My Windows 2003 R2 SP2 server crashes about once a month. I analyzed the crash dump but can't really figure out what it means. Any help is appreciated….
Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64 Copyright
(c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\Users\noam\Downloads\MEMORY.DMP] Kernel Summary
Dump File: Only kernel address space is availableSymbol search path is:
SRVC:\Windows\Symbolshttp://msdl.microsoft.com/download/symbols
Executable search path is: Windows Server 2003 Kernel Version 3790
(Service Pack 2) MP (4 procs) Free x64 Product: Server, suite:
TerminalServer SingleUserTS Built by: 3790.srv03_sp2_qfe.120821-0338
Machine Name: Kernel base = 0xfffff80001000000 PsLoadedModuleList =
011d8280 Debug session time: Thu Mar 21 10:48:04.909 2013
0xfffff800
(UTC – 4:00) System Uptime: 24 days 13:36:09.953 Loading Kernel
Symbols
………………………………………………………
………………………………………….. Loading User
Symbols PEB is paged out (Peb.Ldr = 000007ff`fffdf018). Type ".hh
dbgerr001" for details Loading unloaded module list ….
- *
- Bugcheck Analysis *
- *
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffadf28a13000, 0, fffff800012c532e, 0}
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys Probably caused by : sptd.sys ( sptd+5fe75 )
Followup: MachineOwner
3: kd> !analyze -v
- *
- Bugcheck Analysis *
- *
PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced.
This cannot be protected by try-except, it must be protected by a
Probe. Typically the address is just plain bad or it is pointing at
freed memory. Arguments: Arg1: fffffadf28a13000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800012c532e, If non-zero, the instruction address which
referenced the bad memory address. Arg4: 0000000000000000, (reserved)Debugging Details:
READ_ADDRESS: fffffadf28a13000
FAULTING_IP: nt!PspGetSetContextInternal+203 fffff800`012c532e
488b58f8 mov rbx,qword ptr [rax-8]MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: w3wp.exe
CURRENT_IRQL: 1
TRAP_FRAME: fffffadf1fb32710 — (.trap 0xfffffadf1fb32710) NOTE: The
trap frame does not contain all registers. Some register values may be
zeroed or incorrect. rax=fffffadf28a13007 rbx=0000000000000000
rcx=0000000000000001 rdx=0000000000000000 rsi=0000000000000000
rdi=0000000000000000 rip=fffff800012c532e rsp=fffffadf1fb328a0
rbp=fffffadf228d0b10 r8=0000000000000000 r9=0000000000000000
r10=0000000000000000 r11=0000000000000000 r12=0000000000000000
r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0
nv up ei ng nz ac pe nc nt!PspGetSetContextInternal+0x203:
fffff800012c532e 488b58f8 mov rbx,qword ptr [rax-8]
28a12fff=???????????????? Resetting default scope
ds:fffffadfLAST_CONTROL_TRANSFER: from fffff800010a69dd to fffff8000102eb90
STACK_TEXT: fffffadf
1fb32638 fffff800
010a69dd : 0000000000000050
28a13000 00000000
fffffadf00000000 fffffadf
1fb32710 :
nt!KeBugCheckEx fffffadf1fb32640 fffff800
0102d759 :
0000000000000000 00000000
00000000 0000000000000000
00000000 : nt!MmAccessFault+0xa1f fffffadf
000000001fb32710
012c532e : 00000000
fffff80000000000 00000000
00000000
fffffadf1fb33c70 fffffadf
228d05c0 : nt!KiPageFault+0x119
fffffadf1fb328a0 fffff800
010425bb : fffffadf35821040
1fb32fa0 fffffadf
fffffadf35821088 00000000
00000000 :
nt!PspGetSetContextInternal+0x203 fffffadf1fb32df0 fffff800
01028081
: fffffadf385ce018 fffff800
00810310 0000000000000001
385ce018 : nt!PspGetSetContextSpecialApc+0xab
fffffadf
fffffadf1fb32f00 fffff800
01027c8d : fffffadf358210b8
00000000 00000000
0000000000000000 fffffadf
35c06558 :
nt!KiDeliverApc+0x215 fffffadf1fb32fa0 fffffadf
28b33e75 :
fffffadf28b3b91c fffffadf
35c06558 fffffadf35c06440
00000000 : nt!KiApcInterrupt+0xdd fffffadf
000000001fb33138
28b3b91c : fffffadf
fffffadf35c06558 fffffadf
35c06440
0000000000000000 00000000
00000000 : sptd+0x5fe75 fffffadf1fb33140
38ddd2de : fffffadf
fffffadf1fb33240 fffff800
0102550f
0000000000000000 fffffadf
1fb33248 : sptd+0x6791c fffffadf1fb33220
1fb33240 : fffff800
fffffadf0102550f 00000000
00000000
fffffadf1fb33248 fffffadf
385cc050 : 0xfffffadf38ddd2de
1fb33228 fffff800
fffffadf0102550f : 00000000
00000000
fffffadf1fb33248 fffffadf
385cc050 0000000000000000 :
1fb33240 fffffadf
0xfffffadf1fb33230 fffff800
011ad8fd :
0001100000000000 fffffadf
385cc050 0000000180392000
00000002 : nt!IopfCompleteRequest+0x9c8 fffffadf
000000001fb332a0
358a8ca0 : 00000000
fffffadf00001000 0000000a
1f1e5000
fffffadf385d3040 fffffadf
289da2b7 : nt!ExFreePoolWithTag+0x67b
fffffadf1fb33360 00000000
00001000 : 0000000a1f1e5000
385d3040 fffffadf
fffffadf289da2b7 fffffadf
385d4cb0 :
0xfffffadf358a8ca0 fffffadf
1fb33368 0000000a1f1e5000 :
385d3040 fffffadf
fffffadf289da2b7 fffffadf
385d4cb0
fffffadf1fb33860 : 0x1000 fffffadf
1fb33370 fffffadf385d3040 :
289da2b7 fffffadf
fffffadf385d4cb0 fffffadf
1fb33860
fffffadf358a8f68 : 0x0000000a
1f1e5000 fffffadf1fb33378
289da2b7 : fffffadf
fffffadf385d4cb0 fffffadf
1fb33860
fffffadf358a8f68 fffffadf
358a8ca0 : 0xfffffadf385d3040
1fb33380 fffffadf
fffffadf28943f92 : fffffadf
358a8ca0
fffffadf37eee640 fffffadf
358a8f68 fffffadf385d3190 :
1fb333d0 fffffadf
ftdisk!FtDiskReadWrite+0x1e7 fffffadf2874f361 :
00000000 fffffadf
000000002676915c fffffadf
37b811c8
fffffadf358a8ca0 : volsnap!VolSnapRead+0xa2 fffffadf
1fb33410
fffffadf2875e582 : fffffadf
00000000 fffffadf00001000
37eee640 fffffadf
fffffadf00000000 : Ntfs!NtfsPagingFileIo+0x202
1fb33510 fffffadf
fffffadf28751e2e : fffffadf
1fb336a0
fffffadf358a8ca0 fffffadf
1fb33601 fffffadf1fb336e0 :
1fb336a0 2444c7c8
Ntfs!NtfsCommonRead+0x4d3 fffffadf8b48d233 :
46635328 15ff0000
44c7487300982024 762d8b48
00002f0d
8b481445ff00008d : Ntfs!NtfsFsdRead+0x262 fffffadf
289da3a7
44c7487346635328 : 15ff0000
00982024 762d8b4800002f0d
ff00008d 4800002f
8b4814450a15ffcd : 0x2444c7c8
8b48d233
fffffadf289da3af 15ff0000
00982024 : 762d8b4800002f0d
ff00008d 4800002f
8b4814450a15ffcd 8b1875f0
8b48c085 :
0x44c7487346635328 fffffadf
289da3b7 762d8b4800002f0d :
ff00008d 4800002f
8b4814450a15ffcd 8b1875f0
8b48c085
4d8b28458b442c55 : 0x15ff0000
00982024 fffffadf289da3bf
ff00008d : 4800002f
8b4814450a15ffcd 8b1875f0
8b48c085
4d8b28458b442c55 483055ff
1845ff24 : 0x762d8b4800002f0d
289da3c7 4800002f
fffffadf0a15ffcd : 8b1875f0
8b48c085
4d8b28458b442c55 483055ff
1845ff24 c62474f08b48c085 :
ff00008d fffffadf
0x8b481445289da3cf 8b1875f0
8b48c085 :
4d8b28458b442c55 483055ff
1845ff24 c62474f08b48c085
48017a46 : 0x4800002f
3807058d0a15ffcd fffffadf
289da3d7
4d8b28458b442c55 : 483055ff
1845ff24 c62474f08b48c085
48017a46 46c60078
3807058d46c60000 : 0x8b1875f0
8b48c085
fffffadf289da3df 483055ff
1845ff24 : c62474f08b48c085
48017a46 46c60078
3807058d46c60000 c7480042
46c60079 :
0x4d8b28458b442c55 fffffadf
289da3e7 c62474f08b48c085 :
48017a46 46c60078
3807058d46c60000 c7480042
46c60079
8948000000001046 : 0x483055ff
1845ff24 fffffadf289da3ef
48017a46 : 46c60078
3807058d46c60000 c7480042
46c60079
8948000000001046 ff184b8d
486beb06 : 0xc62474f08b48c085
289da3f7 46c60078
fffffadf46c60000 : c7480042
46c60079
8948000000001046 ff184b8d
486beb06 a8bb8000002ea415 :
48017a46 fffffadf
0x3807058d289da3ff c7480042
46c60079 :
8948000000001046 ff184b8d
486beb06 a8bb8000002ea415
00000000 : 0x46c60078
8b483d7446c60000 fffffadf
289da407
8948000000001046 : ff184b8d
486beb06 a8bb8000002ea415
00000000 878d4c00
8b483d740000b897 : 0xc7480042
46c60079
fffffadf289da40f ff184b8d
486beb06 : a8bb8000002ea415
00000000 878d4c00
8b483d740000b897 988b8d4c
000000a8 :
0x8948000000001046 fffffadf
289da417 a8bb8000002ea415 :
00000000 878d4c00
8b483d740000b897 988b8d4c
000000a8
4901034a80000000 : 0xff184b8d
486beb06 fffffadf289da41f
00000000 : 878d4c00
8b483d740000b897 988b8d4c
000000a8
4901034a80000000 89490889
4d08518b : 0xa8bb8000002ea415
289da427 878d4c00
fffffadf0000b897 : 988b8d4c
000000a8
4901034a80000000 89490889
4d08518b 4b8d4802894c0850 :
00000000 fffffadf
0x8b483d74289da42f 988b8d4c
000000a8 :
4901034a80000000 89490889
4d08518b 4b8d4802894c0850
d0b60f18 : 0x878d4c00
0841894d0000b897 fffffadf
289da437
4901034a80000000 : 89490889
4d08518b 4b8d4802894c0850
d0b60f18 abe90000
0841894d2cdb15ff : 0x988b8d4c
000000a8
fffffadf289da43f 89490889
4d08518b : 4b8d4802894c0850
d0b60f18 abe90000
0841894d2cdb15ff 0090b38b
48000000 :
0x4901034a80000000 fffffadf
289da447 4b8d4802894c0850 :
d0b60f18 abe90000
0841894d2cdb15ff 0090b38b
48000000
b60f184b8d480000 : 0x89490889
4d08518b fffffadf289da44f
d0b60f18 : abe90000
0841894d2cdb15ff 0090b38b
48000000
b60f184b8d480000 01000000
a883c6d0 : 0x4b8d4802894c0850
289da457 abe90000
fffffadf2cdb15ff : 0090b38b
48000000
b60f184b8d480000 01000000
a883c6d0 8b4c00002cbb15ff :
d0b60f18 fffffadf
0x0841894d289da45f 0090b38b
48000000 :
b60f184b8d480000 01000000
a883c6d0 8b4c00002cbb15ff
0000b887 : 0xabe90000
478b48002cdb15ff fffffadf
289da467
b60f184b8d480000 : 01000000
a883c6d0 8b4c00002cbb15ff
0000b887 46894810
478b48007e894808 : 0x0090b38b
48000000
fffffadf289da46f 01000000
a883c6d0 : 8b4c00002cbb15ff
0000b887 46894810
478b48007e894808 508d4918
408b4908 :
0xb60f184b8d480000 fffffadf
289da477 8b4c00002cbb15ff :
0000b887 46894810
478b48007e894808 508d4918
408b4908
4c028b2046894808 : 0x01000000
a883c6d0 fffffadf289da47f
0000b887 : 46894810
478b48007e894808 508d4918
408b4908
4c028b2046894808 8d481846
89306689 : 0x8b4c00002cbb15ff
289da487 46894810
fffffadf7e894808 : 508d4918
408b4908
4c028b2046894808 8d481846
89306689 46894800024b1405 :
0000b887 fffffadf
0x478b4800289da48f 508d4918
408b4908 :
4c028b2046894808 8d481846
89306689 46894800024b1405
878b4828 : 0x46894810
000000987e894808 fffffadf
289da497
4c028b2046894808 : 8d481846
89306689 46894800024b1405
878b4828 40b60f41
0000009838468948 : 0x508d4918
408b4908
fffffadf289da49f 8d481846
89306689 : 46894800024b1405
878b4828 40b60f41
0000009838468948 03388041
40468802 :
0x4c028b2046894808 fffffadf
289da4a7 46894800024b1405 :
878b4828 40b60f41
0000009838468948 03388041
40468802
0f00000080be8948 : 0x8d481846
89306689 fffffadf289da4af
878b4828 : 40b60f41
0000009838468948 03388041
40468802
0f00000080be8948 0000889e
8948c094 : 0x46894800024b1405
289da4b7 40b60f41
fffffadf38468948 : 03388041
40468802
0f00000080be8948 0000889e
8948c094 0164bb8041468800 :
878b4828 fffffadf
0x00000098289da4bf 03388041
40468802 :
0f00000080be8948 0000889e
8948c094 0164bb8041468800
74000000 : 0x40b60f41
438b481138468948 fffffadf
289da4c7
0f00000080be8948 : 0000889e
8948c094 0164bb8041468800
74000000 00000170
438b48118b8b4808 : 0x03388041
40468802
fffffadf289da4cf 0000889e
8948c094 : 0164bb8041468800
74000000 00000170
438b48118b8b4808 8b480000
011090ff :
0x0f00000080be8948 fffffadf
289da4d7 0164bb8041468800 :
74000000 00000170
438b48118b8b4808 8b480000
011090ff
d68b48000000b887 : 0x0000889e
8948c094 fffffadf289da4df
74000000 : 00000170
438b48118b8b4808 8b480000
011090ff
d68b48000000b887 304e8b48
01034880 : 0x0164bb8041468800
289da4e7 00000170
fffffadf8b8b4808 : 8b480000
011090ff
d68b48000000b887 304e8b48
01034880 8b483050ff018b48 :
74000000 fffffadf
0x438b4811289da4ef 8b480000
011090ff :
d68b48000000b887 304e8b48
01034880 8b483050ff018b48
4c58246c : 0x00000170
4024648b8b8b4808 fffffadf
289da4f7
d68b48000000b887 : 304e8b48
01034880 8b483050ff018b48
4c58246c 7c8b4860
4024648b24748b48 : 0x8b480000
011090ff
fffffadf289da4ff 304e8b48
01034880 : 8b483050ff018b48
4c58246c 7c8b4860
4024648b24748b48 b850245c
8b486824 :
0xd68b48000000b887 fffffadf
289da507 8b483050ff018b48 :
4c58246c 7c8b4860
4024648b24748b48 b850245c
8b486824
48c4834800000103 : 0x304e8b48
01034880 fffffadf289da50f
4c58246c : 7c8b4860
4024648b24748b48 b850245c
8b486824
48c4834800000103 cccccccc
ccccccc3 : 0x8b483050ff018b48
289da517 7c8b4860
fffffadf24748b48 : b850245c
8b486824
48c4834800000103 cccccccc
ccccccc3 cccccccccccccccc :
4c58246c fffffadf
0x4024648b289da51f b850245c
8b486824 :
48c4834800000103 cccccccc
ccccccc3 cccccccccccccccc
ec8348cc : 0x7c8b4860
828b483824748b48 fffffadf
289da527
48c4834800000103 : cccccccc
ccccccc3 cccccccccccccccc
ec8348cc 246c8948
828b4838000000b8 : 0xb850245c
8b486824
fffffadf289da52f cccccccc
ccccccc3 : cccccccccccccccc
ec8348cc 246c8948
828b4838000000b8 10788318
6a8b4848 :
0x48c4834800000103 fffffadf
289da537 cccccccccccccccc :
ec8348cc 246c8948
828b4838000000b8 10788318
6a8b4848
c000000db80f7318 : 0xcccccccc
ccccccc3 fffffadf289da53f
ec8348cc : 246c8948
828b4838000000b8 10788318
6a8b4848
c000000db80f7318 c4834848
246c8b48 : 0xcccccccccccccccc
289da547 246c8948
fffffadf000000b8 : 10788318
6a8b4848
c000000db80f7318 c4834848
246c8b48 4840245c8948c338 :
ec8348cc
0x828b4838STACK_COMMAND: kb
FOLLOWUP_IP: sptd+5fe75 fffffadf`28b33e75 0000 add
byte ptr [rax],alSYMBOL_STACK_INDEX: 7
SYMBOL_NAME: sptd+5fe75
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sptd
IMAGE_NAME: sptd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4611064e
FAILURE_BUCKET_ID: X64_0x50_sptd+5fe75
BUCKET_ID: X64_0x50_sptd+5fe75
Followup: MachineOwner
3: kd> lmvm sptd start end module name
fffffadf28ad4000 fffffadf
28bf2000 sptd (no symbols)Loaded symbol image file: sptd.sys Image path: sptd.sys Image name: sptd.sys Timestamp: Mon Apr 02 09:34:06 2007 (4611064E) CheckSum: 000D960A ImageSize: 0011E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Best Answer
I'm not the best OS debugger, but here's what I see:
PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced.
What often causes this is a "use after free" condition where memory is freed, and then a thread references it as if it were still allocated. When a user-mode program does this, it usually just ends up crashing that program. But when a kernel-mode component, such as a driver, does this, it causes a bug check. It can also be caused when a thread attempts to write to an address that is marked as read-only. But because argument two of the error code specified that the fault occured during a read operation, we can eliminate that possibility.
Other things can cause this bug check as well, such as faulty hardware, and cosmic rays flipping bits in your RAM. But for the sake of discussion we'll disregard those possibilities as well.
If you look at the stack text - this stands out to me:
ExFreePoolWithTag+0x67b fffffadf1fb33360
That function freed pool memory, which is in kernel space. I'm not positive that it freed the memory that was later referenced that caused the machine to crash, but I'm highly suspicious of it. It is typically drivers that allocate and deallocate pool memory. The people who write drivers have to be extremely careful about allocating and deallocating memory, because if you don't do it perfectly, you either cause a memory leak or you crash the machine.
If you look here, you'll see the parameters of your bug check code:
Windbg identified sptd.sys as a probable cause of the crash. I'm guessing Windbg figured that sptd.sys is the culprit because it happened to be loaded in the address that was found in argument 3 of the bug chuck code. (But I could be wrong about that. I'm not sure how Windbg derives that information.) The information is not guaranteed to be accurate in any case, but stpd.sys appears to be a non-Microsoft driver related to CD/DVD burning software like Daemon Tools and Alcohol 120%.
I would definitely start by either upgrading or uninstalling that software.
Edit: Looks like you can find updated versions of sptd.sys here: http://www.disc-tools.com/download/sptd