Hi,
I have a bunch of Windows 2003 R2 servers running. These are our build servers and for sometime now they crash while builds are ongoing. The problem looks like there is some problem with the clearcase and McAfee drivers when they work together. I need help in figuring out some of the kernel dump. My machines were configured to make a kernel dump so I cannot post any mini dumps but I have just changed it to create mini dumps now. So I should be able to post mini dumps soon.
Right now, I am pasting the results shown by WinDbg. Could you guys please tell me what's going on here.
This is just one of them dumps. And this one doesn't show anything about ClearCase and McAfee or so I think. And this is exactly what confuses me.
Thanks a lot,
m0zz0
Symbol search path is: SRV*c:\Symbols\* http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Fri Mar 16 02:59:46.200 2007 (GMT+9)
System Uptime: 0 days 10:09:38.531
Loading Kernel Symbols
.............................................................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {9d7f7008, 2, 1, 80864873}
Probably caused by : memory_corruption ( nt!MiReleasePageFileSpace+55 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9d7f7008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80864873, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 9d7f7008
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiReleasePageFileSpace+55
80864873 213e and dword ptr [esi],edi
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: f7912be4 -- (.trap fffffffff7912be4)
ErrCode = 00000002
eax=8c9f00c0 ebx=00000000 ecx=00000000 edx=00000000 esi=9d7f7008 edi=fffffffe
eip=80864873 esp=f7912c58 ebp=f7912c68 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!MiReleasePageFileSpace+0x55:
80864873 213e and dword ptr [esi],edi ds:0023:9d7f7008=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 80864873 to 8088bdd3
STACK_TEXT:
f7912be4 80864873 badb0d00 00000000 00000000 nt!KiTrap0E+0x2a7
f7912c68 80842017 00000020 8b010000 808ab4a8 nt!MiReleasePageFileSpace+0x55
f7912d44 80843343 8b01ec28 00000000 808ab4c0 nt!MiCleanSection+0x471
f7912d90 80843466 00000000 8cf5b440 00000000 nt!MiRemoveUnusedSegments+0x963
f7912dac 80948bb2 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x5e
f7912ddc 8088d4d2 80843408 00000000 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiReleasePageFileSpace+55
80864873 213e and dword ptr [esi],edi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiReleasePageFileSpace+55
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 42435b14
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_W_nt!MiReleasePageFileSpace+55
BUCKET_ID: 0xA_W_nt!MiReleasePageFileSpace+55
Followup: MachineOwner
---------
I have a bunch of Windows 2003 R2 servers running. These are our build servers and for sometime now they crash while builds are ongoing. The problem looks like there is some problem with the clearcase and McAfee drivers when they work together. I need help in figuring out some of the kernel dump. My machines were configured to make a kernel dump so I cannot post any mini dumps but I have just changed it to create mini dumps now. So I should be able to post mini dumps soon.
Right now, I am pasting the results shown by WinDbg. Could you guys please tell me what's going on here.
This is just one of them dumps. And this one doesn't show anything about ClearCase and McAfee or so I think. And this is exactly what confuses me.
Thanks a lot,
m0zz0
Symbol search path is: SRV*c:\Symbols\* http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Fri Mar 16 02:59:46.200 2007 (GMT+9)
System Uptime: 0 days 10:09:38.531
Loading Kernel Symbols
.............................................................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {9d7f7008, 2, 1, 80864873}
Probably caused by : memory_corruption ( nt!MiReleasePageFileSpace+55 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9d7f7008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80864873, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 9d7f7008
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiReleasePageFileSpace+55
80864873 213e and dword ptr [esi],edi
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: f7912be4 -- (.trap fffffffff7912be4)
ErrCode = 00000002
eax=8c9f00c0 ebx=00000000 ecx=00000000 edx=00000000 esi=9d7f7008 edi=fffffffe
eip=80864873 esp=f7912c58 ebp=f7912c68 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!MiReleasePageFileSpace+0x55:
80864873 213e and dword ptr [esi],edi ds:0023:9d7f7008=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 80864873 to 8088bdd3
STACK_TEXT:
f7912be4 80864873 badb0d00 00000000 00000000 nt!KiTrap0E+0x2a7
f7912c68 80842017 00000020 8b010000 808ab4a8 nt!MiReleasePageFileSpace+0x55
f7912d44 80843343 8b01ec28 00000000 808ab4c0 nt!MiCleanSection+0x471
f7912d90 80843466 00000000 8cf5b440 00000000 nt!MiRemoveUnusedSegments+0x963
f7912dac 80948bb2 00000000 00000000 00000000 nt!MiDereferenceSegmentThread+0x5e
f7912ddc 8088d4d2 80843408 00000000 00000000 nt!PspSystemThreadStartup+0x2e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiReleasePageFileSpace+55
80864873 213e and dword ptr [esi],edi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiReleasePageFileSpace+55
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 42435b14
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_W_nt!MiReleasePageFileSpace+55
BUCKET_ID: 0xA_W_nt!MiReleasePageFileSpace+55
Followup: MachineOwner
---------