none
Performance issue - Memory dump

    Question

  • Hi Team,

    In one of the server, i am facing the below issues,

    - Server not responding to request

    - Going hung state.

    - Unexpected reboot.

    So i went on enabled the memory dump and generated the dump log to analysis. As per the report, i can only able to find that " process name : lsass.exe " had the fault. Can anyone help more to find is that any particular driver causing the issue ?

    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff800019fedd3, Address of the exception record for the exception that caused the bugcheck
    Arg3: fffff8800aee8f80, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    FAULTING_IP: 
    nt!ExFreePoolWithTag+43
    fffff800`019fedd3 418b45f0        mov     eax,dword ptr [r13-10h]

    CONTEXT:  fffff8800aee8f80 -- (.cxr 0xfffff8800aee8f80)
    .cxr 0xfffff8800aee8f80
    rax=0000000000000000 rbx=fffffa80194e2870 rcx=00000000000000eb
    rdx=0000000000000000 rsi=fffff8a00f799868 rdi=fffff8a00e58c060
    rip=fffff800019fedd3 rsp=fffff8800aee9960 rbp=fffff8a00f799860
     r8=fffff8a01277f2f0  r9=0000000000000060 r10=fffff80001a474e0
    r11=fffff8a00ba285d0 r12=fffff8a00e58c030 r13=00000000000000eb
    r14=0000000000000000 r15=fffff8a005767f00
    iopl=0         nv up ei pl nz na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
    nt!ExFreePoolWithTag+0x43:
    fffff800`019fedd3 418b45f0        mov     eax,dword ptr [r13-10h] ds:002b:00000000`000000db=????????
    .cxr
    Resetting default scope

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0x3B

    PROCESS_NAME:  lsass.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff800019fedd3

    STACK_TEXT:  
    fffff880`0aee9960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExFreePoolWithTag+0x43


    FOLLOWUP_IP: 
    nt!ExFreePoolWithTag+43
    fffff800`019fedd3 418b45f0        mov     eax,dword ptr [r13-10h]

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt!ExFreePoolWithTag+43

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  503f82be

    STACK_COMMAND:  .cxr 0xfffff8800aee8f80 ; kb

    FAILURE_BUCKET_ID:  X64_0x3B_nt!ExFreePoolWithTag+43

    BUCKET_ID:  X64_0x3B_nt!ExFreePoolWithTag+43

    Followup: MachineOwner

    Regards, Dev

    Tuesday, July 16, 2013 6:04 PM

Answers

All replies