Help with DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS

I still new to Win32 kernel debugging and I need some assistance with this
bugcheck. Unfortunately the offending driver is not identified.

0: kd> kv
ChildEBP RetAddr Args to Child
f8032c50 804e4095 804e3b42 00000000 800654e0
ntkrnlmp!MiResolveTransitionFault+0x19a (FPO: [Non-Fpo])
f8032d00 804e3b5c 00000000 ff9c7888 8042f430
ntkrnlmp!NtSetInformationJobObject+0x761 (FPO: [Non-Fpo])
f8032d4c 804656e4 00000001 00000000 f8032d64
ntkrnlmp!NtSetInformationJobObject+0x228 (FPO: [Non-Fpo])
f8032d64 00000000 00000000 00000000 00000000 ntkrnlmp!V86_kite_a+0x4
0: kd> .bugcheck
Bugcheck code 000000CB
Arguments 804ad6bf 80465679 fdf7ab48 00000000

I have a user-mode program that is stress testing a storage device by
read/writing I/O’s to it. The storage device is connected to my host by 2
Qlogic 2200 HBA fibre channel cards.

From what I understand DO_DIRECT_IO is being used so an MDL is created to
map the user-mode buffer to locked pages in physical memory.

What are some good debugger commands to use for this? I’ve got the output
from !vm and !memusage but don’t know what to specifically look for in the
output.

Regards,
Bob


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Did you try !analyzebugcheck -v?

Are you using a QLogic driver or is it a SCSI miniport you have written?

Gary G. Little
Staff Engineer
Broadband Storage, Inc.
xxxxx@broadstor.com

-----Original Message-----
From: xxxxx@lsil.com [mailto:xxxxx@lsil.com]
Sent: Tuesday, September 11, 2001 5:16 AM
To: NT Developers Interest List
Subject: [ntdev] Help with DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS

I still new to Win32 kernel debugging and I need some assistance with this
bugcheck. Unfortunately the offending driver is not identified.

0: kd> kv
ChildEBP RetAddr Args to Child
f8032c50 804e4095 804e3b42 00000000 800654e0
ntkrnlmp!MiResolveTransitionFault+0x19a (FPO: [Non-Fpo])
f8032d00 804e3b5c 00000000 ff9c7888 8042f430
ntkrnlmp!NtSetInformationJobObject+0x761 (FPO: [Non-Fpo])
f8032d4c 804656e4 00000001 00000000 f8032d64
ntkrnlmp!NtSetInformationJobObject+0x228 (FPO: [Non-Fpo])
f8032d64 00000000 00000000 00000000 00000000 ntkrnlmp!V86_kite_a+0x4
0: kd> .bugcheck
Bugcheck code 000000CB
Arguments 804ad6bf 80465679 fdf7ab48 00000000

I have a user-mode program that is stress testing a storage device by
read/writing I/O’s to it. The storage device is connected to my host by 2
Qlogic 2200 HBA fibre channel cards.

From what I understand DO_DIRECT_IO is being used so an MDL is created to
map the user-mode buffer to locked pages in physical memory.

What are some good debugger commands to use for this? I’ve got the output
from !vm and !memusage but don’t know what to specifically look for in the
output.

Regards,
Bob


You are currently subscribed to ntdev as: xxxxx@broadstor.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

First off, thanks for your response!

Yes, I’ve run !bugcheckanalyze -v and didn’t learn anything above and
beyond what the DDK documentation says about this bugcheck code. I ran a
‘ln’ command to figure out which functions the first two bugcheck arguments
where near. This is what I got:

DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (cb)
Caused by a driver not cleaning up completely after an I/O. The bad
driver’s
name is printed on the bugcheck screen and is available for re-dumping as
parameter 4 in the bugcheck data.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: 804ad6bf, The calling address in the driver that locked the pages or
if the IO manager locked the pages this
points to the dispatch routine of the top driver on the stack to which the
IRP was sent.
Arg2: 80465679, The caller of the calling address in the driver that locked
the pages. If the IO manager locked the pages
this points to the device object of the top driver on the stack to which
the IRP was sent.
Arg3: fdf7ab48, A pointer to the MDL containing the locked pages.
Arg4: 00000000, The guilty driver’s name (Unicode string).

Details:
*** Bugcheck Analysis may not be correct, please followup with the
following.
Followup : MachineOwner

BUCKET: 0xCB
ChildEBP RetAddr
f8032c50 804e4095 ntkrnlmp!MiResolveTransitionFault+0x19a
f8032d00 804e3b5c ntkrnlmp!NtSetInformationJobObject+0x761
f8032d4c 804656e4 ntkrnlmp!NtSetInformationJobObject+0x228
f8032d64 00000000 ntkrnlmp!V86_kite_a+0x4
Creating .\DMP197.tmp - mini kernel dump

0: kd> ln 804ad6bf
(804ad04a) ntkrnlmp!IopTrackLink+0x675 | (804ad7e8)
ntkrnlmp!IopUserCompletion

804ad694 6a01 push 0x1
804ad696 56 push esi
804ad697 ff7520 push dword ptr [ebp+0x20]
804ad69a ff751c push dword ptr [ebp+0x1c]
804ad69d e830fbf6ff call ntkrnlmp!IoBuildAsynchronousFsdRequest+0x4c
(8041d1d2)
804ad6a2 8945cc mov [ebp-0x34],eax
804ad6a5 3bc6 cmp eax,esi
804ad6a7 750a jnz ntkrnlmp!IopTrackLink+0x669 (804ad6b3)
804ad6a9 689a0000c0 push 0xc000009a
804ad6ae e8b1d1fbff call ntkrnlmp!CcMasterSpinLock+0x24
(8046a864)
804ad6b3 56 push esi
804ad6b4 ff75a8 push dword ptr [ebp-0x58]
804ad6b7 ff75cc push dword ptr [ebp-0x34]
804ad6ba e83596f8ff call ntkrnlmp!MmMapLockedPages+0x12
(80436cf4)
804ad6bf 834dfcff or dword ptr [ebp-0x4],0xffffffff
804ad6c3 eb36 jmp ntkrnlmp!IopTrackLink+0x6b1 (804ad6fb)
804ad6c5 8b45ec mov eax,[ebp-0x14]
804ad6c8 8b00 mov eax,[eax]
804ad6ca 8b00 mov eax,[eax]
804ad6cc 89857cffffff mov [ebp-0x84],eax
804ad6d2 6a01 push 0x1
804ad6d4 58 pop eax
804ad6d5 c3 ret

0: kd> ln 80465679
(8046565c) ntkrnlmp!Dr_kite_a+0x1d | (804656e0) ntkrnlmp!V86_kite_a

80465653 8bf2 mov esi,edx
80465655 8b5f0c mov ebx,[edi+0xc]
80465658 33c9 xor ecx,ecx
8046565a 8a0c18 mov cl,[eax+ebx]
8046565d 8b3f mov edi,[edi]
8046565f 8b1c87 mov ebx,[edi+eax*4]
80465662 2be1 sub esp,ecx
80465664 c1e902 shr ecx,0x2
80465667 8bfc mov edi,esp
80465669 3b3538394880 cmp esi,[ntkrnlmp!IoShutdownSystem+0xb8
(80483938)]
8046566f 0f83e6010000 jnb ntkrnlmp!KiTrap0E+0x153 (8046585b)
80465675 f3a5 rep movsd
80465677 ffd3 call ebx
80465679 8be5 mov esp,ebp
8046567b 648b0d24010000 mov ecx,fs:[00000124]
80465682 8b553c mov edx,[ebp+0x3c]
80465685 899128010000 mov [ecx+0x128],edx
8046568b fa cli

The Process field of the MDL structure references the user-mode program
generating the I/O’s.


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I would suspect that if you do an !irpfind, you will find an IRP associated
with that MDL, actually holding it, that has not been completed, which most
likely means that the SRB(s) created by ScsiPort have not been completed.
Again, this is assuming that you are using the QLA2200 driver from QLogic.
If you happen to be doing transfers larger than 64K you will see lots of
IRPs.

Gary G. Little
Staff Engineer
Broadband Storage, Inc.
xxxxx@broadstor.com

-----Original Message-----
From: xxxxx@lsil.com [mailto:xxxxx@lsil.com]
Sent: Wednesday, September 12, 2001 1:44 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Help with DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS

First off, thanks for your response!

Yes, I’ve run !bugcheckanalyze -v and didn’t learn anything above and
beyond what the DDK documentation says about this bugcheck code. I ran a
‘ln’ command to figure out which functions the first two bugcheck arguments
where near. This is what I got:

DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (cb)
Caused by a driver not cleaning up completely after an I/O. The bad
driver’s
name is printed on the bugcheck screen and is available for re-dumping as
parameter 4 in the bugcheck data.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: 804ad6bf, The calling address in the driver that locked the pages or
if the IO manager locked the pages this
points to the dispatch routine of the top driver on the stack to which the
IRP was sent.
Arg2: 80465679, The caller of the calling address in the driver that locked
the pages. If the IO manager locked the pages
this points to the device object of the top driver on the stack to which
the IRP was sent.
Arg3: fdf7ab48, A pointer to the MDL containing the locked pages.
Arg4: 00000000, The guilty driver’s name (Unicode string).

Details:
*** Bugcheck Analysis may not be correct, please followup with the
following.
Followup : MachineOwner

BUCKET: 0xCB
ChildEBP RetAddr
f8032c50 804e4095 ntkrnlmp!MiResolveTransitionFault+0x19a
f8032d00 804e3b5c ntkrnlmp!NtSetInformationJobObject+0x761
f8032d4c 804656e4 ntkrnlmp!NtSetInformationJobObject+0x228
f8032d64 00000000 ntkrnlmp!V86_kite_a+0x4
Creating .\DMP197.tmp - mini kernel dump

0: kd> ln 804ad6bf
(804ad04a) ntkrnlmp!IopTrackLink+0x675 | (804ad7e8)
ntkrnlmp!IopUserCompletion

804ad694 6a01 push 0x1
804ad696 56 push esi
804ad697 ff7520 push dword ptr [ebp+0x20]
804ad69a ff751c push dword ptr [ebp+0x1c]
804ad69d e830fbf6ff call ntkrnlmp!IoBuildAsynchronousFsdRequest+0x4c
(8041d1d2)
804ad6a2 8945cc mov [ebp-0x34],eax
804ad6a5 3bc6 cmp eax,esi
804ad6a7 750a jnz ntkrnlmp!IopTrackLink+0x669 (804ad6b3)
804ad6a9 689a0000c0 push 0xc000009a
804ad6ae e8b1d1fbff call ntkrnlmp!CcMasterSpinLock+0x24
(8046a864)
804ad6b3 56 push esi
804ad6b4 ff75a8 push dword ptr [ebp-0x58]
804ad6b7 ff75cc push dword ptr [ebp-0x34]
804ad6ba e83596f8ff call ntkrnlmp!MmMapLockedPages+0x12
(80436cf4)
804ad6bf 834dfcff or dword ptr [ebp-0x4],0xffffffff
804ad6c3 eb36 jmp ntkrnlmp!IopTrackLink+0x6b1 (804ad6fb)
804ad6c5 8b45ec mov eax,[ebp-0x14]
804ad6c8 8b00 mov eax,[eax]
804ad6ca 8b00 mov eax,[eax]
804ad6cc 89857cffffff mov [ebp-0x84],eax
804ad6d2 6a01 push 0x1
804ad6d4 58 pop eax
804ad6d5 c3 ret

0: kd> ln 80465679
(8046565c) ntkrnlmp!Dr_kite_a+0x1d | (804656e0) ntkrnlmp!V86_kite_a

80465653 8bf2 mov esi,edx
80465655 8b5f0c mov ebx,[edi+0xc]
80465658 33c9 xor ecx,ecx
8046565a 8a0c18 mov cl,[eax+ebx]
8046565d 8b3f mov edi,[edi]
8046565f 8b1c87 mov ebx,[edi+eax*4]
80465662 2be1 sub esp,ecx
80465664 c1e902 shr ecx,0x2
80465667 8bfc mov edi,esp
80465669 3b3538394880 cmp esi,[ntkrnlmp!IoShutdownSystem+0xb8
(80483938)]
8046566f 0f83e6010000 jnb ntkrnlmp!KiTrap0E+0x153 (8046585b)
80465675 f3a5 rep movsd
80465677 ffd3 call ebx
80465679 8be5 mov esp,ebp
8046567b 648b0d24010000 mov ecx,fs:[00000124]
80465682 8b553c mov edx,[ebp+0x3c]
80465685 899128010000 mov [ecx+0x128],edx
8046568b fa cli

The Process field of the MDL structure references the user-mode program
generating the I/O’s.


You are currently subscribed to ntdev as: xxxxx@broadstor.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

!irpfind did not find any IRP’s. I tried the command using various
arguments as documented in the DDK.

I received an update to the qlogic driver late yesterday and it seems to
have fixed the problem. I appreciate your responses on this - it has been
educational for me.

Bob


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com