I
IshmaelDS
Guest
Hey I have gotten this BSOD twice in the last 10 days on my production
phone server. I have two dump files but I admit fully that i'm no
good at reading them and I can't make heads or tails of them. It
happened while we were rebooting the machine. There is a phone
system running on it and that uses SQL server 2000 as it's reporting
mechanisim. Any ideas what's going on?
The computer has rebooted from a bugcheck.
The bugcheck was: 0x00000096 (0x81f8b618, 0x820f6e90, 0x808b0560,
0x81f8b7bc).
A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Here is what I get when I do a !analyze - v
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
INVALID_WORK_QUEUE_ITEM (96)
This message occurs when KeRemoveQueue removes a queue entry whose
flink
or blink field is null. This is almost always called by code misusing
worker thread work items, but any queue misuse can cause this. The
rule
is that an entry on a queue may only be inserted on the list once.
When an
item is removed from a queue, it's flink field is set to NULL. This
bugcheck
occurs when remove queue attempts to remove an entry, but the flink or
blink
field is NULL. In order to debug this problem, you need to know the
queue being
referenced.
In an attempt to help identify the guilty driver, this bugcheck
assumes the
queue is a worker queue (ExWorkerQueue) and prints the worker routine
as
parameter 4 below.
Arguments:
Arg1: 81f8b618, The address of the queue entry whose flink/blink field
is NULL
Arg2: 820f6e90, The address of the queue being references. Usually
this is one
of the ExWorkerQueues.
Arg3: 808b0560, The base address of the ExWorkerQueue array. This will
help determine
if the queue in question is an ExWorkerQueue and if so, the offset
from
this parameter will isolate the queue.
Arg4: 81f8b7bc, If this is an ExWorkerQueue (which it usually is),
this is the address
of the worker routine that would have been called if the work item
was
valid. This can be used to isolate the driver that is misusing the
work
queue.
Debugging Details:
------------------
WORKER_ROUTINE:
+ffffffff81f8b7bc
81f8b7bc ?? ???
FAULTING_IP:
+ffffffff81f8b7bc
81f8b7bc ?? ???
WORK_ITEM: 81f8b618
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x96
PROCESS_NAME: IPMedia.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 8085513f to 80876ae0
STACK_TEXT:
f4e69c68 8085513f 00000096 81f8b618 820f6e90 nt!KeBugCheckEx+0x1b
f4e69cc4 80926d69 820f6e90 8218f401 00000000 nt!KeRemoveQueue+0x506
f4e69d48 8082350b 00000148 0047b660 01cbff80 nt!NtRemoveIoCompletion
+0xec
f4e69d48 7c8285ec 00000148 0047b660 01cbff80 nt!KiFastCallEntry+0x138
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01cbff68 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeRemoveQueue+506
8085513f ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KeRemoveQueue+506
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ec146a
FAILURE_BUCKET_ID: 0x96_nt!KeRemoveQueue+506
BUCKET_ID: 0x96_nt!KeRemoveQueue+506
Followup: MachineOwner
---------
kd> lmvm nt
start end module name
80800000 80a6f000 nt M (pdb symbols) c:\windows
\symbols\server2k3\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: \WINDOWS\system32\ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Mon Mar 05 05:00:26 2007 (45EC146A)
CheckSum: 0025704C
ImageSize: 0026F000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
phone server. I have two dump files but I admit fully that i'm no
good at reading them and I can't make heads or tails of them. It
happened while we were rebooting the machine. There is a phone
system running on it and that uses SQL server 2000 as it's reporting
mechanisim. Any ideas what's going on?
The computer has rebooted from a bugcheck.
The bugcheck was: 0x00000096 (0x81f8b618, 0x820f6e90, 0x808b0560,
0x81f8b7bc).
A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Here is what I get when I do a !analyze - v
kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************
INVALID_WORK_QUEUE_ITEM (96)
This message occurs when KeRemoveQueue removes a queue entry whose
flink
or blink field is null. This is almost always called by code misusing
worker thread work items, but any queue misuse can cause this. The
rule
is that an entry on a queue may only be inserted on the list once.
When an
item is removed from a queue, it's flink field is set to NULL. This
bugcheck
occurs when remove queue attempts to remove an entry, but the flink or
blink
field is NULL. In order to debug this problem, you need to know the
queue being
referenced.
In an attempt to help identify the guilty driver, this bugcheck
assumes the
queue is a worker queue (ExWorkerQueue) and prints the worker routine
as
parameter 4 below.
Arguments:
Arg1: 81f8b618, The address of the queue entry whose flink/blink field
is NULL
Arg2: 820f6e90, The address of the queue being references. Usually
this is one
of the ExWorkerQueues.
Arg3: 808b0560, The base address of the ExWorkerQueue array. This will
help determine
if the queue in question is an ExWorkerQueue and if so, the offset
from
this parameter will isolate the queue.
Arg4: 81f8b7bc, If this is an ExWorkerQueue (which it usually is),
this is the address
of the worker routine that would have been called if the work item
was
valid. This can be used to isolate the driver that is misusing the
work
queue.
Debugging Details:
------------------
WORKER_ROUTINE:
+ffffffff81f8b7bc
81f8b7bc ?? ???
FAULTING_IP:
+ffffffff81f8b7bc
81f8b7bc ?? ???
WORK_ITEM: 81f8b618
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x96
PROCESS_NAME: IPMedia.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 8085513f to 80876ae0
STACK_TEXT:
f4e69c68 8085513f 00000096 81f8b618 820f6e90 nt!KeBugCheckEx+0x1b
f4e69cc4 80926d69 820f6e90 8218f401 00000000 nt!KeRemoveQueue+0x506
f4e69d48 8082350b 00000148 0047b660 01cbff80 nt!NtRemoveIoCompletion
+0xec
f4e69d48 7c8285ec 00000148 0047b660 01cbff80 nt!KiFastCallEntry+0x138
WARNING: Frame IP not in any known module. Following frames may be
wrong.
01cbff68 00000000 00000000 00000000 00000000 0x7c8285ec
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeRemoveQueue+506
8085513f ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KeRemoveQueue+506
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ec146a
FAILURE_BUCKET_ID: 0x96_nt!KeRemoveQueue+506
BUCKET_ID: 0x96_nt!KeRemoveQueue+506
Followup: MachineOwner
---------
kd> lmvm nt
start end module name
80800000 80a6f000 nt M (pdb symbols) c:\windows
\symbols\server2k3\exe\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: \WINDOWS\system32\ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Mon Mar 05 05:00:26 2007 (45EC146A)
CheckSum: 0025704C
ImageSize: 0026F000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0