New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BSOD: IRQL_NOT_LESS_OR_EQUAL near KiRetireDpcList #1046

Closed
omeg opened this Issue Jul 6, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@omeg
Member

omeg commented Jul 6, 2015

Happens seemingly randomly on VM shutdown or startup (release build). Call stack is useless, the root cause seems to be DPC queue corruption. Driver Verifier doesn't catch anything (enabled for all Xen drivers). Most likely cause is of course xeniface.

XENIFACE|IoctlEvtchnClose: > (LocalPort 18)
*** Fatal System Error: 0x0000000a
                    (0x0000000000000000,0x0000000000000002,0x0000000000000001,0xFFFFF800026DB15A)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
Connected to Windows 7 7601 x64 target at (Mon Jul  6 16:36:51.412 2015 (UTC + 2:00)), ptr64 TRUE

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.
BugCheck A, {0, 2, 1, fffff800026db15a}
Probably caused by : ntkrnlmp.exe ( nt!KiRetireDpcList+13a )
Followup: MachineOwner
---------

nt!DbgBreakPointWithStatus:
fffff800`026c76f0 cc              int     3
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800026db15a, address which referenced memory

Debugging Details:
------------------

WRITE_ADDRESS:  0000000000000000 
CURRENT_IRQL:  2
FAULTING_IP: 
nt!KiRetireDpcList+13a
fffff800`026db15a 488908          mov     qword ptr [rax],rcx
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  svchost.exe
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
DPC_STACK_BASE:  FFFFF80000BA0FB0
TRAP_FRAME:  0000000000000040 -- (.trap 0x40)
Unable to read trap frame at 00000000`00000040
EXCEPTION_RECORD:  fffff800029cdb4b -- (.exr 0xfffff800029cdb4b)
ExceptionAddress: 00018825048b4865
   ExceptionCode: 41f88b44
  ExceptionFlags: 0103ff81
NumberParameters: 1622806272
   Parameter[0]: 80cb8003eb7fe380
   Parameter[1]: 4507eec040f3b60f
   Parameter[2]: 4420247c894cff33
   Parameter[3]: d233c03345ceb60f
   Parameter[4]: ffd095ede8cf8b48
   Parameter[5]: 446c75000001013d
   Parameter[6]: 00000001b8c2200f
   Parameter[7]: 048b4865c0220f44
   Parameter[8]: 50888b0000018825
   Parameter[9]: 327501c1f6000004
   Parameter[10]: 38450675047f3944
   Parameter[11]: 44c2b60f2675447d
   Parameter[12]: 20247c894cc0220f
   Parameter[13]: 33c03345ceb60f44
   Parameter[14]: d0959ce8cf8b48d2

LAST_CONTROL_TRANSFER:  from fffff800027bfe42 to fffff800026c76f0

STACK_TEXT:  
fffff800`00ba04b8 fffff800`027bfe42 : 00000000`00000000 fffffa80`03265b50 00000000`00000065 fffff800`0270b238 : nt!DbgBreakPointWithStatus
fffff800`00ba04c0 fffff800`027c0c2e : 00000000`00000003 00000000`00000000 fffff800`0270ba90 00000000`0000000a : nt!KiBugCheckDebugBreak+0x12
fffff800`00ba0520 fffff800`026cf9c4 : fffff900`c03a0009 fffffa80`020b7a10 fffffa80`02149c70 fffff800`027492cb : nt!KeBugCheck2+0x71e
fffff800`00ba0bf0 fffff800`026cee69 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx+0x104
fffff800`00ba0c30 fffff800`026cdae0 : fffff800`00ba0e19 fffff880`010dfeee fffffa80`02149c70 fffff800`0284ee80 : nt!KiBugCheckDispatch+0x69
fffff800`00ba0d70 fffff800`026db15a : fffff800`000000db fffffa80`0000172c fffffa80`020b4500 00000000`0000002a : nt!KiPageFault+0x260
fffff800`00ba0f00 fffff800`026d2335 : 00000000`00000000 fffffa80`03265b50 00000000`00000000 fffff880`041620e4 : nt!KiRetireDpcList+0x13a
fffff800`00ba0fb0 fffff800`026d214c : 00000000`00000010 00000000`00000286 fffff880`0497f598 00000000`00000018 : nt!KyRetireDpcList+0x5
fffff880`0497f570 fffff800`0271a853 : fffff800`026cbe40 fffff800`026cbeac fffff800`02863800 fffff880`00000000 : nt!KiDispatchInterruptContinue
fffff880`0497f5a0 fffff800`026cbeac : fffff800`02863800 fffff880`00000000 fffff8a0`021e3c70 fffff880`0496e000 : nt!KiDpcInterruptBypass+0x13
fffff880`0497f5b0 fffff880`011ca010 : fffff800`029cdb4b 00000000`00000005 00000000`00000040 fffffa80`0251a540 : nt!KiInterruptDispatchNoLock+0x1fc
fffff880`0497f748 fffff800`029cdb4b : 00000000`00000005 00000000`00000040 fffffa80`0251a540 fffffa80`0251a5d8 : fltmgr!FltpCreate
fffff880`0497f750 fffff800`029c9b5e : fffffa80`0239e060 00000000`00000000 fffffa80`0306db10 fffff800`029bcd01 : nt!IopParseDevice+0x14e2
fffff880`0497f8b0 fffff800`029ca646 : 00000000`00000000 fffff880`0497fa30 00000000`00000040 fffffa80`012e1210 : nt!ObpLookupObjectName+0x784
fffff880`0497f9b0 fffff800`029cbf4c : fffff880`0497fa80 00000000`00000000 fffff8a0`020bb501 00000000`00000001 : nt!ObOpenObjectByName+0x306
fffff880`0497fa80 fffff800`029b7718 : 00000000`01f5d420 fffff8a0`00100001 00000000`01f5d478 00000000`01f5d468 : nt!IopCreateFile+0x2bc
fffff880`0497fb20 fffff800`026ceb53 : ffffffff`ffffffff 00000000`00000001 00000000`01f5d7a0 fffff800`00000004 : nt!NtOpenFile+0x58
fffff880`0497fbb0 00000000`7766deea : 000007fe`fd47520d 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01f5d398 000007fe`fd47520d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!ZwOpenFile+0xa
00000000`01f5d3a0 000007fe`fd4755dc : 00000000`00007fbc 00000000`00000013 00000000`00ab0000 00000000`01f5db00 : KERNELBASE!FindFirstFileExW+0x235
00000000`01f5d760 000007fe`fc6c2a6d : 00000000`00008000 00000000`00000000 00000000`01f5e7c0 00000000`01f5da88 : KERNELBASE!FindFirstFileW+0x1c
00000000`01f5d7a0 000007fe`fc6c1fe6 : 00000000`00278360 00000000`00000000 00000000`00000000 00000000`00000000 : SPINF!pSetupFileExists+0x45
00000000`01f5da30 000007fe`fc6c16c8 : 00000000`00000012 00000000`01f5e7c0 00000000`00000038 00000000`00000036 : SPINF!SpInfLoadInfFile+0xf1
00000000`01f5e6d0 000007fe`fc6c13a9 : 00000000`00000000 00000000`02f5a140 00000000`00000012 00000000`01f5ed38 : SPINF!LoadIndirectInfString+0x4cd
00000000`01f5ec20 000007fe`fd8ca0bd : 00000000`00000000 00000000`02f5a140 00000000`00000000 00000000`01f5ed88 : SPINF!SpInfGetIndirectString+0x5a
00000000`01f5ec60 000007fe`f9b70b27 : 00000000`00000000 00000000`00000000 00000000`01f5ed88 00000000`00000012 : SETUPAPI!pSetupLoadIndirectString+0x131
00000000`01f5ecd0 000007fe`f9b7137b : 00000000`02f52228 00000000`00000000 00000000`00000000 00000000`02e3e570 : netcfgx!HrSetupLoadIndirectStringWithAlloc+0xbf
00000000`01f5ed30 000007fe`f9b64ab4 : 00000000`00000000 00000000`02f54250 00000000`02f521f0 00000000`00000000 : netcfgx!CExternalComponentData::HrEnsureExternalDataLoaded+0x17f
00000000`01f5edd0 000007fe`f9b6b382 : 00000000`02e3e6f8 00000000`01f5ef88 00000000`02f5a0b0 00000000`00001000 : netcfgx!CNetConfig::HrEnsureExternalDataLoadedForAllComponents+0x3c
00000000`01f5ee10 000007fe`f9b6d6ed : 00000000`02e3e600 00000000`0000ffff 000007fe`f9ecc100 00000000`01f5f300 : netcfgx!CRegistryBindingsContext::HrPrepare+0x86
00000000`01f5ee40 000007fe`f9b59334 : 00000000`02f51340 00000000`02f5a0b0 00000000`02f50000 000007fe`f9ecc101 : netcfgx!CModifyContext::HrPrepare+0x25
00000000`01f5ee70 000007fe`f9b71d18 : 00000000`00000002 000007fe`f9b7c37c 00000000`02f59aa0 00000100`00000000 : netcfgx!CImplINetCfg::HrIsValidInterface+0x90
00000000`01f5eea0 000007fe`f9b71d83 : 00000000`00000002 000007fe`f9b54f1a 00000000`00000000 00000000`00000000 : netcfgx!CImplINetCfgComponent::HrIsValidInterface+0x18
00000000`01f5eed0 000007fe`f9b72810 : 00000000`00000000 00000000`0209e300 00000000`02f5a0b0 00000000`02f52610 : netcfgx!CImplINetCfgComponent::HrLockAndTestForValidInterface+0x37
00000000`01f5ef00 000007fe`f9f34d5a : 00000000`00000000 00000000`0209e300 00000000`0209e300 00000000`00000000 : netcfgx!CImplINetCfgComponent::HrBindToOrUnbindFrom+0x38
00000000`01f5ef70 000007fe`f9efe5d7 : 00000000`00000000 00000000`0209e30c 00000000`0209f500 00000000`02f5a0b8 : iphlpsvc!UpdateInterfaceBindingState+0x15a
00000000`01f5efe0 000007fe`f9f03d57 : 00830000`04000000 00000000`0209d8f0 00000000`0209f510 000007fe`f9ed09b0 : iphlpsvc!BindOrUnbindInterface+0x5b
00000000`01f5f0c0 000007fe`f9f05a01 : 000007fe`f9ed1bb0 00000000`6332fea9 000007fe`f9ed1bb0 00000000`0209f510 : iphlpsvc!DisableIsatapInterface+0x127
00000000`01f5f540 000007fe`f9ef50de : 000007fe`f9f3ff90 000007fe`f9f3ff90 000007fe`f9ecb5d8 00000000`01f5f5d8 : iphlpsvc!IsatapAddressDeletion+0x145
00000000`01f5f590 000007fe`f9ef5171 : 00000000`0209f510 000007fe`faec1286 000007fe`f9ecb660 00000000`000000a9 : iphlpsvc!NotifyAddressDeletion+0x32
00000000`01f5f5c0 000007fe`f9ef5535 : 00000000`01bb1ec0 00000000`00000590 000007fe`f9ecb890 000007fe`f9ed6fe0 : iphlpsvc!DeleteAddress+0x69
00000000`01f5f610 000007fe`f9f05fca : 00000000`00000000 000007fe`f9ed1bb0 000007fe`f9ed1bd0 00000000`00000000 : iphlpsvc!OnIpv4AddressChange+0x1c5
00000000`01f5f6d0 000007fe`fb481573 : 00000000`01b30a10 00000000`01b7dbc0 00000000`01b2b640 00000000`00000878 : iphlpsvc!IsatapConfigurationChangeNotification+0x20a
00000000`01f5f720 00000000`7762bed1 : 00000000`01b2b640 000007ff`fff96000 00000000`00000000 00000000`7764ab6d : WINNSI!NsiWorkerThread+0x73
00000000`01f5f790 00000000`7763604c : 00000000`01b7db10 00000000`01b30a10 00000000`01f5f948 00000000`00000000 : ntdll!RtlpTpWaitCallback+0x92
00000000`01f5f7e0 00000000`77636672 : 00000000`002696c0 00000000`777205e8 00000000`00000000 00000000`77720610 : ntdll!TppWaitpExecuteCallback+0x10c
00000000`01f5f840 00000000`774159cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x6c9
00000000`01f5fb40 00000000`7764b981 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`01f5fb70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


STACK_COMMAND:  kb
FOLLOWUP_IP: 
nt!KiRetireDpcList+13a
fffff800`026db15a 488908          mov     qword ptr [rax],rcx
SYMBOL_STACK_INDEX:  6
SYMBOL_NAME:  nt!KiRetireDpcList+13a
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: nt
IMAGE_NAME:  ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP:  556356e8
IMAGE_VERSION:  6.1.7601.18869
FAILURE_BUCKET_ID:  X64_0xA_nt!KiRetireDpcList+13a
BUCKET_ID:  X64_0xA_nt!KiRetireDpcList+13a
ANALYSIS_SOURCE:  KM
FAILURE_ID_HASH_STRING:  km:x64_0xa_nt!kiretiredpclist+13a
FAILURE_ID_HASH:  {e3af9bca-3acc-6546-d3a1-65146b8692f2}
Followup: MachineOwner

@omeg omeg self-assigned this Jul 6, 2015

@omeg

This comment has been minimized.

Show comment
Hide comment

@omeg omeg closed this Jul 9, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment