WIN7_DRIVER_FAULT_SERVER on server 2008 R2 with process name is avp.exe
-
Saturday, February 09, 2013 1:34 PM
Hi,
i found my system unexpectedly restart, i read the crash dump and found the bucket ID: "WIN7_DRIVER_FAULT_SERVER" with process name "avp.exe"
i am using windows 2008R2 with kaspersky antivirus.
the whole read dump also copied below.
thanks
aabid
DUMP
Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\dump\020813-15272-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: SRV*e:symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (24 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0184a000 PsLoadedModuleList = 0xfffff800`01a8e670
Debug session time: Fri Feb 8 16:46:50.232 2013 (UTC + 5:00)
System Uptime: 78 days 18:24:13.684
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck C5, {5d9c1010, 2, 0, fffff800019f59bc}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )
Followup: Pool_corruption
---------23: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 000000005d9c1010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800019f59bc, address which referenced memoryDebugging Details:
------------------
BUGCHECK_STR: 0xC5_2CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+100
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx]CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: avp.exe
TRAP_FRAME: fffff88008337440 -- (.trap 0xfffff88008337440)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa802eb1f820 rbx=0000000000000000 rcx=fffff88000802160
rdx=000000005d9c1010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800019f59bc rsp=fffff880083375d0 rbp=0000000000000000
r8=000000005d9c1010 r9=fffffa802e2b2990 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeferredFreePool+0x100:
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx] ds:00000000`5d9c1010=????????????????
Resetting default scopeLAST_CONTROL_TRANSFER: from fffff800018c8769 to fffff800018c91c0
STACK_TEXT:
fffff880`083372f8 fffff800`018c8769 : 00000000`0000000a 00000000`5d9c1010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`08337300 fffff800`018c73e0 : fffffa80`522f70d0 fffff880`01635e84 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`08337440 fffff800`019f59bc : fffff8a0`031b8c00 fffff8a0`031b8c00 fffffa80`14800000 fffffa80`144b4400 : nt!KiPageFault+0x260
fffff880`083375d0 fffff800`019f51a1 : 00000000`00000000 fffffa80`2f7d0da0 00000000`00000000 00000000`00000070 : nt!ExDeferredFreePool+0x100
fffff880`08337660 fffff800`018d23dc : fffffa80`2f7d0dd0 fffff8a0`031b8c00 fffffa80`6e657645 fffffa80`12da6bb0 : nt!ExFreePoolWithTag+0x411
fffff880`08337710 fffff800`01bbbb94 : fffff8a0`031b8c00 00000000`00000000 fffffa80`2e261060 00000000`00000000 : nt!ObfDereferenceObject+0xdc
fffff880`08337770 fffff800`01b7be70 : 00000000`0000044c fffff8a0`031b8c00 fffff8a0`034c6130 00000000`0000044c : nt!ObpCloseHandleTableEntry+0xc4
fffff880`08337800 fffff800`01b7bd68 : 00000000`00000404 00000000`00000000 fffffa80`2f00c850 fffff800`01b69311 : nt!ObpCloseHandleProcedure+0x30
fffff880`08337840 fffff800`01b7c3ea : fffff8a0`034d2001 fffff880`08337c20 fffffa80`2f00c850 00000000`00000001 : nt!ExSweepHandleTable+0x74
fffff880`08337880 fffff800`01b9a692 : fffff8a0`034d2060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x62
fffff880`083378c0 fffff800`01b7dbdd : 00000000`c0000005 00000000`00000001 00000000`7efad000 00000000`00000000 : nt!PspExitThread+0x522
fffff880`083379c0 fffff800`018bbcda : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffff800`01bdf727 : nt!PsExitSpecialApc+0x1d
fffff880`083379f0 fffff800`018bc020 : 00000000`00000246 fffff880`08337a70 fffff800`01b7db50 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`08337a70 fffff800`018c84f7 : ffffffff`ffffffff 0000007f`ffffffff 00000000`0120fb90 00000980`00000004 : nt!KiInitiateUserApc+0x70
fffff880`08337bb0 00000000`748d2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`00fbf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x748d2e09
STACK_COMMAND: kbFOLLOWUP_IP:
nt!ExDeferredFreePool+100
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx]SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+100
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+100
BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+100
Followup: Pool_corruption
---------23: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 000000005d9c1010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800019f59bc, address which referenced memoryDebugging Details:
------------------
BUGCHECK_STR: 0xC5_2CURRENT_IRQL: 2
FAULTING_IP:
nt!ExDeferredFreePool+100
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx]CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: avp.exe
TRAP_FRAME: fffff88008337440 -- (.trap 0xfffff88008337440)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa802eb1f820 rbx=0000000000000000 rcx=fffff88000802160
rdx=000000005d9c1010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800019f59bc rsp=fffff880083375d0 rbp=0000000000000000
r8=000000005d9c1010 r9=fffffa802e2b2990 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeferredFreePool+0x100:
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx] ds:00000000`5d9c1010=????????????????
Resetting default scopeLAST_CONTROL_TRANSFER: from fffff800018c8769 to fffff800018c91c0
STACK_TEXT:
fffff880`083372f8 fffff800`018c8769 : 00000000`0000000a 00000000`5d9c1010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`08337300 fffff800`018c73e0 : fffffa80`522f70d0 fffff880`01635e84 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`08337440 fffff800`019f59bc : fffff8a0`031b8c00 fffff8a0`031b8c00 fffffa80`14800000 fffffa80`144b4400 : nt!KiPageFault+0x260
fffff880`083375d0 fffff800`019f51a1 : 00000000`00000000 fffffa80`2f7d0da0 00000000`00000000 00000000`00000070 : nt!ExDeferredFreePool+0x100
fffff880`08337660 fffff800`018d23dc : fffffa80`2f7d0dd0 fffff8a0`031b8c00 fffffa80`6e657645 fffffa80`12da6bb0 : nt!ExFreePoolWithTag+0x411
fffff880`08337710 fffff800`01bbbb94 : fffff8a0`031b8c00 00000000`00000000 fffffa80`2e261060 00000000`00000000 : nt!ObfDereferenceObject+0xdc
fffff880`08337770 fffff800`01b7be70 : 00000000`0000044c fffff8a0`031b8c00 fffff8a0`034c6130 00000000`0000044c : nt!ObpCloseHandleTableEntry+0xc4
fffff880`08337800 fffff800`01b7bd68 : 00000000`00000404 00000000`00000000 fffffa80`2f00c850 fffff800`01b69311 : nt!ObpCloseHandleProcedure+0x30
fffff880`08337840 fffff800`01b7c3ea : fffff8a0`034d2001 fffff880`08337c20 fffffa80`2f00c850 00000000`00000001 : nt!ExSweepHandleTable+0x74
fffff880`08337880 fffff800`01b9a692 : fffff8a0`034d2060 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x62
fffff880`083378c0 fffff800`01b7dbdd : 00000000`c0000005 00000000`00000001 00000000`7efad000 00000000`00000000 : nt!PspExitThread+0x522
fffff880`083379c0 fffff800`018bbcda : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffff800`01bdf727 : nt!PsExitSpecialApc+0x1d
fffff880`083379f0 fffff800`018bc020 : 00000000`00000246 fffff880`08337a70 fffff800`01b7db50 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`08337a70 fffff800`018c84f7 : ffffffff`ffffffff 0000007f`ffffffff 00000000`0120fb90 00000980`00000004 : nt!KiInitiateUserApc+0x70
fffff880`08337bb0 00000000`748d2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`00fbf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x748d2e09
STACK_COMMAND: kbFOLLOWUP_IP:
nt!ExDeferredFreePool+100
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx]SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!ExDeferredFreePool+100
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+100
BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+100
Followup: Pool_corruption
---------
All Replies
-
Saturday, February 09, 2013 3:50 PM It looks like your anti-virus software might be causing an issue. Have you tried contacting Kaspersky support?
- Edited by Nigel Finn Saturday, February 09, 2013 3:51 PM
- Proposed As Answer by Nigel Finn Monday, February 11, 2013 11:37 AM
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Friday, February 15, 2013 7:20 AM
-
Monday, February 11, 2013 11:31 AM
FAULTING_IP:
nt!ExDeferredFreePool+100
fffff800`019f59bc 4c8b02 mov r8,qword ptr [rdx]CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER
PROCESS_NAME: avp.exe
its clearly mentioned the problem is from AVP.exe which shows you have Kasperky anti-virus in your system and its clreating the problem
http://www.arabitpro.com
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Friday, February 15, 2013 7:20 AM
.png)
