Hi all,
Recently My Server crash with event id :
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 4/13/2015 4:06:49 PM
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6fb40000000, 0x0000000000000000, 0xfffff80001869a10, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-04-13T09:06:49.000000000Z" />
<EventRecordID>13466</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>MYSERVER.WHATEVER.COM</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x00000050 (0xfffff6fb40000000, 0x0000000000000000, 0xfffff80001869a10, 0x0000000000000002)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">
</Data>
</EventData>
< /Event>
Already trying debug the MEMORY.DMP but have no clue about the cause of crash:
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: SRV*d:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`01818000 PsLoadedModuleList = 0xfffff800`01a5de90
Debug session time: Mon Apr 13 16:04:32.741 2015 (UTC + 7:00)
System Uptime: 72 days 7:28:38.963
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
The context is partially valid. Only x86 user-mode context is available.
The wow64exts extension must be loaded to access 32-bit state.
.load wow64exts will do this if you haven't loaded it already.
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff6fb40000000, 0, fffff80001869a10, 2}
Probably caused by : Unknown_Image ( nt!MiRemoveWorkingSetPages+388 )
Followup: MachineOwner
---------
16.3: kd:x86> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff6fb40000000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001869a10, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
READ_ADDRESS: fffff6fb40000000
FAULTING_IP:
nt!MiRemoveWorkingSetPages+388
fffff800`01869a10 49 dec ecx
MM_INTERNAL_CODE: 2
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x50
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to 0000000000000000
STACK_TEXT:
00000000 00000000 00000000 00000000 00000000 0x0
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!MiRemoveWorkingSetPages+388
fffff800`01869a10 49 dec ecx
SYMBOL_NAME: nt!MiRemoveWorkingSetPages+388
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_NAME: Unknown_Image
BUCKET_ID: INVALID_KERNEL_CONTEXT
MODULE_NAME: Unknown_Module
Followup: MachineOwner
---------
Any help would be appriciated. :)
Added:
Link for the MEMORY.DMP:
- Edited by w3_ka 6 hours 0 minutes ago add link for DUMP