bin_asc
June 19th, 2008, 12:28 PM
I have ESS Business Edition, and running on a Win 2k3 Server, last night we had a sort of BSOD, and the server restarted.
-{ Quote: "
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000062, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: baa0e90b, address which referenced memory
Debugging Details:
------------------
*** ERROR: Symbol file could not be found. Defaulted to export symbols for epfw
tdi.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Epfw
ndis.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for epfw
.sys -
READ_ADDRESS: 00000062
CURRENT_IRQL: 2
FAULTING_IP:
epfwtdi+390b
baa0e90b 8b4060 mov eax,dword ptr [eax+60h]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: f78f66a8 -- (.trap 0xfffffffff78f66a8)
ErrCode = 00000000
eax=00000002 ebx=baa182c0 ecx=00baa0ea edx=00000000 esi=8a1e26b0 edi=f78f680c
eip=baa0e90b esp=f78f671c ebp=f78f6760 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
epfwtdi+0x390b:
baa0e90b 8b4060 mov eax,dword ptr [eax+60h] ds:0023:00000062=??????
??
Resetting default scope
LAST_CONTROL_TRANSFER: from baa0e90b to 8088c963
STACK_TEXT:
f78f66a8 baa0e90b badb0d00 00000000 000e0000 nt!KiTrap0E+0x2a7
WARNING: Stack unwind information not available. Following frames may be wrong.
f78f6760 baa0c70a baa182c0 8a1e26b0 00000016 epfwtdi+0x390b
f78f67a4 baa3e9dc 8a1e26b0 00000016 f78f680c epfwtdi+0x170a
f78f6828 baa3ebdd 8a1d3c38 826f1bd0 0000850b tcpip!DelayedAcceptConn+0xbe
f78f68fc baa32236 8b2b76e8 ea2f564a 826f1bd0 tcpip!TCPRcv+0xddb
f78f695c baa54d2d 00000020 8b2b76e8 baa359d2 tcpip!DeliverToUser+0x189
f78f69d8 baa439f4 8acf0a70 8b2b76e8 8a5590b2 tcpip!DeliverToUserEx+0x951
f78f6a6c baa30684 8b2b76e8 8a5590c6 00000014 tcpip!IPRcvPacket+0x6e1
f78f6aac baa39b1a 00000000 8a559058 8a5590a4 tcpip!ARPRcvIndicationNew+0x167
f78f6adc f7af5ab5 8acffd88 8a559058 8a5590a4 tcpip!ARPRcv+0x42
f78f6b44 bacc9a21 8b27a130 f78f6b68 00000001 NDIS!ethFilterDprIndicateReceivePac
ket+0x3c2
f78f6b70 f7af5749 012c8788 8a559058 8a5590a4 psched!ClReceiveIndication+0x91
f78f6bd8 f7699f49 8b379130 f78f6c08 00000001 NDIS!ethFilterDprIndicateReceivePac
ket+0x246
f78f6c00 f769af3b 8a559058 00000000 8b285008 Epfwndis+0x2f49
f78f6c44 f76989cb 830020cc 8ae02638 00000008 Epfwndis!IoVolumeDeviceToDosName+0x
b91
f78f6c90 f7ade351 8b2d56e0 898cb008 898cb078 Epfwndis+0x19cb
f78f6ca8 f7ade47c 8b2d56e0 898cb008 899c49b8 NDIS!ndisDummyIrpHandler+0x48
f78f6d44 8081df65 8b2d56e0 898cb008 899c49a8 NDIS!ndisDeviceControlIrpHandler+0x
5c
f78f6d58 ba39f011 8b978db0 808ae5fc 899c49a8 nt!IofCallDriver+0x45
f78f6d80 8088043d 899c49a8 00000000 8b978db0 epfw!free+0x143d
f78f6dac 80949b7c 899c49a8 00000000 00000000 nt!ExpWorkerThread+0xeb
f78f6ddc 8088e062 80880352 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
epfwtdi+390b
baa0e90b 8b4060 mov eax,dword ptr [eax+60h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: epfwtdi+390b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: epfwtdi
IMAGE_NAME: epfwtdi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47d947b8
FAILURE_BUCKET_ID: 0xD1_epfwtdi+390b
BUCKET_ID: 0xD1_epfwtdi+390b
Followup: MachineOwner
---------
" }-
I have the full memory dump on the server, 147 MB, so I`m not sure how I can send that over.
-{ Quote: "
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000062, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: baa0e90b, address which referenced memory
Debugging Details:
------------------
*** ERROR: Symbol file could not be found. Defaulted to export symbols for epfw
tdi.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Epfw
ndis.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for epfw
.sys -
READ_ADDRESS: 00000062
CURRENT_IRQL: 2
FAULTING_IP:
epfwtdi+390b
baa0e90b 8b4060 mov eax,dword ptr [eax+60h]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: f78f66a8 -- (.trap 0xfffffffff78f66a8)
ErrCode = 00000000
eax=00000002 ebx=baa182c0 ecx=00baa0ea edx=00000000 esi=8a1e26b0 edi=f78f680c
eip=baa0e90b esp=f78f671c ebp=f78f6760 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
epfwtdi+0x390b:
baa0e90b 8b4060 mov eax,dword ptr [eax+60h] ds:0023:00000062=??????
??
Resetting default scope
LAST_CONTROL_TRANSFER: from baa0e90b to 8088c963
STACK_TEXT:
f78f66a8 baa0e90b badb0d00 00000000 000e0000 nt!KiTrap0E+0x2a7
WARNING: Stack unwind information not available. Following frames may be wrong.
f78f6760 baa0c70a baa182c0 8a1e26b0 00000016 epfwtdi+0x390b
f78f67a4 baa3e9dc 8a1e26b0 00000016 f78f680c epfwtdi+0x170a
f78f6828 baa3ebdd 8a1d3c38 826f1bd0 0000850b tcpip!DelayedAcceptConn+0xbe
f78f68fc baa32236 8b2b76e8 ea2f564a 826f1bd0 tcpip!TCPRcv+0xddb
f78f695c baa54d2d 00000020 8b2b76e8 baa359d2 tcpip!DeliverToUser+0x189
f78f69d8 baa439f4 8acf0a70 8b2b76e8 8a5590b2 tcpip!DeliverToUserEx+0x951
f78f6a6c baa30684 8b2b76e8 8a5590c6 00000014 tcpip!IPRcvPacket+0x6e1
f78f6aac baa39b1a 00000000 8a559058 8a5590a4 tcpip!ARPRcvIndicationNew+0x167
f78f6adc f7af5ab5 8acffd88 8a559058 8a5590a4 tcpip!ARPRcv+0x42
f78f6b44 bacc9a21 8b27a130 f78f6b68 00000001 NDIS!ethFilterDprIndicateReceivePac
ket+0x3c2
f78f6b70 f7af5749 012c8788 8a559058 8a5590a4 psched!ClReceiveIndication+0x91
f78f6bd8 f7699f49 8b379130 f78f6c08 00000001 NDIS!ethFilterDprIndicateReceivePac
ket+0x246
f78f6c00 f769af3b 8a559058 00000000 8b285008 Epfwndis+0x2f49
f78f6c44 f76989cb 830020cc 8ae02638 00000008 Epfwndis!IoVolumeDeviceToDosName+0x
b91
f78f6c90 f7ade351 8b2d56e0 898cb008 898cb078 Epfwndis+0x19cb
f78f6ca8 f7ade47c 8b2d56e0 898cb008 899c49b8 NDIS!ndisDummyIrpHandler+0x48
f78f6d44 8081df65 8b2d56e0 898cb008 899c49a8 NDIS!ndisDeviceControlIrpHandler+0x
5c
f78f6d58 ba39f011 8b978db0 808ae5fc 899c49a8 nt!IofCallDriver+0x45
f78f6d80 8088043d 899c49a8 00000000 8b978db0 epfw!free+0x143d
f78f6dac 80949b7c 899c49a8 00000000 00000000 nt!ExpWorkerThread+0xeb
f78f6ddc 8088e062 80880352 00000001 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
epfwtdi+390b
baa0e90b 8b4060 mov eax,dword ptr [eax+60h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: epfwtdi+390b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: epfwtdi
IMAGE_NAME: epfwtdi.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 47d947b8
FAILURE_BUCKET_ID: 0xD1_epfwtdi+390b
BUCKET_ID: 0xD1_epfwtdi+390b
Followup: MachineOwner
---------
" }-
I have the full memory dump on the server, 147 MB, so I`m not sure how I can send that over.