#9803 closed defect (fixed)

VBoxDrv.sys BSoD when suspending/shutting down guest -- mutex lock issue

Reported by:	jarz	Owned by:
Component:	other	Version:	VirtualBox 4.1.4
Keywords:	bsod, vboxdrv	Cc:
Guest type:	Linux	Host type:	Windows

Description (last modified by Frank Mehnert)

Whenever I attempt to suspend or shut down a guest, system blue-screens.

WinDbg suggests locks freed in reverse order.

Windows 7 Professional 64-bit 8 GB RAM

Information from full memory dump Bugcheck Analysis

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000001003, Releasing two locks in reverse order of their acquire.
Arg2: fffff980280ccfc8, First lock address.
Arg3: fffff980281a0fc8, Second lock address.
Arg4: fffffa8008e21090, Verifier internal data.

Additional debug text:

MODULE_NAME: VBoxDrv

FAULTING_MODULE: fffff80002e13000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e89c9b2

BUGCHECK_STR:  0xc4_1003

DRIVER_DEADLOCK: Error: incorrect symbols for kernel 

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800033193dc to fffff80002e8fc40

STACK_TEXT:  
fffff880`09d33558 fffff800`033193dc : 00000000`000000c4 00000000`00001003 fffff980`280ccfc8 fffff980`281a0fc8 : nt!KeBugCheckEx
fffff880`09d33560 fffff800`0331a5c8 : fffff980`280ccfc8 fffff800`0331a852 fffffa80`06b28ee0 00000000`00000003 : nt!NtShutdownSystem+0x7a4c
fffff880`09d335a0 fffff800`03326817 : 00000000`000076fa fffff880`03e77b3f fffff800`03318290 fffff980`280ccfc8 : nt!NtShutdownSystem+0x8c38
fffff880`09d335e0 fffff800`03327945 : fffff980`280ccfc8 00000000`00000001 00000000`00000000 fffff880`03e5f1ab : nt!NtShutdownSystem+0x14e87
fffff880`09d336a0 fffff880`03e77b3f : 00000000`00000006 00000000`00000000 fffffa80`082aa010 fffffa80`08e94bc0 : nt!NtShutdownSystem+0x15fb5
fffff880`09d336d0 fffff880`09eee15d : fffff980`280ccfc8 fffff980`28020901 fffffa80`08e94bc0 fffff980`00000000 : VBoxDrv!RTSemFastMutexRelease+0x3f
fffff880`09d33700 fffff880`09eef055 : fffffa80`06b151f0 fffffa80`0830b010 00000000`00000000 fffff880`00000008 : VMMR0!GMMR0Term+0x4cd
fffff880`09d33770 fffff880`09ef0d00 : fffff980`28020990 fffff800`0332624c fffffa80`06b15148 fffff980`28020990 : VMMR0!GMMR0CleanupVM+0x115
fffff880`09d337d0 fffff880`03e60854 : fffff980`28110fc0 fffff980`28020990 fffffa80`08e94bc0 ffff8000`00000000 : VMMR0!GVMMR0DestroyVM+0x4b0
fffff880`09d33810 fffff880`09ef0a47 : fffffa80`082aa070 fffffa80`082aa010 00000000`00000000 fffffa80`07e360d8 : VBoxDrv!SUPR0ObjRelease+0x184
fffff880`09d33850 fffff880`09f00ba8 : fffff980`28a6cfd0 fffff980`28a6cfd0 fffffa80`08e94bc0 fffff980`270a4fb0 : VMMR0!GVMMR0DestroyVM+0x1f7
fffff880`09d338b0 fffff880`03e65d11 : fffff980`270a4ff8 00000000`00000000 fffffa80`08e94a70 00000000`00000002 : VMMR0!VMMR0EntryEx+0xe8
fffff880`09d33920 fffff880`03e5f1ab : fffff880`09d33a28 00000000`00000000 00000000`00000000 00000000`00000001 : VBoxDrv!SUPR0PageFree+0x2021
fffff880`09d33970 fffff800`03335c16 : fffff980`270a4ee0 00000000`00000002 fffffa80`08e94a70 fffffa80`06d64518 : VBoxDrv+0x11ab
fffff880`09d339b0 fffff800`031aaa97 : fffffa80`07fe1740 fffff880`09d33ca0 fffffa80`07fe1740 fffffa80`081c91e0 : nt!NtShutdownSystem+0x24286
fffff880`09d33a10 fffff800`031ab2f6 : fffffa80`08aaa001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtMapViewOfSection+0x15c7
fffff880`09d33b40 fffff800`02e8eed3 : 00000000`00000000 fffff800`03178b5c fffff880`09d33ca0 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffff880`09d33bb0 00000000`76f9138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a43
00000000`047efc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f9138a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
VBoxDrv!RTSemFastMutexRelease+3f
fffff880`03e77b3f 33c0            xor     eax,eax

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  VBoxDrv!RTSemFastMutexRelease+3f

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  VBoxDrv.sys

BUCKET_ID:  WRONG_SYMBOLS

Attachments (4)

102311-61043-01.dmp (279.2 KB ) - added by jarz 13 years ago.: Minidump
VBox.log (56.0 KB ) - added by jarz 13 years ago.: Most recent VBox.log
VBox.2.log (83.0 KB ) - added by Sniper296 13 years ago.: Latest VBox.log
Mini112111-01.dmp (160.3 KB ) - added by Sniper296 13 years ago.: BSOD mini dump

Download all attachments as: .zip

Change History (11)

by jarz, 13 years ago

Attachment:	102311-61043-01.dmp added

Minidump

by jarz, 13 years ago

Attachment:	VBox.log added

Most recent VBox.log

comment:1 by jarz, 13 years ago

This happens with Windows and Linux guests, as well as VirtualBox 4.1.2.

comment:2 by Shawn McCloskey, 13 years ago

Seeing very similar problem with Windows 2003 x32 host shutting down Windows 2003 x32 guest, Virtual Box 4.0.0

0: kd> !analyze -v *

*
Bugcheck Analysis *
*

IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 5b0ed0d8, memory referenced Arg2: d0000002, IRQL Arg3: 00000000, bitfield :

bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: 809aa27d, address which referenced memory

Debugging Details:

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details

READ_ADDRESS: 5b0ed0d8

CURRENT_IRQL: 2

FAULTING_IP: ntMmFreePagesFromMdl+5b 809aa27d 8b4118 mov eax,dword ptr [ecx+18h]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: VirtualBox.exe

TRAP_FRAME: b5af09d4 -- (.trap 0xffffffffb5af09d4) ErrCode = 00000000 eax=00000772 ebx=0000010b ecx=5b0ed0c0 edx=00000000 esi=878e2008 edi=878e23f8 eip=809aa27d esp=b5af0a48 ebp=b5af0a60 iopl=0 ov up ei pl nz na pe cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a07 ntMmFreePagesFromMdl+0x5b: 809aa27d 8b4118 mov eax,dword ptr [ecx+18h] ds:0023:5b0ed0d8=???????? Resetting default scope

LAST_CONTROL_TRANSFER: from 809aa27d to 8088c9eb

STACK_TEXT: b5af09d4 809aa27d badb0d00 00000000 844d0558 nt!KiTrap0E+0x2a7 b5af0a60 ba0e3f99 018e2008 b5af0ab4 88415dd0 ntMmFreePagesFromMdl+0x5b WARNING: Stack unwind information not available. Following frames may be wrong. b5af0a78 ba0d8b19 88415dd0 b5af0ab4 88dee010 VBoxDrv!RTMpIsCpuPresent+0x439 b5af0a90 b679b08b 88415dd0 00000000 873fb7c0 VBoxDrv!RTR0MemObjFree+0xb9 b5af0ac8 b679b84d 87cb7b08 00000001 88b85018 VMMR0!GMMR0Term+0x3db b5af0b08 b679cfbd 87cb7b08 b679d139 00000055 VMMR0!GMMR0CleanupVM+0x1dd b5af0b28 ba0d26c3 88dca5c0 88b85018 88b85094 VMMR0!GVMMR0DestroyVM+0x1dd b5af0b50 b679cf29 88dca5c0 00000055 88b85018 VBoxDrv!SUPR0ObjRelease+0x133 b5af0b7c b67acef0 85936000 897b5480 85e59a18 VMMR0!GVMMR0DestroyVM+0x149 b5af0b98 b67ad85a 00000000 00000000 85e54a60 VMMR0!VMMR0EntryFast+0x410 b5af0bd0 ba0d6955 85936000 00000000 00000005 VMMR0!VMMR0EntryEx+0xaa b5af0c00 ba0d10e8 0022801c 897b5480 85e54a60 VBoxDrv!SUPR0PageFree+0x17f5 b5af0c20 ba0d1487 897b5480 85e54a60 880d3638 VBoxDrv+0x10e8 b5af0c3c 8081df85 897b53c8 880d3638 88b8d228 VBoxDrv+0x1487 b5af0c50 808f54f9 880d36a8 890b46e8 880d3638 ntIofCallDriver+0x45 b5af0c64 808f629b 897b53c8 880d3638 890b46e8 ntIopSynchronousServiceTail+0x10b b5af0d00 808eedca 00001ef8 00000000 00000000 ntIopXxxControlFile+0x5e5 b5af0d34 808897ec 00001ef8 00000000 00000000 ntNtDeviceIoControlFile+0x2a b5af0d34 7c82847c 00001ef8 00000000 00000000 ntKiFastCallEntry+0xfc 02e7fe74 00000000 00000000 00000000 00000000 0x7c82847c

STACK_COMMAND: kb

FOLLOWUP_IP: VBoxDrv!RTMpIsCpuPresent+439 ba0e3f99 33ff xor edi,edi

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: VBoxDrv!RTMpIsCpuPresent+439

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: VBoxDrv

IMAGE_NAME: VBoxDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4e25680d

FAILURE_BUCKET_ID: 0xA_VBoxDrv!RTMpIsCpuPresent+439

BUCKET_ID: 0xA_VBoxDrv!RTMpIsCpuPresent+439

Followup: MachineOwner

0: kd> lmvm VBoxDrv start end module name ba0d0000 ba0fb000 VBoxDrv (export symbols) VBoxDrv.sys

Loaded symbol image file: VBoxDrv.sys Image path: \SystemRoot\system32\DRIVERS\VBoxDrv.sys Image name: VBoxDrv.sys Timestamp: Tue Jul 19 07:18:37 2011 (4E25680D) CheckSum: 0002E6BA ImageSize: 0002B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

comment:3 by Frank Mehnert, 13 years ago

Sorry, but is there any specific reason why you are using VirtualBox 4.0.0? Either upgrade to 4.0.14 or to 4.1.4!

comment:4 by Sniper296, 13 years ago

Same issue with Vista host, BackTrack guest with VM 4.1.6 r74713. IRQL_NOT_LESS_OR_EQUAL VBoxDrv.sys.

by Sniper296, 13 years ago

Attachment:	VBox.2.log added

Latest VBox.log

by Sniper296, 13 years ago

Attachment:	Mini112111-01.dmp added

BSOD mini dump

comment:5 by jarz, 13 years ago

From 4.1.4 -> 4.1.6 the issue went away on my desktop.

comment:6 by Shawn McCloskey, 13 years ago

Did a configuration change. Was defragging VDI files with diskeeper, stopped defragging vdi, and problem has temporarily went away.

comment:7 by Frank Mehnert, 12 years ago

Description:	modified (diff)
Resolution:	→ fixed
Status:	new → closed

Most probably obsolete.

Note: See TracTickets for help on using tickets.

Download in other formats: