I sometimes suspect pool corruption but can’t see it, so I want to verify the entire pool. However, !poolval requires an address and so only does a small area of the pool.
It doesn’t seem unreasonable as commands such as !poolused will walk through the entire pool.
Is there a way to validate the entire pool?
(Thanks!)
see if this can make any sense to you 
searching tagstring by wildcard and using poolval on the returned address
lkd> .foreach (place {.shell -ci “!poolfind *” sed s/.size.*// | sed
s/*//} ) {!poolval place}
Pool page 8055c680 region is Unknown
Validating Pool headers for pool page: 8055c680
Pool page [8055c000] is __inVALID.
Analyzing linked list…
[8055c000 –> 8055ca70 (size = 0xa70 bytes)]: Corrupt region
[8055cbf0 –> 8055cc18 (size = 0x28 bytes)]: Corrupt region
Scanning for single bit errors…
None found
Pool page 86e00000 region is Unknown
Validating Pool headers for pool page: 86e00000
Pool page [86e00000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 81f98000 region is Nonpaged pool
Validating Pool headers for pool page: 81f98000
Pool page [81f98000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 8597e000 region is Nonpaged pool
Validating Pool headers for pool page: 8597e000
Pool page [8597e000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 8598a000 region is Nonpaged pool
Validating Pool headers for pool page: 8598a000
Pool page [8598a000] is __inVALID.
Analyzing linked list…
[8598a000 –> 8598a148 (size = 0x148 bytes)]: Corrupt region
[8598a948 –> 8598abb8 (size = 0x270 bytes)]: Corrupt region
Scanning for single bit errors…
None found
Pool page 8599e000 region is Nonpaged pool
Validating Pool headers for pool page: 8599e000
Pool page [8599e000] is __inVALID.
Analyzing linked list…
[8599eb30]: invalid previous size [0x10a] should be [0x166]
On 8/31/11, xxxxx@vertical.com wrote:
> I sometimes suspect pool corruption but can’t see it, so I want to verify
> the entire pool. However, !poolval requires an address and so only does a
> small area of the pool.
>
> It doesn’t seem unreasonable as commands such as !poolused will walk through
> the entire pool.
>
> Is there a way to validate the entire pool?
>
> (Thanks!)
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r
Neat idea…The only problem with this would be if !poolfind skips invalid
entries, which might defeat the purpose (not sure what it does upon finding
an invalid pool page, would need to investigate).
A generic routine for validating the pools could certainly be interesting.
AFAIK !poolfind is the only command that will actually try to scan the
pools, !poolused only parses the pool tracking table which is different.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
“raj_r” wrote in message news:xxxxx@windbg…
see if this can make any sense to you
searching tagstring by wildcard and using poolval on the returned address
lkd> .foreach (place {.shell -ci “!poolfind *” sed s/.size.*// | sed
s/*//} ) {!poolval place}
Pool page 8055c680 region is Unknown
Validating Pool headers for pool page: 8055c680
Pool page [8055c000] is __inVALID.
Analyzing linked list…
[8055c000 –> 8055ca70 (size = 0xa70 bytes)]: Corrupt region
[8055cbf0 –> 8055cc18 (size = 0x28 bytes)]: Corrupt region
Scanning for single bit errors…
None found
Pool page 86e00000 region is Unknown
Validating Pool headers for pool page: 86e00000
Pool page [86e00000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 81f98000 region is Nonpaged pool
Validating Pool headers for pool page: 81f98000
Pool page [81f98000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 8597e000 region is Nonpaged pool
Validating Pool headers for pool page: 8597e000
Pool page [8597e000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
Pool page 8598a000 region is Nonpaged pool
Validating Pool headers for pool page: 8598a000
Pool page [8598a000] is __inVALID.
Analyzing linked list…
[8598a000 –> 8598a148 (size = 0x148 bytes)]: Corrupt region
[8598a948 –> 8598abb8 (size = 0x270 bytes)]: Corrupt region
Scanning for single bit errors…
None found
Pool page 8599e000 region is Nonpaged pool
Validating Pool headers for pool page: 8599e000
Pool page [8599e000] is __inVALID.
Analyzing linked list…
[8599eb30]: invalid previous size [0x10a] should be [0x166]
On 8/31/11, xxxxx@vertical.com wrote:
> I sometimes suspect pool corruption but can’t see it, so I want to verify
> the entire pool. However, !poolval requires an address and so only does a
> small area of the pool.
>
> It doesn’t seem unreasonable as commands such as !poolused will walk
> through
> the entire pool.
>
> Is there a way to validate the entire pool?
>
> (Thanks!)
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r
Thanks scott
i Didnt know how A Corrupt pool looked like in debugger or didnt know
how to intentionally corrupt some pool for looking at it in windbg
else i would have tried to zero on into a specific corruption
there are some 0x19 bugchecks in google but i couldnt find exactly the
output in those hits
!analyze -show 0x19
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
On 9/2/11, Scott Noone wrote:
> Neat idea…The only problem with this would be if !poolfind skips invalid
> entries, which might defeat the purpose (not sure what it does upon finding
> an invalid pool page, would need to investigate).
>
> A generic routine for validating the pools could certainly be interesting.
> AFAIK !poolfind is the only command that will actually try to scan the
> pools, !poolused only parses the pool tracking table which is different.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
> “raj_r” wrote in message news:xxxxx@windbg…
>
> see if this can make any sense to you
>
> searching tagstring by wildcard and using poolval on the returned address
>
>
> lkd> .foreach (place {.shell -ci "!poolfind " sed s/.size.// | sed
> s/*//} ) {!poolval place}
> Pool page 8055c680 region is Unknown
>
> Validating Pool headers for pool page: 8055c680
>
> Pool page [8055c000] is __inVALID.
>
> Analyzing linked list…
> [8055c000 –> 8055ca70 (size = 0xa70 bytes)]: Corrupt region
> [8055cbf0 –> 8055cc18 (size = 0x28 bytes)]: Corrupt region
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 86e00000 region is Unknown
>
> Validating Pool headers for pool page: 86e00000
>
> Pool page [86e00000] is__inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 81f98000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 81f98000
>
> Pool page [81f98000] is __inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8597e000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8597e000
>
> Pool page [8597e000] is__inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8598a000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8598a000
>
> Pool page [8598a000] is __inVALID.
>
> Analyzing linked list…
> [8598a000 –> 8598a148 (size = 0x148 bytes)]: Corrupt region
> [8598a948 –> 8598abb8 (size = 0x270 bytes)]: Corrupt region
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8599e000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8599e000
>
> Pool page [8599e000] is__inVALID.
>
> Analyzing linked list…
> [8599eb30]: invalid previous size [0x10a] should be [0x166]
>
>
> On 8/31/11, xxxxx@vertical.com wrote:
>> I sometimes suspect pool corruption but can’t see it, so I want to verify
>> the entire pool. However, !poolval requires an address and so only does a
>> small area of the pool.
>>
>> It doesn’t seem unreasonable as commands such as !poolused will walk
>> through
>> the entire pool.
>>
>> Is there a way to validate the entire pool?
>>
>> (Thanks!)
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
> –
> thanks and regards
>
> raj_r
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r
It actually worked out fine for me (thanks, Raj). My intent was that I knew that I had pool corruption but wanted to know how extensive it was to get a feel for the bug. However, I’ve wanted it in the past where I couldn’t figure out a crash, but suspected pool corruption.
I modified it a bit so that I could see what was going on, and it generates so much output that I had to filter on it. It takes a long time to run – on a dump from a system with 2 GB RAM that had been up for days, it took a whopping 36 hours and generated 400 MB of output!
So, here’s what I ended up with (you need SED.exe, and if you have that, make sure your SHELL environment variable isn’t set, which took me a while to figure out):
.foreach (place {.shell -ci “!poolfind *” fgrep previous | sed s/.size.*// | sed s/*//} ) {.echo >>> !poolval place <<< ; !poolval place}
And then to filter it (I had WinDbg logging to a file):
fgrep -i invalid windbg.txt | fgrep -v __inVALID | sort -u
fgrep -i corrupt windbg.txt | sort -u
There’s a short description of why that crash might happen here:
Note that the discussion is simplified and doesn’t take all cases into
consideration (it’s also O/S specific, of course). Should be enough to
easily corrupt a pool page for fun though
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
“raj_r” wrote in message news:xxxxx@windbg…
Thanks scott
i Didnt know how A Corrupt pool looked like in debugger or didnt know
how to intentionally corrupt some pool for looking at it in windbg
else i would have tried to zero on into a specific corruption
there are some 0x19 bugchecks in google but i couldnt find exactly the
output in those hits
!analyze -show 0x19
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
On 9/2/11, Scott Noone wrote:
> Neat idea…The only problem with this would be if !poolfind skips invalid
> entries, which might defeat the purpose (not sure what it does upon
> finding
> an invalid pool page, would need to investigate).
>
> A generic routine for validating the pools could certainly be interesting.
> AFAIK !poolfind is the only command that will actually try to scan the
> pools, !poolused only parses the pool tracking table which is different.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
> “raj_r” wrote in message news:xxxxx@windbg…
>
> see if this can make any sense to you
>
> searching tagstring by wildcard and using poolval on the returned address
>
>
> lkd> .foreach (place {.shell -ci "!poolfind " sed s/.size.// | sed
> s/*//} ) {!poolval place}
> Pool page 8055c680 region is Unknown
>
> Validating Pool headers for pool page: 8055c680
>
> Pool page [8055c000] is __inVALID.
>
> Analyzing linked list…
> [8055c000 –> 8055ca70 (size = 0xa70 bytes)]: Corrupt region
> [8055cbf0 –> 8055cc18 (size = 0x28 bytes)]: Corrupt region
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 86e00000 region is Unknown
>
> Validating Pool headers for pool page: 86e00000
>
> Pool page [86e00000] is__inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 81f98000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 81f98000
>
> Pool page [81f98000] is __inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8597e000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8597e000
>
> Pool page [8597e000] is__inVALID.
>
> Analyzing linked list…
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8598a000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8598a000
>
> Pool page [8598a000] is __inVALID.
>
> Analyzing linked list…
> [8598a000 –> 8598a148 (size = 0x148 bytes)]: Corrupt region
> [8598a948 –> 8598abb8 (size = 0x270 bytes)]: Corrupt region
>
>
> Scanning for single bit errors…
>
> None found
>
> Pool page 8599e000 region is Nonpaged pool
>
> Validating Pool headers for pool page: 8599e000
>
> Pool page [8599e000] is__inVALID.
>
> Analyzing linked list…
> [8599eb30]: invalid previous size [0x10a] should be [0x166]
>
>
> On 8/31/11, xxxxx@vertical.com wrote:
>> I sometimes suspect pool corruption but can’t see it, so I want to verify
>> the entire pool. However, !poolval requires an address and so only does
>> a
>> small area of the pool.
>>
>> It doesn’t seem unreasonable as commands such as !poolused will walk
>> through
>> the entire pool.
>>
>> Is there a way to validate the entire pool?
>>
>> (Thanks!)
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
> –
> thanks and regards
>
> raj_r
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r