Bug 972310

Summary: [whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding job over win7-64
Product: Red Hat Enterprise Linux 6 Reporter: Mike Cao <bcao>
Component: virtio-winAssignee: Yvugenfi <yvugenfi>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.5CC: acathrow, bcao, bsarathy, dfleytma, kzhang, michen, qzhang
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: In case of failed initialisation some internal data structures might nor be initialised. Consequence: Access to uninitialised data structures during driver unload will case blue screen of death. Fix: Handle correctly partial driver initialisation. Result: No BSOD in case of failed driver initialisation.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-22 00:13:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mike Cao 2013-06-08 10:06:18 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
virtio-win-prwehql-64
2.6.32-369.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.375.el6.x86_64
spice-server-0.12.0-12.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
sgabios-0-0.3.20110621svn.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Start VM with virtio-net-pci
CLI:/usr/libexec/qemu-kvm -M rhel6.4.0 -m 6G -smp 4 -cpu cpu64-rhel6,+x2apic,+sep -usbdevice tablet -drive file=win7-64-nic2.raw,format=raw,if=none,id=drive-virtio0,boot=on,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-virtio0,id=virtio-blk-pci0,bootindex=1 -netdev tap,sndbuf=0,id=hostnet0,script=/etc/qemu-ifup,downscript=no -device e1000,netdev=hostnet0,mac=00:01:52:12:41:45,bus=pci.0,addr=0x4 -boot c -uuid bac41b63-86ba-4c2b-a809-fc64720e205e -rtc base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/win7-64-nic2.raw,server,nowait -mon chardev=111a,mode=readline -name win7-64-nic2.raw -netdev tap,sndbuf=0,id=hostnet1,script=/etc/qemu-ifup-private,downscript=no -device virtio-net-pci,netdev=hostnet1,id=net1,mac=00:10:12:22:41:45,bus=pci.0,addr=0x7 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -vnc :2 -vga cirrus
2.run job  NIDSTest 6.0-1C-FaultHanding (job id 1086)

Actual results:
Guest BSOD occurs ,after reboot ,the netkvm device in the guest is disabled ,and will BSOD again when I try to enable it 

Expected results:
no BSOD

Additional info:
This bug May dup of Fail(8) -968148 - [whql][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win2k8-32
But we did not hit this issue on win7-62 on build 61 ,Report it in case of missing bugs
Comment 1 Mike Cao 2013-06-08 10:10:57 UTC 
Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, fffff8800152dd40, fffff88003138d48, fffff880031385a0}

*** ERROR: Module load completed but symbols could not be loaded for netkvm.sys
Probably caused by : netkvm.sys ( netkvm+d3c1 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8800152dd40, The address that the exception occurred at
Arg3: fffff88003138d48, Exception Record Address
Arg4: fffff880031385a0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ndis!NdisMSynchronizeWithInterruptEx+0
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1

EXCEPTION_RECORD:  fffff88003138d48 -- (.exr 0xfffff88003138d48)
ExceptionAddress: fffff8800152dd40 (ndis!NdisMSynchronizeWithInterruptEx)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000f1
Attempt to read from address 00000000000000f1

CONTEXT:  fffff880031385a0 -- (.cxr 0xfffff880031385a0)
rax=00000000c000009a rbx=fffffa80071ad000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000011 rdi=fffffa80071ad060
rip=fffff8800152dd40 rsp=fffff88003138f88 rbp=fffff88003139100
 r8=fffff88004275a60  r9=fffff88003138fb0 r10=0000000000000000
r11=fffff88003138ba0 r12=fffff88004284340 r13=0000000000000000
r14=fffffa80071301a0 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
ndis!NdisMSynchronizeWithInterruptEx:
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1 ds:002b:00000000`000000f1=??
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000000f1

READ_ADDRESS:  00000000000000f1 

FOLLOWUP_IP: 
netkvm+d3c1
fffff880`0427e3c1 4883c438        add     rsp,38h

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LOCK_ADDRESS:  fffff80002885b80 -- (!locks fffff80002885b80)

Resource @ nt!PiEngineLock (0xfffff80002885b80)    Exclusively owned
    Contention Count = 221
     Threads: fffffa8004ef7040-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0xfffff80002885b80
	Thread Count  : 1
	Thread address: 0xfffffa8004ef7040
	Thread wait   : 0x18789

LAST_CONTROL_TRANSFER:  from fffff800029f2514 to fffff80002681c00

STACK_TEXT:  
fffff880`03138f88 fffff880`0427e3c1 : fffffa80`071301a0 00000000`00000000 fffff880`03139100 fffff880`04274e16 : ndis!NdisMSynchronizeWithInterruptEx
fffff880`03138f90 fffff880`04273e96 : 00000000`00000000 00000000`000007ff 00000000`00000010 fffff880`03139100 : netkvm+0xd3c1
fffff880`03138fd0 fffff880`0427affc : fffffa80`071ad000 fffff880`03139100 00000000`00000011 fffffa80`071ad9e8 : netkvm+0x2e96
fffff880`03139000 fffff880`0154e5d5 : fffffa80`071313d0 fffffa80`071313d0 00000000`00000007 fffffa80`070310e0 : netkvm+0x9ffc
fffff880`03139180 fffff880`0154de73 : 00000000`000000a0 fffffa80`0712a150 00000000`00000000 01ce6419`1e268908 : ndis!ndisMInitializeAdapter+0x695
fffff880`03139540 fffff880`0155002c : 00000000`000000a0 fffffa80`07130050 fffff8a0`0295a1e0 00000000`000007ff : ndis!ndisInitializeAdapter+0x113
fffff880`031395a0 fffff880`01562932 : fffffa80`07e88d80 00000000`00000001 fffffa80`07e88f70 00000000`00000000 : ndis!ndisPnPStartDevice+0xac
fffff880`03139600 fffff800`02b2bd26 : fffffa80`07e88d80 fffffa80`07e88d80 00000000`00000002 00000000`00000000 : ndis!ndisPnPDispatch+0x3d2
fffff880`031396a0 fffff800`02b2e63a : fffffa80`07e88f70 fffffa80`07130050 fffffa80`0728b040 fffffa80`07037540 : nt!IovCallDriver+0x566
fffff880`03139700 fffff800`02b2bd26 : fffffa80`07e88d80 00000000`00000002 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!ViFilterDispatchPnp+0x13a
fffff880`03139730 fffff800`02a3e46e : fffffa80`07e88d80 fffffa80`06c687e0 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!IovCallDriver+0x566
fffff880`03139790 fffff800`027787ad : fffffa80`054e9060 fffffa80`06c687e0 fffff800`02781ed0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`031397d0 fffff800`02a4d7e6 : fffff800`02885940 fffffa80`054eb010 fffffa80`06c687e0 fffffa80`054eb1b8 : nt!PnpStartDevice+0x11d
fffff880`03139890 fffff800`02a4da84 : fffffa80`054eb010 fffffa80`054e003c fffffa80`054eb010 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`03139920 fffff800`02a71196 : fffffa80`054eb010 fffffa80`054eb010 00000000`00000000 00000000`00000000 : nt!PipProcessStartPhase1+0x74
fffff880`03139950 fffff800`02a71587 : fffffa80`054eb010 00000000`00000000 00000000`00000001 fffff800`028eea18 : nt!PipProcessDevNodeTree+0x296
fffff880`03139bc0 fffff800`02784803 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiRestartDevice+0xc7
fffff880`03139c10 fffff800`0268b251 : fffff800`027844f0 fffff8a0`031b2801 fffff800`02827200 fffff800`028272d8 : nt!PnpDeviceActionWorker+0x313
fffff880`03139cb0 fffff800`0291fede : 00000000`00000000 fffffa80`04ef7040 00000000`00000080 fffffa80`04ee7040 : nt!ExpWorkerThread+0x111
fffff880`03139d40 fffff800`02672906 : fffff880`009e6180 fffffa80`04ef7040 fffffa80`04ef9660 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03139d80 00000000`00000000 : fffff880`0313a000 fffff880`03134000 fffff880`031388f0 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  netkvm+d3c1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netkvm

IMAGE_NAME:  netkvm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  51ac608d

STACK_COMMAND:  .cxr 0xfffff880031385a0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

Followup: MachineOwner
---------
Comment 6 Yvugenfi@redhat.com 2013-06-19 09:56:07 UTC 
http://git.engineering.redhat.com/?p=users/vrozenfe/internal-kvm-guest-drivers-windows/.git;a=commit;h=796f64ae23998a0e1e7c9a0655a338de5360ecce
Comment 7 guo jiang 2013-06-28 05:19:51 UTC 
Reproduced this issue on virtio-win-prewhql-0.1.64
Verified this issue on virtio-win-prewhql-0.1.65

Steps as comment Description

Actural result
on virtio-win-prewhql-0.1.64 failed with BSOD-7E.
on virtio-win-prewhql-0.1.65 job passed without any error.

Based on the above, this issue has been fixed already!
Comment 8 Mike Cao 2013-06-28 05:25:58 UTC 
Move Status to VERIFIED according to comment #7
Comment 10 errata-xmlrpc 2013-11-22 00:13:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1729.html