Closed tandasat closed 6 years ago
Logs of the described bugcheck is here:
Microsoft (R) Windows Debugger Version 10.0.17030.1002 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_1
Waiting to reconnect...
Connected to Windows 10 17046 x64 target at (Sat Nov 25 18:51:14.318 2017 (UTC - 8:00)), ptr64 TRUE
Kernel Debugger connection established. (Initial Breakpoint requested)
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 17046 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17046.1000.amd64fre.rs_prerelease.171118-1403
Machine Name:
Kernel base = 0xfffff801`81c9c000 PsLoadedModuleList = 0xfffff801`82009d90
Debug session time: Sat Nov 25 18:51:11.864 2017 (UTC - 8:00)
System Uptime: 0 days 0:01:34.599
// ......
The SHV has been installed.
KDTARGET: Refreshing KD connection
*** Fatal System Error: 0x0000003b
(0x00000000C000001D,0xFFFFF80181D07B81,0xFFFFF005EEE5E110,0x0000000000000000)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows 10 17046 x64 target at (Sat Nov 25 18:51:45.134 2017 (UTC - 8:00)), ptr64 TRUE
Loading Kernel Symbols
..................................
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................
................................................................
............................................
Loading User Symbols
.....
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c000001d, fffff80181d07b81, fffff005eee5e110, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiFlushRangeWorker+71 )
Followup: MachineOwner
---------
nt!DbgBreakPointWithStatus:
fffff801`81e45080 int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the bugcheck
Arg2: fffff80181d07b81, Address of the instruction which caused the bugcheck
Arg3: fffff005eee5e110, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 0
BUILD_VERSION_STRING: 17046.1000.amd64fre.rs_prerelease.171118-1403
DUMP_TYPE: 0
BUGCHECK_P1: c000001d
BUGCHECK_P2: fffff80181d07b81
BUGCHECK_P3: fffff005eee5e110
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction.
FAULTING_IP:
nt!KiFlushRangeWorker+71
fffff801`81d07b81 invpcid esi,oword ptr [rsp]
CONTEXT: fffff005eee5e110 -- (.cxr 0xfffff005eee5e110)
rax=00000000024d0002 rbx=fffff005eee5eb88 rcx=ffffb2877c586580
rdx=ffffb2877be512c0 rsi=0000000000000000 rdi=fffff005eee5ef30
rip=fffff80181d07b81 rsp=fffff005eee5eb10 rbp=0000000000000000
r8=0000000000000014 r9=0000000000000002 r10=fffff005eee5ef28
r11=0000000000000000 r12=0000000000000001 r13=fffff005eee5ef28
r14=0000000000000001 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiFlushRangeWorker+0x71:
fffff801`81d07b81 invpcid esi,oword ptr [rsp] ss:0018:fffff005`eee5eb10=00000000024d00020000000000000001
Resetting default scope
CPU_COUNT: 2
CPU_MHZ: b58
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: 9
CPU_MICROCODE: 6,8e,9,0 (F,M,S,R) SIG: 62'00000000 (cache) 62'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: OneDrive.exe
CURRENT_IRQL: c
ANALYSIS_SESSION_HOST: WL-76N6RC2
ANALYSIS_SESSION_TIME: 11-25-2017 18:52:22.0669
ANALYSIS_VERSION: 10.0.17030.1002 amd64fre
LAST_CONTROL_TRANSFER: from fffff80181d0791a to fffff80181d07b81
STACK_TEXT:
fffff005`eee5eb10 fffff801`81d0791a : 55555555`55555555 fffff005`eee5ef10 00000000`00000000 00000000`00000000 : nt!KiFlushRangeWorker+0x71
fffff005`eee5eb50 fffff801`81d26487 : fffff005`eee5f310 fffff005`eee5ef10 fffff005`eee5ee60 00000000`00000001 : nt!MiFlushTbList+0x2aa
fffff005`eee5eca0 fffff801`81d0a331 : ffffb287`00000000 ffffb287`7be512c0 0a000000`14b7c867 fffff005`eee5f7f0 : nt!MiDeletePteList+0x47
fffff005`eee5ed60 fffff801`8216221b : ffffb287`7c586580 ffffb287`7be51630 00000000`04501903 ffffb287`69f75370 : nt!MiDecommitPages+0x12c1
fffff005`eee5f7b0 fffff801`821ed949 : 00000000`00000000 ffffb287`7c3aa6b0 ffffb287`7c484cb0 ffffb287`7c586580 : nt!MiDecommitRegion+0x6b
fffff005`eee5f820 fffff801`821ed78d : 00000000`00003000 00000000`00000001 00000000`00000000 00000000`024d0000 : nt!MiFreeToSubAllocatedRegion+0x15d
fffff005`eee5f880 fffff801`821064ac : ffffb287`7c586580 00000000`00000001 00000000`024d0000 ffffb287`7c586580 : nt!MmDeleteTeb+0x61
fffff005`eee5f8f0 fffff801`82142686 : fffff005`00000000 00000000`0482e600 00000000`024d0000 fffff801`81e4abd3 : nt!PspExitThread+0x42c
fffff005`eee5f9f0 fffff801`8213fe6a : 00000000`00000000 00000000`00000000 ffffb287`7c586580 00000000`0482ef40 : nt!PspTerminateThreadByPointer+0x96
fffff005`eee5fa30 fffff801`81e4abd3 : 00000000`00000000 ffffb287`7c586580 fffff005`eee5fb00 ffffb287`7c3ce700 : nt!NtTerminateThread+0x4a
fffff005`eee5fa80 00000000`65f71e5c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0482ef38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wow64cpu!CpupSyscallStub+0xc
THREAD_SHA1_HASH_MOD_FUNC: 314421c59b3d053d5e28ce9e05d77dd439853aac
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: e2a09be2008fbed5c1c23dd82167ea879661a71b
THREAD_SHA1_HASH_MOD: 1c11ccead189a0df87a3b1fdb174e50a7cf21b26
FOLLOWUP_IP:
nt!KiFlushRangeWorker+71
fffff801`81d07b81 invpcid esi,oword ptr [rsp]
FAULT_INSTR_CODE: 82380f66
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiFlushRangeWorker+71
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5a10d416
STACK_COMMAND: .cxr 0xfffff005eee5e110 ; kb
BUCKET_ID_FUNC_OFFSET: 71
FAILURE_BUCKET_ID: 0x3B_nt!KiFlushRangeWorker
BUCKET_ID: 0x3B_nt!KiFlushRangeWorker
PRIMARY_PROBLEM_CLASS: 0x3B_nt!KiFlushRangeWorker
TARGET_TIME: 2017-11-26T02:51:44.000Z
OSBUILD: 17046
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-11-18 16:45:10
BUILDDATESTAMP_STR: 171118-1403
BUILDLAB_STR: rs_prerelease
BUILDOSVER_STR: 10.0.17046.1000.amd64fre.rs_prerelease.171118-1403
ANALYSIS_SESSION_ELAPSED_TIME: 100d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_nt!kiflushrangeworker
FAILURE_ID_HASH: {3b5ccff4-377a-f01b-b3d0-fbcb3674f985}
Followup: MachineOwner
---------
I am surprised this did not come up earlier as we had a similar issue about a year ago. This is what we use for our control setup:
Windows 10 RS4 uses the invpcid instruction. This instruction is disabled by the hypervisor, and execution of it causes #UD, which triggers bugcheck.
This change is to allow the kernel to execute the instruction.