Software Diagnostics Library

Crash Dump Analysis Patterns (Part 20d)

This is a specialization of Insufficient Memory (kernel pool) pattern called Memory Leak (I/O completion packets). The currently unique diagnostics this pattern provides in comparison with other kernel pool tags is that the pool allocation entries show the leaking process:

0: kd> !poolused 3 Sorting by NonPaged Pool Consumed

Pool Used: NonPaged Paged Tag Allocs Frees Diff Used Allocs Frees Diff Used Icp 1294074 42875 1251199 96642976 0 0 0 0 I/O completion packets queue on a completion ports […]

0: kd> !poolfind Icp

Scanning large pool allocation table for Tag: Icp (fffffa8013e00000 : fffffa8014100000)

*fffffa800e188260 size: 50 previous size: 40 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e1882e0 size: 50 previous size: 30 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e188330 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e188380 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e1883d0 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e188420 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e188470 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40 *fffffa800e1884c0 size: 50 previous size: 50 (Allocated) Icp Process: fffffa800899dc40

0: kd> !process fffffa800899dc40 1 PROCESS fffffa800899dc40 SessionId: 0 Cid: 43a4 Peb: 7efdf000 ParentCid: 0412 DirBase: 09d6b000 ObjectTable: fffff8a0046c8c10 HandleCount: 1068. Image: ServiceA.exe […]

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Saturday, May 19th, 2012 at 11:00 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Crash Dump Analysis Patterns (Part 20d)

Leave a Reply