BSOD only if debugger network is enabled

use 2 virtual computer with windbg for debugging network my driver .

My device show BSOD (BreakPoint) only when the kernel windows send dbgprint into remote debugger.

DTARGET: Refreshing KD connection

*** Fatal System Error: 0x00000111
(0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Connected to Windows 10 10240 x64 target at (Thu Jul 20 20:15:44.078 2017 (UTC + 2:00)), ptr64 TRUE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols



Loading User Symbols




*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -

************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
ntdll PDB not found : cache*
The server name or address could not be resolved : SRV*https://msdl.microsoft.com/download/symbols

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 111, {0, 0, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys

*** ERROR: Symbol file could not be found. Defaulted to export symbols for KERNELBASE.dll -
Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!559F3C1A852000 )

Followup: MachineOwner

nt!DbgBreakPointWithStatus:
fffff801`52fd9300 cc int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Unknown bugcheck code (111)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING: 10240.16384.amd64fre.th1.150709-1700

ADDITIONAL_DEBUG_TEXT:
You can run ‘.symfix; .reload’ to try to fix the symbol path and load symbols.

WRONG_SYMBOLS_TIMESTAMP: 559f3c1a

WRONG_SYMBOLS_SIZE: 852000

FAULTING_MODULE: fffff80152e87000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 559f3c1a

DUMP_TYPE: 0

BUGCHECK_P1: 0

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

CPU_COUNT: 2

CPU_MHZ: fa0

CPU_VENDOR: AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 2

CPU_STEPPING: 0

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: DESKTOP-J0KVJ3N

ANALYSIS_SESSION_TIME: 07-20-2017 20:16:11.0751

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER: from fffff8015307b4a2 to fffff80152fd9300

STACK_TEXT:
fffff80154bb6578 fffff8015307b4a2 : 0000000000000111 0000000000000003 fffff80154bb66e0 fffff80152f0f888 : nt!DbgBreakPointWithStatus
fffff80154bb6580 fffff8015307add2 : 0000000000000003 fffff80154bb66e0 fffff80152fe0710 0000000000000111 : nt!KeEnterKernelDebugger+0x206
fffff80154bb65e0 fffff80152fd3d24 : fffff80154bb6e70 fffff80154bb6ef0 0000000000000000 ffffc00165d5b820 : nt!KeInitializeEnumerationContextFromAffinity+0x94e
fffff80154bb6cf0 fffff80152fde5a9 : 0000000000000111 0000000000000000 0000000000000000 0000000000000000 : nt!KeBugCheckEx+0x104
fffff80154bb6d30 fffff80152fdbd2a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!setjmpex+0x3b19
fffff80154bb6e70 fffff80152fdbd13 : fffff80152fdbd13 0000000000000010 0000000000000086 fffff80154bb6fd8 : nt!setjmpex+0x129a
fffff80154bb6fd8 00007ffb22df358a : 00007ffb1efa92ef 0000000000000001 0000000000000000 0000000000006210 : nt!setjmpex+0x1283
0000001e9722efe8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!ZwWaitForSingleObject+0xa

STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: b7c2045262425c94303b72b0b9b45df811794ac2

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b0bbead1c2afcdc704fe8f29d2e77cb58597008a

THREAD_SHA1_HASH_MOD: 0747bf0f7edc24259ab9deb16499aa10abc3c14f

FOLLOWUP_IP:
nt!KeEnterKernelDebugger+206
fffff8015307b4a2 e987000000 jmp nt!KeEnterKernelDebugger+0x292 (fffff8015307b52e)

FAULT_INSTR_CODE: 87e9

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt_wrong_symbols!559F3C1A852000

FOLLOWUP_NAME: MachineOwner

BUGCHECK_STR: 559F3C1A

EXCEPTION_CODE: (NTSTATUS) 0x559f3c1a -

EXCEPTION_CODE_STR: 559F3C1A

EXCEPTION_STR: WRONG_SYMBOLS

PROCESS_NAME: ntoskrnl.wrong.symbols.exe

IMAGE_NAME: ntoskrnl.wrong.symbols.exe

MODULE_NAME: nt_wrong_symbols

BUCKET_ID: WRONG_SYMBOLS_X64_10240.16384.amd64fre.th1.150709-1700_TIMESTAMP_150710-032930

DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_10240.16384.amd64fre.th1.150709-1700_TIMESTAMP_150710-032930

PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS

FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_10240.16384.amd64fre.th1.150709-1700_TIMESTAMP_150710-032930_559F3C1A_nt_wrong_symbols!559F3C1A852000

TARGET_TIME: 2017-07-20T18:15:09.000Z

OSBUILD: 10240

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2015-07-10 05:29:30

BUILDDATESTAMP_STR: 150709-1700

BUILDLAB_STR: th1

BUILDOSVER_STR: 10.0.10240.16384.amd64fre.th1.150709-1700

ANALYSIS_SESSION_ELAPSED_TIME: 8c

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_10240.16384.amd64fre.th1.150709-1700_timestamp_150710-032930_559f3c1a_nt_wrong_symbols!559f3c1a852000

FAILURE_ID_HASH: {eb71b7c5-5d3e-8b28-668b-123d807c7ae7}

Followup: MachineOwner
---------

0: kd>

I don’t understand.

xxxxx@gmail.com xxxxx@lists.osr.com wrote:

use 2 virtual computer with windbg for debugging network my driver .

My device show BSOD (BreakPoint) only when the kernel windows send dbgprint into remote debugger.

*** Fatal System Error: 0x00000111
(0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Connected to Windows 10 10240 x64 target at (Thu Jul 20 20:15:44.078 2017 (UTC + 2:00)), ptr64 TRUE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

And did you try fixing the symbols, as it suggests later? Not that it’s
going to help here.

Bug check 0x111 is RECURSIVE_NMI. If accurate, that suggests you got an
NMI interrupt while the system was handling an NMI interrupt. When
you’re on a physical computer, that usually means some fatal processor
problem, or a bus protocol violation, or some other rather dire and
unrecoverable condition.

Is the machine you are debugging also in a VM? Which VM host are you
using? It’s possible the VM host simulates NMI for other purposes.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.