Wireshark-dev: Re: [Wireshark-dev] Npcap 0.03 call for test
Hello Yang,
After installing 0.03-r5 on my Windows 8.1 system I too am see a BSOD when starting Wireshark, tshark or dumpcap.
Like Pascal's Bugcheck Analysis my crashes are also reporting bug check string: IRQL_NOT_LESS_OR_EQUAL (a)
2: kd> .symfix C:\Symbols
2: kd> .reload
Loading Kernel Symbols
...............................................................
................................................................
.......................................
Loading User Symbols
.....................................
Loading unloaded module list
........
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000a620, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802a914e0cc, address which referenced memory
Debugging Details:
------------------
*** ERROR: Module load completed but symbols could not be loaded for npf.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for packet.dll -
WRITE_ADDRESS: unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
000000000000a620
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeAcquireSpinLockRaiseToDpc+1c
fffff802`a914e0cc f0480fba2900 lock bts qword ptr [rcx],0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: dumpcap.exe
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
TRAP_FRAME: ffffd0009e22a600 -- (.trap 0xffffd0009e22a600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=000000000000a620
rdx=ffffe00024ae9a70 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802a914e0cc rsp=ffffd0009e22a790 rbp=ffffd0009e22ab80
r8=ffffe00022bf3610 r9=000000000000000e r10=0000000000000801
r11=ffffe00025387040 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KeAcquireSpinLockRaiseToDpc+0x1c:
fffff802`a914e0cc f0480fba2900 lock bts qword ptr [rcx],0 ds:00000000`0000a620=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff802a91d27e9 to fffff802a91c6ca0
STACK_TEXT:
ffffd000`9e22a4b8 fffff802`a91d27e9 : 00000000`0000000a 00000000`0000a620 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffd000`9e22a4c0 fffff802`a91d103a : 00000000`00000001 00000000`00000000 00000000`00000000 ffffd000`9e22a730 : nt!KiBugCheckDispatch+0x69
ffffd000`9e22a600 fffff802`a914e0cc : 00000000`00000001 ffffc001`00000000 ffffc001`6f840a01 00000000`00000000 : nt!KiPageFault+0x23a
ffffd000`9e22a790 fffff801`c221b19a : 00000000`00000000 ffffe000`2529b080 00000000`00000001 ffffd000`9e22ab80 : nt!KeAcquireSpinLockRaiseToDpc+0x1c
ffffd000`9e22a7c0 fffff801`c221ba38 : 00000000`00001ef0 ffffe000`24ae9a00 00000000`00000000 ffffd000`00000000 : npf+0x319a
ffffd000`9e22a7f0 fffff802`a949b77f : 00000000`00000001 ffffe000`24ae9a70 ffffe000`24ae9a70 00000000`00000001 : npf+0x3a38
ffffd000`9e22a880 fffff802`a949ad22 : ffffd000`9e22aa38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd000`9e22aa20 fffff802`a91d24b3 : ffffe000`25299080 ffffd000`001f0003 00000004`a71ecc08 00000004`00000000 : nt!NtDeviceIoControlFile+0x56
ffffd000`9e22aa90 00007fff`16ff123a : 00007fff`14375fe3 00007f71`9a924c5b 00000000`00000003 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000004`a71ecbb8 00007fff`14375fe3 : 00007f71`9a924c5b 00000000`00000003 00000000`00000000 00000000`00000013 : ntdll!NtDeviceIoControlFile+0xa
00000004`a71ecbc0 00007fff`16b01bb0 : 00000000`00001ef0 00007fff`16f9713a 00000000`00000020 00000000`00000000 : KERNELBASE!DeviceIoControl+0x121
00000004`a71ecc30 00007fff`0f4c3d65 : 00000004`a73a4960 00000004`a71ecf20 ffffffff`ffffffff 00000004`a71ecf20 : KERNEL32!DeviceIoControlImplementation+0x80
00000004`a71ecc80 00000004`a73a4960 : 00000004`a71ecf20 ffffffff`ffffffff 00000004`a71ecf20 00000000`00000000 : packet+0x3d65
00000004`a71ecc88 00000004`a71ecf20 : ffffffff`ffffffff 00000004`a71ecf20 00000000`00000000 00000000`00000000 : 0x00000004`a73a4960
00000004`a71ecc90 ffffffff`ffffffff : 00000004`a71ecf20 00000000`00000000 00000000`00000000 00000004`a71eccd0 : 0x00000004`a71ecf20
00000004`a71ecc98 00000004`a71ecf20 : 00000000`00000000 00000000`00000000 00000004`a71eccd0 00000000`00000000 : 0xffffffff`ffffffff
00000004`a71ecca0 00000000`00000000 : 00000000`00000000 00000004`a71eccd0 00000000`00000000 00000004`a73a4960 : 0x00000004`a71ecf20
STACK_COMMAND: kb
FOLLOWUP_IP:
npf+319a
fffff801`c221b19a 4032ff xor dil,dil
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: npf+319a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npf
IMAGE_NAME: npf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 55c32fb5
FAILURE_BUCKET_ID: AV_npf+319a
BUCKET_ID: AV_npf+319a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_npf+319a
FAILURE_ID_HASH: {bf4ae29b-3505-fe6e-b8b7-41bfb9d08cf8}
Followup: MachineOwner
---------
Best regards,
Jim Y.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Jim Young
- Re: [Wireshark-dev] Npcap 0.03 call for test
- References:
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Pascal Quantin
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Jim Young
- Re: [Wireshark-dev] Npcap 0.03 call for test
- Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] master ef0bdbc: Cleanup a bunch of 802.11ad stuff.
- Next by Date: [Wireshark-dev] Crash during fuzzing
- Previous by thread: Re: [Wireshark-dev] Npcap 0.03 call for test
- Next by thread: Re: [Wireshark-dev] Npcap 0.03 call for test
- Index(es):