Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

BSOD when acessing Network Share / ClearCase Dynamic View

$
0
0
I need a solution

Please see the below output from WinDBG

after uninstalling the BHDrvx64 kernel module, Bluescreen of Death is gone :)

if you need the full MEMMORY.DMP its 264Mb zipped, i can also supply the minidump.

Steps to reproduce:

1. open a .png file form network share in paint
2. change something
3. save
4. BSOD :)

maybe it´s related to the mvfs60x64 aswell (which simulates a network share for ClearCase). However the problem does not happen with BHDrvx64 uninstalled and mvfs60x64 installed. I havn´t verified if it happens with just BHDrvx64 without mvfs60x64.

Please be aware that i currently have PGP Disc Encryption Module loaded aswell (as seen in the stacktrace), but we can reproduce the problem on other machines without PGP.

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

NTFS_FILE_SYSTEM (24)

    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd

    parameters are the exception record and context record. Do a .cxr

    on the 3rd parameter and then kb to obtain a more informative stack

    trace.

Arguments:

Arg1: 00000000001904fb

Arg2: fffff880124c90c8

Arg3: fffff880124c8920

Arg4: fffff880016ad8bd

Debugging Details:

------------------

*** ERROR: Module load completed but symbols could not be loaded for PGPfsfd.sys

*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for mvfs60x64.sys - 

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for win32k.sys - 

EXCEPTION_RECORD:  fffff880124c90c8 -- (.exr 0xfffff880124c90c8)

ExceptionAddress: fffff880016ad8bd (Ntfs!NtfsCommonQueryInformation+0x000000000000009d)

   ExceptionCode: c0000005 (Access violation)

  ExceptionFlags: 00000000

NumberParameters: 2

   Parameter[0]: 0000000000000000

   Parameter[1]: 0000000000000004

Attempt to read from address 0000000000000004

CONTEXT:  fffff880124c8920 -- (.cxr 0xfffff880124c8920)

rax=fffffa8012a8bd00 rbx=fffff8a02281b540 rcx=00000000000000fc

rdx=0000000000000000 rsi=fffff880124c9480 rdi=fffffa8014434010

rip=fffff880016ad8bd rsp=fffff880124c9300 rbp=fffff880124c96a0

 r8=0000000000000000  r9=0000000000000000 r10=0000000000000004

r11=fffff880124c93d8 r12=0000000000000009 r13=fffffa8014519f20

r14=0000000000000000 r15=fffffa80131367d0

iopl=0         nv up ei ng nz na pe nc

cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282

Ntfs!NtfsCommonQueryInformation+0x9d:

fffff880`016ad8bd 418b4104        mov     eax,dword ptr [r9+4] ds:002b:00000000`00000004=????????

Resetting default scope

PROCESS_NAME:  mspaint.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000004

READ_ADDRESS:  0000000000000004 

FOLLOWUP_IP: 

Ntfs!NtfsCommonQueryInformation+9d

fffff880`016ad8bd 418b4104        mov     eax,dword ptr [r9+4]

FAULTING_IP: 

Ntfs!NtfsCommonQueryInformation+9d

fffff880`016ad8bd 418b4104        mov     eax,dword ptr [r9+4]

BUGCHECK_STR:  0x24

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff880016ac326 to fffff880016ad8bd

STACK_TEXT:  

fffff880`124c9300 fffff880`016ac326 : fffff880`124c9480 fffffa80`14519a60 fffff880`000000fc fffffa80`000000fc : Ntfs!NtfsCommonQueryInformation+0x9d

fffff880`124c93e0 fffff880`016acaf4 : fffff880`124c9480 fffffa80`14519a60 fffffa80`14519f20 fffff880`124c9520 : Ntfs!NtfsFsdDispatchSwitch+0x106

fffff880`124c9460 fffff880`01202bcf : fffff880`124c9700 fffff880`01203329 fffff880`124c9700 00000000`00000005 : Ntfs!NtfsFsdDispatchWait+0x14

fffff880`124c9650 fffff880`012016df : fffffa80`0c62a950 fffffa80`0c6499a0 fffffa80`0c62a900 fffffa80`14519a60 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f

fffff880`124c96e0 fffff880`011a6ff7 : fffffa80`14519a60 fffff800`03c8db91 fffffa80`131367d0 fffff800`03db0d0e : fltmgr!FltpDispatch+0xcf

fffff880`124c9740 fffff880`01224c4c : fffffa80`14519a60 00000000`000000fc fffffa80`0c649850 fffff800`03df7e80 : PGPfsfd+0x1eff7

fffff880`124c97b0 fffff880`01224a40 : fffffa80`140f1f10 00000000`00000000 fffffa80`0c649850 fffffa80`12a8bd00 : fltmgr!FltpQueryInformationFile+0xfc

fffff880`124c9820 fffff880`012249bd : fffffa80`0a8ec010 00000000`00000000 fffffa80`140f1f10 fffff880`0122381a : fltmgr!FltpGetFileName+0x70

fffff880`124c9870 fffff880`01224fe0 : fffff880`0121d840 fffff880`012057d2 00000000`00000018 fffffa80`12de72b8 : fltmgr!FltpGetOpenedFileName+0x1d

fffff880`124c98a0 fffff880`01236d50 : 00000000`00000000 fffffa80`0a784b68 fffffa80`107c0850 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x20

fffff880`124c98e0 fffff880`012382fe : fffff880`124cb000 fffff880`124b001a fffffa80`0a784b68 fffffa80`140f1f10 : fltmgr!FltpExpandFilePathWorker+0x4e0

fffff880`124c9a20 fffff880`0123c084 : fffffa80`12de7220 00000000`00000000 fffffa80`14519f68 fffff880`01202d1b : fltmgr!FltpExpandFilePath+0x1e

fffff880`124c9a50 fffff880`0123c1b6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : fltmgr!FltpGetOpenedDestinationFileName+0x414

fffff880`124c9b00 fffff880`0123c401 : fffffa80`12de7220 fffffa80`12de7220 00000000`00000101 fffffa80`0d3ce550 : fltmgr!FltpGetNormalizedDestinationFileName+0x16

fffff880`124c9b30 fffff880`050f49ef : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`124c9d80 : fltmgr!FltGetDestinationFileNameInformation+0x1b1

fffff880`124c9d10 fffff880`050b7bda : fffffa80`14221a30 fffff880`124bf000 fffff880`124ca088 fffff800`03e2eb80 : BHDrvx64+0xe09ef

fffff880`124c9d80 fffff880`050b2f50 : fffffa80`13274ac0 00000000`00004000 00000000`00000001 00000000`00001c18 : BHDrvx64+0xa3bda

fffff880`124c9fa0 fffff880`01202067 : 00000000`00000000 00000000`00000000 fffffa80`13274b10 fffff880`124bf000 : BHDrvx64+0x9ef50

fffff880`124ca010 fffff880`01203329 : fffff880`124ca100 00000000`00000006 00000000`746c6600 fffff880`124ca200 : fltmgr!FltpPerformPreCallbacks+0x2f7

fffff880`124ca110 fffff880`012016c7 : fffffa80`1337aa60 fffffa80`0a8f1880 fffffa80`0c632880 00000000`00000000 : fltmgr!FltpPassThrough+0x2d9

fffff880`124ca190 fffff880`0a035d19 : fffffa80`1337afb0 fffffa80`1337afb0 fffff880`124ca210 01cf1dbb`867af2be : fltmgr!FltpDispatch+0xb7

fffff880`124ca1f0 fffff800`03f5ae03 : fffffa80`107c0850 fffffa80`1337aa60 00000000`0000008e fffffa80`1337aa60 : mvfs60x64!mvfs_find_alloc_hostname_context+0xe6b9

fffff880`124ca260 fffff800`03c7be53 : 00000000`00000318 fffffa80`1329cb50 00000000`000ae1e8 00000000`0000008e : nt!NtSetInformationFile+0x91f

fffff880`124ca380 00000000`75329ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13

00000000`000ae1c8 fffff800`03c74210 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75329ddb

fffff880`124ca5d0 fffff880`124ca5e8 : fffff960`000d75fb 00000000`0000002f fffff880`00000018 fffff880`124caa98 : nt!KiCallUserMode

fffff880`124ca5d8 fffff960`000d75fb : 00000000`0000002f fffff880`00000018 fffff880`124caa98 fffff880`124cac70 : 0xfffff880`124ca5e8

fffff880`124ca5e0 fffff880`124caae0 : 00000000`000af6b8 00000000`000af630 00000000`00000030 fffff880`124ca7e0 : win32k!EngSetLastError+0x2cc7

fffff880`124ca6e0 00000000`000af6b8 : 00000000`000af630 00000000`00000030 fffff880`124ca7e0 00000000`00000000 : 0xfffff880`124caae0

fffff880`124ca6e8 00000000`000af630 : 00000000`00000030 fffff880`124ca7e0 00000000`00000000 fffff800`03f67e82 : 0xaf6b8

fffff880`124ca6f0 00000000`00000030 : fffff880`124ca7e0 00000000`00000000 fffff800`03f67e82 00000000`00000000 : 0xaf630

fffff880`124ca6f8 fffff880`124ca7e0 : 00000000`00000000 fffff800`03f67e82 00000000`00000000 00000000`0001e103 : 0x30

fffff880`124ca700 00000000`00000000 : fffff800`03f67e82 00000000`00000000 00000000`0001e103 00000000`00000000 : 0xfffff880`124ca7e0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCommonQueryInformation+9d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5167f5fc

STACK_COMMAND:  .cxr 0xfffff880124c8920 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsCommonQueryInformation+9d

BUCKET_ID:  X64_0x24_Ntfs!NtfsCommonQueryInformation+9d

Followup: MachineOwner

---------
 
1391094485

Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>