Share via

Bluescreen for Windows 2012 R2

William Wei 1 Reputation point
2021-05-04T01:51:53.627+00:00

Hello team,
We happened blue screen for several server 2012,you can see below information which I used the Winbdg to find,could you help us to find the root-cause?

  • *
  • Bugcheck Analysis *
  • *

AD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 000000000000000e,
Arg2: ffffe000a522fe10
Arg3: 0000000000000000
Arg4: 065e3f0fa6a87097

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.Sec
Value: 2

Key  : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on SHL1132W

Key  : Analysis.DebugData
Value: CreateObject

Key  : Analysis.DebugModel
Value: CreateObject

Key  : Analysis.Elapsed.Sec
Value: 12

Key  : Analysis.Memory.CommitPeak.Mb
Value: 67

Key  : Analysis.System
Value: CreateObject

VIRTUAL_MACHINE: VMware

BUGCHECK_CODE: 19

BUGCHECK_P1: e

BUGCHECK_P2: ffffe000a522fe10

BUGCHECK_P3: 0

BUGCHECK_P4: 65e3f0fa6a87097

PROCESS_NAME: check_mk_agent.exe

STACK_TEXT:
ffffd001acdf4ea8 fffff8000c0b061c : 0000000000000019 000000000000000e ffffe000a522fe10 0000000000000000 : nt!KeBugCheckEx
ffffd001acdf4eb0 fffff80107107ede : ffffe000a5d89de0 ffffe000a54ce860 ffffd001acdf5090 fffff801070ed5d3 : nt!ExDeferredFreePool+0xdac
ffffd001acdf4f80 fffff801070eca70 : ffffe000a9767440 ffffe000a5d89d00 0000000000000001 fffff801070e9a1a : mfeaack+0x56ede
ffffd001acdf4fb0 fffff801070ee0eb : 0000000000000000 ffffd001acdf5090 ffffd001acdf50b0 ffffe000a54ce8f8 : mfeaack+0x3ba70
ffffd001acdf5000 fffff801070ee5b7 : ffffe000a2381010 ffffe000a976c000 0000000000000000 ffffe000a5d89de0 : mfeaack+0x3d0eb
ffffd001acdf5050 fffff801070d114d : ffffe000a2381010 ffffe000a54ce8f8 ffffe000a54ce860 ffffe000a950eb10 : mfeaack+0x3d5b7
ffffd001acdf5140 fffff801070c8013 : ffffe00000000000 ffffe000a54ce8f8 ffffe000a54ce800 ffffe000a950eb10 : mfeaack+0x2014d
ffffd001acdf51c0 fffff801060dc531 : ffffe000a57e4508 ffffe00000000000 ffffe000a57e4498 0000000000000002 : mfeaack+0x17013
ffffd001acdf5280 fffff801061321d5 : 0000000000000001 ffffe000a57e4470 0000000000000002 ffffe000a56edd78 : mfehidk+0x37531
ffffd001acdf52c0 fffff80105f3c28a : ffffe000a5b61070 0000000000000000 0000000000000000 ffffd001acdf53b9 : mfehidk+0x8d1d5
ffffd001acdf5310 fffff80105f3d7bc : ffffd001acdf5490 ffffd001acdf5400 ffffe000a836f400 0000000000000000 : fltmgr!FltpPerformPreCallbacks+0x31a
ffffd001acdf5420 fffff80105f6532d : ffffe000a1ce5740 ffffe000a836f4c0 0000000000000090 0000000000000801 : fltmgr!FltpPassThroughInternal+0x8c
ffffd001acdf5450 fffff8000c1ae809 : 0000000000000000 0000000000000005 0000000000000000 0000000000000000 : fltmgr!FltpCreate+0x32e
ffffd001acdf5500 fffff8000c2af6ce : 0000000000000000 0000000000000000 ffffc001921536a0 ffffe000a1cfc980 : nt!IopParseDevice+0x6c9
ffffd001acdf56f0 fffff8000c1b28e3 : 0000000000000000 ffffd001acdf58a8 0000000000000042 ffffe000a14b8350 : nt!ObpLookupObjectName+0x7be
ffffd001acdf5830 fffff8000c26a3bb : 0000000000000001 ffffe000a836f558 0000000000000001 0000000000000020 : nt!ObOpenObjectByName+0x1e3
ffffd001acdf5960 fffff8000c26a040 : 0000008c1ca3e678 0000000040100080 0000008c1ca3e6d0 0000000000000000 : nt!IopCreateFile+0x36b
ffffd001acdf5a00 fffff8000bf6aab3 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!NtCreateFile+0x78
ffffd001acdf5a90 00007ffb4e030c0a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
0000008c1ca3e5f8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffb`4e030c0a

SYMBOL_NAME: nt!ExDeferredFreePool+dac

IMAGE_NAME: Pool_Corruption

MODULE_NAME: Pool_Corruption

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: dac

FAILURE_BUCKET_ID: 0x19_e_nt!ExDeferredFreePool

OS_VERSION: 8.1.9600.18589

BUILDLAB_STR: winblue_ltsb

OSPLATFORM_TYPE: x64

OSNAME: Windows 8.1

FAILURE_ID_HASH: {652ef998-c993-02e1-bea8-9dbeb0e887a3}

Followup: Pool_corruption

Windows for business | Windows Server | User experience | Other
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Docs 15,761 Reputation points
    2021-05-04T07:06:55.107+00:00
  2. Carl Fan 6,881 Reputation points
    2021-05-04T09:57:19.463+00:00

    Hi,
    Mfehidk.sys is a system process that runs in the computer background and maintains the host intrusion detection system for McAfee Antivirus.
    Mfehidk.sys works in the same way that most antivirus programs do and uses large amounts of CPU memory. This can cause the computer to slow down or crash.
    So we could try to uninstall McAfee then reinstall. Or try update McAfee software version to check.
    Also you could type "msconfig" in Search Bar. Select "Service" Option, Hide all Microsoft Service Option. Then disable all No-Microsoft service to check.
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

  3. Docs 15,761 Reputation points
    2021-05-05T03:24:09.173+00:00

    For this crash view the stack text:

    mfehidk
    mfeaack

    These are McAfee drivers:

    mfehidk.sys
    mfeaack.sys

  4. Carl Fan 6,881 Reputation points
    2021-06-04T09:41:20.467+00:00

    Hi,
    I consider you can contact the technical support of the product of McAfee to see if there is an incompatibility between the software version or if the software automatically blocks some processes.
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.