Showing results for 
Search instead for 
Did you mean: 

Symsnap.sys BSOD

Hi i have windows 2k8 R2 server this server was unexpectedley restarted. Below is the dump

what could be the issue . Also now i am going to install Patch 9.0.4 BESR on the system. I think it could solve problem in future what u think?


*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
 bit 0 : value 0 = read operation, 1 = write operation
 bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000168d4a7, address which referenced memory

Debugging Details:

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018c00e0
GetUlongFromAddress: unable to read from fffff800018c0198
 0000000000000000 Nonpaged pool


fffff800`0168d4a7 f00fba2f07      lock bts dword ptr [rdi],7




TRAP_FRAME:  fffff88005e4f260 -- (.trap 0xfffff88005e4f260)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000168d4a7 rsp=fffff88005e4f3f0 rbp=fffff88005e4f748
 r8=0000000000000000  r9=0000000000000001 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
fffff800`0168d4a7 f00fba2f07      lock bts dword ptr [rdi],7 ds:00000000`00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80001689469 to fffff80001689f00

fffff880`05e4f118 fffff800`01689469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`05e4f120 fffff800`016880e0 : 00000000`00000000 fffff880`05e4f730 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`05e4f260 fffff800`0168d4a7 : fffffa80`00000000 fffffa80`03f127d0 00000000`03f09600 fffff880`0101bee1 : nt!KiPageFault+0x260
fffff880`05e4f3f0 fffff880`013817a9 : fffffa80`00000000 fffff880`05e4f6e0 00000000`00000001 00000000`00000000 : nt!KeWaitForMultipleObjects+0x1cd
fffff880`05e4f6a0 fffffa80`00000000 : fffff880`05e4f6e0 00000000`00000001 00000000`00000000 00000000`00000000 : symsnap+0x1c7a9
fffff880`05e4f6a8 fffff880`05e4f6e0 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`05e4f700 : 0xfffffa80`00000000
fffff880`05e4f6b0 00000000`00000001 : 00000000`00000000 00000000`00000000 fffff880`05e4f700 00000000`00000000 : 0xfffff880`05e4f6e0
fffff880`05e4f6b8 00000000`00000000 : 00000000`00000000 fffff880`05e4f700 00000000`00000000 fffff880`05e4f730 : 0x1


fffff880`013817a9 ??              ???


SYMBOL_NAME:  symsnap+1c7a9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: symsnap

IMAGE_NAME:  symsnap.sys


FAILURE_BUCKET_ID:  X64_0xA_symsnap+1c7a9

BUCKET_ID:  X64_0xA_symsnap+1c7a9

Followup: MachineOwner

13 Replies

Do you have SP1 for 2008 R2

Do you have SP1 for 2008 R2 installed?

Latest service pack for BESR 2010 is 9.0.5 (SP5).

Why not SP5 ?

Why not SP5 ?

@ Chris Riley--no i dont have

@ Chris Riley--no i dont have SP 1 installed on win 2k8

and regarding SP 5 i have downloaded but not installed..because in SCN document there were bug fixes, in that i can only see about pcanywhere and those are there , they are few about besr...also i m afraid is there any problem after installing this SP5 patch..

I would recommend SP1 for

I would recommend SP1 for 2008 R2 then. It may be related to:

there  is no hyper-v

there  is no hyper-v installed only the BESR 2010 installed with usb disk external for storing the backup..


I personally would still

I personally would still recommend you update to SP1 and probably SP5 for BESR 2010 as well.

Have you installed SP1 resp.

Have you installed SP1 resp. SP5 yet ?

Why SP1? i have not seen any

Why SP1? i have not seen any issues till date when the problem arises.

and yes besr SP 5 installed but no use of it......

plz ignore above comment.   i

plz ignore above comment.


i installed SP5 on that server. but not rebooted yet.

No prob ! Get back to us when

No prob ! Get back to us when you did the reboot.

actually in the log itself it

actually in the log itself it is saying that besr patch initiated a reboot.

so my guess if we dont reboot the machine symantec besr itself reboots. this is not acceptable . symantec should invstigate here.

production servers are not meant to be restarted often.

am i very blush

Can you paste the part of the

Can you paste the part of the log that shows this please?

UNFORTUNATLY i dont have

UNFORTUNATLY i dont have those logs with now.