Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SRTSP.SYS causes a BSOD

Created: 20 Jan 2009 • Updated: 21 May 2010 | 1 comment

Hi

 

We are using a Wireless network device, which initially comes up a CD Drive then switches to network. This device does not need any software to be installed manually, it has all the required software built in and installs to the local machine initially when it comes up as CD drive. Once all the software installation is done, it will be switched do network mode.

This device seems to be working fine everywhere. But we have few machines with Symantec Endpoint Protection version 11.0.2000.1567 installed on Wndows XP SP2 machines, and causing BSOD whenever the wireless device we plugg in (Seems to be at the point where it switches to Network mode).

 

We see that there is no problem when File System Auto-protect is disabled in the SEP.

 

I request your help in resolving this issue.

 

Regards

Arun

 

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bae3c49d, The address that the exception occurred at
Arg3: f4ef76f8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

Unable to load image SRTSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SRTSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for SRTSP.SYS

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
fltMgr!FltpGetOpenedFileName+1d
bae3c49d 8b4008          mov     eax,dword ptr [eax+8]

TRAP_FRAME:  f4ef76f8 -- (.trap 0xfffffffff4ef76f8)
ErrCode = 00000000
eax=00000000 ebx=bae30d80 ecx=00000000 edx=861cb2bc esi=86308ca8 edi=00000000
eip=bae3c49d esp=f4ef776c ebp=f4ef7770 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
fltMgr!FltpGetOpenedFileName+0x1d:
bae3c49d 8b4008          mov     eax,dword ptr [eax+8] ds:0023:00000008=????????
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  InstVerif.exe

LAST_CONTROL_TRANSFER:  from bae3a1c1 to bae3c49d

STACK_TEXT: 
f4ef7770 bae3a1c1 86308ca8 00000000 86308ca8 fltMgr!FltpGetOpenedFileName+0x1d
f4ef778c bae3a756 86308ca8 00000000 86308ca8 fltMgr!FltpCallOpenedFileNameHandler+0x7f
f4ef77a4 bae3a7a9 80553000 86308ca8 f4ef77d0 fltMgr!FltpCreateFileNameInformation+0x7c
f4ef77b4 bae2bb09 86308ca8 00000000 86308ca8 fltMgr!CreateTemporaryFileNameInformation+0xf
f4ef77d0 bae2bc3a 86308ca8 86308ca8 00000000 fltMgr!HandleStreamListNotSupported+0x15d
f4ef77fc bae3bc77 c00000bb 00000000 85bb6320 fltMgr!FltpGetFileNameInformation+0x11e
f4ef781c bae3c4c7 85bb6320 85bb6320 f4ef7848 fltMgr!FltpGetFileNameFromFileObject+0x4f
f4ef782c bae3a1c1 85bb6320 886f8ec4 85bb6320 fltMgr!FltpGetOpenedFileName+0x47
f4ef7848 bae3a756 85bb6320 886f8ec4 85bb6320 fltMgr!FltpCallOpenedFileNameHandler+0x7f
f4ef7860 bae2baa0 80553000 00000000 85bb6320 fltMgr!FltpCreateFileNameInformation+0x7c
f4ef787c bae2bc3a 84b68ff8 86c1af00 851d91f0 fltMgr!HandleStreamListNotSupported+0xf4
f4ef78a8 bae2c142 c00000bb 00000000 886f8ecc fltMgr!FltpGetFileNameInformation+0x11e
f4ef78cc f58a38b0 886f8ecc 00000402 f4ef78fc fltMgr!FltGetFileNameInformation+0x106
WARNING: Stack unwind information not available. Following frames may be wrong.
f4ef7918 f5896184 00000016 87bd2e58 f4ef7954 SRTSP+0x1e8b0
f4ef7928 bae3f66b 886f8ecc f4ef7974 f4ef79a4 SRTSP+0x11184
f4ef7954 bae27944 00000009 00000000 f4ef79a4 fltMgr!FltvPreOperation+0x3f
f4ef79b4 bae29352 00ef79f8 886f8e70 00000000 fltMgr!FltpPerformPreCallbacks+0x2d4
f4ef79c8 bae35ccb f4ef79f8 bae34094 00000000 fltMgr!FltpPassThroughInternal+0x32
f4ef79e0 bae36142 f4ef79f8 84b794e0 86376280 fltMgr!FltpCreateInternal+0x63
f4ef7a14 804eeeb1 84b794e0 88844fdc 806e4428 fltMgr!FltpCreate+0x1d2
f4ef7a24 80656128 88844df0 88844de0 851d91f0 nt!IopfCallDriver+0x31
f4ef7a48 80581ec2 851746d8 85173ef8 f4ef7c18 nt!IovCallDriver+0xa0
f4ef7b28 805822e0 83a82030 00000000 84bae7f8 nt!IopParseDevice+0xa58
f4ef7b60 805bd8ed 851746d8 00000000 84bae7f8 nt!IopParseFile+0x46
f4ef7bd8 805ba398 00000124 f4ef7c18 00000040 nt!ObpLookupObjectName+0x119
f4ef7c2c 80574e4d 00000000 00000000 724d0801 nt!ObOpenObjectByName+0xea
f4ef7ca8 805757c4 00150da8 00100001 00a5eecc nt!IopCreateFile+0x407
f4ef7d04 80578f83 00150da8 00100001 00a5eecc nt!IoCreateFile+0x8e
f4ef7d44 8054060c 00150da8 00100001 00a5eecc nt!NtOpenFile+0x27
f4ef7d44 7c90eb94 00150da8 00100001 00a5eecc nt!KiFastCallEntry+0xfc
00a5eef8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND:  kb

FOLLOWUP_IP:
SRTSP+1e8b0
f58a38b0 ??              ???

SYMBOL_STACK_INDEX:  d

SYMBOL_NAME:  SRTSP+1e8b0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SRTSP

IMAGE_NAME:  SRTSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  47e297cf

FAILURE_BUCKET_ID:  0x8E_SRTSP+1e8b0

BUCKET_ID:  0x8E_SRTSP+1e8b0

Followup: MachineOwner
---------

 

 

 

 

Comments 1 CommentJump to latest comment

Hear4U's picture

Hi SRT,

Thank your for posting the info, although I don't believe the memory dump analysis can be used to troubleshoot since the symbols are not "public" - it only shows that it's running.

Given that you're running MR2, I'd suggest first migrating to MR4.  There was an issue with the srtsp.sys driver that was fixed in the MR3, and it's always good to get the newest built "first" and then begin troubleshooting IF that doesn't resolve the issue.  Let me know if that helped! 

Best,

Eric

check out the community at www.infoblox.com/community