[Vpn-help] BSOD in vfilter.sys with Win7 Enterprise (RTM) x86_64
Stuart Hall
stuart at daern.org
Wed Sep 2 02:59:55 CDT 2009
Hi all,
Well, first BSOD since installing RTM and it looks like Shrew VPN
might be to blame. I don't have symbols for vfilter.sys, so this is a
little limited, but if anyone /does/ have them and wants to run this
again, I can supply the minidump file. Anyway, I've attached the KD
analysis of the minidump as far as it goes...
Running 2.1.5-rc-2 on Windows 7 Enterprise x86_64 build 7600 (RTM).
Thanks,
Stuart H.
-------------- next part --------------
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\082409-18876-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a18000 PsLoadedModuleList = 0xfffff800`02c55e50
Debug session time: Mon Aug 24 12:48:13.075 2009 (GMT+1)
System Uptime: 6 days 2:36:09.475
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
..................................................
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff9800000dc7a, 2, 0, fffff80002da30b6}
Unable to load image \SystemRoot\system32\DRIVERS\vfilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for vfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for vfilter.sys
Probably caused by : vfilter.sys ( vfilter+1114 )
Followup: MachineOwner
---------
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff9800000dc7a, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002da30b6, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc00e0
fffff9800000dc7a
CURRENT_IRQL: 2
FAULTING_IP:
nt!RtlUnicodeToMultiByteN+c6
fffff800`02da30b6 420fb60c08 movzx ecx,byte ptr [rax+r9]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff880027b2010 -- (.trap 0xfffff880027b2010)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000da58 rbx=0000000000000000 rcx=fffff80002da30b1
rdx=fffff880027b2249 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002da30b6 rsp=fffff880027b21a0 rbp=fffff880027b23c0
r8=fffffa80064c08b2 r9=fffff98000000222 r10=0000000000000008
r11=0000000000000008 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!RtlUnicodeToMultiByteN+0xc6:
fffff800`02da30b6 420fb60c08 movzx ecx,byte ptr [rax+r9] ds:f990:fffff980`0000dc7a=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a89469 to fffff80002a89f00
STACK_TEXT:
fffff880`027b1ec8 fffff800`02a89469 : 00000000`0000000a fffff980`0000dc7a 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`027b1ed0 fffff800`02a880e0 : 00000000`00000000 fffff800`02a18000 fffffa80`05af2010 fffff880`02d7b5a7 : nt!KiBugCheckDispatch+0x69
fffff880`027b2010 fffff800`02da30b6 : fffffa80`064c0880 fffff800`02da2f8e 00000000`00000000 fffffa80`03a93ee0 : nt!KiPageFault+0x260
fffff880`027b21a0 fffff800`02da2f8e : 00000000`00000000 fffffa80`03a93ee0 fffffa80`00000000 00000000`00000000 : nt!RtlUnicodeToMultiByteN+0xc6
fffff880`027b21b0 fffff880`02d95114 : fffff880`027b2238 fffffa80`05aef7a0 00000000`00000000 fffffa80`00000008 : nt!RtlUnicodeStringToAnsiString+0x7e
fffff880`027b2210 fffff880`027b2238 : fffffa80`05aef7a0 00000000`00000000 fffffa80`00000008 00000000`00000000 : vfilter+0x1114
fffff880`027b2218 fffffa80`05aef7a0 : 00000000`00000000 fffffa80`00000008 00000000`00000000 00000000`00400008 : 0xfffff880`027b2238
fffff880`027b2220 00000000`00000000 : fffffa80`00000008 00000000`00000000 00000000`00400008 fffff880`027b2250 : 0xfffffa80`05aef7a0
STACK_COMMAND: kb
FOLLOWUP_IP:
vfilter+1114
fffff880`02d95114 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: vfilter+1114
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vfilter
IMAGE_NAME: vfilter.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49703e23
FAILURE_BUCKET_ID: X64_0xA_vfilter+1114
BUCKET_ID: X64_0xA_vfilter+1114
Followup: MachineOwner
---------
More information about the vpn-help
mailing list