none
FwpsInjectTransportReceiveAsync0 crashed Windows 7 RRS feed

  • Question

  • The packet re-injected is a DHCP packet, during system wake-up resume time.
    Here is the call stack:
    fffff800`02c8f469 : 00000000`0000000a 00000000`00000004 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff800`02c8e0e0 : 00000000`00000000 fffffa80`0bbcc010 fffff880`00000004 fffffa80`0bbcc010 : nt!KiBugCheckDispatch+0x69
    fffff880`018ef619 : 00000000`00000001 fffff880`017b4a7d 00000000`00000002 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`0193654e : fffff880`0196d9a0 fffffa80`045e07b0 00000000`00000000 fffff880`0192fad2 : tcpip!IppFindAnySubInterfaceOnInterfaceUnderLock+0x9
    fffff880`017b5afa : fffffa80`3d840502 fffffa80`3d840500 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xae
    fffff880`03cb8a86 : fffffa80`04883b00 00000000`00000000 00000000`00000000 fffff880`03793a18 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
    fffff880`03cbe87c : fffff880`03793a18 00000000`0000000e fffff880`03cc15b0 00000000`00000001 : eeyetv64!Firewall_ProcessDecision+0x346
    

    The RAX register is 0 when it crashed. It seems failed to locate the sub-interface index. I've double checked that the interface index is 11 and sub interface index is 0, which is copied from original packet.

    Is this a known issue?
    Maybe it was caused by the sleep. when re-inject packets which was hold before sleep, the interface was not ready for it, right?
    How can I tell whether an interface index or sub-interface index is valid when inject data?
    Tuesday, January 12, 2010 6:08 PM

Answers

  • This is confirmed as a bug.  You can contact your Microsoft Technical Account Manager (TAM) or Microsoft Product Support Service (PSS) to request a fix for Win7.  You can reference [Win8:29111]

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Monday, August 15, 2011 11:49 PM
    Moderator

All replies

  • Hi, can you please send email to wfp@microsoft.com and share out the memory.dmp of the bugcheck?

    thanks,
    Biao.W.
    Wednesday, January 13, 2010 4:47 AM
  •  

    Hi.

     

    Is there any solution existing for this one? I am asking because I stumbled over the same problem:

     

    Loading Dump File [C:\Users\frank.friemel\Desktop\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    WARNING: Whitespace at start of path element
    Symbol search path is: SRV*p:\websymbols*http://msdl.microsoft.com/download/symbols;SRV*p:\websymbols*\\appdevbuild\download\images;SRV*p:\websymbols*\\appdevbuild\download\symbols;M:\Symbols;SRV*p:\websymbols*\\pegasus\download\images;SRV*p:\websymbols*\\pegasus\download\symbols
    Executable search path is:

    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS <8000>
    Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
    Machine Name:
    Kernel base = 0xfffff800`01612000 PsLoadedModuleList = 0xfffff800`01857670
    Debug session time: Wed Aug 10 19:46:37.245 2011 (GMT+2)
    System Uptime: 0 days 0:10:54.226
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..........
    Loading User Symbols

    Loading unloaded module list
    ....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {4, 2, 1, fffff88001732fc9}

    Probably caused by : fwpkclnt.sys ( fwpkclnt!FwpsInjectTransportReceiveAsync0+256 )

    Followup: MachineOwner
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000004, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff88001732fc9, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS:  0000000000000004

    CURRENT_IRQL:  2

    FAULTING_IP:
    tcpip!IppFindAnySubInterfaceOnInterfaceUnderLock+9
    fffff880`01732fc9 f083400401      lock add dword ptr [rax+4],1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  fffff88001fc4910 -- (.trap 0xfffff88001fc4910)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800228fd68
    rdx=fffff88001fee318 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff88001732fc9 rsp=fffff88001fc4aa0 rbp=0000000000000000
     r8=fffff88001fc4aa0  r9=0000000000000000 r10=fffff880018731c0
    r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    tcpip!IppFindAnySubInterfaceOnInterfaceUnderLock+0x9:
    fffff880`01732fc9 f083400401      lock add dword ptr [rax+4],1 ds:00000000`00000004=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff8000168e1e9 to fffff8000168ec40

    STACK_TEXT: 
    fffff880`01fc47c8 fffff800`0168e1e9 : 00000000`0000000a 00000000`00000004 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`01fc47d0 fffff800`0168ce60 : 00000000`00000000 fffff880`01e68180 fffffa80`034bd0e0 fffffa80`0228fc30 : nt!KiBugCheckDispatch+0x69
    fffff880`01fc4910 fffff880`01732fc9 : 00000000`00000000 fffffa80`0228fd38 00000000`00000002 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`01fc4aa0 fffff880`0177a02e : fffff880`017b19a0 fffffa80`01c00b40 fffffa80`03e86b40 fffff880`0126532e : tcpip!IppFindAnySubInterfaceOnInterfaceUnderLock+0x9
    fffff880`01fc4ad0 fffff880`0184daf6 : fffffa80`03fc3902 fffffa80`03fc39e0 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xae
    fffff880`01fc4b10 fffff880`053ce851 : fffffa80`02e09a30 fffffa80`03e86b40 00000000`00000000 00000000`0ad6ffff : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256
    fffff880`01fc4bc0 fffff880`053ce91d : fffffa80`03e86b40 00000000`00000001 00000000`00000000 00000002`00000005 : PktIcpt!PktIcptCloneReinjectInbound+0x171 [d:\security\branches\r_2012_pipe\common\avkfirewall\vistapkt2\sys\pktinterceptor.cpp @ 1459]
    fffff880`01fc4c40 fffff880`01287ef3 : 00000000`00000000 fffffa80`03713840 fffffa80`03713840 00000000`00000001 : PktIcpt!PktIcptQueueItemWorkerRoutine+0xa9 [d:\security\branches\r_2012_pipe\common\avkfirewall\vistapkt2\sys\pktinterceptor.cpp @ 1541]
    fffff880`01fc4c70 fffff800`01699001 : fffff880`01287eb0 fffff800`0182f2b8 fffffa80`01899680 00000000`00000000 : fltmgr!FltpProcessGenericWorkItem+0x43
    fffff880`01fc4cb0 fffff800`01929fee : 058d4c18`498b4818 fffffa80`01899680 00000000`00000080 fffffa80`0188f040 : nt!ExpWorkerThread+0x111
    fffff880`01fc4d40 fffff800`016805e6 : fffff880`01e68180 fffffa80`01899680 fffff880`01e72fc0 4c538b54`74c43b49 : nt!PspSystemThreadStartup+0x5a
    fffff880`01fc4d80 00000000`00000000 : fffff880`01fc5000 fffff880`01fbf000 fffff880`01fc45c0 00000000`00000000 : nt!KxStartSystemThread+0x16


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    fwpkclnt!FwpsInjectTransportReceiveAsync0+256
    fffff880`0184daf6 e805f0ffff      call    fwpkclnt!FwppInjectEpilogue (fffff880`0184cb00)

    SYMBOL_STACK_INDEX:  5

    SYMBOL_NAME:  fwpkclnt!FwpsInjectTransportReceiveAsync0+256

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: fwpkclnt

    IMAGE_NAME:  fwpkclnt.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79321

    FAILURE_BUCKET_ID:  X64_0xD1_fwpkclnt!FwpsInjectTransportReceiveAsync0+256

    BUCKET_ID:  X64_0xD1_fwpkclnt!FwpsInjectTransportReceiveAsync0+256

    Followup: MachineOwner
    ---------

     

    Thursday, August 11, 2011 9:05 AM
  • This is confirmed as a bug.  You can contact your Microsoft Technical Account Manager (TAM) or Microsoft Product Support Service (PSS) to request a fix for Win7.  You can reference [Win8:29111]

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Monday, August 15, 2011 11:49 PM
    Moderator