Bugcheck during upgrade to Windows 10 "insider build", caused by qxldod.sys
Migrating issue from gitlab.com to gitlab.freedesktop.org
original author:
Ryan Ries
2: kd> !di
Computer Name: Not Found
Windows 10 Kernel Version 14931 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14931.1000.amd64fre.rs_prerelease.160916-1700
Kernel base = 0xfffff803`49894000 PsLoadedModuleList = 0xfffff803`49b85820
Debug session time: Thu Sep 22 16:35:19.970 2016 (UTC - 5:00)
System Uptime: 0 days 0:00:02.623
SystemManufacturer = QEMU
SystemProductName = Standard PC (Q35 + ICH9, 2009)
Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Bugcheck: 50 (FFFFAAFF4AD7F000, 0, FFFFF80BF53C1585, 0)
Kernel Summary Dump File: Kernel address space is available, User address space may not be available.
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffaaff4ad7f000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80bf53c1585, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 10.0.14931.1000 (rs_prerelease.160916-1700)
SYSTEM_MANUFACTURER: QEMU
SYSTEM_PRODUCT_NAME: Standard PC (Q35 + ICH9, 2009)
SYSTEM_VERSION: pc-q35-2.6
BIOS_VENDOR: SeaBIOS
BIOS_VERSION: 1.9.1-1.fc24
BIOS_DATE: 04/01/2014
DUMP_TYPE: 1
BUGCHECK_P1: ffffaaff4ad7f000
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80bf53c1585
BUGCHECK_P4: 0
READ_ADDRESS: ffffaaff4ad7f000
FAULTING_IP:
qxldod!memcpy+145
fffff80b`f53c1585 f30f6f4c0a10 movdqu xmm1,xmmword ptr [rdx+rcx+10h]
MM_INTERNAL_CODE: 0
CPU_COUNT: 4
CPU_MHZ: fa0
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: f
CPU_STEPPING: b
CPU_MICROCODE: 6,f,b,0 (F,M,S,R) SIG: 1'00000000 (cache) 1'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_TIME: 09-26-2016 08:08:12.0638
ANALYSIS_VERSION: 10.0.14877.1130 amd64fre
TRAP_FRAME: ffff9b0171534b70 -- (.trap 0xffff9b0171534b70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000007 rbx=0000000000000000 rcx=ffffaaff432aa640
rdx=0000000007ad49ac rsi=0000000000000000 rdi=0000000000000000
rip=fffff80bf53c1585 rsp=ffff9b0171534d08 rbp=00000000fffffc40
r8=fffffffffff55c34 r9=07ffffffffffffe1 r10=fffff78000000008
r11=ffffaaff432005f4 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
qxldod!memcpy+0x145:
fffff80b`f53c1585 f30f6f4c0a10 movdqu xmm1,xmmword ptr [rdx+rcx+10h] ds:ffffaaff`4ad7effc=????????????????????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff803498f3e85 to fffff803499e4210
STACK_TEXT:
ffff9b01`71534878 fffff803`498f3e85 : 00000000`00000050 ffffaaff`4ad7f000 00000000`00000000 ffff9b01`71534b70 : nt!KeBugCheckEx
ffff9b01`71534880 fffff803`4991faa3 : 00000000`00000000 ffffc07f`ffffffff 00000000`00000000 ffffaaff`4ad7f000 : nt!MiSystemFault+0xee5
ffff9b01`71534970 fffff803`499ed933 : ffffc055`7fa54000 ffffc055`7fa56ff8 ffffc060`2abfd2a0 ffffc060`2abfd2b0 : nt!MmAccessFault+0x253
ffff9b01`71534b70 fffff80b`f53c1585 : fffff80b`f53c63cb ffffe787`dce22240 ffffaaff`43200401 ffffaaff`43200598 : nt!KiPageFault+0x133
ffff9b01`71534d08 fffff80b`f53c63cb : ffffe787`dce22240 ffffaaff`43200401 ffffaaff`43200598 fffff80b`f53c33ef : qxldod!memcpy+0x145
ffff9b01`71534d10 fffff80b`f53c37d7 : ffffe787`dce22130 ffff9b01`71534de0 ffff9b01`71534dd8 ffff9b01`71534dd0 : qxldod!QxlDevice::PutBytesAlign+0xff
ffff9b01`71534d80 fffff80b`f53c4c07 : ffffe787`fffffc40 ffffe787`ddd58e50 ffff9b01`71534e68 ffffe787`dd107000 : qxldod!QxlDevice::BltBits+0x233
ffff9b01`71534e30 fffff80b`f53c60de : ffffe787`dce22130 ffffaaff`4a200000 00000000`00000018 ffffe787`dda00000 : qxldod!QxlDevice::ExecutePresentDisplayOnly+0x27f
ffff9b01`71534f00 fffff80b`f4e9e31c : 00000000`00000000 ffff9b01`71535130 00000000`00000000 00000000`00000001 : qxldod!QxlDod::PresentDisplayOnly+0x14a
ffff9b01`71534f70 fffff80b`f4ed4834 : ffff9b01`00000000 ffff9b01`71535130 ffff9b01`71535130 ffffe787`ddcf0230 : dxgkrnl!omitted
ffff9b01`71535000 fffff80b`f4e5ab6a : ffffe787`dce11010 ffffe787`dce11010 ffff9b01`71535180 00000000`00000000 : dxgkrnl!omitted
ffff9b01`71535080 fffff80b`f4e5a1e5 : ffffb000`0e948780 00000000`40000040 ffffe787`dda00000 00000000`00000000 : dxgkrnl!omitted
ffff9b01`71535c10 ffffcd5a`ea162f75 : ffffcd14`c0070020 00000000`ffffffff 00000000`00000021 ffffb000`0e948780 : dxgkrnl!omitted
ffff9b01`71535cf0 fffff803`49940e8d : ffffffff`fffae9eb ffffe787`ddce3080 ffffcd5a`ea162ee0 ffffe787`ddce3080 : cdd!omitted
ffff9b01`71535d50 fffff803`499e9616 : ffff9b01`6f840180 ffffe787`ddce3080 fffff803`49940e4c 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffff9b01`71535da0 00000000`00000000 : ffff9b01`71536000 ffff9b01`71530000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
FOLLOWUP_IP:
qxldod!QxlDevice::PutBytesAlign+ff
fffff80b`f53c63cb 410136 add dword ptr [r14],esi
FAULT_INSTR_CODE: 4c360141
FAULTING_SOURCE_LINE: c:\cygwin64\tmp\build\source\qxl-wddm-next\qxldod\qxldod.cpp
FAULTING_SOURCE_FILE: c:\cygwin64\tmp\build\source\qxl-wddm-next\qxldod\qxldod.cpp
FAULTING_SOURCE_LINE_NUMBER: 4240
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: qxldod!QxlDevice::PutBytesAlign+ff
FOLLOWUP_NAME: wintriag
MODULE_NAME: qxldod
IMAGE_NAME: qxldod.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 55b83b8f
DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR: Hybrid_FALSE
DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR: GPU0_VenId0x1414_DevId0x8d_WDDM1.3_NotActive;GPU2_VenId0x1b36_DevId0x100_WDDM1.3_Active_Post;
BUCKET_ID_FUNC_OFFSET: ff
FAILURE_BUCKET_ID: AV_R_INVALID_qxldod!QxlDevice::PutBytesAlign
BUCKET_ID: AV_R_INVALID_qxldod!QxlDevice::PutBytesAlign
PRIMARY_PROBLEM_CLASS: AV_R_INVALID_qxldod!QxlDevice::PutBytesAlign
TARGET_TIME: 2016-09-22T21:35:19.000Z
OSBUILD: 14931
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-09-16 22:29:58
BUILDDATESTAMP_STR: 160916-1700
BUILDLAB_STR: rs_prerelease
BUILDOSVER_STR: 10.0.14931.1000
ANALYSIS_SESSION_ELAPSED_TIME: 2d17
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_qxldod!qxldevice::putbytesalign
Frediano Ziglio @freddy77 · 1 year ago
What were you doing?
Which commit were you using?
Where did you get the binary?
Would be great to have the binary if possible.
From what I can understand source and destination pointers differs by about 128mb. The operation that fails is a read.
Michael Hampton @error10 · 1 year ago
I submitted the original report to Microsoft, which Ryan has posted about above. So maybe I can fill in some details.
The system was in the middle of upgrading Windows 10 from one insider preview build to the next. Precisely what Windows was doing at the time, I am not sure. After the bluescreen Windows restarted and rolled back the partially completed upgrade.
The binary in use was obtained from https://people.redhat.com/vrozenfe/qxlwddm/qxlwddm-0.12.zip which at the time appeared to be the latest release (and unfortunately still does).