I’m running thru the verifier to see if there is anything I can get a clue
from. Something about MDL and around that area may be getting out of hand.
This one seems like create section, mapping view … for loading a dll is
panicing. Sure something messed up before this …
-prokash
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Tuesday, August 13, 2002 8:50 AM
To: File Systems Developers
Subject: [ntfsd] Re: How should one proceed to analyze this type of BSOD -
Help
This can be MDL mishandling.
----- Original Message -----
From: Prokash Sinha mailto:xxxxx
To: File Systems mailto:xxxxx Developers
Sent: Monday, August 12, 2002 9:25 PM
Subject: [ntfsd] How should one proceed to analyze this type of BSOD - Help
Hi all,
I’ve a BSOD like this, which is not very reproducible. I am trying to find
how one should proceed when there is no stack trace of our driver. But we
should be able to somehow conclude the type and possibly the source of the
fault.
Also is there any place I can find detail about the args …
Thanx in advance
-prokash
kd> !analyze -v
*******************************************************************
Bugcheck Analysis
*************************************************************************
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000002, A list entry was corrupt <<< could be 1 or 2 >>>
Arg2: 0007ee7a, entry in list being removed
Arg3: 0000ffda, highest physical page number
Arg4: 0000ffff, reference count of entry being removed
Debugging Details:
------------------
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 4E
LAST_CONTROL_TRANSFER: from 801234eb to 8012dd6d
STACK_TEXT:
f687a950 801234eb 8057ef00 8057eec8 8057ef00 nt!MiUnlinkPageFromList+0x39
f687aa1c 801231b0 e24fa9ec e3af574c 8057ef00 nt!MiFlushSectionInternal+0x2db
f687aa64 80121946 807b7490 00000000 00000000 nt!MmFlushSection+0x140
f687aa88 80121344 ffac4d28 00000000 01000000 nt!MiFlushDataSection+0x52
f687ab60 801796ef f687abac 0000000e 00000000 nt!MmCreateSection+0x3aa
f687abcc 8013e394 0006e9b4 0000000e 00000000 nt!NtCreateSection+0x14f
f687abcc 77f678bf 0006e9b4 0000000e 00000000 nt!KiSystemService+0xc4
0006e8c4 77f6acb5 0006e9b4 0000000e 00000000 ntdll!NtCreateSection+0xb
0006e920 77f6a73e 0006e958 00000000 0006e980 ntdll!LdrpCreateDllSection+0xcf
0006e9bc 77f6b4a8 00073f90 0006e9e8 0006ecb8 ntdll!LdrpMapDll+0xc8
0006ec64 77f63b86 00073f90 0006ecb8 0006ecac ntdll!LdrpLoadDll+0x175
0006ec80 77f13ac2 00073f90 0006ecb8 0006ecac ntdll!LdrLoadDll+0x16
0006ece4 77f13838 7ffdec00 00000000 00000000 KERNEL32!LoadLibraryExW+0x198
0006ed04 77f137ca 0006ed50 00000000 00000000 KERNEL32!LoadLibraryExA+0x5b
0006ed14 6fab06c9 0006ed50 77f13fb3 010e1e34 KERNEL32!LoadLibraryA+0xd
WARNING: Stack unwind information not available. Following frames may be
wrong.
010e1e34 00000000 00000000 00000000 00000000 mapi32x!MAPIUninitialize+0x2019
FOLLOWUP_IP:
nt!MiUnlinkPageFromList+39
8012dd6d e98d000000 jmp nt!MiUnlinkPageFromList+0xcb (8012ddff)
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!MiUnlinkPageFromList+39
MODULE_NAME: nt
IMAGE_NAME: ntoskrnl.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 37e8005b
STACK_COMMAND: kb
BUCKET_ID: 0x4E_nt!MiUnlinkPageFromList+39
Followup: MachineOwner
---------
—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@zonelabs.com
To unsubscribe send a blank email to %%email.unsub%%</mailto:xxxxx></mailto:xxxxx>