I've recently joined a company and therefore inherited a number of Virtual machines but one in particular is causing me some concern as it randomly blue screens. The kernel memory dump exceeds 400Mb (the maximum that I can make the paging file with the partition space I have available) so I have had to set minidumps instead to get a non truncated report. I have included one mini dump below, but all of my others are practically identical to this one.
The probable cause in each dump is "memory_corruption". In a physical World I would replace the physical memory and expect that to resolve matters but in a virtual World, where the other virtual servers running on this box are stable, I'm not so sure that memory is the answer.
I was wondering if someone more technically competent than I at diagnosing these dumps, could possible advise me of what the likely cause is and give me something to go on.
This apparently was a physical box before being virtualised if that helps. The BSOD can occur at any time of day or night. Sometimes it goes down twice in a week, sometimes twice in a month. I haven't as yet come up with any pattern or trend that would stimulate the box into a crash.
Further Info:
Windows 2000 Advanced Server with SP4
Physical Memory 4Gb
Virtual memory 6.4Gb ( split as follows : C drive 400Mb, D drive 2Gb, E Drive 4Gb)
Boot.ini
boot loader
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
operating systems
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect /pae /3gb
Last memory dump (consistent with all others I've collected so far)
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File C:\Documents and Settings\<username>\Desktop\<server>\<location>\Mini090208-01.dmp
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Kernel base = 0xdd400000 PsLoadedModuleList = 0xdd487c00
Debug session time: Tue Sep 2 06:18:46.948 2008 (GMT+1)
System Uptime: not available
Loading Kernel Symbols
...........................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*
Bugcheck Analysis *
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {97, 2, 0, dd538d8d}
Probably caused by : memory_corruption ( nt!MiSessionInSwapProcess+103 )
Followup: MachineOwner
--------------------------------------------------------------------------------
1: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
*
Bugcheck Analysis *
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000097, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: dd538d8d, address which referenced memory
Debugging Details:
--------------------------------------------------------------------------------
READ_ADDRESS: unable to read from dd487c58
unable to read from dd487588
unable to read from dd48743c
unable to read from dd4790b8
unable to read from dd487450
unable to read from dd487584
unable to read from dd4790bc
unable to read from dd487644
unable to read from dd487bf8
00000097
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiSessionInSwapProcess+103
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: f0e93cbc -- (.trap 0xfffffffff0e93cbc)
.trap 0xfffffffff0e93cbc
ErrCode = 00000000
eax=00000000 ebx=ffffffff ecx=dd487e84 edx=00000000 esi=dd0654f0 edi=dd487e84
eip=dd538d8d esp=f0e93d30 ebp=f0e93d44 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!MiSessionInSwapProcess+0x103:
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h ds:0023:00000097=????????
.trap
Resetting default scope
LAST_CONTROL_TRANSFER: from dd538d8d to dd46ca94
STACK_TEXT:
f0e93cbc dd538d8d 00000000 f0e93d3c 00000021 nt!KiTrap0E+0x284
f0e93d44 dd442773 fcf05a00 dd486c40 fcf05a40 nt!MiSessionInSwapProcess+0x103
f0e93d7c dd467a65 fcf05a40 00000000 00000000 nt!MmInSwapProcess+0x3e5
f0e93d90 dd4679bc 00000000 00000000 00000000 nt!KiInSwapProcesses+0x33
f0e93da8 dd458b38 00000000 00000000 00000000 nt!KeSwapProcessOrStack+0x6e
f0e93ddc dd46e256 dd46794e 00000000 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiSessionInSwapProcess+103
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSessionInSwapProcess+103
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 403d35f9
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiSessionInSwapProcess+103
BUCKET_ID: 0xA_nt!MiSessionInSwapProcess+103
Followup: MachineOwner
--------------------------------------------------------------------------------
eax=fd98513c ebx=0000000a ecx=00000000 edx=00000000 esi=dd538d8d edi=00000097
eip=dd46ca94 esp=f0e93ca8 ebp=f0e93cbc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiTrap0E+0x284:
dd46ca94 f7457000000200 test dword ptr ebp+70h,20000h ss:0010:f0e93d2c=00010246
ChildEBP RetAddr Args to Child
f0e93cbc dd538d8d 00000000 f0e93d3c 00000021 nt!KiTrap0E+0x284 (FPO: 0,0 TrapFrame @ f0e93cbc)
f0e93d44 dd442773 fcf05a00 dd486c40 fcf05a40 nt!MiSessionInSwapProcess+0x103 (FPO: Non-Fpo)
f0e93d7c dd467a65 fcf05a40 00000000 00000000 nt!MmInSwapProcess+0x3e5 (FPO: Non-Fpo)
f0e93d90 dd4679bc 00000000 00000000 00000000 nt!KiInSwapProcesses+0x33 (FPO: 1,0,3)
f0e93da8 dd458b38 00000000 00000000 00000000 nt!KeSwapProcessOrStack+0x6e (FPO: Non-Fpo)
f0e93ddc dd46e256 dd46794e 00000000 00000000 nt!PspSystemThreadStartup+0x54 (FPO: Non-Fpo)
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
dd062000 dd076460 hal hal.dll Fri Mar 21 02:04:42 2003 (3E7A733A)
dd400000 dd5a3f00 nt ntkrpamp.exe Wed Feb 25 23:55:37 2004 (403D35F9)
de000000 de1a4000 win32k win32k.sys unavailable (FFFFFFFE)
de1a4000 de1b9000 vmx_fb vmx_fb.dll unavailable (FFFFFFFE)
de1b9000 de1c6000 RDPDD RDPDD.dll unavailable (FFFFFFFE)
f0a00000 f0a0f000 pci pci.sys unavailable (FFFFFFFE)
f0a10000 f0a1c000 isapnp isapnp.sys unavailable (FFFFFFFE)
f0a20000 f0a30000 cpq32fs2 cpq32fs2.sys ***** Invalid (FD9B60C9)
f0a30000 f0a38700 CLASSPNP CLASSPNP.SYS Wed Jan 15 19:42:51 2003 (3E25B9BB)
f0a50000 f0a5c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 19:47:20 2003 (3E25BAC8)
f0a60000 f0a6b680 i8042prt i8042prt.sys Wed Apr 16 05:00:59 2003 (3E9CD57B)
f0a70000 f0a7f400 serial serial.sys Wed Apr 16 05:19:39 2003 (3E9CD9DB)
f0a80000 f0a8db00 vmx_svga vmx_svga.sys Wed Apr 11 18:53:38 2007 (461D20A2)
f0a90000 f0a9ca80 rasl2tp rasl2tp.sys Wed Apr 30 00:05:06 2003 (3EAF0522)
f0aa0000 f0aabc40 raspptp raspptp.sys Thu May 15 00:47:00 2003 (3EC2D574)
f0ab0000 f0abea20 parallel parallel.sys Wed Jan 15 19:47:14 2003 (3E25BAC2)
f0ad0000 f0ad9ce0 NDProxy NDProxy.SYS Fri Oct 01 00:25:35 1999 (37F3F16F)
f0af0000 f0af8fa0 Npfs Npfs.SYS Sun Oct 10 00:58:07 1999 (37FFD68F)
f0b00000 f0b08680 msgpc msgpc.sys Wed Jan 15 19:54:25 2003 (3E25BC71)
f0b10000 f0b181a0 netbios netbios.sys Tue Oct 12 20:34:19 1999 (38038D3B)
f0b20000 f0b28580 savonaccessfilter savonaccessfilter.sys Mon Sep 10 12:07:39 2007 (46E5257B)
f0bf0000 f0bf9000 Fips Fips.SYS unavailable (FFFFFFFE)
f0c80000 f0c86000 PCIIDEX PCIIDEX.SYS unavailable (FFFFFFFE)
f0c88000 f0c90000 MountMgr MountMgr.sys unavailable (FFFFFFFE)
f0c90000 f0c97000 symc8xx symc8xx.sys ***** Invalid (FD9B60C9)
f0c98000 f0c9e000 sym_hi sym_hi.sys ***** Invalid (FD9B60C9)
f0ca0000 f0ca7720 disk disk.sys Wed Jan 15 19:43:05 2003 (3E25B9C9)
f0ca8000 f0cad880 nsifiltr nsifiltr.sys Wed Oct 03 18:05:49 2007 (4703CBED)
f0cb0000 f0cb5100 agp440 agp440.sys Wed Jan 15 19:47:07 2003 (3E25BABB)
f0cd0000 f0cd5ec0 kbdclass kbdclass.sys Thu Feb 20 16:37:30 2003 (3E55044A)
f0ce0000 f0ce5400 mouclass mouclass.sys Thu Feb 20 16:37:45 2003 (3E550459)
f0ce8000 f0ced000 TDTCP TDTCP.SYS ***** Invalid (FCFD2F69)
f0cf0000 f0cf6100 parport parport.sys Wed Jan 15 19:47:13 2003 (3E25BAC1)
f0d08000 f0d0f000 fdc fdc.sys unavailable (FFFFFFFE)
f0d18000 f0d1ec40 cdrom cdrom.sys Wed Jan 15 19:43:04 2003 (3E25B9C8)
f0d30000 f0d37280 vmxnet vmxnet.sys Sun Sep 30 13:22:32 2007 (46FF9508)
f0d58000 f0d5c400 ptilink ptilink.sys Wed Jan 15 19:47:15 2003 (3E25BAC3)
f0d68000 f0d6c0e0 raspti raspti.sys Fri Oct 08 21:45:10 1999 (37FE57D6)
f0d80000 f0d84a60 flpydisk flpydisk.sys Wed Jan 15 19:42:52 2003 (3E25B9BC)
f0d90000 f0d96a20 EFS EFS.SYS Wed Jan 15 19:46:55 2003 (3E25BAAF)
f0db0000 f0db5240 Msfs Msfs.SYS Wed Oct 27 00:21:32 1999 (3816377C)
f0dd0000 f0dd7d00 wanarp wanarp.sys Fri Aug 16 13:25:01 2002 (3D5CEF1D)
f0de0000 f0de7000 vmmemctl vmmemctl.sys unavailable (FFFFFFFE)
f0e10000 f0e13000 BOOTVID BOOTVID.dll unavailable (FFFFFFFE)
f0e14000 f0e17000 compbatt compbatt.sys ***** Invalid (FD9B66C9)
f0e18000 f0e1b000 PartMgr PartMgr.sys unavailable (FFFFFFFE)
f0e1c000 f0e20000 cpqarray cpqarray.sys ***** Invalid (FD9B60C9)
f0e20000 f0e24000 symc810 symc810.sys ***** Invalid (FD9B60C9)
f0e24000 f0e27c80 cpqcissm cpqcissm.sys Mon May 19 17:19:35 2003 (3EC90417)
f0e28000 f0e2b460 cpqarry2 cpqarry2.sys Mon Nov 05 21:47:33 2001 (3BE708F5)
f0e2c000 f0e2f480 nsirecog nsirecog.sys Wed Oct 03 18:05:49 2007 (4703CBED)
f0f00000 f0f02000 BATTC BATTC.SYS unavailable (FFFFFFFE)
f0f02000 f0f04000 intelide intelide.sys ***** Invalid (FD9B65C9)
f0f04000 f0f06000 Diskperf Diskperf.sys ***** Invalid (FD9B68E9)
f0f06000 f0f08000 dmload dmload.sys unavailable (FFFFFFFE)
f0f0a000 f0f0b300 kbstuff5 kbstuff5.sys Wed Nov 23 19:44:23 2005 (4384C697)
f0f0c000 f0f0d280 vmmouse vmmouse.sys Wed Apr 11 18:54:49 2007 (461D20E9)
f0f12000 f0f13ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 19:53:30 2003 (3E25BC3A)
f0f1a000 f0f1be40 rasacd rasacd.sys Sat Sep 25 19:41:23 1999 (37ED1753)
f0fb6000 f0fb8000 ParVdm ParVdm.SYS unavailable (FFFFFFFE)
f0fc8000 f0fc9000 WMILIB WMILIB.SYS unavailable (FFFFFFFE)
f0fc9000 f0fca000 pciide pciide.sys ***** Invalid (FD9B65C9)
f105e000 f105e840 idisw2km idisw2km.sys Wed Nov 23 19:45:10 2005 (4384C6C6)
f1088000 f1088a40 audstub audstub.sys Sat Sep 25 19:35:33 1999 (37ED15F5)
f10a1000 f10a1d80 swenum swenum.sys Sat Sep 25 19:36:31 1999 (37ED162F)
f10bf000 f10bf9e0 Null Null.SYS Sat Sep 25 19:34:58 1999 (37ED15D2)
f10c3000 f10c3ee0 Beep Beep.SYS Wed Oct 20 23:18:59 1999 (380E3FD3)
f10c8000 f10c8f80 mnmdd mnmdd.SYS Sat Sep 25 19:37:40 1999 (37ED1674)
f3faf000 f3fb3000 prepdrv prepdrv.sys unavailable (FFFFFFFE)
f409b000 f40b1000 RDPWD RDPWD.SYS ***** Invalid (FCFD2F69)
f4101000 f4111000 ipsec ipsec.sys ***** Invalid (E2AF6008)
f41e1000 f41e4000 spud spud.sys unavailable (FFFFFFFE)
f4c69000 f4c8c000 Fastfat Fastfat.SYS unavailable (FFFFFFFE)
f4e94000 f4e9d000 termdd termdd.sys ***** Invalid (FD9B68E9)
f509c000 f50d7000 srv srv.sys ***** Invalid (E13824C8)
f533f000 f534e000 Cdfs Cdfs.SYS unavailable (FFFFFFFE)
f5537000 f5555000 afd afd.sys ***** Invalid (FD710149)
f56bd000 f56ce000 dump_symmpi dump_symmpi.sys ***** Invalid (FD71D609)
f56f6000 f575aca0 mrxsmb mrxsmb.sys Thu Jan 20 07:25:21 2005 (41EF5CE1)
f576d000 f5796900 rdbss rdbss.sys Fri Dec 03 03:37:11 2004 (41AFDF67)
f5797000 f57aff00 savonaccesscontrol savonaccesscontrol.sys Mon Sep 10 12:08:16 2007 (46E525A0)
f57b0000 f57d91a0 netbt netbt.sys Thu May 22 02:51:10 2003 (3ECC2D0E)
f57da000 f58281a0 tcpip tcpip.sys Thu May 12 11:24:58 2005 (42832EFA)
f5cb1000 f5cdb3a0 update update.sys Wed Apr 16 05:22:01 2003 (3E9CDA69)
f5cdc000 f5cf7b40 ks ks.sys Wed Apr 16 05:02:11 2003 (3E9CD5C3)
f5d0a000 f5d2d060 rdpdr rdpdr.sys Fri Mar 21 21:43:14 2003 (3E7B8772)
f5d56000 f5d6cba0 ndiswan ndiswan.sys Wed Apr 30 00:05:01 2003 (3EAF051D)
f5d7d000 f5d80580 vga vga.sys Sat Sep 25 19:37:40 1999 (37ED1674)
f5db9000 f5dbd000 dump_scsiport dump_scsiport.sys unavailable (FFFFFFFE)
f5f4e000 f5f51e60 TDI TDI.SYS Wed Jan 15 19:56:26 2003 (3E25BCEA)
f5f5e000 f5f602e0 ndistapi ndistapi.sys Wed Jan 15 19:54:15 2003 (3E25BC67)
f5f6a000 f5f6d640 serenum serenum.sys Wed Jan 15 19:47:01 2003 (3E25BAB5)
f5f7e000 f5f805a0 CmBatt CmBatt.sys Wed Jan 15 19:44:29 2003 (3E25BA1D)
f5fbe000 f5fd1b20 CPQPHP CPQPHP.SYS Mon Jan 06 23:44:27 2003 (3E1A14DB)
f5fd2000 f5fe7640 Mup Mup.sys Wed Jan 15 19:54:01 2003 (3E25BC59)
f5fe8000 f6011aa0 NDIS NDIS.sys Wed Apr 30 00:05:01 2003 (3EAF051D)
f6012000 f60945a0 Ntfs Ntfs.sys Fri May 09 20:46:45 2003 (3EBC05A5)
f6095000 f60a67c0 KSecDD KSecDD.sys Sun Sep 21 01:32:19 2003 (3F6CF193)
f60a7000 f60b91c0 Dfs Dfs.sys Wed Feb 12 02:19:06 2003 (3E49AF1A)
f60ba000 f60d4c00 dblhook dblhook.sys Wed Oct 03 18:05:50 2007 (4703CBEE)
f60d5000 f60e6180 drvmcdb drvmcdb.sys Thu Feb 08 22:01:47 2001 (3A83174B)
f60e7000 f60f8000 symmpi symmpi.sys Mon Jun 14 16:28:44 2004 (40CDC42C)
f60f8000 f610e000 adpu160m adpu160m.sys ***** Invalid (FD9B60C9)
f610e000 f6124000 atapi atapi.sys ***** Invalid (FD9B68E9)
f6124000 f6137000 SCSIPORT SCSIPORT.SYS unavailable (FFFFFFFE)
f6137000 f6159000 dmio dmio.sys unavailable (FFFFFFFE)
f6159000 f6176000 ftdisk ftdisk.sys unavailable (FFFFFFFE)
f6176000 f619e000 ACPI ACPI.sys ***** Invalid (FD9B68E9)
Unloaded modules:
f5225000 f5267000 cpqasm.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f0b30000 f0b39000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f0da0000 f0da5000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f5d85000 f5d88000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Any assistance that anybody could give me in diagnosing the fault or possible remedies, would be much appreciated.
Cheers
The probable cause in each dump is "memory_corruption". In a physical World I would replace the physical memory and expect that to resolve matters but in a virtual World, where the other virtual servers running on this box are stable, I'm not so sure that memory is the answer.
I was wondering if someone more technically competent than I at diagnosing these dumps, could possible advise me of what the likely cause is and give me something to go on.
This apparently was a physical box before being virtualised if that helps. The BSOD can occur at any time of day or night. Sometimes it goes down twice in a week, sometimes twice in a month. I haven't as yet come up with any pattern or trend that would stimulate the box into a crash.
Further Info:
Windows 2000 Advanced Server with SP4
Physical Memory 4Gb
Virtual memory 6.4Gb ( split as follows : C drive 400Mb, D drive 2Gb, E Drive 4Gb)
Boot.ini
boot loader
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
operating systems
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect /pae /3gb
Last memory dump (consistent with all others I've collected so far)
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File C:\Documents and Settings\<username>\Desktop\<server>\<location>\Mini090208-01.dmp
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Kernel base = 0xdd400000 PsLoadedModuleList = 0xdd487c00
Debug session time: Tue Sep 2 06:18:46.948 2008 (GMT+1)
System Uptime: not available
Loading Kernel Symbols
...........................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*
Bugcheck Analysis *
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {97, 2, 0, dd538d8d}
Probably caused by : memory_corruption ( nt!MiSessionInSwapProcess+103 )
Followup: MachineOwner
--------------------------------------------------------------------------------
1: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
*
Bugcheck Analysis *
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000097, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: dd538d8d, address which referenced memory
Debugging Details:
--------------------------------------------------------------------------------
READ_ADDRESS: unable to read from dd487c58
unable to read from dd487588
unable to read from dd48743c
unable to read from dd4790b8
unable to read from dd487450
unable to read from dd487584
unable to read from dd4790bc
unable to read from dd487644
unable to read from dd487bf8
00000097
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiSessionInSwapProcess+103
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: f0e93cbc -- (.trap 0xfffffffff0e93cbc)
.trap 0xfffffffff0e93cbc
ErrCode = 00000000
eax=00000000 ebx=ffffffff ecx=dd487e84 edx=00000000 esi=dd0654f0 edi=dd487e84
eip=dd538d8d esp=f0e93d30 ebp=f0e93d44 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!MiSessionInSwapProcess+0x103:
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h ds:0023:00000097=????????
.trap
Resetting default scope
LAST_CONTROL_TRANSFER: from dd538d8d to dd46ca94
STACK_TEXT:
f0e93cbc dd538d8d 00000000 f0e93d3c 00000021 nt!KiTrap0E+0x284
f0e93d44 dd442773 fcf05a00 dd486c40 fcf05a40 nt!MiSessionInSwapProcess+0x103
f0e93d7c dd467a65 fcf05a40 00000000 00000000 nt!MmInSwapProcess+0x3e5
f0e93d90 dd4679bc 00000000 00000000 00000000 nt!KiInSwapProcesses+0x33
f0e93da8 dd458b38 00000000 00000000 00000000 nt!KeSwapProcessOrStack+0x6e
f0e93ddc dd46e256 dd46794e 00000000 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiSessionInSwapProcess+103
dd538d8d 8b8b98000000 mov ecx,dword ptr ebx+98h
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!MiSessionInSwapProcess+103
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 403d35f9
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: 0xA_nt!MiSessionInSwapProcess+103
BUCKET_ID: 0xA_nt!MiSessionInSwapProcess+103
Followup: MachineOwner
--------------------------------------------------------------------------------
eax=fd98513c ebx=0000000a ecx=00000000 edx=00000000 esi=dd538d8d edi=00000097
eip=dd46ca94 esp=f0e93ca8 ebp=f0e93cbc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiTrap0E+0x284:
dd46ca94 f7457000000200 test dword ptr ebp+70h,20000h ss:0010:f0e93d2c=00010246
ChildEBP RetAddr Args to Child
f0e93cbc dd538d8d 00000000 f0e93d3c 00000021 nt!KiTrap0E+0x284 (FPO: 0,0 TrapFrame @ f0e93cbc)
f0e93d44 dd442773 fcf05a00 dd486c40 fcf05a40 nt!MiSessionInSwapProcess+0x103 (FPO: Non-Fpo)
f0e93d7c dd467a65 fcf05a40 00000000 00000000 nt!MmInSwapProcess+0x3e5 (FPO: Non-Fpo)
f0e93d90 dd4679bc 00000000 00000000 00000000 nt!KiInSwapProcesses+0x33 (FPO: 1,0,3)
f0e93da8 dd458b38 00000000 00000000 00000000 nt!KeSwapProcessOrStack+0x6e (FPO: Non-Fpo)
f0e93ddc dd46e256 dd46794e 00000000 00000000 nt!PspSystemThreadStartup+0x54 (FPO: Non-Fpo)
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
dd062000 dd076460 hal hal.dll Fri Mar 21 02:04:42 2003 (3E7A733A)
dd400000 dd5a3f00 nt ntkrpamp.exe Wed Feb 25 23:55:37 2004 (403D35F9)
de000000 de1a4000 win32k win32k.sys unavailable (FFFFFFFE)
de1a4000 de1b9000 vmx_fb vmx_fb.dll unavailable (FFFFFFFE)
de1b9000 de1c6000 RDPDD RDPDD.dll unavailable (FFFFFFFE)
f0a00000 f0a0f000 pci pci.sys unavailable (FFFFFFFE)
f0a10000 f0a1c000 isapnp isapnp.sys unavailable (FFFFFFFE)
f0a20000 f0a30000 cpq32fs2 cpq32fs2.sys ***** Invalid (FD9B60C9)
f0a30000 f0a38700 CLASSPNP CLASSPNP.SYS Wed Jan 15 19:42:51 2003 (3E25B9BB)
f0a50000 f0a5c4c0 VIDEOPRT VIDEOPRT.SYS Wed Jan 15 19:47:20 2003 (3E25BAC8)
f0a60000 f0a6b680 i8042prt i8042prt.sys Wed Apr 16 05:00:59 2003 (3E9CD57B)
f0a70000 f0a7f400 serial serial.sys Wed Apr 16 05:19:39 2003 (3E9CD9DB)
f0a80000 f0a8db00 vmx_svga vmx_svga.sys Wed Apr 11 18:53:38 2007 (461D20A2)
f0a90000 f0a9ca80 rasl2tp rasl2tp.sys Wed Apr 30 00:05:06 2003 (3EAF0522)
f0aa0000 f0aabc40 raspptp raspptp.sys Thu May 15 00:47:00 2003 (3EC2D574)
f0ab0000 f0abea20 parallel parallel.sys Wed Jan 15 19:47:14 2003 (3E25BAC2)
f0ad0000 f0ad9ce0 NDProxy NDProxy.SYS Fri Oct 01 00:25:35 1999 (37F3F16F)
f0af0000 f0af8fa0 Npfs Npfs.SYS Sun Oct 10 00:58:07 1999 (37FFD68F)
f0b00000 f0b08680 msgpc msgpc.sys Wed Jan 15 19:54:25 2003 (3E25BC71)
f0b10000 f0b181a0 netbios netbios.sys Tue Oct 12 20:34:19 1999 (38038D3B)
f0b20000 f0b28580 savonaccessfilter savonaccessfilter.sys Mon Sep 10 12:07:39 2007 (46E5257B)
f0bf0000 f0bf9000 Fips Fips.SYS unavailable (FFFFFFFE)
f0c80000 f0c86000 PCIIDEX PCIIDEX.SYS unavailable (FFFFFFFE)
f0c88000 f0c90000 MountMgr MountMgr.sys unavailable (FFFFFFFE)
f0c90000 f0c97000 symc8xx symc8xx.sys ***** Invalid (FD9B60C9)
f0c98000 f0c9e000 sym_hi sym_hi.sys ***** Invalid (FD9B60C9)
f0ca0000 f0ca7720 disk disk.sys Wed Jan 15 19:43:05 2003 (3E25B9C9)
f0ca8000 f0cad880 nsifiltr nsifiltr.sys Wed Oct 03 18:05:49 2007 (4703CBED)
f0cb0000 f0cb5100 agp440 agp440.sys Wed Jan 15 19:47:07 2003 (3E25BABB)
f0cd0000 f0cd5ec0 kbdclass kbdclass.sys Thu Feb 20 16:37:30 2003 (3E55044A)
f0ce0000 f0ce5400 mouclass mouclass.sys Thu Feb 20 16:37:45 2003 (3E550459)
f0ce8000 f0ced000 TDTCP TDTCP.SYS ***** Invalid (FCFD2F69)
f0cf0000 f0cf6100 parport parport.sys Wed Jan 15 19:47:13 2003 (3E25BAC1)
f0d08000 f0d0f000 fdc fdc.sys unavailable (FFFFFFFE)
f0d18000 f0d1ec40 cdrom cdrom.sys Wed Jan 15 19:43:04 2003 (3E25B9C8)
f0d30000 f0d37280 vmxnet vmxnet.sys Sun Sep 30 13:22:32 2007 (46FF9508)
f0d58000 f0d5c400 ptilink ptilink.sys Wed Jan 15 19:47:15 2003 (3E25BAC3)
f0d68000 f0d6c0e0 raspti raspti.sys Fri Oct 08 21:45:10 1999 (37FE57D6)
f0d80000 f0d84a60 flpydisk flpydisk.sys Wed Jan 15 19:42:52 2003 (3E25B9BC)
f0d90000 f0d96a20 EFS EFS.SYS Wed Jan 15 19:46:55 2003 (3E25BAAF)
f0db0000 f0db5240 Msfs Msfs.SYS Wed Oct 27 00:21:32 1999 (3816377C)
f0dd0000 f0dd7d00 wanarp wanarp.sys Fri Aug 16 13:25:01 2002 (3D5CEF1D)
f0de0000 f0de7000 vmmemctl vmmemctl.sys unavailable (FFFFFFFE)
f0e10000 f0e13000 BOOTVID BOOTVID.dll unavailable (FFFFFFFE)
f0e14000 f0e17000 compbatt compbatt.sys ***** Invalid (FD9B66C9)
f0e18000 f0e1b000 PartMgr PartMgr.sys unavailable (FFFFFFFE)
f0e1c000 f0e20000 cpqarray cpqarray.sys ***** Invalid (FD9B60C9)
f0e20000 f0e24000 symc810 symc810.sys ***** Invalid (FD9B60C9)
f0e24000 f0e27c80 cpqcissm cpqcissm.sys Mon May 19 17:19:35 2003 (3EC90417)
f0e28000 f0e2b460 cpqarry2 cpqarry2.sys Mon Nov 05 21:47:33 2001 (3BE708F5)
f0e2c000 f0e2f480 nsirecog nsirecog.sys Wed Oct 03 18:05:49 2007 (4703CBED)
f0f00000 f0f02000 BATTC BATTC.SYS unavailable (FFFFFFFE)
f0f02000 f0f04000 intelide intelide.sys ***** Invalid (FD9B65C9)
f0f04000 f0f06000 Diskperf Diskperf.sys ***** Invalid (FD9B68E9)
f0f06000 f0f08000 dmload dmload.sys unavailable (FFFFFFFE)
f0f0a000 f0f0b300 kbstuff5 kbstuff5.sys Wed Nov 23 19:44:23 2005 (4384C697)
f0f0c000 f0f0d280 vmmouse vmmouse.sys Wed Apr 11 18:54:49 2007 (461D20E9)
f0f12000 f0f13ca0 Fs_Rec Fs_Rec.SYS Wed Jan 15 19:53:30 2003 (3E25BC3A)
f0f1a000 f0f1be40 rasacd rasacd.sys Sat Sep 25 19:41:23 1999 (37ED1753)
f0fb6000 f0fb8000 ParVdm ParVdm.SYS unavailable (FFFFFFFE)
f0fc8000 f0fc9000 WMILIB WMILIB.SYS unavailable (FFFFFFFE)
f0fc9000 f0fca000 pciide pciide.sys ***** Invalid (FD9B65C9)
f105e000 f105e840 idisw2km idisw2km.sys Wed Nov 23 19:45:10 2005 (4384C6C6)
f1088000 f1088a40 audstub audstub.sys Sat Sep 25 19:35:33 1999 (37ED15F5)
f10a1000 f10a1d80 swenum swenum.sys Sat Sep 25 19:36:31 1999 (37ED162F)
f10bf000 f10bf9e0 Null Null.SYS Sat Sep 25 19:34:58 1999 (37ED15D2)
f10c3000 f10c3ee0 Beep Beep.SYS Wed Oct 20 23:18:59 1999 (380E3FD3)
f10c8000 f10c8f80 mnmdd mnmdd.SYS Sat Sep 25 19:37:40 1999 (37ED1674)
f3faf000 f3fb3000 prepdrv prepdrv.sys unavailable (FFFFFFFE)
f409b000 f40b1000 RDPWD RDPWD.SYS ***** Invalid (FCFD2F69)
f4101000 f4111000 ipsec ipsec.sys ***** Invalid (E2AF6008)
f41e1000 f41e4000 spud spud.sys unavailable (FFFFFFFE)
f4c69000 f4c8c000 Fastfat Fastfat.SYS unavailable (FFFFFFFE)
f4e94000 f4e9d000 termdd termdd.sys ***** Invalid (FD9B68E9)
f509c000 f50d7000 srv srv.sys ***** Invalid (E13824C8)
f533f000 f534e000 Cdfs Cdfs.SYS unavailable (FFFFFFFE)
f5537000 f5555000 afd afd.sys ***** Invalid (FD710149)
f56bd000 f56ce000 dump_symmpi dump_symmpi.sys ***** Invalid (FD71D609)
f56f6000 f575aca0 mrxsmb mrxsmb.sys Thu Jan 20 07:25:21 2005 (41EF5CE1)
f576d000 f5796900 rdbss rdbss.sys Fri Dec 03 03:37:11 2004 (41AFDF67)
f5797000 f57aff00 savonaccesscontrol savonaccesscontrol.sys Mon Sep 10 12:08:16 2007 (46E525A0)
f57b0000 f57d91a0 netbt netbt.sys Thu May 22 02:51:10 2003 (3ECC2D0E)
f57da000 f58281a0 tcpip tcpip.sys Thu May 12 11:24:58 2005 (42832EFA)
f5cb1000 f5cdb3a0 update update.sys Wed Apr 16 05:22:01 2003 (3E9CDA69)
f5cdc000 f5cf7b40 ks ks.sys Wed Apr 16 05:02:11 2003 (3E9CD5C3)
f5d0a000 f5d2d060 rdpdr rdpdr.sys Fri Mar 21 21:43:14 2003 (3E7B8772)
f5d56000 f5d6cba0 ndiswan ndiswan.sys Wed Apr 30 00:05:01 2003 (3EAF051D)
f5d7d000 f5d80580 vga vga.sys Sat Sep 25 19:37:40 1999 (37ED1674)
f5db9000 f5dbd000 dump_scsiport dump_scsiport.sys unavailable (FFFFFFFE)
f5f4e000 f5f51e60 TDI TDI.SYS Wed Jan 15 19:56:26 2003 (3E25BCEA)
f5f5e000 f5f602e0 ndistapi ndistapi.sys Wed Jan 15 19:54:15 2003 (3E25BC67)
f5f6a000 f5f6d640 serenum serenum.sys Wed Jan 15 19:47:01 2003 (3E25BAB5)
f5f7e000 f5f805a0 CmBatt CmBatt.sys Wed Jan 15 19:44:29 2003 (3E25BA1D)
f5fbe000 f5fd1b20 CPQPHP CPQPHP.SYS Mon Jan 06 23:44:27 2003 (3E1A14DB)
f5fd2000 f5fe7640 Mup Mup.sys Wed Jan 15 19:54:01 2003 (3E25BC59)
f5fe8000 f6011aa0 NDIS NDIS.sys Wed Apr 30 00:05:01 2003 (3EAF051D)
f6012000 f60945a0 Ntfs Ntfs.sys Fri May 09 20:46:45 2003 (3EBC05A5)
f6095000 f60a67c0 KSecDD KSecDD.sys Sun Sep 21 01:32:19 2003 (3F6CF193)
f60a7000 f60b91c0 Dfs Dfs.sys Wed Feb 12 02:19:06 2003 (3E49AF1A)
f60ba000 f60d4c00 dblhook dblhook.sys Wed Oct 03 18:05:50 2007 (4703CBEE)
f60d5000 f60e6180 drvmcdb drvmcdb.sys Thu Feb 08 22:01:47 2001 (3A83174B)
f60e7000 f60f8000 symmpi symmpi.sys Mon Jun 14 16:28:44 2004 (40CDC42C)
f60f8000 f610e000 adpu160m adpu160m.sys ***** Invalid (FD9B60C9)
f610e000 f6124000 atapi atapi.sys ***** Invalid (FD9B68E9)
f6124000 f6137000 SCSIPORT SCSIPORT.SYS unavailable (FFFFFFFE)
f6137000 f6159000 dmio dmio.sys unavailable (FFFFFFFE)
f6159000 f6176000 ftdisk ftdisk.sys unavailable (FFFFFFFE)
f6176000 f619e000 ACPI ACPI.sys ***** Invalid (FD9B68E9)
Unloaded modules:
f5225000 f5267000 cpqasm.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f0b30000 f0b39000 redbook.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f0da0000 f0da5000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f5d85000 f5d88000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt
Any assistance that anybody could give me in diagnosing the fault or possible remedies, would be much appreciated.
Cheers