Wireshark-dev: Re: [Wireshark-dev] Npcap 0.03 call for test
Hello Yang,
I installed npcap-nmap-0.03-r6.exe but am still getting the IRQL_NOT_LESS_OR_EQUAL (a) BSoD on my Windows 8.1. system immediately when I start Wireshark.
I went back retested 0.03-r3, 0.03-r4 and 0.03-r5 to confirm that its only r5 and r6 that trigger the immediate BSoD on my system.
Here's the last BSoD WinDbg output when using Npcap 0.03-r6.
---------
2: kd> .symfix C:\Symbols 2: kd> .reload Loading Kernel Symbols ............................................................... ................................................................ ........................................ Loading User Symbols ..................................... Loading unloaded module list ........ 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * *******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 000000000000a620, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8013ff660cc, address which referenced memory
Debugging Details: ------------------
*** ERROR: Module load completed but symbols could not be loaded for npf.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for packet.dll -
WRITE_ADDRESS: unable to get nt!MmNonPagedPoolStart unable to get nt!MmSizeOfNonPagedPoolInBytes 000000000000a620
CURRENT_IRQL: 2
FAULTING_IP: nt!KeAcquireSpinLockRaiseToDpc+1c fffff801`3ff660cc f0480fba2900 lock bts qword ptr [rcx],0
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: dumpcap.exe
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
TRAP_FRAME: ffffd00035417600 -- (.trap 0xffffd00035417600) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000002 rbx=0000000000000000 rcx=000000000000a620 rdx=ffffe001230a2900 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8013ff660cc rsp=ffffd00035417790 rbp=ffffd00035417b80 r8=ffffe0011fed41a0 r9=000000000000000e r10=0000000000000801 r11=ffffe00122517440 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!KeAcquireSpinLockRaiseToDpc+0x1c: fffff801`3ff660cc f0480fba2900 lock bts qword ptr [rcx],0 ds:00000000`0000a620=???????????????? Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8013ffea7e9 to fffff8013ffdeca0
STACK_TEXT: ffffd000`354174b8 fffff801`3ffea7e9 : 00000000`0000000a 00000000`0000a620 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx ffffd000`354174c0 fffff801`3ffe903a : 00000000`00000001 00000000`00000000 00000000`00000000 ffffd000`35417730 : nt!KiBugCheckDispatch+0x69 ffffd000`35417600 fffff801`3ff660cc : 00000000`00000001 ffffc002`00000000 ffffc002`018bf601 00000000`00000000 : nt!KiPageFault+0x23a ffffd000`35417790 fffff801`688d7186 : 00000000`00000000 ffffe001`230474c0 00000000`00000001 ffffd000`35417b80 : nt!KeAcquireSpinLockRaiseToDpc+0x1c ffffd000`354177c0 fffff801`688d7a24 : 00000000`00001ef0 ffffe001`230a2900 00000000`00000000 ffffd000`00000000 : npf+0x3186 ffffd000`354177f0 fffff801`402b377f : 00000000`00000001 ffffe001`230a2900 ffffe001`230a2900 00000000`00000001 : npf+0x3a24 ffffd000`35417880 fffff801`402b2d22 : ffffd000`35417a38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f ffffd000`35417a20 fffff801`3ffea4b3 : ffffe001`21d2c080 ffffd000`001f0003 00000017`cb91ca98 00000017`00000000 : nt!NtDeviceIoControlFile+0x56 ffffd000`35417a90 00007ffe`449c123a : 00007ffe`41b65fe3 0000da4a`605d0f0d 00000000`00000003 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000017`cb91ca48 00007ffe`41b65fe3 : 0000da4a`605d0f0d 00000000`00000003 00000000`00000000 00000000`00000013 : ntdll!NtDeviceIoControlFile+0xa 00000017`cb91ca50 00007ffe`42151bb0 : 00000000`00001ef0 00007ffe`4496713a 00000000`00000020 00000000`00000000 : KERNELBASE!DeviceIoControl+0x121 00000017`cb91cac0 00007ffe`399f3d65 : 00000017`cba14960 00000017`cb91cdb0 ffffffff`ffffffff 00000017`cb91cdb0 : KERNEL32!DeviceIoControlImplementation+0x80 00000017`cb91cb10 00000017`cba14960 : 00000017`cb91cdb0 ffffffff`ffffffff 00000017`cb91cdb0 00000000`00000000 : packet+0x3d65 00000017`cb91cb18 00000017`cb91cdb0 : ffffffff`ffffffff 00000017`cb91cdb0 00000000`00000000 00000000`00000000 : 0x00000017`cba14960 00000017`cb91cb20 ffffffff`ffffffff : 00000017`cb91cdb0 00000000`00000000 00000000`00000000 00000017`cb91cb60 : 0x00000017`cb91cdb0 00000017`cb91cb28 00000017`cb91cdb0 : 00000000`00000000 00000000`00000000 00000017`cb91cb60 00000000`00000000 : 0xffffffff`ffffffff 00000017`cb91cb30 00000000`00000000 : 00000000`00000000 00000017`cb91cb60 00000000`00000000 00000017`cba14960 : 0x00000017`cb91cdb0
STACK_COMMAND: kb
FOLLOWUP_IP: npf+3186 fffff801`688d7186 4032ff xor dil,dil
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: npf+3186
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npf
IMAGE_NAME: npf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 55c878a8
FAILURE_BUCKET_ID: AV_npf+3186
BUCKET_ID: AV_npf+3186
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_npf+3186
FAILURE_ID_HASH: {cd892a8a-243d-2266-f935-8db54b10ab51}
Followup: MachineOwner ---------
Best regards,
Jim Y.
From: wireshark-dev-bounces@xxxxxxxxxxxxx <wireshark-dev-bounces@xxxxxxxxxxxxx> on behalf of Yang Luo <hsluoyb@xxxxxxxxx>
Sent: Monday, August 10, 2015 06:40 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Npcap 0.03 call for test Hi Jim, Pascal,
This IRQL_NOT_LESS_OR_EQUAL (a) BSoD seems to be caused by NdisAcquireSpinLock call in function NPF_StartUsingOpenInstance has referred to freed Open struct memory, I have tried to fix it in latest installer, you may try it at:
Cheers,
Yang
|
- Follow-Ups:
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.03 call for test
- References:
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Pascal Quantin
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Jim Young
- Re: [Wireshark-dev] Npcap 0.03 call for test
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.03 call for test
- Prev by Date: Re: [Wireshark-dev] Crash during fuzzing
- Next by Date: [Wireshark-dev] MSVC 2015 (VC14) notes/issue
- Previous by thread: Re: [Wireshark-dev] Npcap 0.03 call for test
- Next by thread: Re: [Wireshark-dev] Npcap 0.03 call for test
- Index(es):