I am new to trying to analyze memory dumps and having an issue trying to figure what is causing this server to blue screen. The server tends to blue screen every 3-4 days. The server is running IIS and hosts numerous .net 1 and 2.0 websites (when it is up).
From reading other post, it appears that running verifier would help, but I do not want to affect server performance too much when it is up. Does anyone know how much perfomance will take a hit? Will user notice?
Any help would be greatly appreciated!
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, b93561b8, b93562d0, 8823d938}
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+477 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: b93561b8, The pool entry we were looking for within the page.
Arg3: b93562d0, The next pool entry.
Arg4: 8823d938, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: b93561b8
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: w3wp.exe
CURRENT_IRQL: 1
LAST_CONTROL_TRANSFER: from 8089c8f4 to 8087b71e
STACK_TEXT:
b6ccfb34 8089c8f4 00000019 00000020 b93561b8 nt!KeBugCheckEx+0x1b
b6ccfb9c 80854555 b93561c0 00000000 00000000 nt!ExFreePoolWithTag+0x477
b6ccfbc8 808174e4 88141298 88141288 80a78b74 nt!IopfCompleteRequest+0x180
b6ccfc28 8081e2f7 8a0cd328 88141288 881005a8 nt!FsRtlCancelNotify+0x222
b6ccfc40 8090449e 88141288 88258368 00000000 nt!IoCancelIrp+0x64
b6ccfc68 8092d861 881003a0 8812acc0 fffffffd nt!IoCancelThreadIo+0x36
b6ccfcf0 8090add1 fffffffd b6ccfd4c 808315eb nt!PspExitThread+0x466
b6ccfcfc 808315eb 8812acc0 b6ccfd48 b6ccfd3c nt!PsExitSpecialApc+0x1d
b6ccfd4c 80834da7 00000001 00000000 b6ccfd64 nt!KiDeliverApc+0x1ae
b6ccfd4c 7c82ed54 00000001 00000000 b6ccfd64 nt!KiServiceExit+0x56
WARNING: Frame IP not in any known module. Following frames may be wrong.
027fdfe4 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
8089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ebe552
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+477
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+477
Followup: MachineOwner
---------
From reading other post, it appears that running verifier would help, but I do not want to affect server performance too much when it is up. Does anyone know how much perfomance will take a hit? Will user notice?
Any help would be greatly appreciated!
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, b93561b8, b93562d0, 8823d938}
Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+477 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: b93561b8, The pool entry we were looking for within the page.
Arg3: b93562d0, The next pool entry.
Arg4: 8823d938, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: b93561b8
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: w3wp.exe
CURRENT_IRQL: 1
LAST_CONTROL_TRANSFER: from 8089c8f4 to 8087b71e
STACK_TEXT:
b6ccfb34 8089c8f4 00000019 00000020 b93561b8 nt!KeBugCheckEx+0x1b
b6ccfb9c 80854555 b93561c0 00000000 00000000 nt!ExFreePoolWithTag+0x477
b6ccfbc8 808174e4 88141298 88141288 80a78b74 nt!IopfCompleteRequest+0x180
b6ccfc28 8081e2f7 8a0cd328 88141288 881005a8 nt!FsRtlCancelNotify+0x222
b6ccfc40 8090449e 88141288 88258368 00000000 nt!IoCancelIrp+0x64
b6ccfc68 8092d861 881003a0 8812acc0 fffffffd nt!IoCancelThreadIo+0x36
b6ccfcf0 8090add1 fffffffd b6ccfd4c 808315eb nt!PspExitThread+0x466
b6ccfcfc 808315eb 8812acc0 b6ccfd48 b6ccfd3c nt!PsExitSpecialApc+0x1d
b6ccfd4c 80834da7 00000001 00000000 b6ccfd64 nt!KiDeliverApc+0x1ae
b6ccfd4c 7c82ed54 00000001 00000000 b6ccfd64 nt!KiServiceExit+0x56
WARNING: Frame IP not in any known module. Following frames may be wrong.
027fdfe4 00000000 00000000 00000000 00000000 0x7c82ed54
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExFreePoolWithTag+477
8089c8f4 cc int 3
SYMBOL_STACK_INDEX: 1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 45ebe552
SYMBOL_NAME: nt!ExFreePoolWithTag+477
FAILURE_BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+477
BUCKET_ID: 0x19_20_nt!ExFreePoolWithTag+477
Followup: MachineOwner
---------