[RESOLVED] Win2008R2/Win7 RTM/SP1: STOP 0xA in NETIO!RtlCopyMdlToMdlIndirect+e5


Status: Resolved

In one of our cases, I came across a dump that shows a known problem that is fixed. The root cause here is an issue in the caching logic of mrxsmb20.sys. This is causing data corruption, eventually leading up to a STOP error.

The stack (Win2008R2 SP1);

ChildEBP RetAddr 
82f78118 8b4e5ac0 nt!memcpy+0x33
82f7814c 8b66261b NETIO!RtlCopyMdlToMdlIndirect+0xe5
82f782ac 8b66fe9e tcpip!TcpSatisfyReceiveRequests+0x275
82f78348 8b672006 tcpip!TcpDeliverDataToClient+0x79
82f7839c 8b68d7a9 tcpip!TcpDeliverReceive+0x96
82f783ec 8b6a3bb8 tcpip!TcpTcbFastDatagram+0x304
82f78454 8b6872d8 tcpip!TcpTcbReceive+0x142
82f784bc 8b687b0a tcpip!TcpMatchReceive+0x237
82f7850c 8b687b4b tcpip!TcpPreValidatedReceive+0x293
82f78528 8b681e77 tcpip!TcpReceive+0x2d
82f78538 8b68a0ab tcpip!TcpNlClientReceiveDatagrams+0x12
82f78564 8b6899f6 tcpip!IppDeliverListToProtocol+0x49
82f78584 8b687db8 tcpip!IppProcessDeliverList+0x2a
82f785dc 8b68989f tcpip!IppReceiveHeaderBatch+0x1fb
82f78670 8b697ccc tcpip!IpFlcReceivePackets+0xbe5
82f786ec 8b6922fe tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
82f78720 82eda644 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
82f78788 8b69246c nt!KeExpandKernelStackAndCalloutEx+0x132
82f787c4 8b48c18d tcpip!FlReceiveNetBufferListChain+0x7c
82f787fc 8b47a5be ndis!ndisMIndicateNetBufferListsToOpen+0x188
82f78824 8b47a4b2 ndis!ndisIndicateSortedNetBufferLists+0x4a
82f789a0 8b425c1d ndis!ndisMDispatchReceiveNetBufferLists+0x129
82f789bc 8b45656a ndis!ndisMTopReceiveNetBufferLists+0x2d
82f789d8 8b456504 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
82f789f4 90a94f02 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
82f78aa8 8b425c78 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
82f78ad0 9211cc61 ndis!NdisMIndicateReceiveNetBufferLists+0x52
82f78af8 9211cdb9 e1k6232+0x26c61
82f78b38 92110d3b e1k6232+0x26db9
82f78bb4 921109b4 e1k6232+0x1ad3b
82f78bf4 92110f14 e1k6232+0x1a9b4
82f78c10 8b47a892 e1k6232+0x1af14
82f78c50 8b425a0f ndis!ndisMiniportDpc+0xda
82f78c78 82ec91b5 ndis!ndisInterruptDpc+0xaf
82f78cd4 82ec9018 nt!KiExecuteAllDpcs+0xf9
82f78d20 82ec8e38 nt!KiRetireDpcList+0xd5
82f78d24 00000000 nt!KiIdleLoop+0x38

Significant here is NETIO!RtlCopyMdlToMdlIndirect, as the top of the stack may vary slightly. Offsets will also be slightly different on the various OS SKUs.

Setting the crash context shows:

0: kd> r
Last set context:
eax=87e368f4 ebx=00000000 ecx=00000155 edx=00000000 esi=87e363a0 edi=b56b1000
eip=82e8a7e3 esp=82f78110 ebp=82f78118 iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010216
nt!memcpy+0x33:
82e8a7e3 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

Note: don’t get mislead by any of the third party drivers on the stack, these are unrelated to the problem.

To resolve the problem, contact Microsoft Support!

Comments (0)

Skip to main content