DRIVER_IRQL_NOT_LESS_OR_EQUAL on Win7 x64

[rohaaan]

After cross compiling windows driver on linux and loading it in windows, when user mode app is run Driver crashes with BUG_CHECK 0xD1 : DRIVER_IRQL_NOT_LESS_OR_EQUAL

[asamy]

Thanks but it'd be appreciated if you followed the Issue template and at least uploaded the files required along with any patches applied (i.e. source code or Makefile edits.).

[rohaaan]

it'd be appreciated if you followed the Issue template
Yes, I will.

at least uploaded the files required along with any patches applied (i.e. source code or Makefile edits.).
No patchwork.
Procedure to reproduce the crash:

1. Cross compile ksm.sys on Ubuntu Linux 14.04 64bit for windows.
2. Copy ksm.sys to windows 7 pro 64 bit and register the service as ksm.
3. Restart and turn off driver signing enforcement during windows boot since driver signing failed.
4. Load the driver.
5. Run the a.exe produced.

[rohaaan]

Tried once again... Result is same, crash. This time one change in Makefile.windows,
Line 41: WINVER ?= 0x0601

[asamy]

The issue template clearly says if it's a crash you need to upload .dmp files, and the produced executable file, .sys file, etc.

[rohaaan]

Hi,

Please check attachment

hypervisor.zip

[asamy]

Can you try without -DENABLE_PRINT? I kind of suspect the print interface had some nasty changes so that might be it. Also, if you wouldn't mind (and have the resources to do so), try out the build generated by appveyor builds (Windows 10 only!), and see if it crashes too.

[rohaaan]

I have no windows 10 installation. I will get one and try asap... :)

[rohaaan]

try without -DENABLE_PRINT
Tried... no success. Also above variable is for linux build.
next I modified Makefile.windows and disabled -DENABLE_DBGPRINT
still crashing

[asamy]

I wonder if it's an optimization related issue, since I was always compiling without optimizations when testing the cross build and they all worked fine (except on cross win10 builds), so I'd also try disabling that too. Last time I tested it was working fine with both native win32 (NOT MinGW, but CL), and Linux builds, so I suspect it's some option that's passed to GCC messes it up or just something to do with initialization code that the NT kernel does not like, in either case, from the generated disassembly, I see nothing obvious that hints on it.

I'll look into the DMP file soon, though. I took a quick peek at it and the checksum did not match[?] . Not sure.

[rohaaan]

I have discovered, that crash happens in DriverDispatch's switch case case KSM_IOCTL_SUBVERT:

[asamy]

The real question is, which path it ends up in. What I'd appreciate is, if you use GDB to debug the kernel (If you're using QEMU/VMWare, it's quite easy), then it'd be really easy to find it.

The DriverDispatch() path (with that ioctl) is basically, ksm_subvert() -> vcpu_init() -> vmlaunch -> do_resume.

[rohaaan]

ksm_subvert -> __ksm_init_cpu
__ksm_init_cpu is run as dpc.
now the crash occurs because the code from within __ksm_init_cpu calls inline functions that could be paged out.

I am reviewing the code. Please make a review from your end too.

[rohaaan]

NOTE:
DO NOT USE DRIVER VERIFIER TO CHECK PAGEABLE CODE.
MANY OTHER ERRORS WILL POP.

For now stick to code review.

[rohaaan]

There is army of inline functions in code with static scope declaration, that too in header files.
Functions from this pool are referenced in __ksm_init_cpu, which is run as dpc.
Functions running as DPC should not be pagable and should not refer any potential pagable inline functions and pagable data.
Therefore, the crash could vary by location at every run.
I believe we lets make the relevant changes, test it and then close this issue.

[asamy]

On Fri, Mar 10, 2017 at 3:13 PM rohaaan ***@***.***> wrote: There is army of inline functions in code with static scope declaration, that too in header files. Functions from this pool are referenced in __ksm_init_cpu, which is run as dpc. Functions running as DPC should not be pagable and should not refer any potential pagable inline functions and pagable data. Therefore, the crash could vary by location at every run. I believe we lets make the relevant changes, test it and then close this issue. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#19 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABvH5fXHYNkkKLJ_ZW5CpOXB80uAg6M9ks5rkUyEgaJpZM4MXsOv> .

There are no pageable functions in that path... Plus the IRQL reported in the dmp is passive level iirc. -- asamy

[asamy]

Actually, I was wrong about one thing: The Microsoft Linker by default marks sections as non-pageable (i.e. with P section attribute), initially I thought the P implies pageable 1. However, I am not sure how to force the linker to set that attribute, perhaps we need an LD script, what do you think? It doesn't seem to exist from reading the LD script manual 2.

[rohaaan]

"There are no pageable functions in that path"
To confirm it, I used Driver Verifier.
When I turned on KSM.sys, I was greeted with BugCheck C2.
I wanted to avoid Driver Verifier but before moving ahead with ld script, lets use the driver verifier.

[asamy]

What do you mean use driver verifier...?

Anyway, try with latest, you'll need Python 2.7 and install pefile with:

pip install pefile

Then recompile.

[rohaaan]

Driver verifier allows to reveal runtime defects in our driver in windows kernel. Very useful.

OK. I will install pefile and check.

[asamy]

I understand what Driver Verifier is, it sounded like you wanted to use Driver Verifier for something else.

[asamy]

Updates on this? Finalizing stuff.

[rohaaan]

not yet... tommorrow

[rohaaan]

Installing pefile and recompiling made no difference

[rohaaan]

ksm.sys service does not start

[rohaaan]

I am puzzled now...even after making the code section non-pageable, its crashing.

[rohaaan]

Any updates on this?

[asamy]

I will debug it myself later today.

[rohaaan]

Compiled ksm.sys with vs2015 for win7 x64. using vmware player for hosting win7 x64.
following is what I get -

ksm: CPU 2: DriverEntry: We're mapped at FFFFF880046D9000 (size: 118784 bytes (116 KB), on 29 pages)
ksm: CPU 2: ksm_init: EPT/VPID caps: 0x00000F0106114141
ksm: CPU 2: ksm_init: 3 physical memory ranges
ksm: CPU 2: ksm_init: Range: 0x0000000000001000 -> 0x000000000009F000
ksm: CPU 2: ksm_init: Range: 0x0000000000100000 -> 0x000000007FEE0000
ksm: CPU 2: ksm_init: Range: 0x000000007FF00000 -> 0x0000000080000000
ksm: CPU 2: DriverEntry: ready
ksm: CPU 2: DriverEntry: ret: 0x00000000
ksm: CPU 0: DriverDispatch: open from a.exe
ksm: CPU 0: DriverDispatch: a.exe: IOCTL: 0x8008E008 of length: 0
ksm: CPU 3: __ksm_init_cpu: System: Started: 1
ksm: CPU 0: __ksm_init_cpu: a.exe: Started: 1
ksm: CPU 2: __ksm_init_cpu: System: Started: 1
ksm: CPU 1: __ksm_init_cpu: System: Started: 1
ksm: CPU 0: DriverDispatch: a.exe: IOCTL: 0x8008E000 of length: 4
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000549BB1FA GVA FFFFF900C06261FA AC 2)
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046C60800 GVA 000007FFFFFDD800 AC 3)
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000553B8D08 GVA FFFFF900C0623D08 AC 3)
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005BA68710 GVA 00000000001CF710 AC 2)
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000044F391
 GVA 00000000776D2100 AC 3)
ksm: CPU 3: ksm_sandbox_handle_ept: allocating cow page for GPA 000000003538FD16 GVA FFFFF900C0630D16 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000549BB1FA GVA FFFFF900C06261FA AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046C60800 GVA 000007FFFFFDD800 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000553B8D08 GVA FFFFF900C0623D08 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow
age for GPA 000000003538FD1A GVA FFFFF900C0630D1A AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045354580 GVA 00000000046CF580 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000002EE1BAE8 GVA 00000000000F6AE8 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045BD73E0 GVA 00000000776D33E0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000441BEACF GVA 000000000042BACF AC 2)
ksm: CPU 0: ksm_sandbo
handle_ept: allocating cow page for GPA 0000000042FB0590 GVA 0000000000389590 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000002F41FEA0 GVA 00000000003F2EA0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000043A2DB3C GVA 00000000000F7B3C AC 2)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000549BB1FA GVA FFFFF900C06261FA AC 2)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000711347A0 GVA FFFFF900C05817A0 
 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F8EBB98 GVA FFFFF900C0600B98 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000061525518 GVA FFFFF900C0606518 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000546AE5F8 GVA FFFFF900C061F5F8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000625319B8 GVA FFFFF900C06079B8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000060
1FA8 GVA FFFFF900C0604FA8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005865BAA8 GVA FFFFF900C0615AA8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000040A07FB8 GVA FFFFF900C0617FB8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006433AEC8 GVA FFFFF900C0603EC8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004659E068 GVA FFFFF900C0613068 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating
ow page for GPA 0000000048B06428 GVA FFFFF900C0610428 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000624E0C28 GVA FFFFF900C060DC28 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000061E54388 GVA FFFFF900C060C388 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000065F348F8 GVA FFFFF900C06098F8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000065832EE8 GVA FFFFF900C0608EE8 AC 3)
ksm: CPU 2: ksm_sa
box_handle_ept: allocating cow page for GPA 0000000045DDCBC8 GVA FFFFF900C063EBC8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 000000003538FD58 GVA FFFFF900C0630D58 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000546BCFE8 GVA FFFFF900C0627FE8 AC 3)
ksm: CPU 2: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046C0EA28 GVA FFFFF900C0612A28 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000040686CEA GVA FFFFF900C0616CEA AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C551974 GVA 0000000000CFF974 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C4CD3FC GVA 00000000002723FC AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C24BEE0 GVA 0000000000271EE0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C5CC5
 GVA 0000000000270530 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005F650CA0 GVA 0000000002284CA0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000061ABD250 GVA 0000000002256250 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C9C7498 GVA 000000000026E498 AC 3)


 *** An Access Violation occurred in C:\Windows\system32\services.exe:

The instruction at 000007FEFDA9CD6D tried to read from an invalid address, FFFFFFFFFFFFFFFF

 *** enter .exr 0000000000E1F480 for the exception record
 ***  enter .cxr 0000000000E1EF90 for the context
 *** then kb to get the faulting stack

Break instruction exception - code 80000003 (first chance)
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
ntdll+0xc6271:
0033:00000000`77806271 cc              int     3

here I continue then-

Break instruction exception - code 80000003 (first chance)
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
ntdll+0xc6271:
0033:00000000`77806271 cc              int     3
1: kd> g
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000043F28950 GVA 0000000000E9F950 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004846E1A0 GVA 00000000FF1F01A0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004653A700 GVA 0000000000A1D700 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000444A5068 GVA 000007FFFFFD4068 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000317908
 GVA 00000000003868B0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000047FF8210 GVA 0000000000380210 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000481F1848 GVA 00000000003CC848 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000048DF0F30 GVA 00000000003CBF30 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000047ADE060 GVA 00000000003C8060 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow
age for GPA 00000000480EBAEF GVA 00000000003C9AEF AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000477C60D0 GVA 000000000038F0D0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004462AF0C GVA 0000000000E9EF0C AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046941D30 GVA 0000000000271D30 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000054727930 GVA 000000000022E930 AC 3)
ksm: CPU 0: ksm_sandbo
handle_ept: allocating cow page for GPA 000000004856056F GVA 000000000025D56F AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005643F708 GVA 000007FEFF589708 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000566BD310 GVA 000007FEFF588310 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000706E401C GVA 000000007787301C AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F5C0FB0 GVA 00000000000BEFB0 
 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F256CFF GVA 00000000000CBCFF AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000070069E10 GVA 0000000077878E10 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006AB99930 GVA 000000000009E930 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F33A4CF GVA 00000000000B94CF AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F
B1C0 GVA 00000000000D51C0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000069E1589F GVA 000000000130589F AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000069E16520 GVA 0000000001306520 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006FDFC0E0 GVA 000000007762A0E0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006FAD6210 GVA 00000000002F0210 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating
ow page for GPA 000000006F837BA8 GVA 00000000002F7BA8 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000069C9FE00 GVA 00000000002F9E00 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006FBD9BA8 GVA 00000000002F4BA8 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006A094BBF GVA 0000000000115BBF AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006E7A8000 GVA 0000000000116000 AC 2)
ksm: CPU 0: ksm_sa
box_handle_ept: allocating cow page for GPA 000000007034D330 GVA 000007FFFFFDE330 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006FFD5EA0 GVA 000007FEFDFE1EA0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000700DDD80 GVA 0000000000337D80 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F836110 GVA 00000000002F6110 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004EAC5CC0 GVA FFFFF8800B705CC0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005A84C000 GVA FFFFF8800B706000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006DAE2E10 GVA 0000000000CFFE10 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006D4B3FB8 GVA 0000000000160FB8 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006D2320
 GVA 0000000000161088 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045B61770 GVA 00000000001F6770 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000658AE2EC GVA FFFFF900C1C022EC AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004118F808 GVA 000007FFFFFDD808 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000003370DA04 GVA 00000000013BFA04 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow
age for GPA 000000003328A4EC GVA 00000000003184EC AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004A26AFD0 GVA 0000000000317FD0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000049D4AFF0 GVA 00000000002F5FF0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046327360 GVA 00000000002B1360 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004A047888 GVA 00000000002F2888 AC 3)
ksm: CPU 0: ksm_sandbo
handle_ept: allocating cow page for GPA 0000000068836790 GVA 0000000001C2E790 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005A6CCFCF GVA 0000000001EAFFCF AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006DD52F70 GVA 0000000000117F70 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005A8551D0 GVA 0000000001E961D0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000059A3E01F GVA 0000000001EB001F 
 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000068AF9080 GVA 0000000000207080 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005D896310 GVA 00000000015F1310 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000054E43604 GVA 00000000029A2604 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055C48000 GVA 00000000029A5000 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055
7960 GVA 00000000029A4960 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000052DC05C8 GVA 0000000001C2B5C8 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000068DF5000 GVA 0000000001C2C000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000068340000 GVA 0000000001C2D000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055846000 GVA 00000000029A3000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating
ow page for GPA 000000005615F090 GVA 0000000002BB0090 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000563E0000 GVA 0000000002BB1000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000056061000 GVA 0000000002BB2000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055C62010 GVA 0000000002BB3010 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000557E3070 GVA 0000000002BB4070 AC 2)
ksm: CPU 0: ksm_sa
box_handle_ept: allocating cow page for GPA 0000000055E64000 GVA 0000000002BB5000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055B65000 GVA 0000000002BB6000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000055966000 GVA 0000000002BB7000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000559E7000 GVA 0000000002BB8000 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004EDDDAD0 GVA 000000000428FAD0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005F4DA48C GVA FFFFF900C1C0348C AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004AF161B0 GVA 000000000238A1B0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005D7FA974 GVA 0000000003436974 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006711F0
 GVA 000007FEFF9F40F0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C6A5630 GVA 0000000000158630 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006C2A1BC8 GVA 0000000000156BC8 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006769C418 GVA 000007FEFF9F6418 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006741DEE4 GVA 000007FEFF9F5EE4 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow
age for GPA 000000007C1DEFF0 GVA 000000000428EFF0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006DBDB498 GVA 0000000077878498 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006D3FBDF8 GVA 000000000014EDF8 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006D2B25A0 GVA 000007FEFDFE15A0 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004F3955AF GVA 00000000002C95AF AC 2)
ksm: CPU 0: ksm_sandbo
handle_ept: allocating cow page for GPA 000000006DABE1E0 GVA 00000000002821E0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000064B08F50 GVA 0000000000468F50 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005B0AFD28 GVA 000000000342DD28 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000054323D5F GVA 00000000034AAD5F AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006D57E4F0 GVA 00000000001194F0 
 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000560AEB10 GVA 0000000003493B10 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006721E360 GVA 000007FEFF9F3360 AC 3)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006A2DA758 GVA 000007FFFFF71758 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006CBD4610 GVA 00000000001A6610 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000052
6C78 GVA 00000000033EDC78 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000002FA11A38 GVA 000007FEF1DCAA38 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000033519114 GVA 000007FEF2A5B114 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000033895554 GVA 000007FEFA9E2554 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000033A941E4 GVA 000007FEFA7811E4 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating
ow page for GPA 00000000551EF090 GVA 000007FEF27BF090 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005E7ED050 GVA 000007FEF6291050 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000052D09088 GVA 000007FEF7DAF088 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000063DE30D4 GVA 000007FEF7F4B0D4 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000064466010 GVA 000007FEFCA0E010 AC 2)
ksm: CPU 0: ksm_sa
box_handle_ept: allocating cow page for GPA 0000000063FC7188 GVA 000007FEF8689188 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006283C008 GVA 000007FEF8974008 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000631B6388 GVA 000007FEFA37A388 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000062DB50D0 GVA 000007FEFA1F20D0 AC 2)
ksm: CPU 0: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006CCDACB0 GVA 000000000148FCB0 AC 2)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000549BB1FA GVA FFFFF900C06261FA AC 2)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046C60800 GVA 000007FFFFFDD800 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000553B8D08 GVA FFFFF900C0623D08 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005BA687
 GVA 00000000001CF710 AC 2)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000044F39100 GVA 00000000776D2100 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000003538FD16 GVA FFFFF900C0630D16 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000003558C388 GVA FFFFF900C062E388 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006F8EBB98 GVA FFFFF900C0600B98 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow
age for GPA 0000000061525518 GVA FFFFF900C0606518 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000546AE5F8 GVA FFFFF900C061F5F8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000625319B8 GVA FFFFF900C06079B8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000608A1FA8 GVA FFFFF900C0604FA8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000005865BAA8 GVA FFFFF900C0615AA8 AC 3)
ksm: CPU 1: ksm_sandbo
handle_ept: allocating cow page for GPA 0000000040A07FB8 GVA FFFFF900C0617FB8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000006433AEC8 GVA FFFFF900C0603EC8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 000000004659E068 GVA FFFFF900C0613068 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000048B06428 GVA FFFFF900C0610428 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000624E0C28 GVA FFFFF900C060DC28 
 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000061E54388 GVA FFFFF900C060C388 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000065F348F8 GVA FFFFF900C06098F8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000065832EE8 GVA FFFFF900C0608EE8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045DDCBC8 GVA FFFFF900C063EBC8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000054
CFE8 GVA FFFFF900C0627FE8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000046C0EA28 GVA FFFFF900C0612A28 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000054E3DE28 GVA FFFFF900C0628E28 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045C599F8 GVA FFFFF900C063B9F8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045BD8CD8 GVA FFFFF900C063ACD8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating
ow page for GPA 0000000046EA36E8 GVA FFFFF900C06366E8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000045EA1D58 GVA FFFFF900C0635D58 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 00000000569EAFD8 GVA FFFFF900C062DFD8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000040686A58 GVA FFFFF900C0616A58 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000056628F68 GVA FFFFF900C0614F68 AC 3)
ksm: CPU 1: ksm_sa
box_handle_ept: allocating cow page for GPA 0000000048B8B738 GVA FFFFF900C0611738 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000062964B78 GVA FFFFF900C060EB78 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000060F54CC8 GVA FFFFF900C060FCC8 AC 3)
ksm: CPU 1: ksm_sandbox_handle_ept: allocating cow page for GPA 0000000062753F18 GVA FFFFF900C060BF18 AC 3)

*** Fatal System Error: 0x00000019
                       (0x0000000000000022,0xFFFFFA801F4C1000,0x0000000000000000,0x0000000000000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7600 x64 target at (Tue Mar 14 17:02:15.472 2017 (UTC + 5:30)), ptr64 TRUE
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols

Loading unloaded module list
....
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[rohaaan]

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll - 
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )

Followup: MachineOwner
---------

nt!DbgBreakPointWithStatus:
fffff800`02ac9f60 cc              int     3
1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000406f8
Arg4: fffff80002b0c0c1

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  2

MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x0 (1)
Child-SP         RetAddr          Call Site

EXCEPTION_RECORD:  fffff8800563c5a8 -- (.exr 0xfffff8800563c5a8)
ExceptionAddress: fffff80002aff17f (nt!RtlDispatchException+0x000000000000033f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000030d0
Attempt to read from address 00000000000030d0

TRAP_FRAME:  fffff8800563b560 -- (.trap 0xfffff8800563b560)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000050 rbx=0000000000000000 rcx=fffff80002aff163
rdx=00000000000030d0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002aff17f rsp=fffff8800563b6f0 rbp=0000000000000293
 r8=0000000000000006  r9=0000000000000846 r10=fffff8800563eb70
r11=fffff8800563b738 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac pe nc
nt!RtlDispatchException+0x33f:
fffff800`02aff17f 488b02          mov     rax,qword ptr [rdx] ds:00000000`000030d0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002bc76d2 to fffff80002ac9f60

STACK_TEXT:  
fffff880`009f6578 fffff800`02bc76d2 : 00000000`00000008 fffffa80`3333cb60 00000000`00000065 fffff800`02b10314 : nt!DbgBreakPointWithStatus
fffff880`009f6580 fffff800`02bc84be : 00000000`00000003 00000000`00000000 fffff800`02b0cee0 00000000`0000007f : nt!KiBugCheckDebugBreak+0x12
fffff880`009f65e0 fffff800`02ad2004 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheck2+0x71e
fffff880`009f6cb0 fffff800`02ad1469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000406f8 : nt!KeBugCheckEx+0x104
fffff880`009f6cf0 fffff800`02acf932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009f6e30 fffff800`02b0c0c1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`05637f10 fffff800`02ad1542 : fffff880`056381e8 00000000`00000001 fffff880`05638290 fffff800`02a60000 : nt!KiDispatchException+0x41
fffff880`056380b0 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 dadadada`dadada00 dadadada`dadadada : nt!KiExceptionDispatch+0xc2
fffff880`05638290 fffff800`02aff17f : fffff800`02ad1153 fffff880`05638468 fffff880`056392d8 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`05638420 fffff800`02b0c1b5 : fffff880`056392d8 fffff880`05638b30 fffff880`00000000 fffff800`00000004 : nt!RtlDispatchException+0x33f
fffff880`05638b00 fffff800`02ad1542 : fffff880`056392d8 00000000`00000001 fffff880`05639380 fffff800`02a60000 : nt!KiDispatchException+0x135
fffff880`056391a0 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 dadadada`dadada00 dadadada`dadadada : nt!KiExceptionDispatch+0xc2
fffff880`05639380 fffff800`02aff17f : fffff800`02ad1153 fffff880`05639558 fffff880`0563a3c8 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`05639510 fffff800`02b0c1b5 : fffff880`0563a3c8 fffff880`05639c20 fffff880`00000000 fffff800`00000004 : nt!RtlDispatchException+0x33f
fffff880`05639bf0 fffff800`02ad1542 : fffff880`0563a3c8 00000000`00000001 fffff880`0563a470 fffff800`02a60000 : nt!KiDispatchException+0x135
fffff880`0563a290 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 dadadada`dadada00 dadadada`dadadada : nt!KiExceptionDispatch+0xc2
fffff880`0563a470 fffff800`02aff17f : fffff800`02ad1153 fffff880`0563a648 fffff880`0563b4b8 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`0563a600 fffff800`02b0c1b5 : fffff880`0563b4b8 fffff880`0563ad10 fffff880`00000000 fffff800`00000004 : nt!RtlDispatchException+0x33f
fffff880`0563ace0 fffff800`02ad1542 : fffff880`0563b4b8 00000000`00000001 fffff880`0563b560 fffff800`02a60000 : nt!KiDispatchException+0x135
fffff880`0563b380 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0563b560 fffff800`02aff17f : fffff800`02ad1153 fffff880`0563b738 fffff880`0563c5a8 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`0563b6f0 fffff800`02b0c1b5 : fffff880`0563c5a8 fffff880`0563be00 fffff880`00000000 fffff800`00000004 : nt!RtlDispatchException+0x33f
fffff880`0563bdd0 fffff800`02ad1542 : fffff880`0563c5a8 00000000`00000001 fffff880`0563c650 fffff800`02a60000 : nt!KiDispatchException+0x135
fffff880`0563c470 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0563c650 fffff800`02aff17f : fffff800`02ad1153 fffff880`0563c828 fffff880`0563d698 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`0563c7e0 fffff800`02b0c1b5 : fffff880`0563d698 fffff880`0563cef0 fffff880`00000000 fffff800`00000004 : nt!RtlDispatchException+0x33f
fffff880`0563cec0 fffff800`02ad1542 : fffff880`0563d698 00000000`00000001 fffff880`0563d740 fffff800`02a60000 : nt!KiDispatchException+0x135
fffff880`0563d560 fffff800`02ad00ba : 00000000`00000000 00000000`00000001 fffff880`0563d800 fffff8a0`0174ff14 : nt!KiExceptionDispatch+0xc2
fffff880`0563d740 fffff800`02aff17f : fffff800`02ad1153 fffff880`0563d918 fffff880`0563e788 fffff800`02a60000 : nt!KiPageFault+0x23a
fffff880`0563d8d0 fffff800`02b0c1b5 : fffff880`0563e788 fffff880`0563dfe0 fffff880`00000000 00000000`00000001 : nt!RtlDispatchException+0x33f
fffff880`0563dfb0 fffff800`02ad1542 : fffff880`0563e788 ffffffff`ffffffff fffff880`0563e830 00000000`00000000 : nt!KiDispatchException+0x135
fffff880`0563e650 fffff800`02ad00ba : 00000000`00000000 ffffffff`ffffffff fffffa80`32d9e800 fffffa80`320ac260 : nt!KiExceptionDispatch+0xc2
fffff880`0563e830 fffff800`02dd12b4 : fffff880`0563ec60 fffff880`00000018 fffffa80`00000010 fffff8a0`00000000 : nt!KiPageFault+0x23a
fffff880`0563e9c0 fffff800`02ad1153 : 00000000`0000044c 00000000`0470e5b8 00000000`00000000 00000000`0470e5f8 : nt!NtAllocateVirtualMemory+0x564
fffff880`0563eb70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13


STACK_COMMAND:  kb

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

FOLLOWUP_NAME:  MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FOLLOWUP_IP: 
nt!KiDoubleFaultAbort+b2
fffff800`02acf932 90              nop

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2

FAILURE_BUCKET_ID:  X64_TRAP_FRAME_RECURSION

BUCKET_ID:  X64_TRAP_FRAME_RECURSION

Followup: MachineOwner

[rohaaan]

any update? Kernel stack overflow, is it? while allocating COW pages....

[asamy]

No, it's probably something to do with the process you're sandboxing dying (i.e. crashing or similar), it may be some error in CoW page allocation that's causing it to die, not sure.

Probably due some paging stuff, i.e. a range is being paged or similar. Possibly also a cache congestion.