[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Installing WinPV drivers on Windows 2019

  • To: <jan.bakuwel@xxxxxxxxx>, <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Paul Durrant <xadimgnik@xxxxxxxxx>
  • Date: Mon, 8 Jun 2020 07:52:01 +0100
  • Delivery-date: Mon, 08 Jun 2020 06:52:07 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
  • Thread-index: AQKmfdhS0zU5AzZ9bnw/nfbxk8vVcgE/w0gEAiov3K8Cc0U5XQJFhc4HpuyvRpA=
> -----Original Message-----
> From: Jan Bakuwel <jan.bakuwel@xxxxxxxxx>
> Sent: 08 June 2020 04:50
> To: paul@xxxxxxx; win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: Installing WinPV drivers on Windows 2019
> 
> Hi Paul,
> 
> Unfortunately the Windows 2019 server continues to crash with the XCP-NG
> drivers, which, looking at the version, seem to closely resemble the
> 8.2.2 release?
> 
> Please see below for details, mini-dump attached.
> 

Hi Jan,

  Oddly the summary analysis below fingers the network driver but when I pull 
the dump into windbg, it clearly points at a stack overflow in a thread 
starting in xenvbd...

> kind regards,
> Jan
> 
> OS Name    Microsoft Windows Server 2019 Standard
> Version    10.0.17763 Build 17763
> 
> Network Adaptor:
> Name    [00000014] XCP-ng PV Network Device
> Driver    c:\windows\system32\drivers\xennet.sys (8.2.2.0, 47.90 KB
> (49,048 bytes), 29/06/2019 8:09 PM)
> 
> 
> ==================================================
> Dump File         : 060820-45437-01.dmp
> Crash Time        : 8/06/2020 3:08:35 PM
> Bug Check String  :
> Bug Check Code    : 0x00000139
> Parameter 1       : 00000000`0000001e
> Parameter 2       : ffff8a83`92044fa0
> Parameter 3       : ffff8a83`92044ef8
> Parameter 4       : 00000000`00000000
> 
> Caused By Driver  : NDIS.SYS
> Caused By Address : NDIS.SYS+5630
> File Description  : Network Driver Interface Specification (NDIS)
> 
> Product Name      : Microsoft® Windows® Operating System
> Company           : Microsoft Corporation
> File Version      : 10.0.17763.1 (WinBuild.160101.0800)
> Processor         : x64
> Crash Address     : ntoskrnl.exe+1b7860
> Stack Address 1   :
> Stack Address 2   :
> Stack Address 3   :
> Computer Name     :
> Full Path         : C:\Windows\Minidump\060820-45437-01.dmp
> Processors Count  : 4
> Major Version     : 15
> Minor Version     : 17763
> Dump File Size    : 892,828
> Dump File Time    : 8/06/2020 3:17:51 PM
> ==================================================
> 

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001e, Type of memory safety violation
Arg2: ffff8a8392044fa0, Address of the trap frame for the exception that caused 
the bugcheck
Arg3: ffff8a8392044ef8, Address of the exception record for the exception that 
caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

SYSTEM_MANUFACTURER:  Xen

SYSTEM_PRODUCT_NAME:  HVM domU

SYSTEM_VERSION:  4.4.1

BIOS_VENDOR:  Xen

BIOS_VERSION:  4.4.1

BIOS_DATE:  09/07/2017

DUMP_TYPE:  2

BUGCHECK_P1: 1e

BUGCHECK_P2: ffff8a8392044fa0

BUGCHECK_P3: ffff8a8392044ef8

BUGCHECK_P4: 0

TRAP_FRAME:  ffff8a8392044fa0 -- (.trap 0xffff8a8392044fa0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000003 rbx=0000000000000000 rcx=000000000000001e
rdx=ffff8a83920451c0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff805734490c0 rsp=ffff8a8392045130 rbp=ffff8a83920451c0
 r8=fffff8057374ed80  r9=0000000000000000 r10=ffff85800000a000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiAcquireThreadStateLock+0x11fa90:
fffff805`734490c0 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff8a8392044ef8 -- (.exr 0xffff8a8392044ef8)
ExceptionAddress: fffff805734490c0 
(nt!KiAcquireThreadStateLock+0x000000000011fa90)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000000000001e
Subcode: 0x1e FAST_FAIL_INVALID_NEXT_THREAD

CPU_COUNT: 4

CPU_MHZ: 898

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3e

CPU_STEPPING: 4

CPU_MICROCODE: 6,3e,4,0 (F,M,S,R)  SIG: 428'00000000 (cache) 428'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXPNP: 1 (!blackboxpnp)


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  FAIL_FAST_INVALID_NEXT_THREAD

BUGCHECK_STR:  0x139

PROCESS_NAME:  System

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a 
stack-based buffer in this application. This overrun could potentially allow a 
malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a 
stack-based buffer in this application. This overrun could potentially allow a 
malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  000000000000001e

ANALYSIS_SESSION_HOST:  CBG-R90WXYV0

ANALYSIS_SESSION_TIME:  06-08-2020 07:44:16.0241

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff805733d40e9 to fffff805733c2860

STACK_TEXT:  
ffff8a83`92044c78 fffff805`733d40e9 : 00000000`00000139 00000000`0000001e 
ffff8a83`92044fa0 ffff8a83`92044ef8 : nt!KeBugCheckEx
ffff8a83`92044c80 fffff805`733d4490 : 00000000`00000000 ffff8a83`92045220 
00000000`0000000e ffffe588`a03b48a0 : nt!KiBugCheckDispatch+0x69
ffff8a83`92044dc0 fffff805`733d288e : 00000000`00001080 fffff805`732b0d31 
00000020`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffff8a83`92044fa0 fffff805`734490c0 : 00000000`00000003 00000000`00000000 
00000001`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x30e
ffff8a83`92045130 fffff805`7336730c : ffff8a83`00000000 00000000`00000002 
00000000`00000000 fffff805`7333a570 : nt!KiAcquireThreadStateLock+0x11fa90
ffff8a83`920451a0 fffff805`7344eef6 : ffffa700`4ff59180 ffffa700`00000000 
ffff8a83`92045240 00000000`00000000 : nt!KeSetIdealProcessorThreadEx+0xd0
ffff8a83`92045220 fffff805`73339e84 : 00000000`00000200 00000000`00000000 
ffff8a83`920453c9 00000000`ffffffff : nt!MiZeroInParallelWorker+0x115016
ffff8a83`92045350 fffff805`73339386 : ffff8280`00000000 00000000`00000200 
00000000`00000001 fffff805`00000003 : nt!MiZeroInParallel+0x11c
ffff8a83`92045430 fffff805`73338e3a : fffff805`00000000 ffffe588`00000000 
00000000`00000000 00000000`00000000 : nt!MiInitializeMdlBatchPages+0x2ae
ffff8a83`92045500 fffff805`73338c69 : 00000000`00000000 ffffe588`ab8a9010 
00000000`00436d66 ffffe588`ab976dff : nt!MiAllocatePagesForMdl+0x192
ffff8a83`920456b0 fffff805`73338b8d : 00000000`00000000 ffffe588`a002cab0 
ffffe588`b44ebfd0 ffffe588`ba4d8140 : 
nt!MmAllocatePartitionNodePagesForMdlEx+0xc9
ffff8a83`92045720 fffff805`78fdaf66 : 00000000`00000000 00000000`00000000 
ffffe588`a002cab0 ffffe588`b44ebfd0 : nt!MmAllocatePagesForMdlEx+0x4d
ffff8a83`92045770 00000000`00000000 : 00000000`00000000 ffffe588`a002cab0 
ffffe588`b44ebfd0 00000000`00000001 : xenvbd+0xaf66


THREAD_SHA1_HASH_MOD_FUNC:  4cd0c2c7c2f298265107f275b1d45b05d236ce64

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  a32ce416c20c82cdc641ad5b516845ed81f5ad26

THREAD_SHA1_HASH_MOD:  e5d5e44c03725754f4447c1a1014b812581bdfbe

FOLLOWUP_IP: 
xenvbd+af66
fffff805`78fdaf66 4c8bf0          mov     r14,rax

FAULT_INSTR_CODE:  48f08b4c

SYMBOL_STACK_INDEX:  c

SYMBOL_NAME:  xenvbd+af66

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: xenvbd

IMAGE_NAME:  xenvbd.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5d13e4ba

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  af66

FAILURE_BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_xenvbd!unknown_function

BUCKET_ID:  0x139_1e_INVALID_NEXT_THREAD_xenvbd!unknown_function

PRIMARY_PROBLEM_CLASS:  0x139_1e_INVALID_NEXT_THREAD_xenvbd!unknown_function

TARGET_TIME:  2020-06-08T03:08:35.000Z

OSBUILD:  17763

OSSERVICEPACK:  1098

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  131088

PRODUCT_TYPE:  2

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 LanManNt TerminalServer

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2030-11-06 18:29:45

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  e084

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_1e_invalid_next_thread_xenvbd!unknown_function

FAILURE_ID_HASH:  {f9585617-5195-4a84-d8d4-61eba0e1b0df}

Followup:     MachineOwner
---------

  Paul

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.