BSoD SYSTEM_SERVICE_EXCEPTION #679
Description
Hello,
i had a BSOD happen with npcap V 1.75 on Windows Server 2019.
My guess is, that it seems to be in connection with using the functions pcap_sendqueue_alloc(), pcap_sendqueue_transmit(), pcap_sendqueue_destroy(), but i cannot recreate the BSoD, as it seems to appear randomly.
Diagnostic information
- Windows Server 2019, Version 1809 (Build 17763.4377)
- Windows Memory Dump:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff8026a8e628e, Address of the instruction which caused the BugCheck
Arg3: ffffe48f5aefecf0, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
Unable to load image \SystemRoot\system32\DRIVERS\npcap.sys, Win32 error 0n2
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 468
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 2755
Key : Analysis.Init.CPU.mSec
Value: 452
Key : Analysis.Init.Elapsed.mSec
Value: 13316
Key : Analysis.Memory.CommitPeak.Mb
Value: 96
Key : WER.OS.Branch
Value: rs5_release
Key : WER.OS.Timestamp
Value: 2018-09-14T14:34:00Z
Key : WER.OS.Version
Value: 10.0.17763.1
FILE_IN_CAB: MEMORY.DMP
BUGCHECK_CODE: 3b
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff8026a8e628e
BUGCHECK_P3: ffffe48f5aefecf0
BUGCHECK_P4: 0
CONTEXT: ffffe48f5aefecf0 -- (.cxr 0xffffe48f5aefecf0)
rax=0000000000000000 rbx=ad4f26b03761a2ee rcx=ad4f26b03761a2ee
rdx=ffffe48f5aeff750 rsi=ffffe48f5aeff750 rdi=ffffad0ea146e2c0
rip=fffff8026a8e628e rsp=ffffe48f5aeff6e0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000004 r10=fffff8026b332b00
r11=0000000000000000 r12=ffffad0ea98bc080 r13=ffffad0ea0f57ce0
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
NDIS!NdisAcquireRWLockWrite+0x1e:
fffff802`6a8e628e 48397918 cmp qword ptr [rcx+18h],rdi ds:002b:ad4f26b0`3761a306=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
PROCESS_NAME: iMosGGSNService.exe
STACK_TEXT:
ffffe48f`5aeff6e0 fffff802`6b332db6 : ffffad0e`a7043210 ffffad0e`a70432e0 00000000`00060000 ffffe48f`5aeff728 : NDIS!NdisAcquireRWLockWrite+0x1e
ffffe48f`5aeff710 fffff802`6b332b62 : ffffad0e`b1326610 ffffad0e`b1326610 00000000`00000000 00000000`00000000 : npcap+0x2db6
ffffe48f`5aeff750 fffff807`6daccf39 : ffffad0e`b0a5ce60 fffff807`6dac3fed 00000000`00000000 ffffad0e`bfbca480 : npcap+0x2b62
ffffe48f`5aeff780 fffff807`6e0692cb : 00000000`00000000 ffffad0e`b0a5ce60 00000000`00000000 ffffad0e`b1326610 : nt!IofCallDriver+0x59
ffffe48f`5aeff7c0 fffff807`6e0738a3 : ffffad0e`a98bc080 00000000`00000000 ffffe784`00000000 ffffad0e`b0a5ce30 : nt!IopCloseFile+0x15b
ffffe48f`5aeff850 fffff807`6e079b8e : ffffad0e`a146e2c0 00000000`00000000 00000000`00000000 fffff807`6e07cbaf : nt!ObCloseHandleTableEntry+0x543
ffffe48f`5aeff990 fffff807`6dc6c4f5 : ffffad0e`a146e2c0 00000000`00000000 ffffe48f`5aeffa80 ffffad0e`b40dfde0 : nt!NtClose+0xde
ffffe48f`5aeffa00 00007ffe`a9140244 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
0000000d`abdfee28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`a9140244
SYMBOL_NAME: npcap+2db6
MODULE_NAME: npcap
IMAGE_NAME: npcap.sys
STACK_COMMAND: .cxr 0xffffe48f5aefecf0 ; kb
BUCKET_ID_FUNC_OFFSET: 2db6
FAILURE_BUCKET_ID: AV_npcap!unknown_function
OS_VERSION: 10.0.17763.1
BUILDLAB_STR: rs5_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {75627e3d-b2d1-3073-f887-d35f6796fe71}
Followup: MachineOwner
---------
Does anyone have any ideas what this could cause?