MOVB-02 Another BSoD in NTFS.SYS

Yet another bug in NTFS.SYS driver (same platform, same configuration).

This one has been triggered in background by the defragmentation process (DfrgNtfs.exe).

PS. Don't worry, I am not going to publish crashdumps during one full month. Funny bugs are coming out. Stay tuned!

1: kd> !analyze -v
*******************************************************************************
Bugcheck Analysis *******************************************************************************

NTFS_FILE_SYSTEM (24)

If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace.

Arguments:
Arg1: 001904ab
Arg2: a2a468e0
Arg3: a2a465dc
Arg4: 8519b53b

Debugging Details:
------------------
EXCEPTION_RECORD: a2a468e0 -- (.exr 0xffffffffa2a468e0)

ExceptionAddress: 8519b53b (Ntfs!NtfsCreateScb+0x0000004c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 30000010

Attempt to read from address 30000010

CONTEXT: a2a465dc -- (.cxr 0xffffffffa2a465dc)
eax=30000000 ebx=c5ef080d ecx=c5ef0855 edx=00000000 esi=c5efd008 edi=00000000 eip=8519b53b esp=a2a469a8 ebp=a2a46a08 iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206

Ntfs!NtfsCreateScb+0x4c: 8519b53b f6401006 test byte ptr [eax+10h],6 ds:0023:30000010=??

Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: DfrgNtfs.exe
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d11780 30000010
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from 851a64b8 to 8519b53b

STACK_TEXT:
a2a46a08 851a64b8 84911400 c5efd008 00000080 Ntfs!NtfsCreateScb+0x4c
a2a46a40 851a5b15 84911400 84653520 846536d4 Ntfs!NtfsBreakBatchOplock+0x7e
a2a46a74 851a3cee 84911400 84653520 00000000 Ntfs!NtfsOpenExistingAttr+0x6a
a2a46b5c 8518554e 84911400 84653520 00000000 Ntfs!NtfsOpenAttributeInExistingFile+0x79b
a2a46c10 8519c637 84911400 84653520 00000000 Ntfs!NtfsOpenFcbById+0x590
a2a46cec 851126b6 84911400 84653520 aa7b3964 Ntfs!NtfsCommonCreate+0x601
a2a46d2c 81c80278 aa7b38fc 00000000 ffffffff Ntfs!NtfsCommonCreateCallout+0x20
a2a46d2c 81c80371 aa7b38fc 00000000 ffffffff nt!KiSwapKernelStackAndExit+0x118
aa7b3894 00000000 00000000 00000000 00000000 nt!KiSwitchKernelStackAndCallout+0x31

FOLLOWUP_IP: Ntfs!NtfsCreateScb+4c 8519b53b f6401006 test byte ptr [eax+10h],6
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!NtfsCreateScb+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4549aceb
STACK_COMMAND: .cxr 0xffffffffa2a465dc ; kb
FAILURE_BUCKET_ID: 0x24_Ntfs!NtfsCreateScb+4c
BUCKET_ID: 0x24_Ntfs!NtfsCreateScb+4c