| 1 | I've got a 64 bit win7 box running latest version of VirtualBox. I have a Win7 x64 VM that I'd like to use for development of kernel drivers. The VM has a virtualized COM port that creates a host pipe called VMCOM. Whenever I connect a kernel debugger (in this case WINDBG) to the VM over that pipe, after breaking and continuing execution a few times I see the VM crash in HALHandleNMI after a secondaryclockinterrupt occurs. The bugcheck details given via !analyze are also given.
|
|---|
| 2 |
|
|---|
| 3 |
|
|---|
| 4 | ###DEBUGGER SESSION COPIED BELOW
|
|---|
| 5 | Opened \\.\pipe\vmcom
|
|---|
| 6 | Waiting to reconnect...
|
|---|
| 7 | Connected to Windows 7 7600 x64 target at (Wed Dec 28 10:26:18.444 2011 (UTC - 5:00)), ptr64 TRUE
|
|---|
| 8 | Kernel Debugger connection established.
|
|---|
| 9 | Symbol search path is: *** Invalid ***
|
|---|
| 10 | ****************************************************************************
|
|---|
| 11 | * Symbol loading may be unreliable without a symbol search path. *
|
|---|
| 12 | * Use .symfix to have the debugger choose a symbol path. *
|
|---|
| 13 | * After setting your symbol path, use .reload to refresh symbol locations. *
|
|---|
| 14 | ****************************************************************************
|
|---|
| 15 | Executable search path is:
|
|---|
| 16 | *********************************************************************
|
|---|
| 17 | * Symbols can not be loaded because symbol path is not initialized. *
|
|---|
| 18 | * *
|
|---|
| 19 | * The Symbol Path can be set by: *
|
|---|
| 20 | * using the _NT_SYMBOL_PATH environment variable. *
|
|---|
| 21 | * using the -y <symbol_path> argument when starting the debugger. *
|
|---|
| 22 | * using .sympath and .sympath+ *
|
|---|
| 23 | *********************************************************************
|
|---|
| 24 | *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
|
|---|
| 25 | Windows 7 Kernel Version 7600 MP (4 procs) Free x64
|
|---|
| 26 | Product: WinNt, suite: TerminalServer SingleUserTS
|
|---|
| 27 | Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
|
|---|
| 28 | Machine Name:
|
|---|
| 29 | Kernel base = 0xfffff800`0284a000 PsLoadedModuleList = 0xfffff800`02a87e50
|
|---|
| 30 | Debug session time: Wed Dec 28 10:26:12.029 2011 (UTC - 5:00)
|
|---|
| 31 | System Uptime: 0 days 5:12:49.358
|
|---|
| 32 | Break instruction exception - code 80000003 (first chance)
|
|---|
| 33 | *******************************************************************************
|
|---|
| 34 | * *
|
|---|
| 35 | * You are seeing this message because you pressed either *
|
|---|
| 36 | * CTRL+C (if you run console kernel debugger) or, *
|
|---|
| 37 | * CTRL+BREAK (if you run GUI kernel debugger), *
|
|---|
| 38 | * on your debugger machine's keyboard. *
|
|---|
| 39 | * *
|
|---|
| 40 | * THIS IS NOT A BUG OR A SYSTEM CRASH *
|
|---|
| 41 | * *
|
|---|
| 42 | * If you did not intend to break into the debugger, press the "g" key, then *
|
|---|
| 43 | * press the "Enter" key now. This message might immediately reappear. If it *
|
|---|
| 44 | * does, press "g" and "Enter" again. *
|
|---|
| 45 | * *
|
|---|
| 46 | *******************************************************************************
|
|---|
| 47 | nt!DbgBreakPointWithStatus:
|
|---|
| 48 | fffff800`028b3f60 cc int 3
|
|---|
| 49 | 1: kd> .symfix
|
|---|
| 50 | 1: kd> .reload
|
|---|
| 51 | Connected to Windows 7 7600 x64 target at (Wed Dec 28 10:33:42.784 2011 (UTC - 5:00)), ptr64 TRUE
|
|---|
| 52 | Loading Kernel Symbols
|
|---|
| 53 | . -- User interrupt
|
|---|
| 54 | 1: kd> g
|
|---|
| 55 | Break instruction exception - code 80000003 (first chance)
|
|---|
| 56 | *******************************************************************************
|
|---|
| 57 | * *
|
|---|
| 58 | * You are seeing this message because you pressed either *
|
|---|
| 59 | * CTRL+C (if you run console kernel debugger) or, *
|
|---|
| 60 | * CTRL+BREAK (if you run GUI kernel debugger), *
|
|---|
| 61 | * on your debugger machine's keyboard. *
|
|---|
| 62 | * *
|
|---|
| 63 | * THIS IS NOT A BUG OR A SYSTEM CRASH *
|
|---|
| 64 | * *
|
|---|
| 65 | * If you did not intend to break into the debugger, press the "g" key, then *
|
|---|
| 66 | * press the "Enter" key now. This message might immediately reappear. If it *
|
|---|
| 67 | * does, press "g" and "Enter" again. *
|
|---|
| 68 | * *
|
|---|
| 69 | *******************************************************************************
|
|---|
| 70 | nt!RtlpBreakWithStatusInstruction:
|
|---|
| 71 | fffff800`028b3f60 cc int 3
|
|---|
| 72 | 3: kd> !stack
|
|---|
| 73 | No export stack found
|
|---|
| 74 | 3: kd> !ps
|
|---|
| 75 | No export ps found
|
|---|
| 76 | 3: kd> !eip
|
|---|
| 77 | No export eip found
|
|---|
| 78 | 3: kd> !thread
|
|---|
| 79 | THREAD fffff88002f1dfc0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
|
|---|
| 80 | Not impersonating
|
|---|
| 81 | DeviceMap fffff8a0000060c0
|
|---|
| 82 | Owning Process fffff80002a43140 Image: Idle
|
|---|
| 83 | Attached Process fffffa8000c9e040 Image: System
|
|---|
| 84 | Wait Start TickCount 0 Ticks: 1203174 (0:05:12:49.634)
|
|---|
| 85 | Context Switch Count 1255366 IdealProcessor: 3
|
|---|
| 86 | UserTime 00:00:00.000
|
|---|
| 87 | KernelTime 05:11:32.149
|
|---|
| 88 | Win32 Start Address nt!KiIdleLoop (0xfffff800028c46a0)
|
|---|
| 89 | Stack Init fffff88002f3bdb0 Current fffff88002f3bd40
|
|---|
| 90 | Base fffff88002f3c000 Limit fffff88002f36000 Call 0
|
|---|
| 91 | Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
|
|---|
| 92 | Child-SP RetAddr : Args to Child : Call Site
|
|---|
| 93 | fffff880`02f3bac8 fffff800`02882d73 : 00000000`00000000 fffff880`02f13180 00000000`00000000 00000000`00026161 : nt!RtlpBreakWithStatusInstruction
|
|---|
| 94 | fffff880`02f3bad0 fffff800`028c8ba1 : 00000000`00000000 fffff880`02f3bb80 fffff880`02f13180 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x5dd4
|
|---|
| 95 | fffff880`02f3bb00 fffff880`0450f9c2 : fffff800`028c9a3a 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 : nt!KiSecondaryClockInterrupt+0x131 (TrapFrame @ fffff880`02f3bb00)
|
|---|
| 96 | fffff880`02f3bc98 fffff800`028c9a3a : 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 00000000`00000001 : 0xfffff880`0450f9c2
|
|---|
| 97 | fffff880`02f3bca0 fffff800`028c46cc : fffff880`02f13180 fffff880`00000000 00000000`00000000 fffff800`02950cf0 : nt!PoIdle+0x53a
|
|---|
| 98 | fffff880`02f3bd80 00000000`00000000 : fffff880`02f3c000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
|
|---|
| 99 |
|
|---|
| 100 | 3: kd> g
|
|---|
| 101 | Break instruction exception - code 80000003 (first chance)
|
|---|
| 102 | *******************************************************************************
|
|---|
| 103 | * *
|
|---|
| 104 | * You are seeing this message because you pressed either *
|
|---|
| 105 | * CTRL+C (if you run console kernel debugger) or, *
|
|---|
| 106 | * CTRL+BREAK (if you run GUI kernel debugger), *
|
|---|
| 107 | * on your debugger machine's keyboard. *
|
|---|
| 108 | * *
|
|---|
| 109 | * THIS IS NOT A BUG OR A SYSTEM CRASH *
|
|---|
| 110 | * *
|
|---|
| 111 | * If you did not intend to break into the debugger, press the "g" key, then *
|
|---|
| 112 | * press the "Enter" key now. This message might immediately reappear. If it *
|
|---|
| 113 | * does, press "g" and "Enter" again. *
|
|---|
| 114 | * *
|
|---|
| 115 | *******************************************************************************
|
|---|
| 116 | nt!RtlpBreakWithStatusInstruction:
|
|---|
| 117 | fffff800`028b3f60 cc int 3
|
|---|
| 118 | 2: kd> g
|
|---|
| 119 | Break instruction exception - code 80000003 (first chance)
|
|---|
| 120 | nt!RtlpBreakWithStatusInstruction:
|
|---|
| 121 | fffff800`028b3f60 cc int 3
|
|---|
| 122 | 3: kd> !thread
|
|---|
| 123 | THREAD fffff88002f1dfc0 Cid 0000.0000 Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 3
|
|---|
| 124 | Not impersonating
|
|---|
| 125 | DeviceMap fffff8a0000060c0
|
|---|
| 126 | Owning Process fffff80002a43140 Image: Idle
|
|---|
| 127 | Attached Process fffffa8000c9e040 Image: System
|
|---|
| 128 | Wait Start TickCount 0 Ticks: 1204506 (0:05:13:10.414)
|
|---|
| 129 | Context Switch Count 1260552 IdealProcessor: 3
|
|---|
| 130 | UserTime 00:00:00.000
|
|---|
| 131 | KernelTime 05:11:52.335
|
|---|
| 132 | Win32 Start Address nt!KiIdleLoop (0xfffff800028c46a0)
|
|---|
| 133 | Stack Init fffff88002f3bdb0 Current fffff88002f3bd40
|
|---|
| 134 | Base fffff88002f3c000 Limit fffff88002f36000 Call 0
|
|---|
| 135 | Priority 16 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 0
|
|---|
| 136 | Child-SP RetAddr : Args to Child : Call Site
|
|---|
| 137 | fffff880`02f1db58 fffff800`029b16d2 : fffff800`00000010 fffffa80`01be2a20 00000000`00000000 fffff800`029b17e2 : nt!RtlpBreakWithStatusInstruction
|
|---|
| 138 | fffff880`02f1db60 fffff800`028138da : fffff800`00000005 00000028`00000025 00000000`0000027f fffff800`028292b0 : nt!KiBugCheckDebugBreak+0x12
|
|---|
| 139 | fffff880`02f1dbc0 fffff800`029d0513 : 00000000`00000001 fffff800`028292b0 00000000`00000000 00000000`0000005c : hal!HalBugCheckSystem+0x1ba
|
|---|
| 140 | fffff880`02f1dc00 fffff800`0280d6c1 : fffffa80`000006c0 fffff880`02f1de20 fffff880`02f1dcf0 fffff800`028292b0 : nt!WheaReportHwError+0x263
|
|---|
| 141 | fffff880`02f1dc60 fffff800`02974311 : fffff880`02f1de30 00000000`00000001 00000000`00000001 fffffa80`0203b200 : hal!HalHandleNMI+0x149
|
|---|
| 142 | fffff880`02f1dc90 fffff800`028b9202 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiProcessNMI+0x131
|
|---|
| 143 | fffff880`02f1dcf0 fffff800`028b9063 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxNmiInterrupt+0x82
|
|---|
| 144 | fffff880`02f1de30 fffff800`028c8acf : 00000000`00000000 fffff880`02f3bb80 fffff880`02f13180 00000000`00000001 : nt!KiNmiInterrupt+0x163 (TrapFrame @ fffff880`02f1de30)
|
|---|
| 145 | fffff880`02f3bb00 fffff880`0450f9c2 : fffff800`028c9a3a 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 : nt!KiSecondaryClockInterrupt+0x5f (TrapFrame @ fffff880`02f3bb00)
|
|---|
| 146 | fffff880`02f3bc98 fffff800`028c9a3a : 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 00000000`00000001 : 0xfffff880`0450f9c2
|
|---|
| 147 | fffff880`02f3bca0 fffff800`028c46cc : fffff880`02f13180 fffff880`00000000 00000000`00000000 fffff800`02950cf0 : nt!PoIdle+0x53a
|
|---|
| 148 | fffff880`02f3bd80 00000000`00000000 : fffff880`02f3c000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
|
|---|
| 149 |
|
|---|
| 150 |
|
|---|
| 151 | 3: kd> !analyze -v
|
|---|
| 152 | TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x64\triage\oca.ini, error 2
|
|---|
| 153 | TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x64\winxp\triage.ini, error 2
|
|---|
| 154 | TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x64\triage\user.ini, error 2
|
|---|
| 155 | Connected to Windows 7 7600 x64 target at (Wed Dec 28 10:49:24.239 2011 (UTC - 5:00)), ptr64 TRUE
|
|---|
| 156 | Loading Kernel Symbols
|
|---|
| 157 | ...............................................................
|
|---|
| 158 | ................................................................
|
|---|
| 159 | .............
|
|---|
| 160 | Loading User Symbols
|
|---|
| 161 |
|
|---|
| 162 | Loading unloaded module list
|
|---|
| 163 | ................
|
|---|
| 164 | *******************************************************************************
|
|---|
| 165 | * *
|
|---|
| 166 | * Bugcheck Analysis *
|
|---|
| 167 | * *
|
|---|
| 168 | *******************************************************************************
|
|---|
| 169 |
|
|---|
| 170 | Unknown bugcheck code (111)
|
|---|
| 171 | Unknown bugcheck description
|
|---|
| 172 | Arguments:
|
|---|
| 173 | Arg1: 0000000000000000
|
|---|
| 174 | Arg2: 0000000000000000
|
|---|
| 175 | Arg3: 0000000000000000
|
|---|
| 176 | Arg4: 0000000000000000
|
|---|
| 177 |
|
|---|
| 178 | Debugging Details:
|
|---|
| 179 | ------------------
|
|---|
| 180 |
|
|---|
| 181 | *** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
|
|---|
| 182 | TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2
|
|---|
| 183 |
|
|---|
| 184 | DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
|
|---|
| 185 |
|
|---|
| 186 | BUGCHECK_STR: 0x111
|
|---|
| 187 |
|
|---|
| 188 | PROCESS_NAME: System
|
|---|
| 189 |
|
|---|
| 190 | CURRENT_IRQL: f
|
|---|
| 191 |
|
|---|
| 192 | LAST_CONTROL_TRANSFER: from fffff800029b16d2 to fffff800028b3f60
|
|---|
| 193 |
|
|---|
| 194 | STACK_TEXT:
|
|---|
| 195 | fffff880`02f1db58 fffff800`029b16d2 : fffff800`00000010 fffffa80`01be2a20 00000000`00000000 fffff800`029b17e2 : nt!RtlpBreakWithStatusInstruction
|
|---|
| 196 | fffff880`02f1db60 fffff800`028138da : fffff800`00000005 00000028`00000025 00000000`0000027f fffff800`028292b0 : nt!KiBugCheckDebugBreak+0x12
|
|---|
| 197 | fffff880`02f1dbc0 fffff800`029d0513 : 00000000`00000001 fffff800`028292b0 00000000`00000000 00000000`0000005c : hal!HalBugCheckSystem+0x1ba
|
|---|
| 198 | fffff880`02f1dc00 fffff800`0280d6c1 : fffffa80`000006c0 fffff880`02f1de20 fffff880`02f1dcf0 fffff800`028292b0 : nt!WheaReportHwError+0x263
|
|---|
| 199 | fffff880`02f1dc60 fffff800`02974311 : fffff880`02f1de30 00000000`00000001 00000000`00000001 fffffa80`0203b200 : hal!HalHandleNMI+0x149
|
|---|
| 200 | fffff880`02f1dc90 fffff800`028b9202 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiProcessNMI+0x131
|
|---|
| 201 | fffff880`02f1dcf0 fffff800`028b9063 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxNmiInterrupt+0x82
|
|---|
| 202 | fffff880`02f1de30 fffff800`028c8acf : 00000000`00000000 fffff880`02f3bb80 fffff880`02f13180 00000000`00000001 : nt!KiNmiInterrupt+0x163
|
|---|
| 203 | fffff880`02f3bb00 fffff880`0450f9c2 : fffff800`028c9a3a 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 : nt!KiSecondaryClockInterrupt+0x5f
|
|---|
| 204 | fffff880`02f3bc98 fffff800`028c9a3a : 00000000`ffffffed fffffa80`0203b2b8 fffff880`02f1dfc0 00000000`00000001 : intelppm+0x39c2
|
|---|
| 205 | fffff880`02f3bca0 fffff800`028c46cc : fffff880`02f13180 fffff880`00000000 00000000`00000000 fffff800`02950cf0 : nt!PoIdle+0x53a
|
|---|
| 206 | fffff880`02f3bd80 00000000`00000000 : fffff880`02f3c000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
|
|---|
| 207 |
|
|---|
| 208 |
|
|---|
| 209 | STACK_COMMAND: kb
|
|---|
| 210 |
|
|---|
| 211 | FOLLOWUP_IP:
|
|---|
| 212 | intelppm+39c2
|
|---|
| 213 | fffff880`0450f9c2 c3 ret
|
|---|
| 214 |
|
|---|
| 215 | SYMBOL_STACK_INDEX: 9
|
|---|
| 216 |
|
|---|
| 217 | SYMBOL_NAME: intelppm+39c2
|
|---|
| 218 |
|
|---|
| 219 | FOLLOWUP_NAME: MachineOwner
|
|---|
| 220 |
|
|---|
| 221 | MODULE_NAME: intelppm
|
|---|
| 222 |
|
|---|
| 223 | IMAGE_NAME: intelppm.sys
|
|---|
| 224 |
|
|---|
| 225 | DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc0fd
|
|---|
| 226 |
|
|---|
| 227 | FAILURE_BUCKET_ID: X64_0x111_intelppm+39c2
|
|---|
| 228 |
|
|---|
| 229 | BUCKET_ID: X64_0x111_intelppm+39c2
|
|---|
| 230 |
|
|---|
| 231 | Followup: MachineOwner
|
|---|
| 232 | ---------
|
|---|