Opened 15 years ago
Closed 8 years ago
#6151 closed defect (obsolete)
BSOD: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd => nVidia?
Reported by: | Ryan Capp | Owned by: | |
---|---|---|---|
Component: | network/hostif | Version: | VirtualBox 3.1.2 |
Keywords: | BSOD, X64, D1, VBoxNetFlt | Cc: | |
Guest type: | other | Host type: | Windows |
Description (last modified by )
Loading Dump File [C:\Windows\Minidump\021010-32245-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff80002e54000 PsLoadedModuleList = 0xfffff800
03091e50
Debug session time: Wed Feb 10 03:25:26.678 2010 (GMT-5)
System Uptime: 0 days 0:14:30.474
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
......
*
- *
- Bugcheck Analysis *
- *
*
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff880640acfcf, 2, 8, fffff880640acfcf}
Unable to load image \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys, Win32 error 0n2 * WARNING: Unable to verify timestamp for VBoxNetFlt.sys * ERROR: Module load completed but symbols could not be loaded for VBoxNetFlt.sys Probably caused by : VBoxNetFlt.sys ( VBoxNetFlt+81fd )
Followup: MachineOwner
2: kd> !analyze -v *
- *
- Bugcheck Analysis *
- *
*
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff880640acfcf, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000008, value 0 = read operation, 1 = write operation Arg4: fffff880640acfcf, address which referenced memory
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fc0e0
fffff880640acfcf
CURRENT_IRQL: 2
FAULTING_IP: +0 fffff880`640acfcf ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff8800318b770 -- (.trap 0xfffff8800318b770) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000028 rdx=0000000000000045 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880640acfcf rsp=fffff8800318b908 rbp=fffffa8008ae7018
r8=0000000000000000 r9=0000000000000028 r10=0000000000000001
r11=fffffa800a8efc00 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc fffff880`640acfcf ?? ??? Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ec5469 to fffff80002ec5f00
FAILED_INSTRUCTION_ADDRESS: +0 fffff880`640acfcf ?? ???
STACK_TEXT:
fffff8800318b628 fffff800
02ec5469 : 000000000000000a fffff880
640acfcf 0000000000000002 00000000
00000008 : ntKeBugCheckEx
fffff8800318b630 fffff800
02ec40e0 : fffffa8007c35000 fffffa80
0a8efd30 fffffa8008cdf7a0 fffffa80
084141a0 : ntKiBugCheckDispatch+0x69
fffff8800318b770 fffff880
640acfcf : fffff8800185c0cb 00000000
00000000 0000000000000001 fffffa80
07c51c58 : ntKiPageFault+0x260
fffff8800318b908 fffff880
0185c0cb : 0000000000000000 00000000
00000001 fffffa8007c51c58 ffff0000
028ec970 : 0xfffff880`640acfcf
fffff8800318b910 fffff880
0185c426 : 0000000000000006 fffffa80
07c60000 0000000000000000 00000000
08cdf701 : tcpip!Ipv4pValidateNetBuffer+0x19b
fffff8800318b970 fffff880
0185b272 : fffffa8008cf0210 00000000
00000000 fffffa8008cdf701 00000000
00000001 : tcpipIpFlcReceivePackets+0x256
fffff8800318bb70 fffff880
018746ba : fffffa8008cdf7a0 fffff880
0318bca0 fffffa8008cdf7a0 00000000
00000000 : tcpipFlpReceiveNonPreValidatedNetBufferListChain+0x2b2
fffff8800318bc50 fffff800
02ed564a : fffffa800a8efc00 fffff880
03187000 0000000000004800 00000000
00000000 : tcpipFlReceiveNetBufferListChainCalloutRoutine+0xda
fffff8800318bca0 fffff880
018740e2 : fffff880018745e0 fffff880
0318bdb0 fffff8800318c102 00000000
00000001 : ntKeExpandKernelStackAndCalloutEx+0xda
fffff8800318bd80 fffff880
017060eb : fffffa8008cf0820 00000000
00000000 fffffa80084141a0 fffff880
01651afe : tcpipFlReceiveNetBufferListChain+0xb2
fffff8800318bdf0 fffff880
016cffc6 : fffffa8000000000 00000000
00000000 0000000000000000 00000000
00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb
fffff8800318be60 fffff880
01652a24 : fffffa80084141a0 00000000
00000002 0000000000000001 00000000
00000000 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6
fffff8800318c2e0 fffff880
017068d5 : 0000000000000001 00000000
00000000 fffffa80084141a0 00000000
00000000 : ndis!ndisMTopReceiveNetBufferLists+0x24
fffff8800318c320 fffff880
041681fd : 0000000000000000 00000000
00000001 fffff88000000001 fffffa80
0a953a30 : ndis!ndisMIndicatePacketsToNetBufferLists+0x105
fffff8800318c3c0 00000000
00000000 : 0000000000000001 fffff880
00000001 fffffa800a953a30 00000000
00000000 : VBoxNetFlt+0x81fd
STACK_COMMAND: kb
FOLLOWUP_IP: VBoxNetFlt+81fd fffff880`041681fd ?? ???
SYMBOL_STACK_INDEX: e
SYMBOL_NAME: VBoxNetFlt+81fd
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: VBoxNetFlt
IMAGE_NAME: VBoxNetFlt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b2a38e9
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd
BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd
Followup: MachineOwner
Attachments (1)
Change History (9)
by , 15 years ago
Attachment: | 021010-32245-01.dmp added |
---|
comment:1 by , 15 years ago
comment:2 by , 15 years ago
The minidump shows nothing wrong with the VBoxNetFlt behavior, and unfortunately we're not able to reproduce the problem on Win7 x64 following exactly the same steps you describe.
Did the BSOD happen only once after win update for you?
Do you have any custom networking-related software installed on your host (i.e. other virtualyzers, VPN, antivirus, firewall software, etc.)?
comment:3 by , 15 years ago
Actually, I opened the full memory dump file and saw that the NVIDIA nForce network drivers seemed to play a role in the crash:
BugCheck D1, {fffff880640acfcf, 2, 8, fffff880640acfcf} *** ERROR: Symbol file could not be found. Defaulted to export symbols for VBoxNetFlt.sys - *** ERROR: Symbol file could not be found. Defaulted to export symbols for nvmf6264.sys - Probably caused by : VBoxNetFlt.sys ( VBoxNetFlt+81fd )
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff880640acfcf, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000008, value 0 = read operation, 1 = write operation Arg4: fffff880640acfcf, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: fffff880640acfcf CURRENT_IRQL: 2 FAULTING_IP: +0 fffff880`640acfcf ?? ??? DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff8800318b770 -- (.trap 0xfffff8800318b770) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000028 rdx=0000000000000045 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880640acfcf rsp=fffff8800318b908 rbp=fffffa8008ae7018 r8=0000000000000000 r9=0000000000000028 r10=0000000000000001 r11=fffffa800a8efc00 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc fffff880`640acfcf ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ec5469 to fffff80002ec5f00 FAILED_INSTRUCTION_ADDRESS: +0 fffff880`640acfcf ?? ??? STACK_TEXT: fffff880`0318b628 fffff800`02ec5469 : 00000000`0000000a fffff880`640acfcf 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx fffff880`0318b630 fffff800`02ec40e0 : fffffa80`07c35000 fffffa80`0a8efd30 fffffa80`08cdf7a0 fffffa80`084141a0 : nt!KiBugCheckDispatch+0x69 fffff880`0318b770 fffff880`640acfcf : fffff880`0185c0cb 00000000`00000000 00000000`00000001 fffffa80`07c51c58 : nt!KiPageFault+0x260 fffff880`0318b908 fffff880`0185c0cb : 00000000`00000000 00000000`00000001 fffffa80`07c51c58 ffff0000`028ec970 : 0xfffff880`640acfcf fffff880`0318b910 fffff880`0185c426 : 00000000`00000006 fffffa80`07c60000 00000000`00000000 00000000`08cdf701 : tcpip!Ipv4pValidateNetBuffer+0x19b fffff880`0318b970 fffff880`0185b272 : fffffa80`08cf0210 00000000`00000000 fffffa80`08cdf701 00000000`00000001 : tcpip!IpFlcReceivePackets+0x256 fffff880`0318bb70 fffff880`018746ba : fffffa80`08cdf7a0 fffff880`0318bca0 fffffa80`08cdf7a0 00000000`00000000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2 fffff880`0318bc50 fffff800`02ed564a : fffffa80`0a8efc00 fffff880`03187000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda fffff880`0318bca0 fffff880`018740e2 : fffff880`018745e0 fffff880`0318bdb0 fffff880`0318c102 00000000`00000001 : nt!KeExpandKernelStackAndCalloutEx+0xda fffff880`0318bd80 fffff880`017060eb : fffffa80`08cf0820 00000000`00000000 fffffa80`084141a0 fffff880`01651afe : tcpip!FlReceiveNetBufferListChain+0xb2 fffff880`0318bdf0 fffff880`016cffc6 : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb fffff880`0318be60 fffff880`01652a24 : fffffa80`084141a0 00000000`00000002 00000000`00000001 00000000`00000000 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6 fffff880`0318c2e0 fffff880`017068d5 : 00000000`00000001 00000000`00000000 fffffa80`084141a0 00000000`00000000 : ndis!ndisMTopReceiveNetBufferLists+0x24 fffff880`0318c320 fffff880`041681fd : 00000000`00000000 00000000`00000001 fffff880`00000001 fffffa80`0a953a30 : ndis!ndisMIndicatePacketsToNetBufferLists+0x105 fffff880`0318c3c0 fffff880`0170f37b : 00000000`00000001 fffffa80`085b1550 00000000`00000000 fffffa80`07c01680 : VBoxNetFlt+0x81fd fffff880`0318c550 fffff880`016d00eb : fffffa80`082521a0 fffff880`0318c960 00000000`00000001 fffffa80`09436000 : ndis!ethFilterDprIndicateReceivePacket+0x36b fffff880`0318c620 fffff880`01649ef1 : fffffa80`082521a0 fffff880`04108601 00000000`00000001 fffffa80`08ae700a : ndis!ndisMDispatchReceiveNetBufferLists+0x2fb fffff880`0318caa0 fffff880`040f0bcd : fffffa80`08ae5580 00000000`00000000 fffff880`0318cc10 00000000`3402003c : ndis!NdisMIndicateReceiveNetBufferLists+0xc1 fffff880`0318caf0 fffff880`0410950f : fffff880`04129d90 00000000`00000000 00000000`00000001 00000000`14020000 : nvmf6264+0x4bcd fffff880`0318cb30 fffff880`0410906d : 00000000`14020000 fffff880`0318cc10 fffff880`00000000 00000000`00000000 : nvmf6264!PARAM_InitClient+0xfa17 fffff880`0318cbf0 fffff880`01649da5 : fffffa80`08b6a9a0 00000000`00000000 fffffa80`082521a0 fffffa80`082521a0 : nvmf6264!PARAM_InitClient+0xf575 fffff880`0318cc40 fffff800`02ed15dc : fffffa80`08b6ac38 00000000`00000000 00000000`00000000 fffff880`03164180 : ndis!ndisInterruptDpc+0x155 fffff880`0318ccd0 fffff800`02ece6fa : fffff880`03164180 fffff880`0316ef80 00000000`00000000 fffff880`01649c50 : nt!KiRetireDpcList+0x1bc fffff880`0318cd80 00000000`00000000 : fffff880`0318d000 fffff880`03187000 fffff880`0318cd40 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: VBoxNetFlt+81fd fffff880`041681fd eb0f jmp VBoxNetFlt+0x820e (fffff880`0416820e) SYMBOL_STACK_INDEX: e SYMBOL_NAME: VBoxNetFlt+81fd FOLLOWUP_NAME: MachineOwner MODULE_NAME: VBoxNetFlt IMAGE_NAME: VBoxNetFlt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4b2a38e9 FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd Followup: MachineOwner ---------
comment:4 by , 15 years ago
Summary: | BSOD: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd → BSOD: X64_0xD1_CODE_AV_BAD_IP_VBoxNetFlt+81fd => nVidia? |
---|
comment:5 by , 15 years ago
nvmf6264 is a NVIDIA driver, which could be malforming data passed to VirtualBox. Although, there should be some kind of sanity check in place to avoid such a crash.
I'll have to look over the full back trace when I have some time and see even if I can reproduce it (only a one-time deal so far).
comment:8 by , 8 years ago
Description: | modified (diff) |
---|---|
Resolution: | → obsolete |
Status: | new → closed |
Please reopen if still relevant with a recent VirtualBox release.
Additional notes: Bug check occurred after system reboot in response to February issued Windows updates.
Here is a list of updates installed prior to crash: