Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Symsnap.sys BSOD

Created: 23 Aug 2012 | 13 comments
sandys's picture

Hi i have windows 2k8 R2 server this server was unexpectedley restarted. Below is the dump

what could be the issue . Also now i am going to install Patch 9.0.4 BESR on the system. I think it could solve problem in future what u think?

 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
 bit 0 : value 0 = read operation, 1 = write operation
 bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000168d4a7, address which referenced memory

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018c00e0
GetUlongFromAddress: unable to read from fffff800018c0198
 0000000000000000 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP:
nt!KeWaitForMultipleObjects+1cd
fffff800`0168d4a7 f00fba2f07      lock bts dword ptr [rdi],7

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff88005e4f260 -- (.trap 0xfffff88005e4f260)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000168d4a7 rsp=fffff88005e4f3f0 rbp=fffff88005e4f748
 r8=0000000000000000  r9=0000000000000001 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!KeWaitForMultipleObjects+0x1cd:
fffff800`0168d4a7 f00fba2f07      lock bts dword ptr [rdi],7 ds:00000000`00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80001689469 to fffff80001689f00

STACK_TEXT: 
fffff880`05e4f118 fffff800`01689469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`05e4f120 fffff800`016880e0 : 00000000`00000000 fffff880`05e4f730 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`05e4f260 fffff800`0168d4a7 : fffffa80`00000000 fffffa80`03f127d0 00000000`03f09600 fffff880`0101bee1 : nt!KiPageFault+0x260
fffff880`05e4f3f0 fffff880`013817a9 : fffffa80`00000000 fffff880`05e4f6e0 00000000`00000001 00000000`00000000 : nt!KeWaitForMultipleObjects+0x1cd
fffff880`05e4f6a0 fffffa80`00000000 : fffff880`05e4f6e0 00000000`00000001 00000000`00000000 00000000`00000000 : symsnap+0x1c7a9
fffff880`05e4f6a8 fffff880`05e4f6e0 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`05e4f700 : 0xfffffa80`00000000
fffff880`05e4f6b0 00000000`00000001 : 00000000`00000000 00000000`00000000 fffff880`05e4f700 00000000`00000000 : 0xfffff880`05e4f6e0
fffff880`05e4f6b8 00000000`00000000 : 00000000`00000000 fffff880`05e4f700 00000000`00000000 fffff880`05e4f730 : 0x1

STACK_COMMAND:  kb

FOLLOWUP_IP:
symsnap+1c7a9
fffff880`013817a9 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  symsnap+1c7a9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: symsnap

IMAGE_NAME:  symsnap.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ab000d3

FAILURE_BUCKET_ID:  X64_0xA_symsnap+1c7a9

BUCKET_ID:  X64_0xA_symsnap+1c7a9

Followup: MachineOwner

Comments 13 CommentsJump to latest comment

Chris Riley's picture

Do you have SP1 for 2008 R2 installed?

Latest service pack for BESR 2010 is 9.0.5 (SP5).

Markus Koestler's picture

Why not SP5 ? http://www.symantec.com/business/support/index?pag...

*** Please mark thread as solved if you consider this to have answered your question(s) ***

sandys's picture

@ Chris Riley--no i dont have SP 1 installed on win 2k8

and regarding SP 5 i have downloaded but not installed..because in SCN document there were bug fixes, in that i can only see about pcanywhere and those are there , they are few about besr...also i m afraid is there any problem after installing this SP5 patch..

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)

Chris Riley's picture

I would recommend SP1 for 2008 R2 then. It may be related to:

http://www.symantec.com/docs/TECH127102

sandys's picture

there  is no hyper-v installed only the BESR 2010 installed with usb disk external for storing the backup..

 

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)

Chris Riley's picture

I personally would still recommend you update to SP1 and probably SP5 for BESR 2010 as well.

Markus Koestler's picture

Have you installed SP1 resp. SP5 yet ?

*** Please mark thread as solved if you consider this to have answered your question(s) ***

sandys's picture

Why SP1? i have not seen any issues till date when the problem arises.

and yes besr SP 5 installed but no use of it......

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)

sandys's picture

plz ignore above comment.

 

i installed SP5 on that server. but not rebooted yet.

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)

Markus Koestler's picture

No prob ! Get back to us when you did the reboot.

*** Please mark thread as solved if you consider this to have answered your question(s) ***

sandys's picture

actually in the log itself it is saying that besr patch initiated a reboot.

so my guess if we dont reboot the machine symantec besr itself reboots. this is not acceptable . symantec should invstigate here.

production servers are not meant to be restarted often.

am i very strong..here blush

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)

Chris Riley's picture

Can you paste the part of the log that shows this please?

sandys's picture

UNFORTUNATLY i dont have those logs with now.

Thanks & Best Regards,

Sandy S

STS (SMP 7.1)