Monday, May 9, 2011

Blog Post: Win2008R2 SP1: STOP 0x19 in volsnap!VspFreeBitMap+3d

Status: In Progress...

My colleague Shasank submitted me a new dump, that looks to be caused by an issue in volsnap.sys. This is yet to be confirmed though, but I just wanted to put a heads-up here, in case anyone out there also has come across this... If so, then please send me a mail telling me you have this issue.

The bugcheck of this particular issue is:

BugCheck 19, {21, fffffa800de58000, 68d0, 0}

The crashing stack is:

4: kd> knL
 # Child-SP          RetAddr           Call Site
00 fffff880`023c3088 fffff800`026019b2 nt!KeBugCheckEx
01 fffff880`023c3090 fffff880`01a94dfd nt!ExFreePoolWithTag+0xffffffff`ffffec22
02 fffff880`023c3140 fffff880`01aad117 volsnap!VspFreeBitMap+0x3d
03 fffff880`023c3170 fffff880`01aadcd6 volsnap!VspMarkFreeSpaceInBitmap+0x1e7
04 fffff880`023c3360 fffff880`01aafe11 volsnap!VspOptimizeDiffAreaFileLocation+0x2a6
05 fffff880`023c36e0 fffff880`01abf68d volsnap!VspOpenDiffAreaFile+0x481
06 fffff880`023c3860 fffff880`01ac65e7 volsnap!VspCreateInitialDiffAreaFile+0x1ed
07 fffff880`023c38b0 fffff880`01ac75d6 volsnap!VspTryPrepareForSnapshot+0x737
08 fffff880`023c3b90 fffff880`01aa50fc volsnap!VspPrepareForSnapshot+0x116
09 fffff880`023c3c50 fffff800`027cdf33 volsnap!VspPostWorker+0x2c
0a fffff880`023c3c80 fffff800`024e1a21 nt!IopProcessWorkItem+0x23
0b fffff880`023c3cb0 fffff800`02774cce nt!ExpWorkerThread+0x111
0c fffff880`023c3d40 fffff800`024c8fe6 nt!PspSystemThreadStartup+0x5a
0d fffff880`023c3d80 00000000`00000000 nt!KxStartSystemThread+0x16

The problem here is that an array of bitmaps has been corrupted. In the dump I checked, the sixth bitmap is corrupted:

4: kd> dq 0xfffffa80`14787450
fffffa80`14787450  00000000`00080000 00000000`00000000
fffffa80`14787460  00000001`00080000 00000000`00000000
fffffa80`14787470  00000000`00080000 00000000`00000000
fffffa80`14787480  00000000`00080000 00000000`00000000
fffffa80`14787490  00000000`00080000 00000000`00000000
fffffa80`147874a0  47cbbbaa`00080000 00000000`00000000    // the corrupted bitmap is here
fffffa80`147874b0  00000000`00080000 00000000`00000000
fffffa80`147874c0  00470045`00080000 00000000`00000000

As said, please mail me when you have this issue too, so we can further investigate. In this particular case, we are going to enable "verifier /volatile /flags 0x9 /adddriver volsnap.sys" to gather more information on this.

Watch this space for further updates.

Genelle Frenoy Shania Twain Gwen Stefani Sunny Mabrey Karolína Kurková

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)