Windows 2008 Guest BSOD, BugCheck 8E, {c0000005, ab80, 0, 0}
Posted: 24. Jun 2009, 22:03
Hello everybody.
This message is about a BSOD I got. I was doing some development with Visual Studio (in guest). At some point hard disc performance dropped significantly, and saving a code file in VS was taking too (way too long, about 8-10 seconds). I have absolutely no idea why would that happen..
I decided to restart the system and then during system startup (probably right after the logon screen, not sure though), I got a BSOD.The only suspicious thing I did right before I got the BSOD was to unmount the mounted ISO file.
My host is Windows XP SP3 and my guest is Windows 2008 SP1 Enterprise Edition. I am running VirtualBox 2.2.4r47978. The minidump is a little too big to upload it as an attachment... So I'm just including the WinDbg output.
This message is about a BSOD I got. I was doing some development with Visual Studio (in guest). At some point hard disc performance dropped significantly, and saving a code file in VS was taking too (way too long, about 8-10 seconds). I have absolutely no idea why would that happen..
I decided to restart the system and then during system startup (probably right after the logon screen, not sure though), I got a BSOD.The only suspicious thing I did right before I got the BSOD was to unmount the mounted ISO file.
My host is Windows XP SP3 and my guest is Windows 2008 SP1 Enterprise Edition. I am running VirtualBox 2.2.4r47978. The minidump is a little too big to upload it as an attachment... So I'm just including the WinDbg output.
Code: Select all
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, ab80, 0, 0}
Page 37bda not present in the dump file. Type ".hh dbgerr004" for details
Page 37ef0 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Probably caused by : memory_corruption
Followup: memory_corruption
Code: Select all
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 0000ab80, The address that the exception occurred at
Arg3: 00000000, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
Page 37bda not present in the dump file. Type ".hh dbgerr004" for details
Page 37ef0 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+26a952f00c4dfdc
0000ab80 ?? ???
TRAP_FRAME: 80773f8c -- (.trap 0xffffffff80773f8c)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=0000ab80 edx=00000000 esi=00000000 edi=00000000
eip=0000ab80 esp=80774000 ebp=00000000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
0008:0000ab80 ?? ???
Resetting default scope
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x8E
PROCESS_NAME: services.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: 80773f38 -- (.exr 0xffffffff80773f38)
ExceptionAddress: 0000ab80
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000ab80
Attempt to read from address 0000ab80
LAST_CONTROL_TRANSFER: from 91dfb948 to 818e46d9
STACK_TEXT:
80773a60 91dfb948 0000008e c0000005 0000ab80 nt!KeBugCheckEx+0x1e
WARNING: Stack unwind information not available. Following frames may be wrong.
80773a7c 81893142 80773f38 807746c0 80773c34 peauth+0x29948
80773aa0 81893114 80773f38 807746c0 80773c34 nt!ExecuteHandler2+0x26
80773b58 8185af65 80773f38 80773c34 e7685fdd nt!ExecuteHandler+0x24
80773f1c 8188156a 80773f38 00000000 80773f8c nt!KiDispatchException+0x170
80773f84 8188151e 00000000 0000ab80 badb0d00 nt!CommonDispatchException+0x4a
80773f8c 00000000 badb0d00 00000000 90905cfc nt!KiExceptionExit+0x186
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
818317ac-818317b0 5 bytes - nt!Ki386VdmEnablePentiumExtentions+4
[ fa 0f 20 e0 f7:e9 f7 61 de 79 ]
818457fe-81845802 5 bytes - nt!KeSetActualBasePriorityThread+8f (+0x14052)
[ fa 64 8b 35 20:e9 85 3b db 79 ]
8185bd29-8185bd2d 5 bytes - nt!NtYieldExecution+123 (+0x1652b)
[ fa 64 8b 1d 20:e9 4a a2 d7 79 ]
8185be08-8185be0c 5 bytes - nt!NtYieldExecution+202 (+0xdf)
[ fa 8b 4e 04 0f:e9 33 06 dc 79 ]
81863d75-81863d79 5 bytes - nt!KeSetPriorityThread+7a (+0x7f6d)
[ fa 64 8b 35 20:e9 1e 2d d7 79 ]
81864477-8186447b 5 bytes - nt!KeSetBasePriorityThread+14e (+0x702)
[ fa 64 8b 3d 20:e9 8c 51 db 79 ]
81868c07-81868c0b 5 bytes - nt!KeSaveFloatingPointState+ee (+0x4790)
[ fa 0f 20 c0 8b:e9 e4 04 db 79 ]
81868e24-81868e28 5 bytes - nt!KeRestoreFloatingPointState+79 (+0x21d)
[ fa f6 03 01 74:e9 d7 05 db 79 ]
8186a86b-8186a86f 5 bytes - nt!KiQuantumEnd+1ac (+0x1a47)
[ fa 8b 4e 04 0f:e9 40 13 da 79 ]
8186ff05-8186ff09 5 bytes - nt!KiXMMIZeroPages+19 (+0x569a)
[ fa f7 80 0c 02:e9 fe 44 d9 79 ]
81871389-8187138d 5 bytes - nt!KiChainedDispatch+29 (+0x1484)
[ fa 64 8b 0d 1c:e9 da 26 da 79 ]
8187204a-8187204e 5 bytes - nt!ExfInterlockedInsertTailList+6 (+0xcc1)
[ fa f0 0f ba 2e:e9 a9 70 d8 79 ]
8187209d-818720a1 5 bytes - nt!ExfInterlockedRemoveHeadList+1 (+0x53)
[ fa f0 0f ba 2a:e9 b6 ce d8 79 ]
81880a00-81880a04 5 bytes - nt!KiServiceExit (+0xe963)
[ fa f6 45 72 02:e9 bb 30 d5 79 ]
81880a60 - nt!KiServiceExit+60 (+0x60)
[ fa:cc ]
81880ba9-81880bad 5 bytes - nt!KiServiceExit2 (+0x149)
[ fa f6 45 72 02:e9 72 d4 d8 79 ]
81880be7 - nt!KiServiceExit2+3e (+0x3e)
[ fa:cc ]
81881398-8188139c 5 bytes - nt!KiExceptionExit (+0x7b1)
[ fa f6 45 72 02:e9 d3 58 d5 79 ]
818813d6 - nt!KiExceptionExit+3e (+0x3e)
[ fa:cc ]
818831b8 - nt!VdmFixEspEbp+3 (+0x1de2)
[ 0f:cc ]
81884354-81884358 5 bytes - nt!KiFlushNPXState+4 (+0x119c)
[ fa 64 8b 3d 1c:e9 27 f2 d4 79 ]
81891d8c-81891d90 5 bytes - nt!KiExitDispatcher+89 (+0xda38)
[ fa 8b 4e 04 0f:e9 4f 1b d4 79 ]
81891f30-81891f34 5 bytes - nt!KiIsContextSwapActive+4 (+0x1a4)
[ fa 64 a1 0c 00:e9 fb 06 d4 79 ]
81892001-81892005 5 bytes - nt!KiDispatchInterrupt+a1 (+0xd1)
[ fa 0f 31 2b 83:e9 3a 20 d7 79 ]
818920aa-818920ae 5 bytes - nt!SwapContext+a (+0xa9)
[ fa fe 8b 31 01:e9 91 8d d6 79 ]
8189251f-81892523 5 bytes - nt!KiIdleLoop+1b (+0x475)
[ fa 8b 83 0c 1b:e9 64 80 d6 79 ]
81892597-8189259b 5 bytes - nt!KiIdleLoop+93 (+0x78)
[ fa 0f 31 2b 83:e9 e4 89 d6 79 ]
81893a23 - nt!KiRetireDpcList+ba (+0x148c)
[ fa:cc ]
81893ad6 - nt!KiRetireDpcList+16d (+0xb3)
[ fa:cc ]
81893bd1 - nt!KiRetireDpcList+264 (+0xfb)
[ fa:cc ]
81893bf2 - nt!KiRetireDpcList+285 (+0x21)
[ fa:cc ]
81893c84-81893c88 5 bytes - nt!KiTimerExpiration+4e (+0x92)
[ fa a1 18 00 df:e9 4f 89 d6 79 ]
81893e87-81893e8b 5 bytes - nt!KiTimerExpiration+251 (+0x203)
[ fa 8b 48 f8 89:e9 0c 8a d6 79 ]
8189452b-8189452f 5 bytes - nt!KiSwapThread+1b (+0x6a4)
[ fa 8b 4e 04 0f:e9 10 13 d4 79 ]
81897132-81897136 5 bytes - nt!KiSwapKernelStackAndExit+12 (+0x2c07)
[ fa 85 d2 0f 85:e9 d9 e8 d3 79 ]
81897248-8189724c 5 bytes - nt!KiSwapKernelStackAndExit+128 (+0x116)
[ fa 8f 83 28 01:e9 ab eb d3 79 ]
81897382-81897386 5 bytes - nt!NtCallbackReturn+46 (+0x13a)
[ fa e8 2c fd ff:e9 19 91 d5 79 ]
8189769d-818976a1 5 bytes - nt!KeUpdateSystemTime+ed (+0x31b)
[ fa 64 8b 0d 1c:e9 7e 8c d6 79 ]
8189b7e5 - nt!KiSaveProcessorControlState+75 (+0x4148)
[ 0f:cc ]
8189b7ec - nt!KiSaveProcessorControlState+7c (+0x07)
[ 0f:cc ]
8189b7f3 - nt!KiSaveProcessorControlState+83 (+0x07)
[ 0f:cc ]
8189b7fa - nt!KiSaveProcessorControlState+8a (+0x07)
[ 0f:cc ]
818b8eed-818b8ef1 5 bytes - nt!KeTerminateThread+62 (+0x1d6f3)
[ fa 64 8b 0d 20:e9 9e 2e d5 79 ]
818c9f52-818c9f56 5 bytes - nt!KeSetPriorityAndQuantumProcess+2f5 (+0x11065)
[ fa 64 8b 35 20:e9 81 fa d2 79 ]
818e630a - nt!Ki386CheckDelayedNpxTrap+327 (+0x1c3b8)
[ fa:cc ]
8190c008-8190c00c 5 bytes - nt!Ki386EnableGlobalPage+8
[ fa f0 ff 0a f3:e9 f3 82 cf 79 ]
8190c0cd-8190c0d1 5 bytes - nt!Ki386EnableCurrentLargePage+9 (+0xc5)
[ fa 0f 20 d8 0f:e9 26 81 cf 79 ]
8190c48a - nt!CPUID+a (+0x3bd)
[ 0f:cc ]
81959161 - nt!KiInitializeProcessorState+20
[ 0f:cc ]
8195917f - nt!KiInitializeProcessorState+3e (+0x1e)
[ 0f:cc ]
81ae5775 - nt!KiCalibrateTimeAdjustment+256
[ 0f:cc ]
187 errors : !nt (818317ac-81ae5775)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
Followup: memory_corruption
