1005667 – Windows guests fall into BSOD randomly with "virtio_ioport_write: unexpected address 0x13 value 0x1"

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1005667 - Windows guests fall into BSOD randomly with "virtio_ioport_write: unexpected address 0x13 value 0x1"

Summary: Windows guests fall into BSOD randomly with "virtio_ioport_write: unexpected ...

Keywords:
Status:	CLOSED DUPLICATE of bug 852776
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	virtio-win
Sub Component:
Version:	6.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Yvugenfi@redhat.com
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-09 06:20 UTC by Rogan Kyuseok Lee
Modified:	2013-09-10 08:18 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-10 08:18:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	852776	1	None	None	None	2021-01-20 06:05:38 UTC

Internal Links: 852776

Description Rogan Kyuseok Lee 2013-09-09 06:20:24 UTC

Description of problem:
Windows Server 2008 R2 VM suddenly falled into BSOD with the following errors. It obviously looks an issue related to virtio.

# cat /var/log/libvirt/qemu/TGW.log
 "virtio_ioport_write: unexpected address 0x13 value 0x1"

Version-Release number of selected component (if applicable):
virtio : netKVM : 60.63.103.2700
         virtstor : 60.63.103.2600
         serial : 52.63.103.3000 

How reproducible:
- Randomly

Steps to Reproduce:
1. 
2.
3.

Actual results:
- Windows guests crashed with MINIDUMP.

Expected results:
- No BSOD

Additional info:

RHEV 3.0 Environment :
  - kernel-2.6.32-279
  - vdsm-4.9-113.3.el6-3.x86_64

- Initial analysis of MINIDUMP --------------------------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Administrator\Downloads\dump-20130820\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_rtm.070216-1710
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d5100
Debug session time: Tue Aug 20 21:54:40.148 2013 (UTC + 9:00)
System Uptime: 18 days 22:09:13.318
Loading Kernel Symbols
...............................................................
..................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {80000003, fffff80001026d90, fffffadcbb063d50, 0}

Page d9dfc not present in the dump file. Type ".hh dbgerr004" for details
Page d9ec4 not present in the dump file. Type ".hh dbgerr004" for details
Probably caused by : afd.sys ( afd!AfdIssueDeviceControl+1a8 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 0000000080000003, Exception code that caused the bugcheck
Arg2: fffff80001026d90, Address of the instruction which caused the bugcheck
Arg3: fffffadcbb063d50, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

Page d9dfc not present in the dump file. Type ".hh dbgerr004" for details
Page d9ec4 not present in the dump file. Type ".hh dbgerr004" for details

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP: 
nt!DbgBreakPoint+0
fffff800`01026d90 cc              int     3

CONTEXT:  fffffadcbb063d50 -- (.cxr 0xfffffadcbb063d50)
rax=0000000000000001 rbx=0000000000000000 rcx=2c3d01a433bd0000
rdx=00000000ffff0031 rsi=fffffadcdc561720 rdi=0000000000000000
rip=fffff80001026d90 rsp=fffffadcbb064568 rbp=fffffadcdff43510
 r8=00000000ffffffff  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=fffffadcdce46050 r13=0000000000000018
r14=fffffadcbb064758 r15=0000000000000032
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000282
nt!DbgBreakPoint:
fffff800`01026d90 cc              int     3
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  java.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffffadcbd814049 to fffff80001026d90

STACK_TEXT:  
fffffadc`bb064568 fffffadc`bd814049 : fffffadc`bd81dae0 00000000`ffff0068 00000000`ffffffff 00000000`00000000 : nt!DbgBreakPoint
fffffadc`bb064570 fffffadc`bd81049a : fffffadc`dc48da30 fffffadc`00000000 00000000`00000001 00000000`05f3f368 : afd!AfdIssueDeviceControl+0x1a8
fffffadc`bb064630 fffff800`01280111 : fffffadc`dc4a4bd0 fffffadc`dc4a4d78 00000000`00000001 00000000`00000000 : afd!AfdBind+0x59b
fffffadc`bb064a70 fffff800`0127fc16 : fffffadc`dcb6cfe0 00000000`00000304 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0xa79
fffffadc`bb064b90 fffff800`0102e3fd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffffadc`bb064c00 00000000`78b23e48 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`05e5f098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x78b23e48


FOLLOWUP_IP: 
afd!AfdIssueDeviceControl+1a8
fffffadc`bd814049 90              nop

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  afd!AfdIssueDeviceControl+1a8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: afd

IMAGE_NAME:  afd.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  45d69cac

STACK_COMMAND:  .cxr 0xfffffadcbb063d50 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_afd!AfdIssueDeviceControl+1a8

BUCKET_ID:  X64_0x3B_afd!AfdIssueDeviceControl+1a8

Followup: MachineOwner
---------

1: kd> lmvm afd
start             end                 module name
fffffadc`bd7db000 fffffadc`bd828000   afd        (pdb symbols)          c:\symbols\afd.pdb\B2D9424B9FA24556A1870FA6A9CB06052\afd.pdb
    Loaded symbol image file: afd.sys
    Image path: \SystemRoot\System32\drivers\afd.sys
    Image name: afd.sys
    Timestamp:        Sat Feb 17 15:11:56 2007 (45D69CAC)
    CheckSum:         00048827
    ImageSize:        0004D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Note You need to log in before you can comment on or make changes to this bug.