Debugging In Progress...

This blog is intended to provide information on debug issues encountered in Microsoft Support, such as STOP errors or hanging servers.

[RESOLVED] Win2008R2 SP1: STOP 0xAB in nt!MiCheckSessionPoolAllocations

[RESOLVED] Win2008R2 SP1: STOP 0xAB in nt!MiCheckSessionPoolAllocations

  • Comments 3
  • Likes

Status: Resolved.

Update 110809: As part of the HTP11-10 releases, we are releasing KB2585233, which addresses a problem that results in STOP 0xAB errors. Do note that not all of these errors have the same cause. In general, have a look at outdated video drivers, printer drivers, and if applicable, update your Citrix components as well. Then, implement the latest win32k.sys hotfix, and if the issue remains, create a case with us.

We now have two customers hitting a STOP 0xAB, similar to the STOPs we saw quite some time ago, after Win2003SP1. For one of the customers, the dump shows:

BugCheck AB, {2, 50, 0, 2}

 # Child-SP          RetAddr           Call Site
00 fffff880`0d0c0ac8 fffff800`01c8175f nt!KeBugCheckEx
01 fffff880`0d0c0ad0 fffff800`01b1e997 nt!MiCheckSessionPoolAllocations+0x13f
02 fffff880`0d0c0b10 fffff800`01c1c355 nt!MiDereferenceSessionFinal+0x137
03 fffff880`0d0c0bb0 fffff800`018b2c70 nt!MiDereferenceSession+0x815c5
04 fffff880`0d0c0be0 fffff800`01bb709a nt!MmCleanProcessAddressSpace+0x610
05 fffff880`0d0c0c30 fffff800`01bb7465 nt!PspExitThread+0x56a
06 fffff880`0d0c0d30 fffff800`018d27a6 nt!PspTerminateThreadByPointer+0x4d
07 fffff880`0d0c0d80 00000000`00000000 nt!KxStartSystemThread+0x16

To see the leaking pooltags, use:

5: kd> !poolused 8
.
 Sorting by Session Tag

               NonPaged                  Paged
 Tag     Allocs         Used     Allocs         Used

 Gadb         0            0          1           32 GDITAG_DC_COLOR_TRANSFORM , Binary: win32k!XDCOBJ::bAddColorTransfo
 Gh2>         0            0          1           48 GDITAG_HMGR_SPRITE_TYPE , Binary: win32k.sys
 Pool         1         4096          0            0 Pool tables, etc.

TOTAL         1         4096          2           80

If you encounter these STOPs on your machine(s) too, let me know!

Comments
  • Debugging Details:

    ------------------

    Use !poolused 8 to dump allocation info for leaked session pooltags.

    TAG_NOT_DEFINED_405: Pool

    BUGCHECK_STR:  0xAB_Pool

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    PROCESS_NAME:  csrss.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from fffff80001a1fa7f to fffff80001679c00

    STACK_TEXT:  

    fffff880`06c18ac8 fffff800`01a1fa7f : 00000000`000000ab 00000000`00000011 00000000`00000050 00000000`00000000 : nt!KeBugCheckEx

    fffff880`06c18ad0 fffff800`018be917 : fffff880`06cefb40 fffff880`06cef000 fffff880`06cef000 fffffa80`0a8f8060 : nt!MiCheckSessionPoolAllocations+0x13f

    fffff880`06c18b10 fffff800`019bba15 : fffff880`06c18ba8 fffffa80`0a8f8060 ffffffff`ffffffd3 fffff880`06cef000 : nt!MiDereferenceSessionFinal+0x137

    fffff880`06c18bb0 fffff800`0164adec : fffff800`01807940 00000000`00000001 00000000`00000000 fffffa80`09804ab0 : nt! ?? ::NNGAKEGL::`string'+0x24005

    fffff880`06c18be0 fffff800`0194fcba : fffff8a0`16f51790 00000000`00000000 00000000`00000000 fffffa80`0a8f8060 : nt!MmCleanProcessAddressSpace+0x610

    fffff880`06c18c30 fffff800`0195008d : 00000000`00000000 fffff800`01917e01 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x56a

    fffff880`06c18d30 fffff800`0166a906 : fffff800`017f4e80 00000000`00000080 fffffa80`0a8f8060 fffffa80`07ee91b0 : nt!PspTerminateThreadByPointer+0x4d

    fffff880`06c18d80 00000000`00000000 : fffff880`06c19000 fffff880`06c13000 fffff880`06c185d0 00000000`00000000 : nt!KiStartSystemThread+0x16

    STACK_COMMAND:  kb

    FOLLOWUP_IP:

    nt!MiCheckSessionPoolAllocations+13f

    fffff800`01a1fa7f cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!MiCheckSessionPoolAllocations+13f

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  X64_LEAKED_SESSION_POOLTAG_Pool

    BUCKET_ID:  X64_LEAKED_SESSION_POOLTAG_Pool

    Followup: MachineOwner

    ---------

    0: kd> !poolused 8

    .

    Sorting by Session Tag

                  NonPaged                  Paged

    Tag     Allocs         Used     Allocs         Used

    Gadb         0            0          1           32 GDITAG_DC_COLOR_TRANSFORM , Binary: win32k!XDCOBJ::bAddColorTransfo

    GhA>         0            0          1           48 GDITAG_HMGR_SPRITE_TYPE , Binary: win32k.sys

    Pool         1         4096          0            0 Pool tables, etc.

    TOTAL         1         4096          2           80

    0: kd> !pooltag Pool

    Pooltag Pool

    Description: Pool tables, etc.

    Any idea?

  • I'm getting these too
    AG_NOT_DEFINED_405: Pool

    BUGCHECK_STR: 0xAB_Pool

    DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

    PROCESS_NAME: csrss.exe

    CURRENT_IRQL: 0

    ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

    LAST_CONTROL_TRANSFER: from fffff80001a28abf to fffff80001682b80

    STACK_TEXT:
    fffff880`10766ac8 fffff800`01a28abf : 00000000`000000ab 00000000`00000008 00000000`00001ac0 00000000`00000000 : nt!KeBugCheckEx
    fffff880`10766ad0 fffff800`018c7917 : fffff880`0efb0b40 fffff880`0efb0000 fffff880`0efb0000 fffffa83`0820ab00 : nt!MiCheckSessionPoolAllocations+0x13f
    fffff880`10766b10 fffff800`019c4b35 : fffff880`10766ba8 fffffa83`0820ab00 ffffffff`ffffffac fffff880`0efb0000 : nt!MiDereferenceSessionFinal+0x137
    fffff880`10766bb0 fffff800`01653dbc : fffff800`01810940 00000000`00000001 00000000`00000000 fffffa83`09fc8190 : nt! ?? ::NNGAKEGL::`string'+0x23fc5
    fffff880`10766be0 fffff800`01958a2a : fffff8a0`0709f2e0 00000000`00000000 00000000`00000000 fffffa83`0820ab00 : nt!MmCleanProcessAddressSpace+0x610
    fffff880`10766c30 fffff800`01958dfd : 00000000`00000000 fffff800`01920b01 00000000`00000000 fffffa83`086c85e0 : nt!PspExitThread+0x56a
    fffff880`10766d30 fffff800`016738c6 : fffff800`017fde80 00000000`00000080 fffffa83`0820ab00 00000008`f95fc000 : nt!PspTerminateThreadByPointer+0x4d
    fffff880`10766d80 00000000`00000000 : fffff880`10767000 fffff880`10761000 fffff880`107665e0 00000000`00000000 : nt!KxStartSystemThread+0x16


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!MiCheckSessionPoolAllocations+13f
    fffff800`01a28abf cc int 3

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!MiCheckSessionPoolAllocations+13f

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 51fb06cd

    IMAGE_VERSION: 6.1.7601.18229

    IMAGE_NAME: memory_corruption

    FAILURE_BUCKET_ID: X64_LEAKED_SESSION_POOLTAG_Pool

    BUCKET_ID: X64_LEAKED_SESSION_POOLTAG_Pool

    ANALYSIS_SOURCE: KM

    FAILURE_ID_HASH_STRING: km:x64_leaked_session_pooltag_pool

    FAILURE_ID_HASH: {9650ff51-11f4-b11b-e151-128a2efd0412}

    Followup: MachineOwner
    ---------

    4: kd> !poolused 8
    .
    Sorting by Session Tag

    NonPaged Paged
    Tag Allocs Used Allocs Used

    Gtmp 0 0 4 6848 Gdi temporary allocations
    Pool 1 4096 0 0 Pool tables, etc.

    TOTAL 1 4096 4 6848

  • @Florian: Gadb is fixed in http://support.microsoft.com/kb/2617115/EN-US.

    @Swarup Gupta: Gtmp is fixed in http://support.microsoft.com/kb/2585233/EN-US.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment