apt-it
asked on
BSOD vista pool corruption
My vista business machine is crashing randomly while idle. I have put the minidump through windbg and this is the result. Can anyone help with interpreting this and suggest a cause for the crash?
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Z:\Mini021109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1
Machine Name:
Kernel base = 0x81e09000 PsLoadedModuleList = 0x81f20c70
Debug session time: Wed Feb 11 22:15:05.592 2009 (GMT+0)
System Uptime: 0 days 14:41:25.745
Loading Kernel Symbols
..........................
..........................
........................
Loading User Symbols
Loading unloaded module list
.......
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {0, 2, 1, 81ef6218}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+213 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 81ef6218, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+213
81ef6218 893b mov dword ptr [ebx],edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
TRAP_FRAME: 8c3bfaf4 -- (.trap 0xffffffff8c3bfaf4)
ErrCode = 00000002
eax=c325b73f ebx=00000000 ecx=000001ff edx=00000011 esi=c325af3f edi=00000000
eip=81ef6218 esp=8c3bfb68 ebp=8c3bfba0 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x21
81ef6218 893b mov dword ptr [ebx],edi ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81ef6218 to 81e63d24
STACK_TEXT:
8c3bfaf4 81ef6218 badb0d00 00000011 00000000 nt!KiTrap0E+0x2ac
8c3bfba0 81ef76e0 81f0b6e0 00000001 81f04c80 nt!ExDeferredFreePool+0x21
8c3bfc08 81e461bc 87ff8808 00000000 87ff8808 nt!ExFreePoolWithTag+0x852
8c3bfc24 81e0de69 87ff8808 c15746e0 00000000 nt!IopFreeIrp+0x56
8c3bfc40 81e0ddf8 87ff889f 87ff8808 00000000 nt!PopFreeIrp+0x60
8c3bfc54 81e4310c 00000000 87ff8808 c1574602 nt!PopRequestCompletion+0x
8c3bfc88 82aeede8 81f0b13c 84af3828 85408ca0 nt!IopfCompleteRequest+0x1
8c3bfd34 82ad7013 85408c98 87fae438 8c3bfd7c ndis!ndisDevicePowerOn+0x4
8c3bfd44 81e41445 85408c98 00000000 84af3828 ndis!ndisWorkItemHandler+0
8c3bfd7c 81fdeb18 85408c98 1f9eded8 00000000 nt!ExpWorkerThread+0xfd
8c3bfdc0 81e37a2e 81e41348 00000001 00000000 nt!PspSystemThreadStartup+
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+213
81ef6218 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+213
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP:
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePo
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePo
Followup: Pool_corruption
Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [Z:\Mini021109-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1
Machine Name:
Kernel base = 0x81e09000 PsLoadedModuleList = 0x81f20c70
Debug session time: Wed Feb 11 22:15:05.592 2009 (GMT+0)
System Uptime: 0 days 14:41:25.745
Loading Kernel Symbols
..........................
..........................
........................
Loading User Symbols
Loading unloaded module list
.......
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck C5, {0, 2, 1, 81ef6218}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+213 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 81ef6218, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+213
81ef6218 893b mov dword ptr [ebx],edi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
TRAP_FRAME: 8c3bfaf4 -- (.trap 0xffffffff8c3bfaf4)
ErrCode = 00000002
eax=c325b73f ebx=00000000 ecx=000001ff edx=00000011 esi=c325af3f edi=00000000
eip=81ef6218 esp=8c3bfb68 ebp=8c3bfba0 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297
nt!ExDeferredFreePool+0x21
81ef6218 893b mov dword ptr [ebx],edi ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 81ef6218 to 81e63d24
STACK_TEXT:
8c3bfaf4 81ef6218 badb0d00 00000011 00000000 nt!KiTrap0E+0x2ac
8c3bfba0 81ef76e0 81f0b6e0 00000001 81f04c80 nt!ExDeferredFreePool+0x21
8c3bfc08 81e461bc 87ff8808 00000000 87ff8808 nt!ExFreePoolWithTag+0x852
8c3bfc24 81e0de69 87ff8808 c15746e0 00000000 nt!IopFreeIrp+0x56
8c3bfc40 81e0ddf8 87ff889f 87ff8808 00000000 nt!PopFreeIrp+0x60
8c3bfc54 81e4310c 00000000 87ff8808 c1574602 nt!PopRequestCompletion+0x
8c3bfc88 82aeede8 81f0b13c 84af3828 85408ca0 nt!IopfCompleteRequest+0x1
8c3bfd34 82ad7013 85408c98 87fae438 8c3bfd7c ndis!ndisDevicePowerOn+0x4
8c3bfd44 81e41445 85408c98 00000000 84af3828 ndis!ndisWorkItemHandler+0
8c3bfd7c 81fdeb18 85408c98 1f9eded8 00000000 nt!ExpWorkerThread+0xfd
8c3bfdc0 81e37a2e 81e41348 00000001 00000000 nt!PspSystemThreadStartup+
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+213
81ef6218 893b mov dword ptr [ebx],edi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+213
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP:
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePo
BUCKET_ID: 0xC5_2_nt!ExDeferredFreePo
Followup: Pool_corruption
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the Driver Verifier finds a violation, it will result in a BSOD. To see the status of Verifier - type verifier - select the last option on the first screen - "Display information about the currently verified drivers..". To turn Driver Verifier off - verifier /reset - then re-boot.
BSOD will result in verifier-enabled mini kernel dump w/ additional stack text information. Instead of clicking on "!analyze -v" use "!analyze -v;r;kv;lmtn" at the kd> command line. This will produce loaded driver listing making it very easy to check driver timestamps.
Open in new window