Hi,
I searched the whole site for a similar crash but only found different ones.
BESR Serber Edition V 7.01.21808
MS Windows Server 2003 SP2
No clustering
System crash caused a BSOD and memory dump creation. According to memory.dmp analysis, it's a crash related to symsnap.
I'd like to know if this particular crash signature has already been seen.
Thanks a lot,
Peter.
Details :
(Bluescreen Trap (Bugcheck, STOP: 0x000000D1, 0x00000004, 0x00000002, 0xF4FBEAB2))
BugCheck D1, {4, d0000002, 0, f4fbeab2}
FAULTING_IP:
symsnap+2ab2
f4fbeab2 3906 cmp dword ptr [esi],eax >>>> faulting instruction within symsnap
2: kd> .trap 0xfffffffff5722358
ErrCode = 00000000
eax=feeccee0 ebx=00000008 ecx=fd99b5a8 edx=00000000 esi=00000004 edi=00000004
eip=f4fbeab2 esp=f57223cc ebp=f57223e8 iopl=0 nv up ei pl nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010203
symsnap+0x2ab2:
f4fbeab2 3906 cmp dword ptr [esi],eax ds:0023:00000004=????????
2: kd> !thread
THREAD ff97db40 Cid 0004.004c Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 2
IRP List:
f98aa008: (0006,01d8) Flags: 00000a01 Mdl: fe1d6718
Not impersonating
DeviceMap e16022b8
Owning Process ff984bb8 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 113090742 Ticks: 12 (0:00:00:00.187)
Context Switch Count 6157422
UserTime 00:00:00.000
KernelTime 00:00:20.531
Start Address nt!ExpWorkerThread (0xe0880356)
Stack Init f5723000 Current f5722cec Base f5723000 Limit f5720000 Call 0
Priority 12 BasePriority 12 PriorityDecrement 0
ChildEBP RetAddr Args to Child
f5722358 f4fbeab2 badb0d00 00000000 00000000 nt!KiTrap0E+0x2a7 (FPO: [0,0] TrapFrame @ f5722358)
WARNING: Stack unwind information not available. Following frames may be wrong.
f57223e8 f4fbec01 f8e2c168 ff0afa88 ff0afa58 symsnap+0x2ab2
f5722410 f4fc9af9 ff0afa58 f5722430 00000000 symsnap+0x2c01
f5722440 f4fca4c4 ff0afa58 fe3ef348 f98aa174 symsnap+0xdaf9
f572246c f4fc62eb 000af918 26c28000 00000000 symsnap+0xe4c4
f57224e0 f4fc4b4c ff0af860 f98aa008 f98aa008 symsnap+0xa2eb
f57224fc e081df65 ff0af860 f98aa008 f98aa008 symsnap+0x8b4c
f5722510 f4e97a62 fcde85c0 f57226f4 f4e978d9 nt!IofCallDriver+0x45 (FPO: [0,0,4])
f572251c f4e978d9 fcde85c0 ff0af860 26c28000 Ntfs!NtfsSingleAsync+0x91 (FPO: [8,0,4])
f57226f4 f4e995f8 fcde85c0 f98aa008 e215b130 Ntfs!NtfsNonCachedIo+0x2db (FPO: [SEH])
f57228f8 f4e997d0 fcde85c0 f98aa008 ff0b23b0 Ntfs!NtfsCommonWrite+0x18e6 (FPO: [SEH])
f572296c e081df65 ff98d3a0 f98aa008 ff90d918 Ntfs!NtfsFsdWrite+0x16a (FPO: [SEH])
f5722980 f4fdfc45 ff90d918 f98aa1b4 00000000 nt!IofCallDriver+0x45 (FPO: [0,0,4])
f57229a8 e081df65 ff0b23b0 f98aa008 f98aa1d8 fltmgr!FltpDispatch+0x6f (FPO: [2,6,0])
f57229bc f4fc4d2c e08280c8 ff0afd28 ff0afd6c nt!IofCallDriver+0x45 (FPO: [0,0,4])
f57229d0 f4fbe3f3 ff0afca8 f98aa008 00000000 symsnap+0x8d2c
f57229f0 f4fc46e8 ff0afd28 f98aa008 00000001 symsnap+0x23f3
f5722ac4 f4fc4b4c ff0afbf0 f98aa008 f98aa008 symsnap+0x86e8
f5722ae0 e081df65 ff0afbf0 f98aa008 ff97dd48 symsnap+0x8b4c
f5722af4 e08f5437 f98aa1bc 00000001 f98aa008 nt!IofCallDriver+0x45 (FPO: [0,0,4])
f5722b08 e08f3157 ff0afbf0 f98aa008 fd9f3950 nt!IopSynchronousServiceTail+0x10b (FPO: [7,0,4])
f5722bb0 e088978c 80000844 80003598 00000000 nt!NtWriteFile+0x663 (FPO: [SEH])
f5722bb0 e082fc25 80000844 80003598 00000000 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ f5722bdc)
f5722c4c e08ced05 80000844 80003598 00000000 nt!ZwWriteFile+0x11 (FPO: [9,0,0])
f5722cd0 e08bf166 e215aa80 00000001 f5722cf8 nt!CmpFileWrite+0x173 (FPO: [SEH])
f5722d28 e08bfd2d fffffe00 e215aa80 e215ad78 nt!HvpWriteLog+0xcc (FPO: [1,12,4])
f5722d3c e08c127b e215aa01 ff97db40 e08a4828 nt!HvSyncHive+0x71 (FPO: [1,0,0])
f5722d58 e08ca9b9 00000000 e215ad78 f5722d78 nt!CmpDoFlushNextHive+0xe1 (FPO: [3,1,4])
f5722d80 e0880441 00000000 00000000 ff97db40 nt!CmpLazyFlushWorker+0x7f (FPO: [1,3,0])
f5722dac e0949b7c 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb (FPO: [1,5,0])
f5722ddc e088e062 e0880356 00000001 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [SEH])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
2: kd> !irp f98aa008 >>>> it does seem to be doing lot of I/O
Irp is active with 10 stacks 8 is current (= 0xf98aa174)
Mdl=fe1d6718: No System Buffer: Thread ff97db40: Irp stack trace.
cmd flg cl Device File Completion-Context
Args: 00000000 00000000 00000000 00000000
>[ 4, 0] 0 e0 ff0af860 00000000 f4e944e8-fbfbefe0 Success Error Cancel
\FileSystem\symsnap Ntfs!NtfsSingleAsyncCompletionRoutine
Args: 00000200 00000000 26c28000 00000000
[ 4, 0] 0 e0 ff98d3a0 fd9f3950 f4fc2a8e-ff0afca8 Success Error Cancel
\FileSystem\Ntfs symsnap
Args: 00000200 00000000 00000000 00000000
[ 4, 0] 0 0 ff0afbf0 fd9f3950 00000000-00000000
\FileSystem\symsnap
Args: 00000200 00000000 00000000 00000000
2: kd> !devstack ff0af860
!DevObj !DrvObj !DevExt ObjectName
> ff0af860 \FileSystem\symsnapff0af918
ff98bb08 \Driver\VolSnap ff98bbc0
ff8f0ac0 \Driver\Ftdisk ff8f0b78 HarddiskVolume1
!DevNode ff8f0970 :
DeviceInst is "STORAGE\Volume\1&30a96598&0&Signature662D662DOffset4000Length222C710000"
ServiceName is "volsnap"
2: kd> !lmi symsnap
Loaded Module Info: [symsnap]
Module: symsnap
Base Address: f4fbc000
Image Name: symsnap.sys
Machine Type: 332 (I386)
Time Stamp: 46858977 Sat Jun 30 04:06:39 2007
Size: 1ed80
CheckSum: 2d5f4
Characteristics: 10e
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 71, 1a2b0, 1a2b0 RSDS - GUID: {B6B2BC2E-B52E-46F8-933A-6301512D7E7D}
Age: 1, Pdb: d:\vsnap\componentreleases\vsnap_7.0\ws\vsnap\dev\driver\objfre_w2K_x86\i386\SymSnap.pdb
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: NONE - PDB not found from symbol server.
Load Report: no symbols loaded