What does this mean?
-htfv
****************************************************************************
***
* *
* Bugcheck Analysis *
* *
****************************************************************************
***
RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters
are the
exception record and context record. Do a .cxr on the 3rd parameter and then
kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code, which is
defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: baad009a
Arg2: f584c548
Arg3: f584c1a0
Arg4: f5a5cbc8
Debugging Details:
EXCEPTION_RECORD: f584c548 – (.exr fffffffff584c548)
ExceptionAddress: f5a5cbc8 (rdbss!RxCopyCreateParameters+0x0000005c)
ExceptionCode: c0000005
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000001c
Attempt to read from address 0000001c
CONTEXT: f584c1a0 – (.cxr fffffffff584c1a0)
eax=00000018 ebx=81682998 ecx=a5b27f68 edx=f5a6e501 esi=81690288
edi=a5b27fd8
eip=f5a5cbc8 esp=f584c610 ebp=f584c61c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
rdbss!RxCopyCreateParameters+5c:
f5a5cbc8 8b4004 mov eax,[eax+0x4]
Resetting default context
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x27
LAST_CONTROL_TRANSFER: from f5a6e839 to f5a5cbc8
STACK_TEXT:
f584c61c f5a6e839 a5b27f68 f5a6e701 81690288
rdbss!RxCopyCreateParameters+0x5c
f584c67c f5a5e365 816829c8 80063418 a5b27f68 rdbss!RxCommonCreate+0x138
f584c72c f5a76087 f5a67e58 a5b27f00 a5b27fd8 rdbss!RxFsdCommonDispatch+0x352
f584c75c f59a8ef0 8174b978 a5b27f00 8174b978 rdbss!RxFsdDispatch+0xcd
f584c784 80424968 8174b978 a5b27f01 000000c9 mrxsmb!MRxSmbFsdDispatch+0x17a
f584c79c 80607cdd 8168f020 a5b21f48 00000000 nt!IopfCallDriver+0x4f
f584c7b8 eb0377c9 f584c87c 8051e7c6 00040401 nt!IovCallDriver+0x77
f584c7f8 eb0371db 8174b978 81682998 f584c87c
Vba32dNT!CFileObject::_OpenDirectory+0x159
[r:\projects@vba4\monitor\fsffilter\template\file.h @ 350]
f584c828 eb037048 81647eb8 f584c8b4 8174b978
Vba32dNT!CFileObject::_ParseFileName+0x10b
[r:\projects@vba4\monitor\fsffilter\template\file.h @ 162]
f584c858 eb036dab f584c8b4 8174b978 eb039510
Vba32dNT!CFileObject::AllocateFileName+0x148
[r:\projects@vba4\monitor\fsffilter\template\file.h @ 92]
f584c880 eb03606c 81647e88 f584c8b4 8174b978
Vba32dNT!CFileNameCache::GetFileName+0x7b
[r:\projects@vba4\monitor\fsffilter\filename.h @ 172]
f584c8cc eb035de1 a5b21f48 eb039200 8168f0d8
Vba32dNT!CFilterDeviceExtension::OnCreate+0x8c
[r:\projects@vba4\monitor\fsffilter\filtdev.h @ 95]
f584c8e0 eb034e19 8168f020 a5b21f48 8168f0d8
Vba32dNT!CFilterDeviceExtension::_DispatchHandler+0x61
[r:\projects@vba4\monitor\fsffilter\filtdev.h @ 58]
f584c8f4 80424968 8168f020 a5b21f48 a5b21f58
Vba32dNT!CDriver::_DispatchHandler+0x29
[r:\projects@vba4\monitor\fsffilter\template\driver.h @ 68]
f584c90c 8054f0b9 8054e667 8174b960 80063400 nt!IopfCallDriver+0x4f
f584ca8c 804a238a 8174b978 00000000 f584cb3c nt!IopParseDevice+0xa52
f584cafc 80579ec9 00000000 f584cbf8 00000040 nt!ObpLookupObjectName+0x5f8
f584cc0c 8051e36f 00000000 00000000 77e6b001 nt!ObOpenObjectByName+0x119
f584cce0 8052a4d1 00dcea0c c0100080 00dce9a8 nt!IoCreateFile+0x425
f584cd24 804be60a 00dcea0c c0100080 00dce9a8 nt!NtCreateFile+0x61
f584cd24 77f7880b 00dcea0c c0100080 00dce9a8 nt!KiSystemService+0x10a
00dce968 77e6ecab 00dcea0c c0100080 00dce9a8 ntdll!ZwCreateFile+0xb
00dcea04 77d39ad0 00000000 c0000000 00000003 kernel32!CreateFileW+0x343
00dcea74 77ce6fdc 008a4168 008a6948 000481ba rpcrt4!NMP_Open+0x1ef
00dceadc 77ce7d3a 008ac250 008a6948 008a3458
rpcrt4!OSF_CCONNECTION::TransOpen+0x6e
00dceb24 77ce951e 008ac250 00dcebbc 00000000
rpcrt4!OSF_CCONNECTION::OpenConnectionAndBind+0xa9
00dceb40 77ce5bc9 00000000 77f93353 008ac250
rpcrt4!OSF_CCALL::BindToServer+0x74
00dceb9c 77ce58d2 00dcebbc 00dcedec 00000000
rpcrt4!OSF_BINDING_HANDLE::AllocateCCall+0x1e3
00dcebc4 77cec886 00dcedec 00000000 0000016c
rpcrt4!OSF_BINDING_HANDLE::GetBuffer+0x21
00dcebe0 77cec8bb 00dcedec 00000000 00dcec08
rpcrt4!I_RpcGetBufferWithObject+0xb2
00dcebf0 77d22245 00dcedec 743a2cc2 0000000a rpcrt4!I_RpcGetBuffer+0xd
00dcec08 77d4de65 00dcee38 0000016c 008ac250 rpcrt4!NdrGetBuffer+0x28
00dcefe4 743d742b 743a2bd8 743a2cb2 00dcf000 rpcrt4!NdrClientCall2+0x3e9
00dceff8 743d6db7 000acfb0 00072bec 00dcf0a4 NETAPI32!NetrLogonSamLogon+0x16
00dcf058 75fab63b 000acfb0 00072bec 00dcf0a4
NETAPI32!I_NetLogonSamLogon+0x58
00dcf0e0 75fac364 000b5d00 00000000 00000002
netlogon!NlpUserValidateHigher+0x2bf
00dcf134 75facd93 00072b60 00000001 00000006 netlogon!NlpUserValidate+0x1fa
00dcf184 75face53 00000000 00000000 00000000 netlogon!NlpLogonSamLogon+0x414
00dcf1b4 782de9a0 00000000 00000000 00000000 netlogon!NetrLogonSamLogon+0x25
00dcf828 782ec076 ffffffff 00000003 000d1bb8 msv1_0!LsaApLogonUserEx2+0xd50
00dcfae0 782e6354 00000000 00613628 00908001
msv1_0!SsprHandleAuthenticateMessage+0x8c6
00dcfcc8 78564032 00000000 000b9560 00dcfe70
msv1_0!SpAcceptLsaModeContext+0x1ef
00dcfd40 7856f583 00613600 00613608 00dcfe70 LSASRV!WLsaAcceptContext+0x1f3
00dcfeb0 7857071e 006135d8 00612f98 00614d10 LSASRV!LpcAcceptContext+0x133
00dcfec8 7856e5f4 006135d8 77e7e493 00617980 LSASRV!DispatchAPI+0x70
00dcff48 7857f91c 00612f98 00dcff94 77e7e493 LSASRV!LpcHandler+0x165
00dcff6c 7857d09e 006136f8 00614df0 00610000 LSASRV!SpmPoolThreadBase+0xc6
00dcffb4 77e5d4f9 000aa890 00614df0 00610000 LSASRV!LsapThreadBase+0x7f
00dcffec 00000000 7857d01f 000aa890 00000000 kernel32!BaseThreadStart+0x52
FOLLOWUP_IP:
rdbss!RxCopyCreateParameters+5c
f5a5cbc8 8b4004 mov eax,[eax+0x4]
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: rdbss!RxCopyCreateParameters+5c
MODULE_NAME: rdbss
IMAGE_NAME: rdbss.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3a1b72aa
STACK_COMMAND: .cxr fffffffff584c1a0 ; kb
BUCKET_ID: 0x27_rdbss!RxCopyCreateParameters+5c
Followup: MachineOwner
---------