Bug 947290

Description of problem:
I boot a win8 (either 32bit or 64bit) guest on a *rhel7* host and install netkvm driver, and then shutdown guest. As a result, guest failed to shutdown and got BSOD. This issue can not be reproduced on rhel6 host. As the bsod report "netkvm.sys" error, so file it against virtio-win.

Version-Release number of selected component (if applicable):
Guest: win8 
virtio-win driver: virtio-win-prewhql-0.1-55 (actually can be reproduced with rhel6.4 signed driver as well)

Host:
kernel-3.9.0-0.rc4.45.el7.x86_64
qemu-kvm-1.4.0-1.el7.x86_64

How reproducible:
Always 

Steps to Reproduce:
1. Boot a win8 guest on rhel7 host.
 /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge,+sep -enable-kvm -m 4096 -smp 2,sockets=2,cores=1,threads=1 -name win8-64 -uuid 9a0e67ec-f286-d8e7-0548-0c1c9ec93009 -nodefconfig -nodefaults -monitor stdio -rtc base=utc,clock=host,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -usb -device usb-tablet,id=input1 -device usb-mouse,id=mouse  -device ahci,id=ahci0 -drive file=/home/win8-64-virtio.qcow2,if=none,id=drive-sata0-0-0,format=qcow2,cache=none -device ide-hd,bus=ahci0.0,drive=drive-sata0-0-0,id=sata0-0-0 -drive file=en_windows_8_enterprise_x64_dvd_917522.iso,if=none,media=cdrom,id=drive-sata0-0-1,readonly=on,format=raw -device ide-drive,bus=ahci0.1,unit=0,drive=drive-sata0-0-1,id=sata0-0-1,bootindex=1 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:d5:51:8a,bus=pcie.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc :10 -vga std -device intel-hda,id=sound0,bus=pcie.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x5 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pcie.0,addr=0x6 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0

2. Install virtio network card driver.

3. Shutdown guest
  
Actual results:
Guest gets BSOD.

Expected results:
Guest should shutdown successfully.

Additional info:

(1) If boot the same guest on rhel6 host, shutdown succeed.

(2) Memory.dump file analysis file:

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81fcb4d6, The address that the exception occurred at
Arg3: 9c69fa98, Exception Record Address
Arg4: 9c69f660, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
netkvm+34d6
81fcb4d6 8b4804          mov     ecx,dword ptr [eax+4]

EXCEPTION_RECORD:  9c69fa98 -- (.exr 0xffffffff9c69fa98)
ExceptionAddress: 81fcb4d6 (netkvm+0x000034d6)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

CONTEXT:  9c69f660 -- (.cxr 0xffffffff9c69f660)
eax=00000000 ebx=81094946 ecx=857e0200 edx=00000000 esi=857e02b8 edi=857e0008
eip=81fcb4d6 esp=9c69fb60 ebp=9c69fb70 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
netkvm+0x34d6:
81fcb4d6 8b4804          mov     ecx,dword ptr [eax+4] ds:0023:00000004=????????
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000004

READ_ADDRESS:  00000004 

FOLLOWUP_IP: 
netkvm+34d6
81fcb4d6 8b4804          mov     ecx,dword ptr [eax+4]

BUGCHECK_STR:  AV

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 81fd4de4 to 81fcb4d6

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
9c69fb70 81fd4de4 857e0008 8aa7003b 858088d0 netkvm+0x34d6
9c69fb88 8aa7004a 861f7458 8635cd00 9c69fbdc netkvm+0xcde4
9c69fb98 81099737 85807030 8635cd00 811ef480 ndis!ndisDispatchIoWorkItem+0xf
9c69fbdc 81099854 858088d0 863aaa40 00000000 nt!IopProcessWorkItem+0xa1
9c69fc34 810dc415 00000000 c986c908 00000000 nt!ExpWorkerThread+0x111
9c69fc70 81188039 81099747 00000000 00000000 nt!PspSystemThreadStartup+0x4a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  netkvm+34d6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netkvm

IMAGE_NAME:  netkvm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  51406527

STACK_COMMAND:  .cxr 0xffffffff9c69f660 ; kb

FAILURE_BUCKET_ID:  AV_netkvm+34d6

BUCKET_ID:  AV_netkvm+34d6

Followup: MachineOwner
---------