Probably caused by : raspppoe.sys ( raspppoe+b54a )
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
TARGET_MDL_TOO_SMALL (40)
A driver has called the IoBuildPartialMdl() function and passed it an MDL
to map part of a source MDL, but the target MDL is not large enough to map
the entire range of addresses requested. This is a driver bug. The source
and target MDLs, as well as the address range length to be mapped are the
arguments to the IoBuildPartialMdl() function, i.e.;
IoBuildPartialMdl(
IN PMDL SourceMdl,
IN OUT PMDL TargetMdl,
IN PVOID VirtualAddress,
IN ULONG Length
)
Arguments:
Arg1: 962ddae8
Arg2: 963e8590
Arg3: af62da44
Arg4: 00000000
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x40
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 842d10cc to 84316c2c
STACK_TEXT:
8435fbac 842d10cc 00000040 962ddae8 963e8590 nt!KeBugCheckEx+0x1e
8435fbd8 8a63b8b4 00000014 00000000 af62da44 nt!IoBuildPartialMdl+0xa5
8435fbfc 9535654a 8435fc2c 8435fc30 00000000 ndis!NdisCopyBuffer+0x41
8435fc38 95357176 af62a918 af623230 af62abc0 raspppoe!MpIndicatePacketOnCall+0xf8
8435fc58 9534fb2e af62abc0 af62a934 00000000 raspppoe!MpIndicateReceivedPackets+0x8e
8435fc78 842af655 953531a8 00000000 86d96b82 raspppoe!TimerEvent+0x112
8435fcd4 842af4b8 84362d20 8436c380 00000000 nt!KiExecuteAllDpcs+0xf9
8435fd20 842af2d8 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
8435fd24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
raspppoe!MpIndicatePacketOnCall+f8
9535654a eb17 jmp raspppoe!MpIndicatePacketOnCall+0x111 (95356563)
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: raspppoe!MpIndicatePacketOnCall+f8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: raspppoe
IMAGE_NAME: raspppoe.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc94d
FAILURE_BUCKET_ID: 0x40_raspppoe!MpIndicatePacketOnCall+f8
BUCKET_ID: 0x40_raspppoe!MpIndicatePacketOnCall+f8
Followup: MachineOwner
---------
ndis!NdisCopyBuffer:
8a63b873 8bff mov edi,edi
8a63b875 55 push ebp
8a63b876 8bec mov ebp,esp
8a63b878 53 push ebx
8a63b879 8b5d08 mov ebx,dword ptr [ebp+8]
8a63b87c 56 push esi
8a63b87d 57 push edi
8a63b87e 8b7d14 mov edi,dword ptr [ebp+14h]
8a63b881 8b7718 mov esi,dword ptr [edi+18h]
8a63b884 037710 add esi,dword ptr [edi+10h]
8a63b887 33c0 xor eax,eax
8a63b889 037518 add esi,dword ptr [ebp+18h]
8a63b88c 50 push eax
8a63b88d 50 push eax
8a63b88e 50 push eax
8a63b88f ff751c push dword ptr [ebp+1Ch]
8a63b892 c703010000c0 mov dword ptr [ebx],0C0000001h
8a63b898 56 push esi
8a63b899 ff155cc0648a call dword ptr [ndis!_imp__IoAllocateMdl (8a64c05c)]
8a63b89f 8b4d0c mov ecx,dword ptr [ebp+0Ch]
8a63b8a2 8901 mov dword ptr [ecx],eax
8a63b8a4 85c0 test eax,eax
8a63b8a6 7417 je ndis!NdisCopyBuffer+0x4c (8a63b8bf)
ndis!NdisCopyBuffer+0x35:
8a63b8a8 ff751c push dword ptr [ebp+1Ch]
8a63b8ab 56 push esi
8a63b8ac 50 push eax
8a63b8ad 57 push edi
8a63b8ae ff1598c0648a call dword ptr [ndis!_imp__IoBuildPartialMdl (8a64c098)]
8a63b8b4 8b450c mov eax,dword ptr [ebp+0Ch]
8a63b8b7 8b00 mov eax,dword ptr [eax]
8a63b8b9 832000 and dword ptr [eax],0
8a63b8bc 832300 and dword ptr [ebx],0
ndis!NdisCopyBuffer+0x4c:
8a63b8bf 5f pop edi
8a63b8c0 5e pop esi
8a63b8c1 5b pop ebx
8a63b8c2 5d pop ebp
8a63b8c3 c21800 ret 18h
红色部分说明了问题。 |
发表于 2013-9-25 14:53:28
楼主
