• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I have NIS 16.5.0.135 installed.

I resumed my laptop from hibernation and noticed that it was booting up instead of resuming.  After XP booted up, it told me that it recovered from a serious error and to submit the crash data, which I did.

In the meantime I used the "Debugging Tools for Windows" which reported that the crash was "probably caused" by "SYMEVENT.SYS ( SYMEVENT+7a60 )".

This is the 2nd crash in symevent.sys I've had in as many months.  The first one was a stop 0x8E.

This crash was a 0x7F: UNEXPECTED_KERNEL_MODE_TRAP of type "Double Fault", which basically means two back to back exceptions.  This usually indicates either a hardware problem or a kernel stack overflow.  I haven't changed my hardware recently and both exceptions occurred in symevent.sys, so I would think it's the later.

I don't have any other spyware or AV programs installed.

I'll mention that I had run Microsoft's FileMon utility and it was in the call stack, but I haven't had compatibility problems with FileMon and NIS in the past.


 

In case anyone is interested in the details:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for FILEM701.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILEM701.SYS
*** WARNING: Unable to verify timestamp for NAVEX15.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+7a60 )


kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  b51cd574 -- (.trap 0xffffffffb51cd574)
ErrCode = 00000000
eax=0000000f ebx=00000001 ecx=d6e54800 edx=00000000 esi=89036da8 edi=00000000
eip=8055f47b esp=b51cd5e8 ebp=b51cd634 iopl=0         nv up ei ng nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293
nt!CcMapData+0xef:
8055f47b 8a0c0a          mov     cl,byte ptr [edx+ecx]      ds:0023:d6e54800=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8051cc5f to 804f8caf

STACK_TEXT:
b51cd000 8051cc5f 00000050 b51ccfe0 00000000 nt!KeBugCheckEx+0x5
b51cd060 8054052c 00000000 b51ccfe0 00000000 nt!MmAccessFault+0x8e7
b51cd060 80535a8a 00000000 b51ccfe0 00000000 nt!KiTrap0E+0xcc
b51cd17c 804ee129 8a796020 861c68a8 861c68a8 nt!_alloca_probe+0xe
b51cd18c b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cd1b8 804ee129 8a79d178 861c68a8 8a76df38 fltmgr!FltpDispatch+0x152
b51cd1c8 b9ebb459 b51cd20c 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cd1d0 804ee129 8a79d2b0 861c68a8 861c68a8 sr!SrPassThrough+0x31
b51cd1e0 b9ed109e 88eddbe8 8a79e5f8 861c6a80 nt!IopfCallDriver+0x31
b51cd20c 804ee129 8a79d020 861c68a8 861c6aa4 fltmgr!FltpDispatch+0x152
b51cd21c b65b9a60 861c6aa4 8a388998 861c6aa4 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b51cd230 804ee129 890a0f10 861c68a8 861c6ac8 SYMEVENT+0x7a60
b51cd238 861c68a8 861c6ac8 b34ba3d6 8a758e00 nt!IopfCallDriver+0x31
b51cd42c b34ba5dd 88bcd2b8 861c68a8 804ee129 0x861c68a8
b51cd45c 804eeb37 88bcd2b8 860b6c0c 860b6cb0 FILEM701+0x85dd
b51cd47c 80513578 8a758e00 860b6cd0 860b6cb0 nt!IoPageRead+0x1b
b51cd4f8 8051cb2c e86b0ca0 d6e54800 c06b72a0 nt!MiDispatchFault+0x286
b51cd55c 8054052c 00000000 d6e54800 00000000 nt!MmAccessFault+0x7b4
b51cd55c 8055f47b 00000000 d6e54800 00000000 nt!KiTrap0E+0xcc
b51cd634 b9deea6e 8a758e00 b51cd664 00000400 nt!CcMapData+0xef
b51cd654 b9deec89 b51cdcf4 8a756748 10794800 Ntfs!NtfsMapStream+0x46
b51cd6c8 b9deeb96 b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadMftRecord+0x86
b51cd700 b9deeaed b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadFileRecord+0x7a
b51cd738 b9dcc2ed b51cdcf4 e920a008 e920a010 Ntfs!NtfsLookupInFileRecord+0x37
b51cd848 b9dc8ffc b51cdcf4 e920a0d0 00000521 Ntfs!NtfsLookupAllocation+0xdd
b51cda18 b9dc8c76 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsPrepareBuffers+0x270
b51cdc00 b9dcb6f6 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsNonCachedIo+0x20e
b51cdce0 b9dcb00a b51cdcf4 855a8bb8 00000001 Ntfs!NtfsCommonRead+0xbdd
b51cde90 804ee129 8a796020 855a8bb8 855a8bb8 Ntfs!NtfsFsdRead+0x22d
b51cdea0 b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cdecc 804ee129 8a79d178 855a8bb8 8a76df38 fltmgr!FltpDispatch+0x152
b51cdedc b9ebb459 b51cdf20 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cdee4 804ee129 8a79d2b0 855a8bb8 855a8bb8 sr!SrPassThrough+0x31
b51cdef4 b9ed109e 88eddbe8 8a79e5f8 855a8d90 nt!IopfCallDriver+0x31
b51cdf20 804ee129 8a79d020 855a8bb8 855a8db4 fltmgr!FltpDispatch+0x152
b51cdf30 b65b9a60 855a8db4 8a388998 855a8db4 nt!IopfCallDriver+0x31
b51cdf44 804ee129 890a0f10 855a8bb8 855a8dd8 SYMEVENT+0x7a60
b51cdf68 804ee129 8a7c7ab8 00000103 8a7dea38 nt!IopfCallDriver+0x31
b51cdf78 ba330921 8a7979b8 80010031 0000003d nt!IopfCallDriver+0x31
b51ce140 b34ba5dd 88bcd2b8 855a8bb8 804ee129 PartMgr!PmReadWrite+0x95
b51ce170 804eeb37 88bcd2b8 88dac00c 88dac020 FILEM701+0x85dd
b51ce190 80513578 85bb5028 88dac040 88dac020 nt!IoPageRead+0x1b
b51ce20c 8051cb2c e3ce9908 cf6e17b6 c067b708 nt!MiDispatchFault+0x286
b51ce270 80517c88 00000000 cf6e17b6 00000000 nt!MmAccessFault+0x7b4
b51ce2cc 8055eb39 cf6e17b6 00000000 b51ce424 nt!MmCheckCachedPageState+0x56c
b51ce35c b9de8e9a 85bb5028 005217b6 00000009 nt!CcFastCopyRead+0x341
b51ce3b4 b9ed0018 85bb5028 b51ce424 00000009 Ntfs!NtfsCopyReadA+0x1bf
b51ce3e8 b9edba1d 00000003 00000000 b51ce41c fltmgr!FltpPerformFastIoCall+0x230
b51ce43c b9ec29a2 85bb5028 b51ce4d4 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce464 b9ed0018 85bb5028 b51ce4d4 00000009 sr!SrFastIoRead+0x40
b51ce498 b9edba1d 00000003 00000000 b51ce4cc fltmgr!FltpPerformFastIoCall+0x230
b51ce4ec b65b5e1b 85bb5028 b51ce60c 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce520 b34b6c7f 85bb5028 b51ce60c 00000009 SYMEVENT+0x3e1b
b51ce5d0 80571aff 85bb5028 b51ce60c 00000009 FILEM701+0x4c7f
b51ce67c 8053d648 8000055c 00000000 00000000 nt!NtReadFile+0x2d5
b51ce67c 804fec05 8000055c 00000000 00000000 nt!KiFastCallEntry+0xf8
b51ce718 a17710a0 8000055c 00000000 00000000 nt!ZwReadFile+0x11
b51ce784 a177163c 00091064 b51ce7b8 e20251f8 NAVEX15+0x3b0a0
b51ce7cc a17716e7 00096067 0008c062 e20251f8 NAVEX15+0x3b63c
b51ce834 b9ed0018 8853db40 b51ce8a4 00000002 NAVEX15+0x3b6e7
b9de8ee4 90909090 00013068 13a06800 25e8b9de fltmgr!FltpPerformFastIoCall+0x230
b9de8f00 45890845 0c758bb0 ff68b589 458bffff 0x90909090
b9de8f04 0c758bb0 ff68b589 458bffff 60858910 0x45890845
b9de8f08 ff68b589 458bffff 60858910 8bffffff 0xc758bb0
b9de8f0c 458bffff 60858910 8bffffff 85891845 0xff68b589
b9de8f10 60858910 8bffffff 85891845 ffffff78 0x458bffff
b9de8f14 8bffffff 85891845 ffffff78 8924458b 0x60858910
b9de8f18 85891845 ffffff78 8924458b ffff6485 0x8bffffff
b9de8f1c ffffff78 8924458b ffff6485 89c033ff 0x85891845
b9de8f20 8924458b ffff6485 89c033ff 85898c45 0xffffff78
b9de8f24 ffff6485 89c033ff 85898c45 ffffff7c 0x8924458b
b9de8f28 89c033ff 85898c45 ffffff7c ff548589 0xffff6485
b9de8f2c 85898c45 ffffff7c ff548589 4589ffff 0x89c033ff
b9de8f30 ffffff7c ff548589 4589ffff 8445899c 0x85898c45
b9de8f34 ff548589 4589ffff 8445899c ff748589 0xffffff7c


STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT+7a60
b65b9a60 ??              ???

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  SYMEVENT+7a60

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  49934f4c

FAILURE_BUCKET_ID:  0x7f_8_SYMEVENT+7a60

BUCKET_ID:  0x7f_8_SYMEVENT+7a60

Followup: MachineOwner
---------

回复

好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I have NIS 16.5.0.135 installed.

I resumed my laptop from hibernation and noticed that it was booting up instead of resuming.  After XP booted up, it told me that it recovered from a serious error and to submit the crash data, which I did.

In the meantime I used the "Debugging Tools for Windows" which reported that the crash was "probably caused" by "SYMEVENT.SYS ( SYMEVENT+7a60 )".

This is the 2nd crash in symevent.sys I've had in as many months.  The first one was a stop 0x8E.

This crash was a 0x7F: UNEXPECTED_KERNEL_MODE_TRAP of type "Double Fault", which basically means two back to back exceptions.  This usually indicates either a hardware problem or a kernel stack overflow.  I haven't changed my hardware recently and both exceptions occurred in symevent.sys, so I would think it's the later.

I don't have any other spyware or AV programs installed.

I'll mention that I had run Microsoft's FileMon utility and it was in the call stack, but I haven't had compatibility problems with FileMon and NIS in the past.


 

In case anyone is interested in the details:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for FILEM701.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILEM701.SYS
*** WARNING: Unable to verify timestamp for NAVEX15.SYS
*** ERROR: Module load completed but symbols could not be loaded for NAVEX15.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+7a60 )


kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  b51cd574 -- (.trap 0xffffffffb51cd574)
ErrCode = 00000000
eax=0000000f ebx=00000001 ecx=d6e54800 edx=00000000 esi=89036da8 edi=00000000
eip=8055f47b esp=b51cd5e8 ebp=b51cd634 iopl=0         nv up ei ng nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293
nt!CcMapData+0xef:
8055f47b 8a0c0a          mov     cl,byte ptr [edx+ecx]      ds:0023:d6e54800=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8051cc5f to 804f8caf

STACK_TEXT:
b51cd000 8051cc5f 00000050 b51ccfe0 00000000 nt!KeBugCheckEx+0x5
b51cd060 8054052c 00000000 b51ccfe0 00000000 nt!MmAccessFault+0x8e7
b51cd060 80535a8a 00000000 b51ccfe0 00000000 nt!KiTrap0E+0xcc
b51cd17c 804ee129 8a796020 861c68a8 861c68a8 nt!_alloca_probe+0xe
b51cd18c b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cd1b8 804ee129 8a79d178 861c68a8 8a76df38 fltmgr!FltpDispatch+0x152
b51cd1c8 b9ebb459 b51cd20c 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cd1d0 804ee129 8a79d2b0 861c68a8 861c68a8 sr!SrPassThrough+0x31
b51cd1e0 b9ed109e 88eddbe8 8a79e5f8 861c6a80 nt!IopfCallDriver+0x31
b51cd20c 804ee129 8a79d020 861c68a8 861c6aa4 fltmgr!FltpDispatch+0x152
b51cd21c b65b9a60 861c6aa4 8a388998 861c6aa4 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b51cd230 804ee129 890a0f10 861c68a8 861c6ac8 SYMEVENT+0x7a60
b51cd238 861c68a8 861c6ac8 b34ba3d6 8a758e00 nt!IopfCallDriver+0x31
b51cd42c b34ba5dd 88bcd2b8 861c68a8 804ee129 0x861c68a8
b51cd45c 804eeb37 88bcd2b8 860b6c0c 860b6cb0 FILEM701+0x85dd
b51cd47c 80513578 8a758e00 860b6cd0 860b6cb0 nt!IoPageRead+0x1b
b51cd4f8 8051cb2c e86b0ca0 d6e54800 c06b72a0 nt!MiDispatchFault+0x286
b51cd55c 8054052c 00000000 d6e54800 00000000 nt!MmAccessFault+0x7b4
b51cd55c 8055f47b 00000000 d6e54800 00000000 nt!KiTrap0E+0xcc
b51cd634 b9deea6e 8a758e00 b51cd664 00000400 nt!CcMapData+0xef
b51cd654 b9deec89 b51cdcf4 8a756748 10794800 Ntfs!NtfsMapStream+0x46
b51cd6c8 b9deeb96 b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadMftRecord+0x86
b51cd700 b9deeaed b51cdcf4 8a796100 e920a010 Ntfs!NtfsReadFileRecord+0x7a
b51cd738 b9dcc2ed b51cdcf4 e920a008 e920a010 Ntfs!NtfsLookupInFileRecord+0x37
b51cd848 b9dc8ffc b51cdcf4 e920a0d0 00000521 Ntfs!NtfsLookupAllocation+0xdd
b51cda18 b9dc8c76 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsPrepareBuffers+0x270
b51cdc00 b9dcb6f6 b51cdcf4 855a8bb8 e920a0d0 Ntfs!NtfsNonCachedIo+0x20e
b51cdce0 b9dcb00a b51cdcf4 855a8bb8 00000001 Ntfs!NtfsCommonRead+0xbdd
b51cde90 804ee129 8a796020 855a8bb8 855a8bb8 Ntfs!NtfsFsdRead+0x22d
b51cdea0 b9ed109e 8a79d4e8 8a79e5f8 8a79d020 nt!IopfCallDriver+0x31
b51cdecc 804ee129 8a79d178 855a8bb8 8a76df38 fltmgr!FltpDispatch+0x152
b51cdedc b9ebb459 b51cdf20 804ee129 8a79d2b0 nt!IopfCallDriver+0x31
b51cdee4 804ee129 8a79d2b0 855a8bb8 855a8bb8 sr!SrPassThrough+0x31
b51cdef4 b9ed109e 88eddbe8 8a79e5f8 855a8d90 nt!IopfCallDriver+0x31
b51cdf20 804ee129 8a79d020 855a8bb8 855a8db4 fltmgr!FltpDispatch+0x152
b51cdf30 b65b9a60 855a8db4 8a388998 855a8db4 nt!IopfCallDriver+0x31
b51cdf44 804ee129 890a0f10 855a8bb8 855a8dd8 SYMEVENT+0x7a60
b51cdf68 804ee129 8a7c7ab8 00000103 8a7dea38 nt!IopfCallDriver+0x31
b51cdf78 ba330921 8a7979b8 80010031 0000003d nt!IopfCallDriver+0x31
b51ce140 b34ba5dd 88bcd2b8 855a8bb8 804ee129 PartMgr!PmReadWrite+0x95
b51ce170 804eeb37 88bcd2b8 88dac00c 88dac020 FILEM701+0x85dd
b51ce190 80513578 85bb5028 88dac040 88dac020 nt!IoPageRead+0x1b
b51ce20c 8051cb2c e3ce9908 cf6e17b6 c067b708 nt!MiDispatchFault+0x286
b51ce270 80517c88 00000000 cf6e17b6 00000000 nt!MmAccessFault+0x7b4
b51ce2cc 8055eb39 cf6e17b6 00000000 b51ce424 nt!MmCheckCachedPageState+0x56c
b51ce35c b9de8e9a 85bb5028 005217b6 00000009 nt!CcFastCopyRead+0x341
b51ce3b4 b9ed0018 85bb5028 b51ce424 00000009 Ntfs!NtfsCopyReadA+0x1bf
b51ce3e8 b9edba1d 00000003 00000000 b51ce41c fltmgr!FltpPerformFastIoCall+0x230
b51ce43c b9ec29a2 85bb5028 b51ce4d4 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce464 b9ed0018 85bb5028 b51ce4d4 00000009 sr!SrFastIoRead+0x40
b51ce498 b9edba1d 00000003 00000000 b51ce4cc fltmgr!FltpPerformFastIoCall+0x230
b51ce4ec b65b5e1b 85bb5028 b51ce60c 00000009 fltmgr!FltpFastIoRead+0xa9
b51ce520 b34b6c7f 85bb5028 b51ce60c 00000009 SYMEVENT+0x3e1b
b51ce5d0 80571aff 85bb5028 b51ce60c 00000009 FILEM701+0x4c7f
b51ce67c 8053d648 8000055c 00000000 00000000 nt!NtReadFile+0x2d5
b51ce67c 804fec05 8000055c 00000000 00000000 nt!KiFastCallEntry+0xf8
b51ce718 a17710a0 8000055c 00000000 00000000 nt!ZwReadFile+0x11
b51ce784 a177163c 00091064 b51ce7b8 e20251f8 NAVEX15+0x3b0a0
b51ce7cc a17716e7 00096067 0008c062 e20251f8 NAVEX15+0x3b63c
b51ce834 b9ed0018 8853db40 b51ce8a4 00000002 NAVEX15+0x3b6e7
b9de8ee4 90909090 00013068 13a06800 25e8b9de fltmgr!FltpPerformFastIoCall+0x230
b9de8f00 45890845 0c758bb0 ff68b589 458bffff 0x90909090
b9de8f04 0c758bb0 ff68b589 458bffff 60858910 0x45890845
b9de8f08 ff68b589 458bffff 60858910 8bffffff 0xc758bb0
b9de8f0c 458bffff 60858910 8bffffff 85891845 0xff68b589
b9de8f10 60858910 8bffffff 85891845 ffffff78 0x458bffff
b9de8f14 8bffffff 85891845 ffffff78 8924458b 0x60858910
b9de8f18 85891845 ffffff78 8924458b ffff6485 0x8bffffff
b9de8f1c ffffff78 8924458b ffff6485 89c033ff 0x85891845
b9de8f20 8924458b ffff6485 89c033ff 85898c45 0xffffff78
b9de8f24 ffff6485 89c033ff 85898c45 ffffff7c 0x8924458b
b9de8f28 89c033ff 85898c45 ffffff7c ff548589 0xffff6485
b9de8f2c 85898c45 ffffff7c ff548589 4589ffff 0x89c033ff
b9de8f30 ffffff7c ff548589 4589ffff 8445899c 0x85898c45
b9de8f34 ff548589 4589ffff 8445899c ff748589 0xffffff7c


STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT+7a60
b65b9a60 ??              ???

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  SYMEVENT+7a60

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  49934f4c

FAILURE_BUCKET_ID:  0x7f_8_SYMEVENT+7a60

BUCKET_ID:  0x7f_8_SYMEVENT+7a60

Followup: MachineOwner
---------
好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

Hi Morac: 

Microsoft has this to say about Double Fault some of which you already know.

 Double fault

A double fault occurs when an exception occurs while trying to call the handler for a prior exception. Normally, the two exceptions can be handled serially, however there are several exceptions that cannot be handled serially and in this situation the processor signals a double fault. The two primary causes for this are hardware and kernel stack overflows. Hardware problems are usually related to CPU, RAM, or bus. Kernel stack overflows are almost always caused by faulty kernel-mode drivers.

 To resolve this issue, use the appropriate method:

  • If either software or hardware can cause a particular trap, a debug is required to determine which is the cause. If you suspect a hardware problem, try the following hardware troubleshooting steps:
    1. Test the RAM in the computer by running the diagnostic software that is provided by the computer manufacturer. Replace any RAM that is reported as bad. Also, make sure that all the RAM in the computer is the same speed.
    2. Try removing or swapping out controllers, cards, or other peripherals.
    3. Try a different motherboard on the computer.
  • If you are over clocking the speed of your processor, set it back to the speed at which it is designed to run.
  • Check with the hardware vendor for any updated hardware drivers or BIOS updates, or both.


Process library also contributes this information regarding csrss.exe

The Microsoft Client Server Runtime Server subsystem utilizes the process csrss.exe for managing the majority of the graphical instruction sets under the Microsoft Windows operating system. As such Csrss.exe provides the critical functions of the operating system, and its termination can result in the Blue Screen of Death being displayed.

 Since bug check says that it is a driver fault and specifies the process as in csrss, you could try updating your graphics drivers.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I haven't touched my graphics drivers in years, mainly because they are stable and work well, but also because Dell hasn't updated them.  I also haven't made any hardware changes to my machine since I replaced the memory about 4 or 5 years ago.

In any case the driver that the bug check is complaining about isn't a graphics driver, it's symevent.sys, which is part of Norton Internet Security 2009.

symevent.sys has been known to cause blue screens from time to time, but normally they are stop 0x8E errors, not 0x7F.

I tried a hibernation/restore again and all was well, so I don't know what happened last time. Hopefully it's a fluke.

好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I think symevent.sys is merely the reaction to a driver issue rather than the cause of this particular issue.  If you haven't touched your graphics drivers in years, you would have nothing to lose by trying and everything to gain.

Microsoft says the error is normally a hardware, or bios issue.  There is no doubt that newer coding, probably in NIS is causing the conflict, but Symantec is unlikely to produce a fix or workaround for outdated hardware drivers.

Outdated drivers may also have some impact on your Firefox issues as tabs are going to be heavily involved with graphics.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I'm not sure why NIS would be interacting with the graphics driver on a resumption from hibernation.  Since the stack dump didn't show any indications of the graphics driver I'm going to assume that's a non-issue.   I've had enough graphics drivers problems in the past (my old one used to cause blue screen issues), that I'm not really interested in updating the driver.

Also I'm not having any Firefox issues.

好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

Hi -

Just passing by...

Did not ever remove Norton with the Norton Removal Tool and reinstall?

CompumindNIS 2009, XP-SP3, Vista-SP2, IE 8
好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

FileMon is definately known to have some issues and, because SymEvent is the closest to the file system, SymEvent gets blamed for problems, even though, in some cases, it is simply passing the data through. In every crash that I've seen in the past where FileMon was on the system, the issue was ultimately found to be FileMon problem.

FileMon has been replaced with Process Monitor and I have not heard of similar issues so you may wish to try that.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
好评0

Re: Blue Screen - STOP 0x0000007F in SYMEVENT.SYS (Windows XP SP3)

I've never had problems with FileMon in the past and I've been using it for a few years.  I can run Process Monitor, but I don't particularly like it since for just seeing what files are being accessed it is overkill and it is a lot slower to enable/disable on the fly.

Looking at the stack trace I had, it looks like FileMon and Norton got into a kind of inifinite loop scenario.   NIS scanned a file that was being used, which caused FileMon to log the use which seems to have caused NIS to scan it again, which caused FileMon to log it again, etc.  This might be why the double fault occurred instead of being handled.

What's really weird is that I had shut down FileMon way before the crash occurred.  I know the driver is still loaded until the system reboots, but it shouldn't be doing anything at that point.   It also never caused a problem in the past.  Oh well.

This thread is closed from further comment. Please visit the forum to start a new thread.