SridharMani12
asked on
Windows debugging tool ( WINDBG)
Hi Experts,
When i use Windbg tool to debug my Blue screen errors i get to see these can any one help me in finding out what went bad on my server
**************************
* *
* Bugcheck Analysis *
* *
**************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000121a, (reserved)
Arg3: 04330803, Memory contents of the pool block
Arg4: e1dc37e8, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: e1dc37e8
FREED_POOL_TAG: FMfn
BUGCHECK_STR: 0xc2_7_FMfn
CUSTOMER_CRASH_COUNT: 14
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
PROCESS_NAME: OvSvcDiscAgt.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e089c8f4 to e087b6be
STACK_TEXT:
f39da8a8 e089c8f4 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b
f39da910 f5e4e99b e1dc37e8 6e664d46 f39da92c nt!ExFreePoolWithTag+0x477
f39da920 f5e4e9dd e1dc3814 f39da944 f5e4ec5f fltmgr!FltpFreeFileNameInf
f39da92c f5e4ec5f e1dc3814 fc93a000 fc89ce78 fltmgr!FltReleaseFileNameI
f39da944 f5e4ec87 00000000 fc89ce8c ffffffff fltmgr!DeleteNameCacheNode
f39da960 f5e4ecb5 fc909250 00000000 fc89ce8c fltmgr!FltpFreeNameCacheLi
f39da978 f5e39eb3 fc89ce78 fc909250 c000003a fltmgr!FltpFreeNameCacheCr
f39da994 f5e3c46f fbca55b8 00000000 00000000 fltmgr!FltpFreeIrpCtrl+0x7
f39da9ac f5e3cbc6 fbca55b8 00000000 fbc8be48 fltmgr!FltpSynchronizeIoCl
f39da9d4 f5e4a5af f39da9f4 c000003a 00000000 fltmgr!FltpLegacyProcessin
f39daa10 e083f9d0 fc8e5af8 fbc8be48 fbc8be48 fltmgr!FltpCreate+0x23b
f39daa24 e092e269 fbe67c78 fbca1310 00000000 nt!IofCallDriver+0x45
f39dab0c e093a934 fc8e5af8 00000000 fc785f28 nt!IopParseDevice+0xa35
f39dab44 e0936848 fbe67c78 00000000 fc785f28 nt!IopParseFile+0x46
f39dabc4 e0936aa5 00000010 f39dac04 00000042 nt!ObpLookupObjectName+0x1
f39dac18 e0936f27 00000000 00000000 003e6401 nt!ObOpenObjectByName+0xea
f39dac94 e0936ff8 00e6e7c0 80100080 00e6e75c nt!IopCreateFile+0x447
f39dacf0 e092ed98 00e6e7c0 80100080 00e6e75c nt!IoCreateFile+0xa3
f39dad30 e0834d3f 00e6e7c0 80100080 00e6e75c nt!NtCreateFile+0x30
f39dad30 7c82ed54 00e6e7c0 80100080 00e6e75c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e6e7b8 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
e089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
Followup: MachineOwner
---------
When i use Windbg tool to debug my Blue screen errors i get to see these can any one help me in finding out what went bad on my server
**************************
* *
* Bugcheck Analysis *
* *
**************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000121a, (reserved)
Arg3: 04330803, Memory contents of the pool block
Arg4: e1dc37e8, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: e1dc37e8
FREED_POOL_TAG: FMfn
BUGCHECK_STR: 0xc2_7_FMfn
CUSTOMER_CRASH_COUNT: 14
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
PROCESS_NAME: OvSvcDiscAgt.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e089c8f4 to e087b6be
STACK_TEXT:
f39da8a8 e089c8f4 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b
f39da910 f5e4e99b e1dc37e8 6e664d46 f39da92c nt!ExFreePoolWithTag+0x477
f39da920 f5e4e9dd e1dc3814 f39da944 f5e4ec5f fltmgr!FltpFreeFileNameInf
f39da92c f5e4ec5f e1dc3814 fc93a000 fc89ce78 fltmgr!FltReleaseFileNameI
f39da944 f5e4ec87 00000000 fc89ce8c ffffffff fltmgr!DeleteNameCacheNode
f39da960 f5e4ecb5 fc909250 00000000 fc89ce8c fltmgr!FltpFreeNameCacheLi
f39da978 f5e39eb3 fc89ce78 fc909250 c000003a fltmgr!FltpFreeNameCacheCr
f39da994 f5e3c46f fbca55b8 00000000 00000000 fltmgr!FltpFreeIrpCtrl+0x7
f39da9ac f5e3cbc6 fbca55b8 00000000 fbc8be48 fltmgr!FltpSynchronizeIoCl
f39da9d4 f5e4a5af f39da9f4 c000003a 00000000 fltmgr!FltpLegacyProcessin
f39daa10 e083f9d0 fc8e5af8 fbc8be48 fbc8be48 fltmgr!FltpCreate+0x23b
f39daa24 e092e269 fbe67c78 fbca1310 00000000 nt!IofCallDriver+0x45
f39dab0c e093a934 fc8e5af8 00000000 fc785f28 nt!IopParseDevice+0xa35
f39dab44 e0936848 fbe67c78 00000000 fc785f28 nt!IopParseFile+0x46
f39dabc4 e0936aa5 00000010 f39dac04 00000042 nt!ObpLookupObjectName+0x1
f39dac18 e0936f27 00000000 00000000 003e6401 nt!ObOpenObjectByName+0xea
f39dac94 e0936ff8 00e6e7c0 80100080 00e6e75c nt!IopCreateFile+0x447
f39dacf0 e092ed98 00e6e7c0 80100080 00e6e75c nt!IoCreateFile+0xa3
f39dad30 e0834d3f 00e6e7c0 80100080 00e6e75c nt!NtCreateFile+0x30
f39dad30 7c82ed54 00e6e7c0 80100080 00e6e75c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e6e7b8 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
e089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
Followup: MachineOwner
---------
Are you using HP Openview? Are there any event entries around the time of your BSOD?
in windbg type in:
!anaylze -v
and post the result!
!anaylze -v
and post the result!
ASKER
HI Experts,
I did not find any errors WRT HP Openview.( we had installed this on the server earlier and we have uninstalled the software long back
Here is the full details on my 14th minidump
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Y:\WINDOWS\Minidump\Mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-
Kernel base = 0xe0800000 PsLoadedModuleList = 0xe08af988
Debug session time: Mon Dec 18 09:34:55.156 2006 (GMT-5)
System Uptime: 0 days 0:00:44.234
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 121a, 4330803, e1dc37e8}
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+477 )
Followup: MachineOwner
---------
1: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000121a, (reserved)
Arg3: 04330803, Memory contents of the pool block
Arg4: e1dc37e8, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: e1dc37e8
FREED_POOL_TAG: FMfn
BUGCHECK_STR: 0xc2_7_FMfn
CUSTOMER_CRASH_COUNT: 14
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
PROCESS_NAME: OvSvcDiscAgt.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e089c8f4 to e087b6be
STACK_TEXT:
f39da8a8 e089c8f4 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b
f39da910 f5e4e99b e1dc37e8 6e664d46 f39da92c nt!ExFreePoolWithTag+0x477
f39da920 f5e4e9dd e1dc3814 f39da944 f5e4ec5f fltmgr!FltpFreeFileNameInf
f39da92c f5e4ec5f e1dc3814 fc93a000 fc89ce78 fltmgr!FltReleaseFileNameI
f39da944 f5e4ec87 00000000 fc89ce8c ffffffff fltmgr!DeleteNameCacheNode
f39da960 f5e4ecb5 fc909250 00000000 fc89ce8c fltmgr!FltpFreeNameCacheLi
f39da978 f5e39eb3 fc89ce78 fc909250 c000003a fltmgr!FltpFreeNameCacheCr
f39da994 f5e3c46f fbca55b8 00000000 00000000 fltmgr!FltpFreeIrpCtrl+0x7
f39da9ac f5e3cbc6 fbca55b8 00000000 fbc8be48 fltmgr!FltpSynchronizeIoCl
f39da9d4 f5e4a5af f39da9f4 c000003a 00000000 fltmgr!FltpLegacyProcessin
f39daa10 e083f9d0 fc8e5af8 fbc8be48 fbc8be48 fltmgr!FltpCreate+0x23b
f39daa24 e092e269 fbe67c78 fbca1310 00000000 nt!IofCallDriver+0x45
f39dab0c e093a934 fc8e5af8 00000000 fc785f28 nt!IopParseDevice+0xa35
f39dab44 e0936848 fbe67c78 00000000 fc785f28 nt!IopParseFile+0x46
f39dabc4 e0936aa5 00000010 f39dac04 00000042 nt!ObpLookupObjectName+0x1
f39dac18 e0936f27 00000000 00000000 003e6401 nt!ObOpenObjectByName+0xea
f39dac94 e0936ff8 00e6e7c0 80100080 00e6e75c nt!IopCreateFile+0x447
f39dacf0 e092ed98 00e6e7c0 80100080 00e6e75c nt!IoCreateFile+0xa3
f39dad30 e0834d3f 00e6e7c0 80100080 00e6e75c nt!NtCreateFile+0x30
f39dad30 7c82ed54 00e6e7c0 80100080 00e6e75c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e6e7b8 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
e089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
e0800000 e0a75000 nt # (pdb symbols) c:\symbols\ntkrnlmp.pdb\D1
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: c:\symbols\ntkrnlmp.exe\42
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Mar 24 18:42:08 2005 (42435E60)
CheckSum: 0025EC4B
ImageSize: 00275000
File version: 5.2.3790.1830
Product version: 5.2.3790.1830
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0404.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 5.2.3790.1830
FileVersion: 5.2.3790.1830 (srv03_sp1_rtm.050324-1447
FileDescription: NT Kernel & System
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
I did not find any errors WRT HP Openview.( we had installed this on the server earlier and we have uninstalled the software long back
Here is the full details on my 14th minidump
Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Y:\WINDOWS\Minidump\Mini1
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-
Kernel base = 0xe0800000 PsLoadedModuleList = 0xe08af988
Debug session time: Mon Dec 18 09:34:55.156 2006 (GMT-5)
System Uptime: 0 days 0:00:44.234
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
..
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 121a, 4330803, e1dc37e8}
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+477 )
Followup: MachineOwner
---------
1: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000121a, (reserved)
Arg3: 04330803, Memory contents of the pool block
Arg4: e1dc37e8, Address of the block of pool being deallocated
Debugging Details:
------------------
POOL_ADDRESS: e1dc37e8
FREED_POOL_TAG: FMfn
BUGCHECK_STR: 0xc2_7_FMfn
CUSTOMER_CRASH_COUNT: 14
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDU
PROCESS_NAME: OvSvcDiscAgt.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from e089c8f4 to e087b6be
STACK_TEXT:
f39da8a8 e089c8f4 000000c2 00000007 0000121a nt!KeBugCheckEx+0x1b
f39da910 f5e4e99b e1dc37e8 6e664d46 f39da92c nt!ExFreePoolWithTag+0x477
f39da920 f5e4e9dd e1dc3814 f39da944 f5e4ec5f fltmgr!FltpFreeFileNameInf
f39da92c f5e4ec5f e1dc3814 fc93a000 fc89ce78 fltmgr!FltReleaseFileNameI
f39da944 f5e4ec87 00000000 fc89ce8c ffffffff fltmgr!DeleteNameCacheNode
f39da960 f5e4ecb5 fc909250 00000000 fc89ce8c fltmgr!FltpFreeNameCacheLi
f39da978 f5e39eb3 fc89ce78 fc909250 c000003a fltmgr!FltpFreeNameCacheCr
f39da994 f5e3c46f fbca55b8 00000000 00000000 fltmgr!FltpFreeIrpCtrl+0x7
f39da9ac f5e3cbc6 fbca55b8 00000000 fbc8be48 fltmgr!FltpSynchronizeIoCl
f39da9d4 f5e4a5af f39da9f4 c000003a 00000000 fltmgr!FltpLegacyProcessin
f39daa10 e083f9d0 fc8e5af8 fbc8be48 fbc8be48 fltmgr!FltpCreate+0x23b
f39daa24 e092e269 fbe67c78 fbca1310 00000000 nt!IofCallDriver+0x45
f39dab0c e093a934 fc8e5af8 00000000 fc785f28 nt!IopParseDevice+0xa35
f39dab44 e0936848 fbe67c78 00000000 fc785f28 nt!IopParseFile+0x46
f39dabc4 e0936aa5 00000010 f39dac04 00000042 nt!ObpLookupObjectName+0x1
f39dac18 e0936f27 00000000 00000000 003e6401 nt!ObOpenObjectByName+0xea
f39dac94 e0936ff8 00e6e7c0 80100080 00e6e75c nt!IopCreateFile+0x447
f39dacf0 e092ed98 00e6e7c0 80100080 00e6e75c nt!IoCreateFile+0xa3
f39dad30 e0834d3f 00e6e7c0 80100080 00e6e75c nt!NtCreateFile+0x30
f39dad30 7c82ed54 00e6e7c0 80100080 00e6e75c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e6e7b8 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
e089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
BUCKET_ID: 0xc2_7_FMfn_nt!ExFreePoolW
Followup: MachineOwner
---------
1: kd> lmvm nt
start end module name
e0800000 e0a75000 nt # (pdb symbols) c:\symbols\ntkrnlmp.pdb\D1
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: c:\symbols\ntkrnlmp.exe\42
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Timestamp: Thu Mar 24 18:42:08 2005 (42435E60)
CheckSum: 0025EC4B
ImageSize: 00275000
File version: 5.2.3790.1830
Product version: 5.2.3790.1830
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0404.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 5.2.3790.1830
FileVersion: 5.2.3790.1830 (srv03_sp1_rtm.050324-1447
FileDescription: NT Kernel & System
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
Hi SridharMani12
I suggest you to check your RAMs with following utility for errors
http://www.memtest86.com/
Since when do you encounter this issue?
What was the recent change you made?
Regards
I suggest you to check your RAMs with following utility for errors
http://www.memtest86.com/
Since when do you encounter this issue?
What was the recent change you made?
Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have logged a call with HP to run the diag on the server and waiting for thier responce for Open view
will update the issue once they notify me
will update the issue once they notify me