[vpn-help] vfilter.sys bugcheck IRQL_NOT_LESS_OR_EQUAL bug report.

Prahlad Purohit prahladp at gmail.com
Sat Jun 26 17:27:44 CDT 2010


Problem:

The system hit kernel panic Bugcheck with IRQL_NOT_LESS_OR_EQUAL panic
code. It tried to reference a NULL memory location. This problem was caused
by vfilter.sys driver which is part of Shrew soft VPN.

To Reproduce:

The VPN was not connected when the problem hit. In fact I didn't use Shrew
soft VPN on that day since the PC was rebooted. I don't think there is a
known way to reproduce this problem.

VPN Client Version = 2.1.5-release
Windows OS Version = Windows 7 Home Premium
Gateway Make/Model = NA
Gateway OS Version = NA

Zipped dump file is 80MB in size and I can't send it with this email
account. I can upload it if it will help you root cause and fix the problem.
Bug check analysis below.

Thanks,
Prahlad Purohit


0: kd> !analyze -v
*******************************************************************************
*
  *
*                        Bugcheck Analysis
 *
*
  *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on
chips which support this level of status)
Arg4: fffff80002c837b6, address which referenced memory

Debugging Details:
------------------

*** ERROR: Module load completed but symbols could not be loaded for
Mpfp.sys
PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for
details
PEB is paged out (Peb.Ldr = 000007ff`fffdf018).  Type ".hh dbgerr001" for
details

READ_ADDRESS:  0000000000000000

CURRENT_IRQL:  2

FAULTING_IP:
nt!KeSetEvent+226
fffff800`02c837b6 488b09          mov     rcx,qword ptr [rcx]

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  svchost.exe

TRAP_FRAME:  fffff8800884be20 -- (.trap 0xfffff8800884be20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800863d118 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c837b6 rsp=fffff8800884bfb0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!KeSetEvent+0x226:
fffff800`02c837b6 488b09          mov     rcx,qword ptr [rcx]
ds:0002:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002c7eb69 to fffff80002c7f600

STACK_TEXT:
fffff880`0884bcd8 fffff800`02c7eb69 : 00000000`0000000a 00000000`00000000
00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0884bce0 fffff800`02c7d7e0 : 00000000`00000002 fffffa80`0863d110
00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0884be20 fffff800`02c837b6 : fffff880`0884c020 fffff880`041f4b0e
00000000`0000004c fffff880`0884c0a0 : nt!KiPageFault+0x260
fffff880`0884bfb0 fffff880`041f49a6 : fffffa80`00000000 00000000`00000000
00000000`00000000 fffffa80`0863d100 : nt!KeSetEvent+0x226
fffff880`0884c020 fffff880`041f442b : fffffa80`0863d0e0 fffffa80`0863d0e0
00000000`00000000 fffffa80`0863d0e0 : vfilter+0x29a6
fffff880`0884c050 fffff880`041f3ba0 : fffffa80`03746030 fffff880`01624b9c
00000000`00000633 fffffa80`077a7498 : vfilter+0x242b
fffff880`0884c1a0 fffff880`041f367c : fffffa80`03746038 fffffa80`0839cdc0
fffffa80`0839cdc0 00000000`00000000 : vfilter+0x1ba0
fffff880`0884c210 fffff880`0161baf4 : fffffa80`074d9780 00000000`00000000
00000000`00000000 00000000`00000000 : vfilter+0x167c
fffff880`0884c260 fffff880`019c1199 : 00000000`00000000 fffffa80`06a311a0
00000000`00000000 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64
fffff880`0884c2a0 fffff880`0161ba39 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : pacer!PcFilterSendNetBufferLists+0x29
fffff880`0884c3a0 fffff880`016d7785 : fffff880`0884c6b0 00000000`00000000
fffffa80`06a311a0 00000000`00000011 : ndis!ndisSendNBLToFilter+0x69
fffff880`0884c400 fffff880`02c6604e : 00000000`00000000 00000000`0000000e
fffffa80`08456410 00000000`00000000 : ndis!NdisSendNetBufferLists+0x85
fffff880`0884c460 fffff880`02c67767 : fffff880`02d6e9a0 00000000`00000000
fffff880`08840000 fffffa80`02d60800 : tcpip!IppFragmentPackets+0x39e
fffff880`0884c580 fffff880`02c634d5 : fffff880`0884c6b0 00000000`00000000
fffff880`0884c690 fffff880`0884c698 : tcpip!IppDispatchSendPacketHelper+0x87
fffff880`0884c640 fffff880`02c64e24 : 00000000`00000011 fffffa80`09490000
fffffa80`00000014 00000000`00000000 : tcpip!IppPacketizeDatagrams+0x2d5
fffff880`0884c760 fffff880`02c69a7e : fffffa80`08bb4080 fffff880`0170d804
fffff880`02d6e9a0 fffffa80`0916e800 : tcpip!IppSendDatagramsCommon+0x754
fffff880`0884ca30 fffff880`02c36cf8 : fffffa80`0916e800 fffffa80`03746030
fffffa80`03746030 fffffa80`08bb4080 : tcpip!IpNlpSendDatagrams+0x3e
fffff880`0884ca70 fffff880`02c3726d : fffffa80`03bd4980 fffffa80`08720500
fffff880`0884d3c0 00000000`00000000 :
tcpip!UdpSendMessagesOnPathCreation+0x688
fffff880`0884cdf0 fffff880`02c36ef5 : fffff880`0884d320 fffff880`04183500
fffffa80`00000001 fffff880`0884d248 : tcpip!UdpSendMessages+0x35d
fffff880`0884d1e0 fffff800`02c8ed4a : fffff880`0884d2f4 fffff880`0884d350
fffffa80`0950e850 fffffa80`096be6f0 :
tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
fffff880`0884d210 fffff880`02c374b8 : fffff880`02c36ee0 fffff880`0884d320
00000000`00000000 fffffa80`0871d010 :
nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0884d2f0 fffff880`041cdf45 : fffffa80`067a9190 fffffa80`0696c9e0
fffffa80`08b74cd0 fffffa80`03bfcfe6 : tcpip!UdpTlProviderSendMessages+0x78
fffff880`0884d370 fffff880`041cdff2 : fffffa80`03a51000 fffff880`0884d4e0
fffffa80`03bfce70 00000000`00000000 :
tdx!TdxSendDatagramTransportAddress+0x2f5
fffff880`0884d450 fffff880`0418d895 : 00000000`00000022 fffffa80`03bfcd10
fffffa80`03bfce70 fffff880`0884d4c8 :
tdx!TdxTdiDispatchInternalDeviceControl+0x52
fffff880`0884d480 fffff880`04182218 : fffffa80`06823b10 fffffa80`03bfcd10
00000000`00000000 fffffa80`08b74cd0 : Mpfp+0xc895
fffff880`0884d520 fffff880`01857819 : fffffa80`06823b10 fffffa80`03bfcd10
fffff880`0884d7d0 00000000`00000022 : Mpfp+0x1218
fffff880`0884d5a0 fffff880`0182bcf9 : fffffa80`09460010 fffff880`0884d7d0
fffffa80`00000022 fffffa80`08b74cd0 : afd! ?? ::GFJBLGFE::`string'+0x6b2d
fffff880`0884d6a0 fffff800`02f9b423 : 00000000`00000000 fffffa80`07939dd0
00000000`01f6da08 fffffa80`07939d01 : afd!AfdFastIoDeviceControl+0xce9
fffff880`0884da10 fffff800`02f9bf16 : fffff880`0884dbf8 00000000`00000290
00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x373
fffff880`0884db40 fffff800`02c7e853 : fffff880`0884dca0 fffffa80`0846a7b0
fffff880`0884dbf8 00000000`01f6f600 : nt!NtDeviceIoControlFile+0x56
fffff880`0884dbb0 00000000`76f4fdca : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01f6d938 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : 0x76f4fdca


STACK_COMMAND:  kb

FOLLOWUP_IP:
vfilter+29a6
fffff880`041f49a6 8bc7            mov     eax,edi

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  vfilter+29a6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vfilter

IMAGE_NAME:  vfilter.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b048bff

FAILURE_BUCKET_ID:  X64_0xA_vfilter+29a6

BUCKET_ID:  X64_0xA_vfilter+29a6

Followup: MachineOwner
---------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100626/5395598e/attachment-0001.html>


More information about the vpn-help mailing list