memory dump file info - Windows Server 2008 x64

H

hethuda

New member
Joined
Aug 3, 2015
Posts
2
Code: 
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [Y:\Memory.dmp]
Kernel Summary Dump File: Only kernel address space is available

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred [URL]http://msdl.microsoft.com/download/symbols[/URL]
Symbol search path is: [URL]http://msdl.microsoft.com/download/symbols[/URL]
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 6002.19346.amd64fre.vistasp2_gdr.150312-1556
Machine Name:
Kernel base = 0xfffff800`02461000 PsLoadedModuleList = 0xfffff800`02625e30
Debug session time: Sat Aug 1 16:15:20.104 2015 (UTC - 7:00)
System Uptime: 16 days 21:03:53.964
Loading Kernel Symbols
..........................................................
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.....
................................................................
............................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904aa, fffffa600237f5a8, fffffa600237ef80, fffffa60018258a0}
Probably caused by : Ntfs.sys ( Ntfs!NtfsAcquireExclusiveScb+10 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904aa
Arg2: fffffa600237f5a8
Arg3: fffffa600237ef80
Arg4: fffffa60018258a0
Debugging Details:
------------------

EXCEPTION_RECORD: fffffa600237f5a8 -- (.exr 0xfffffa600237f5a8)
ExceptionAddress: fffffa60018258a0 (Ntfs!NtfsAcquireExclusiveScb+0x0000000000000010)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000070
Attempt to read from address 0000000000000070
CONTEXT: fffffa600237ef80 -- (.cxr 0xfffffa600237ef80;r)
rax=fffffa600237f880 rbx=0000000000000000 rcx=fffffa800afce9d0
rdx=0000000000000000 rsi=fffff880380838d0 rdi=fffff8801edda000
rip=fffffa60018258a0 rsp=fffffa600237f7e0 rbp=0000000000000558
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
Ntfs!NtfsAcquireExclusiveScb+0x10:
fffffa60`018258a0 488b5270 mov rdx,qword ptr [rdx+70h] ds:002b:00000000`00000070=????????????????
Last set context:
rax=fffffa600237f880 rbx=0000000000000000 rcx=fffffa800afce9d0
rdx=0000000000000000 rsi=fffff880380838d0 rdi=fffff8801edda000
rip=fffffa60018258a0 rsp=fffffa600237f7e0 rbp=0000000000000558
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
Ntfs!NtfsAcquireExclusiveScb+0x10:
fffffa60`018258a0 488b5270 mov rdx,qword ptr [rdx+70h] ds:002b:00000000`00000070=????????????????
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000070
READ_ADDRESS: 0000000000000070 
FOLLOWUP_IP: 
Ntfs!NtfsAcquireExclusiveScb+10
fffffa60`018258a0 488b5270 mov rdx,qword ptr [rdx+70h]
FAULTING_IP: 
Ntfs!NtfsAcquireExclusiveScb+10
fffffa60`018258a0 488b5270 mov rdx,qword ptr [rdx+70h]
BUGCHECK_STR: 0x24
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffffa600188893c to fffffa60018258a0
STACK_TEXT: 
fffffa60`0237f7e0 fffffa60`0188893c : fffffa80`0afce9d0 fffffa60`01824571 fffff880`28b99aa0 00000000`00000000 : Ntfs!NtfsAcquireExclusiveScb+0x10
fffffa60`0237f810 fffffa60`01889f78 : fffffa80`0afce9d0 fffff880`1edda000 fffff880`28b99aa0 00000000`00000001 : Ntfs!TxfInitializeTxfDir+0x6c
fffffa60`0237f950 fffffa60`0189b91e : fffff880`380838d0 00000000`00000558 fffffa80`136fa558 00000000`000007ff : Ntfs!TxfStartRm+0x508
fffffa60`0237fb90 fffffa60`0184fef1 : fffffa80`136fa180 fffff880`00000150 fffffa80`0afce9d0 fffff880`1edda000 : Ntfs!TxfInitializeVolume+0x59e
fffffa60`0237fcb0 fffff800`024be6cb : fffffa60`0184fe30 fffff800`025f28a0 fffffa80`1b945500 00000000`00000000 : Ntfs!TxfRmRestartWorkItemRoutine+0xc1
fffffa60`0237fcf0 fffff800`026c2977 : fffffa80`151ff548 005f0923`00900938 fffffa80`09a48720 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`0237fd50 fffff800`024f44a6 : fffffa60`0218a180 fffffa80`09a48720 fffffa60`02193d40 fffffa80`09a48ca8 : nt!PspSystemThreadStartup+0x57
fffffa60`0237fd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16

SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsAcquireExclusiveScb+10
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 51326c87
IMAGE_VERSION: 6.0.6002.18799
STACK_COMMAND: .cxr 0xfffffa600237ef80 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireExclusiveScb+10
BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireExclusiveScb+10
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x24_ntfs!ntfsacquireexclusivescb+10
FAILURE_ID_HASH: {5a47fa2d-28dd-383f-d34f-90b5605cf270}
Followup: MachineOwner
---------
 
Last edited by a moderator:
Upload the dump file to Onedrive or Dropbox then post the link for analysis.
 
Hi ^_^,


Sorry for the late reply. Do you still need help with this? In case you still need help, please reply to this thread and I will try my best to reply within 48 hours. I would be notified via email once you reply :)




-Pranav
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top