bugcheck 0x8e fltmgr.sys

Greetings everyone,

I found your list via google and see a few months ago (apr '05) a few list
members have been experiencing problems with fltmgr.sys causing a BSOD. I
didn’t see any resolution or work-arounds posted however, so my trail sort
of ends there.

A server I manage has recently ‘come down’ with this problem as well; the
odd part is the bsod/bugcheck occurs almost the exact same time every
morning … around 3:15 - 3:30 am. I have checked for anything running a
scheduled task at that time and find nothing.

This server doesn’t do much … there are only two 3rd party programs on it:
Pervasive SQL 8
Norton Corporate 10

The rest is built in:
Active Directory domain
Distributed Filesystem
Remote Desktop / Terminal Services (for remote management only)
Printer and file server

The box itself:
Dell poweredge 2800
2g ram ecc ddr2
8x 73g scsi drives configured as 2 logic drives
Perc 4 raid controller
Intel 1000BT dual port server adapter

Thank you for any input or advice,

Gordon McLellan

here’s the output from Windbg:

Microsoft (R) Windows Debugger Version 6.5.0003.7 http:
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [c:\windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srvhttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (4 procs) Free
x86 compatible
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af988
Debug session time: Wed Sep 28 03:40:07.919 2005 (GMT-4)
System Uptime: 0 days 9:52:21.406
Loading Kernel Symbols
…
Loading unloaded module list
…
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdc00c). Type “.hh dbgerr001” for details


Bugcheck Analysis



Use !analyze -v to get detailed debugging information.

BugCheck 8E, {c0000005, f724c421, b61e0814, 0}

ERROR: Symbol file could not be found. Defaulted to export symbols for
SYMEVENT.SYS -
Probably caused by : fltmgr.sys ( fltmgr!FltpCreate+a7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
**************************************************************************

Bugcheck Analysis
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f724c421, The address that the exception occurred at
Arg3: b61e0814, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
Ntfs!NtfsAcquireResourceExclusive+8
f724c421 6681380207 cmp word ptr [eax],0x702

TRAP_FRAME: b61e0814 – (.trap ffffffffb61e0814)
ErrCode = 00000000
eax=00000000 ebx=88eb8250 ecx=00002386 edx=8a337020 esi=88eb83e0
edi=00000000
eip=f724c421 esp=b61e0888 ebp=b61e0888 iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
Ntfs!NtfsAcquireResourceExclusive+0x8:
f724c421 6681380207 cmp word ptr [eax],0x702 ds:0023:00000000=???
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from f7291f85 to f724c421

STACK_TEXT:
b61e0888 f7291f85 88ac9d80 00000000 00000001
Ntfs!NtfsAcquireResourceExclusive+0x8
b61e098c 8083f9d0 8a337020 88eb8250 8a3e6840 Ntfs!NtfsFsdCreate+0x362
b61e09a0 f731241b 8a3e6840 8a2db628 8083e760 nt!IofCallDriver+0x45
b61e09c8 8083f9d0 8a2d3b68 88eb8250 b61e0a2c fltmgr!FltpCreate+0xa7
b61e09dc b7c2f163 b61e0a2c b6040a00 00000000 nt!IofCallDriver+0x45
WARNING: Stack unwind information not available. Following frames may be
wrong.
b61e0a5c 8092e269 b61e0c04 8a3ec2f0 00000000
SYMEVENT!SYMEvent_GetVMDataPtr+0x87c3
b61e0b44 80936caa 8a3ec308 00000000 87aeb528 nt!IopParseDevice+0xa35
b61e0bc4 80936aa5 00000000 b61e0c04 00000040 nt!ObpLookupObjectName+0x5a9
b61e0c18 80936f27 00000000 00000000 aeb52801 nt!ObOpenObjectByName+0xea
b61e0c94 80936ff8 0096d6d4 02100080 0096d670 nt!IopCreateFile+0x447
b61e0cf0 8092ed98 0096d6d4 02100080 0096d670 nt!IoCreateFile+0xa3
b61e0d30 80834d3f 0096d6d4 02100080 0096d670 nt!NtCreateFile+0x30
b61e0d30 7c82ed54 0096d6d4 02100080 0096d670 nt!KiFastCallEntry+0xfc
0096d6cc 00000000 00000000 00000000 00000000 0x7c82ed54

FOLLOWUP_IP:
fltmgr!FltpCreate+a7
f731241b e991010000 jmp fltmgr!FltpCreate+0x23d (f73125b1)

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: fltmgr!FltpCreate+a7

MODULE_NAME: fltmgr

IMAGE_NAME: fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba1

STACK_COMMAND: .trap ffffffffb61e0814 ; kb

FAILURE_BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

Followup: MachineOwner
---------</http:>

Have you tried without Norton ?

Yes, I just tried last night without Norton … same result… I think. The
server is remote managed mostly, and the fact I can’t even reach it right
now is not good (the remote network is up, I’m talking to the firewall ok).

Time to go for a drive and find out whats happened … I suppose I will try
tonight without Pervasive SQL.

Gordon

On 9/28/05, Satya Das wrote:
>
> Have you tried without Norton ?
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com

In the analyze -v for the crash after you removed Norton, do you see any
reference to symevent.sys or anything similar ? It is more likely that
Norton is doing something than Pervasive SQL.

If you disable Norton SymEvent.sys (part of most Norton products)
wouldn’t get onto the faulting stack - so you wouldn’t have the same
error.

Gordon McLellan wrote:

Yes, I just tried last night without Norton … same result… I
think. The
server is remote managed mostly, and the fact I can’t even reach it
right
now is not good (the remote network is up, I’m talking to the firewall
ok).

Time to go for a drive and find out whats happened … I suppose I
will try
tonight without Pervasive SQL.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Current versions of Norton do not switch stacks.
“Satya Das” wrote in message news:xxxxx@ntfsd…
In the analyze -v for the crash after you removed Norton, do you see any reference to symevent.sys or anything similar ? It is more likely that Norton is doing something than Pervasive SQL.

I had thought I’d completely disabled norton, by setting all the services to
“disabled” and then rebooting… I did not want to do a complete uninstall
of it.

However, the server still crashed, so I’m wondering if a piece of norton is
still running somehow… SYMEVENT is still being mentioned, so I will do a
complete uninstall of all things symantec and try again.

Here’s the analyze -v:

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f724c421, The address that the exception occurred at
Arg3: babd0814, Trap Frame
Arg4: 00000000

Debugging Details:

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
SYMEVENT.SYS -

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
Ntfs!NtfsAcquireResourceExclusive+8
f724c421 6681380207 cmp word ptr [eax],0x702

TRAP_FRAME: babd0814 – (.trap ffffffffbabd0814)
ErrCode = 00000000
eax=00000000 ebx=87a72008 ecx=000023ae edx=8a337020 esi=87a72198
edi=00000000
eip=f724c421 esp=babd0888 ebp=babd0888 iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
Ntfs!NtfsAcquireResourceExclusive+0x8:
f724c421 6681380207 cmp word ptr [eax],0x702 ds:0023:00000000=???
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from f7291f85 to f724c421

STACK_TEXT:
babd0888 f7291f85 879b4818 00000000 00000001
Ntfs!NtfsAcquireResourceExclusive+0x8
babd098c 8083f9d0 8a337020 87a72008 8a3e6840 Ntfs!NtfsFsdCreate+0x362
babd09a0 f731241b 8a3e6840 8a2db628 8083e760 nt!IofCallDriver+0x45
babd09c8 8083f9d0 8a2d3b68 87a72008 babd0a2c fltmgr!FltpCreate+0xa7
babd09dc b7f2e163 babd0a2c ba040a00 00000000 nt!IofCallDriver+0x45
WARNING: Stack unwind information not available. Following frames may be
wrong.
babd0a5c 8092e269 babd0c04 8a3ec2f0 00000000
SYMEVENT!SYMEvent_GetVMDataPtr+0x87c3
babd0b44 80936caa 8a3ec308 00000000 8a0ed688 nt!IopParseDevice+0xa35
babd0bc4 80936aa5 00000000 babd0c04 00000040 nt!ObpLookupObjectName+0x5a9
babd0c18 80936f27 00000000 00000000 0ed68801 nt!ObOpenObjectByName+0xea
babd0c94 80936ff8 008ad6d4 02100080 008ad670 nt!IopCreateFile+0x447
babd0cf0 8092ed98 008ad6d4 02100080 008ad670 nt!IoCreateFile+0xa3
babd0d30 80834d3f 008ad6d4 02100080 008ad670 nt!NtCreateFile+0x30
babd0d30 7c82ed54 008ad6d4 02100080 008ad670 nt!KiFastCallEntry+0xfc
008ad6cc 00000000 00000000 00000000 00000000 0x7c82ed54

FOLLOWUP_IP:
fltmgr!FltpCreate+a7
f731241b e991010000 jmp fltmgr!FltpCreate+0x23d (f73125b1)

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: fltmgr!FltpCreate+a7

MODULE_NAME: fltmgr

IMAGE_NAME: fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba1

STACK_COMMAND: .trap ffffffffbabd0814 ; kb

FAILURE_BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

Followup: MachineOwner

On 9/30/05, David J. Craig wrote:
>
> Current versions of Norton do not switch stacks.
>
> “Satya Das” wrote in message news:xxxxx@ntfsd…
> In the analyze -v for the crash after you removed Norton, do you see any
> reference to symevent.sys or anything similar ? It is more likely that
> Norton is doing something than Pervasive SQL.
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

It is often worth submitting these to Microsoft’s OCA process. We do
sometimes actually know the answer.

However in this case some of the extra filters might have fooled us, but
if we had it linked you might well have got this response

http://oca.microsoft.com/en/Response.asp?SID=1610

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gordon McLellan
Sent: Friday, September 30, 2005 1:49 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] bugcheck 0x8e fltmgr.sys

I had thought I’d completely disabled norton, by setting all the
services to “disabled” and then rebooting… I did not want to do a
complete uninstall of it.

However, the server still crashed, so I’m wondering if a piece of norton
is still running somehow… SYMEVENT is still being mentioned, so I will
do a complete uninstall of all things symantec and try again.

Here’s the analyze -v:

3: kd> !analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never
have
hardcoded breakpoints in retail code, but …
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f724c421, The address that the exception occurred at
Arg3: babd0814, Trap Frame
Arg4: 00000000

Debugging Details:

*** ERROR: Symbol file could not be found. Defaulted to export symbols
for SYMEVENT.SYS -

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
Ntfs!NtfsAcquireResourceExclusive+8
f724c421 6681380207 cmp word ptr [eax],0x702

TRAP_FRAME: babd0814 – (.trap ffffffffbabd0814)
ErrCode = 00000000
eax=00000000 ebx=87a72008 ecx=000023ae edx=8a337020 esi=87a72198
edi=00000000
eip=f724c421 esp=babd0888 ebp=babd0888 iopl=0 nv up ei ng nz ac
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010296
Ntfs!NtfsAcquireResourceExclusive+0x8:
f724c421 6681380207 cmp word ptr [eax],0x702
ds:0023:00000000=???
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from f7291f85 to f724c421

STACK_TEXT:
babd0888 f7291f85 879b4818 00000000 00000001
Ntfs!NtfsAcquireResourceExclusive+0x8
babd098c 8083f9d0 8a337020 87a72008 8a3e6840 Ntfs!NtfsFsdCreate+0x362
babd09a0 f731241b 8a3e6840 8a2db628 8083e760 nt!IofCallDriver+0x45
babd09c8 8083f9d0 8a2d3b68 87a72008 babd0a2c fltmgr!FltpCreate+0xa7
babd09dc b7f2e163 babd0a2c ba040a00 00000000 nt!IofCallDriver+0x45
WARNING: Stack unwind information not available. Following frames may be
wrong.
babd0a5c 8092e269 babd0c04 8a3ec2f0 00000000
SYMEVENT!SYMEvent_GetVMDataPtr+0x87c3
babd0b44 80936caa 8a3ec308 00000000 8a0ed688 nt!IopParseDevice+0xa35
babd0bc4 80936aa5 00000000 babd0c04 00000040
nt!ObpLookupObjectName+0x5a9
babd0c18 80936f27 00000000 00000000 0ed68801 nt!ObOpenObjectByName+0xea
babd0c94 80936ff8 008ad6d4 02100080 008ad670 nt!IopCreateFile+0x447
babd0cf0 8092ed98 008ad6d4 02100080 008ad670 nt!IoCreateFile+0xa3
babd0d30 80834d3f 008ad6d4 02100080 008ad670 nt!NtCreateFile+0x30
babd0d30 7c82ed54 008ad6d4 02100080 008ad670 nt!KiFastCallEntry+0xfc
008ad6cc 00000000 00000000 00000000 00000000 0x7c82ed54

FOLLOWUP_IP:
fltmgr!FltpCreate+a7
f731241b e991010000 jmp fltmgr!FltpCreate+0x23d (f73125b1)

SYMBOL_STACK_INDEX: 3

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: fltmgr!FltpCreate+a7

MODULE_NAME: fltmgr

IMAGE_NAME: fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba1

STACK_COMMAND: .trap ffffffffbabd0814 ; kb

FAILURE_BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7

Followup: MachineOwner

On 9/30/05, David J. Craig wrote:

Current versions of Norton do not switch stacks.

“Satya Das” wrote in message
news:xxxxx@ntfsd…

In the analyze -v for the crash after you removed Norton, do you
see any reference to symevent.sys or anything similar ? It is more
likely that Norton is doing something than Pervasive SQL.

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’

To unsubscribe send a blank email to xxxxx@lists.osr.com
mailto:xxxxx

— Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17 You are currently subscribed
to ntfsd as: unknown lmsubst tag argument: ‘’ To unsubscribe send a
blank email to xxxxx@lists.osr.com</mailto:xxxxx>

Ian,

Shortly after my last message, I managed to get the server to do a ‘report
this error to microsoft’ … and received that link … Roxio is now gone -
I forgot it was even on there. - Before uninstalling roxio, I also performed
the “work around” symantec had listed, something about a layer3 codec.

somehow, I don’t think this is the problem … I’ve never used the roxio or
done any layer 3 (mp3s?) of any kind.

Symantec’s alternate suggestion about backup software + norton causing the
bsod seems more plausible … I do run a backup around 7PM and it sometimes
runs for a few hours … but its done well before the server crashes
around 3 am.

have to wait and see what happens tomorrow morning.

thanks all!
Gordon

On 9/30/05, Ian Service wrote:
>
> It is often worth submitting these to Microsoft’s OCA process. We do
> sometimes actually know the answer.
>
> However in this case some of the extra filters might have fooled us, but
> if we had it linked you might well have got this response
>
> http://oca.microsoft.com/en/Response.asp?SID=1610
>
> ------------------------------
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *Gordon McLellan
> Sent: Friday, September 30, 2005 1:49 PM
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] bugcheck 0x8e fltmgr.sys
>
> I had thought I’d completely disabled norton, by setting all the services
> to “disabled” and then rebooting… I did not want to do a complete
> uninstall of it.
>
> However, the server still crashed, so I’m wondering if a piece of norton
> is still running somehow… SYMEVENT is still being mentioned, so I will do
> a complete uninstall of all things symantec and try again.
>
> Here’s the analyze -v:
>
> 3: kd> !analyze -v
>
> ***
> *
> * Bugcheck Analysis
> *
>
>
>
> KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
> This is a very common bugcheck. Usually the exception address pinpoints
> the driver/function that caused the problem. Always note this address
> as well as the link date of the driver/image that contains this address.
> Some common problems are exception code 0x80000003. This means a hard
> coded breakpoint or assertion was hit, but this system was booted
> /NODEBUG. This is not supposed to happen as developers should never have
> hardcoded breakpoints in retail code, but …
> If this happens, make sure a debugger gets connected, and the
> system is booted /DEBUG. This will let us see why this breakpoint is
> happening.
> Arguments:
> Arg1: c0000005, The exception code that was not handled
> Arg2: f724c421, The address that the exception occurred at
> Arg3: babd0814, Trap Frame
> Arg4: 00000000
>
> Debugging Details:
> ------------------
>
> *** ERROR: Symbol file could not be found. Defaulted to export symbols for
> SYMEVENT.SYS -
>
> EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The memory could not be “%s”.
>
> FAULTING_IP:
> Ntfs!NtfsAcquireResourceExclusive+8
> f724c421 6681380207 cmp word ptr [eax],0x702
>
> TRAP_FRAME: babd0814 – (.trap ffffffffbabd0814)
> ErrCode = 00000000
> eax=00000000 ebx=87a72008 ecx=000023ae edx=8a337020 esi=87a72198
> edi=00000000
> eip=f724c421 esp=babd0888 ebp=babd0888 iopl=0 nv up ei ng nz ac po nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
> Ntfs!NtfsAcquireResourceExclusive+0x8:
> f724c421 6681380207 cmp word ptr [eax],0x702 ds:0023:00000000=???
> Resetting default scope
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x8E
>
> CURRENT_IRQL: 0
>
> LAST_CONTROL_TRANSFER: from f7291f85 to f724c421
>
> STACK_TEXT:
> babd0888 f7291f85 879b4818 00000000 00000001
> Ntfs!NtfsAcquireResourceExclusive+0x8
> babd098c 8083f9d0 8a337020 87a72008 8a3e6840 Ntfs!NtfsFsdCreate+0x362
> babd09a0 f731241b 8a3e6840 8a2db628 8083e760 nt!IofCallDriver+0x45
> babd09c8 8083f9d0 8a2d3b68 87a72008 babd0a2c fltmgr!FltpCreate+0xa7
> babd09dc b7f2e163 babd0a2c ba040a00 00000000 nt!IofCallDriver+0x45
> WARNING: Stack unwind information not available. Following frames may be
> wrong.
> babd0a5c 8092e269 babd0c04 8a3ec2f0 00000000
> SYMEVENT!SYMEvent_GetVMDataPtr+0x87c3
> babd0b44 80936caa 8a3ec308 00000000 8a0ed688 nt!IopParseDevice+0xa35
> babd0bc4 80936aa5 00000000 babd0c04 00000040 nt!ObpLookupObjectName+0x5a9
> babd0c18 80936f27 00000000 00000000 0ed68801 nt!ObOpenObjectByName+0xea
> babd0c94 80936ff8 008ad6d4 02100080 008ad670 nt!IopCreateFile+0x447
> babd0cf0 8092ed98 008ad6d4 02100080 008ad670 nt!IoCreateFile+0xa3
> babd0d30 80834d3f 008ad6d4 02100080 008ad670 nt!NtCreateFile+0x30
> babd0d30 7c82ed54 008ad6d4 02100080 008ad670 nt!KiFastCallEntry+0xfc
> 008ad6cc 00000000 00000000 00000000 00000000 0x7c82ed54
>
>
> FOLLOWUP_IP:
> fltmgr!FltpCreate+a7
> f731241b e991010000 jmp fltmgr!FltpCreate+0x23d (f73125b1)
>
> SYMBOL_STACK_INDEX: 3
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: fltmgr!FltpCreate+a7
>
> MODULE_NAME: fltmgr
>
> IMAGE_NAME: fltmgr.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 42435ba1
>
> STACK_COMMAND: .trap ffffffffbabd0814 ; kb
>
> FAILURE_BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7
>
> BUCKET_ID: 0x8E_fltmgr!FltpCreate+a7
>
> Followup: MachineOwner
> ---------
>
> On 9/30/05, David J. Craig wrote:
>
> Current versions of Norton do not switch stacks.
>
> “Satya Das” wrote in message news:xxxxx@ntfsd…
>
> In the analyze -v for the crash after you removed Norton, do you see any
> reference to symevent.sys or anything similar ? It is more likely that
> Norton is doing something than Pervasive SQL.
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
>
>
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> — Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17 You are currently subscribed
> to ntfsd as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank
> email to xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>