Bug 1136606 - [whql][netkvm]guests bsod(7E) when running job "NDISTest 6.0 - [1 Machine] - 1c_FaultHandling"
Summary: [whql][netkvm]guests bsod(7E) when running job "NDISTest 6.0 - [1 Machine] - ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virtio-win
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Yan Vugenfirer
QA Contact: Virtualization Bugs
URL:
Whiteboard: Fixed_Not_Ship
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-03 02:28 UTC by lijin
Modified: 2015-11-24 08:43 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
NO_DOCS
Clone Of:
Environment:
Last Closed: 2015-11-24 08:43:50 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2513 normal SHIPPED_LIVE virtio-win bug fix and enhancement update 2015-11-24 13:38:38 UTC

Description lijin 2014-09-03 02:28:28 UTC
Description of problem:
guests bsod(7E) when running job "NDISTest 6.0 - [1 Machine] - 1c_FaultHandling"

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.1.0-2.el7.x86_64
kernel-3.10.0-145.el7.x86_64
virtio-win-prewhql-91
seabios-1.7.5-4.el7.x86_64

How reproducible:
1/1

Steps to Reproduce:
1.boot win7-32 guest with:
/usr/libexec/qemu-kvm -name 091NICWIN732CSP -enable-kvm -m 2G -smp 2 -uuid 2cdbcd81-6507-4b25-a8ca-96d9642d50d3 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/091NICWIN732CSP,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=091NICWIN732CSP,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=091NICWIN732CSP.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none -global isa-fdc.driveA=drive-fdc0-0-0 -netdev tap,script=/etc/qemu-ifup1,downscript=no,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=00:52:0e:54:a0:ce,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -netdev tap,script=/etc/qemu-ifup-private,downscript=no,id=hostnet1,vhost=on -device virtio-net-pci,netdev=hostnet1,mq=on,id=net1,mac=00:52:70:1b:ab:26,bus=pci.0
2.submit job in hck2.1

Actual results:
guest bsod with 7e code,job failed

Expected results:
job can pass,no bsod

Additional info:
widndbg info:
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 92f70074, The address that the exception occurred at
Arg3: 8a64f3a8, Exception Record Address
Arg4: 8a64ef80, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
netkvm+c074
92f70074 ff7104          push    dword ptr [ecx+4]

EXCEPTION_RECORD:  8a64f3a8 -- (.exr 0xffffffff8a64f3a8)
ExceptionAddress: 92f70074 (netkvm+0x0000c074)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

CONTEXT:  8a64ef80 -- (.cxr 0xffffffff8a64ef80)
eax=c000009a ebx=92f7516e ecx=00000000 edx=8882e338 esi=c000009a edi=854a9330
eip=92f70074 esp=8a64f470 ebp=8a64f4d8 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
netkvm+0xc074:
92f70074 ff7104          push    dword ptr [ecx+4]    ds:0023:00000004=????????
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000004

READ_ADDRESS:  00000004 

FOLLOWUP_IP: 
netkvm+c074
92f70074 ff7104          push    dword ptr [ecx+4]

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LOCK_ADDRESS:  827a2fa0 -- (!locks 827a2fa0)

Resource @ nt!PiEngineLock (0x827a2fa0)    Exclusively owned
    Contention Count = 10
     Threads: 844c04c0-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0x827a2fa0
	Thread Count  : 1
	Thread address: 0x844c04c0
	Thread wait   : 0x3a2f

LAST_CONTROL_TRANSFER:  from 82844f9e to 82719f20

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
8a64f4d8 92f66cb0 854a9330 00000000 854a9330 netkvm+0xc074
8a64f4f0 92f6f0eb 854a9330 845aadc0 00000000 netkvm+0x2cb0
8a64f628 888a5cf2 845aa0e0 00000000 8a64f680 netkvm+0xb0eb
8a64f8f4 888a5474 85f74c08 845aa0e0 85d61fb8 ndis!ndisMInitializeAdapter+0x76b
8a64f92c 888a52ed 85f74c08 845aa028 8526f330 ndis!ndisInitializeAdapter+0x10a
8a64f954 888aad23 845aa028 846a4cd0 846a4cf4 ndis!ndisPnPStartDevice+0x130
8a64f998 82672593 845aa028 846a4c18 8a64fa20 ndis!ndisPnPDispatch+0x62f
8a64f9b0 827fa6f8 00000000 84471b58 85285f78 nt!IofCallDriver+0x63
8a64f9cc 8264d28b 8a64f9fc 8265006f 85285f78 nt!PnpAsynchronousCall+0x92
8a64fa30 827f1561 8265006f 85285f78 84474ce8 nt!PnpStartDevice+0xe1
8a64fa8c 827f142a 85285f78 0000003c 00000000 nt!PnpStartDeviceNode+0x12c
8a64faa8 827f8e3d 00000000 00000000 8558cce8 nt!PipProcessStartPhase1+0x62
8a64fca4 828c8a4e 84474ce8 8558cce8 8a64fcd0 nt!PipProcessDevNodeTree+0x188
8a64fcd8 8264fcb7 827a0ec0 844c04c0 8277763c nt!PiRestartDevice+0x8a
8a64fd00 826b8aab 00000000 00000000 844c04c0 nt!PnpDeviceActionWorker+0x1fb
8a64fd50 82844f5e 00000001 97645793 00000000 nt!ExpWorkerThread+0x10d
8a64fd90 826ec219 826b899e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  netkvm+c074

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netkvm

IMAGE_NAME:  netkvm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54053479

STACK_COMMAND:  .cxr 0xffffffff8a64ef80 ; kb

FAILURE_BUCKET_ID:  0x7E_netkvm+c074

BUCKET_ID:  0x7E_netkvm+c074

Followup: MachineOwner
---------

Comment 3 Yossi Hindin 2014-09-16 13:22:21 UTC
Fixed in commit d12d9a2259eb891a0a015caf703806ba47acecff:
testing MessageInfoTable for nullness in debug printout

Comment 4 Yossi Hindin 2014-09-16 13:25:02 UTC
*** Bug 1136602 has been marked as a duplicate of this bug. ***

Comment 5 lijin 2014-09-23 05:46:59 UTC
retest with virtio-win-prewhql-92,this job can passed on win7-32/64 guest,no bsod,so this issue has been fixed already.

win8-64 still bsod with "c4" code,reopen bug1136602 to track it.

package info:
qemu-kvm-rhev-2.1.0-4.el7.x86_64
kernel-3.10.0-165.el7.x86_64
seabios-1.7.5-4.el7.x86_64
virtio-win-prewhql-92

Comment 9 lijin 2015-07-17 07:58:02 UTC
change status to verified according to comment#5

Comment 11 errata-xmlrpc 2015-11-24 08:43:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2513.html


Note You need to log in before you can comment on or make changes to this bug.