New
#1
BSOD - Pool_Corruption etc...
Hello,
Im quite new to debug NT dumps so I'm looking for little help with BSOD on w7 ent. x64 edition.
In short, problem is recurring when i try to sleep notebook or eventually when its restoring from sleep mode.
Ive checked some debug tutorials but got little problem with loading symbols...but even so I got this output of the last mini-dump:
From upper mentioned output i suspect that one of the "MCAfee" security components is responsible, but ill be thankful for any advice or help someone could offer.Code:Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\hojstric\Desktop\061511-16161-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631 Machine Name: Kernel base = 0xfffff800`02a54000 PsLoadedModuleList = 0xfffff800`02c99650 Debug session time: Wed Jun 15 17:15:38.851 2011 (UTC + 2:00) System Uptime: 0 days 10:00:02.609 Loading Kernel Symbols ............................................................... ................................................................ ...................................................... Loading User Symbols Loading unloaded module list .............................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {3, fffff80002c5b7b0, 0, fffff80002c5b7b0} Unable to load image \SystemRoot\system32\drivers\mfetdik.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for mfetdik.sys *** ERROR: Module load completed but symbols could not be loaded for mfetdik.sys Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 ) Followup: Pool_corruption --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000003, the pool freelist is corrupt. Arg2: fffff80002c5b7b0, the pool entry being checked. Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2). Arg4: fffff80002c5b7b0, the read back blink freelist value (should be the same as 2). Debugging Details: ------------------ BUGCHECK_STR: 0x19_3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002bfe4b3 to fffff80002ad3d00 STACK_TEXT: fffff880`0b1adb78 fffff800`02bfe4b3 : 00000000`00000019 00000000`00000003 fffff800`02c5b7b0 00000000`00000000 : nt!KeBugCheckEx fffff880`0b1adb80 fffff880`011c0542 : fffff880`00000000 fffffa80`044d4b80 fffffa80`06bc2cc0 fffffa80`00000000 : nt!ExDeferredFreePool+0xa53 fffff880`0b1adc70 fffff880`011c0d56 : fffffa80`044d4b80 fffffa80`073f9070 00000000`00000000 00000000`00000000 : tdx!TdxCreateTransportAddress+0x122 fffff880`0b1add00 fffff880`011ef3f1 : fffffa80`00000000 fffff8a0`0032f550 fffffa80`06bc2c50 fffff880`0b1aded0 : tdx!TdxTdiDispatchCreate+0x496 fffff880`0b1adda0 fffffa80`00000000 : fffff8a0`0032f550 fffffa80`06bc2c50 fffff880`0b1aded0 00000000`00000000 : mfetdik+0x73f1 fffff880`0b1adda8 fffff8a0`0032f550 : fffffa80`06bc2c50 fffff880`0b1aded0 00000000`00000000 fffffa80`06bc2c50 : 0xfffffa80`00000000 fffff880`0b1addb0 fffffa80`06bc2c50 : fffff880`0b1aded0 00000000`00000000 fffffa80`06bc2c50 00000000`00060000 : 0xfffff8a0`0032f550 fffff880`0b1addb8 fffff880`0b1aded0 : 00000000`00000000 fffffa80`06bc2c50 00000000`00060000 fffff880`0b1addd8 : 0xfffffa80`06bc2c50 fffff880`0b1addc0 00000000`00000000 : fffffa80`06bc2c50 00000000`00060000 fffff880`0b1addd8 fffff880`0b1addd8 : 0xfffff880`0b1aded0 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+a53 fffff800`02bfe4b3 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExDeferredFreePool+a53 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53 BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53 Followup: Pool_corruption ---------
Thank you in advance.
J
Quote