Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

BSOD DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (cb) in rdbss.sys

Pooja_BansalPooja_Bansal Member - All Emails Posts: 44
Hi,

We are working on file system encryption minifilter driver.If we copy file in
NAS enccrypted path, then delete, and then restart, bugcheck happens.

It points to rdbss.sys driver not our file system filter driver.

I have made this registry setting to capture stack traces so the guilty driver can be easily identified
set HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\TrackLockedPages to a DWORD 1

Bug check details:


DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (cb)
Caused by a driver not cleaning up completely after an I/O.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff88002919d4a, The calling address in the driver that locked the pages or if the
IO manager locked the pages this points to the dispatch routine of
the top driver on the stack to which the IRP was sent.
Arg2: 0000000000000000, The caller of the calling address in the driver that locked the
pages. If the IO manager locked the pages this points to the device
object of the top driver on the stack to which the IRP was sent.
Arg3: fffffa8003a43010, A pointer to the MDL containing the locked pages.
Arg4: 0000000000000002, The number of locked pages.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 402

BUILD_VERSION_STRING: 7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

SYSTEM_MANUFACTURER: VMware, Inc.

VIRTUAL_MACHINE: VMware

SYSTEM_PRODUCT_NAME: VMware Virtual Platform

SYSTEM_VERSION: None

BIOS_VENDOR: Phoenix Technologies LTD

BIOS_VERSION: 6.00

BIOS_DATE: 07/30/2013

BASEBOARD_MANUFACTURER: Intel Corporation

BASEBOARD_PRODUCT: 440BX Desktop Reference Platform

BASEBOARD_VERSION: None

DUMP_TYPE: 0

BUGCHECK_P1: fffff88002919d4a

BUGCHECK_P2: 0

BUGCHECK_P3: fffffa8003a43010

BUGCHECK_P4: 2

FAULTING_IP:
rdbss!RxLockUserBuffer+b2
fffff880`02919d4a eb45 jmp rdbss!RxLockUserBuffer+0xf9 (fffff880`02919d91)

CPU_COUNT: 2

CPU_MHZ: 960

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 2d

CPU_STEPPING: 7

CPU_MICROCODE: 6,2d,7,0 (F,M,S,R) SIG: 710'00000000 (cache) 710'00000000 (init)

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

BUGCHECK_STR: 0xCB

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: NOI-D70QD152

ANALYSIS_SESSION_TIME: 08-20-2018 11:16:03.0536

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER: from fffff8000198f3ac to fffff800016b29a0

STACK_TEXT:
fffff880`05d5b858 fffff800`0198f3ac : 00000000`000000cb fffff880`02919d4a 00000000`00000000 fffffa80`03a43010 : nt!KeBugCheckEx
fffff880`05d5b860 fffff800`0192a326 : 00000000`00000001 fffffa80`033219f0 fffffa80`00000000 fffffa80`00000000 : nt! ?? ::NNGAKEGL::`string'+0x131ac
fffff880`05d5b8a0 fffff800`01659894 : 00000000`00000000 fffffa80`01891080 fffffa80`03667ad0 fffff800`0191b37b : nt!PspProcessDelete+0x1a2
fffff880`05d5b900 fffff800`018f263f : fffffa80`03667b00 00000000`00000001 fffffa80`033219f0 fffff800`0190b04e : nt!ObfDereferenceObject+0xd4
fffff880`05d5b960 fffff800`01659894 : 00000000`00000000 fffffa80`036ba160 fffffa80`01891f30 fffffa80`036ba160 : nt!PspThreadDelete+0xe3
fffff880`05d5b9a0 fffff800`0190b4d1 : fffffa80`036ba160 00000000`00000000 fffffa80`033219f0 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`05d5ba00 fffff800`0190b1e4 : 00000000`00000b34 fffffa80`030deb00 fffff8a0`02028ef0 00000000`00000b34 : nt!ObpCloseHandleTableEntry+0xc1
fffff880`05d5ba90 fffff800`016c09d3 : fffffa80`033219f0 fffff880`05d5bb60 00000000`00000000 00000000`00000000 : nt!ObpCloseHandle+0x94
fffff880`05d5bae0 00000000`7719999a : 000007fe`fccf1873 00000000`0029eb90 00000000`002d58c0 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01c0f6d8 000007fe`fccf1873 : 00000000`0029eb90 00000000`002d58c0 00000000`00000000 000007fe`fd0b2006 : ntdll!NtClose+0xa
00000000`01c0f6e0 00000000`77031951 : 00000000`04710298 00000000`89000089 00000000`00000000 00000000`0022d390 : KERNELBASE!CloseHandle+0x13
00000000`01c0f710 000007fe`fac45c2c : 00000000`01a7a520 00000000`00000000 00000000`00244940 00000000`00000000 : kernel32!CloseHandleImplementation+0x3d
00000000`01c0f820 000007fe`fac3f335 : 00000000`00000000 00000000`00000000 00000000`01a7a520 00000000`00000000 : shsvcs!COMXProc::CAdviseClient::`vector deleting destructor'+0x3c
00000000`01c0f850 000007fe`fac311ac : 00000000`01a7d330 00000000`00000000 00000000`01a7dde0 00000000`01a7a4a0 : shsvcs!COMXProc::CThreadTaskCheckClients::_DoStuff+0xc9
00000000`01c0f890 000007fe`fac3110a : 00000000`01a7d330 00000000`00000000 00000000`00000000 00000000`00000000 : shsvcs!CThreadTask::_CallDoStuff+0x76
00000000`01c0f8c0 00000000`7713d13b : 00000000`01e95080 00000000`01e95080 00000000`00000000 00000000`00000002 : shsvcs!CThreadTask::_ThreadProc+0x12
00000000`01c0f8f0 00000000`77229e87 : 00000000`00000000 00000000`01a7d330 00000000`00227aa0 00000000`01ef5248 : ntdll!RtlpTpWorkCallback+0x16b
00000000`01c0f9d0 00000000`770259cd : 00000000`00000002 00000002`00020002 00000000`00227aa0 00000000`01e95080 : ntdll!TppWorkerThread+0x6f7
00000000`01c0fc60 00000000`7718383d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`01c0fc90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 0b89289000e72fa8be7f9b7d086b1768bbb3e1f0

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: bb662d1717cf489f1d9ce6b4c73e2e030aa404ce

THREAD_SHA1_HASH_MOD: d2a905b0950cb2e9ab7e398c3a06ceb0608fb060

FOLLOWUP_IP:
rdbss!RxLockUserBuffer+b2
fffff880`02919d4a eb45 jmp rdbss!RxLockUserBuffer+0xf9 (fffff880`02919d91)

FAULT_INSTR_CODE: d88b45eb

SYMBOL_NAME: rdbss!RxLockUserBuffer+b2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 59deb54c

FAILURE_BUCKET_ID: X64_0xCB_rdbss!RxLockUserBuffer+b2

BUCKET_ID: X64_0xCB_rdbss!RxLockUserBuffer+b2

PRIMARY_PROBLEM_CLASS: X64_0xCB_rdbss!RxLockUserBuffer+b2

TARGET_TIME: 2018-08-17T07:21:16.000Z

OSBUILD: 7601

OSSERVICEPACK: 1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 274

PRODUCT_TYPE: 3

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

OSEDITION: Windows 7 Server (Service Pack 1) Enterprise TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2018-08-02 07:48:10

BUILDDATESTAMP_STR: 180801-1700

BUILDLAB_STR: win7sp1_ldr_escrow

BUILDOSVER_STR: 6.1.7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

ANALYSIS_SESSION_ELAPSED_TIME: c5fa

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:x64_0xcb_rdbss!rxlockuserbuffer+b2

FAILURE_ID_HASH: {1a7b1b6a-d847-222f-47cc-87c5d98ec2b4}


Any help on same?

Thanks in Advance!

Comments

  • Pooja_BansalPooja_Bansal Member - All Emails Posts: 44
    System: Windows server 2008R2.

    Is there any known issue reported in rdbss.sys??
    or how any help to debug this issue further.

    Thanks
    Pooja
  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,088
    > Any help on same?

    Review your use of MDLs and in particular beware of the way that FltMgr and
    the IoMgr will (or will not) cleanup an MDL when the operation finishes (as
    I recall it is to do with whether iopb->Parameters->Write.MdlAddress is set
    or not)

    /r
  • Pooja_BansalPooja_Bansal Member - All Emails Posts: 44
    Hi, I can see similar bugcheck in rdbss.sys reported in OSR,
    http://osronline.com/showThread.CFM?link=220997


    I doubt it might be a known issue in rdbss (Redirected Drive Buffering SubSystem) driver w.r.t. lock pages.


    Any idea, it will be a great help!

    Thanks a lot!
    Pooja
  • SpanjokusSpanjokus Member Posts: 1
    edited October 2

    Hello everyone, tell me please, I encountered a blue screen on my Windows Server 2012 P2, which acts as my RDS host. BSOD has an RDP-FILE-SYSTEM code and error 0x00000027. A 67 GB dump file was created on my server. I analyzed it and there was code ZEROED_STACK_0x27. I tried to find the reason on my own, read materials from this source, this one and this one. As I understand it, there is a certain rdbss.sys driver that conflicts with some other application accessing it, can you tell me what can be done, how to find it exactly? The server itself is a virtual target on ESXI 6.5, which is hosted on a Dell R740 server. On windows rivods I see an event about a blue screen with a code of 1001, in ESXI 6.5 logs there is nothing. Update all the latest, VMTools I updated.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,515

    This is a year old three. Please don’t necropost.

    If you hav a question, start a new thread.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

This discussion has been closed.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE