Memory dump

Memory dump

Postby Ola » Tue Aug 22, 2006 6:25 am

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [U:\WINDOWS\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

Symbol search path is: D: *http://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: Server, suite: TerminalServer
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af988
Debug session time: Thu Aug 17 16:26:31.547 2006 (GMT+2)
System Uptime: 0 days 11:39:33.394
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
.........................................................................................................................
Loading User Symbols
.............
Loading unloaded module list
...*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck AB, {8, 20, 0, 1}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

Followup: MachineOwner
---------

1: kd> ! analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SESSION_HAS_VALID_POOL_ON_EXIT (ab)
Caused by a session driver not freeing its pool allocations prior to a
session unload. This indicates a bug in win32k.sys, atmfd.dll,
rdpdd.dll or a video driver.
Arguments:
Arg1: 00000008, session ID
Arg2: 00000020, number of paged pool bytes that are leaking
Arg3: 00000000, number of nonpaged pool bytes that are leaking
Arg4: 00000001, total number of paged and nonpaged allocations that are leaking.
nonpaged allocations are in the upper half of this word,
paged allocations are in the lower half of this word.

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: nt

FAULTING_MODULE: 80800000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42435e60

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xAB

LAST_CONTROL_TRANSFER: from 8095df98 to 8087b6be

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f4ac7c30 8095df98 000000ab 00000008 00000020 nt!KeBugCheckEx+0x1b
f4ac7c68 809c4c28 88dbc8e0 88dbc8e0 00000000 nt!RtlAreAllAccessesGranted+0x1c559
f4ac7ce8 8082117f 88dbc8e0 00000000 88f3f5b8 nt!IoUnregisterShutdownNotification+0x394
f4ac7d04 80912d6f 88dbc8e0 88f3f5b8 88f3f7f8 nt!wcscpy+0xf40
f4ac7d8c 8092d96b 00000000 00000000 88f3f5b8 nt!RtlRandom+0x1558
f4ac7da4 8092cd0d 88f3f5b8 00000000 00000001 nt!NtReadFile+0x587
f4ac7ddc 80841a96 bf92b980 898e9328 00000000 nt!ObAssignSecurity+0x236
00000000 00000000 00000000 00000000 00000000 nt!PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion+0xd5


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_NAME: MachineOwner

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

1: kd> kd
f4ac7c30 f4ac7c68
f4ac7c34 8095df98 nt!RtlAreAllAccessesGranted+0x1c559
f4ac7c38 000000ab
f4ac7c3c 00000008
f4ac7c40 00000020
f4ac7c44 00000000
f4ac7c48 00000001
f4ac7c4c 00000000
f4ac7c50 f7a09d80
f4ac7c54 f7a09000
f4ac7c58 00000000
f4ac7c5c 00000000
f4ac7c60 00000000
f4ac7c64 00000001
f4ac7c68 f4ac7ce8
f4ac7c6c 809c4c28 nt!IoUnregisterShutdownNotification+0x394
f4ac7c70 88dbc8e0
f4ac7c74 88dbc8e0
f4ac7c78 00000000
f4ac7c7c 00000000
Ola
 
Posts: 2
Joined: Mon May 29, 2006 7:06 am
Location: Berlin, Germany

Postby Guest » Fri Aug 25, 2006 2:36 pm

Ola, you have two problems here:

1. You incorrectly applied MS symbols so the output of WinDbg.exe is not good. The symbol path should be the folowing:

SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

2. BugCheck AB points to MS

I've found a good article on Citrix support web site about this bug check:

http://support.citrix.com/article/CTX107896
Guest
 


Return to Saving and collecting dumps

Who is online

Users browsing this forum: No registered users and 0 guests

cron