Re: How should one proceed to analyze this type of B SOD - Help

I’m running thru the verifier to see if there is anything I can get a clue
from. Something about MDL and around that area may be getting out of hand.
This one seems like create section, mapping view … for loading a dll is
panicing. Sure something messed up before this …


-----Original Message-----
From: Maxim S. Shatskih []
Sent: Tuesday, August 13, 2002 8:50 AM
To: File Systems Developers
Subject: [ntfsd] Re: How should one proceed to analyze this type of BSOD -

This can be MDL mishandling.

----- Original Message -----
From: Prokash Sinha mailto:xxxxx
To: File Systems mailto:xxxxx Developers
Sent: Monday, August 12, 2002 9:25 PM
Subject: [ntfsd] How should one proceed to analyze this type of BSOD - Help

Hi all,

I’ve a BSOD like this, which is not very reproducible. I am trying to find
how one should proceed when there is no stack trace of our driver. But we
should be able to somehow conclude the type and possibly the source of the

Also is there any place I can find detail about the args …

Thanx in advance


kd> !analyze -v

Bugcheck Analysis


Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arg1: 00000002, A list entry was corrupt <<< could be 1 or 2 >>>
Arg2: 0007ee7a, entry in list being removed
Arg3: 0000ffda, highest physical page number
Arg4: 0000ffff, reference count of entry being removed

Debugging Details:



LAST_CONTROL_TRANSFER: from 801234eb to 8012dd6d

f687a950 801234eb 8057ef00 8057eec8 8057ef00 nt!MiUnlinkPageFromList+0x39
f687aa1c 801231b0 e24fa9ec e3af574c 8057ef00 nt!MiFlushSectionInternal+0x2db
f687aa64 80121946 807b7490 00000000 00000000 nt!MmFlushSection+0x140
f687aa88 80121344 ffac4d28 00000000 01000000 nt!MiFlushDataSection+0x52
f687ab60 801796ef f687abac 0000000e 00000000 nt!MmCreateSection+0x3aa
f687abcc 8013e394 0006e9b4 0000000e 00000000 nt!NtCreateSection+0x14f
f687abcc 77f678bf 0006e9b4 0000000e 00000000 nt!KiSystemService+0xc4
0006e8c4 77f6acb5 0006e9b4 0000000e 00000000 ntdll!NtCreateSection+0xb
0006e920 77f6a73e 0006e958 00000000 0006e980 ntdll!LdrpCreateDllSection+0xcf
0006e9bc 77f6b4a8 00073f90 0006e9e8 0006ecb8 ntdll!LdrpMapDll+0xc8
0006ec64 77f63b86 00073f90 0006ecb8 0006ecac ntdll!LdrpLoadDll+0x175
0006ec80 77f13ac2 00073f90 0006ecb8 0006ecac ntdll!LdrLoadDll+0x16
0006ece4 77f13838 7ffdec00 00000000 00000000 KERNEL32!LoadLibraryExW+0x198
0006ed04 77f137ca 0006ed50 00000000 00000000 KERNEL32!LoadLibraryExA+0x5b
0006ed14 6fab06c9 0006ed50 77f13fb3 010e1e34 KERNEL32!LoadLibraryA+0xd
WARNING: Stack unwind information not available. Following frames may be
010e1e34 00000000 00000000 00000000 00000000 mapi32x!MAPIUninitialize+0x2019

8012dd6d e98d000000 jmp nt!MiUnlinkPageFromList+0xcb (8012ddff)


SYMBOL_NAME: nt!MiUnlinkPageFromList+39


IMAGE_NAME: ntoskrnl.exe



BUCKET_ID: 0x4E_nt!MiUnlinkPageFromList+39

Followup: MachineOwner

You are currently subscribed to ntfsd as:
To unsubscribe send a blank email to %%email.unsub%%

You are currently subscribed to ntfsd as:
To unsubscribe send a blank email to %%email.unsub%%</mailto:xxxxx></mailto:xxxxx>