Index: /trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp
===================================================================
--- /trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp	(revision 45486)
+++ /trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp	(revision 45487)
@@ -2426,5 +2426,4 @@
             Assert(!(u32TprThreshold & 0xfffffff0));            /* Bits 31:4 MBZ. */
 
-            Log(("Getting TPR=%d Threshold=%u\n", pVCpu->hm.s.vmx.pbVirtApic[0x80], u32TprThreshold));
             rc = VMXWriteVmcs32(VMX_VMCS32_CTRL_TPR_THRESHOLD, u32TprThreshold);
             AssertRCReturn(rc, rc);
@@ -3442,5 +3441,5 @@
         /* The unusable bit is specific to VT-x, if it's a null selector mark it as an unusable segment. */
         uint32_t u32Access = 0;
-        if (!(pCtx->ldtr.Attr.u & VMX_SEL_UNUSABLE))
+        if (!pCtx->ldtr.Attr.u)
             u32Access = VMX_SEL_UNUSABLE;
         else
@@ -5559,14 +5558,16 @@
                 break;
         }
+        Log(("Converting pending HM event to TRPM trap uVector=%#x enmTrapType=%d\n", uVector, enmTrapType));
         int rc = TRPMAssertTrap(pVCpu, uVector, enmTrapType);
         AssertRC(rc);
         if (fErrorCodeValid)
             TRPMSetErrorCode(pVCpu, uErrorCode);
-
-        /* Clear the VT-x state bits now that TRPM has the information. */
+        AssertRC(rc);
         pVCpu->hm.s.Event.fPending = false;
-        rc = VMXWriteVmcs32(VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, 0);
-        AssertRC(rc);
-    }
+    }
+
+    /* Clear the VT-x state bits to prevent any stale injection. */
+    int rc2 = VMXWriteVmcs32(VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, 0);
+    AssertRC(rc2);
 }
 
@@ -5786,4 +5787,5 @@
     if (pVCpu->hm.s.Event.fPending)
     {
+        Log(("Pending event\n"));
         int rc = hmR0VmxInjectEventVmcs(pVM, pVCpu, pMixedCtx, pVCpu->hm.s.Event.u64IntrInfo, 0 /* cbInstr */,
                                     pVCpu->hm.s.Event.u32ErrCode);
@@ -5803,4 +5805,5 @@
         uIntrInfo |= (1 << VMX_EXIT_INTERRUPTION_INFO_VALID_SHIFT);
         uIntrInfo |= (VMX_EXIT_INTERRUPTION_INFO_TYPE_NMI << VMX_EXIT_INTERRUPTION_INFO_TYPE_SHIFT);
+        Log(("Injecting NMI\n"));
         int rc = hmR0VmxInjectEventVmcs(pVM, pVCpu, pMixedCtx, uIntrInfo, 0 /* cbInstr */, 0 /* u32ErrCode */);
         AssertRCReturn(rc, rc);
@@ -5829,4 +5832,5 @@
                 if (RT_SUCCESS(rc))
                 {
+                    Log(("PDMGetInterrupt: u8Interrupt=%#x\n", u8Interrupt));
                     /* Convert pending interrupt from PIC/APIC into TRPM and handle it below. */
                     rc = TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
@@ -5857,5 +5861,7 @@
         && TRPMHasTrap(pVCpu))
     {
+        Log(("Injecting TRPM trap\n"));
         rc = hmR0VmxInjectTRPMTrap(pVM, pVCpu, pMixedCtx);
+        Assert(!TRPMHasTrap(pVCpu));
         AssertRCReturn(rc, rc);
     }
@@ -6446,5 +6452,5 @@
     /* Load the required guest state bits (for guest-state changes in the inner execution loop). */
     Assert(!(pVCpu->hm.s.fContextUseFlags & HM_CHANGED_HOST_CONTEXT));
-    Log(("LoadFlags=%#RX32\n", pVCpu->hm.s.fContextUseFlags));
+    Log4(("LoadFlags=%#RX32\n", pVCpu->hm.s.fContextUseFlags));
     int rc = VINF_SUCCESS;
     if (pVCpu->hm.s.fContextUseFlags == HM_CHANGED_GUEST_RIP)
@@ -6581,5 +6587,4 @@
             && pVmxTransient->u8GuestTpr != pVCpu->hm.s.vmx.pbVirtApic[0x80])
         {
-            Log(("Setting TPR=%d\n", pVCpu->hm.s.vmx.pbVirtApic[0x80]));
             rc = PDMApicSetTPR(pVCpu, pVCpu->hm.s.vmx.pbVirtApic[0x80]);
             AssertRC(rc);
@@ -7671,7 +7676,4 @@
                     pVCpu->hm.s.fContextUseFlags |= HM_CHANGED_GUEST_CR0;
                     break;
-                case 2: /* CR2 */
-                    Log(("CR2 write rc=%d\n", rc));
-                    break;
                 case 3: /* CR3 */
                     Assert(!pVM->hm.s.fNestedPaging || !CPUMIsGuestPagingEnabledEx(pMixedCtx));
@@ -8036,5 +8038,6 @@
                                                   CPUMCTX2CORE(pMixedCtx), GCPhys);
             rc = VBOXSTRICTRC_VAL(rc2);
-            Log(("ApicAccess %RGp %#x\n", GCPhys, VMX_EXIT_QUALIFICATION_APIC_ACCESS_OFFSET(pVmxTransient->uExitQualification)));
+            Log(("ApicAccess %RGp %#x rc=%d\n", GCPhys,
+                 VMX_EXIT_QUALIFICATION_APIC_ACCESS_OFFSET(pVmxTransient->uExitQualification), rc));
             if (   rc == VINF_SUCCESS
                 || rc == VERR_PAGE_TABLE_NOT_PRESENT
@@ -8315,5 +8318,5 @@
     }
 
-    Assert(rc == VINF_SUCCESS || rc == VINF_EM_RESET);
+    Assert(rc == VINF_SUCCESS || rc == VINF_EM_RESET || rc == VINF_EM_RAW_GUEST_TRAP || rc == VINF_EM_DBG_BREAKPOINT);
     return rc;
 }
@@ -8428,4 +8431,6 @@
         rc |= hmR0VmxReadExitIntrErrorCodeVmcs(pVCpu, pVmxTransient);
         rc |= hmR0VmxReadExitInstrLenVmcs(pVCpu, pVmxTransient);
+        rc |= hmR0VmxSaveGuestRip(pVM, pVCpu, pMixedCtx);
+        Log(("#GP Gst: RIP %#RX64\n", pMixedCtx->rip));
         rc |= hmR0VmxInjectEventVmcs(pVM, pVCpu, pMixedCtx,
                                         VMX_VMCS_CTRL_ENTRY_IRQ_INFO_FROM_EXIT_INT_INFO(pVmxTransient->uExitIntrInfo),