Bug 972310 – [whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding job over win7-64

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 972310 - [whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding job over win7-64

Summary:	[whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	virtio-win (Show other bugs)
Sub Component:
Version:	6.5
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Yan Vugenfirer
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:	TestBlocker

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-06-08 06:06 EDT by Mike Cao
Modified:	2015-11-22 22:37 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: In case of failed initialisation some internal data structures might nor be initialised. Consequence: Access to uninitialised data structures during driver unload will case blue screen of death. Fix: Handle correctly partial driver initialisation. Result: No BSOD in case of failed driver initialisation.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-11-21 19:13:00 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1729	normal	SHIPPED_LIVE	virtio-win bug fix and enhancement update	2013-11-20 19:39:25 EST

Groups: None (edit)

Description Mike Cao 2013-06-08 06:06:18 EDT

Description of problem:


Version-Release number of selected component (if applicable):
virtio-win-prwehql-64
2.6.32-369.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.375.el6.x86_64
spice-server-0.12.0-12.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
sgabios-0-0.3.20110621svn.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Start VM with virtio-net-pci
CLI:/usr/libexec/qemu-kvm -M rhel6.4.0 -m 6G -smp 4 -cpu cpu64-rhel6,+x2apic,+sep -usbdevice tablet -drive file=win7-64-nic2.raw,format=raw,if=none,id=drive-virtio0,boot=on,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-virtio0,id=virtio-blk-pci0,bootindex=1 -netdev tap,sndbuf=0,id=hostnet0,script=/etc/qemu-ifup,downscript=no -device e1000,netdev=hostnet0,mac=00:01:52:12:41:45,bus=pci.0,addr=0x4 -boot c -uuid bac41b63-86ba-4c2b-a809-fc64720e205e -rtc base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/win7-64-nic2.raw,server,nowait -mon chardev=111a,mode=readline -name win7-64-nic2.raw -netdev tap,sndbuf=0,id=hostnet1,script=/etc/qemu-ifup-private,downscript=no -device virtio-net-pci,netdev=hostnet1,id=net1,mac=00:10:12:22:41:45,bus=pci.0,addr=0x7 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -vnc :2 -vga cirrus
2.run job  NIDSTest 6.0-1C-FaultHanding (job id 1086)

Actual results:
Guest BSOD occurs ,after reboot ,the netkvm device in the guest is disabled ,and will BSOD again when I try to enable it 

Expected results:
no BSOD

Additional info:
This bug May dup of Fail(8) -968148 - [whql][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win2k8-32
But we did not hit this issue on win7-62 on build 61 ,Report it in case of missing bugs

Comment 1 Mike Cao 2013-06-08 06:10:57 EDT

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, fffff8800152dd40, fffff88003138d48, fffff880031385a0}

*** ERROR: Module load completed but symbols could not be loaded for netkvm.sys
Probably caused by : netkvm.sys ( netkvm+d3c1 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8800152dd40, The address that the exception occurred at
Arg3: fffff88003138d48, Exception Record Address
Arg4: fffff880031385a0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ndis!NdisMSynchronizeWithInterruptEx+0
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1

EXCEPTION_RECORD:  fffff88003138d48 -- (.exr 0xfffff88003138d48)
ExceptionAddress: fffff8800152dd40 (ndis!NdisMSynchronizeWithInterruptEx)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000f1
Attempt to read from address 00000000000000f1

CONTEXT:  fffff880031385a0 -- (.cxr 0xfffff880031385a0)
rax=00000000c000009a rbx=fffffa80071ad000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000011 rdi=fffffa80071ad060
rip=fffff8800152dd40 rsp=fffff88003138f88 rbp=fffff88003139100
 r8=fffff88004275a60  r9=fffff88003138fb0 r10=0000000000000000
r11=fffff88003138ba0 r12=fffff88004284340 r13=0000000000000000
r14=fffffa80071301a0 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
ndis!NdisMSynchronizeWithInterruptEx:
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1 ds:002b:00000000`000000f1=??
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000000f1

READ_ADDRESS:  00000000000000f1 

FOLLOWUP_IP: 
netkvm+d3c1
fffff880`0427e3c1 4883c438        add     rsp,38h

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LOCK_ADDRESS:  fffff80002885b80 -- (!locks fffff80002885b80)

Resource @ nt!PiEngineLock (0xfffff80002885b80)    Exclusively owned
    Contention Count = 221
     Threads: fffffa8004ef7040-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0xfffff80002885b80
	Thread Count  : 1
	Thread address: 0xfffffa8004ef7040
	Thread wait   : 0x18789

LAST_CONTROL_TRANSFER:  from fffff800029f2514 to fffff80002681c00

STACK_TEXT:  
fffff880`03138f88 fffff880`0427e3c1 : fffffa80`071301a0 00000000`00000000 fffff880`03139100 fffff880`04274e16 : ndis!NdisMSynchronizeWithInterruptEx
fffff880`03138f90 fffff880`04273e96 : 00000000`00000000 00000000`000007ff 00000000`00000010 fffff880`03139100 : netkvm+0xd3c1
fffff880`03138fd0 fffff880`0427affc : fffffa80`071ad000 fffff880`03139100 00000000`00000011 fffffa80`071ad9e8 : netkvm+0x2e96
fffff880`03139000 fffff880`0154e5d5 : fffffa80`071313d0 fffffa80`071313d0 00000000`00000007 fffffa80`070310e0 : netkvm+0x9ffc
fffff880`03139180 fffff880`0154de73 : 00000000`000000a0 fffffa80`0712a150 00000000`00000000 01ce6419`1e268908 : ndis!ndisMInitializeAdapter+0x695
fffff880`03139540 fffff880`0155002c : 00000000`000000a0 fffffa80`07130050 fffff8a0`0295a1e0 00000000`000007ff : ndis!ndisInitializeAdapter+0x113
fffff880`031395a0 fffff880`01562932 : fffffa80`07e88d80 00000000`00000001 fffffa80`07e88f70 00000000`00000000 : ndis!ndisPnPStartDevice+0xac
fffff880`03139600 fffff800`02b2bd26 : fffffa80`07e88d80 fffffa80`07e88d80 00000000`00000002 00000000`00000000 : ndis!ndisPnPDispatch+0x3d2
fffff880`031396a0 fffff800`02b2e63a : fffffa80`07e88f70 fffffa80`07130050 fffffa80`0728b040 fffffa80`07037540 : nt!IovCallDriver+0x566
fffff880`03139700 fffff800`02b2bd26 : fffffa80`07e88d80 00000000`00000002 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!ViFilterDispatchPnp+0x13a
fffff880`03139730 fffff800`02a3e46e : fffffa80`07e88d80 fffffa80`06c687e0 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!IovCallDriver+0x566
fffff880`03139790 fffff800`027787ad : fffffa80`054e9060 fffffa80`06c687e0 fffff800`02781ed0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`031397d0 fffff800`02a4d7e6 : fffff800`02885940 fffffa80`054eb010 fffffa80`06c687e0 fffffa80`054eb1b8 : nt!PnpStartDevice+0x11d
fffff880`03139890 fffff800`02a4da84 : fffffa80`054eb010 fffffa80`054e003c fffffa80`054eb010 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`03139920 fffff800`02a71196 : fffffa80`054eb010 fffffa80`054eb010 00000000`00000000 00000000`00000000 : nt!PipProcessStartPhase1+0x74
fffff880`03139950 fffff800`02a71587 : fffffa80`054eb010 00000000`00000000 00000000`00000001 fffff800`028eea18 : nt!PipProcessDevNodeTree+0x296
fffff880`03139bc0 fffff800`02784803 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiRestartDevice+0xc7
fffff880`03139c10 fffff800`0268b251 : fffff800`027844f0 fffff8a0`031b2801 fffff800`02827200 fffff800`028272d8 : nt!PnpDeviceActionWorker+0x313
fffff880`03139cb0 fffff800`0291fede : 00000000`00000000 fffffa80`04ef7040 00000000`00000080 fffffa80`04ee7040 : nt!ExpWorkerThread+0x111
fffff880`03139d40 fffff800`02672906 : fffff880`009e6180 fffffa80`04ef7040 fffffa80`04ef9660 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03139d80 00000000`00000000 : fffff880`0313a000 fffff880`03134000 fffff880`031388f0 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  netkvm+d3c1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netkvm

IMAGE_NAME:  netkvm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  51ac608d

STACK_COMMAND:  .cxr 0xfffff880031385a0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

Followup: MachineOwner
---------

Comment 6 Yan Vugenfirer 2013-06-19 05:56:07 EDT

http://git.engineering.redhat.com/?p=users/vrozenfe/internal-kvm-guest-drivers-windows/.git;a=commit;h=796f64ae23998a0e1e7c9a0655a338de5360ecce

Comment 7 guo jiang 2013-06-28 01:19:51 EDT

Reproduced this issue on virtio-win-prewhql-0.1.64
Verified this issue on virtio-win-prewhql-0.1.65

Steps as comment Description

Actural result
on virtio-win-prewhql-0.1.64 failed with BSOD-7E.
on virtio-win-prewhql-0.1.65 job passed without any error.

Based on the above, this issue has been fixed already!

Comment 8 Mike Cao 2013-06-28 01:25:58 EDT

Move Status to VERIFIED according to comment #7

Comment 10 errata-xmlrpc 2013-11-21 19:13:00 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1729.html

Note You need to log in before you can comment on or make changes to this bug.