How to analyze the output of poolmon

Question

I've read the KB articles about poolmon but they don't tell me how to analyze the numbers. My first guess is to look for drivers where the value in the column "Diff" is very high. Is that correct?

In my case, that would be these processes:

 Tag  Type     Allocs     Frees    Diff   Bytes    Per Alloc
 Ntfr Nonp    2690737   2528557    162180 10379976        64
 Ntfn Nonp    1397933   1304230     93703 3750928         40
 NtFs Nonp    2385330   2291634     93696 3749056         40
 File Nonp   13789939  13704656     85283 13203912       154

So that would mean the Ntfs driver has a memory leak which I doubt :) So what should I look for?

score 2 · Accepted Answer · answered Aug 10 '09 at 07:35

2

"Diff" shows you the difference between the number of alloc calls versus free calls. "Bytes" is showing you the number of bytes current allocated.

You need to take a series of samples in order to find a leak. A high number of allocated bytes and / or a large difference in the number of alloc versus free calls isn't necessarily a sign of a memory leak. A steady increase in the number of allocated bytes over time is a sign of a memory leak.

answered Aug 10 '09 at 07:35

Evan Anderson

141,071
19
191
328

I feared as much. Thanks, I've now written a small AWK script to analyze the poolmon outputs. – Aaron Digulla Aug 10 '09 at 09:20

How to analyze the output of poolmon

1 Answers1

Linked