Bug 968148 - [virtio-win][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win2k8-32
[virtio-win][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Yan Vugenfirer
Virtualization Bugs
: Regression
Depends On:
  Show dependency treegraph
Reported: 2013-05-29 01:39 EDT by guo jiang
Modified: 2014-01-01 11:36 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-01-01 11:36:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
dump file - win2k8-32 - 1c_FaultHandling (49.32 MB, application/x-zip-compressed)
2013-05-29 01:58 EDT, guo jiang
no flags Details

  None (edit)
Description guo jiang 2013-05-29 01:39:25 EDT
Description of problem:
BSOD with error 7E always happened on Job "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win8-32. 

Version-Release number of selected component (if applicable):
   * Red Hat Enterprise Linux Server release 6.4 (Santiago)
   * kernel-2.6.32-369.el6.x86_64    
   * qemu-img-rhev-
   * virtio-win-prewhql-0.1-61
   * spice-server-0.12.0-12.el6.x86_64
   * seabios-
   * vgabios-0.6b-3.7.el6.noarch

How reproducible:

Steps to Reproduce:
1.Boot guest with CLI:
  test guest:
/usr/libexec/qemu-kvm \
-m 6G \
-smp 8,cores=8 \
-cpu cpu64-rhel6,+x2apic \
-usb \
-device usb-tablet \
-drive file=win2k8-32-nic1.raw,if=none,id=drive-ide0-0-0,werror=stop,rerror=stop,cache=none \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-netdev tap,sndbuf=0,id=hostnet0,vhost=on,script=/etc/qemu-ifup-private,downscript=no \
-device virtio-net-pci,netdev=hostnet0,mac=00:24:4a:14:23:42,bus=pci.0,addr=0x4,id=virtio-net-pci0 \
-netdev tap,sndbuf=0,id=hostnet2,script=/etc/qemu-ifup,downscript=no \
-device e1000,netdev=hostnet2,mac=00:13:54:a4:32:20,bus=pci.0,addr=0x6 \
-uuid 47c5336f-f1a7-4bb4-a97d-eb98f8e2361a \
-no-kvm-pit-reinjection \
-chardev socket,id=111a,path=/tmp/monitor-win2k8-32-61-nic1,server,nowait \
-mon chardev=111a,mode=readline \
-vnc :1 \
-vga cirrus \
-name win2k8-32-nic1-61-HCK \
-rtc base=localtime,clock=host,driftfix=slew \
-global PIIX4_PM.disable_s3=0 \
-global PIIX4_PM.disable_s4=0 \
-monitor stdio

  support guest:
/usr/libexec/qemu-kvm \
-m 6G \
-smp 8,cores=8 \
-cpu cpu64-rhel6,+x2apic \
-usb \
-device usb-tablet \
-drive file=win2k8-32-nic2.raw,if=none,id=drive-ide0-0-0,werror=stop,rerror=stop,cache=none \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
-netdev tap,sndbuf=0,id=hostnet0,vhost=on,script=/etc/qemu-ifup-private,downscript=no \
-device virtio-net-pci,netdev=hostnet0,mac=00:34:22:34:23:42,bus=pci.0,addr=0x4,id=virtio-net-pci0 \
-netdev tap,sndbuf=0,id=hostnet2,script=/etc/qemu-ifup,downscript=no \
-device e1000,netdev=hostnet2,mac=00:23:24:34:30:20,bus=pci.0,addr=0x6 \
-uuid 510c23e8-29e2-493e-aa1e-a2e1455d9b40 \
-no-kvm-pit-reinjection \
-chardev socket,id=111a,path=/tmp/monitor-win2k8-32-61-nic2,server,nowait \
-mon chardev=111a,mode=readline \
-vnc :2 \
-vga cirrus \
-name win2k8-32-nic2-61-HCK \
-rtc base=localtime,clock=host,driftfix=slew \
-global PIIX4_PM.disable_s3=0 \
-global PIIX4_PM.disable_s4=0 \
-monitor stdio

2.Run job "NDISTest6.0-[1 Machine]- 1c_FaultHandling" on HCK.

3.Run task "Run NDISTest Client"

Actual results:
BSOD with error 7E happened.

Expected results:
Job should pass without any error.

Additional info:
Comment 1 guo jiang 2013-05-29 01:47:14 EDT
Windbg info:

 2: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arg1: 80000003, The exception code that was not handled
Arg2: 818e4b2b, The address that the exception occurred at
Arg3: 86c9d5f8, Exception Record Address
Arg4: 86c9d2f4, Context Record Address

Debugging Details:

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

818e4b2b cc              int     3

EXCEPTION_RECORD:  86c9d5f8 -- (.exr 0xffffffff86c9d5f8)
ExceptionAddress: 818e4b2b (nt!DbgPrompt+0x00000046)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 3
   Parameter[0]: 00000002
   Parameter[1]: 9b2de0ce
   Parameter[2]: 00000044

CONTEXT:  86c9d2f4 -- (.cxr 0xffffffff86c9d2f4)
eax=00000002 ebx=86c9d704 ecx=9b2de0ce edx=00000044 esi=9b2de0cf edi=00000002
eip=818e4b2b esp=86c9d6c0 ebp=86c9d6dc iopl=0         nv up ei pl nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000216
818e4b2b cc              int     3
Resetting default scope





ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.




LAST_CONTROL_TRANSFER:  from 9b261bb4 to 818e4b2b

86c9d6dc 9b261bb4 9b2de0ce 86c9d704 00000002 nt!DbgPrompt+0x46
WARNING: Stack unwind information not available. Following frames may be wrong.
86c9d70c 9b2121e1 00000001 9b2c6ab2 00000153 ndprot61+0x59bb4
86c9d744 9b2167b2 86c9d7d0 9d9126c8 855f9b1b ndprot61+0xa1e1
86c9d774 9b20ffc4 86c9d7d0 9d9126c8 9d9200b0 ndprot61+0xe7b2
86c9d788 9b20d72e 86c9d7d0 9d9126c8 86c9d7b4 ndprot61+0x7fc4
86c9d7b4 81eeb18c 86c9d7d0 9d9126c8 9d911008 ndprot61+0x572e
86c9d894 81eede83 9d911008 86c9d8e0 9bbae150 NDIS!ndisUnbindProtocol+0x22f
86c9d934 81eefaa4 00bae150 9886aeb8 00000000 NDIS!ndisCloseMiniportBindings+0x2f1
86c9da64 81ee1249 9bbae098 9886aeb8 93decee8 NDIS!ndisPnPRemoveDevice+0x1c9
86c9dab8 81aeb6be 9bbae098 00000002 9bbae098 NDIS!ndisPnPDispatch+0x358
86c9dadc 8184c951 9886afb8 9886aff8 9bbae098 nt!IovCallDriver+0x23f
86c9daf0 81afb0a8 8bf52840 9886aeb8 9bb67da8 nt!IofCallDriver+0x1b
86c9db08 81aeb6be 9bb67da8 9bbae098 9886b000 nt!ViFilterDispatchPnp+0xd3
86c9db2c 8184c951 9886afdc 86c9dbcc 9bb67da8 nt!IovCallDriver+0x23f
86c9db40 819b6a73 897fa030 897fa030 897fb928 nt!IofCallDriver+0x1b
86c9db74 81a810fd 897fa030 86c9dba8 00000000 nt!IopSynchronousCall+0xce
86c9dbd0 818d303d 897fa030 00000002 984d0f40 nt!IopRemoveDevice+0xd1
86c9dbf8 81a7a63b 9951d860 00000016 00000000 nt!PnpRemoveLockedDeviceNode+0x176
86c9dc10 81a7a8eb 00000002 00000016 00000000 nt!PnpDeleteLockedDeviceNode+0x2b
86c9dc44 81a7e6d0 897fa030 984d0f40 00000002 nt!PnpDeleteLockedDeviceNodes+0x4c
86c9dd04 8196e991 86c9dd34 00000000 984e6840 nt!PnpProcessQueryRemoveAndEject+0x8cf
86c9dd1c 8199a491 00000000 8190a13c 855f9ad0 nt!PnpProcessTargetDeviceEvent+0x38
86c9dd44 818adda2 93dd4698 00000000 855f9ad0 nt!PnpDeviceEventWorker+0x201
86c9dd7c 819ddfe2 93dd4698 3afcc882 00000000 nt!ExpWorkerThread+0xfd
86c9ddc0 81846f0e 818adca5 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

9b261bb4 8b4de4          mov     ecx,dword ptr [ebp-1Ch]


SYMBOL_NAME:  ndprot61+59bb4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ndprot61

IMAGE_NAME:  ndprot61.sys


STACK_COMMAND:  .cxr 0xffffffff86c9d2f4 ; kb

FAILURE_BUCKET_ID:  0x7E_VRF_ndprot61+59bb4

BUCKET_ID:  0x7E_VRF_ndprot61+59bb4

Followup: MachineOwner
Comment 2 guo jiang 2013-05-29 01:58:47 EDT
Created attachment 754180 [details]
dump file - win2k8-32 - 1c_FaultHandling
Comment 5 guo jiang 2013-06-27 23:45:51 EDT
Reproduced this issue on virtio-win-prewhql-0.1.61
Verified this issue on virtio-win-prewhql-0.1.65

Steps as comment #0

Actual Result:
on virtio-win-prewhql-0.1.61 Failed with BSOD-7E.
on virtio-win-prewhql-0.1.65 job passed without any error or BSOD.

Based on above, this issue has been fixed already.
Comment 6 Mike Cao 2013-06-28 01:26:15 EDT
Move status to VERIFIED according to comment #5

Note You need to log in before you can comment on or make changes to this bug.