Jump to content

Server was rebooted unexpectedly with memory dump

Guest sam060

By Guest sam060
in Windows 2003 Server

 Share

Recommended Posts

Guest sam060

Guest sam060

Posted
Posted

following is the windebug memory.dmp analysis report

 

Microsoft ® Windows Debugger Version 6.9.0003.113 AMD64

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available

 

Symbol search path is: SRV*your local symbol

folder*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs)

Free x64

Product: Server, suite: TerminalServer SingleUserTS

Built by: 3790.srv03_sp2_gdr.070321-2337

Kernel base = 0xfffff800`01000000 PsLoadedModuleList =

0xfffff800`011d4140

Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4)

System Uptime: 18 days 16:41:08.319

Loading Kernel Symbols

.......................................................................................................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

for details

Loading unloaded module list

.....

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck C5, {0, 2, 1, fffff800011a9eba}

 

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

for details

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

for details

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c )

 

Followup: Pool_corruption

---------

 

0: kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

DRIVER_CORRUPTED_EXPOOL (c5)

An attempt was made to access a pageable (or completely invalid)

address at an

interrupt request level (IRQL) that is too high. This is

caused by drivers that have corrupted the system pool. Run the driver

verifier against any new (or suspect) drivers, and if that doesn't turn

up

the culprit, then use gflags to enable special pool.

Arguments:

Arg1: 0000000000000000, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000001, value 0 = read operation, 1 = write operation

Arg4: fffff800011a9eba, address which referenced memory

 

Debugging Details:

------------------

 

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

for details

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

for details

 

OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys'

overlap

 

BUGCHECK_STR: 0xC5_2

 

CURRENT_IRQL: 2

 

FAULTING_IP:

nt!ExDeferredFreePool+33c

fffff800`011a9eba 488908 mov qword ptr [rax],rcx

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

PROCESS_NAME: vssvc.exe

 

IRP_ADDRESS: fffffadf360851f8

 

TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60

rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500

rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0

r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010

r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei ng nz ac po cy

nt!ExDeferredFreePool+0x33c:

fffff800`011a9eba 488908 mov qword ptr [rax],rcx

ds:00000000`00000000=????????????????

Resetting default scope

 

LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890

 

STACK_TEXT:

fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a

00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx

fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000

fffffa80`09f9f394 00000000`80023800 00000000`00000000 :

nt!KiBugCheckDispatch+0x74

fffffadf`20380710 fffff800`011a9eba : 00000000`00000000

00000000`00000040 0000000d`00000000 fffffadf`30fd5500 :

nt!KiPageFault+0x207

fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570

00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 :

nt!ExDeferredFreePool+0x33c

fffffadf`20380910 fffff800`01049e1c : 00000000`00000000

00000000`00000000 fffffadf`33488a20 00000000`00000000 :

nt!ExFreePoolWithTag+0x759

fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270

fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 :

nt!IopCompleteRequest+0x121

fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000

00000000`00000000 00000000`00000000 00000000`00000000 :

nt!KiDeliverApc+0x215

fffffadf`20380b10 fffff800`0102828e : 00000000`00000000

00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 :

nt!KiSwapThread+0x3e9

fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000

fffff800`00000006 00000000`00000001 00000000`00000401 :

nt!KeWaitForSingleObject+0x5a6

fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20

fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 :

nt!NtWaitForSingleObject+0xc1

fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000

00000000`00000000 00000000`00000000 00000000`00000000 :

nt!KiSystemServiceCopyEnd+0x3

00000000`034fce38 00000000`00000000 : 00000000`00000000

00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!ExDeferredFreePool+33c

fffff800`011a9eba 488908 mov qword ptr [rax],rcx

 

SYMBOL_STACK_INDEX: 3

 

SYMBOL_NAME: nt!ExDeferredFreePool+33c

 

FOLLOWUP_NAME: Pool_corruption

 

IMAGE_NAME: Pool_Corruption

 

DEBUG_FLR_IMAGE_TIMESTAMP: 0

 

MODULE_NAME: Pool_Corruption

 

FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

 

BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

 

Followup: Pool_corruption

 

 

can any one tell me the exact problem

 

thanks

sameer naik

system admin

zenith infotech

sam060@gmail.com

 

 

--

sam060

------------------------------------------------------------------------

sam060's Profile: http://forums.techarena.in/members/sam060.htm

View this thread: http://forums.techarena.in/windows-server-help/1046766.htm

 

http://forums.techarena.in

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Sven-D

Guest Sven-D

Posted
Posted

RE: Server was rebooted unexpectedly with memory dump

 

Seems to me it has something to do with the Volume Shadow Copy Service (ref.

vssvc.exe).

 

Does the server boot again? Is it heavily loaded (exchange, sql...)? When

did this happen, during backup, antivirus scanning, anything else?

 

 

 

"sam060" wrote:

>

> following is the windebug memory.dmp analysis report

>

> Microsoft ® Windows Debugger Version 6.9.0003.113 AMD64

> Copyright © Microsoft Corporation. All rights reserved.

>

>

> Loading Dump File [C:\WINDOWS\MEMORY.DMP]

> Kernel Summary Dump File: Only kernel address space is available

>

> Symbol search path is: SRV*your local symbol

> folder*http://msdl.microsoft.com/download/symbols

> Executable search path is:

> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs)

> Free x64

> Product: Server, suite: TerminalServer SingleUserTS

> Built by: 3790.srv03_sp2_gdr.070321-2337

> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =

> 0xfffff800`011d4140

> Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4)

> System Uptime: 18 days 16:41:08.319

> Loading Kernel Symbols

> .......................................................................................................................

> Loading User Symbols

> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

> for details

> Loading unloaded module list

> .....

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> Use !analyze -v to get detailed debugging information.

>

> BugCheck C5, {0, 2, 1, fffff800011a9eba}

>

> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

> for details

> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

> for details

> Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c )

>

> Followup: Pool_corruption

> ---------

>

> 0: kd> !analyze -v

> *******************************************************************************

> *

> *

> * Bugcheck Analysis

> *

> *

> *

> *******************************************************************************

>

> DRIVER_CORRUPTED_EXPOOL (c5)

> An attempt was made to access a pageable (or completely invalid)

> address at an

> interrupt request level (IRQL) that is too high. This is

> caused by drivers that have corrupted the system pool. Run the driver

> verifier against any new (or suspect) drivers, and if that doesn't turn

> up

> the culprit, then use gflags to enable special pool.

> Arguments:

> Arg1: 0000000000000000, memory referenced

> Arg2: 0000000000000002, IRQL

> Arg3: 0000000000000001, value 0 = read operation, 1 = write operation

> Arg4: fffff800011a9eba, address which referenced memory

>

> Debugging Details:

> ------------------

>

> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

> for details

> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"

> for details

>

> OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys'

> overlap

>

> BUGCHECK_STR: 0xC5_2

>

> CURRENT_IRQL: 2

>

> FAULTING_IP:

> nt!ExDeferredFreePool+33c

> fffff800`011a9eba 488908 mov qword ptr [rax],rcx

>

> DEFAULT_BUCKET_ID: DRIVER_FAULT

>

> PROCESS_NAME: vssvc.exe

>

> IRP_ADDRESS: fffffadf360851f8

>

> TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710)

> NOTE: The trap frame does not contain all registers.

> Some register values may be zeroed or incorrect.

> rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60

> rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500

> rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0

> r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010

> r11=0000000000000000 r12=0000000000000000 r13=0000000000000000

> r14=0000000000000000 r15=0000000000000000

> iopl=0 nv up ei ng nz ac po cy

> nt!ExDeferredFreePool+0x33c:

> fffff800`011a9eba 488908 mov qword ptr [rax],rcx

> ds:00000000`00000000=????????????????

> Resetting default scope

>

> LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890

>

> STACK_TEXT:

> fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a

> 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx

> fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000

> fffffa80`09f9f394 00000000`80023800 00000000`00000000 :

> nt!KiBugCheckDispatch+0x74

> fffffadf`20380710 fffff800`011a9eba : 00000000`00000000

> 00000000`00000040 0000000d`00000000 fffffadf`30fd5500 :

> nt!KiPageFault+0x207

> fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570

> 00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 :

> nt!ExDeferredFreePool+0x33c

> fffffadf`20380910 fffff800`01049e1c : 00000000`00000000

> 00000000`00000000 fffffadf`33488a20 00000000`00000000 :

> nt!ExFreePoolWithTag+0x759

> fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270

> fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 :

> nt!IopCompleteRequest+0x121

> fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000

> 00000000`00000000 00000000`00000000 00000000`00000000 :

> nt!KiDeliverApc+0x215

> fffffadf`20380b10 fffff800`0102828e : 00000000`00000000

> 00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 :

> nt!KiSwapThread+0x3e9

> fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000

> fffff800`00000006 00000000`00000001 00000000`00000401 :

> nt!KeWaitForSingleObject+0x5a6

> fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20

> fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 :

> nt!NtWaitForSingleObject+0xc1

> fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000

> 00000000`00000000 00000000`00000000 00000000`00000000 :

> nt!KiSystemServiceCopyEnd+0x3

> 00000000`034fce38 00000000`00000000 : 00000000`00000000

> 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a

>

>

> STACK_COMMAND: kb

>

> FOLLOWUP_IP:

> nt!ExDeferredFreePool+33c

> fffff800`011a9eba 488908 mov qword ptr [rax],rcx

>

> SYMBOL_STACK_INDEX: 3

>

> SYMBOL_NAME: nt!ExDeferredFreePool+33c

>

> FOLLOWUP_NAME: Pool_corruption

>

> IMAGE_NAME: Pool_Corruption

>

> DEBUG_FLR_IMAGE_TIMESTAMP: 0

>

> MODULE_NAME: Pool_Corruption

>

> FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

>

> BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

>

> Followup: Pool_corruption

>

>

> can any one tell me the exact problem

>

> thanks

> sameer naik

> system admin

> zenith infotech

> sam060@gmail.com

>

>

> --

> sam060

> ------------------------------------------------------------------------

> sam060's Profile: http://forums.techarena.in/members/sam060.htm

> View this thread: http://forums.techarena.in/windows-server-help/1046766.htm

>

> http://forums.techarena.in

>

>

 Share
Go to topic listing
×
×
  • Create New...