Server was rebooted unexpectedly with memory dump

  • Thread starter Thread starter sam060
  • Start date Start date
S

sam060

Guest
following is the windebug memory.dmp analysis report

Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*your local symbol
folder*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs)
Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.070321-2337
Kernel base = 0xfffff800`01000000 PsLoadedModuleList =
0xfffff800`011d4140
Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4)
System Uptime: 18 days 16:41:08.319
Loading Kernel Symbols
.......................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
for details
Loading unloaded module list
.....
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {0, 2, 1, fffff800011a9eba}

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
for details
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c )

Followup: Pool_corruption
---------

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid)
address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn
up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff800011a9eba, address which referenced memory

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
for details
PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
for details

OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys'
overlap

BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+33c
fffff800`011a9eba 488908 mov qword ptr [rax],rcx

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: vssvc.exe

IRP_ADDRESS: fffffadf360851f8

TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60
rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500
rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0
r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!ExDeferredFreePool+0x33c:
fffff800`011a9eba 488908 mov qword ptr [rax],rcx
ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890

STACK_TEXT:
fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a
00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000
fffffa80`09f9f394 00000000`80023800 00000000`00000000 :
nt!KiBugCheckDispatch+0x74
fffffadf`20380710 fffff800`011a9eba : 00000000`00000000
00000000`00000040 0000000d`00000000 fffffadf`30fd5500 :
nt!KiPageFault+0x207
fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570
00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 :
nt!ExDeferredFreePool+0x33c
fffffadf`20380910 fffff800`01049e1c : 00000000`00000000
00000000`00000000 fffffadf`33488a20 00000000`00000000 :
nt!ExFreePoolWithTag+0x759
fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270
fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 :
nt!IopCompleteRequest+0x121
fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
nt!KiDeliverApc+0x215
fffffadf`20380b10 fffff800`0102828e : 00000000`00000000
00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 :
nt!KiSwapThread+0x3e9
fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000
fffff800`00000006 00000000`00000001 00000000`00000401 :
nt!KeWaitForSingleObject+0x5a6
fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20
fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 :
nt!NtWaitForSingleObject+0xc1
fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 :
nt!KiSystemServiceCopyEnd+0x3
00000000`034fce38 00000000`00000000 : 00000000`00000000
00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+33c
fffff800`011a9eba 488908 mov qword ptr [rax],rcx

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!ExDeferredFreePool+33c

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c

Followup: Pool_corruption


can any one tell me the exact problem

thanks
sameer naik
system admin
zenith infotech
sam060@gmail.com


--
sam060
------------------------------------------------------------------------
sam060's Profile: http://forums.techarena.in/members/sam060.htm
View this thread: http://forums.techarena.in/windows-server-help/1046766.htm

http://forums.techarena.in
 
RE: Server was rebooted unexpectedly with memory dump

Seems to me it has something to do with the Volume Shadow Copy Service (ref.
vssvc.exe).

Does the server boot again? Is it heavily loaded (exchange, sql...)? When
did this happen, during backup, antivirus scanning, anything else?



"sam060" wrote:

>
> following is the windebug memory.dmp analysis report
>
> Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\WINDOWS\MEMORY.DMP]
> Kernel Summary Dump File: Only kernel address space is available
>
> Symbol search path is: SRV*your local symbol
> folder*http://msdl.microsoft.com/download/symbols
> Executable search path is:
> Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs)
> Free x64
> Product: Server, suite: TerminalServer SingleUserTS
> Built by: 3790.srv03_sp2_gdr.070321-2337
> Kernel base = 0xfffff800`01000000 PsLoadedModuleList =
> 0xfffff800`011d4140
> Debug session time: Mon Sep 29 09:50:08.935 2008 (GMT-4)
> System Uptime: 18 days 16:41:08.319
> Loading Kernel Symbols
> .......................................................................................................................
> Loading User Symbols
> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
> for details
> Loading unloaded module list
> .....
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck C5, {0, 2, 1, fffff800011a9eba}
>
> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
> for details
> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
> for details
> Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+33c )
>
> Followup: Pool_corruption
> ---------
>
> 0: kd> !analyze -v
> *******************************************************************************
> *
> *
> * Bugcheck Analysis
> *
> *
> *
> *******************************************************************************
>
> DRIVER_CORRUPTED_EXPOOL (c5)
> An attempt was made to access a pageable (or completely invalid)
> address at an
> interrupt request level (IRQL) that is too high. This is
> caused by drivers that have corrupted the system pool. Run the driver
> verifier against any new (or suspect) drivers, and if that doesn't turn
> up
> the culprit, then use gflags to enable special pool.
> Arguments:
> Arg1: 0000000000000000, memory referenced
> Arg2: 0000000000000002, IRQL
> Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
> Arg4: fffff800011a9eba, address which referenced memory
>
> Debugging Details:
> ------------------
>
> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
> for details
> PEB is paged out (Peb.Ldr = 000007ff`fffde018). Type ".hh dbgerr001"
> for details
>
> OVERLAPPED_MODULE: Address regions for 'HIDCLASS' and 'imapi.sys'
> overlap
>
> BUGCHECK_STR: 0xC5_2
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!ExDeferredFreePool+33c
> fffff800`011a9eba 488908 mov qword ptr [rax],rcx
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> PROCESS_NAME: vssvc.exe
>
> IRP_ADDRESS: fffffadf360851f8
>
> TRAP_FRAME: fffffadf20380710 -- (.trap 0xfffffadf20380710)
> NOTE: The trap frame does not contain all registers.
> Some register values may be zeroed or incorrect.
> rax=0000000000000000 rbx=fffffadf30fd5500 rcx=fffffadf31e59c60
> rdx=fffffadfdc6721d0 rsi=fffffadf30fd54f0 rdi=fffffadf30fd5500
> rip=fffff800011a9eba rsp=fffffadf203808a0 rbp=fffff800011ce1c0
> r8=fffffadfdc672210 r9=0000000000000001 r10=fffffadfdbf7e010
> r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
> r14=0000000000000000 r15=0000000000000000
> iopl=0 nv up ei ng nz ac po cy
> nt!ExDeferredFreePool+0x33c:
> fffff800`011a9eba 488908 mov qword ptr [rax],rcx
> ds:00000000`00000000=????????????????
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from fffff8000102e5b4 to fffff8000102e890
>
> STACK_TEXT:
> fffffadf`20380588 fffff800`0102e5b4 : 00000000`0000000a
> 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
> fffffadf`20380590 fffff800`0102d547 : fffffadf`00f80000
> fffffa80`09f9f394 00000000`80023800 00000000`00000000 :
> nt!KiBugCheckDispatch+0x74
> fffffadf`20380710 fffff800`011a9eba : 00000000`00000000
> 00000000`00000040 0000000d`00000000 fffffadf`30fd5500 :
> nt!KiPageFault+0x207
> fffffadf`203808a0 fffff800`011aa03d : fffffadf`dbde0570
> 00000000`00000214 fffffadf`dbde0560 fffff800`011ce1c0 :
> nt!ExDeferredFreePool+0x33c
> fffffadf`20380910 fffff800`01049e1c : 00000000`00000000
> 00000000`00000000 fffffadf`33488a20 00000000`00000000 :
> nt!ExFreePoolWithTag+0x759
> fffffadf`203809d0 fffff800`01027eb1 : fffffadf`36085270
> fffffadf`25d5b555 fffffa80`06a80a30 fffffadf`31d0b450 :
> nt!IopCompleteRequest+0x121
> fffffadf`20380a70 fffff800`0103bf97 : 00000000`00000000
> 00000000`00000000 00000000`00000000 00000000`00000000 :
> nt!KiDeliverApc+0x215
> fffffadf`20380b10 fffff800`0102828e : 00000000`00000000
> 00000000`00000001 fffffadf`33488ab8 fffffadf`33488a20 :
> nt!KiSwapThread+0x3e9
> fffffadf`20380b70 fffff800`0127e03f : 00000000`00000000
> fffff800`00000006 00000000`00000001 00000000`00000401 :
> nt!KeWaitForSingleObject+0x5a6
> fffffadf`20380bf0 fffff800`0102e33d : fffffadf`33488a20
> fffffadf`20380cf0 00000000`00000000 fffffadf`33488a20 :
> nt!NtWaitForSingleObject+0xc1
> fffffadf`20380c70 00000000`77ef0a2a : 00000000`00000000
> 00000000`00000000 00000000`00000000 00000000`00000000 :
> nt!KiSystemServiceCopyEnd+0x3
> 00000000`034fce38 00000000`00000000 : 00000000`00000000
> 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77ef0a2a
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> nt!ExDeferredFreePool+33c
> fffff800`011a9eba 488908 mov qword ptr [rax],rcx
>
> SYMBOL_STACK_INDEX: 3
>
> SYMBOL_NAME: nt!ExDeferredFreePool+33c
>
> FOLLOWUP_NAME: Pool_corruption
>
> IMAGE_NAME: Pool_Corruption
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 0
>
> MODULE_NAME: Pool_Corruption
>
> FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c
>
> BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+33c
>
> Followup: Pool_corruption
>
>
> can any one tell me the exact problem
>
> thanks
> sameer naik
> system admin
> zenith infotech
> sam060@gmail.com
>
>
> --
> sam060
> ------------------------------------------------------------------------
> sam060's Profile: http://forums.techarena.in/members/sam060.htm
> View this thread: http://forums.techarena.in/windows-server-help/1046766.htm
>
> http://forums.techarena.in
>
>
 
Back
Top