Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSoD SYSTEM_SERVICE_EXCEPTION #679

Closed
RobertRdm opened this issue Jun 28, 2023 · 3 comments
Closed

BSoD SYSTEM_SERVICE_EXCEPTION #679

RobertRdm opened this issue Jun 28, 2023 · 3 comments

Comments

@RobertRdm
Copy link

Hello,

i had a BSOD happen with npcap V 1.75 on Windows Server 2019.
My guess is, that it seems to be in connection with using the functions pcap_sendqueue_alloc(), pcap_sendqueue_transmit(), pcap_sendqueue_destroy(), but i cannot recreate the BSoD, as it seems to appear randomly.

Diagnostic information

  • Windows Server 2019, Version 1809 (Build 17763.4377)
  • Windows Memory Dump:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8026a8e628e, Address of the instruction which caused the BugCheck
Arg3: ffffe48f5aefecf0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

Unable to load image \SystemRoot\system32\DRIVERS\npcap.sys, Win32 error 0n2

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 468

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 2755

    Key  : Analysis.Init.CPU.mSec
    Value: 452

    Key  : Analysis.Init.Elapsed.mSec
    Value: 13316

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 96

    Key  : WER.OS.Branch
    Value: rs5_release

    Key  : WER.OS.Timestamp
    Value: 2018-09-14T14:34:00Z

    Key  : WER.OS.Version
    Value: 10.0.17763.1


FILE_IN_CAB:  MEMORY.DMP

BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff8026a8e628e

BUGCHECK_P3: ffffe48f5aefecf0

BUGCHECK_P4: 0

CONTEXT:  ffffe48f5aefecf0 -- (.cxr 0xffffe48f5aefecf0)
rax=0000000000000000 rbx=ad4f26b03761a2ee rcx=ad4f26b03761a2ee
rdx=ffffe48f5aeff750 rsi=ffffe48f5aeff750 rdi=ffffad0ea146e2c0
rip=fffff8026a8e628e rsp=ffffe48f5aeff6e0 rbp=0000000000000000
r8=0000000000000000  r9=0000000000000004 r10=fffff8026b332b00
r11=0000000000000000 r12=ffffad0ea98bc080 r13=ffffad0ea0f57ce0
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
NDIS!NdisAcquireRWLockWrite+0x1e:
fffff802`6a8e628e 48397918        cmp     qword ptr [rcx+18h],rdi ds:002b:ad4f26b0`3761a306=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


PROCESS_NAME:  iMosGGSNService.exe

STACK_TEXT:  
ffffe48f`5aeff6e0 fffff802`6b332db6     : ffffad0e`a7043210 ffffad0e`a70432e0 00000000`00060000 ffffe48f`5aeff728 : NDIS!NdisAcquireRWLockWrite+0x1e
ffffe48f`5aeff710 fffff802`6b332b62     : ffffad0e`b1326610 ffffad0e`b1326610 00000000`00000000 00000000`00000000 : npcap+0x2db6
ffffe48f`5aeff750 fffff807`6daccf39     : ffffad0e`b0a5ce60 fffff807`6dac3fed 00000000`00000000 ffffad0e`bfbca480 : npcap+0x2b62
ffffe48f`5aeff780 fffff807`6e0692cb     : 00000000`00000000 ffffad0e`b0a5ce60 00000000`00000000 ffffad0e`b1326610 : nt!IofCallDriver+0x59
ffffe48f`5aeff7c0 fffff807`6e0738a3     : ffffad0e`a98bc080 00000000`00000000 ffffe784`00000000 ffffad0e`b0a5ce30 : nt!IopCloseFile+0x15b
ffffe48f`5aeff850 fffff807`6e079b8e     : ffffad0e`a146e2c0 00000000`00000000 00000000`00000000 fffff807`6e07cbaf : nt!ObCloseHandleTableEntry+0x543
ffffe48f`5aeff990 fffff807`6dc6c4f5     : ffffad0e`a146e2c0 00000000`00000000 ffffe48f`5aeffa80 ffffad0e`b40dfde0 : nt!NtClose+0xde
ffffe48f`5aeffa00 00007ffe`a9140244     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000000d`abdfee28 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`a9140244


SYMBOL_NAME:  npcap+2db6

MODULE_NAME: npcap

IMAGE_NAME:  npcap.sys

STACK_COMMAND:  .cxr 0xffffe48f5aefecf0 ; kb

BUCKET_ID_FUNC_OFFSET:  2db6

FAILURE_BUCKET_ID:  AV_npcap!unknown_function

OS_VERSION:  10.0.17763.1

BUILDLAB_STR:  rs5_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {75627e3d-b2d1-3073-f887-d35f6796fe71}

Followup:     MachineOwner
---------

Does anyone have any ideas what this could cause?
@dmiller-nmap
Copy link
Contributor

Thanks for reporting this issue. Can you send the dump file to dmiller@nmap.com so I can analyze it? Thanks!

@RobertRdm
Copy link
Author

Sure, i just sent the minidump and also the full dump

dmiller-nmap pushed a commit that referenced this issue Jul 10, 2023
@bonsaiviking
Fix concurrency issue with pFiltMod pointer. See #679
2cd8dac
@dmiller-nmap
Copy link
Contributor

This issue is fixed in Npcap 1.77.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmiller-nmap @RobertRdm