BAD_POOL_HEADER crash in rpcxdr.sys

Author	Message

jamesdavidhoward

Total Posts : 6
Reward points : 20
Joined: 12/12/2002
Status: offline

BAD_POOL_HEADER crash in rpcxdr.sys - Thursday, October 18, 2007 11:14 PM ( #1 )

My Windows/XP laptop, w/ XP SP2, Services for UNIX 3.5 and ToolWorks 2.3 installed is suffering frequent BSOD crashes announcing BAD_POOL_HEADER and dumping memory. windbg claims the problem is in rpcxdr.sys (part of SFU 3.5 and the NFS functionality). A posting at http://forums.comodo.com claimed this is a conflict between rpcxdr.sys and some anti-virus product - probably one of the ones my company wants me to run :-). Anyway, is anyone aware of a repair for this, or a hotfix from MSFT regarding this?

James D. Howard, jhoward@alumni.caltech.edu

benker

Total Posts : 42
Reward points : 0
Joined: 5/7/2004
Status: offline

RE: BAD_POOL_HEADER crash in rpcxdr.sys - Thursday, March 13, 2008 1:01 PM ( #2 )

I have also been getting bluescreens of death on my WinXP SP2 box with SFU 3.5 installed (McAfee VirusScan v8.0i also). Our corporate IT group has been working with Microsoft Technical Support and sending core dumps from my PC. Just an hour ago the Microsoft folks came back with that it is a problem with the RPC driver as you can see below.

Any idea on how to get Microsoft to fix this bug in their SFU?

They think it was caused by the Sun RPC driver. rpcxdr.sys

1: kd> .bugcheck
Bugcheck code 0000000A
Arguments 8ae29000 00000002 00000001 804ef728

This crash looks like it was caused by the Sun RPC driver passing an invalid size to a system function. This driver needs to be updated or the dump sent to the vendor (Sun)

Details

Trap in IoInitializeIrp

Last set context:
eax=00000000 ebx=894e0c03 ecx=00000009 edx=000000dc esi=8ae28f48 edi=8ae29000
eip=804ef728 esp=bacdf3e8 ebp=bacdf3f4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!IoInitializeIrp+0x2e:
804ef728 f3ab rep stos dword ptr es:[edi]

Stack

ChildEBP RetAddr Args to Child
bacdf3f4 aefd99c1 8ae28f48 000000dc 894e0c03 nt!IoInitializeIrp+0x2e<--------------- Size too large passed in from rpcxdr.sys
WARNING: Stack unwind information not available. Following frames may be wrong.
bacdf424 baa21a6a 89e1cfb0 00000016 bacdf55c rpcxdr!SunRpcGetRxStats+0xca9
bacdf460 baa1d58f 88da7a70 00000016 9f6c20a6 mvstdi5x+0x9a6a
bacdf498 b1842367 88da7a70 00000016 bacdf55c mvstdi5x+0x558f
bacdf4dc b188305a 8992aa78 00000016 bacdf55c FireTDI+0x1367
bacdf578 b1883308 886ca500 a6206c9f 77596c9f tcpip!FindListenConn+0x305
bacdf61c b1868ef5 89678c00 77596c9f a6206c9f tcpip!TCPRcv+0x2ff

The size 0xdc is too large. Part of the function zeros the memory. The size was too large and caused a bad memory reference.

Address + Size

1: kd> dd 8ae28f48+dc
8ae29024 ???????? ???????? ???????? ????????
8ae29034 ???????? ???????? ???????? ????????
8ae29044 ???????? ???????? ???????? ????????
8ae29054 ???????? ???????? ???????? ????????
8ae29064 ???????? ???????? ???????? ????????
8ae29074 ???????? ???????? ???????? ????????

benker Total Posts : 42 Reward points : 0 Joined: 5/7/2004 Status: offline	Reply to message Message Options RE: BAD_POOL_HEADER crash in rpcxdr.sys - Thursday, March 13, 2008 1:27 PM ( #3 ) I looked at the version of my "rpcxdr.sys" file and it is "8.0.1969.1" There may be a fix from Microsoft. Thanks to: http://debian-interix.net/hotfixes/ I noticed that Microsoft has a new RPC driver: http://support.microsoft.com/kb/946226/en-us
#3

Jump to:

Current active users
There are 0 members and 1 guests.

Icon Legend and Permission

New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages

Read Message
Post New Thread
Reply to message
Post New Poll
Submit Vote
Post reward post
Delete my own posts
Delete my own threads
Rate post