Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1393140

Summary: [virtio-win][vioser][whql]BSOD when running job "WDF Logo Test-Final" w/ q35 on win2008-32
Product: Red Hat Enterprise Linux 7 Reporter: Yu Wang <wyu>
Component: virtio-winAssignee: Gal Hammer <ghammer>
virtio-win sub component: virtio-win-prewhql QA Contact: Virtualization Bugs <virt-bugs>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: ailan, lijin, lmiksik, phou
Version: 7.4   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 12:55:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1401400    
Attachments:
Description Flags
WDF Logo Test-Final log none

Description Yu Wang 2016-11-09 00:46:05 UTC 
Created attachment 1218753 [details]
WDF Logo Test-Final log

Description of problem:
[virtio-win][vioser][whql]BSOD when running job "WDF Logo Test-Final" w/ q35 on win2008-32

dump file refer to attachment

Version-Release number of selected component (if applicable):
virtio-win-prewhql-128
qemu-kvm-rhev-2.6.0-27.el7.x86_64
kernel-3.10.0-518.el7.x86_64

How reproducible:
2/2

Steps to Reproduce:
1. boot w/ "-M q35" and pcie device

/usr/libexec/qemu-kvm -name 128SRLWIN832JTU -enable-kvm -m 3G -smp 4 -uuid 9c0b7b6e-9beb-44ea-b1a2-72e541349142 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/128SRLWIN832JTU,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb -drive file=128SRLWIN832JTU,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=128SRLWIN832JTU.vfd,if=floppy,id=drive-fdc0-0-0,format=raw,cache=none -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:52:4a:6e:12:1a -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -M q35 -device ioh3420,bus=pcie.0,id=root1.0,slot=1 -device virtio-serial-pci,id=serial0,bus=root1.0 -chardev socket,id=serialchardev0,path=/tmp/128SRLWIN832JTU_port0,server,nowait -device virtserialport,id=port0,chardev=serialchardev0,bus=serial0.0

2. run job "WDF Logo Test-Final"

Actual results:
BSOD 

Expected results:
Pass

Additional info:
1 It can pass w/ "-M pc"
2 can pass on win2008-64
Comment 1 Yu Wang 2016-11-09 00:49:59 UTC 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {c0000005, 806f2848, 8dde35ac, 8dde32a8}

Probably caused by : memory_corruption

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806f2848, The address that the exception occurred at
Arg3: 8dde35ac, Exception Record Address
Arg4: 8dde32a8, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
NDIS!ndisRegisterMiniportDriver+108
806f2848 f0000500000000  lock add byte ptr ds:[0],al

EXCEPTION_RECORD:  8dde35ac -- (.exr 0xffffffff8dde35ac)
ExceptionAddress: 806f2848 (NDIS!ndisRegisterMiniportDriver+0x00000108)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 00000000
Attempt to write to address 00000000

CONTEXT:  8dde32a8 -- (.cxr 0xffffffff8dde32a8;r)
eax=859ff670 ebx=0000019c ecx=859ff638 edx=00000000 esi=859ff7e0 edi=8dde36dc
eip=806f2848 esp=8dde3674 ebp=8dde3694 iopl=0         nv up ei ng nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210292
NDIS!ndisRegisterMiniportDriver+0x108:
806f2848 f0000500000000  lock add byte ptr ds:[0],al        ds:0023:00000000=??
Last set context:
eax=859ff670 ebx=0000019c ecx=859ff638 edx=00000000 esi=859ff7e0 edi=8dde36dc
eip=806f2848 esp=8dde3674 ebp=8dde3694 iopl=0         nv up ei ng nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210292
NDIS!ndisRegisterMiniportDriver+0x108:
806f2848 f0000500000000  lock add byte ptr ds:[0],al        ds:0023:00000000=??
Resetting default scope

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  00000000

WRITE_ADDRESS:  00000000 

FOLLOWUP_IP: 
NDIS!ndisRegisterMiniportDriver+108
806f2848 f0000500000000  lock add byte ptr ds:[0],al

BUGCHECK_STR:  0x7E

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LOCK_ADDRESS:  81972600 -- (!locks 81972600)

Resource @ nt!PiEngineLock (0x81972600)    Exclusively owned
     Threads: 8549a828-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0x81972600
	Thread Count  : 1
	Thread address: 0x8549a828
	Thread wait   : 0x1bd

LAST_CONTROL_TRANSFER:  from 81a13c87 to 8190bb0d

STACK_TEXT:  
8dde3694 806f2709 00000060 8dde36dc 00000060 NDIS!ndisRegisterMiniportDriver+0x108
8dde36bc 90c990f9 859ff7e0 8dde36dc 00000060 NDIS!NdisMRegisterMiniport+0x7f
8dde3740 819a9a68 859ff9d8 85a00000 8dde3a98 rasl2tp!DriverEntry+0xb6
8dde3924 819a1cec 00000000 8dde3900 8dde3954 nt!IopLoadDriver+0x805
8dde3968 81a112e1 8dbd3d38 00000001 8dbd3d24 nt!PipCallDriverAddDeviceQueryRoutine+0x309
8dde39a0 81a11611 00000001 8dde3a98 819a19e3 nt!RtlpCallQueryRegistryRoutine+0x28e
8dde3a0c 819a04f4 40000000 80000048 8dde3a40 nt!RtlQueryRegistryValues+0x31b
8dde3af0 8199fa27 00000000 8dde3d38 81970550 nt!PipCallDriverAddDevice+0x2ff
8dde3cec 8184a714 854733f8 8597b828 8dde3d38 nt!PipProcessDevNodeTree+0x15c
8dde3d44 818e3e22 00000000 00000000 8549a828 nt!PnpDeviceActionWorker+0x229
8dde3d7c 81a13c42 00000000 f8c3eb47 00000000 nt!ExpWorkerThread+0xfd
8dde3dc0 8187cefe 818e3d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


CHKIMG_EXTENSION: !chkimg -lo 50 -d !NDIS
    806f2848-806f2859  18 bytes - NDIS!ndisRegisterMiniportDriver+108
	[ 57 50 e8 bf 1f f2 ff 83:f0 00 05 00 00 00 00 0a ]
18 errors : !NDIS (806f2848-806f2859)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

STACK_COMMAND:  .cxr 0xffffffff8dde32a8 ; kb

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:memory_corruption_large

FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}

Followup: memory_corruption
---------
Comment 3 Peixiu Hou 2017-03-24 06:18:00 UTC 
Verified this issue with qemu-kvm-rhev-2.8.0-5.el7 under q35, it can be passed none bsod.

kernel-3.10.0-612.el7.x86_64
qemu-kvm-rhev-2.8.0-5.el7
virtio-win-prewhql-128

Best Regards~
Peixiu Hou
Comment 4 lijin 2017-03-24 09:32:50 UTC 
change status to verified according to comment#3
Comment 5 lijin 2017-05-11 05:45:59 UTC 
Hi Amnon,

Could you help to ack?

Thanks
Comment 8 errata-xmlrpc 2017-08-01 12:55:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2341