Windows 2008 x64 Datacenter bsod (BAD_POOL_HEADER)
This issue was migrated from bug 3275 in our old bug tracker.
Original bug information:
Reporter: E Chalifour
Status: RESOLVED NOTABUG
Product: Wireshark
Component: GTK+ UI
OS: Windows Server 2008
Platform: x86
Version: 1.0.6
Attachments:
Mini022309-04.zip: 4 dumps of the bsod described above
Activity
Created attachment 2770 4 dumps of the bsod described above
Build Information: wireshark 1.0.6 (SVN Rev 27387)
Copyright 1998-2009 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT Kerberos, with PortAudio V19-devel, with AirPcap.
Running on Windows Server 2003 Service Pack 1, build 3790, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark install and open fine. As soon as I click Capture->Interfaces or Capture->Options, I get a bsod (BAD_POOL_HEADER) everytime. Tested on 2 different Hyper-V VMsadded oswindows uigtk version1.0 labels
-
How about the new WinPcap driver? See http://www.winpcap.org/install/default.htm#graph_installer4_1b5
-
That did the trick. Thank you. That is not a Wireshark bug then.
But a warning during the installation would be nice. Something around 2008 won't work with the bundled version of Winpcap :).
As for the resolution, I'm not sure which resolution would fit best to this case to keep it in the search list in case other run into this problem.
Thanks !
-
All the crashes point to the same point in the code, but given the fact that they are minidumps, I cannot inspect some of the key structures in the driver.
Would you be able to enable full kernel dump and try to crash the machine again with WinPcap 4.0.2?
WinPcap 4.0.2 is supposed to work on Win2k8, although I've never tested it in an Hyper-V VM environment.
-
Here's the full kernel dump compressed with 7-zip in 4 parts.
#1 http://senduit.com/043abe #2 http://senduit.com/a7a66f #3 http://senduit.com/700985 #4 http://senduit.com/25aa3c
The first two are the bsod I mentionned above (one clicking capture->interfaces and the other with capture->options). The 2 other are new blue screen (IRQL NOT LESS OR EQUAL) and (PAGE FAULT IN NONPAGED AREA) that I got by simply clicking the same menu (capture->interfaces and capture->options) without a network interface present in the VM. I can confirm that the main bsod (BAD POOL HEADER) occur with both the synthetic network adapter and the legacy one.
-
Can you please explain exactly how to reproduce the problem? Did you remove/disable the network card while the OS is running? Please confirm this pattern: 1. you boot your machine/VM. The network card is there 2. you start wireshark and go to capture/interfaces. The dialog with the list of interfaces opens. 3. now you remove the card 4. BSOD. -
I did not add/removed network adapters while the OS is running. The addition or removal of network adapter is done before booting the VM. First BSOD : 1. I boot the VM. The network card is already there. 2. I start wireshark. Go to capture/interfaces -> BSOD before I can see the dialog. Second BSOD : 1. I boot the VM. The network card is already there. 2. I start wireshark. Go to capture/options -> BSOD. Third and fourth (these are more QA than being really useful) [also, the third might be the fourth and vice-versa, I don't remember. Sorry.] Third BSOD : 1. I remove the network card before booting the system. 2. I start the system. The network card is not there. 3. I start wireshark. I go to capture/interfaces -> the dialog have time to come up - empty as expected. But a few seconds after seeing the dialog - BSOD. Fourth BSOD 1. I remove the network card before booting the system. 2. I start the system. The network card is not there. 3. I start wireshark. I go to capture/options - BSOD. -
(In reply to comment #2) > That did the trick. Thank you. That is not a Wireshark bug then. > > But a warning during the installation would be nice. Something around 2008 > won't work with the bundled version of Winpcap :). > > As for the resolution, I'm not sure which resolution would fit best to this > case to keep it in the search list in case other run into this problem. Closing this as NOTOURBUG, er, the closest we have.