Windows Server 2016 rebooted. The bugcheck was: 0x000000d1 (0x0000000000000058, 0x0000000000000002, 0x0000000000000001, 0xfffff80680f12ceb)

jaril nambiar 41 Reputation points
2023-03-15T09:29:26.5733333+00:00

Hello experts,

Can anyone help me understand the process that happened in the below stack text? I will then decide whom I need to contact for a fix.

OS Windows Server 2016 Standard

I'm using the latest version of Arcserve ShadowProtect SPX (7.5.4) to backup. A USB disk (Apacer Portable HDD USB Device (Driver provider: Microsoft, Driver Date: 6/21/2016, Version: 10.0.14393.1613)) volume is also part of the backup job.

The BSOD not occurring while backup. There is no SPX-related activity found while BSOD.

Windows patches are up-to-date.

Arcserve recommended anti-virus exclusions are in place. There is no device control feature enabled in the antivirus.

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 0000000000000058, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000001, value 0 = read operation, 1 = write operation

Arg4: fffff80680f12ceb, address which referenced memory

BUGCHECK_CODE: d1

BUGCHECK_P1: 58

BUGCHECK_P2: 2

BUGCHECK_P3: 1

BUGCHECK_P4: fffff80680f12ceb

WRITE_ADDRESS: 0000000000000058

PROCESS_NAME: System

SYMBOL_NAME: stcvsm+2ceb

MODULE_NAME: stcvsm

IMAGE_NAME: stcvsm.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 2ceb

FAILURE_BUCKET_ID: AV_stcvsm!unknown_function

OS_VERSION: 10.0.14393.5717

3: kd> k

Child-SP RetAddr Call Site

00 ffff9801344eeb08 fffff8036d5793a9 nt!KeBugCheckEx

01 ffff9801344eeb10 fffff8036d575fe6 nt!KiBugCheckDispatch+0x69

02 ffff9801344eec50 fffff80680f12ceb nt!KiPageFault+0x426

03 ffff9801344eede0 fffff80680f37793 stcvsm+0x2ceb

04 ffff9801344eee10 fffff806802114b7 stcvsm+0x27793

05 ffff9801344eee40 fffff80680203646 FLTMGR!FltpPerformPostCallbacksWorker+0x2fb

06 ffff9801344eef20 fffff806802041b9 FLTMGR!FltpPassThroughCompletionWorker+0x76

07 ffff9801344eef60 fffff80680202e86 FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x239

08 ffff9801344eeff0 fffff8036d87fde8 FLTMGR!FltpDispatch+0xb6

09 ffff9801344ef050 fffff8036d83fc8c nt!IopSynchronousCall+0xd8

0a ffff9801344ef0c0 fffff8036d9b28c5 nt!IopRemoveDevice+0xdc

0b ffff9801344ef170 fffff8036d83f14e nt!PnpDeleteLockedDeviceNode+0x173525

0c ffff9801344ef1b0 fffff8036da58fe6 nt!PnpDeleteLockedDeviceNodes+0xbe

0d ffff9801344ef220 fffff8036d9b1207 nt!PiEventQueryRemoveDevices+0x126

0e ffff9801344ef2c0 fffff8036d8b4799 nt!PnpProcessQueryRemoveAndEject+0x17343b

0f ffff9801344ef3f0 fffff8036d8b4a54 nt!PnpProcessTargetDeviceEvent+0xd9

10 ffff9801344ef430 fffff8036d4a0db9 nt!PnpDeviceEventWorker+0x294

11 ffff9801344ef4c0 fffff8036d451f85 nt!ExpWorkerThread+0xe9

12 ffff9801344ef550 fffff8036d56fdf6 nt!PspSystemThreadStartup+0x41

13 ffff9801344ef5a0 0000000000000000 nt!KiStartSystemThread+0x16

Observed the below events in the system while BSOD

Log Name: System

Source: Microsoft-Windows-WER-SystemErrorReporting

Date: 3/11/2023 3:55:17 PM

Event ID: 1001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer:

Description:

The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000058, 0x0000000000000002, 0x0000000000000001, 0xfffff80680f12ceb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 7d73cb04-187c-40d0-9cee-45532c779695.

Log Name: System

Source: stcvsm

Date: 3/11/2023 3:54:42 PM

Event ID: 1

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer:

Description:

ShadowProtect driver loaded (version 3.79.0.752).

Log Name: System

Source: Microsoft-Windows-FilterManager

Date: 3/11/2023 3:54:42 PM

Event ID: 6

Task Category: None

Level: Information

Keywords: (70368744177664)

User: SYSTEM

Computer:

Description:

The following information was included with the event:

0

10

0

6

stcvsm

10/1/2022 4:18:55 AM

203

{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Activity Monitor" , "instances" : [["388250","0x00000000"]] }

EV_RenderedValue_8.00

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,926 Reputation points
    2023-03-16T15:07:34.1566667+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query\issues related to BSOD.

    From this logs it seems issue due to stcvsm.sys file which is from StorageCraft.

    I would suggest you to Remove or Disable any Backup software on this Host and also please try to perform below steps which will help to resolve this issue

    1. Disable any Antivirus program or Windows firewall you may have for temporary purpose.
    2. Run sfc /scannow from elevated prompt.
    3. Run below DISM commands from elevated prompt.

    DISM /Online /Cleanup-Image /CheckHealth

    DISM /Online /Cleanup-Image /ScanHealth

    DISM /Online /Cleanup-Image /RestoreHealth

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments