Rare bugcheck (0x0a) when my FS is installed

Fred_Walters · January 6, 2003, 2:24pm

Running my file system on Windows XP will occasionaly give me this stop
0x0A (see dump below). I’ve never been able to reproduce with a debugger
attached, thus I’m only working with dump files. Any ideas on what’s
going on or where to look next?

Thanks!

Here is some dump info…
***********************************************************************
BugCheck A, {0, 2, 1, 804fde9d}

Probably caused by : ntoskrnl.exe ( nt!MiCheckForControlAreaDeletion+35 )

Followup: MachineOwner

kd>
kd> !analyze -v
*******************************************************************************

*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pagable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804fde9d, address which referenced memory

Debugging Details:

WRITE_ADDRESS: 00000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiCheckForControlAreaDeletion+35
804fde9d 8918 mov [eax],ebx

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

TRAP_FRAME: f501ec38 – (.trap fffffffff501ec38)
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=fed796d0 edx=00e66900 esi=fed796d0
edi=e1db5a98
eip=804fde9d esp=f501ecac ebp=03ffffff iopl=0 nv up ei pl zr na po
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010246
nt!MiCheckForControlAreaDeletion+35:
804fde9d 8918 mov [eax],ebx
ds:0023:00000000=???
Resetting default context

LAST_CONTROL_TRANSFER: from 80508285 to 804fde9d

STACK_TEXT:
f501ecb0 80508285 fed796d0 805365f8 80c8ad80
nt!MiCheckForControlAreaDeletion+0x35
f501eccc 80510681 00000000 ffffffff 00000001
nt!MiRestoreTransitionPte+0xa9
f501ece4 80510a6c 0000000b 805062a3 c0300050 nt!MiRemovePageFromList+0xa7
f501ecec 805062a3 c0300050 c001477c ff71ec10 nt!MiRemoveAnyPage+0x56
f501ed04 8050ee91 051df02d c001477c ff71ec10
nt!MiResolveDemandZeroFault+0xa3
f501ed4c 8052cf70 00000001 051df02d 00000001 nt!MmAccessFault+0x7e3
f501ed4c 77f52d39 00000001 051df02d 00000001 nt!KiTrap0E+0xb8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0688e9ac 00000000 00000000 00000000 00000000 0x77f52d39

Alexey_Logachyov · January 6, 2003, 2:54pm

You tried to write to NULL pointer. Load symbols for the module that
contains 0x77f52d39 address to see the name of the faulting function.

----- Original Message -----
From:
To: “File Systems Developers”
Sent: Monday, January 06, 2003 9:30 PM
Subject: [ntfsd] Rare bugcheck (0x0a) when my FS is installed

> Running my file system on Windows XP will occasionaly give me this stop
> 0x0A (see dump below). I’ve never been able to reproduce with a debugger
> attached, thus I’m only working with dump files. Any ideas on what’s
> going on or where to look next?
>
> Thanks!
>
>
> Here is some dump info…
> ***********************************************************************
> BugCheck A, {0, 2, 1, 804fde9d}
>
> Probably caused by : ntoskrnl.exe ( nt!MiCheckForControlAreaDeletion+35 )
>
> Followup: MachineOwner
> ---------
>
> kd>
> kd> !analyze -v
>
*****

>
>
>
> * Bugcheck Analysis
>
>
>
>

>
>
> IRQL_NOT_LESS_OR_EQUAL (a)
> An attempt was made to access a pagable (or completely invalid) address at
> an
> interrupt request level (IRQL) that is too high. This is usually
> caused by drivers using improper addresses.
> If a kernel debugger is available get the stack backtrace.
> Arguments:
> Arg1: 00000000, memory referenced
> Arg2: 00000002, IRQL
> Arg3: 00000001, value 0 = read operation, 1 = write operation
> Arg4: 804fde9d, address which referenced memory
>
> Debugging Details:
> ------------------
>
>
> WRITE_ADDRESS: 00000000
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> nt!MiCheckForControlAreaDeletion+35
> 804fde9d 8918 mov [eax],ebx
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xA
>
> TRAP_FRAME: f501ec38 – (.trap fffffffff501ec38)
> ErrCode = 00000002
> eax=00000000 ebx=00000000 ecx=fed796d0 edx=00e66900 esi=fed796d0
> edi=e1db5a98
> eip=804fde9d esp=f501ecac ebp=03ffffff iopl=0 nv up ei pl zr na po
> nc
> cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
> efl=00010246
> nt!MiCheckForControlAreaDeletion+35:
> 804fde9d 8918 mov [eax],ebx
> ds:0023:00000000=???
> Resetting default context
>
> LAST_CONTROL_TRANSFER: from 80508285 to 804fde9d
>
> STACK_TEXT:
> f501ecb0 80508285 fed796d0 805365f8 80c8ad80
> nt!MiCheckForControlAreaDeletion+0x35
> f501eccc 80510681 00000000 ffffffff 00000001
> nt!MiRestoreTransitionPte+0xa9
> f501ece4 80510a6c 0000000b 805062a3 c0300050 nt!MiRemovePageFromList+0xa7
> f501ecec 805062a3 c0300050 c001477c ff71ec10 nt!MiRemoveAnyPage+0x56
> f501ed04 8050ee91 051df02d c001477c ff71ec10
> nt!MiResolveDemandZeroFault+0xa3
> f501ed4c 8052cf70 00000001 051df02d 00000001 nt!MmAccessFault+0x7e3
> f501ed4c 77f52d39 00000001 051df02d 00000001 nt!KiTrap0E+0xb8
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 0688e9ac 00000000 00000000 00000000 00000000 0x77f52d39
>
> —
> You are currently subscribed to ntfsd as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>