locked
BSOD occured by TcpTcbSend in Fin_Wait2 state RRS feed

  • Question

  • Hi, I have a BSOD dump file.
    According to Microsoft analysis results, we should not send in the Fin_Wait2 state.
    But I did not send in the Fin_Wait2 state. I took the Inject using the FwpsStreamInjectAsync API. So I don't know what the problem is.
    I think it is correct to judge internally in the OS that it should judge Fin_Wait2 state and do not send.
    Or, if the TCP state is Fin_Wait2 state, the FwpsStreamInjectAsync function should fail without calling the completion routine.

    Dusty Harper, I'd like you to analyze it.

    Thanks.

    --------------------------------------------------------------------------------------------------------------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 00000020, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000002, value 0 = read operation, 1 = write operation
    Arg4: 8acc7b3d, address which referenced memory

    Debugging Details:
    ------------------


    KEY_VALUES_STRING: 1


    STACKHASH_ANALYSIS: 1

    TIMELINE_ANALYSIS: 1


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 402

    BUILD_VERSION_STRING:  17134.1.x86fre.rs4_release.180410-1804

    SYSTEM_MANUFACTURER:  System manufacturer

    SYSTEM_PRODUCT_NAME:  System Product Name

    SYSTEM_SKU:  SKU

    SYSTEM_VERSION:  System Version

    BIOS_VENDOR:  American Megatrends Inc.

    BIOS_VERSION:  3202

    BIOS_DATE:  03/21/2018

    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

    BASEBOARD_PRODUCT:  H110M-KS

    BASEBOARD_VERSION:  Rev X.0x

    DUMP_TYPE:  0

    BUGCHECK_P1: 20

    BUGCHECK_P2: 2

    BUGCHECK_P3: 2

    BUGCHECK_P4: ffffffff8acc7b3d

    READ_ADDRESS:  00000020 

    CURRENT_IRQL:  2

    FAULTING_IP: 
    tcpip!TcpBeginTcbSend+9dd
    8acc7b3d f0ff00          lock inc dword ptr [eax]

    CPU_COUNT: 4

    CPU_MHZ: c78

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 5e

    CPU_STEPPING: 3

    CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: C2'00000000 (cache) C2'00000000 (init)

    BLACKBOXBSD: 1 (!blackboxbsd)


    BLACKBOXPNP: 1 (!blackboxpnp)


    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  AV

    PROCESS_NAME:  svchost.exe

    ANALYSIS_SESSION_HOST:  AHNLABA-4O8CRQH

    ANALYSIS_SESSION_TIME:  04-16-2019 16:42:15.0735

    ANALYSIS_VERSION: 10.0.17763.132 amd64fre

    DPC_STACK_BASE:  FFFFFFFF8A82D000

    TRAP_FRAME:  8a82c16c -- (.trap 0xffffffff8a82c16c)
    ErrCode = 00000002
    eax=00000020 ebx=bb116368 ecx=00000000 edx=c8d05d20 esi=8a82c204 edi=c1dcf520
    eip=8acc7b3d esp=8a82c1e0 ebp=8a82c2fc iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    tcpip!TcpBeginTcbSend+0x9dd:
    8acc7b3d f0ff00          lock inc dword ptr [eax]     ds:0023:00000020=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 81ded0cf to 81dd466c

    STACK_TEXT:  
    8a82c0c0 81ded0cf 0000000a 00000020 00000002 nt!KiBugCheck2
    8a82c0c0 8acc7b3d 0000000a 00000020 00000002 nt!KiTrap0E+0x3a7
    8a82c2fc 8acc6320 00000001 1010c310 8a82c360 tcpip!TcpBeginTcbSend+0x9dd
    8a82c500 8acbde1b 00000002 0033626d 90703428 tcpip!TcpTcbSend+0x660
    8a82c548 8acd983e 8f1c2808 8addd1f4 8a82c618 tcpip!TcpFlushDelay+0x1cb
    8a82c580 8acd9647 00000002 00000001 00000000 tcpip!TcpReceive+0x1f2
    8a82c594 8acb9204 8a82c5ac 00000006 00000000 tcpip!TcpNlClientReceiveDatagrams+0x1f
    8a82c5d0 8acb8df9 8a82c618 8a82c610 8a82c628 tcpip!IppProcessDeliverList+0x2a4
    8a82c640 8acb647e 93e4e890 00000000 93f684b0 tcpip!IppReceiveHeaderBatch+0x219
    8a82c6b4 8acbb9bb 00000001 00000000 93f684b0 tcpip!IppFlcReceivePacketsCore+0x2fe
    8a82c724 8acbbd17 8acd56b0 8a82c8a0 00000001 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x28b
    8a82c7dc 81d2200b 8a82c8a4 b593936c 00000002 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x137
    8a82c81c 81d21f53 bd409040 02000000 0071b640 nt!KeExpandKernelStackAndCalloutInternal+0xab
    8a82c834 8acd4d1a 8acbbbe0 8a82c8a4 00002400 nt!KeExpandKernelStackAndCalloutEx+0x23
    8a82c9bc 8aa914e5 93f684b0 93e4e890 00000000 tcpip!FlReceiveNetBufferListChain+0x24a
    8a82ca3c 8aa92617 00000000 00000001 00000001 ndis!ndisMIndicateNetBufferListsToOpen+0x275
    8a82cb34 9681afbd 939d70e8 93e4e890 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x8b7
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8a82cc78 96801f75 93a0a000 00000001 00000400 rt640x86+0x1afbd
    8a82ccb0 96801daa 93a0a000 8a82cd54 00000002 rt640x86+0x1f75
    8a82ccdc 9680204f 93a0a000 8a82cd54 00000002 rt640x86+0x1daa
    8a82cd14 8aa9b36a 93a0a000 00000000 93a0a000 rt640x86+0x204f
    8a82cdd8 81cda2e1 93ea2834 93ea26f8 00000000 ndis!ndisInterruptDpc+0x16a
    8a82ceb0 81cd9aa0 8a82cf18 00000000 00000000 nt!KiExecuteAllDpcs+0x281
    8a82cff4 81dee4ee d96a0a54 00000000 00000000 nt!KiRetireDpcList+0x110
    d96a0a78 81de80e9 88e61420 d96a0b14 00049c00 nt!KiDispatchInterrupt+0x2e
    d96a0a78 77a2c477 88e61420 d96a0b14 00049c00 nt!KiUnexpectedInterruptTail+0x40a
    0a5ff734 77a2c673 ffffffff 00000001 00000001 ntdll!RtlpHpLfhSubsegmentDecommitPages+0xa4
    0a5ff75c 77a2c638 00000001 02cd0254 02cd0118 ntdll!RtlpHpLfhOwnerCompact+0x6b
    0a5ff77c 77a2d849 00000001 02cd0000 00000000 ntdll!RtlpHpLfhOwnerCompact+0x30
    0a5ff7a0 77a39ab7 00000026 02cd0000 0a5ff7c0 ntdll!RtlpHpLfhContextCompact+0x46
    0a5ff7b0 77a398cf 00000000 00000000 0a5ff814 ntdll!RtlpHpHeapCompact+0x2f
    0a5ff7c0 77a397e4 02cd0000 00000000 db69e989 ntdll!RtlpHpGCFlushCallback+0x3f
    0a5ff814 77a39766 00000000 00000000 0a5ff850 ntdll!RtlpEnumProcessHeaps+0x5e
    0a5ff824 77a35cf7 0a5ff930 00000000 03006e60 ntdll!RtlpHpGCCallback+0x16
    0a5ff850 77a21c06 0a5ff930 03006ed8 db69eb8d ntdll!TppTimerpExecuteCallback+0x97
    0a5ffa10 757fa1a4 03002af0 757fa180 eb0cbdf6 ntdll!TppWorkerThread+0x5b6
    0a5ffa24 77a5987e 03002af0 db69ebf1 00000000 KERNEL32!BaseThreadInitThunk+0x24
    0a5ffa6c 77a59852 ffffffff 77a86771 00000000 ntdll!__RtlUserThreadStart+0x2b
    0a5ffa7c 00000000 77a21650 03002af0 00000000 ntdll!_RtlUserThreadStart+0x1b


    THREAD_SHA1_HASH_MOD_FUNC:  db5735d239d3966bb492cdbc6c95f6d4e883f2c5

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d29e2d43ec3a2d7b5f9b8d3cc682874603d1f8cf

    THREAD_SHA1_HASH_MOD:  0eb34cab6b6bd20702ca588450a29f8d838a6815

    FOLLOWUP_IP: 
    rt640x86+1afbd
    9681afbd 8b8504ffffff    mov     eax,dword ptr [ebp-0FCh]

    FAULT_INSTR_CODE:  ff04858b

    SYMBOL_STACK_INDEX:  11

    SYMBOL_NAME:  rt640x86+1afbd

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: rt640x86

    IMAGE_NAME:  rt640x86.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  5927d2fa

    STACK_COMMAND:  .thread ; .cxr ; kb

    BUCKET_ID_FUNC_OFFSET:  1afbd

    FAILURE_BUCKET_ID:  AV_CODE_AV_rt640x86!unknown_function

    BUCKET_ID:  AV_CODE_AV_rt640x86!unknown_function

    PRIMARY_PROBLEM_CLASS:  AV_CODE_AV_rt640x86!unknown_function

    TARGET_TIME:  2019-02-14T00:37:00.000Z

    OSBUILD:  17134

    OSSERVICEPACK:  0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  1

    OSPLATFORM_TYPE:  x86

    OSNAME:  Windows 10

    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2019-01-01 15:15:31

    BUILDDATESTAMP_STR:  180410-1804

    BUILDLAB_STR:  rs4_release

    BUILDOSVER_STR:  10.0.17134.1.x86fre.rs4_release.180410-1804

    ANALYSIS_SESSION_ELAPSED_TIME:  13e4

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:av_code_av_rt640x86!unknown_function

    FAILURE_ID_HASH:  {c0f1b18e-919c-c20b-88ef-577cca13eb1f}

    Followup:     MachineOwner
    ---------


    • Edited by gwgwna Tuesday, April 16, 2019 8:14 AM
    Tuesday, April 16, 2019 8:12 AM