Hello,
Currently we are having the same issues.... Suddenly multiple machines on our network have BSOD. However, our Stop errors are slightly diffrent* 0x0000008E (0xc0000005, 0x8056c031, 0xA7A5BAF4, 0x00000000)*
At this point we are unable to resolve the issues at hand.
Our minidumps have also been different. Our first minidump showed M_Agent.exe to be our issue. However, after hidding the diectory in safemode and rebooting it now has came up with a different BSOD which states our system is the culprit. Both dumps have included ntoskrnl.exe as the image.
Here is the first minidump:____________________
Microsoft (R) Windows Debugger Version 6.2.8400.4218 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [U:\Minidumps\Mini071212-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\Windows\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Jul 12 07:12:30.125 2012 (UTC - 4:00)
System Uptime: 0 days 0:00:59.796
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 8056c031, a7cb7af4, 0}
Probably caused by : ntoskrnl.exe ( nt!ObpFreeObject+140 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8056c031, The address that the exception occurred at
Arg3: a7cb7af4, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObpFreeObject+140
8056c031 8b5828 mov ebx,dword ptr [eax+28h]
TRAP_FRAME: a7cb7af4 -- (.trap 0xffffffffa7cb7af4)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=a7cb7cc0 edx=00000137 esi=e5ece610 edi=a7cb7cc0
eip=8056c031 esp=a7cb7b68 ebp=a7cb7ca8 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!ObpFreeObject+0x140:
8056c031 8b5828 mov ebx,dword ptr [eax+28h] ds:0023:00000028=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: m_agent_service
LAST_CONTROL_TRANSFER: from 8056d073 to 8056c031
STACK_TEXT:
a7cb7ca8 8056d073 a7cb7cc0 00000000 00000000 nt!ObpFreeObject+0x140
a7cb7cbc 804e5f2b a7cb7cc0 00000000 e5ece610 nt!NtQueryVolumeInformationFile+0x68
a7cb7cec 805ab548 a7cb7cc0 a7cb7d64 00eade84 nt!KeContextFromKframes+0x2b4
a7cb7d40 8054168c 00eadeb8 000f0005 00000000 nt!NtSetInformationJobObject+0x7e2
a7cb7d64 7c90e514 badb0d00 00eade68 00000000 nt!RtlIpv4StringToAddressExW+0x10d
WARNING: Frame IP not in any known module. Following frames may be wrong.
a7cb7d78 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObpFreeObject+140
8056c031 8b5828 mov ebx,dword ptr [eax+28h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ObpFreeObject+140
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa3ce58
FAILURE_BUCKET_ID: 0x8E_nt!ObpFreeObject+140
BUCKET_ID: 0x8E_nt!ObpFreeObject+140
Followup: MachineOwner
---------
Here is the second after hiding the M_Agent(Meraki) directory:____________
Microsoft (R) Windows Debugger Version 6.2.8400.4218 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [U:\Minidumps\Mini071212-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\Windows\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Jul 12 08:58:44.238 2012 (UTC - 4:00)
System Uptime: 0 days 0:03:57.265
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {8bdc75f9, 2, 0, 804e4232}
Probably caused by : ntoskrnl.exe ( nt!KeReleaseMutant+12 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8bdc75f9, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804e4232, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetUlongFromAddress: unable to read from 8055f9e8
8bdc75f9
CURRENT_IRQL: 2
FAULTING_IP:
nt!ExpWorkerThread+cb
804e4232 f6466e01 test byte ptr [esi+6Eh],1
CUSTOMER_CRASH_COUNT: 6
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 804e48c5 to 804e4232
STACK_TEXT:
ba4e7cf0 804e48c5 805ab52b 00000000 00000001 nt!ExpWorkerThread+0xcb
ba4e7d34 804e70db 8a6b4058 80564820 8a6b7488 nt!KeReleaseMutant+0x12
ba4e7d7c 805387dd 8a6b4058 00000000 8a6b7488 nt!MiLocateAndReserveWsle+0x50
ba4e7dac 805cffee 8a6b4058 00000000 00000000 nt!MiResolveTransitionFault+0x3ab
ba4e7ddc 8054616e 805386ee 00000000 00000000 nt!ArbBootAllocation+0x2d
ba4e7df8 00000000 00000000 00000000 00001f80 nt!ExpFindAndRemoveTagBigPages+0x2c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeReleaseMutant+12
804e48c5 ffb694000000 push dword ptr [esi+94h]
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!KeReleaseMutant+12
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4fa3ce58
FAILURE_BUCKET_ID: 0xA_nt!KeReleaseMutant+12
BUCKET_ID: 0xA_nt!KeReleaseMutant+12
Followup: MachineOwner
---------
If anyone can spot somethng or have any ideas please let us know!