Hello,
I'm running a Windows 2003 x86 SBS SP2 server in my environment and I got this blue screen the other day. From the dmp file I noticed that it is coming from ESET but I'm not sure why this is happening but it seems as though Backup Exec (12.5) and ESET aren't playing nice. Would someone give me some more insight as to why this happened? Thank you.
========START DMP
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80a613de, address which referenced memory
Debugging Details:
------------------
*** ERROR: Module load completed but symbols could not be loaded for VirtFile.sys
*** ERROR: Module load completed but symbols could not be loaded for ehdrv.sys
WRITE_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
hal!KeAcquireSpinLockRaiseToSynch+e
80a613de f00fba2900 lock bts dword ptr [ecx],0
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: ekrn.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
TRAP_FRAME: b3ce86a8 -- (.trap 0xffffffffb3ce86a8)
ErrCode = 00000002
eax=00000000 ebx=87f1b2b0 ecx=00000000 edx=b3ce8778 esi=89a59808 edi=89a59994
eip=80a613de esp=b3ce871c ebp=b3ce8734 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
hal!KeAcquireSpinLockRaiseToSynch+0xe:
80a613de f00fba2900 lock bts dword ptr [ecx],0 ds:0023:00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 80a613de to 8088e730
STACK_TEXT:
b3ce86a8 80a613de badb0d00 b3ce8778 89560cc4 nt!KiTrap0E+0x18c
b3ce8718 9bda76c1 00000000 00000000 00000000 hal!KeAcquireSpinLockRaiseToSynch+0xe
WARNING: Stack unwind information not available. Following frames may be wrong.
b3ce8734 9bda77d4 00000000 b3ce876c b3ce8778 VirtFile+0x46c1
b3ce877c 9bda6191 87f1b30c 89b92130 00000001 VirtFile+0x47d4
b3ce8814 9bda62ec 89b92130 87f1b30c 00000001 VirtFile+0x3191
b3ce8834 f76e34de 87f1b30c b3ce8854 b3ce8870 VirtFile+0x32ec
b3ce8894 f76e4f3e 00ce88dc 00000000 b3ce88dc fltmgr!FltpPerformPreCallbacks+0x2d4
b3ce88a8 f76e58e6 b3ce88dc 00000000 8a0c2700 fltmgr!FltpPassThroughInternal+0x32
b3ce88c4 f76e5cfa b3ce8800 88d65910 8b51b2a0 fltmgr!FltpPassThrough+0x1c2
b3ce88f4 8081e185 8a0c2700 87ee9cd0 87ee9cd0 fltmgr!FltpDispatch+0x110
b3ce8908 808f787b 87ee9e84 87ee9cd0 88d65910 nt!IofCallDriver+0x45
b3ce891c 808f4a47 8a0c2700 87ee9cd0 88d65910 nt!IopSynchronousServiceTail+0x10b
b3ce89b4 87b43c15 00000434 00000000 00000000 nt!NtReadFile+0x5d5
b3ce8a44 f7b8ca0a f7b8c9c1 0707d33c 8b27f608 0x87b43c15
b3ce8a48 f7b8c9c1 0707d33c 8b27f608 8b295020 Ntfs!NtfsFastQueryStdInfo+0x182
b3ce8b94 87b42390 0707ccf4 0000004c b3ce8c78 Ntfs!NtfsFastQueryStdInfo+0x139
b3ce8bd4 b9b002d3 00002134 0707ccf4 0000004c 0x87b42390
b3ce8bf8 b9b1931f 87e8ac60 0707ccf4 0000004c ehdrv+0x12d3
b3ce8c5c 808f828d 89453be8 00000001 0707ccf4 ehdrv+0x1a31f
b3ce8d00 808f1164 00000350 00000000 00000000 nt!IopXxxControlFile+0x255
b3ce8d34 8088b658 00000350 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
b3ce8d34 7c82845c 00000350 00000000 00000000 nt!KiSystemServicePostCall
0707cca8 00000000 00000000 00000000 00000000 0x7c82845c
STACK_COMMAND: kb
FOLLOWUP_IP:
VirtFile+46c1
9bda76c1 8845f7 mov byte ptr [ebp-9],al
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: VirtFile+46c1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: VirtFile
IMAGE_NAME: VirtFile.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49b01a64
FAILURE_BUCKET_ID: 0xA_VirtFile+46c1
BUCKET_ID: 0xA_VirtFile+46c1
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xa_virtfile+46c1
FAILURE_ID_HASH: {06565879-e9b6-7793-3a65-077b591df06e}
Followup: MachineOwner
---------