none
BSOD on Windows 2k3 r2 sp1 server

    Question

  • I have a server which is crashing frequently and Memory.dmp file is created during every failure. I have analyzed the dump using WinDB debugging tool however I am not sure how to find the exact cause to eradicate the issue. Can someone help me to analyze the file?

    Steps being completed already
    1. BIOS & ILO firmware updates are installed already as per HP suggestion.
    Please let me know the commands to analyze further.

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C5, {4, d0000002, 1, 8089bce3}

    Probably caused by : afd.sys ( afd!AfdPollGetInfo+20 )

    Followup: MachineOwner
    ---------

    6: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_CORRUPTED_EXPOOL (c5)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arguments:
    Arg1: 00000004, memory referenced
    Arg2: d0000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 8089bce3, address which referenced memory

    Debugging Details:
    ------------------

    BUGCHECK_STR:  0xC5_D0000002

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!ExAllocatePoolWithTag+83f
    8089bce3 897004          mov     dword ptr [eax+4],esi

    DEFAULT_BUCKET_ID:  DRIVER_FAULT

    PROCESS_NAME:  Mcu.exe

    TRAP_FRAME:  b251fac0 -- (.trap ffffffffb251fac0)
    ErrCode = 00000002
    eax=00000000 ebx=808b7600 ecx=808b9140 edx=00000036 esi=808b7898 edi=83400008
    eip=8089bce3 esp=b251fb34 ebp=b251fb70 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    nt!ExAllocatePoolWithTag+0x83f:
    8089bce3 897004          mov     dword ptr [eax+4],esi ds:0023:00000004=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 8089bce3 to 80836e57

    STACK_TEXT: 
    b251fac0 8089bce3 badb0d00 00000036 00000000 nt!KiTrap0E+0x2a7
    b251fb70 80849f37 00000018 00000000 d0646641 nt!ExAllocatePoolWithTag+0x83f
    b251fb94 ba0a8556 839e0d88 000001a4 d0646641 nt!ExAllocatePoolWithQuotaTag+0x5a
    b251fbd4 ba0a811e 000001a0 b251fc04 00012024 afd!AfdPollGetInfo+0x20
    b251fc2c ba0a7097 8524e4f8 888ff248 b251fc50 afd!AfdPoll+0xb1
    b251fc3c 80840193 8890b030 8524e4f8 82fd48f0 afd!AfdDispatchDeviceControl+0x53
    b251fc50 8092b3f9 8524e5d4 872c0470 8524e4f8 nt!IofCallDriver+0x45
    b251fc64 8092b32e 8890b030 8524e4f8 872c0470 nt!IopSynchronousServiceTail+0x10b
    b251fd00 8092b44e 000009fc 000004fc 00000000 nt!IopXxxControlFile+0x60f
    b251fd34 80833c2f 000009fc 000004fc 00000000 nt!NtDeviceIoControlFile+0x2a
    b251fd34 7c82845c 000009fc 000004fc 00000000 nt!KiFastCallEntry+0xfc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    05aafbc4 00000000 00000000 00000000 00000000 0x7c82845c


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    afd!AfdPollGetInfo+20
    ba0a8556 8b4d0c          mov     ecx,dword ptr [ebp+0Ch]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  afd!AfdPollGetInfo+20

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: afd

    IMAGE_NAME:  afd.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ef9d207

    FAILURE_BUCKET_ID:  0xC5_D0000002_afd!AfdPollGetInfo+20

    BUCKET_ID:  0xC5_D0000002_afd!AfdPollGetInfo+20

    Followup: MachineOwner
    ---------

    Monday, October 14, 2013 7:31 PM

Answers

All replies