BSOD in MiCheckForControlAreaDeletion

Hi All,

I am observing BSOD (A) with the inlined stack dump. Has anyone encountered the same before? I am
noticing that the fileobject that is being accessed by MiCheckForControlAreaDeletion is freed.
Hence, the BSOD when a field inside is referenced. I feel it is because of faulty reference
counting. What do you all think? Any pointer will be appreciated.

Thanks,

Rini

BugCheck A, {0, 2, 1, 8043c320}

Probably caused by : memory_corruption ( nt!MiCheckForControlAreaDeletion+58 )

Followup: MachineOwner

1: kd> !reload
Loading Kernel Symbols

Loading unloaded module list

Loading User Symbols
1: kd> kb
ChildEBP RetAddr Args to Child
f6843a80 8043c320 f6843b3c 8763f1a8 bdc11f7a nt!KiTrap0E+0x210
f6843b00 80445d02 85aa4ce8 80476c80 89690650 nt!MiCheckForControlAreaDeletion+0x58
f6843b18 8044a65a ec812900 ffffffff 873efd60 nt!MiRestoreTransitionPte+0x9a
f6843b28 8044ac7f 873efd28 80444739 ec812900 nt!MiRemovePageFromList+0x8a
f6843b30 80444739 ec812900 fffff000 e41cecca nt!MiRemoveAnyPage+0x6f
f6843b5c 80444327 874aeea8 873efdb8 00010000 nt!MiResolveMappedFileFault+0x267
f6843b88 804436d0 00000000 da780000 c0369e00 nt!MiResolveProtoPteFault+0xfd
f6843bcc 8044c6a6 00000000 da780000 c0369e00 nt!MiDispatchFault+0xfc
f6843c1c 804494ad 00000000 00000000 00000000 nt!MmAccessFault+0x704
f6843c4c 8040d6d6 da780000 00000000 00000000 nt!MmCheckCachedPageState+0x299
f6843d0c 8041359b 89043d68 80478c80 89048020 nt!CcPerformReadAhead+0x218
f6843d78 80417b47 89043d68 00000000 00000000 nt!CcWorkerThread+0x16d
f6843da8 80457828 89043d68 00000000 00000000 nt!ExpWorkerThread+0xaf
f6843ddc 8046c8d6 80417a98 00000000 00000000 nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

Yes, I have seen this crash before. The last time I saw this it was due
to a flawed implementation of file open cancellation. We wrote this up
for The NT Insider (http://www.osronline.com/article.cfm?id=379) and I
suspect you’ll find the description there helps you track down the
issue.

The PROBLEM is likely occurring when someone initiates caching on a file
object, either late (between cleanup and close) or against a stack-based
file object (see http://www.osronline.com/article.cfm?article=219 for
more information as well).

I hope this helps.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Rini Kaushik
Sent: Friday, June 17, 2005 1:47 PM
To: ntfsd redirect
Subject: [ntfsd] BSOD in MiCheckForControlAreaDeletion

Hi All,

I am observing BSOD (A) with the inlined stack dump. Has anyone
encountered the same before? I am
noticing that the fileobject that is being accessed by
MiCheckForControlAreaDeletion is freed.
Hence, the BSOD when a field inside is referenced. I feel it is because
of faulty reference
counting. What do you all think? Any pointer will be appreciated.

Thanks,

Rini

BugCheck A, {0, 2, 1, 8043c320}

Probably caused by : memory_corruption (
nt!MiCheckForControlAreaDeletion+58 )

Followup: MachineOwner

1: kd> !reload
Loading Kernel Symbols


Loading unloaded module list

Loading User Symbols
1: kd> kb
ChildEBP RetAddr Args to Child
f6843a80 8043c320 f6843b3c 8763f1a8 bdc11f7a nt!KiTrap0E+0x210
f6843b00 80445d02 85aa4ce8 80476c80 89690650
nt!MiCheckForControlAreaDeletion+0x58
f6843b18 8044a65a ec812900 ffffffff 873efd60
nt!MiRestoreTransitionPte+0x9a
f6843b28 8044ac7f 873efd28 80444739 ec812900
nt!MiRemovePageFromList+0x8a
f6843b30 80444739 ec812900 fffff000 e41cecca nt!MiRemoveAnyPage+0x6f
f6843b5c 80444327 874aeea8 873efdb8 00010000
nt!MiResolveMappedFileFault+0x267
f6843b88 804436d0 00000000 da780000 c0369e00
nt!MiResolveProtoPteFault+0xfd
f6843bcc 8044c6a6 00000000 da780000 c0369e00 nt!MiDispatchFault+0xfc
f6843c1c 804494ad 00000000 00000000 00000000 nt!MmAccessFault+0x704
f6843c4c 8040d6d6 da780000 00000000 00000000
nt!MmCheckCachedPageState+0x299
f6843d0c 8041359b 89043d68 80478c80 89048020 nt!CcPerformReadAhead+0x218
f6843d78 80417b47 89043d68 00000000 00000000 nt!CcWorkerThread+0x16d
f6843da8 80457828 89043d68 00000000 00000000 nt!ExpWorkerThread+0xaf
f6843ddc 8046c8d6 80417a98 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com