I am still having a problem with the lazy writer thread, running on a very
busy win2k server, SP2 system.
I’ve got my own FSD that causes the system to bugcheck with Access
Violation C0000005 in FsRtlAcquireFileForModWrite, and I need some help
figuring this out. If anyone has any suggestions on how to debug this one,
please advise… I’ve included a snippet from the dump below.
Thanks in advance…
Greg Pearce
The dump shows:
Arg1: c0000005, The exception code that was not handled
Arg2: 8049b298, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 00000000, Parameter 1 of the exception
FAULTING_IP:
nt!FsRtlAcquireFileForModWrite+18
8049b298 83393c cmp dword ptr [ecx],0x3c
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: 00000000 Unknown
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 1E
EXCEPTION_RECORD: f2473ca0 – (.exr fffffffff2473ca0)
ExceptionAddress: 8049b298 (nt!FsRtlAcquireFileForModWrite+0x00000018)
ExceptionCode: c0000005
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: f24738f8 – (.cxr fffffffff24738f8)
eax=81f63f10 ebx=80065674 ecx=00000000 edx=00000000 esi=e2672728
edi=8187f928
eip=8049b298 esp=f2473d68 ebp=f2473d74 iopl=0 nv up ei ng nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010282
nt!FsRtlAcquireFileForModWrite+18:
8049b298 83393c cmp dword ptr [ecx],0x3c
Resetting default context
LAST_CONTROL_TRANSFER: from 8043ce2e to 8049b298
STACK_TEXT:
f2473d74 8043ce2e 8187f928 82084f78 82084f9c
nt!FsRtlAcquireFileForModWrite+0x18
f2473da8 80454fde 00000000 00000000 00000000 nt!MiMappedPageWriter+0xaa
f2473ddc 8046a302 8043cd84 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
nt!FsRtlAcquireFileForModWrite+18
8049b298 83393c cmp dword ptr [ecx],0x3c
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!FsRtlAcquireFileForModWrite+18
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp
STACK_COMMAND: .cxr fffffffff24738f8 ; kb
BUCKET_ID: 0x1E_nt!FsRtlAcquireFileForModWrite+18
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com