duplicate BSOD MDL

NTDEV
1

Hi,
I am encountering a BSOD that is caused by the same MDL being added twice.
In the machine, I only have user-mode processes and no kernel drivers.
I am curious to know how a user-mode service can affect such a BSOD.
Below is all the relevant information from windbg.

Thanks,
Eran.

Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free
x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af988
Debug session time: Thu Oct 6 17:05:01.610 2005 (GMT+2)
System Uptime: 7 days 0:00:33.453
Loading Kernel Symbols
................................................................................................
Loading unloaded module list
..
Loading User Symbols
............................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D9, {1, f7dfbcf8, f7c487e0, 205}

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntdll.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: pci!_FDO_EXTENSION ***
*** ***
*************************************************************************
*** WARNING: Unable to verify checksum for trcuser.exe
Probably caused by : memory_corruption ( nt!MiAddMdlTracker+d9 )

Followup: MachineOwner

0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

LOCKED_PAGES_TRACKER_CORRUPTION (d9)
Arguments:
Arg1: 00000001, The MDL is being inserted twice on the same process list.
Arg2: f7dfbcf8, Address of internal lock tracking structure.
Arg3: f7c487e0, Address of memory descriptor list.
Arg4: 00000205, Number of pages locked for the current process.

Debugging Details:

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: pci!_FDO_EXTENSION ***
*** ***
*************************************************************************

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD9

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 8087fadc to 8087b6be

STACK_TEXT:
f5d1abf4 8087fadc 000000d9 00000001 f7dfbcf8 nt!KeBugCheckEx+0x1b
f5d1ac28 8085fddb fbff59c8 808f4e81 80834d3f nt!MiAddMdlTracker+0xd9
f5d1bcb0 808f4e81 f7c487e0 03e24000 ffab3701
nt!MmProbeAndLockSelectedPages+0xe5b
f5d1bd38 80834d3f 00000458 00000000 00000000 nt!NtReadFileScatter+0x44c
f5d1bd38 7c82ed54 00000458 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Stack unwind information not available. Following frames may be
wrong.
0376f718 004828f0 00000458 03460000 00200000 ntdll!KiFastSystemCallRet

FOLLOWUP_IP:
nt!MiAddMdlTracker+d9
8087fadc cc int 3

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MiAddMdlTracker+d9

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42435e60

STACK_COMMAND: kb

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xD9_nt!MiAddMdlTracker+d9

BUCKET_ID: 0xD9_nt!MiAddMdlTracker+d9

Followup: MachineOwner

2

Your user mode process is the victim of a malfunctioning kernel mode
component. It would help if your stack trace used the correct symbols. Try
!symfix.

If this bug can be reproduced you might want to try turning driver verifier
on for all components - it has a reasonable shot at bugchecking at or near
the actual problem rather than later on when the problem causes disaster. Of
course you could combine this with a checked kernel/hal which would further
aid in getting closer to the root cause.

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Eran Borovik
Sent: Monday, October 10, 2005 7:47 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] duplicate BSOD MDL

Hi,
I am encountering a BSOD that is caused by the same MDL being
added twice.
In the machine, I only have user-mode processes and no kernel drivers.
I am curious to know how a user-mode service can affect such a BSOD.
Below is all the relevant information from windbg.

Thanks,
Eran.

Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP
(2 procs) Free
x86 compatible
Product: Server, suite: Enterprise TerminalServer
SingleUserTS Built by: 3790.srv03_sp1_rtm.050324-1447 Kernel
base = 0x80800000 PsLoadedModuleList = 0x808af988 Debug
session time: Thu Oct 6 17:05:01.610 2005 (GMT+2) System
Uptime: 7 days 0:00:33.453 Loading Kernel Symbols


Loading unloaded module list

Loading User Symbols

**************************************************************
*****************
*
*
* Bugcheck Analysis
*
*
*
**************************************************************
*****************

Use !analyze -v to get detailed debugging information.

BugCheck D9, {1, f7dfbcf8, f7c487e0, 205}

*** ERROR: Symbol file could not be found. Defaulted to
export symbols for ntdll.dll -
**************************************************************
***********
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your
symbol path ***
*** must point to .pdb files that have full type
information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do
not ***
*** contain the required information. Contact the group
that ***
*** provided you with these symbols if you need this
command to ***
*** work.
***
***
***
*** Type referenced: pci!_FDO_EXTENSION
***
***
***
**************************************************************
***********
*** WARNING: Unable to verify checksum for trcuser.exe
Probably caused by : memory_corruption ( nt!MiAddMdlTracker+d9 )

Followup: MachineOwner

0: kd> !analyze -v
**************************************************************
*****************
*
*
* Bugcheck Analysis
*
*
*
**************************************************************
*****************

LOCKED_PAGES_TRACKER_CORRUPTION (d9)
Arguments:
Arg1: 00000001, The MDL is being inserted twice on the same
process list.
Arg2: f7dfbcf8, Address of internal lock tracking structure.
Arg3: f7c487e0, Address of memory descriptor list.
Arg4: 00000205, Number of pages locked for the current process.

Debugging Details:

**************************************************************
***********
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your
symbol path ***
*** must point to .pdb files that have full type
information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do
not ***
*** contain the required information. Contact the group
that ***
*** provided you with these symbols if you need this
command to ***
*** work.
***
***
***
*** Type referenced: pci!_FDO_EXTENSION
***
***
***
**************************************************************
***********

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD9

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 8087fadc to 8087b6be

STACK_TEXT:
f5d1abf4 8087fadc 000000d9 00000001 f7dfbcf8 nt!KeBugCheckEx+0x1b
f5d1ac28 8085fddb fbff59c8 808f4e81 80834d3f
nt!MiAddMdlTracker+0xd9 f5d1bcb0 808f4e81 f7c487e0 03e24000
ffab3701 nt!MmProbeAndLockSelectedPages+0xe5b
f5d1bd38 80834d3f 00000458 00000000 00000000
nt!NtReadFileScatter+0x44c
f5d1bd38 7c82ed54 00000458 00000000 00000000 nt!KiFastCallEntry+0xfc
WARNING: Stack unwind information not available. Following
frames may be wrong.
0376f718 004828f0 00000458 03460000 00200000 ntdll!KiFastSystemCallRet

FOLLOWUP_IP:
nt!MiAddMdlTracker+d9
8087fadc cc int 3

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!MiAddMdlTracker+d9

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42435e60

STACK_COMMAND: kb

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xD9_nt!MiAddMdlTracker+d9

BUCKET_ID: 0xD9_nt!MiAddMdlTracker+d9

Followup: MachineOwner

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com

3

If you are running VMWARE, then you may have a suspect.