<div>Problem:</div><div><br></div><div>The system hit kernel panic Bugcheck with IRQL_NOT_LESS_OR_EQUAL panic code. It tried to reference a NULL memory location. This problem was caused by vfilter.sys driver which is part of Shrew soft VPN.</div>
<div><br></div><div>To Reproduce:</div><div><br></div><div>The VPN was not connected when the problem hit. In fact I didn't use Shrew soft VPN on that day since the PC was rebooted. I don't think there is a known way to reproduce this problem.</div>
<div><br></div><div>VPN Client Version = 2.1.5-release</div><div>Windows OS Version = Windows 7 Home Premium</div><div>Gateway Make/Model = NA</div><div>Gateway OS Version = NA</div><div><br></div><div>Zipped dump file is 80MB in size and I can't send it with this email account. I can upload it if it will help you root cause and fix the problem. Bug check analysis below.</div>
<div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;"><br></span></font></div><div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;">Thanks,</span></font></div>
<div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;">Prahlad Purohit</span></font></div><div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;"><br>
</span></font></div><div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;"><br></span></font></div><div><font class="Apple-style-span" color="#00204E" face="arial, sans-serif" size="4"><span class="Apple-style-span" style="font-size: 15px;"><div>
0: kd> !analyze -v</div><div>*******************************************************************************</div><div>* *</div><div>* Bugcheck Analysis *</div>
<div>* *</div><div>*******************************************************************************</div><div><br></div><div>IRQL_NOT_LESS_OR_EQUAL (a)</div>
<div>An attempt was made to access a pageable (or completely invalid) address at an</div><div>interrupt request level (IRQL) that is too high. This is usually</div><div>caused by drivers using improper addresses.</div><div>
If a kernel debugger is available get the stack backtrace.</div><div>Arguments:</div><div>Arg1: 0000000000000000, memory referenced</div><div>Arg2: 0000000000000002, IRQL</div><div>Arg3: 0000000000000000, bitfield :</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>bit 0 : value 0 = read operation, 1 = write operation</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)</div>
<div>Arg4: fffff80002c837b6, address which referenced memory</div><div><br></div><div>Debugging Details:</div><div>------------------</div><div><br></div><div>*** ERROR: Module load completed but symbols could not be loaded for Mpfp.sys</div>
<div>PEB is paged out (Peb.Ldr = 000007ff`fffdf018). Type ".hh dbgerr001" for details</div><div>PEB is paged out (Peb.Ldr = 000007ff`fffdf018). Type ".hh dbgerr001" for details</div><div><br></div><div>
READ_ADDRESS: 0000000000000000 </div><div><br></div><div>CURRENT_IRQL: 2</div><div><br></div><div>FAULTING_IP: </div><div>nt!KeSetEvent+226</div><div>fffff800`02c837b6 488b09 mov rcx,qword ptr [rcx]</div><div>
<br></div><div>DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT</div><div><br></div><div>BUGCHECK_STR: 0xA</div><div><br></div><div>PROCESS_NAME: svchost.exe</div><div><br></div><div>TRAP_FRAME: fffff8800884be20 -- (.trap 0xfffff8800884be20)</div>
<div>NOTE: The trap frame does not contain all registers.</div><div>Some register values may be zeroed or incorrect.</div><div>rax=fffffa800863d118 rbx=0000000000000000 rcx=0000000000000000</div><div>rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000</div>
<div>rip=fffff80002c837b6 rsp=fffff8800884bfb0 rbp=0000000000000002</div><div> r8=0000000000000000 r9=0000000000000000 r10=0000000000000000</div><div>r11=0000000000000002 r12=0000000000000000 r13=0000000000000000</div><div>
r14=0000000000000000 r15=0000000000000000</div><div>iopl=0 nv up ei pl nz ac po cy</div><div>nt!KeSetEvent+0x226:</div><div>fffff800`02c837b6 488b09 mov rcx,qword ptr [rcx] ds:0002:00000000`00000000=????????????????</div>
<div>Resetting default scope</div><div><br></div><div>LAST_CONTROL_TRANSFER: from fffff80002c7eb69 to fffff80002c7f600</div><div><br></div><div>STACK_TEXT: </div><div>fffff880`0884bcd8 fffff800`02c7eb69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx</div>
<div>fffff880`0884bce0 fffff800`02c7d7e0 : 00000000`00000002 fffffa80`0863d110 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69</div><div>fffff880`0884be20 fffff800`02c837b6 : fffff880`0884c020 fffff880`041f4b0e 00000000`0000004c fffff880`0884c0a0 : nt!KiPageFault+0x260</div>
<div>fffff880`0884bfb0 fffff880`041f49a6 : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`0863d100 : nt!KeSetEvent+0x226</div><div>fffff880`0884c020 fffff880`041f442b : fffffa80`0863d0e0 fffffa80`0863d0e0 00000000`00000000 fffffa80`0863d0e0 : vfilter+0x29a6</div>
<div>fffff880`0884c050 fffff880`041f3ba0 : fffffa80`03746030 fffff880`01624b9c 00000000`00000633 fffffa80`077a7498 : vfilter+0x242b</div><div>fffff880`0884c1a0 fffff880`041f367c : fffffa80`03746038 fffffa80`0839cdc0 fffffa80`0839cdc0 00000000`00000000 : vfilter+0x1ba0</div>
<div>fffff880`0884c210 fffff880`0161baf4 : fffffa80`074d9780 00000000`00000000 00000000`00000000 00000000`00000000 : vfilter+0x167c</div><div>fffff880`0884c260 fffff880`019c1199 : 00000000`00000000 fffffa80`06a311a0 00000000`00000000 00000000`00000000 : ndis!NdisFSendNetBufferLists+0x64</div>
<div>fffff880`0884c2a0 fffff880`0161ba39 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : pacer!PcFilterSendNetBufferLists+0x29</div><div>fffff880`0884c3a0 fffff880`016d7785 : fffff880`0884c6b0 00000000`00000000 fffffa80`06a311a0 00000000`00000011 : ndis!ndisSendNBLToFilter+0x69</div>
<div>fffff880`0884c400 fffff880`02c6604e : 00000000`00000000 00000000`0000000e fffffa80`08456410 00000000`00000000 : ndis!NdisSendNetBufferLists+0x85</div><div>fffff880`0884c460 fffff880`02c67767 : fffff880`02d6e9a0 00000000`00000000 fffff880`08840000 fffffa80`02d60800 : tcpip!IppFragmentPackets+0x39e</div>
<div>fffff880`0884c580 fffff880`02c634d5 : fffff880`0884c6b0 00000000`00000000 fffff880`0884c690 fffff880`0884c698 : tcpip!IppDispatchSendPacketHelper+0x87</div><div>fffff880`0884c640 fffff880`02c64e24 : 00000000`00000011 fffffa80`09490000 fffffa80`00000014 00000000`00000000 : tcpip!IppPacketizeDatagrams+0x2d5</div>
<div>fffff880`0884c760 fffff880`02c69a7e : fffffa80`08bb4080 fffff880`0170d804 fffff880`02d6e9a0 fffffa80`0916e800 : tcpip!IppSendDatagramsCommon+0x754</div><div>fffff880`0884ca30 fffff880`02c36cf8 : fffffa80`0916e800 fffffa80`03746030 fffffa80`03746030 fffffa80`08bb4080 : tcpip!IpNlpSendDatagrams+0x3e</div>
<div>fffff880`0884ca70 fffff880`02c3726d : fffffa80`03bd4980 fffffa80`08720500 fffff880`0884d3c0 00000000`00000000 : tcpip!UdpSendMessagesOnPathCreation+0x688</div><div>fffff880`0884cdf0 fffff880`02c36ef5 : fffff880`0884d320 fffff880`04183500 fffffa80`00000001 fffff880`0884d248 : tcpip!UdpSendMessages+0x35d</div>
<div>fffff880`0884d1e0 fffff800`02c8ed4a : fffff880`0884d2f4 fffff880`0884d350 fffffa80`0950e850 fffffa80`096be6f0 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15</div><div>fffff880`0884d210 fffff880`02c374b8 : fffff880`02c36ee0 fffff880`0884d320 00000000`00000000 fffffa80`0871d010 : nt!KeExpandKernelStackAndCalloutEx+0xda</div>
<div>fffff880`0884d2f0 fffff880`041cdf45 : fffffa80`067a9190 fffffa80`0696c9e0 fffffa80`08b74cd0 fffffa80`03bfcfe6 : tcpip!UdpTlProviderSendMessages+0x78</div><div>fffff880`0884d370 fffff880`041cdff2 : fffffa80`03a51000 fffff880`0884d4e0 fffffa80`03bfce70 00000000`00000000 : tdx!TdxSendDatagramTransportAddress+0x2f5</div>
<div>fffff880`0884d450 fffff880`0418d895 : 00000000`00000022 fffffa80`03bfcd10 fffffa80`03bfce70 fffff880`0884d4c8 : tdx!TdxTdiDispatchInternalDeviceControl+0x52</div><div>fffff880`0884d480 fffff880`04182218 : fffffa80`06823b10 fffffa80`03bfcd10 00000000`00000000 fffffa80`08b74cd0 : Mpfp+0xc895</div>
<div>fffff880`0884d520 fffff880`01857819 : fffffa80`06823b10 fffffa80`03bfcd10 fffff880`0884d7d0 00000000`00000022 : Mpfp+0x1218</div><div>fffff880`0884d5a0 fffff880`0182bcf9 : fffffa80`09460010 fffff880`0884d7d0 fffffa80`00000022 fffffa80`08b74cd0 : afd! ?? ::GFJBLGFE::`string'+0x6b2d</div>
<div>fffff880`0884d6a0 fffff800`02f9b423 : 00000000`00000000 fffffa80`07939dd0 00000000`01f6da08 fffffa80`07939d01 : afd!AfdFastIoDeviceControl+0xce9</div><div>fffff880`0884da10 fffff800`02f9bf16 : fffff880`0884dbf8 00000000`00000290 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x373</div>
<div>fffff880`0884db40 fffff800`02c7e853 : fffff880`0884dca0 fffffa80`0846a7b0 fffff880`0884dbf8 00000000`01f6f600 : nt!NtDeviceIoControlFile+0x56</div><div>fffff880`0884dbb0 00000000`76f4fdca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13</div>
<div>00000000`01f6d938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f4fdca</div><div><br></div><div><br></div><div>STACK_COMMAND: kb</div><div><br></div><div>FOLLOWUP_IP: </div>
<div>vfilter+29a6</div><div>fffff880`041f49a6 8bc7 mov eax,edi</div><div><br></div><div>SYMBOL_STACK_INDEX: 4</div><div><br></div><div>SYMBOL_NAME: vfilter+29a6</div><div><br></div><div>FOLLOWUP_NAME: MachineOwner</div>
<div><br></div><div>MODULE_NAME: vfilter</div><div><br></div><div>IMAGE_NAME: vfilter.sys</div><div><br></div><div>DEBUG_FLR_IMAGE_TIMESTAMP: 4b048bff</div><div><br></div><div>FAILURE_BUCKET_ID: X64_0xA_vfilter+29a6</div>
<div><br></div><div>BUCKET_ID: X64_0xA_vfilter+29a6</div><div><br></div><div>Followup: MachineOwner</div><div>---------</div><div><br></div></span></font></div>