RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 972310 - [whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding job over win7-64
Summary: [whql][netkvm][1086]BSOD(7e) occurs when running NIDSTest 6.0-1C-FaultHanding...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win
Version: 6.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Yvugenfi@redhat.com
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-08 10:06 UTC by Mike Cao
Modified: 2015-11-23 03:37 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: In case of failed initialisation some internal data structures might nor be initialised. Consequence: Access to uninitialised data structures during driver unload will case blue screen of death. Fix: Handle correctly partial driver initialisation. Result: No BSOD in case of failed driver initialisation.
Clone Of:
Environment:
Last Closed: 2013-11-22 00:13:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1729 0 normal SHIPPED_LIVE virtio-win bug fix and enhancement update 2013-11-21 00:39:25 UTC

Description Mike Cao 2013-06-08 10:06:18 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
virtio-win-prwehql-64
2.6.32-369.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.375.el6.x86_64
spice-server-0.12.0-12.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
sgabios-0-0.3.20110621svn.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Start VM with virtio-net-pci
CLI:/usr/libexec/qemu-kvm -M rhel6.4.0 -m 6G -smp 4 -cpu cpu64-rhel6,+x2apic,+sep -usbdevice tablet -drive file=win7-64-nic2.raw,format=raw,if=none,id=drive-virtio0,boot=on,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-virtio0,id=virtio-blk-pci0,bootindex=1 -netdev tap,sndbuf=0,id=hostnet0,script=/etc/qemu-ifup,downscript=no -device e1000,netdev=hostnet0,mac=00:01:52:12:41:45,bus=pci.0,addr=0x4 -boot c -uuid bac41b63-86ba-4c2b-a809-fc64720e205e -rtc base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/win7-64-nic2.raw,server,nowait -mon chardev=111a,mode=readline -name win7-64-nic2.raw -netdev tap,sndbuf=0,id=hostnet1,script=/etc/qemu-ifup-private,downscript=no -device virtio-net-pci,netdev=hostnet1,id=net1,mac=00:10:12:22:41:45,bus=pci.0,addr=0x7 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -vnc :2 -vga cirrus
2.run job  NIDSTest 6.0-1C-FaultHanding (job id 1086)

Actual results:
Guest BSOD occurs ,after reboot ,the netkvm device in the guest is disabled ,and will BSOD again when I try to enable it 

Expected results:
no BSOD

Additional info:
This bug May dup of Fail(8) -968148 - [whql][netkvm]BSOD(7E) always happen on Job of "NDISTest6.0-[1 Machine]- 1c_FaultHandling" failed on HCK for win2k8-32
But we did not hit this issue on win7-62 on build 61 ,Report it in case of missing bugs
Comment 1 Mike Cao 2013-06-08 10:10:57 UTC 
Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, fffff8800152dd40, fffff88003138d48, fffff880031385a0}

*** ERROR: Module load completed but symbols could not be loaded for netkvm.sys
Probably caused by : netkvm.sys ( netkvm+d3c1 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8800152dd40, The address that the exception occurred at
Arg3: fffff88003138d48, Exception Record Address
Arg4: fffff880031385a0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
ndis!NdisMSynchronizeWithInterruptEx+0
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1

EXCEPTION_RECORD:  fffff88003138d48 -- (.exr 0xfffff88003138d48)
ExceptionAddress: fffff8800152dd40 (ndis!NdisMSynchronizeWithInterruptEx)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000f1
Attempt to read from address 00000000000000f1

CONTEXT:  fffff880031385a0 -- (.cxr 0xfffff880031385a0)
rax=00000000c000009a rbx=fffffa80071ad000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000011 rdi=fffffa80071ad060
rip=fffff8800152dd40 rsp=fffff88003138f88 rbp=fffff88003139100
 r8=fffff88004275a60  r9=fffff88003138fb0 r10=0000000000000000
r11=fffff88003138ba0 r12=fffff88004284340 r13=0000000000000000
r14=fffffa80071301a0 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
ndis!NdisMSynchronizeWithInterruptEx:
fffff880`0152dd40 80b9f100000001  cmp     byte ptr [rcx+0F1h],1 ds:002b:00000000`000000f1=??
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000000f1

READ_ADDRESS:  00000000000000f1 

FOLLOWUP_IP: 
netkvm+d3c1
fffff880`0427e3c1 4883c438        add     rsp,38h

BUGCHECK_STR:  0x7E

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LOCK_ADDRESS:  fffff80002885b80 -- (!locks fffff80002885b80)

Resource @ nt!PiEngineLock (0xfffff80002885b80)    Exclusively owned
    Contention Count = 221
     Threads: fffffa8004ef7040-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0xfffff80002885b80
	Thread Count  : 1
	Thread address: 0xfffffa8004ef7040
	Thread wait   : 0x18789

LAST_CONTROL_TRANSFER:  from fffff800029f2514 to fffff80002681c00

STACK_TEXT:  
fffff880`03138f88 fffff880`0427e3c1 : fffffa80`071301a0 00000000`00000000 fffff880`03139100 fffff880`04274e16 : ndis!NdisMSynchronizeWithInterruptEx
fffff880`03138f90 fffff880`04273e96 : 00000000`00000000 00000000`000007ff 00000000`00000010 fffff880`03139100 : netkvm+0xd3c1
fffff880`03138fd0 fffff880`0427affc : fffffa80`071ad000 fffff880`03139100 00000000`00000011 fffffa80`071ad9e8 : netkvm+0x2e96
fffff880`03139000 fffff880`0154e5d5 : fffffa80`071313d0 fffffa80`071313d0 00000000`00000007 fffffa80`070310e0 : netkvm+0x9ffc
fffff880`03139180 fffff880`0154de73 : 00000000`000000a0 fffffa80`0712a150 00000000`00000000 01ce6419`1e268908 : ndis!ndisMInitializeAdapter+0x695
fffff880`03139540 fffff880`0155002c : 00000000`000000a0 fffffa80`07130050 fffff8a0`0295a1e0 00000000`000007ff : ndis!ndisInitializeAdapter+0x113
fffff880`031395a0 fffff880`01562932 : fffffa80`07e88d80 00000000`00000001 fffffa80`07e88f70 00000000`00000000 : ndis!ndisPnPStartDevice+0xac
fffff880`03139600 fffff800`02b2bd26 : fffffa80`07e88d80 fffffa80`07e88d80 00000000`00000002 00000000`00000000 : ndis!ndisPnPDispatch+0x3d2
fffff880`031396a0 fffff800`02b2e63a : fffffa80`07e88f70 fffffa80`07130050 fffffa80`0728b040 fffffa80`07037540 : nt!IovCallDriver+0x566
fffff880`03139700 fffff800`02b2bd26 : fffffa80`07e88d80 00000000`00000002 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!ViFilterDispatchPnp+0x13a
fffff880`03139730 fffff800`02a3e46e : fffffa80`07e88d80 fffffa80`06c687e0 fffffa80`0728b040 fffffa80`07e2dcc0 : nt!IovCallDriver+0x566
fffff880`03139790 fffff800`027787ad : fffffa80`054e9060 fffffa80`06c687e0 fffff800`02781ed0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`031397d0 fffff800`02a4d7e6 : fffff800`02885940 fffffa80`054eb010 fffffa80`06c687e0 fffffa80`054eb1b8 : nt!PnpStartDevice+0x11d
fffff880`03139890 fffff800`02a4da84 : fffffa80`054eb010 fffffa80`054e003c fffffa80`054eb010 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`03139920 fffff800`02a71196 : fffffa80`054eb010 fffffa80`054eb010 00000000`00000000 00000000`00000000 : nt!PipProcessStartPhase1+0x74
fffff880`03139950 fffff800`02a71587 : fffffa80`054eb010 00000000`00000000 00000000`00000001 fffff800`028eea18 : nt!PipProcessDevNodeTree+0x296
fffff880`03139bc0 fffff800`02784803 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiRestartDevice+0xc7
fffff880`03139c10 fffff800`0268b251 : fffff800`027844f0 fffff8a0`031b2801 fffff800`02827200 fffff800`028272d8 : nt!PnpDeviceActionWorker+0x313
fffff880`03139cb0 fffff800`0291fede : 00000000`00000000 fffffa80`04ef7040 00000000`00000080 fffffa80`04ee7040 : nt!ExpWorkerThread+0x111
fffff880`03139d40 fffff800`02672906 : fffff880`009e6180 fffffa80`04ef7040 fffffa80`04ef9660 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03139d80 00000000`00000000 : fffff880`0313a000 fffff880`03134000 fffff880`031388f0 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  netkvm+d3c1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netkvm

IMAGE_NAME:  netkvm.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  51ac608d

STACK_COMMAND:  .cxr 0xfffff880031385a0 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

BUCKET_ID:  X64_0x7E_VRFOCA_netkvm+d3c1

Followup: MachineOwner
---------
Comment 6 Yvugenfi@redhat.com 2013-06-19 09:56:07 UTC 
http://git.engineering.redhat.com/?p=users/vrozenfe/internal-kvm-guest-drivers-windows/.git;a=commit;h=796f64ae23998a0e1e7c9a0655a338de5360ecce
Comment 7 guo jiang 2013-06-28 05:19:51 UTC 
Reproduced this issue on virtio-win-prewhql-0.1.64
Verified this issue on virtio-win-prewhql-0.1.65

Steps as comment Description

Actural result
on virtio-win-prewhql-0.1.64 failed with BSOD-7E.
on virtio-win-prewhql-0.1.65 job passed without any error.

Based on the above, this issue has been fixed already!
Comment 8 Mike Cao 2013-06-28 05:25:58 UTC 
Move Status to VERIFIED according to comment #7
Comment 10 errata-xmlrpc 2013-11-22 00:13:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1729.html
Note You need to log in before you can comment on or make changes to this bug.