BSOD in CcUnmapVacbArray

OSR_Community_User · April 11, 2006, 12:55pm

My FSD blows up occasionally in Cache Manager, when lazy-writing.
I’m wondering where cache manager gets the address that is in the EDI
register.

Here’s the call stack when it blows up:

kd> kv

ChildEBP RetAddr Args to Child

eb42fc04 80813c05 f3a0dfda 858025a0 84f674a8 nt!KiTrap0E+0x20b (FPO: [0,0]
TrapFrame @ eb42fc04)

eb42fc98 80810e7a 00000001 00000000 84da65e8 nt!CcUnmapVacbArray+0xf5 (FPO:
[Non-Fpo])

eb42fcb0 808107b3 84da6588 8099dea0 84da6588 nt!CcUnmapAndPurge+0x1c (FPO:
[1,0,3])

eb42fcdc 8080e5d7 00000001 808742c0 84ec7828 nt!CcDeleteSharedCacheMap+0x12d
(FPO: [Non-Fpo])

eb42fd0c 80812b5c 85df57e8 80874760 85df9420 nt!CcWriteBehind+0x30f (FPO:
[Non-Fpo])

eb42fd78 80816bfa 85df57e8 00000000 00000000 nt!CcWorkerThread+0x12c (FPO:
[Non-Fpo])

eb42fda8 80854ab2 85df57e8 00000000 00000000 nt!ExpWorkerThread+0xae (FPO:
[Non-Fpo])

eb42fddc 808692a2 80816b4c 00000000 00000000 nt!PspSystemThreadStartup+0x54
(FPO: [Non-Fpo])

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

here’s the regs in the trap:

kd> .trap eb42fc04

ErrCode = 00000000

eax=00000000 ebx=000c0000 ecx=84da65b8 edx=00000000 esi=84da6588
edi=01bd0760

eip=80813c05 esp=eb42fc78 ebp=eb42fc98 iopl=0 nv up ei pl zr na po
nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246

nt!CcUnmapVacbArray+0xf5:

80813c05 66394708 cmp [edi+0x8],ax
ds:0023:01bd0768=???

The address in the EDI register (0x01bd0760) happens to be an address that
the user mode

portion of my stuff allocated for a structure that it maintains.

If anyone has any idea what might be going on here, well I’m all ears!

Thanks

Greg

OSR_Community_User · April 11, 2006, 6:00pm

Sounds like it’s already been unmapped. This seems familiar for some
reason (like I’ve seen this situation in the past) and what I keep
thinking is that this may be a “cleanup/close” issue (e.g., you start
cleanup, that forces close, then you continue cleanup but don’t seem to
recognize that close has done something.)

One thing to look for here is the file object being used by the cache
manager (in the shared cache map structure) and the file object being
used by the memory manager (in the control area). These may provide you
with more insight into why this is happening (e.g., this problem doesn’t
happen when you’ve got the same file object in both places, but does
happen when you end up with different file objects in each place.)

Sorry to be so vague.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Greg Pearce
Sent: Tuesday, April 11, 2006 12:55 PM
To: ntfsd redirect
Subject: [ntfsd] BSOD in CcUnmapVacbArray

My FSD blows up occasionally in Cache Manager, when lazy-writing.
I’m wondering where cache manager gets the address that is in the EDI
register.

Here’s the call stack when it blows up:

kd> kv

ChildEBP RetAddr Args to Child

eb42fc04 80813c05 f3a0dfda 858025a0 84f674a8 nt!KiTrap0E+0x20b (FPO:
[0,0]
TrapFrame @ eb42fc04)

eb42fc98 80810e7a 00000001 00000000 84da65e8 nt!CcUnmapVacbArray+0xf5
(FPO:
[Non-Fpo])

eb42fcb0 808107b3 84da6588 8099dea0 84da6588 nt!CcUnmapAndPurge+0x1c
(FPO:
[1,0,3])

eb42fcdc 8080e5d7 00000001 808742c0 84ec7828
nt!CcDeleteSharedCacheMap+0x12d
(FPO: [Non-Fpo])

eb42fd0c 80812b5c 85df57e8 80874760 85df9420 nt!CcWriteBehind+0x30f
(FPO:
[Non-Fpo])

eb42fd78 80816bfa 85df57e8 00000000 00000000 nt!CcWorkerThread+0x12c
(FPO:
[Non-Fpo])

eb42fda8 80854ab2 85df57e8 00000000 00000000 nt!ExpWorkerThread+0xae
(FPO:
[Non-Fpo])

eb42fddc 808692a2 80816b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
(FPO: [Non-Fpo])