Guest sam060 Posted September 30, 2008 Posted September 30, 2008 following is the windebug memory.dmp analysis report Microsoft ® Windows Debugger Version 6.9.0003.113 AMD64 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*your local symbol folder*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64 Product: Server, suite: TerminalServer SingleUserTS Built by: 3790.srv03_sp2_gdr.070321-2337 Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d4140 Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4) System Uptime: 18 days 16:41:08.319 Loading Kernel Symbols ....................................................................................................................... Loading User Symbols PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C5, {0, 2, 1, fffff800011a9eba} PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c ) Followup: Pool_corruption --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff800011a9eba, address which referenced memory Debugging Details: ------------------ PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" for details OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys' overlap BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExDeferredFreePool+33c fffff800`011a9eba 488908 mov qword ptr [rax],rcx DEFAULT_BUCKET_ID: DRIVER_FAULT PROCESS_NAME: vssvc.exe IRP_ADDRESS: fffffadf360851f8 TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60 rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500 rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0 r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz ac po cy nt!ExDeferredFreePool+0x33c: fffff800`011a9eba 488908 mov qword ptr [rax],rcx ds:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890 STACK_TEXT: fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000 fffffa80`09f9f394 00000000`80023800 00000000`00000000 : nt!KiBugCheckDispatch+0x74 fffffadf`20380710 fffff800`011a9eba : 00000000`00000000 00000000`00000040 0000000d`00000000 fffffadf`30fd5500 : nt!KiPageFault+0x207 fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570 00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 : nt!ExDeferredFreePool+0x33c fffffadf`20380910 fffff800`01049e1c : 00000000`00000000 00000000`00000000 fffffadf`33488a20 00000000`00000000 : nt!ExFreePoolWithTag+0x759 fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270 fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 : nt!IopCompleteRequest+0x121 fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x215 fffffadf`20380b10 fffff800`0102828e : 00000000`00000000 00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 : nt!KiSwapThread+0x3e9 fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000 fffff800`00000006 00000000`00000001 00000000`00000401 : nt!KeWaitForSingleObject+0x5a6 fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20 fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 : nt!NtWaitForSingleObject+0xc1 fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3 00000000`034fce38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+33c fffff800`011a9eba 488908 mov qword ptr [rax],rcx SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExDeferredFreePool+33c FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c Followup: Pool_corruption can any one tell me the exact problem thanks sameer naik system admin zenith infotech sam060@gmail.com -- sam060 ------------------------------------------------------------------------ sam060's Profile: http://forums.techarena.in/members/sam060.htm View this thread: http://forums.techarena.in/windows-server-help/1046766.htm http://forums.techarena.in
Guest Sven-D Posted September 30, 2008 Posted September 30, 2008 RE: Server was rebooted unexpectedly with memory dump Seems to me it has something to do with the Volume Shadow Copy Service (ref. vssvc.exe). Does the server boot again? Is it heavily loaded (exchange, sql...)? When did this happen, during backup, antivirus scanning, anything else? "sam060" wrote: > > following is the windebug memory.dmp analysis report > > Microsoft ® Windows Debugger Version 6.9.0003.113 AMD64 > Copyright © Microsoft Corporation. All rights reserved. > > > Loading Dump File [C:\WINDOWS\MEMORY.DMP] > Kernel Summary Dump File: Only kernel address space is available > > Symbol search path is: SRV*your local symbol > folder*http://msdl.microsoft.com/download/symbols > Executable search path is: > Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) > Free x64 > Product: Server, suite: TerminalServer SingleUserTS > Built by: 3790.srv03_sp2_gdr.070321-2337 > Kernel base = 0xfffff800`01000000 PsLoadedModuleList = > 0xfffff800`011d4140 > Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4) > System Uptime: 18 days 16:41:08.319 > Loading Kernel Symbols > ....................................................................................................................... > Loading User Symbols > PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" > for details > Loading unloaded module list > ..... > ******************************************************************************* > * > * > * Bugcheck Analysis > * > * > * > ******************************************************************************* > > Use !analyze -v to get detailed debugging information. > > BugCheck C5, {0, 2, 1, fffff800011a9eba} > > PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" > for details > PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" > for details > Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c ) > > Followup: Pool_corruption > --------- > > 0: kd> !analyze -v > ******************************************************************************* > * > * > * Bugcheck Analysis > * > * > * > ******************************************************************************* > > DRIVER_CORRUPTED_EXPOOL (c5) > An attempt was made to access a pageable (or completely invalid) > address at an > interrupt request level (IRQL) that is too high. This is > caused by drivers that have corrupted the system pool. Run the driver > verifier against any new (or suspect) drivers, and if that doesn't turn > up > the culprit, then use gflags to enable special pool. > Arguments: > Arg1: 0000000000000000, memory referenced > Arg2: 0000000000000002, IRQL > Arg3: 0000000000000001, value 0 = read operation, 1 = write operation > Arg4: fffff800011a9eba, address which referenced memory > > Debugging Details: > ------------------ > > PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" > for details > PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001" > for details > > OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys' > overlap > > BUGCHECK_STR: 0xC5_2 > > CURRENT_IRQL: 2 > > FAULTING_IP: > nt!ExDeferredFreePool+33c > fffff800`011a9eba 488908 mov qword ptr [rax],rcx > > DEFAULT_BUCKET_ID: DRIVER_FAULT > > PROCESS_NAME: vssvc.exe > > IRP_ADDRESS: fffffadf360851f8 > > TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710) > NOTE: The trap frame does not contain all registers. > Some register values may be zeroed or incorrect. > rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60 > rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500 > rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0 > r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010 > r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 > r14=0000000000000000 r15=0000000000000000 > iopl=0 nv up ei ng nz ac po cy > nt!ExDeferredFreePool+0x33c: > fffff800`011a9eba 488908 mov qword ptr [rax],rcx > ds:00000000`00000000=???????????????? > Resetting default scope > > LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890 > > STACK_TEXT: > fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a > 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx > fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000 > fffffa80`09f9f394 00000000`80023800 00000000`00000000 : > nt!KiBugCheckDispatch+0x74 > fffffadf`20380710 fffff800`011a9eba : 00000000`00000000 > 00000000`00000040 0000000d`00000000 fffffadf`30fd5500 : > nt!KiPageFault+0x207 > fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570 > 00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 : > nt!ExDeferredFreePool+0x33c > fffffadf`20380910 fffff800`01049e1c : 00000000`00000000 > 00000000`00000000 fffffadf`33488a20 00000000`00000000 : > nt!ExFreePoolWithTag+0x759 > fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270 > fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 : > nt!IopCompleteRequest+0x121 > fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000 > 00000000`00000000 00000000`00000000 00000000`00000000 : > nt!KiDeliverApc+0x215 > fffffadf`20380b10 fffff800`0102828e : 00000000`00000000 > 00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 : > nt!KiSwapThread+0x3e9 > fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000 > fffff800`00000006 00000000`00000001 00000000`00000401 : > nt!KeWaitForSingleObject+0x5a6 > fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20 > fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 : > nt!NtWaitForSingleObject+0xc1 > fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000 > 00000000`00000000 00000000`00000000 00000000`00000000 : > nt!KiSystemServiceCopyEnd+0x3 > 00000000`034fce38 00000000`00000000 : 00000000`00000000 > 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a > > > STACK_COMMAND: kb > > FOLLOWUP_IP: > nt!ExDeferredFreePool+33c > fffff800`011a9eba 488908 mov qword ptr [rax],rcx > > SYMBOL_STACK_INDEX: 3 > > SYMBOL_NAME: nt!ExDeferredFreePool+33c > > FOLLOWUP_NAME: Pool_corruption > > IMAGE_NAME: Pool_Corruption > > DEBUG_FLR_IMAGE_TIMESTAMP: 0 > > MODULE_NAME: Pool_Corruption > > FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c > > BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c > > Followup: Pool_corruption > > > can any one tell me the exact problem > > thanks > sameer naik > system admin > zenith infotech > sam060@gmail.com > > > -- > sam060 > ------------------------------------------------------------------------ > sam060's Profile: http://forums.techarena.in/members/sam060.htm > View this thread: http://forums.techarena.in/windows-server-help/1046766.htm > > http://forums.techarena.in > >
Recommended Posts