Server 2003 SP2 BSOD caused by fltmgr.sys
- by MasterMax1313
I'm running into a problem where a Server 2003 SP2 box has started crashing roughly once an hour, BSODing out with the message that fltmgr.sys is probably the cause. I ran dumpchk.exe on the memory.dmp file, indicating the same thing. Any thoughts on typical root causes?
The following is the error code I'm seeing:
Error code 0000007e, parameter1 c0000005, parameter2 f723e087, parameter3 f78cea8c, parameter4 f78ce788.
After running dumpchk on the memory.dmp file, I get the following note:
Probably caused by : fltmgr.sys ( fltmgr!FltGetIrpName+63f )
The full log is here:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\memory.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe -
Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.101019-0340
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x8089ffa8
Debug session time: Wed Oct 5 08:48:04.803 2011 (UTC - 4:00)
System Uptime: 0 days 14:25:12.085
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe -
Loading Kernel Symbols
...............................................................
.................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {c0000005, f723e087, f78dea8c, f78de788}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fltmgr.sys -
--omitted--
Probably caused by : fltmgr.sys ( fltmgr!FltGetIrpName+63f )
Followup: MachineOwner
---------
----- 32 bit Kernel Full Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000ece
KdSecondaryVersion 00000000
DirectoryTableBase 004e7000
PfnDataBase 81600000
PsLoadedModuleList 8089ffa8
PsActiveProcessHead 808a61c8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 0000007e
BugCheckParameter1 c0000005
BugCheckParameter2 f723e087
BugCheckParameter3 f78dea8c
BugCheckParameter4 f78de788
PaeEnabled 00000001
KdDebuggerDataBlock 8088e3e0
SecondaryDataState 00000000
ProductType 00000003
SuiteMask 00000110
Physical Memory Description:
Number of runs: 3 (limited to 3)
FileOffset Start Address Length
00001000 0000000000001000 0009e000
0009f000 0000000000100000 bfdf0000
bfe8f000 00000000bff00000 00100000
Last Page: 00000000bff8e000 00000000bffff000
KiProcessorBlock at 8089f300
1 KiProcessorBlock entries:
ffdff120
Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.101019-0340
Machine Name:*** ERROR: Module load completed but symbols could not be loaded for srv.sys
Kernel base = 0x80800000 PsLoadedModuleList = 0x8089ffa8
Debug session time: Wed Oct 5 08:48:04.803 2011 (UTC - 4:00)
System Uptime: 0 days 14:25:12.085
start end module name
80800000 80a50000 nt Tue Oct 19 10:00:49 2010 (4CBDA491)
80a50000 80a6f000 hal Sat Feb 17 00:48:25 2007 (45D69729)
b83d4000 b83fe000 Fastfat Sat Feb 17 01:27:55 2007 (45D6A06B)
b8476000 b84a1000 RDPWD Sat Feb 17 00:44:38 2007 (45D69646)
b8549000 b8554000 TDTCP Sat Feb 17 00:44:32 2007 (45D69640)
b8fe1000 b9045000 srv Thu Feb 17 11:58:17 2011 (4D5D53A9)
b956d000 b95be000 HTTP Fri Nov 06 07:51:22 2009 (4AF41BCA)
b9816000 b982d780 hgfs Tue Aug 12 20:36:54 2008 (48A22CA6)
b9b16000 b9b20000 ndisuio Sat Feb 17 00:58:25 2007 (45D69981)
b9cf6000 b9d1ac60 iwfsd Wed Sep 29 01:43:59 2004 (415A4B9F)
b9e5b000 b9e62000 parvdm Tue Mar 25 03:03:49 2003 (3E7FFF55)
b9e63000 b9e67860 lgtosync Fri Sep 12 04:38:13 2003 (3F6185F5)
b9ed3000 b9ee8000 Cdfs Sat Feb 17 01:27:08 2007 (45D6A03C)
b9f10000 b9f2e000 EraserUtilRebootDrv Thu Jul 07 21:45:11 2011 (4E166127)
b9f2e000 b9f8c000 eeCtrl Thu Jul 07 21:45:11 2011 (4E166127)
b9f8c000 b9f9d000 Fips Sat Feb 17 01:26:33 2007 (45D6A019)
b9f9d000 ba013000 mrxsmb Fri Feb 18 10:22:23 2011 (4D5E8EAF)
ba013000 ba043000 rdbss Wed Feb 24 10:54:03 2010 (4B854B9B)
ba043000 ba0ad000 SPBBCDrv Mon Dec 14 23:39:00 2009 (4B2712E4)
ba0ad000 ba0d7000 afd Thu Feb 10 08:42:18 2011 (4D53EB3A)
ba0d7000 ba108000 netbt Sat Feb 17 01:28:57 2007 (45D6A0A9)
ba108000 ba19c000 tcpip Sat Aug 15 05:53:38 2009 (4A8685A2)
ba19c000 ba1b5000 ipsec Sat Feb 17 01:29:28 2007 (45D6A0C8)
ba275000 ba288600 NAVENG Fri Jul 29 08:10:02 2011 (4E32A31A)
ba289000 ba2ae000 SYMEVENT Thu Apr 15 21:31:23 2010 (4BC7BDEB)
ba2ae000 ba42d300 NAVEX15 Fri Jul 29 08:07:28 2011 (4E32A280)
ba42e000 ba479000 SRTSP Fri Mar 04 15:31:08 2011 (4D714C0C)
ba485000 ba487b00 dump_vmscsi Wed Apr 11 13:55:32 2007 (461D2114)
ba4e1000 ba540000 update Mon May 28 08:15:16 2007 (465AC7D4)
ba568000 ba59f000 rdpdr Sat Feb 17 00:51:00 2007 (45D697C4)
ba59f000 ba5b1000 raspptp Sat Feb 17 01:29:20 2007 (45D6A0C0)
ba5b1000 ba5ca000 ndiswan Sat Feb 17 01:29:22 2007 (45D6A0C2)
ba5da000 ba5e4000 dump_diskdump Sat Feb 17 01:07:44 2007 (45D69BB0)
ba66a000 ba67e000 rasl2tp Sat Feb 17 01:29:02 2007 (45D6A0AE)
ba67e000 ba69a000 VIDEOPRT Sat Feb 17 01:10:30 2007 (45D69C56)
ba69a000 ba6c1000 ks Sat Feb 17 01:30:40 2007 (45D6A110)
ba6c1000 ba6d5000 redbook Sat Feb 17 01:07:26 2007 (45D69B9E)
ba6d5000 ba6ea000 cdrom Sat Feb 17 01:07:48 2007 (45D69BB4)
ba6ea000 ba6ff000 serial Sat Feb 17 01:06:46 2007 (45D69B76)
ba6ff000 ba717000 parport Sat Feb 17 01:06:42 2007 (45D69B72)
ba717000 ba72a000 i8042prt Sat Feb 17 01:30:40 2007 (45D6A110)
baff0000 baff3700 CmBatt Sat Feb 17 00:58:51 2007 (45D6999B)
bf800000 bf9d3000 win32k Thu Mar 03 08:55:02 2011 (4D6F9DB6)
bf9d3000 bf9ea000 dxg Sat Feb 17 01:14:39 2007 (45D69D4F)
bf9ea000 bf9fec80 vmx_fb Sat Aug 16 07:23:10 2008 (48A6B89E)
bf9ff000 bfa4a000 ATMFD Tue Feb 15 08:19:22 2011 (4D5A7D5A)
bff60000 bff7e000 RDPDD Sat Feb 17 09:01:19 2007 (45D70AAF)
f7214000 f723a000 KSecDD Mon Jun 15 13:45:11 2009 (4A3688A7)
f723a000 f725f000 fltmgr Sat Feb 17 00:51:08 2007 (45D697CC)
f725f000 f7272000 CLASSPNP Sat Feb 17 01:28:16 2007 (45D6A080)
f7272000 f7283000 symmpi Mon Dec 13 16:03:14 2004 (41BE0392)
f7283000 f72a2000 SCSIPORT Sat Feb 17 01:28:41 2007 (45D6A099)
f72a2000 f72bf000 atapi Sat Feb 17 01:07:34 2007 (45D69BA6)
f72bf000 f72e9000 volsnap Sat Feb 17 01:08:23 2007 (45D69BD7)
f72e9000 f7315000 dmio Sat Feb 17 01:10:44 2007 (45D69C64)
f7315000 f733c000 ftdisk Sat Feb 17 01:08:05 2007 (45D69BC5)
f733c000 f7352000 pci Sat Feb 17 00:59:03 2007 (45D699A7)
f7352000 f7386000 ACPI Sat Feb 17 00:58:47 2007 (45D69997)
f7487000 f7490000 WMILIB Tue Mar 25 03:13:00 2003 (3E80017C)
f7497000 f74a6000 isapnp Sat Feb 17 00:58:57 2007 (45D699A1)
f74a7000 f74b4000 PCIIDEX Sat Feb 17 01:07:32 2007 (45D69BA4)
f74b7000 f74c7000 MountMgr Sat Feb 17 01:05:35 2007 (45D69B2F)
f74c7000 f74d2000 PartMgr Sat Feb 17 01:29:25 2007 (45D6A0C5)
f74d7000 f74e7000 disk Sat Feb 17 01:07:51 2007 (45D69BB7)
f74e7000 f74f3000 Dfs Sat Feb 17 00:51:17 2007 (45D697D5)
f74f7000 f7501000 crcdisk Sat Feb 17 01:09:50 2007 (45D69C2E)
f7507000 f7517000 agp440 Sat Feb 17 00:58:53 2007 (45D6999D)
f7517000 f7522000 TDI Sat Feb 17 01:01:19 2007 (45D69A2F)
f7527000 f7532000 ptilink Sat Feb 17 01:06:38 2007 (45D69B6E)
f7537000 f7540000 raspti Sat Feb 17 00:59:23 2007 (45D699BB)
f7547000 f7556000 termdd Sat Feb 17 00:44:32 2007 (45D69640)
f7557000 f7561000 Dxapi Tue Mar 25 03:06:01 2003 (3E7FFFD9)
f7577000 f7580000 mssmbios Sat Feb 17 00:59:12 2007 (45D699B0)
f7587000 f7595000 NDProxy Wed Nov 03 09:25:59 2010 (4CD162E7)
f75a7000 f75b1000 flpydisk Tue Mar 25 03:04:32 2003 (3E7FFF80)
f75b7000 f75c0080 SRTSPX Fri Mar 04 15:31:24 2011 (4D714C1C)
f75d7000 f75e3000 vga Sat Feb 17 01:10:30 2007 (45D69C56)
f75e7000 f75f2000 Msfs Sat Feb 17 00:50:33 2007 (45D697A9)
f75f7000 f7604000 Npfs Sat Feb 17 00:50:36 2007 (45D697AC)
f7607000 f7615000 msgpc Sat Feb 17 00:58:37 2007 (45D6998D)
f7617000 f7624000 netbios Sat Feb 17 00:58:29 2007 (45D69985)
f7627000 f7634000 wanarp Sat Feb 17 00:59:17 2007 (45D699B5)
f7637000 f7646000 intelppm Sat Feb 17 00:48:30 2007 (45D6972E)
f7647000 f7652000 kbdclass Sat Feb 17 01:05:39 2007 (45D69B33)
f7657000 f7661000 mouclass Tue Mar 25 03:03:09 2003 (3E7FFF2D)
f7667000 f7671000 serenum Sat Feb 17 01:06:44 2007 (45D69B74)
f7677000 f7682000 fdc Sat Feb 17 01:07:16 2007 (45D69B94)
f7687000 f7694b00 vmx_svga Sat Aug 16 07:22:07 2008 (48A6B85F)
f7697000 f76a0000 watchdog Sat Feb 17 01:11:45 2007 (45D69CA1)
f76a7000 f76b0000 ndistapi Sat Feb 17 00:59:19 2007 (45D699B7)
f76b7000 f76c6000 raspppoe Sat Feb 17 00:59:23 2007 (45D699BB)
f76c8000 f7707000 NDIS Sat Feb 17 01:28:49 2007 (45D6A0A1)
f7707000 f770f000 kdcom Tue Mar 25 03:08:00 2003 (3E800050)
f770f000 f7717000 BOOTVID Tue Mar 25 03:07:58 2003 (3E80004E)
f7717000 f771e000 intelide Sat Feb 17 01:07:32 2007 (45D69BA4)
f771f000 f7726000 dmload Tue Mar 25 03:08:08 2003 (3E800058)
f777f000 f7786000 dxgthk Tue Mar 25 03:05:52 2003 (3E7FFFD0)
f7787000 f778e000 vmmemctl Tue Aug 12 20:37:25 2008 (48A22CC5)
f77cf000 f77d6280 vmxnet Mon Sep 08 21:17:10 2008 (48C5CE96)
f77d7000 f77df000 audstub Tue Mar 25 03:09:12 2003 (3E800098)
f77ef000 f77f7000 Fs_Rec Tue Mar 25 03:08:36 2003 (3E800074)
f77f7000 f77fe000 Null Tue Mar 25 03:03:05 2003 (3E7FFF29)
f77ff000 f7806000 Beep Tue Mar 25 03:03:04 2003 (3E7FFF28)
f7807000 f780f000 mnmdd Tue Mar 25 03:07:53 2003 (3E800049)
f780f000 f7817000 RDPCDD Tue Mar 25 03:03:05 2003 (3E7FFF29)
f7817000 f781f000 rasacd Tue Mar 25 03:11:50 2003 (3E800136)
f7878000 f7897000 Mup Tue Apr 12 15:05:46 2011 (4DA4A28A)
f7897000 f7899980 compbatt Sat Feb 17 00:58:51 2007 (45D6999B)
f789b000 f789e900 BATTC Sat Feb 17 00:58:46 2007 (45D69996)
f789f000 f78a1b00 vmscsi Wed Apr 11 13:55:32 2007 (461D2114)
f79af000 f79b0280 vmmouse Mon Aug 11 07:16:51 2008 (48A01FA3)
f79b1000 f79b2280 swenum Sat Feb 17 01:05:56 2007 (45D69B44)
f7b4a000 f7bdf000 Ntfs Sat Feb 17 01:27:23 2007 (45D6A04B)
Unloaded modules:
ba65a000 ba668000 imapi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
ba1c4000 ba1d5000 vpc-8042.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00011000
f77df000 f77e7000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00008000
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {c0000005, f723e087, f78dea8c, f78de788}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
--omitted--
Probably caused by : fltmgr.sys ( fltmgr!FltGetIrpName+63f )
Followup: MachineOwner
---------
Finished dump check
