Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

datapath-windows: BSOD when handling flows #91

Closed
svinturis opened this issue Jul 1, 2015 · 1 comment
Closed

datapath-windows: BSOD when handling flows #91

svinturis opened this issue Jul 1, 2015 · 1 comment
Assignees
@svinturis
Labels
bug

Comments

@svinturis
Copy link

The only error that could happen when calling OvsPrepareFlow() is when new flow allocation fails, status = STATUS_NO_MEMORY(0xC0000017L). In this case freeing something that was not allocated generates a BSOD.

Stacktrace:

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000010, caller is freeing a bad pool address
Arg2: 0000000000000000, bad pool address
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

DBGHELP: c:\windows\symbols\NDIS.SYS\5215F825118000\NDIS.SYS - OK
DBGHELP: c:\windows\symbols\NDIS.SYS\5215F825118000\NDIS.SYS - OK
SYMSRV:  Get File Path: /download/symbols/OVSExt.sys/559413EC3c000/OVSExt.sys

SYMSRV:  Get File Path: /download/symbols/OVSExt.sys/559413EC3c000/OVSExt.sys

SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  Get File Path: /download/symbols/OVSExt.sys/559413EC3c000/file.ptr

SYMSRV:  Get File Path: /download/symbols/OVSExt.sys/559413EC3c000/file.ptr

SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Notifies the client application that a proxy has been detected.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Closing the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
SYMSRV:  c:\windows\symbols\OVSExt.sys\559413EC3c000\OVSExt.sys not found
SYMSRV:  c:\windows\symbols\OVSExt.sys\559413EC3c000\OVSExt.sys not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/OVSExt.sys/559413EC3c000/OVSExt.sys not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/OVSExt.sys/559413EC3c000/OVSExt.sys not found
DBGHELP: C:\1.data\Cloudbase\Work\Git\ovs\datapath-windows\ovsext\x64\Win8.1Debug\OVSExt.sys - OK
DBGHELP: C:\1.data\Cloudbase\Work\Git\ovs\datapath-windows\ovsext\x64\Win8.1Debug\OVSExt.sys - OK
DBGHELP: c:\windows\symbols\ntkrnlmp.exe\5215D156783000\ntkrnlmp.exe - OK
DBGHELP: c:\windows\symbols\ntkrnlmp.exe\5215D156783000\ntkrnlmp.exe - OK

"KERNEL32.DLL" was not found in the image list.
Debugger will attempt to load "KERNEL32.DLL" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
DBGENG:  KERNEL32.DLL - Partial symbol image load missing image info
DBGHELP: No header for KERNEL32.DLL.  Searching for dbg file
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\KERNEL32.dbg - file not found
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\DLL\KERNEL32.dbg - path not found
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\symbols\DLL\KERNEL32.dbg - path not found
DBGHELP: .\KERNEL32.dbg - file not found
DBGHELP: .\DLL\KERNEL32.dbg - path not found
DBGHELP: .\symbols\DLL\KERNEL32.dbg - path not found
DBGHELP: KERNEL32.DLL missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for KERNEL32.pdb - no header information available
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\KERNEL32.pdb - file not found
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\DLL\KERNEL32.pdb - file not found
DBGHELP: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\x64\win8.1debug\symbols\DLL\KERNEL32.pdb - file not found
DBGHELP: KERNEL32.pdb - file not found

DBGHELP: KERNEL32_0 - no symbols loaded
Unable to add module at 00000000`00000000

BUGCHECK_STR:  0xc4_10

POOL_ADDRESS:  0000000000000000 

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  ovs-vswitchd.e

CURRENT_IRQL:  2

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

LAST_CONTROL_TRANSFER:  from fffff800d38647c6 to fffff800d37e1c90

STACK_TEXT:  
ffffd000`266dca48 fffff800`d38647c6 : 00000000`00000000 00000000`00000000 ffffd000`266dcbb0 fffff800`d3789654 : nt!DbgBreakPointWithStatus
ffffd000`266dca50 fffff800`d38640d7 : 00000000`00000003 00000000`00000010 fffff800`d37e9070 00000000`000000c4 : nt!KiBugCheckDebugBreak+0x12
ffffd000`266dcab0 fffff800`d37db1a4 : 00000000`00000000 fffff800`00306a17 00000000`00000280 00000000`000000c0 : nt!KeBugCheck2+0x8ab
ffffd000`266dd1c0 fffff800`d3d10cc4 : 00000000`000000c4 00000000`00000010 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx+0x104
ffffd000`266dd200 fffff800`d3cf011d : 00000000`00000000 ffffd000`266dd4c8 ffffe000`02bed970 ffffe000`02bed970 : nt!ExFreePoolSanityChecks+0x38
ffffd000`266dd240 fffff800`0253ffd3 : ffffcf80`0372aea0 fffff800`0252b301 00000000`00000000 ffffd000`266dd4c8 : nt!VerifierExFreePoolWithTag+0x39
ffffd000`266dd270 fffff800`02528bc8 : 00000000`00000000 fffff800`4c53564f 00000001`c0000017 00000000`00000000 : OVSExt!OvsFreeMemoryWithTag+0x73 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\util.c @ 40]
ffffd000`266dd2b0 fffff800`02528ddb : 00000000`00000000 ffffd000`266dd4c8 00000000`889adecf 00000000`00000000 : OVSExt!FreeFlow+0x68 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 1979]
ffffd000`266dd2f0 fffff800`0252b6da : ffffd000`266dd4c8 ffffcf80`038beee8 ffffd000`266dd4b0 00000000`00000000 : OVSExt!HandleFlowPut+0x15b [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 2167]
ffffd000`266dd3a0 fffff800`0252a9a0 : ffffd000`266dd4c8 ffffcf80`00000090 ffffd000`266dd4b0 00000000`00000000 : OVSExt!OvsPutFlowIoctl+0x11a [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 2131]
ffffd000`266dd400 fffff800`02534886 : ffffd000`266dd770 ffffd000`266dd6d8 ffffcb53`00000000 fffff800`00000010 : OVSExt!OvsFlowNlCmdHandler+0x2d0 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 319]
ffffd000`266dd5e0 fffff800`02555aff : ffffd000`266dd770 fffff800`025512a0 ffffd000`266dd6d8 ffffcf80`0398eef0 : OVSExt!InvokeNetlinkCmdHandler+0x106 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 1003]
ffffd000`266dd660 fffff800`00764c18 : ffffe000`02bed970 ffffcf80`0372aea0 ffffe000`02bed970 ffffe000`00f9ed60 : OVSExt!OvsDeviceControl+0x98f [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 912]
ffffd000`266dd7f0 fffff800`d3cee911 : ffffcf80`0372aea0 00000000`00000002 ffffcf80`0372afb8 ffffd000`266ddb80 : NDIS!ndisDummyIrpHandler+0x88
ffffd000`266dd820 fffff800`d3a55395 : ffffcf80`0372aea0 ffffd000`266ddb80 00000000`00000001 ffffe000`00f9ed60 : nt!IovCallDriver+0x3cd
ffffd000`266dd870 fffff800`d3a55d2a : ffffd000`266dda38 00000000`00b0fdb0 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x845
ffffd000`266dda20 fffff800`d37e68b3 : ffffe000`03980080 ffffe000`001f0003 00000000`00b0e548 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`266dda90 00000000`770f2772 : 00000000`770f2371 00000023`7713b66c 00000000`00000023 00000000`000000ff : nt!KiSystemServiceCopyEnd+0x13
00000000`00b0ee48 00000000`770f2371 : 00000023`7713b66c 00000000`00000023 00000000`000000ff 00000000`00effcb4 : wow64cpu!CpupSyscallStub+0x2
00000000`00b0ee50 00000000`770b323a : 00000000`00000000 00000000`770f1503 00000000`00000000 00000000`770b3420 : wow64cpu!DeviceIoctlFileFault+0x31
00000000`00b0ef00 00000000`770b317e : 00000000`00000000 00000000`00000000 00000000`00b0fd30 00000000`00b0f550 : wow64!RunCpuSimulation+0xa
00000000`00b0ef50 00007ffb`81956bd0 : 00000000`00000000 00000000`00000000 00000000`7ead7000 00000000`00000000 : wow64!Wow64LdrpInitialize+0x172
00000000`00b0f490 00007ffb`81956aa6 : 00000000`00b0f550 00000000`00000000 00000000`00000000 00000000`7ead7000 : ntdll!_LdrpInitialize+0xd8
00000000`00b0f500 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe


STACK_COMMAND:  kb

FOLLOWUP_IP: 
OVSExt!OvsFreeMemoryWithTag+73 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\util.c @ 40]
fffff800`0253ffd3 4883c438        add     rsp,38h

FAULTING_SOURCE_LINE:  c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\util.c

FAULTING_SOURCE_FILE:  c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\util.c

FAULTING_SOURCE_LINE_NUMBER:  40

FAULTING_SOURCE_CODE:  
    36: OvsFreeMemoryWithTag(VOID *ptr, ULONG tag)
    37: {
    38:     ASSERT(ptr);
    39:     NdisFreeMemoryWithTagPriority(gOvsExtDriverHandle, ptr, tag);
>   40: }
    41: 
    42: VOID *
    43: OvsAllocateMemory(size_t size)
    44: {
    45:     OVS_VERIFY_IRQL_LE(DISPATCH_LEVEL);


SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  OVSExt!OvsFreeMemoryWithTag+73

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: OVSExt

IMAGE_NAME:  OVSExt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  559413ec

BUCKET_ID_FUNC_OFFSET:  73

FAILURE_BUCKET_ID:  0xc4_10_VRF_OVSExt!OvsFreeMemoryWithTag

BUCKET_ID:  0xc4_10_VRF_OVSExt!OvsFreeMemoryWithTag

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc4_10_vrf_ovsext!ovsfreememorywithtag

FAILURE_ID_HASH:  {eb6f2ba2-eed1-8cb4-06bd-346290bbe79e}

Followup: MachineOwner
---------

2: kd> .frame 7
07 ffffd000`266dd2b0 fffff800`02528ddb OVSExt!FreeFlow+0x68 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 1979]
2: kd> ?? flow
struct _OvsFlow * 0x00000000`00000000
2: kd> .frame 8
08 ffffd000`266dd2f0 fffff800`0252b6da OVSExt!HandleFlowPut+0x15b [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\flow.c @ 2167]
2: kd> ?? KernelFlow
struct _OvsFlow * 0x00000000`00000000
2: kd> ?? status
long 0xc0000017
@svinturis svinturis self-assigned this Jul 1, 2015
@svinturis svinturis added the bug label Jul 1, 2015
blp pushed a commit to openvswitch/ovs that referenced this issue Jul 1, 2015
@svinturis @blp
datapath-windows: Solved BSOD when handling flows
d30fa82 
OvsPrepareFlow() returns an error only when the new flow allocation
fails. In this case HandleFlowPut() should return error without trying
to free the flow, thus avoiding the BSOD.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: openvswitch/ovs-issues#91
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
blp pushed a commit to openvswitch/ovs that referenced this issue Jul 1, 2015
@svinturis @blp
datapath-windows: Solved BSOD when handling flows
cddc232 
OvsPrepareFlow() returns an error only when the new flow allocation
fails. In this case HandleFlowPut() should return error without trying
to free the flow, thus avoiding the BSOD.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: openvswitch/ovs-issues#91
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
@svinturis
Copy link
Author

Fixed. Closing issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@svinturis svinturis

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@svinturis