Debugging In Progress...

This blog is intended to provide information on debug issues encountered in Microsoft Support, such as STOP errors or hanging servers.

[RESOLVED] Win2008R2 SP1: STOP 0xAB in nt!MiCheckSessionPoolAllocations

[RESOLVED] Win2008R2 SP1: STOP 0xAB in nt!MiCheckSessionPoolAllocations

  • Comments 2
  • Likes

Status: Resolved.

Update 110809: As part of the HTP11-10 releases, we are releasing KB2585233, which addresses a problem that results in STOP 0xAB errors. Do note that not all of these errors have the same cause. In general, have a look at outdated video drivers, printer drivers, and if applicable, update your Citrix components as well. Then, implement the latest win32k.sys hotfix, and if the issue remains, create a case with us.

We now have two customers hitting a STOP 0xAB, similar to the STOPs we saw quite some time ago, after Win2003SP1. For one of the customers, the dump shows:

BugCheck AB, {2, 50, 0, 2}

 # Child-SP          RetAddr           Call Site
00 fffff880`0d0c0ac8 fffff800`01c8175f nt!KeBugCheckEx
01 fffff880`0d0c0ad0 fffff800`01b1e997 nt!MiCheckSessionPoolAllocations+0x13f
02 fffff880`0d0c0b10 fffff800`01c1c355 nt!MiDereferenceSessionFinal+0x137
03 fffff880`0d0c0bb0 fffff800`018b2c70 nt!MiDereferenceSession+0x815c5
04 fffff880`0d0c0be0 fffff800`01bb709a nt!MmCleanProcessAddressSpace+0x610
05 fffff880`0d0c0c30 fffff800`01bb7465 nt!PspExitThread+0x56a
06 fffff880`0d0c0d30 fffff800`018d27a6 nt!PspTerminateThreadByPointer+0x4d
07 fffff880`0d0c0d80 00000000`00000000 nt!KxStartSystemThread+0x16

To see the leaking pooltags, use:

5: kd> !poolused 8
.
 Sorting by Session Tag

               NonPaged                  Paged
 Tag     Allocs         Used     Allocs         Used

 Gadb         0            0          1           32 GDITAG_DC_COLOR_TRANSFORM , Binary: win32k!XDCOBJ::bAddColorTransfo
 Gh2>         0            0          1           48 GDITAG_HMGR_SPRITE_TYPE , Binary: win32k.sys
 Pool         1         4096          0            0 Pool tables, etc.

TOTAL         1         4096          2           80

If you encounter these STOPs on your machine(s) too, let me know!

Comments
  • Hello!

    We have some crashes on our remote desktop servers (win2008r2 sp1):

    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64

    Product: Server, suite: Enterprise TerminalServer

    Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533

    Machine Name:

    Kernel base = 0xfffff800`01604000 PsLoadedModuleList = 0xfffff800`01847670

    Debug session time: Wed May 22 09:58:48.623 2013 (UTC + 2:00)

    System Uptime: 1 days 10:06:14.257

    Loading Kernel Symbols

    ...............................................................

    ................................................................

    ...........

    Loading User Symbols

    PEB is paged out (Peb.Ldr = 000007ff`fffdd018).  Type ".hh dbgerr001" for details

    Loading unloaded module list

    .......

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck AB, {11, 50, 0, 2}

    Probably caused by : memory_corruption ( nt!MiCheckSessionPoolAllocations+13f )

    Followup: MachineOwner

    ---------

    0: kd> !analyze -v

    *******************************************************************************

    *                                                                             *

    *                        Bugcheck Analysis                                    *

    *                                                                             *

    *******************************************************************************

    SESSION_HAS_VALID_POOL_ON_EXIT (ab)

    Caused by a session driver not freeing its pool allocations prior to a

    session unload.  This indicates a bug in win32k.sys, atmfd.dll,

    rdpdd.dll or a video driver.

    Arguments:

    Arg1: 0000000000000011, session ID

    Arg2: 0000000000000050, number of paged pool bytes that are leaking

    Arg3: 0000000000000000, number of nonpaged pool bytes that are leaking

    Arg4: 0000000000000002, total number of paged and nonpaged allocations that are leaking.

    nonpaged allocations are in the upper half of this word,

    paged allocations are in the lower half of this word.

  • Debugging Details:

    ------------------

    Use !poolused 8 to dump allocation info for leaked session pooltags.

    TAG_NOT_DEFINED_405: Pool

    BUGCHECK_STR:  0xAB_Pool

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001a1fa7f to fffff80001679c00

    STACK_TEXT:  

    fffff880`06c18ac8 fffff800`01a1fa7f : 00000000`000000ab 00000000`00000011 00000000`00000050 00000000`00000000 : nt!KeBugCheckEx

    fffff880`06c18ad0 fffff800`018be917 : fffff880`06cefb40 fffff880`06cef000 fffff880`06cef000 fffffa80`0a8f8060 : nt!MiCheckSessionPoolAllocations+0x13f

    fffff880`06c18b10 fffff800`019bba15 : fffff880`06c18ba8 fffffa80`0a8f8060 ffffffff`ffffffd3 fffff880`06cef000 : nt!MiDereferenceSessionFinal+0x137

    fffff880`06c18bb0 fffff800`0164adec : fffff800`01807940 00000000`00000001 00000000`00000000 fffffa80`09804ab0 : nt! ?? ::NNGAKEGL::`string'+0x24005

    fffff880`06c18be0 fffff800`0194fcba : fffff8a0`16f51790 00000000`00000000 00000000`00000000 fffffa80`0a8f8060 : nt!MmCleanProcessAddressSpace+0x610

    fffff880`06c18c30 fffff800`0195008d : 00000000`00000000 fffff800`01917e01 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x56a

    fffff880`06c18d30 fffff800`0166a906 : fffff800`017f4e80 00000000`00000080 fffffa80`0a8f8060 fffffa80`07ee91b0 : nt!PspTerminateThreadByPointer+0x4d

    fffff880`06c18d80 00000000`00000000 : fffff880`06c19000 fffff880`06c13000 fffff880`06c185d0 00000000`00000000 : nt!KiStartSystemThread+0x16

    STACK_COMMAND:  kb

    FOLLOWUP_IP:

    nt!MiCheckSessionPoolAllocations+13f

    fffff800`01a1fa7f cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!MiCheckSessionPoolAllocations+13f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  X64_LEAKED_SESSION_POOLTAG_Pool

    BUCKET_ID:  X64_LEAKED_SESSION_POOLTAG_Pool

    Followup: MachineOwner

    ---------

    0: kd> !poolused 8

    .

    Sorting by Session Tag

                  NonPaged                  Paged

    Tag     Allocs         Used     Allocs         Used

    Gadb         0            0          1           32 GDITAG_DC_COLOR_TRANSFORM , Binary: win32k!XDCOBJ::bAddColorTransfo

    GhA>         0            0          1           48 GDITAG_HMGR_SPRITE_TYPE , Binary: win32k.sys

    Pool         1         4096          0            0 Pool tables, etc.

    TOTAL         1         4096          2           80

    0: kd> !pooltag Pool

    Pooltag Pool

    Description: Pool tables, etc.

    Any idea?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment