Bug 1393140

Summary: [virtio-win][vioser][whql]BSOD when running job "WDF Logo Test-Final" w/ q35 on win2008-32
Product: Red Hat Enterprise Linux 7 Reporter: Yu Wang <wyu>
Component: virtio-winAssignee: Gal Hammer <ghammer>
virtio-win sub component: virtio-win-prewhql QA Contact: Virtualization Bugs <virt-bugs>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: ailan, lijin, lmiksik, phou
Version: 7.4   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 12:55:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1401400    
Attachments:
Description Flags
WDF Logo Test-Final log none

Description Yu Wang 2016-11-09 00:46:05 UTC 
Created attachment 1218753 [details]
WDF Logo Test-Final log

Description of problem:
[virtio-win][vioser][whql]BSOD when running job "WDF Logo Test-Final" w/ q35 on win2008-32

dump file refer to attachment

Version-Release number of selected component (if applicable):
virtio-win-prewhql-128
qemu-kvm-rhev-2.6.0-27.el7.x86_64
kernel-3.10.0-518.el7.x86_64

How reproducible:
2/2

Steps to Reproduce:
1. boot w/ "-M q35" and pcie device

/usr/libexec/qemu-kvm -name 128SRLWIN832JTU -enable-kvm -m 3G -smp 4 -uuid 9c0b7b6e-9beb-44ea-b1a2-72e541349142 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/128SRLWIN832JTU,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb -drive file=128SRLWIN832JTU,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=128SRLWIN832JTU.vfd,if=floppy,id=drive-fdc0-0-0,format=raw,cache=none -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:52:4a:6e:12:1a -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -M q35 -device ioh3420,bus=pcie.0,id=root1.0,slot=1 -device virtio-serial-pci,id=serial0,bus=root1.0 -chardev socket,id=serialchardev0,path=/tmp/128SRLWIN832JTU_port0,server,nowait -device virtserialport,id=port0,chardev=serialchardev0,bus=serial0.0

2. run job "WDF Logo Test-Final"

Actual results:
BSOD 

Expected results:
Pass

Additional info:
1 It can pass w/ "-M pc"
2 can pass on win2008-64
Comment 1 Yu Wang 2016-11-09 00:49:59 UTC 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7E, {c0000005, 806f2848, 8dde35ac, 8dde32a8}

Probably caused by : memory_corruption

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806f2848, The address that the exception occurred at
Arg3: 8dde35ac, Exception Record Address
Arg4: 8dde32a8, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
NDIS!ndisRegisterMiniportDriver+108
806f2848 f0000500000000  lock add byte ptr ds:[0],al

EXCEPTION_RECORD:  8dde35ac -- (.exr 0xffffffff8dde35ac)
ExceptionAddress: 806f2848 (NDIS!ndisRegisterMiniportDriver+0x00000108)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 00000000
Attempt to write to address 00000000

CONTEXT:  8dde32a8 -- (.cxr 0xffffffff8dde32a8;r)
eax=859ff670 ebx=0000019c ecx=859ff638 edx=00000000 esi=859ff7e0 edi=8dde36dc
eip=806f2848 esp=8dde3674 ebp=8dde3694 iopl=0         nv up ei ng nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210292
NDIS!ndisRegisterMiniportDriver+0x108:
806f2848 f0000500000000  lock add byte ptr ds:[0],al        ds:0023:00000000=??
Last set context:
eax=859ff670 ebx=0000019c ecx=859ff638 edx=00000000 esi=859ff7e0 edi=8dde36dc
eip=806f2848 esp=8dde3674 ebp=8dde3694 iopl=0         nv up ei ng nz ac po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00210292
NDIS!ndisRegisterMiniportDriver+0x108:
806f2848 f0000500000000  lock add byte ptr ds:[0],al        ds:0023:00000000=??
Resetting default scope

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000001

EXCEPTION_PARAMETER2:  00000000

WRITE_ADDRESS:  00000000 

FOLLOWUP_IP: 
NDIS!ndisRegisterMiniportDriver+108
806f2848 f0000500000000  lock add byte ptr ds:[0],al

BUGCHECK_STR:  0x7E

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LOCK_ADDRESS:  81972600 -- (!locks 81972600)

Resource @ nt!PiEngineLock (0x81972600)    Exclusively owned
     Threads: 8549a828-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0x81972600
	Thread Count  : 1
	Thread address: 0x8549a828
	Thread wait   : 0x1bd

LAST_CONTROL_TRANSFER:  from 81a13c87 to 8190bb0d

STACK_TEXT:  
8dde3694 806f2709 00000060 8dde36dc 00000060 NDIS!ndisRegisterMiniportDriver+0x108
8dde36bc 90c990f9 859ff7e0 8dde36dc 00000060 NDIS!NdisMRegisterMiniport+0x7f
8dde3740 819a9a68 859ff9d8 85a00000 8dde3a98 rasl2tp!DriverEntry+0xb6
8dde3924 819a1cec 00000000 8dde3900 8dde3954 nt!IopLoadDriver+0x805
8dde3968 81a112e1 8dbd3d38 00000001 8dbd3d24 nt!PipCallDriverAddDeviceQueryRoutine+0x309
8dde39a0 81a11611 00000001 8dde3a98 819a19e3 nt!RtlpCallQueryRegistryRoutine+0x28e
8dde3a0c 819a04f4 40000000 80000048 8dde3a40 nt!RtlQueryRegistryValues+0x31b
8dde3af0 8199fa27 00000000 8dde3d38 81970550 nt!PipCallDriverAddDevice+0x2ff
8dde3cec 8184a714 854733f8 8597b828 8dde3d38 nt!PipProcessDevNodeTree+0x15c
8dde3d44 818e3e22 00000000 00000000 8549a828 nt!PnpDeviceActionWorker+0x229
8dde3d7c 81a13c42 00000000 f8c3eb47 00000000 nt!ExpWorkerThread+0xfd
8dde3dc0 8187cefe 818e3d25 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


CHKIMG_EXTENSION: !chkimg -lo 50 -d !NDIS
    806f2848-806f2859  18 bytes - NDIS!ndisRegisterMiniportDriver+108
	[ 57 50 e8 bf 1f f2 ff 83:f0 00 05 00 00 00 00 0a ]
18 errors : !NDIS (806f2848-806f2859)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

STACK_COMMAND:  .cxr 0xffffffff8dde32a8 ; kb

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

BUCKET_ID:  MEMORY_CORRUPTION_LARGE

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:memory_corruption_large

FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}

Followup: memory_corruption
---------
Comment 3 Peixiu Hou 2017-03-24 06:18:00 UTC 
Verified this issue with qemu-kvm-rhev-2.8.0-5.el7 under q35, it can be passed none bsod.

kernel-3.10.0-612.el7.x86_64
qemu-kvm-rhev-2.8.0-5.el7
virtio-win-prewhql-128

Best Regards~
Peixiu Hou
Comment 4 lijin 2017-03-24 09:32:50 UTC 
change status to verified according to comment#3
Comment 5 lijin 2017-05-11 05:45:59 UTC 
Hi Amnon,

Could you help to ack?

Thanks
Comment 8 errata-xmlrpc 2017-08-01 12:55:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2341