Bug 1038902

Summary: Win2008 BSOD on OS booting(0x7e and 0xc5)
Product: Red Hat Enterprise Linux 7 Reporter: Xiaoqing Wei <xwei>
Component: qemu-kvmAssignee: Yvugenfi <yvugenfi>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.0CC: acathrow, coli, hhuang, juzhang, kraxel, michen, rhod, shuang, virt-maint, yvugenfi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 13:16:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1069309    
Attachments:
Description Flags
bsod dumps none

Description Xiaoqing Wei 2013-12-06 05:36:23 UTC 
Created attachment 833428 [details]
bsod dumps

Description of problem:

Win2008 BSOD on OS installing(0x7e and 0xc5) possible caused by usbhub.sys

Version-Release number of selected component (if applicable):
qemu-kvm-1.5.3-21.el7.x86_64
3.10.0-57.el7.x86_64
virtio-win-prewhql-0.1-74.iso
How reproducible:
1/5

Steps to Reproduce:

1./root/staf-kvm-devel/autotest/client/tests/virt/qemu/qemu \
    -S  \
    -name 'virt-tests-vm1'  \
    -sandbox off  \
    -M pc  \
    -nodefaults  \
    -vga std  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20131206-105158-1PxDFhbg,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20131206-105158-1PxDFhbg,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=seabioslog_id_20131206-105158-1PxDFhbg,path=/tmp/seabios-20131206-105158-1PxDFhbg,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20131206-105158-1PxDFhbg,iobase=0x402 \
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=03 \
    -drive id=drive_image1,if=none,cache=none,snapshot=off,aio=native,file=/root/staf-kvm-devel/autotest/client/tests/virt/shared/data/images/win2008-64-virtio.qcow2 \
    -device ide-hd,id=image1,drive=drive_image1,bus=ide.0,unit=0 \
    -device virtio-net-pci,mac=9a:72:73:74:75:76,id=idsFUtUM,netdev=ideWFzsJ,bus=pci.0,addr=04  \
    -netdev tap,id=ideWFzsJ,vhost=on,vhostfd=23,fd=22  \
    -m 2048  \
    -smp 2,maxcpus=2,cores=1,threads=1,sockets=2  \
    -cpu 'Opteron_G5',hv_relaxed \
    -drive id=drive_cd1,if=none,snapshot=off,aio=native,media=cdrom,file=/root/staf-kvm-devel/autotest/client/tests/virt/shared/data/isos/ISO/Win2008/64/en_windows_server_2008_datacenter_enterprise_standard_sp2_x64_dvd_342336.iso \
    -device ide-cd,id=cd1,drive=drive_cd1,bus=ide.0,unit=1 \
    -drive id=drive_winutils,if=none,snapshot=off,aio=native,media=cdrom,file=/root/staf-kvm-devel/autotest/client/tests/virt/shared/data/isos/windows/winutils.iso \
    -device ide-cd,id=winutils,drive=drive_winutils,bus=ide.1,unit=0 \
    -drive id=drive_virtio,if=none,snapshot=off,aio=native,media=cdrom,file=/root/staf-kvm-devel/autotest/client/tests/virt/shared/data/isos/windows/virtio-win.latest_prewhql.iso \
    -device ide-cd,id=virtio,drive=drive_virtio,bus=ide.1,unit=1 \
    -drive id=drive_fl,if=none,cache=none,snapshot=off,readonly=off,aio=native,file=/root/staf-kvm-devel/autotest/client/tests/virt/shared/data/images/win2008-sp2-64/answer.vfd \
    -global isa-fdc.driveA=drive_fl \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -vnc :0  \
    -rtc base=localtime,clock=host,driftfix=slew  \
    -boot order=cdn,once=d,menu=off \
    -enable-kvm

2.
3.

Actual results:

guest bsod
Expected results:
guest install fine, not error occur.

Additional info:


Loading Dump File [E:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 6002.18005.amd64fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0xfffff800`0160a000 PsLoadedModuleList = 0xfffff800`017cedd0
Debug session time: Fri Dec  6 11:48:31.859 2013 (GMT-8)
System Uptime: 0 days 0:00:07.265
Loading Kernel Symbols
...............................................................
....................
Loading User Symbols

Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {ffffffffc0000005, 0, fffffa60019083a8, fffffa6001907d80}

Probably caused by : usbhub.sys ( usbhub!UsbhSyncSendCommandToDevice+113 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: fffffa60019083a8, Exception Record Address
Arg4: fffffa6001907d80, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
+0
00000000`00000000 ??              ???

EXCEPTION_RECORD:  fffffa60019083a8 -- (.exr 0xfffffa60019083a8)
ExceptionAddress: 0000000000000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000

CONTEXT:  fffffa6001907d80 -- (.cxr 0xfffffa6001907d80)
rax=0000000000000000 rbx=fffffa8000000000 rcx=fffffa8002023011
rdx=0000000000000002 rsi=0000000000000002 rdi=fffffa8001fc24b8
rip=0000000000000000 rsp=fffffa60019085e0 rbp=fffffa6001908818
 r8=fffffa8001869c10  r9=0000000000000000 r10=fffffa8001862630
r11=fffffa60019084e0 r12=0000000000000000 r13=0000000000000003
r14=0000000000000000 r15=fffffa800202ce08
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
00000000`00000000 ??              ???
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000008

EXCEPTION_PARAMETER2:  0000000000000000

WRITE_ADDRESS:  0000000000000000 

FOLLOWUP_IP: 
usbhub!UsbhSyncSendCommandToDevice+113
fffffa60`02342dd7 4885c0          test    rax,rax

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000`00000000 ??              ???

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from 0000000101f02004 to 0000000000000000

STACK_TEXT:  
fffffa60`019085e0 00000001`01f02004 : fffffa80`01fc2430 00000000`00000003 00000000`322b5644 fffffa80`0203c1b0 : 0x0
fffffa60`019085e8 fffffa80`01fc2430 : 00000000`00000003 00000000`322b5644 fffffa80`0203c1b0 fffffa80`02041060 : 0x1`01f02004
fffffa60`019085f0 00000000`00000003 : 00000000`322b5644 fffffa80`0203c1b0 fffffa80`02041060 fffffa80`0202cc60 : 0xfffffa80`01fc2430
fffffa60`019085f8 00000000`322b5644 : fffffa80`0203c1b0 fffffa80`02041060 fffffa80`0202cc60 fffffa80`01f02050 : 0x3
fffffa60`01908600 fffffa80`0203c1b0 : fffffa80`02041060 fffffa80`0202cc60 fffffa80`01f02050 fffffa80`0203c060 : 0x322b5644
fffffa60`01908608 fffffa80`02041060 : fffffa80`0202cc60 fffffa80`01f02050 fffffa80`0203c060 fffffa60`01908790 : 0xfffffa80`0203c1b0
fffffa60`01908610 fffffa80`0202cc60 : fffffa80`01f02050 fffffa80`0203c060 fffffa60`01908790 fffffa80`01f02050 : 0xfffffa80`02041060
fffffa60`01908618 fffffa80`01f02050 : fffffa80`0203c060 fffffa60`01908790 fffffa80`01f02050 fffffa80`02041060 : 0xfffffa80`0202cc60
fffffa60`01908620 fffffa80`0203c060 : fffffa60`01908790 fffffa80`01f02050 fffffa80`02041060 fffffa80`01f021a0 : 0xfffffa80`01f02050
fffffa60`01908628 fffffa60`01908790 : fffffa80`01f02050 fffffa80`02041060 fffffa80`01f021a0 fffffa60`02342dd7 : 0xfffffa80`0203c060
fffffa60`01908630 fffffa80`01f02050 : fffffa80`02041060 fffffa80`01f021a0 fffffa60`02342dd7 fffffa80`01fc2430 : 0xfffffa60`01908790
fffffa60`01908638 fffffa80`02041060 : fffffa80`01f021a0 fffffa60`02342dd7 fffffa80`01fc2430 fffffa80`01efc050 : 0xfffffa80`01f02050
fffffa60`01908640 fffffa80`01f021a0 : fffffa60`02342dd7 fffffa80`01fc2430 fffffa80`01efc050 00000000`00000000 : 0xfffffa80`02041060
fffffa60`01908648 fffffa60`02342dd7 : fffffa80`01fc2430 fffffa80`01efc050 00000000`00000000 00000000`000007ff : 0xfffffa80`01f021a0
fffffa60`01908650 fffffa60`02343011 : 00000000`00000000 fffffa60`01908818 fffffa80`01f02050 fffffa80`02044200 : usbhub!UsbhSyncSendCommandToDevice+0x113
fffffa60`01908710 fffffa60`0233f5a1 : fffffa80`02044200 fffffa80`0203c990 fffffa80`0203c060 fffffa80`020442ff : usbhub!UsbhGetStringFromDevice+0xe9
fffffa60`01908770 fffffa60`02326185 : fffffa80`0203c1b0 fffffa80`0203c060 fffffa80`0203c060 00000000`c00000ff : usbhub!UsbhGetLanguageIdString+0xc9
fffffa60`01908800 fffffa60`0233caef : 00000000`00000000 00000000`00000001 fffffa80`01f02000 00000001`00000000 : usbhub!UsbhSetupDevice+0x345
fffffa60`019088b0 fffffa60`0233b196 : fffffa60`01908a60 00000000`72324e45 fffffa80`02021368 00000000`00000032 : usbhub!UsbhReset2Complete+0x317
fffffa60`019089e0 fffffa60`02321d07 : fffffa80`02021000 fffffa80`01fb6430 fffffa80`01f02050 fffffa80`01f021a0 : usbhub!UsbhEnumerate2+0x276
fffffa60`01908a30 fffffa60`02322289 : fffffa80`02021000 fffffa80`02021018 fffffa80`01fb6430 fffffa80`02021018 : usbhub!UsbhHubDispatchPortEvent+0x5df
fffffa60`01908ab0 fffffa60`0231e80d : 00000000`00000000 00000000`00000004 fffffa80`00000103 fffffa80`01f02050 : usbhub!UsbhHubRunPortChangeQueue+0x34d
fffffa60`01908b80 fffffa60`0231b883 : 00000000`00000001 00000000`50447100 fffffa80`02021000 fffffa80`01f02050 : usbhub!Usbh_PCE_wRun_Action+0x1fd
fffffa60`01908bd0 fffffa60`023203f1 : fffffa80`02021000 fffff800`0179b8f8 fffffa80`02021018 fffffa80`01f02050 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0xbf
fffffa60`01908c10 fffffa60`023224c4 : 00000000`00000001 fffffa80`01f02050 fffffa80`00000000 fffffa80`02021000 : usbhub!UsbhPCE_wRun+0x81
fffffa60`01908c60 fffff800`018c4473 : fffffa80`01f02050 ffffffff`dc3a57a7 fffff800`0179b8f8 fffffa80`01892720 : usbhub!UsbhHubProcessChangeWorker+0x13c
fffffa60`01908cc0 fffff800`0166b8c3 : fffff800`018c444c fffffa80`01892701 fffff800`0179b800 00000000`00000000 : nt!IopProcessWorkItem+0x27
fffffa60`01908cf0 fffff800`0186ef37 : fffffa80`01f3a3d0 00000000`00520068 fffffa80`01892720 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`01908d50 fffff800`016a1616 : fffffa60`005f2180 fffffa80`01892720 fffffa60`005fbd40 fffffa80`01892138 : nt!PspSystemThreadStartup+0x57
fffffa60`01908d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  e

SYMBOL_NAME:  usbhub!UsbhSyncSendCommandToDevice+113

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME:  usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e02d28

STACK_COMMAND:  .cxr 0xfffffa6001907d80 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_NULL_IP_usbhub!UsbhSyncSendCommandToDevice+113

BUCKET_ID:  X64_0x7E_NULL_IP_usbhub!UsbhSyncSendCommandToDevice+113

Followup: MachineOwner
---------

1: kd> .exr 0xfffffa60019083a8
ExceptionAddress: 0000000000000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: 0000000000000000
Attempt to execute non-executable address 0000000000000000
1: kd> .cxr 0xfffffa6001907d80
rax=0000000000000000 rbx=fffffa8000000000 rcx=fffffa8002023011
rdx=0000000000000002 rsi=0000000000000002 rdi=fffffa8001fc24b8
rip=0000000000000000 rsp=fffffa60019085e0 rbp=fffffa6001908818
 r8=fffffa8001869c10  r9=0000000000000000 r10=fffffa8001862630
r11=fffffa60019084e0 r12=0000000000000000 r13=0000000000000003
r14=0000000000000000 r15=fffffa800202ce08
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
00000000`00000000 ??              ???
1: kd> lmvm usbhub
start             end                 module name
fffffa60`02311000 fffffa60`02359000   usbhub     (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x64)\sym\usbhub.pdb\BF8005633F9646A397498252605BF79A1\usbhub.pdb
    Loaded symbol image file: usbhub.sys
    Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
    Image name: usbhub.sys
    Timestamp:        Fri Apr 10 22:39:52 2009 (49E02D28)
    CheckSum:         0004C820
    ImageSize:        00048000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
























Loading Dump File [E:\Windows\Minidump\Mini120613-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 6002.18005.amd64fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0xfffff800`0160a000 PsLoadedModuleList = 0xfffff800`017cedd0
Debug session time: Fri Dec  6 11:48:31.859 2013 (GMT-8)
System Uptime: 0 days 0:00:07.265
Loading Kernel Symbols
...............................................................
....................
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, 0, fffffa60019083a8, fffffa6001907d80}

Probably caused by : usbhub.sys ( usbhub!UsbhSyncSendCommandToDevice+113 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: fffffa60019083a8, Exception Record Address
Arg4: fffffa6001907d80, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
+0
00000000`00000000 ??              ???

EXCEPTION_RECORD:  fffffa60019083a8 -- (.exr 0xfffffa60019083a8)
Cannot read Exception record @ fffffa60019083a8

CONTEXT:  fffffa6001907d80 -- (.cxr 0xfffffa6001907d80)
Unable to read context, Win32 error 0n30

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x7E

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000101f02004 to 0000000000000000

STACK_TEXT:  
fffffa60`019085e0 00000001`01f02004 : fffffa80`01fc2430 00000000`00000003 00000000`322b5644 fffffa80`0203c1b0 : 0x0
fffffa60`019085e8 fffffa80`01fc2430 : 00000000`00000003 00000000`322b5644 fffffa80`0203c1b0 fffffa80`02041060 : 0x1`01f02004
fffffa60`019085f0 00000000`00000003 : 00000000`322b5644 fffffa80`0203c1b0 fffffa80`02041060 fffffa80`0202cc60 : 0xfffffa80`01fc2430
fffffa60`019085f8 00000000`322b5644 : fffffa80`0203c1b0 fffffa80`02041060 fffffa80`0202cc60 fffffa80`01f02050 : 0x3
fffffa60`01908600 fffffa80`0203c1b0 : fffffa80`02041060 fffffa80`0202cc60 fffffa80`01f02050 fffffa80`0203c060 : 0x322b5644
fffffa60`01908608 fffffa80`02041060 : fffffa80`0202cc60 fffffa80`01f02050 fffffa80`0203c060 fffffa60`01908790 : 0xfffffa80`0203c1b0
fffffa60`01908610 fffffa80`0202cc60 : fffffa80`01f02050 fffffa80`0203c060 fffffa60`01908790 fffffa80`01f02050 : 0xfffffa80`02041060
fffffa60`01908618 fffffa80`01f02050 : fffffa80`0203c060 fffffa60`01908790 fffffa80`01f02050 fffffa80`02041060 : 0xfffffa80`0202cc60
fffffa60`01908620 fffffa80`0203c060 : fffffa60`01908790 fffffa80`01f02050 fffffa80`02041060 fffffa80`01f021a0 : 0xfffffa80`01f02050
fffffa60`01908628 fffffa60`01908790 : fffffa80`01f02050 fffffa80`02041060 fffffa80`01f021a0 fffffa60`02342dd7 : 0xfffffa80`0203c060
fffffa60`01908630 fffffa80`01f02050 : fffffa80`02041060 fffffa80`01f021a0 fffffa60`02342dd7 fffffa80`01fc2430 : 0xfffffa60`01908790
fffffa60`01908638 fffffa80`02041060 : fffffa80`01f021a0 fffffa60`02342dd7 fffffa80`01fc2430 fffffa80`01efc050 : 0xfffffa80`01f02050
fffffa60`01908640 fffffa80`01f021a0 : fffffa60`02342dd7 fffffa80`01fc2430 fffffa80`01efc050 00000000`00000000 : 0xfffffa80`02041060
fffffa60`01908648 fffffa60`02342dd7 : fffffa80`01fc2430 fffffa80`01efc050 00000000`00000000 00000000`000007ff : 0xfffffa80`01f021a0
fffffa60`01908650 fffffa60`02343011 : 00000000`00000000 fffffa60`01908818 fffffa80`01f02050 fffffa80`02044200 : usbhub!UsbhSyncSendCommandToDevice+0x113
fffffa60`01908710 fffffa60`0233f5a1 : fffffa80`02044200 fffffa80`0203c990 fffffa80`0203c060 fffffa80`020442ff : usbhub!UsbhGetStringFromDevice+0xe9
fffffa60`01908770 fffffa60`02326185 : fffffa80`0203c1b0 fffffa80`0203c060 fffffa80`0203c060 00000000`c00000ff : usbhub!UsbhGetLanguageIdString+0xc9
fffffa60`01908800 fffffa60`0233caef : 00000000`00000000 00000000`00000001 fffffa80`01f02000 00000001`00000000 : usbhub!UsbhSetupDevice+0x345
fffffa60`019088b0 fffffa60`0233b196 : fffffa60`01908a60 00000000`72324e45 fffffa80`02021368 00000000`00000032 : usbhub!UsbhReset2Complete+0x317
fffffa60`019089e0 fffffa60`02321d07 : fffffa80`02021000 fffffa80`01fb6430 fffffa80`01f02050 fffffa80`01f021a0 : usbhub!UsbhEnumerate2+0x276
fffffa60`01908a30 fffffa60`02322289 : fffffa80`02021000 fffffa80`02021018 fffffa80`01fb6430 fffffa80`02021018 : usbhub!UsbhHubDispatchPortEvent+0x5df
fffffa60`01908ab0 fffffa60`0231e80d : 00000000`00000000 00000000`00000004 fffffa80`00000103 fffffa80`01f02050 : usbhub!UsbhHubRunPortChangeQueue+0x34d
fffffa60`01908b80 fffffa60`0231b883 : 00000000`00000001 00000000`50447100 fffffa80`02021000 fffffa80`01f02050 : usbhub!Usbh_PCE_wRun_Action+0x1fd
fffffa60`01908bd0 fffffa60`023203f1 : fffffa80`02021000 fffff800`0179b8f8 fffffa80`02021018 fffffa80`01f02050 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0xbf
fffffa60`01908c10 fffffa60`023224c4 : 00000000`00000001 fffffa80`01f02050 fffffa80`00000000 fffffa80`02021000 : usbhub!UsbhPCE_wRun+0x81
fffffa60`01908c60 fffff800`018c4473 : fffffa80`01f02050 ffffffff`dc3a57a7 fffff800`0179b8f8 fffffa80`01892720 : usbhub!UsbhHubProcessChangeWorker+0x13c
fffffa60`01908cc0 fffff800`0166b8c3 : fffff800`018c444c fffffa80`01892701 fffff800`0179b800 00000000`00000000 : nt!IopProcessWorkItem+0x27
fffffa60`01908cf0 fffff800`0186ef37 : fffffa80`01f3a3d0 00000000`00520068 fffffa80`01892720 00000000`00000080 : nt!ExpWorkerThread+0xfb
fffffa60`01908d50 fffff800`016a1616 : fffffa60`005f2180 fffffa80`01892720 fffffa60`005fbd40 fffffa80`01892138 : nt!PspSystemThreadStartup+0x57
fffffa60`01908d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


FOLLOWUP_IP: 
usbhub!UsbhSyncSendCommandToDevice+113
fffffa60`02342dd7 4885c0          test    rax,rax

SYMBOL_STACK_INDEX:  e

SYMBOL_NAME:  usbhub!UsbhSyncSendCommandToDevice+113

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME:  usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49e02d28

STACK_COMMAND:  .cxr 0xfffffa6001907d80 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_usbhub!UsbhSyncSendCommandToDevice+113

BUCKET_ID:  X64_0x7E_usbhub!UsbhSyncSendCommandToDevice+113

Followup: MachineOwner
---------
Comment 2 Xiaoqing Wei 2014-01-16 08:21:54 UTC 
Reproduced, the root caused is 'hv_vapic', this flag will bsod the vm on my machine.

/root/staf-kvm-devel/autotest-devel/client/tests/virt/qemu/qemu -monitor stdio  \
    -S  \
    -name 'virt-tests-vm1'  \
    -sandbox off  \
    -M pc  \
    -nodefaults  \
    -vga std  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20140116-112740-kTemQsTl,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20140116-112740-kTemQsTl,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=seabioslog_id_20140116-112740-kTemQsTl,path=/tmp/seabios-20140116-112740-kTemQsTl,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20140116-112740-kTemQsTl,iobase=0x402 \
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=03 \
    -drive id=drive_image1,if=none,cache=unsafe,snapshot=off,aio=native,file=/root/staf-kvm-devel/autotest-devel/client/tests/virt/shared/data/images/win2008-64.qcow2 \
    -device ide-hd,id=image1,drive=drive_image1,bus=ide.0,unit=0 \
    -device e1000,mac=9a:9d:9e:9f:a0:a1,id=idjHWehh,netdev=idut0ynR,bus=pci.0,addr=04  \
    -netdev tap,id=idut0ynR  \
    -m 2048  \
    -smp 2,maxcpus=2,cores=1,threads=1,sockets=2  \
    -drive id=drive_cd1,if=none,snapshot=off,aio=native,media=cdrom,file=/root/staf-kvm-devel/autotest-devel/client/tests/virt/shared/data/isos/windows/winutils.iso \
    -device ide-cd,id=cd1,drive=drive_cd1,bus=ide.0,unit=1 \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -vnc :0  \
    -rtc base=localtime,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off \
    -enable-kvm \
    -cpu 'Opteron_G5',hv_vapic


Microsoft (R) Windows Debugger Version 6.10.0003.233 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Memory.dmp]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is: 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Windows 7 Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 6002.18005.amd64fre.lh_sp2rtm.090410-1830
Machine Name:
Kernel base = 0xfffff800`01604000 PsLoadedModuleList = 0xfffff800`017c8dd0
Debug session time: Thu Jan 16 14:18:08.671 2014 (GMT-8)
System Uptime: 0 days 0:00:13.609
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {102bd53e0, 2, 0, fffff800017393a0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Page 75031 not present in the dump file. Type ".hh dbgerr004" for details
Page 75827 not present in the dump file. Type ".hh dbgerr004" for details
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+c00 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000102bd53e0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800017393a0, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Page 75031 not present in the dump file. Type ".hh dbgerr004" for details
Page 75827 not present in the dump file. Type ".hh dbgerr004" for details
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details

MODULE_NAME: nt

FAULTING_MODULE: fffff80001604000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0237f

BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  0

FAULTING_IP: 
nt!ExAllocatePoolWithTag+c00
fffff800`017393a0 4d8b08          mov     r9,qword ptr [r8]

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from fffff8000165e1ee to fffff8000165e450

STACK_TEXT:  
fffffa60`03b93188 fffff800`0165e1ee : 00000000`0000000a 00000001`02bd53e0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffffa60`03b93190 fffff800`0165d0cb : 00000000`00000000 fffffa60`01019460 fffffa80`01d15180 00000000`00000000 : nt!ZwUnloadKeyEx+0x23ce
fffffa60`03b932d0 fffff800`017393a0 : fffffa80`0291e400 fffffa80`02bd8c00 fffffa80`02bd8c00 00000000`00000009 : nt!ZwUnloadKeyEx+0x12ab
fffffa60`03b93460 fffff800`017382b2 : fffffa80`0291e5c0 fffffa80`0291e410 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0xc00
fffffa60`03b934d0 fffff800`01662fc1 : fffffa80`0291e420 fffffa80`0291e460 fffffa80`0291e430 fffffa60`656c6946 : nt!ExFreePoolWithTag+0x5e2
fffffa60`03b93580 fffff800`018cbf12 : 00000000`00000000 fffffa80`0189bdc0 fffffa60`03b939e0 00000000`00000000 : nt!ObfDereferenceObject+0x1e1
fffffa60`03b93610 fffff800`018c3a92 : fffffa80`01d55cc0 fffffa60`00d91ba0 fffffa80`024efb10 fffff880`05187101 : nt!NtDeviceIoControlFile+0x29e2
fffffa60`03b937b0 fffff800`018c4622 : 00000000`00000000 fffffa80`024efbf8 00000000`00000100 00000000`00000000 : nt!MmCreateSection+0x10d2
fffffa60`03b938c0 fffff800`0189bb05 : fffffa80`00000080 00000000`023ed790 00000000`023ed3f0 fffffa60`03b93ca0 : nt!ObOpenObjectByName+0x2f2
fffffa60`03b93990 fffff800`0165def3 : fffffa80`02877060 fffffa60`03b93ca0 fffffa80`02877060 00000000`77bf2970 : nt!SeAssignSecurity+0x44d
fffffa60`03b93c20 00000000`77b270ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ZwUnloadKeyEx+0x20d3
00000000`023ed358 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b270ea


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExAllocatePoolWithTag+c00
fffff800`017393a0 4d8b08          mov     r9,qword ptr [r8]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExAllocatePoolWithTag+c00

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntkrnlmp.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
Comment 3 Xiaoqing Wei 2014-01-16 08:22:50 UTC 
(In reply to Xiaoqing Wei from comment #2)
> Reproduced, the root caused is 'hv_vapic', this flag will bsod the vm on my
> machine.
> 


The minidump


Microsoft (R) Windows Debugger Version 6.10.0003.233 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini011614-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Machine Name:
Kernel base = 0xfffff800`01604000 PsLoadedModuleList = 0xfffff800`017c8dd0
Debug session time: Thu Jan 16 14:18:08.671 2014 (GMT-8)
System Uptime: 0 days 0:00:13.609
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {102bd53e0, 2, 0, fffff800017393a0}

Unable to load image \SystemRoot\System32\Drivers\Ntfs.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+1353a0 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000102bd53e0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800017393a0, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************

MODULE_NAME: nt

FAULTING_MODULE: fffff80001604000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0237f

BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  0

FAULTING_IP: 
nt+1353a0
fffff800`017393a0 ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from fffff8000165e1ee to fffff8000165e450

STACK_TEXT:  
fffffa60`03b93188 fffff800`0165e1ee : 00000000`0000000a 00000001`02bd53e0 00000000`00000002 00000000`00000000 : nt+0x5a450
fffffa60`03b93190 00000000`0000000a : 00000001`02bd53e0 00000000`00000002 00000000`00000000 fffff800`017393a0 : nt+0x5a1ee
fffffa60`03b93198 00000001`02bd53e0 : 00000000`00000002 00000000`00000000 fffff800`017393a0 fffffa60`0101267e : 0xa
fffffa60`03b931a0 00000000`00000002 : 00000000`00000000 fffff800`017393a0 fffffa60`0101267e 00000000`00000000 : 0x1`02bd53e0
fffffa60`03b931a8 00000000`00000000 : fffff800`017393a0 fffffa60`0101267e 00000000`00000000 00000000`00000000 : 0x2
fffffa60`03b931b0 fffff800`017393a0 : fffffa60`0101267e 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931b8 fffffa60`0101267e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt+0x1353a0
fffffa60`03b931c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs+0xd67e
fffffa60`03b931c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b931f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93200 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93208 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93210 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93220 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93228 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93230 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93238 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93240 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : 0x0
fffffa60`03b93248 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000001 : 0x0
fffffa60`03b93250 00000000`00000000 : 00000000`00000000 00000000`00000001 00000000`00000001 00000000`00000001 : 0x0
fffffa60`03b93258 00000000`00000000 : 00000000`00000001 00000000`00000001 00000000`00000001 fffff880`05187000 : 0x0
fffffa60`03b93260 00000000`00000001 : 00000000`00000001 00000000`00000001 fffff880`05187000 fffffa60`03b93291 : 0x0
fffffa60`03b93268 00000000`00000001 : 00000000`00000001 fffff880`05187000 fffffa60`03b93291 00000000`00000000 : 0x1
fffffa60`03b93270 00000000`00000001 : fffff880`05187000 fffffa60`03b93291 00000000`00000000 00000000`00000000 : 0x1
fffffa60`03b93278 fffff880`05187000 : fffffa60`03b93291 00000000`00000000 00000000`00000000 fffff800`01796160 : 0x1
fffffa60`03b93280 fffffa60`03b93291 : 00000000`00000000 00000000`00000000 fffff800`01796160 fffff800`01796160 : 0xfffff880`05187000
fffffa60`03b93288 00000000`00000000 : 00000000`00000000 fffff800`01796160 fffff800`01796160 00000000`0000001c : 0xfffffa60`03b93291
fffffa60`03b93290 00000000`00000000 : fffff800`01796160 fffff800`01796160 00000000`0000001c 00000000`00000001 : 0x0
fffffa60`03b93298 fffff800`01796160 : fffff800`01796160 00000000`0000001c 00000000`00000001 00000000`00000000 : 0x0
fffffa60`03b932a0 fffff800`01796160 : 00000000`0000001c 00000000`00000001 00000000`00000000 00000000`00000000 : nt+0x192160
fffffa60`03b932a8 00000000`0000001c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff800`0165d0cb : nt+0x192160
fffffa60`03b932b0 00000000`00000001 : 00000000`00000000 00000000`00000000 fffff800`0165d0cb 00000000`00000000 : 0x1c
fffffa60`03b932b8 00000000`00000000 : 00000000`00000000 fffff800`0165d0cb 00000000`00000000 fffffa60`01019460 : 0x1
fffffa60`03b932c0 00000000`00000000 : fffff800`0165d0cb 00000000`00000000 fffffa60`01019460 fffffa80`01d15180 : 0x0
fffffa60`03b932c8 fffff800`0165d0cb : 00000000`00000000 fffffa60`01019460 fffffa80`01d15180 00000000`00000000 : 0x0
fffffa60`03b932d0 00000000`00000000 : fffffa60`01019460 fffffa80`01d15180 00000000`00000000 fffffa60`03b933b8 : nt+0x590cb
fffffa60`03b932d8 fffffa60`01019460 : fffffa80`01d15180 00000000`00000000 fffffa60`03b933b8 00001f80`01000000 : 0x0
fffffa60`03b932e0 fffffa80`01d15180 : 00000000`00000000 fffffa60`03b933b8 00001f80`01000000 fffffa80`02bcd200 : Ntfs+0x14460
fffffa60`03b932e8 00000000`00000000 : fffffa60`03b933b8 00001f80`01000000 fffffa80`02bcd200 00000000`00000004 : 0xfffffa80`01d15180
fffffa60`03b932f0 fffffa60`03b933b8 : 00001f80`01000000 fffffa80`02bcd200 00000000`00000004 fffff800`017961c8 : 0x0
fffffa60`03b932f8 00001f80`01000000 : fffffa80`02bcd200 00000000`00000004 fffff800`017961c8 00000001`02bd53e0 : 0xfffffa60`03b933b8
fffffa60`03b93300 fffffa80`02bcd200 : 00000000`00000004 fffff800`017961c8 00000001`02bd53e0 00000001`02bd53e0 : 0x1f80`01000000
fffffa60`03b93308 00000000`00000004 : fffff800`017961c8 00000001`02bd53e0 00000001`02bd53e0 00000000`00000000 : 0xfffffa80`02bcd200
fffffa60`03b93310 fffff800`017961c8 : 00000001`02bd53e0 00000001`02bd53e0 00000000`00000000 00000000`00000000 : 0x4
fffffa60`03b93318 00000001`02bd53e0 : 00000001`02bd53e0 00000000`00000000 00000000`00000000 fffffa80`01d15180 : nt+0x1921c8
fffffa60`03b93320 00000001`02bd53e0 : 00000000`00000000 00000000`00000000 fffffa80`01d15180 fffffa80`00f80056 : 0x1`02bd53e0
fffffa60`03b93328 00000000`00000000 : 00000000`00000000 fffffa80`01d15180 fffffa80`00f80056 fffff880`055daa30 : 0x1`02bd53e0
fffffa60`03b93330 00000000`00000000 : fffffa80`01d15180 fffffa80`00f80056 fffff880`055daa30 00000000`00000000 : 0x0
fffffa60`03b93338 fffffa80`01d15180 : fffffa80`00f80056 fffff880`055daa30 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93340 fffffa80`00f80056 : fffff880`055daa30 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`01d15180
fffffa60`03b93348 fffff880`055daa30 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`00f80056
fffffa60`03b93350 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`055daa30
fffffa60`03b93358 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93360 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93368 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93370 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93378 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0
fffffa60`03b93380 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000001`02bd53e0 : 0x0
fffffa60`03b93388 00000000`00000000 : 00000000`00000000 00000000`00000000 00000001`02bd53e0 fffffa80`02bd8c00 : 0x0
fffffa60`03b93390 00000000`00000000 : 00000000`00000000 00000001`02bd53e0 fffffa80`02bd8c00 00000000`000001d0 : 0x0
fffffa60`03b93398 00000000`00000000 : 00000001`02bd53e0 fffffa80`02bd8c00 00000000`000001d0 00000000`01000001 : 0x0
fffffa60`03b933a0 00000001`02bd53e0 : fffffa80`02bd8c00 00000000`000001d0 00000000`01000001 00000000`00000000 : 0x0
fffffa60`03b933a8 fffffa80`02bd8c00 : 00000000`000001d0 00000000`01000001 00000000`00000000 00000000`00000000 : 0x1`02bd53e0
fffffa60`03b933b0 00000000`000001d0 : 00000000`01000001 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffffa80`02bd8c00
fffffa60`03b933b8 00000000`01000001 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1d0
fffffa60`03b933c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`02bd8c00 : 0x1000001
fffffa60`03b933c8 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`02bd8c00 fffffa60`03b934b0 : 0x0
fffffa60`03b933d0 00000000`00000000 : 00000000`00000000 fffffa80`02bd8c00 fffffa60`03b934b0 00000000`00000000 : 0x0
fffffa60`03b933d8 00000000`00000000 : fffffa80`02bd8c00 fffffa60`03b934b0 00000000`00000000 fffffa80`01ba4100 : 0x0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt+1353a0
fffff800`017393a0 ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  nt+1353a0

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntoskrnl.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
Comment 5 Xiaoqing Wei 2014-01-16 08:28:42 UTC 
Since this could be reproduce w/ only booting, raise the priority
Comment 6 CongLi 2014-01-23 10:08:03 UTC 
Hi Yan,

When I do system_reset to guest, always generate BSOD w/ different error code.

There are the related bugs:
   1. Bug 1049800 - win2008.x86_64 guest BSOD (error code:0x50, PAGE_FAULT_IN_NONPAGED_AREA)
   2. Bug 1038594 - Win2008 x86_64 BSOD(0x0A) on the starting of OS
   3. Bug 1038902 - Win2008 BSOD on OS booting(0x7e and 0xc5)
   4. Bug 1049823 - win2008.x86_64 guest BSOD (error code:0x3B, SYSTEM_SERVICE_EXCEPTION) 
   5. Bug 1056982 - win2008.x86_64 guest BSOD (error code:0x19, BAD_POOL_HEADER)

Could you have a look about it?

Thanks,
Cong
Comment 9 juzhang 2014-01-24 02:01:22 UTC 
Hi Cong,

Could you reply comment8?

Best Regards,
Junyi
Comment 11 Yvugenfi@redhat.com 2014-03-18 13:16:11 UTC 

*** This bug has been marked as a duplicate of bug 1056982 ***