Status: Resolved

In one of our cases, I came across a dump that shows a known problem that is fixed. The root cause here is an issue in the caching logic of mrxsmb20.sys. This is causing data corruption, eventually leading up to a STOP error.

The stack (Win2008R2 SP1);

ChildEBP RetAddr 
82f78118 8b4e5ac0 nt!memcpy+0x33
82f7814c 8b66261b NETIO!RtlCopyMdlToMdlIndirect+0xe5
82f782ac 8b66fe9e tcpip!TcpSatisfyReceiveRequests+0x275
82f78348 8b672006 tcpip!TcpDeliverDataToClient+0x79
82f7839c 8b68d7a9 tcpip!TcpDeliverReceive+0x96
82f783ec 8b6a3bb8 tcpip!TcpTcbFastDatagram+0x304
82f78454 8b6872d8 tcpip!TcpTcbReceive+0x142
82f784bc 8b687b0a tcpip!TcpMatchReceive+0x237
82f7850c 8b687b4b tcpip!TcpPreValidatedReceive+0x293
82f78528 8b681e77 tcpip!TcpReceive+0x2d
82f78538 8b68a0ab tcpip!TcpNlClientReceiveDatagrams+0x12
82f78564 8b6899f6 tcpip!IppDeliverListToProtocol+0x49
82f78584 8b687db8 tcpip!IppProcessDeliverList+0x2a
82f785dc 8b68989f tcpip!IppReceiveHeaderBatch+0x1fb
82f78670 8b697ccc tcpip!IpFlcReceivePackets+0xbe5
82f786ec 8b6922fe tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
82f78720 82eda644 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
82f78788 8b69246c nt!KeExpandKernelStackAndCalloutEx+0x132
82f787c4 8b48c18d tcpip!FlReceiveNetBufferListChain+0x7c
82f787fc 8b47a5be ndis!ndisMIndicateNetBufferListsToOpen+0x188
82f78824 8b47a4b2 ndis!ndisIndicateSortedNetBufferLists+0x4a
82f789a0 8b425c1d ndis!ndisMDispatchReceiveNetBufferLists+0x129
82f789bc 8b45656a ndis!ndisMTopReceiveNetBufferLists+0x2d
82f789d8 8b456504 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
82f789f4 90a94f02 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
82f78aa8 8b425c78 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
82f78ad0 9211cc61 ndis!NdisMIndicateReceiveNetBufferLists+0x52
82f78af8 9211cdb9 e1k6232+0x26c61
82f78b38 92110d3b e1k6232+0x26db9
82f78bb4 921109b4 e1k6232+0x1ad3b
82f78bf4 92110f14 e1k6232+0x1a9b4
82f78c10 8b47a892 e1k6232+0x1af14
82f78c50 8b425a0f ndis!ndisMiniportDpc+0xda
82f78c78 82ec91b5 ndis!ndisInterruptDpc+0xaf
82f78cd4 82ec9018 nt!KiExecuteAllDpcs+0xf9
82f78d20 82ec8e38 nt!KiRetireDpcList+0xd5
82f78d24 00000000 nt!KiIdleLoop+0x38

Significant here is NETIO!RtlCopyMdlToMdlIndirect, as the top of the stack may vary slightly. Offsets will also be slightly different on the various OS SKUs.

Setting the crash context shows:

0: kd> r
Last set context:
eax=87e368f4 ebx=00000000 ecx=00000155 edx=00000000 esi=87e363a0 edi=b56b1000
eip=82e8a7e3 esp=82f78110 ebp=82f78118 iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010216
nt!memcpy+0x33:
82e8a7e3 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

Note: don't get mislead by any of the third party drivers on the stack, these are unrelated to the problem.

To resolve the problem, contact Microsoft Support!