Bug 804923
Summary: | winxp BSOD happened during s3 due to memory corruption on AMD host | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Mike Cao <bcao> |
Component: | qemu-kvm | Assignee: | Vadim Rozenfeld <vrozenfe> |
Status: | CLOSED WONTFIX | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.3 | CC: | acathrow, amit.shah, areis, bcao, bsarathy, gleb, juzhang, michen, mkenneth, rhod, shuang, tburke, virt-maint, vrozenfe |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-21 17:46:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 761491, 912287 |
Description
Mike Cao
2012-03-20 08:08:57 UTC
1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* ATTEMPTED_SWITCH_FROM_DPC (b8) A wait operation, attach process, or yield was attempted from a DPC routine. This is an illegal operation and the stack track will lead to the offending code and original DPC routine. Arguments: Arg1: 00000000, Original thread which is the cause of the failure Arg2: 00000000, New thread Arg3: 00000000, Stack address of the original thread Arg4: 00000000 Debugging Details: ------------------ PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: 0xB8 PROCESS_NAME: csrss.exe LAST_CONTROL_TRANSFER: from 80545c4b to 804f9f0e STACK_TEXT: bacd7ee8 80545c4b 000000b8 ffffffff 00000202 nt!KeBugCheck+0x14 bacd7ef8 80545a57 bacd7f10 806546a3 00000041 nt!ScPatchFxe+0x46 bacd7f08 806e6d43 bacd7f90 806546a3 badb0d00 nt!KiDispatchInterrupt+0xa7 bacd7f08 806546a3 bacd7f90 806546a3 badb0d00 hal!HalpDispatchInterrupt+0xbb bacd7f90 806547ab baa87594 bacd7fa0 00000005 nt!PopHandleNextState+0x1d bacd7fcc 80545e6f baa87538 baa87594 00000000 nt!PopInvokeStateHandlerTargetProcessor+0x23 bacd7ff4 805459db b20d4d44 00000000 00000000 nt!KiRetireDpcList+0x61 bacd7ff8 b20d4d44 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2b WARNING: Frame IP not in any known module. Following frames may be wrong. 805459db 00000000 00000009 0081850f bb830000 0xb20d4d44 STACK_COMMAND: kb CHKIMG_EXTENSION: !chkimg -lo 50 -d !hal 806e63c2-806e63c5 4 bytes - hal!KfRaiseIrql+a [ a1 80 00 fe:e8 f9 44 9e ] 806e63c7-806e63cb 5 bytes - hal!KfRaiseIrql+f (+0x05) [ 89 0d 80 00 fe:51 e8 6b 45 9e ] 806e63d8-806e63dc 5 bytes - hal!KeRaiseIrqlToDpcLevel (+0x11) [ 8b 15 80 00 fe:90 e8 25 45 9e ] 806e63de-806e63e0 3 bytes - hal!KeRaiseIrqlToDpcLevel+6 (+0x06) [ c7 05 80:68 41 00 ] 806e63e2-806e63e7 6 bytes - hal!KeRaiseIrqlToDpcLevel+a (+0x04) [ fe ff 41 00 00 00:00 e8 50 45 9e ff ] 806e63f4-806e63f8 5 bytes - hal!KeRaiseIrqlToSynchLevel (+0x12) [ 8b 15 80 00 fe:90 e8 09 45 9e ] 806e63fa-806e63fc 3 bytes - hal!KeRaiseIrqlToSynchLevel+6 (+0x06) [ c7 05 80:68 d1 00 ] 806e63fe-806e6403 6 bytes - hal!KeRaiseIrqlToSynchLevel+a (+0x04) [ fe ff d1 00 00 00:00 e8 34 45 9e ff ] 806e641c-806e6420 5 bytes - hal!KfLowerIrql+c (+0x1e) [ 89 0d 80 00 fe:51 e8 16 45 9e ] 806e6422-806e6425 4 bytes - hal!KfLowerIrql+12 (+0x06) [ a1 80 00 fe:e8 99 44 9e ] 806e6428-806e642b 4 bytes - hal!KeGetCurrentIrql (+0x06) [ a1 80 00 fe:e8 93 44 9e ] 806e6830-806e6834 5 bytes - hal!KfAcquireSpinLock (+0x408) [ 8b 15 80 00 fe:90 e8 cd 40 9e ] 806e6836-806e6838 3 bytes - hal!KfAcquireSpinLock+6 (+0x06) [ c7 05 80:68 41 00 ] 806e683a-806e683f 6 bytes - hal!KfAcquireSpinLock+a (+0x04) [ fe ff 41 00 00 00:00 e8 f8 40 9e ff ] 806e690f-806e6913 5 bytes - hal!KfReleaseSpinLock+f (+0xd5) [ 89 0d 80 00 fe:51 e8 23 40 9e ] 806e6915-806e6918 4 bytes - hal!KfReleaseSpinLock+15 (+0x06) [ a1 80 00 fe:e8 a6 3f 9e ] 806e6940-806e6943 4 bytes - hal!ExAcquireFastMutex (+0x2b) [ a1 80 00 fe:e8 7b 3f 9e ] 806e6945-806e6947 3 bytes - hal!ExAcquireFastMutex+5 (+0x05) [ c7 05 80:68 3d 00 ] 806e6949-806e694e 6 bytes - hal!ExAcquireFastMutex+9 (+0x04) [ fe ff 3d 00 00 00:00 e8 e9 3f 9e ff ] 806e698f-806e6992 4 bytes - hal!ExReleaseFastMutex+1b (+0x46) [ a3 80 00 fe:e8 9d 3f 9e ] 806e6994-806e6998 5 bytes - hal!ExReleaseFastMutex+20 (+0x05) [ 8b 0d 80 00 fe:90 e8 60 3f 9e ] 806e69a1-806e69a4 4 bytes - hal!ExTryToAcquireFastMutex+5 (+0x0d) [ a1 80 00 fe:e8 1a 3f 9e ] 806e69a6-806e69a8 3 bytes - hal!ExTryToAcquireFastMutex+a (+0x05) [ c7 05 80:68 3d 00 ] 806e69aa-806e69af 6 bytes - hal!ExTryToAcquireFastMutex+e (+0x04) [ fe ff 3d 00 00 00:00 e8 88 3f 9e ff ] 806e69e5-806e69e7 3 bytes - hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+5 (+0x3b) [ c7 05 80:68 d1 00 ] 806e69e9-806e69ee 6 bytes - hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+9 (+0x04) [ fe ff d1 00 00 00:00 e8 49 3f 9e ff ] 806e69f0-806e69f3 4 bytes - hal!KeAcquireInStackQueuedSpinLock (+0x07) [ a1 80 00 fe:e8 cb 3e 9e ] 806e69fe-806e6a00 3 bytes - hal!KeAcquireInStackQueuedSpinLock+e (+0x0e) [ c7 05 80:68 41 00 ] 806e6a02-806e6a07 6 bytes - hal!KeAcquireInStackQueuedSpinLock+12 (+0x04) [ fe ff 41 00 00 00:00 e8 30 3f 9e ff ] 806e6a41-806e6a43 3 bytes - hal!KeAcquireQueuedSpinLockRaiseToSynch+5 (+0x3f) [ c7 05 80:68 d1 00 ] 806e6a45-806e6a4a 6 bytes - hal!KeAcquireQueuedSpinLockRaiseToSynch+9 (+0x04) [ fe ff d1 00 00 00:00 e8 ed 3e 9e ff ] 806e6a4c-806e6a4f 4 bytes - hal!KeAcquireQueuedSpinLock (+0x07) [ a1 80 00 fe:e8 6f 3e 9e ] 806e6a5b-806e6a5d 3 bytes - hal!KeAcquireQueuedSpinLock+f (+0x0f) [ c7 05 80:68 41 00 ] 806e6a5f-806e6a64 6 bytes - hal!KeAcquireQueuedSpinLock+13 (+0x04) [ fe ff 41 00 00 00:00 e8 d3 3e 9e ff ] 806e6ad9-806e6add 5 bytes - hal!KeReleaseQueuedSpinLock+31 (+0x7a) [ 89 0d 80 00 fe:51 e8 59 3e 9e ] 806e6adf-806e6ae2 4 bytes - hal!KeReleaseQueuedSpinLock+37 (+0x06) [ a1 80 00 fe:e8 dc 3d 9e ] 806e6b39-806e6b3d 5 bytes - hal!KeTryToAcquireQueuedSpinLock+31 (+0x5a) [ 8b 0d 80 00 fe:90 e8 bb 3d 9e ] 806e6b3f-806e6b42 4 bytes - hal!KeTryToAcquireQueuedSpinLock+37 (+0x06) [ a3 80 00 fe:e8 ed 3d 9e ] 806e6d27-806e6d2b 5 bytes - hal!HalpDispatchInterrupt+9f (+0x1e8) [ 8b 35 80 00 fe:90 e8 df 3b 9e ] 806e6d2d-806e6d30 4 bytes - hal!HalpDispatchInterrupt+a5 (+0x06) [ a3 80 00 fe:e8 ff 3b 9e ] 806e6d44-806e6d48 5 bytes - hal!HalpDispatchInterrupt+bc (+0x17) [ 89 35 80 00 fe:56 e8 ee 3b 9e ] 806e6d4a-806e6d4e 5 bytes - hal!HalpDispatchInterrupt+c2 (+0x06) [ 8b 0d 80 00 fe:90 e8 aa 3b 9e ] 806e6ecb-806e6ecf 5 bytes - hal!HalpApcInterrupt+9f (+0x181) [ 8b 0d 80 00 fe:90 e8 29 3a 9e ] 806e6ed2-806e6ed5 4 bytes - hal!HalpApcInterrupt+a6 (+0x07) [ a3 80 00 fe:e8 5a 3a 9e ] 806e6ef4-806e6ef7 4 bytes - hal!HalpApcInterrupt+c8 (+0x22) [ a3 80 00 fe:e8 38 3a 9e ] 806e6ef9-806e6efd 5 bytes - hal!HalpApcInterrupt+cd (+0x05) [ 8b 0d 80 00 fe:90 e8 fb 39 9e ] 806e6f27-806e6f2b 5 bytes - hal!HalEndSystemInterrupt+1b (+0x2e) [ 89 0d 80 00 fe:51 e8 0b 3a 9e ] 806e6f2d-806e6f31 5 bytes - hal!HalEndSystemInterrupt+21 (+0x06) [ 8b 15 80 00 fe:90 e8 d0 39 9e ] 806e6f48-806e6f4a 3 bytes - hal!HalEndSystemInterrupt+3c (+0x1b) [ c7 05 80:68 41 00 ] 806e6f4c-806e6f51 6 bytes - hal!HalEndSystemInterrupt+40 (+0x04) [ fe ff 41 00 00 00:00 e8 e6 39 9e ff ] WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output. 806fa0ba-806fa0bc 3 bytes - hal!HalpInitializeLocalUnit+86 [ c7 05 80:68 ff 00 ] 806fa0be-806fa0c3 6 bytes - hal!HalpInitializeLocalUnit+8a (+0x04) [ fe ff ff 00 00 00:00 e8 74 08 9d ff ] 806fa18d-806fa191 5 bytes - hal!HalpInitializeLocalUnit+159 (+0xcf) [ 89 1d 80 00 fe:53 e8 a5 07 9d ] 248 errors : !hal (806e63c2-806fa191) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: LARGE FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE BUCKET_ID: MEMORY_CORRUPTION_LARGE Followup: memory_corruption --------- BTW ,I tried win2k8R2 ,did not hit this issue . BOSD can not 100% reproduce , when guest did not get BSOD ,it will hang and never resume from s3 This Bug may related to hardware ,since what I use is a freshly installed one ,and I downgrade the qemu-kvm version ,still hit this issue . (In reply to comment #9) > This Bug may related to hardware ,since what I use is a freshly installed one > ,and I downgrade the qemu-kvm version ,still hit this issue . Do you mean a problem with the host hardware? Anyway, please reproduce the problem with a different machine then. (In reply to comment #10) > (In reply to comment #9) > > This Bug may related to hardware ,since what I use is a freshly installed one > > ,and I downgrade the qemu-kvm version ,still hit this issue . > > Do you mean a problem with the host hardware? Anyway, please reproduce the > problem with a different machine then. Hello Ademar Another QE can *not* reproduce on her host with the same winxp image .but it happened almost 100% in amd-2376-32-1 host . And on amd-2376-32-1 host,I tried w/ win2k8R2 guests ,can *not* reproduce this issue Based on above ,I think this bug might related to specific host(hardware) Best Regards, Mike (In reply to comment #11) > (In reply to comment #10) > > (In reply to comment #9) > > > This Bug may related to hardware ,since what I use is a freshly installed one > > > ,and I downgrade the qemu-kvm version ,still hit this issue . > > > > Do you mean a problem with the host hardware? Anyway, please reproduce the > > problem with a different machine then. > > Hello Ademar > > Another QE can *not* reproduce on her host with the same winxp image .but it > happened almost 100% in amd-2376-32-1 host . > And on amd-2376-32-1 host,I tried w/ win2k8R2 guests ,can *not* reproduce this > issue > > Based on above ,I think this bug might related to specific host(hardware) Hmm, ok, let's try to narrow it a bit more: can you reproduce it on a similar hardware, on a different machine? When you think it might be related to specific hardware, do you mean some specific kind of hardware or your machine which might be deffective? I assume amd-2376-32-1 is a machine we can access remotely, is that right? Thanks! (In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #10) > > > (In reply to comment #9) > > > > This Bug may related to hardware ,since what I use is a freshly installed one > > > > ,and I downgrade the qemu-kvm version ,still hit this issue . > > > > > > Do you mean a problem with the host hardware? Anyway, please reproduce the > > > problem with a different machine then. > > > > Hello Ademar > > > > Another QE can *not* reproduce on her host with the same winxp image .but it > > happened almost 100% in amd-2376-32-1 host . > > And on amd-2376-32-1 host,I tried w/ win2k8R2 guests ,can *not* reproduce this > > issue > > > > Based on above ,I think this bug might related to specific host(hardware) > > Hmm, ok, let's try to narrow it a bit more: can you reproduce it on a similar > hardware, on a different machine? When you think it might be related to > specific hardware, do you mean some specific kind of hardware or your machine > which might be deffective? Hello Ademar This bug related w/ host cpu , I lent another AMD host ,very easy to reproduce it Best Regards, Mike This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Closing WinXP. Not a customer bug. Not sure that reproducible. |