Hide Forgot
Cause: In case of failed initialisation some internal data structures might nor be initialised. Consequence: Access to uninitialised data structures during driver unload will case blue screen of death. Fix: Handle correctly partial driver initialisation. Result: No BSOD in case of failed driver initialisation.
Description of problem: Version-Release number of selected component (if applicable): virtio-win-prwehql-64 2.6.32-369.el6.x86_64 qemu-kvm-rhev-0.12.1.2-2.375.el6.x86_64 spice-server-0.12.0-12.el6.x86_64 seabios-0.6.1.2-28.el6.x86_64 sgabios-0-0.3.20110621svn.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1.Start VM with virtio-net-pci CLI:/usr/libexec/qemu-kvm -M rhel6.4.0 -m 6G -smp 4 -cpu cpu64-rhel6,+x2apic,+sep -usbdevice tablet -drive file=win7-64-nic2.raw,format=raw,if=none,id=drive-virtio0,boot=on,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-virtio0,id=virtio-blk-pci0,bootindex=1 -netdev tap,sndbuf=0,id=hostnet0,script=/etc/qemu-ifup,downscript=no -device e1000,netdev=hostnet0,mac=00:01:52:12:41:45,bus=pci.0,addr=0x4 -boot c -uuid bac41b63-86ba-4c2b-a809-fc64720e205e -rtc base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/win7-64-nic2.raw,server,nowait -mon chardev=111a,mode=readline -name win7-64-nic2.raw -netdev tap,sndbuf=0,id=hostnet1,script=/etc/qemu-ifup-private,downscript=no -device virtio-net-pci,netdev=hostnet1,id=net1,mac=00:10:12:22:41:45,bus=pci.0,addr=0x7 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -vnc :2 -vga cirrus 2.run job NIDSTest 6.0-1C-FaultHanding (job id 1086) Actual results: Guest BSOD occurs ,after reboot ,the netkvm device in the guest is disabled ,and will BSOD again when I try to enable it Expected results: no BSOD Additional info: This bug May dup of Fail(8) -968148 - [whql][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win2k8-32 But we did not hit this issue on win7-62 on build 61 ,Report it in case of missing bugs
Use !analyze -v to get detailed debugging information. BugCheck 7E, {ffffffffc0000005, fffff8800152dd40, fffff88003138d48, fffff880031385a0} *** ERROR: Module load completed but symbols could not be loaded for netkvm.sys Probably caused by : netkvm.sys ( netkvm+d3c1 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff8800152dd40, The address that the exception occurred at Arg3: fffff88003138d48, Exception Record Address Arg4: fffff880031385a0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: ndis!NdisMSynchronizeWithInterruptEx+0 fffff880`0152dd40 80b9f100000001 cmp byte ptr [rcx+0F1h],1 EXCEPTION_RECORD: fffff88003138d48 -- (.exr 0xfffff88003138d48) ExceptionAddress: fffff8800152dd40 (ndis!NdisMSynchronizeWithInterruptEx) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000000000f1 Attempt to read from address 00000000000000f1 CONTEXT: fffff880031385a0 -- (.cxr 0xfffff880031385a0) rax=00000000c000009a rbx=fffffa80071ad000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000011 rdi=fffffa80071ad060 rip=fffff8800152dd40 rsp=fffff88003138f88 rbp=fffff88003139100 r8=fffff88004275a60 r9=fffff88003138fb0 r10=0000000000000000 r11=fffff88003138ba0 r12=fffff88004284340 r13=0000000000000000 r14=fffffa80071301a0 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 ndis!NdisMSynchronizeWithInterruptEx: fffff880`0152dd40 80b9f100000001 cmp byte ptr [rcx+0F1h],1 ds:002b:00000000`000000f1=?? Resetting default scope PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000000000000f1 READ_ADDRESS: 00000000000000f1 FOLLOWUP_IP: netkvm+d3c1 fffff880`0427e3c1 4883c438 add rsp,38h BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LOCK_ADDRESS: fffff80002885b80 -- (!locks fffff80002885b80) Resource @ nt!PiEngineLock (0xfffff80002885b80) Exclusively owned Contention Count = 221 Threads: fffffa8004ef7040-01<*> 1 total locks, 1 locks currently held PNP_TRIAGE: Lock address : 0xfffff80002885b80 Thread Count : 1 Thread address: 0xfffffa8004ef7040 Thread wait : 0x18789 LAST_CONTROL_TRANSFER: from fffff800029f2514 to fffff80002681c00 STACK_TEXT: fffff880`03138f88 fffff880`0427e3c1 : fffffa80`071301a0 00000000`00000000 fffff880`03139100 fffff880`04274e16 : ndis!NdisMSynchronizeWithInterruptEx fffff880`03138f90 fffff880`04273e96 : 00000000`00000000 00000000`000007ff 00000000`00000010 fffff880`03139100 : netkvm+0xd3c1 fffff880`03138fd0 fffff880`0427affc : fffffa80`071ad000 fffff880`03139100 00000000`00000011 fffffa80`071ad9e8 : netkvm+0x2e96 fffff880`03139000 fffff880`0154e5d5 : fffffa80`071313d0 fffffa80`071313d0 00000000`00000007 fffffa80`070310e0 : netkvm+0x9ffc fffff880`03139180 fffff880`0154de73 : 00000000`000000a0 fffffa80`0712a150 00000000`00000000 01ce6419`1e268908 : ndis!ndisMInitializeAdapter+0x695 fffff880`03139540 fffff880`0155002c : 00000000`000000a0 fffffa80`07130050 fffff8a0`0295a1e0 00000000`000007ff : ndis!ndisInitializeAdapter+0x113 fffff880`031395a0 fffff880`01562932 : fffffa80`07e88d80 00000000`00000001 fffffa80`07e88f70 00000000`00000000 : ndis!ndisPnPStartDevice+0xac fffff880`03139600 fffff800`02b2bd26 : fffffa80`07e88d80 fffffa80`07e88d80 00000000`00000002 00000000`00000000 : ndis!ndisPnPDispatch+0x3d2 fffff880`031396a0 fffff800`02b2e63a : fffffa80`07e88f70 fffffa80`07130050 fffffa80`0728b040 fffffa80`07037540 : nt!IovCallDriver+0x566 fffff880`03139700 fffff800`02b2bd26 : fffffa80`07e88d80 00000000`00000002 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!ViFilterDispatchPnp+0x13a fffff880`03139730 fffff800`02a3e46e : fffffa80`07e88d80 fffffa80`06c687e0 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!IovCallDriver+0x566 fffff880`03139790 fffff800`027787ad : fffffa80`054e9060 fffffa80`06c687e0 fffff800`02781ed0 00000000`00000000 : nt!PnpAsynchronousCall+0xce fffff880`031397d0 fffff800`02a4d7e6 : fffff800`02885940 fffffa80`054eb010 fffffa80`06c687e0 fffffa80`054eb1b8 : nt!PnpStartDevice+0x11d fffff880`03139890 fffff800`02a4da84 : fffffa80`054eb010 fffffa80`054e003c fffffa80`054eb010 00000000`00000001 : nt!PnpStartDeviceNode+0x156 fffff880`03139920 fffff800`02a71196 : fffffa80`054eb010 fffffa80`054eb010 00000000`00000000 00000000`00000000 : nt!PipProcessStartPhase1+0x74 fffff880`03139950 fffff800`02a71587 : fffffa80`054eb010 00000000`00000000 00000000`00000001 fffff800`028eea18 : nt!PipProcessDevNodeTree+0x296 fffff880`03139bc0 fffff800`02784803 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiRestartDevice+0xc7 fffff880`03139c10 fffff800`0268b251 : fffff800`027844f0 fffff8a0`031b2801 fffff800`02827200 fffff800`028272d8 : nt!PnpDeviceActionWorker+0x313 fffff880`03139cb0 fffff800`0291fede : 00000000`00000000 fffffa80`04ef7040 00000000`00000080 fffffa80`04ee7040 : nt!ExpWorkerThread+0x111 fffff880`03139d40 fffff800`02672906 : fffff880`009e6180 fffffa80`04ef7040 fffffa80`04ef9660 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`03139d80 00000000`00000000 : fffff880`0313a000 fffff880`03134000 fffff880`031388f0 00000000`00000000 : nt!KiStartSystemThread+0x16 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: netkvm+d3c1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: netkvm IMAGE_NAME: netkvm.sys DEBUG_FLR_IMAGE_TIMESTAMP: 51ac608d STACK_COMMAND: .cxr 0xfffff880031385a0 ; kb FAILURE_BUCKET_ID: X64_0x7E_VRFOCA_netkvm+d3c1 BUCKET_ID: X64_0x7E_VRFOCA_netkvm+d3c1 Followup: MachineOwner ---------
http://git.engineering.redhat.com/?p=users/vrozenfe/internal-kvm-guest-drivers-windows/.git;a=commit;h=796f64ae23998a0e1e7c9a0655a338de5360ecce
Reproduced this issue on virtio-win-prewhql-0.1.64 Verified this issue on virtio-win-prewhql-0.1.65 Steps as comment Description Actural result on virtio-win-prewhql-0.1.64 failed with BSOD-7E. on virtio-win-prewhql-0.1.65 job passed without any error. Based on the above, this issue has been fixed already!
Move Status to VERIFIED according to comment #7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1729.html