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Friday, December 07, 2012 5:22 AM
-
Sunday, December 02, 2012 6:29 PM
Please proceed like that:
- Run memtest86+ to check your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support for assistance
- Update all possible drivers, firmware and BIOS
- Uninstall all unused programs
- Do a clean boot: http://support.microsoft.com/kb/929135
- Run chkdsk /r /f and sfc /scannow
- Disable temporary each security software in use
Once done, reboot your server and check again.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
.png)
