Hello experts,
Can anyone help me understand the process that happened in the below stack text? I will then decide whom I need to contact for a fix.
OS Windows Server 2016 Standard
I'm using the latest version of Arcserve ShadowProtect SPX (7.5.4) to backup. A USB disk (Apacer Portable HDD USB Device (Driver provider: Microsoft, Driver Date: 6/21/2016, Version: 10.0.14393.1613)) volume is also part of the backup job.
The BSOD not occurring while backup. There is no SPX-related activity found while BSOD.
Windows patches are up-to-date.
Arcserve recommended anti-virus exclusions are in place. There is no device control feature enabled in the antivirus.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000058, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80680f12ceb, address which referenced memory
BUGCHECK_CODE: d1
BUGCHECK_P1: 58
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff80680f12ceb
WRITE_ADDRESS: 0000000000000058
PROCESS_NAME: System
SYMBOL_NAME: stcvsm+2ceb
MODULE_NAME: stcvsm
IMAGE_NAME: stcvsm.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2ceb
FAILURE_BUCKET_ID: AV_stcvsm!unknown_function
OS_VERSION: 10.0.14393.5717
3: kd> k
Child-SP RetAddr Call Site
00 ffff9801344eeb08 fffff8036d5793a9 nt!KeBugCheckEx
01 ffff9801344eeb10 fffff8036d575fe6 nt!KiBugCheckDispatch+0x69
02 ffff9801344eec50 fffff80680f12ceb nt!KiPageFault+0x426
03 ffff9801344eede0 fffff80680f37793 stcvsm+0x2ceb
04 ffff9801344eee10 fffff806802114b7 stcvsm+0x27793
05 ffff9801344eee40 fffff80680203646 FLTMGR!FltpPerformPostCallbacksWorker+0x2fb
06 ffff9801344eef20 fffff806802041b9 FLTMGR!FltpPassThroughCompletionWorker+0x76
07 ffff9801344eef60 fffff80680202e86 FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x239
08 ffff9801344eeff0 fffff8036d87fde8 FLTMGR!FltpDispatch+0xb6
09 ffff9801344ef050 fffff8036d83fc8c nt!IopSynchronousCall+0xd8
0a ffff9801344ef0c0 fffff8036d9b28c5 nt!IopRemoveDevice+0xdc
0b ffff9801344ef170 fffff8036d83f14e nt!PnpDeleteLockedDeviceNode+0x173525
0c ffff9801344ef1b0 fffff8036da58fe6 nt!PnpDeleteLockedDeviceNodes+0xbe
0d ffff9801344ef220 fffff8036d9b1207 nt!PiEventQueryRemoveDevices+0x126
0e ffff9801344ef2c0 fffff8036d8b4799 nt!PnpProcessQueryRemoveAndEject+0x17343b
0f ffff9801344ef3f0 fffff8036d8b4a54 nt!PnpProcessTargetDeviceEvent+0xd9
10 ffff9801344ef430 fffff8036d4a0db9 nt!PnpDeviceEventWorker+0x294
11 ffff9801344ef4c0 fffff8036d451f85 nt!ExpWorkerThread+0xe9
12 ffff9801344ef550 fffff8036d56fdf6 nt!PspSystemThreadStartup+0x41
13 ffff9801344ef5a0 0000000000000000 nt!KiStartSystemThread+0x16
Observed the below events in the system while BSOD
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 3/11/2023 3:55:17 PM
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000058, 0x0000000000000002, 0x0000000000000001, 0xfffff80680f12ceb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 7d73cb04-187c-40d0-9cee-45532c779695.
Log Name: System
Source: stcvsm
Date: 3/11/2023 3:54:42 PM
Event ID: 1
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer:
Description:
ShadowProtect driver loaded (version 3.79.0.752).
Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 3/11/2023 3:54:42 PM
Event ID: 6
Task Category: None
Level: Information
Keywords: (70368744177664)
User: SYSTEM
Computer:
Description:
The following information was included with the event:
0
10
0
6
stcvsm
10/1/2022 4:18:55 AM
203
{ "flags" : "0x00000010" , "registration_version" : "0x00000202" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Activity Monitor" , "instances" : [["388250","0x00000000"]] }
EV_RenderedValue_8.00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 41%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)