Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

Archive
1

I have NIS 16.5.0.135 installed.

 

I resumed my laptop from hibernation and noticed that it was booting up instead of resuming.  After XP booted up, it told me that it recovered from a serious error and to submit the crash data, which I did.

 

In the meantime I used the "Debugging Tools for Windows" which reported that the crash was "probably caused" by "SYMEVENT.SYS ( SYMEVENT+7a60 )".

 

This is the 2nd crash in symevent.sys I've had in as many months.  The first one was a stop 0x8E.

 

 

This crash was a 0x7F: UNEXPECTED_KERNEL_MODE_TRAP of type "Double Fault", which basically means two back to back exceptions.  This usually indicates either a hardware problem or a kernel stack overflow.  I haven't changed my hardware recently and both exceptions occurred in symevent.sys, so I would think it's the later.

 

I don't have any other spyware or AV programs installed.

 

 

I'll mention that I had run Microsoft's FileMon utility and it was in the call stack, but I haven't had compatibility problems with FileMon and NIS in the past.

 


 

 

 

In case anyone is interested in the details:

 

 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for FILEM701.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILEM701.SYS
*** WARNING: Unable to verify timestamp for NAVEX15.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+7a60 )


kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  b51cd574 -- (.trap 0xffffffffb51cd574)
ErrCode = 00000000
eax=0000000f ebx=00000001 ecx=d6e54800 edx=00000000 esi=89036da8 edi=00000000
eip=8055f47b esp=b51cd5e8 ebp=b51cd634 iopl=0         nv up ei ng nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293
nt!CcMapData+0xef:
8055f47b 8a0c0a          mov     cl,byte ptr [edx+ecx]      ds:0023:d6e54800=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8051cc5f to 804f8caf

STACK_TEXT:
b51cd000 8051cc5f 00000050 b51ccfe0 00000000 nt!KeBugCheckEx+0x5
b51cd060 8054052c 00000000 b51ccfe0 00000000 nt!MmAccessFault+0x8e7
b51cd060 80535a8a 00000000 b51ccfe0 00000000 nt!KiTrap0E+0xcc
b51cd17c 804ee129 8a796020 861c68a8 861c68a8 nt!_alloca_probe+0xe
b51cd18c b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cd1b8 804ee129 8a79d178 861c68a8 8a76df38 fltmgr!FltpDispatch+0x152
b51cd1c8 b9ebb459 b51cd20c 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cd1d0 804ee129 8a79d2b0 861c68a8 861c68a8 sr!SrPassThrough+0x31
b51cd1e0 b9ed109e 88eddbe8 8a79e5f8 861c6a80 nt!IopfCallDriver+0x31
b51cd20c 804ee129 8a79d020 861c68a8 861c6aa4 fltmgr!FltpDispatch+0x152
b51cd21c b65b9a60 861c6aa4 8a388998 861c6aa4 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b51cd230 804ee129 890a0f10 861c68a8 861c6ac8 SYMEVENT+0x7a60
b51cd238 861c68a8 861c6ac8 b34ba3d6 8a758e00 nt!IopfCallDriver+0x31
b51cd42c b34ba5dd 88bcd2b8 861c68a8 804ee129 0x861c68a8
b51cd45c 804eeb37 88bcd2b8 860b6c0c 860b6cb0 FILEM701+0x85dd
b51cd47c 80513578 8a758e00 860b6cd0 860b6cb0 nt!IoPageRead+0x1b
b51cd4f8 8051cb2c e86b0ca0 d6e54800 c06b72a0 nt!MiDispatchFault+0x286
b51cd55c 8054052c 00000000 d6e54800 00000000 nt!MmAccessFault+0x7b4
b51cd55c 8055f47b 00000000 d6e54800 00000000 nt!KiTrap0E+0xcc
b51cd634 b9deea6e 8a758e00 b51cd664 00000400 nt!CcMapData+0xef
b51cd654 b9deec89 b51cdcf4 8a756748 10794800 Ntfs!NtfsMapStream+0x46
b51cd6c8 b9deeb96 b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadMftRecord+0x86
b51cd700 b9deeaed b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadFileRecord+0x7a
b51cd738 b9dcc2ed b51cdcf4 e920a008 e920a010 Ntfs!NtfsLookupInFileRecord+0x37
b51cd848 b9dc8ffc b51cdcf4 e920a0d0 00000521 Ntfs!NtfsLookupAllocation+0xdd
b51cda18 b9dc8c76 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsPrepareBuffers+0x270
b51cdc00 b9dcb6f6 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsNonCachedIo+0x20e
b51cdce0 b9dcb00a b51cdcf4 855a8bb8 00000001 Ntfs!NtfsCommonRead+0xbdd
b51cde90 804ee129 8a796020 855a8bb8 855a8bb8 Ntfs!NtfsFsdRead+0x22d
b51cdea0 b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cdecc 804ee129 8a79d178 855a8bb8 8a76df38 fltmgr!FltpDispatch+0x152
b51cdedc b9ebb459 b51cdf20 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cdee4 804ee129 8a79d2b0 855a8bb8 855a8bb8 sr!SrPassThrough+0x31
b51cdef4 b9ed109e 88eddbe8 8a79e5f8 855a8d90 nt!IopfCallDriver+0x31
b51cdf20 804ee129 8a79d020 855a8bb8 855a8db4 fltmgr!FltpDispatch+0x152
b51cdf30 b65b9a60 855a8db4 8a388998 855a8db4 nt!IopfCallDriver+0x31
b51cdf44 804ee129 890a0f10 855a8bb8 855a8dd8 SYMEVENT+0x7a60
b51cdf68 804ee129 8a7c7ab8 00000103 8a7dea38 nt!IopfCallDriver+0x31
b51cdf78 ba330921 8a7979b8 80010031 0000003d nt!IopfCallDriver+0x31
b51ce140 b34ba5dd 88bcd2b8 855a8bb8 804ee129 PartMgr!PmReadWrite+0x95
b51ce170 804eeb37 88bcd2b8 88dac00c 88dac020 FILEM701+0x85dd
b51ce190 80513578 85bb5028 88dac040 88dac020 nt!IoPageRead+0x1b
b51ce20c 8051cb2c e3ce9908 cf6e17b6 c067b708 nt!MiDispatchFault+0x286
b51ce270 80517c88 00000000 cf6e17b6 00000000 nt!MmAccessFault+0x7b4
b51ce2cc 8055eb39 cf6e17b6 00000000 b51ce424 nt!MmCheckCachedPageState+0x56c
b51ce35c b9de8e9a 85bb5028 005217b6 00000009 nt!CcFastCopyRead+0x341
b51ce3b4 b9ed0018 85bb5028 b51ce424 00000009 Ntfs!NtfsCopyReadA+0x1bf
b51ce3e8 b9edba1d 00000003 00000000 b51ce41c fltmgr!FltpPerformFastIoCall+0x230
b51ce43c b9ec29a2 85bb5028 b51ce4d4 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce464 b9ed0018 85bb5028 b51ce4d4 00000009 sr!SrFastIoRead+0x40
b51ce498 b9edba1d 00000003 00000000 b51ce4cc fltmgr!FltpPerformFastIoCall+0x230
b51ce4ec b65b5e1b 85bb5028 b51ce60c 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce520 b34b6c7f 85bb5028 b51ce60c 00000009 SYMEVENT+0x3e1b
b51ce5d0 80571aff 85bb5028 b51ce60c 00000009 FILEM701+0x4c7f
b51ce67c 8053d648 8000055c 00000000 00000000 nt!NtReadFile+0x2d5
b51ce67c 804fec05 8000055c 00000000 00000000 nt!KiFastCallEntry+0xf8
b51ce718 a17710a0 8000055c 00000000 00000000 nt!ZwReadFile+0x11
b51ce784 a177163c 00091064 b51ce7b8 e20251f8 NAVEX15+0x3b0a0
b51ce7cc a17716e7 00096067 0008c062 e20251f8 NAVEX15+0x3b63c
b51ce834 b9ed0018 8853db40 b51ce8a4 00000002 NAVEX15+0x3b6e7
b9de8ee4 90909090 00013068 13a06800 25e8b9de fltmgr!FltpPerformFastIoCall+0x230
b9de8f00 45890845 0c758bb0 ff68b589 458bffff 0x90909090
b9de8f04 0c758bb0 ff68b589 458bffff 60858910 0x45890845
b9de8f08 ff68b589 458bffff 60858910 8bffffff 0xc758bb0
b9de8f0c 458bffff 60858910 8bffffff 85891845 0xff68b589
b9de8f10 60858910 8bffffff 85891845 ffffff78 0x458bffff
b9de8f14 8bffffff 85891845 ffffff78 8924458b 0x60858910
b9de8f18 85891845 ffffff78 8924458b ffff6485 0x8bffffff
b9de8f1c ffffff78 8924458b ffff6485 89c033ff 0x85891845
b9de8f20 8924458b ffff6485 89c033ff 85898c45 0xffffff78
b9de8f24 ffff6485 89c033ff 85898c45 ffffff7c 0x8924458b
b9de8f28 89c033ff 85898c45 ffffff7c ff548589 0xffff6485
b9de8f2c 85898c45 ffffff7c ff548589 4589ffff 0x89c033ff
b9de8f30 ffffff7c ff548589 4589ffff 8445899c 0x85898c45
b9de8f34 ff548589 4589ffff 8445899c ff748589 0xffffff7c


STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT+7a60
b65b9a60 ??              ???

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  SYMEVENT+7a60

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  49934f4c

FAILURE_BUCKET_ID:  0x7f_8_SYMEVENT+7a60

BUCKET_ID:  0x7f_8_SYMEVENT+7a60

Followup: MachineOwner
---------