The !analyze heuristics were misled in this case. The DFS filter driver just
happens to be on the stack since the volume involved hosts a DFS namespace.
The may be an interaction problem between Norton Antivirus and NTFS.
I would suggest making sure you've got the most up to date version of Norton
Antivirus. If you do, and this is a recurring problem, please contact
Microsoft Support for further investigation. With a reproducible crash, it
should be possible to nail down exactly what is occuring.
"kuiperik" wrote:
> Hello,
>
> Our server has been rebooting last nights with a crash dump file. The
> problem seems to be in the dfs.sys, or could this maybe be a memory
> problem?
>
> Here the debugging information:
>
> ################################################## #######
> Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [MEMORY.DMP]
> Kernel Summary Dump File: Only kernel address space is available
>
> Symbol search path is: c:\temp\debugging\Symbols
> Executable search path is:
> Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs)
> Free x86 compatible
> Product: Server, suite: TerminalServer SingleUserTS
> Built by: 3790.srv03_sp1_rtm.050324-1447
> Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
> Debug session time: Fri Oct 3 01:01:32.840 2008 (GMT+2)
> System Uptime: 1 days 10:45:56.500
> Loading Kernel Symbols
> .................................................. .................................................. ..........
> Loading User Symbols
>
> Loading unloaded module list
> .....
> ************************************************** *****************************
> *
> *
> * Bugcheck
> Analysis *
> *
> *
> ************************************************** *****************************
>
> Use !analyze -v to get detailed debugging information.
>
> BugCheck 50, {da78a8c8, 0, baf8f96c, 0}
>
> *** ERROR: Module load completed but symbols could not be loaded for
> naiavf5x.sys
>
>
>
>
> Probably caused by : Dfs.sys ( Dfs!DfsPassThrough+43 )
>
> Followup: MachineOwner
> ---------
>
> 1: kd> !analyze -v
> ************************************************** *****************************
> *
> *
> * Bugcheck
> Analysis *
> *
> *
> ************************************************** *****************************
>
> PAGE_FAULT_IN_NONPAGED_AREA (50)
> Invalid system memory was referenced. This cannot be protected by try-
> except,
> it must be protected by a Probe. Typically the address is just plain
> bad or it
> is pointing at freed memory.
> Arguments:
> Arg1: da78a8c8, memory referenced.
> Arg2: 00000000, value 0 = read operation, 1 = write operation.
> Arg3: baf8f96c, If non-zero, the instruction address which referenced
> the bad memory
> address.
> Arg4: 00000000, (reserved)
>
> Debugging Details:
> ------------------
>
>
>
>
>
>
> READ_ADDRESS: da78a8c8 Paged pool
>
> FAULTING_IP:
> Ntfs!NtfsReserveCcbNamesInLcb+8e
> baf8f96c f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
>
> MM_INTERNAL_CODE: 0
>
> IMAGE_NAME: Dfs.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba4
>
> MODULE_NAME: Dfs
>
> FAULTING_MODULE: baf6b000 Ntfs
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x50
>
> PROCESS_NAME: System
>
> CURRENT_IRQL: 1
>
> TRAP_FRAME: b8ddb5e4 -- (.trap 0xffffffffb8ddb5e4)
> ErrCode = 00000000
> eax=0000003e ebx=db2cadd8 ecx=0000000f edx=000003a2 esi=da78a8c8
> edi=d6c14df8
> eip=baf8f96c esp=b8ddb658 ebp=b8ddb66c iopl=0 nv up ei pl nz
> na pe cy
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010207
> Ntfs!NtfsReserveCcbNamesInLcb+0x8e:
> baf8f96c f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
> es:0023:d6c14df8=00000000 ds:0023:da78a8c8=????????
> Resetting default scope
>
> LAST_CONTROL_TRANSFER: from 8085e6cd to 80827451
>
> STACK_TEXT:
> b8ddb554 8085e6cd 00000050 da78a8c8 00000000 nt!KeBugCheckEx+0x1b
> b8ddb5cc 8088bc08 00000000 da78a8c8 00000000 nt!MmAccessFault+0xb25
> b8ddb5cc baf8f96c 00000000 da78a8c8 00000000 nt!KiTrap0E+0xdc
> b8ddb66c bafbdadb 87b20080 da170f28 b8ddb6a4 Ntfs!
> NtfsReserveCcbNamesInLcb+0x8e
> b8ddb698 bafbdd88 87b20080 00000028 da9340d0 Ntfs!NtfsMoveLcb+0xd4
> b8ddb740 bafbdc45 87b20080 b8ddb7f8 b8ddb838 Ntfs!NtfsMoveLinkToNewDir
> +0x1d1
> b8ddb93c baf95c75 87b20080 87983228 88cbfdd8 Ntfs!NtfsSetRenameInfo
> +0xeec
> b8ddb9b0 baf712fb 87b20080 88cbfdd8 89a3d728 Ntfs!
> NtfsCommonSetInformation+0x3f8
> b8ddba18 8081dce5 89a27718 88cbfdd8 89f0b030 Ntfs!NtfsFsdSetInformation
> +0xa3
> b8ddba2c f7250c53 89f0b030 88cbff8c 0000001c nt!IofCallDriver+0x45
> b8ddba54 8081dce5 89a3d728 88cbfdd8 89f07b18 fltmgr!FltpDispatch+0x6f
> b8ddba68 f7508b33 b8ddba84 8081dce5 894d3d50 nt!IofCallDriver+0x45
> b8ddba70 8081dce5 894d3d50 88cbfdd8 88cbffb0 Dfs!DfsPassThrough+0x43
> b8ddba84 b7503e8e 8814a668 89a4a7e8 8880e9d0 nt!IofCallDriver+0x45
> WARNING: Stack unwind information not available. Following frames may
> be wrong.
> b8ddbab0 b7509687 88cbfdd8 b8ddbb40 88cbfdd8 naiavf5x+0x1e8e
> b8ddbb04 b750a8cf 88cbfdd8 01cbff8c 87983228 naiavf5x+0x7687
> b8ddbb4c b7504940 87983228 88cbff8c 89e0aa30 naiavf5x+0x88cf
> b8ddbb60 8081dce5 89dfe760 88cbfdd8 00000000 naiavf5x+0x2940
> b8ddbb74 808f0433 0000000a 808efe88 d6d49aa8 nt!IofCallDriver+0x45
> b8ddbbfc b7c7311a 000018d8 b8ddbc24 d6d49aa8 nt!NtSetInformationFile
> +0x5ab
> b8ddbc4c b7c72e62 88acc9b0 b8ddbd4c 000018d8 srv!DoRename+0x35e
> b8ddbcf0 b7c72cb2 00000000 d7a27af8 00000010 srv!SrvMoveFile+0x318
> b8ddbd84 b7c69451 00000000 88b4a178 00000000 srv!BlockingRename+0x381
> b8ddbdac 80948bb2 01d6b340 00000000 00000000 srv!WorkerThread+0x138
> b8ddbddc 8088d4d2 b7c69394 89d6b340 00000000 nt!PspSystemThreadStartup
> +0x2e
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> Dfs!DfsPassThrough+43
> f7508b33 5d pop ebp
>
> SYMBOL_STACK_INDEX: c
>
> SYMBOL_NAME: Dfs!DfsPassThrough+43
>
> FOLLOWUP_NAME: MachineOwner
>
> FAILURE_BUCKET_ID: 0x50_Dfs!DfsPassThrough+43
>
> BUCKET_ID: 0x50_Dfs!DfsPassThrough+43
>
> Followup: MachineOwner
> ---------
>
>
|
Similar Threads
Linear Mode
