TechSpot

Can somebody have a look at my MINIDUMP

By bbsahoo
Mar 19, 2007
  1. HI , I have IBM server rebooted with the minidump file generated. I have done dump analysis with WINDBG. But I have no idea what cause the reboot. Can somebody have a look at it.. The dump is attached here;-


    Microsoft (R) Windows Debugger Version 6.6.0007.5
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Documents and Settings\Administrator\Desktop\RIO\All Incidents\RIOCHITS1160307\Mini031607-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is:
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
    Product: Server, suite: TerminalServer
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
    Debug session time: Fri Mar 16 06:56:02.364 2007 (GMT+5)
    System Uptime: 46 days 20:28:29.394
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ..................................................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck AB, {1a, 1ec8, 0, 55}

    Probably caused by : ntoskrnl.exe ( nt!RtlCompareMemory+49 )

    Followup: MachineOwner
    ---------

    3: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    SESSION_HAS_VALID_POOL_ON_EXIT (ab)
    Caused by a session driver not freeing its pool allocations prior to a
    session unload. This indicates a bug in win32k.sys, atmfd.dll,
    rdpdd.dll or a video driver.
    Arguments:
    Arg1: 0000001a, session ID
    Arg2: 00001ec8, number of paged pool bytes that are leaking
    Arg3: 00000000, number of nonpaged pool bytes that are leaking
    Arg4: 00000055, total number of paged and nonpaged allocations that are leaking.
    nonpaged allocations are in the upper half of this word,
    paged allocations are in the lower half of this word.

    Debugging Details:
    ------------------


    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR: 0xAB

    PROCESS_NAME: csrss.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 8092ea6f to 80827451

    STACK_TEXT:
    8b9d6c24 8092ea6f 000000ab 0000001a 00001ec8 nt!RtlCompareMemory+0x49
    8b9d6c68 809ab017 88228070 88228070 00000000 nt!IopGetRegistryValue+0x8f
    8b9d6ce8 8084c1a7 88228070 00000000 896cf020 nt!WmipSwitchToNewFile+0xa7
    8b9d6d04 8094b539 88228070 896cf020 896cf260 nt!NtAllocateVirtualMemory+0x605
    8b9d6d8c 8094b68d 00000000 00000000 896cf020 nt!IopProcessRelation+0x33c
    8b9d6da4 80948bc0 896cf020 00000000 00000001 nt!IopProcessRelation+0x490
    8b9d6ddc 8088d4d2 bf92b980 87574180 00000000 nt!IopReallocateResources+0xdf
    8b9d6dec 00000000 00000000 00000000 00000000 nt!ExRundownCompletedCacheAware+0x1f


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!RtlCompareMemory+49
    80827451 5d pop ebp

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: nt!RtlCompareMemory+49

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 42435b14

    FAILURE_BUCKET_ID: 0xAB_nt!RtlCompareMemory+49

    BUCKET_ID: 0xAB_nt!RtlCompareMemory+49

    Followup: MachineOwner
    ---------

    3: kd> !process
    GetPointerFromAddress: unable to read from 8089c298
    PROCESS 88228070 SessionId: none Cid: 1a84 Peb: 7ffdf000 ParentCid: 032c
    DirBase: cffb5600 ObjectTable: 00000000 HandleCount: 0.
    Image: csrss.exe
    VadRoot 8a4b53d0 Vads 45 Clone 0 Private 187. Modified 1373. Locked 0.
    DeviceMap e1001840
    Token e27bf650
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    ffdf0000: Unable to get shared data
    ElapsedTime 00:00:00.000
    UserTime 00:00:00.000
    KernelTime 00:00:00.000
    QuotaPoolUsage[PagedPool] 18456
    QuotaPoolUsage[NonPagedPool] 1800
    Working Set Sizes (now,min,max) (616, 50, 345) (2464KB, 200KB, 1380KB)
    PeakWorkingSetSize 924
    VirtualSize 15 Mb
    PeakVirtualSize 26 Mb
    PageFaultCount 2212
    MemoryPriority BACKGROUND
    BasePriority 13
    CommitCharge 259

    THREAD 896cf020 Cid 1a84.0dd0 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 3

    3: kd> !thread
    GetPointerFromAddress: unable to read from 8089c298
    THREAD 896cf020 Cid 1a84.0dd0 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 3
    Not impersonating
    GetUlongFromAddress: unable to read from 808ad8d4
    Owning Process 88228070 Image: csrss.exe
    ffdf0000: Unable to get shared data
    Wait Start TickCount 259079001
    Context Switch Count 4
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
    UserTime 00:00:00.0000
    KernelTime 00:00:00.0000
    Unable to load image win32k.sys, Win32 error 2
    *** WARNING: Unable to verify timestamp for win32k.sys
    Start Address win32k!InitiateWin32kCleanup (0xbf92b980)
    Stack Init 8b9d7000 Current 8b9d6c68 Base 8b9d7000 Limit 8b9d4000 Call 0
    Priority 13 BasePriority 13 PriorityDecrement 0
    ChildEBP RetAddr Args to Child
    8b9d6c24 8092ea6f 000000ab 0000001a 00001ec8 nt!RtlCompareMemory+0x49
    8b9d6c68 809ab017 88228070 88228070 00000000 nt!IopGetRegistryValue+0x8f (FPO: [Non-Fpo])
    8b9d6ce8 8084c1a7 88228070 00000000 896cf020 nt!WmipSwitchToNewFile+0xa7 (FPO: [Non-Fpo])
    8b9d6d04 8094b539 88228070 896cf020 896cf260 nt!NtAllocateVirtualMemory+0x605 (FPO: [Non-Fpo])
    8b9d6d8c 8094b68d 00000000 00000000 896cf020 nt!IopProcessRelation+0x33c (FPO: [Non-Fpo])
    8b9d6da4 80948bc0 896cf020 00000000 00000001 nt!IopProcessRelation+0x490 (FPO: [Non-Fpo])
    8b9d6ddc 8088d4d2 bf92b980 87574180 00000000 nt!IopReallocateResources+0xdf (FPO: [Non-Fpo])
    8b9d6dec 00000000 00000000 00000000 00000000 nt!ExRundownCompletedCacheAware+0x1f (FPO: [0,0,0])

    3: kd> kv
    ChildEBP RetAddr Args to Child
    8b9d6c24 8092ea6f 000000ab 0000001a 00001ec8 nt!RtlCompareMemory+0x49
    8b9d6c68 809ab017 88228070 88228070 00000000 nt!IopGetRegistryValue+0x8f (FPO: [Non-Fpo])
    8b9d6ce8 8084c1a7 88228070 00000000 896cf020 nt!WmipSwitchToNewFile+0xa7 (FPO: [Non-Fpo])
    8b9d6d04 8094b539 88228070 896cf020 896cf260 nt!NtAllocateVirtualMemory+0x605 (FPO: [Non-Fpo])
    8b9d6d8c 8094b68d 00000000 00000000 896cf020 nt!IopProcessRelation+0x33c (FPO: [Non-Fpo])
    8b9d6da4 80948bc0 896cf020 00000000 00000001 nt!IopProcessRelation+0x490 (FPO: [Non-Fpo])
    8b9d6ddc 8088d4d2 bf92b980 87574180 00000000 nt!IopReallocateResources+0xdf (FPO: [Non-Fpo])
    8b9d6dec 00000000 00000000 00000000 00000000 nt!ExRundownCompletedCacheAware+0x1f (FPO: [0,0,0])
    3: kd> !stacks
    Proc.Thread .Thread Ticks ThreadState Blocker
    GetUlongFromAddress: unable to read from 8089c298
    Unable to get value of PsActiveProcessHead.Flink

    Threads Processed: 0
    3: kd> u
    nt!RtlCompareMemory+0x49:
    80827451 5d pop ebp
    80827452 c21400 ret 14h
    80827455 cc int 3
    80827456 cc int 3
    80827457 cc int 3
    nt!RtlCompareMemoryUlong:
    80827458 cc int 3
    80827459 cc int 3
    8082745a 8bff mov edi,edi
    3: kd> ut
    ^ Unknown ut command 'ut'
    3: kd> uf
    Address expression missing from '<EOL>'
    3: kd> !object
    GetUlongFromAddress: unable to read from 8089c290
    808ac650: Unable to get value of ObpTypeObjectType


    ======================================================
     
  2. peterdiva

    peterdiva TechSpot Ambassador Posts: 1,088

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...