R
RJH1578
Server 2012 has started to crash giving BlueScreen and Memory.dmp
I've done all I can come up with and had to pull server out of replication and the DFS. It's happening about every 30 minutes now after once every few days.
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 000000b500190645
Arg2: ffffd000208c8c78
Arg3: ffffd000208c8490
Arg4: fffff800f5736f46
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_RECORD: ffffd000208c8c78 -- (.exr 0xffffd000208c8c78)
ExceptionAddress: fffff800f5736f46 (Ntfs!NtfsCommonQueryInformation+0x00000000000000a6)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000100100094
Attempt to read from address 0000000100100094
CONTEXT: ffffd000208c8490 -- (.cxr 0xffffd000208c8490)
rax=ffffe000f1e1e860 rbx=0000000000000000 rcx=00000000000000fc
rdx=ffffe00108261010 rsi=ffffe000ef247730 rdi=ffffd000208c9030
rip=fffff800f5736f46 rsp=ffffd000208c8eb0 rbp=ffffe000e98a1030
r8=0000000000000000 r9=0000000100100090 r10=0000000000000004
r11=ffffd000208c8f88 r12=0000000000000000 r13=ffffe00108261290
r14=0000000000000030 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
Ntfs!NtfsCommonQueryInformation+0xa6:
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4] ds:002b:00000001`00100094=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
PROCESS_NAME: dfsrs.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000100100094
READ_ADDRESS: fffff803ac2bb0a0: Unable to get special pool info
fffff803ac2bb0a0: Unable to get special pool info
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000100100094
FOLLOWUP_IP:
Ntfs!NtfsCommonQueryInformation+a6
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4]
FAULTING_IP:
Ntfs!NtfsCommonQueryInformation+a6
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff800f574147a to fffff800f5736f46
STACK_TEXT:
ffffd000`208c8eb0 fffff800`f574147a : ffffd000`208c9030 ffffe001`08261010 00000000`000000fc ffffe000`000000fc : Ntfs!NtfsCommonQueryInformation+0xa6
ffffd000`208c8f90 fffff800`f5741682 : ffffd000`208c9030 ffffe001`08261010 ffffe001`08261010 ffffe000`ec2c0a80 : Ntfs!NtfsFsdDispatchSwitch+0xda
ffffd000`208c9010 fffff800`f54cf30a : ffffe001`08261010 ffffe000`e98a1030 ffffd000`208c9350 ffffe000`f1e1e860 : Ntfs!NtfsFsdDispatchWait+0x47
ffffd000`208c9260 fffff800`f54cf00f : ffffe000`ee2be6b0 00000000`00000000 ffffe000`ec237d80 00000000`00000000 : fltmgr!FltpQueryInformationFile+0x11a
ffffd000`208c92f0 fffff800`f54cecb5 : ffffe000`edb8c010 00000000`00000000 ffffe000`ec237d80 fffff803`ac074e61 : fltmgr!FltpGetFileName+0x8f
ffffd000`208c9350 fffff800`f54cf427 : ffffe000`ec237d00 ffffe000`ec237d80 00000000`00000000 ffffd000`208c94a0 : fltmgr!FltpCallOpenedFileNameHandler+0x39
ffffd000`208c9390 fffff800`f54cf55e : ffffe000`ec237d80 ffffd000`208c4000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetNormalizedFileNameWorker+0x2f
ffffd000`208c93d0 fffff800`f54cef19 : ffffe000`e92e5010 ffffd000`208c9480 ffffe001`0111c490 fffff800`f54a6689 : fltmgr!FltpGetNormalizedFileName+0x1a
ffffd000`208c9420 fffff800`f54d955b : ffffe000`ec237d80 ffffe000`e9946e50 00000000`00000000 fffff800`f54a331d : fltmgr!FltpCreateFileNameInformation+0x178
ffffd000`208c9450 fffff800`f54b0296 : ffffe000`ec237d80 00000000`00000000 00000000`00000000 fffff800`f54c6010 : fltmgr!CreateTemporaryFileNameInformation+0x3b
ffffd000`208c94a0 fffff800`f54a91d5 : ffffe000`ec237d80 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!HandleStreamListNotSupported+0x42
ffffd000`208c94e0 fffff800`f54cf615 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`00c3ef20 : fltmgr!FltpGetFileNameInformation+0x8c2
ffffd000`208c9580 fffff800`f604cf8d : ffffe000`ec237d80 00000000`00000000 00000000`00000000 ffffe001`11b7eb28 : fltmgr!FltGetFileNameInformationUnsafe+0x71
ffffd000`208c95f0 ffffe000`ec237d80 : 00000000`00000000 00000000`00000000 ffffe001`11b7eb28 00000000`00000001 : CyProtectDrv64+0x9f8d
ffffd000`208c95f8 00000000`00000000 : 00000000`00000000 ffffe001`11b7eb28 00000000`00000001 ffffc001`7e24f330 : 0xffffe000`ec237d80
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCommonQueryInformation+a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e64c
STACK_COMMAND: .cxr 0xffffd000208c8490 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonQueryInformation+a6
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonQueryInformation+a6
Followup: MachineOwner
---------
Continue reading...
I've done all I can come up with and had to pull server out of replication and the DFS. It's happening about every 30 minutes now after once every few days.
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 000000b500190645
Arg2: ffffd000208c8c78
Arg3: ffffd000208c8490
Arg4: fffff800f5736f46
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_RECORD: ffffd000208c8c78 -- (.exr 0xffffd000208c8c78)
ExceptionAddress: fffff800f5736f46 (Ntfs!NtfsCommonQueryInformation+0x00000000000000a6)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000100100094
Attempt to read from address 0000000100100094
CONTEXT: ffffd000208c8490 -- (.cxr 0xffffd000208c8490)
rax=ffffe000f1e1e860 rbx=0000000000000000 rcx=00000000000000fc
rdx=ffffe00108261010 rsi=ffffe000ef247730 rdi=ffffd000208c9030
rip=fffff800f5736f46 rsp=ffffd000208c8eb0 rbp=ffffe000e98a1030
r8=0000000000000000 r9=0000000100100090 r10=0000000000000004
r11=ffffd000208c8f88 r12=0000000000000000 r13=ffffe00108261290
r14=0000000000000030 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
Ntfs!NtfsCommonQueryInformation+0xa6:
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4] ds:002b:00000001`00100094=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
PROCESS_NAME: dfsrs.exe
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000100100094
READ_ADDRESS: fffff803ac2bb0a0: Unable to get special pool info
fffff803ac2bb0a0: Unable to get special pool info
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000100100094
FOLLOWUP_IP:
Ntfs!NtfsCommonQueryInformation+a6
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4]
FAULTING_IP:
Ntfs!NtfsCommonQueryInformation+a6
fffff800`f5736f46 418b4104 mov eax,dword ptr [r9+4]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff800f574147a to fffff800f5736f46
STACK_TEXT:
ffffd000`208c8eb0 fffff800`f574147a : ffffd000`208c9030 ffffe001`08261010 00000000`000000fc ffffe000`000000fc : Ntfs!NtfsCommonQueryInformation+0xa6
ffffd000`208c8f90 fffff800`f5741682 : ffffd000`208c9030 ffffe001`08261010 ffffe001`08261010 ffffe000`ec2c0a80 : Ntfs!NtfsFsdDispatchSwitch+0xda
ffffd000`208c9010 fffff800`f54cf30a : ffffe001`08261010 ffffe000`e98a1030 ffffd000`208c9350 ffffe000`f1e1e860 : Ntfs!NtfsFsdDispatchWait+0x47
ffffd000`208c9260 fffff800`f54cf00f : ffffe000`ee2be6b0 00000000`00000000 ffffe000`ec237d80 00000000`00000000 : fltmgr!FltpQueryInformationFile+0x11a
ffffd000`208c92f0 fffff800`f54cecb5 : ffffe000`edb8c010 00000000`00000000 ffffe000`ec237d80 fffff803`ac074e61 : fltmgr!FltpGetFileName+0x8f
ffffd000`208c9350 fffff800`f54cf427 : ffffe000`ec237d00 ffffe000`ec237d80 00000000`00000000 ffffd000`208c94a0 : fltmgr!FltpCallOpenedFileNameHandler+0x39
ffffd000`208c9390 fffff800`f54cf55e : ffffe000`ec237d80 ffffd000`208c4000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetNormalizedFileNameWorker+0x2f
ffffd000`208c93d0 fffff800`f54cef19 : ffffe000`e92e5010 ffffd000`208c9480 ffffe001`0111c490 fffff800`f54a6689 : fltmgr!FltpGetNormalizedFileName+0x1a
ffffd000`208c9420 fffff800`f54d955b : ffffe000`ec237d80 ffffe000`e9946e50 00000000`00000000 fffff800`f54a331d : fltmgr!FltpCreateFileNameInformation+0x178
ffffd000`208c9450 fffff800`f54b0296 : ffffe000`ec237d80 00000000`00000000 00000000`00000000 fffff800`f54c6010 : fltmgr!CreateTemporaryFileNameInformation+0x3b
ffffd000`208c94a0 fffff800`f54a91d5 : ffffe000`ec237d80 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!HandleStreamListNotSupported+0x42
ffffd000`208c94e0 fffff800`f54cf615 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`00c3ef20 : fltmgr!FltpGetFileNameInformation+0x8c2
ffffd000`208c9580 fffff800`f604cf8d : ffffe000`ec237d80 00000000`00000000 00000000`00000000 ffffe001`11b7eb28 : fltmgr!FltGetFileNameInformationUnsafe+0x71
ffffd000`208c95f0 ffffe000`ec237d80 : 00000000`00000000 00000000`00000000 ffffe001`11b7eb28 00000000`00000001 : CyProtectDrv64+0x9f8d
ffffd000`208c95f8 00000000`00000000 : 00000000`00000000 ffffe001`11b7eb28 00000000`00000001 ffffc001`7e24f330 : 0xffffe000`ec237d80
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCommonQueryInformation+a6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b93e64c
STACK_COMMAND: .cxr 0xffffd000208c8490 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsCommonQueryInformation+a6
BUCKET_ID: X64_0x24_Ntfs!NtfsCommonQueryInformation+a6
Followup: MachineOwner
---------
Continue reading...