Bug 1419785
Summary: | [virtio-win][whql][balloon] Guest WIN8-32 occured BSOD in job "DF - PNP Stop (Rebalance) Device Test (Certification)" | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | xiagao | ||||||
Component: | virtio-win | Assignee: | Ladi Prosek <lprosek> | ||||||
virtio-win sub component: | virtio-win-prewhql | QA Contact: | Virtualization Bugs <virt-bugs> | ||||||
Status: | CLOSED ERRATA | Docs Contact: | |||||||
Severity: | medium | ||||||||
Priority: | medium | CC: | ailan, lijin, lmiksik, lprosek, michen, phou, vrozenfe, wyu, xiagao | ||||||
Version: | 7.4 | ||||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | 133 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-08-01 12:55:38 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
The memory dump file debug info as following: BugCheck D1, {8, 2, 0, 97fda7c7} *** ERROR: Module load completed but symbols could not be loaded for balloon.sys *** ERROR: Module load completed but symbols could not be loaded for MSDMFilt.sys Probably caused by : balloon.sys ( balloon+27c7 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000008, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 97fda7c7, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 00000008 CURRENT_IRQL: 2 FAULTING_IP: balloon+27c7 97fda7c7 8b4e08 mov ecx,dword ptr [esi+8] DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: 877b09a0 -- (.trap 0xffffffff877b09a0) ErrCode = 00000000 eax=00000000 ebx=00000001 ecx=9e84afd0 edx=00000000 esi=00000000 edi=877b0a54 eip=97fda7c7 esp=877b0a14 ebp=877b0a20 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 balloon+0x27c7: 97fda7c7 8b4e08 mov ecx,dword ptr [esi+8] ds:0023:00000008=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 815da840 to 81563ccc STACK_TEXT: 877b0980 815da840 0000000a 00000008 00000002 nt!KiBugCheck2 877b0980 97fda7c7 0000000a 00000008 00000002 nt!KiTrap0E+0x2c8 WARNING: Stack unwind information not available. Following frames may be wrong. 877b0a20 97fd967b 00000000 877b0a54 00000001 balloon+0x27c7 877b0a68 97fe085e 6c78f320 877b0a9c 82e4d075 balloon+0x167b 877b0a74 82e4d075 5fe65060 9fb86f98 a0bfeee8 balloon+0x885e 877b0a9c 82e4ce8d 9f040e90 93870d9c 9f040e90 Wdf01000!FxPkgGeneral::OnClose+0xc8 877b0abc 82e45bc2 9f040e90 98021c38 9f040e90 Wdf01000!FxPkgGeneral::Dispatch+0xc0 877b0ae4 82e45a33 98021c38 9f040e90 98021c38 Wdf01000!FxDevice::Dispatch+0x155 877b0b00 818fef4b 98021c38 9f040e90 9f040e90 Wdf01000!FxDevice::DispatchWithLock+0x77 877b0b20 814a4a9f 81916565 9f040f88 9f040fac nt!IovCallDriver+0x2e3 877b0b34 81916565 877b0b5c 8191665c 98021c38 nt!IofCallDriver+0x62 877b0b3c 8191665c 98021c38 9f040e90 8b418b28 nt!ViFilterIoCallDriver+0x10 877b0b5c 818fef4b 8b418be0 9f040e90 8b477888 nt!ViFilterDispatchGeneric+0x5e 877b0b7c 814a4a9f 97fe6353 9f040fac 9f040fd0 nt!IovCallDriver+0x2e3 877b0b90 97fe6353 9f040e90 8b4777d0 00000000 nt!IofCallDriver+0x62 877b0ba8 97fe5074 8b4777d0 9f040e90 8b4777d0 MSDMFilt+0x2353 877b0bc8 818fef4b 8b4777d0 9f040e90 9f040e90 MSDMFilt+0x1074 877b0be8 814a4a9f 81916565 9f040fd0 9f040ff4 nt!IovCallDriver+0x2e3 877b0bfc 81916565 877b0c24 8191665c 8b4777d0 nt!IofCallDriver+0x62 877b0c04 8191665c 8b4777d0 9f040e90 8b4e63e8 nt!ViFilterIoCallDriver+0x10 877b0c24 818fef4b 8b4e64a0 9f040e90 9f040e90 nt!ViFilterDispatchGeneric+0x5e 877b0c44 814a4a9f 816aedd3 00000000 980592e0 nt!IovCallDriver+0x2e3 877b0c58 816aedd3 84d57f18 980592c8 98059200 nt!IofCallDriver+0x62 877b0c94 816aea2d 980592e0 00000000 980592e0 nt!IopDeleteFile+0xef 877b0cac 814a08f6 00000000 97fe7502 a01d6ff0 nt!ObpRemoveObjectRoutine+0x43 877b0cc0 814a0882 980592e0 97fe7515 8b4e63e8 nt!ObfDereferenceObjectWithTag+0x5c 877b0cc8 97fe7515 8b4e63e8 00000000 877b0d1c nt!ObfDereferenceObject+0xd 877b0cd8 814ed737 8b4e63e8 a01d6ff0 816434b8 MSDMFilt+0x3515 877b0d1c 814ed854 9fb2cfd0 84d99040 00000000 nt!IopProcessWorkItem+0xa1 877b0d74 81530415 00010000 0f171e05 00000000 nt!ExpWorkerThread+0x111 877b0db0 815dc039 814ed747 00010000 00000000 nt!PspSystemThreadStartup+0x4a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 STACK_COMMAND: kb FOLLOWUP_IP: balloon+27c7 97fda7c7 8b4e08 mov ecx,dword ptr [esi+8] SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: balloon+27c7 FOLLOWUP_NAME: MachineOwner MODULE_NAME: balloon IMAGE_NAME: balloon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 588eb709 FAILURE_BUCKET_ID: AV_VRF_balloon+27c7 BUCKET_ID: AV_VRF_balloon+27c7 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_vrf_balloon+27c7 FAILURE_ID_HASH: {8cc1e982-5013-bbe1-cf12-284f258a9d62} Followup: MachineOwner --------- please try build 132 https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=537914 still hit BSOD with build 132. 2/5 failed. The memory dump file debug info as following: BugCheck D1, {8bc9f85e, 2, 8, 8bc9f85e} *** ERROR: Module load completed but symbols could not be loaded for balloon.sys *** ERROR: Module load completed but symbols could not be loaded for MSDMFilt.sys Probably caused by : balloon.sys ( balloon+885e ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 8bc9f85e, memory referenced Arg2: 00000002, IRQL Arg3: 00000008, value 0 = read operation, 1 = write operation Arg4: 8bc9f85e, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 8bc9f85e CURRENT_IRQL: 2 FAULTING_IP: balloon+885e 8bc9f85e 56 push esi IP_IN_PAGED_CODE: balloon+885e 8bc9f85e 56 push esi DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: 873ac9f8 -- (.trap 0xffffffff873ac9f8) ErrCode = 00000010 eax=00000005 ebx=659fd060 ecx=fec65770 edx=00000007 esi=75019320 edi=8afe6e58 eip=8bc9f85e esp=873aca6c ebp=873aca74 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 balloon+0x885e: 8bc9f85e 56 push esi Resetting default scope LAST_CONTROL_TRANSFER: from 80f71840 to 80efaccc FAILED_INSTRUCTION_ADDRESS: balloon+885e 8bc9f85e 56 push esi STACK_TEXT: 873ac9d8 80f71840 0000000a 8bc9f85e 00000002 nt!KiBugCheck2 873ac9d8 8bc9f85e 0000000a 8bc9f85e 00000002 nt!KiTrap0E+0x2c8 WARNING: Stack unwind information not available. Following frames may be wrong. 873aca74 85477075 659fd060 89178f98 8ae8cee8 balloon+0x885e 873aca9c 85476e8d a0306e90 8afe6d9c a0306e90 Wdf01000!FxPkgGeneral::OnClose+0xc8 873acabc 8546fbc2 a0306e90 87924ee8 a0306e90 Wdf01000!FxPkgGeneral::Dispatch+0xc0 873acae4 8546fa33 87924ee8 a0306e90 87924ee8 Wdf01000!FxDevice::Dispatch+0x155 873acb00 81295f4b 87924ee8 a0306e90 a0306e90 Wdf01000!FxDevice::DispatchWithLock+0x77 873acb20 80e3ba9f 812ad565 a0306f88 a0306fac nt!IovCallDriver+0x2e3 873acb34 812ad565 873acb5c 812ad65c 87924ee8 nt!IofCallDriver+0x62 873acb3c 812ad65c 87924ee8 a0306e90 8793ac50 nt!ViFilterIoCallDriver+0x10 873acb5c 81295f4b 8793ad08 a0306e90 879370d8 nt!ViFilterDispatchGeneric+0x5e 873acb7c 80e3ba9f 8bca5353 a0306fac a0306fd0 nt!IovCallDriver+0x2e3 873acb90 8bca5353 a0306e90 87937020 00000000 nt!IofCallDriver+0x62 873acba8 8bca4074 87937020 a0306e90 87937020 MSDMFilt+0x2353 873acbc8 81295f4b 87937020 a0306e90 a0306e90 MSDMFilt+0x1074 873acbe8 80e3ba9f 812ad565 a0306fd0 a0306ff4 nt!IovCallDriver+0x2e3 873acbfc 812ad565 873acc24 812ad65c 87937020 nt!IofCallDriver+0x62 873acc04 812ad65c 87937020 a0306e90 879372a0 nt!ViFilterIoCallDriver+0x10 873acc24 81295f4b 87937358 a0306e90 a0306e90 nt!ViFilterDispatchGeneric+0x5e 873acc44 80e3ba9f 81045dd3 00000000 8999fc58 nt!IovCallDriver+0x2e3 873acc58 81045dd3 84757f18 8999fc40 8999fc00 nt!IofCallDriver+0x62 873acc8c 80e85116 873accac 81045a2d 8999fc58 nt!IopDeleteFile+0xef 873acd08 80e847f9 80fda4b8 4c3016e5 00000000 nt!KeRemoveQueueEx+0x28b 873acd74 80ec7415 00010000 4c3017a1 00000000 nt!ExpWorkerThread+0xb6 873acdb0 80f73039 80e84747 00010000 00000000 nt!PspSystemThreadStartup+0x4a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 STACK_COMMAND: kb FOLLOWUP_IP: balloon+885e 8bc9f85e 56 push esi SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: balloon+885e FOLLOWUP_NAME: MachineOwner MODULE_NAME: balloon IMAGE_NAME: balloon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 58a05c46 FAILURE_BUCKET_ID: AV_VRF_CODE_AV_PAGED_IP_balloon+885e BUCKET_ID: AV_VRF_CODE_AV_PAGED_IP_balloon+885e ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_vrf_code_av_paged_ip_balloon+885e FAILURE_ID_HASH: {ed5ccc01-dff5-0dd8-072e-450eb76d8583} Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 8bc9f85e, memory referenced Arg2: 00000002, IRQL Arg3: 00000008, value 0 = read operation, 1 = write operation Arg4: 8bc9f85e, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 8bc9f85e CURRENT_IRQL: 2 FAULTING_IP: balloon+885e 8bc9f85e 56 push esi IP_IN_PAGED_CODE: balloon+885e 8bc9f85e 56 push esi DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: 873ac9f8 -- (.trap 0xffffffff873ac9f8) ErrCode = 00000010 eax=00000005 ebx=659fd060 ecx=fec65770 edx=00000007 esi=75019320 edi=8afe6e58 eip=8bc9f85e esp=873aca6c ebp=873aca74 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 balloon+0x885e: 8bc9f85e 56 push esi Resetting default scope LAST_CONTROL_TRANSFER: from 80f71840 to 80efaccc FAILED_INSTRUCTION_ADDRESS: balloon+885e 8bc9f85e 56 push esi STACK_TEXT: 873ac9d8 80f71840 0000000a 8bc9f85e 00000002 nt!KiBugCheck2 873ac9d8 8bc9f85e 0000000a 8bc9f85e 00000002 nt!KiTrap0E+0x2c8 WARNING: Stack unwind information not available. Following frames may be wrong. 873aca74 85477075 659fd060 89178f98 8ae8cee8 balloon+0x885e 873aca9c 85476e8d a0306e90 8afe6d9c a0306e90 Wdf01000!FxPkgGeneral::OnClose+0xc8 873acabc 8546fbc2 a0306e90 87924ee8 a0306e90 Wdf01000!FxPkgGeneral::Dispatch+0xc0 873acae4 8546fa33 87924ee8 a0306e90 87924ee8 Wdf01000!FxDevice::Dispatch+0x155 873acb00 81295f4b 87924ee8 a0306e90 a0306e90 Wdf01000!FxDevice::DispatchWithLock+0x77 873acb20 80e3ba9f 812ad565 a0306f88 a0306fac nt!IovCallDriver+0x2e3 873acb34 812ad565 873acb5c 812ad65c 87924ee8 nt!IofCallDriver+0x62 873acb3c 812ad65c 87924ee8 a0306e90 8793ac50 nt!ViFilterIoCallDriver+0x10 873acb5c 81295f4b 8793ad08 a0306e90 879370d8 nt!ViFilterDispatchGeneric+0x5e 873acb7c 80e3ba9f 8bca5353 a0306fac a0306fd0 nt!IovCallDriver+0x2e3 873acb90 8bca5353 a0306e90 87937020 00000000 nt!IofCallDriver+0x62 873acba8 8bca4074 87937020 a0306e90 87937020 MSDMFilt+0x2353 873acbc8 81295f4b 87937020 a0306e90 a0306e90 MSDMFilt+0x1074 873acbe8 80e3ba9f 812ad565 a0306fd0 a0306ff4 nt!IovCallDriver+0x2e3 873acbfc 812ad565 873acc24 812ad65c 87937020 nt!IofCallDriver+0x62 873acc04 812ad65c 87937020 a0306e90 879372a0 nt!ViFilterIoCallDriver+0x10 873acc24 81295f4b 87937358 a0306e90 a0306e90 nt!ViFilterDispatchGeneric+0x5e 873acc44 80e3ba9f 81045dd3 00000000 8999fc58 nt!IovCallDriver+0x2e3 873acc58 81045dd3 84757f18 8999fc40 8999fc00 nt!IofCallDriver+0x62 873acc8c 80e85116 873accac 81045a2d 8999fc58 nt!IopDeleteFile+0xef 873acd08 80e847f9 80fda4b8 4c3016e5 00000000 nt!KeRemoveQueueEx+0x28b 873acd74 80ec7415 00010000 4c3017a1 00000000 nt!ExpWorkerThread+0xb6 873acdb0 80f73039 80e84747 00010000 00000000 nt!PspSystemThreadStartup+0x4a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 STACK_COMMAND: kb FOLLOWUP_IP: balloon+885e 8bc9f85e 56 push esi SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: balloon+885e FOLLOWUP_NAME: MachineOwner MODULE_NAME: balloon IMAGE_NAME: balloon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 58a05c46 FAILURE_BUCKET_ID: AV_VRF_CODE_AV_PAGED_IP_balloon+885e BUCKET_ID: AV_VRF_CODE_AV_PAGED_IP_balloon+885e ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_vrf_code_av_paged_ip_balloon+885e FAILURE_ID_HASH: {ed5ccc01-dff5-0dd8-072e-450eb76d8583} Followup: MachineOwner --------- Created attachment 1250103 [details]
screenshot of guest bsod with 132-BLN driver
(In reply to xiagao from comment #5) > Arg1: 8bc9f85e, memory referenced > Arg2: 00000002, IRQL > Arg3: 00000008, value 0 = read operation, 1 = write operation > Arg4: 8bc9f85e, address which referenced memory Ah, this is a code access. Part of BalloonEvtFileClose now executes at DISPATCH_LEVEL and I forgot to remove the function from the PAGE section. Fix coming. Thanks! Fix for the issue described in comment 5 has been committed: https://github.com/virtio-win/kvm-guest-drivers-windows/commit/7327107c02b9573524b7a6506660b00effa558fb Verified this bug on virtio-win-prewhql-133. guest:win8-32 (In reply to xiagao from comment #10) > Verified this bug on virtio-win-prewhql-133. > guest:win8-32 Tests more times again. Still hit bsod issue, reassign this bug. I will update the memory dump info later. still hit BSOD with build 133. 1/5 failed. The memory dump file debug info as following: BugCheck D1, {9e174dd0, 2, 0, 97780857} *** ERROR: Module load completed but symbols could not be loaded for balloon.sys *** ERROR: Module load completed but symbols could not be loaded for MSDMFilt.sys Probably caused by : balloon.sys ( balloon+2857 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 9e174dd0, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 97780857, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 9e174dd0 Special pool CURRENT_IRQL: 2 FAULTING_IP: balloon+2857 97780857 8b4e08 mov ecx,dword ptr [esi+8] DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: 87594998 -- (.trap 0xffffffff87594998) ErrCode = 00000000 eax=00000000 ebx=00000001 ecx=a6fd4f10 edx=00000000 esi=9e174dc8 edi=87594a4c eip=97780857 esp=87594a0c ebp=87594a18 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 balloon+0x2857: 97780857 8b4e08 mov ecx,dword ptr [esi+8] ds:0023:9e174dd0=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 81b82840 to 81b0bccc STACK_TEXT: 87594978 81b82840 0000000a 9e174dd0 00000002 nt!KiBugCheck2 87594978 97780857 0000000a 9e174dd0 00000002 nt!KiTrap0E+0x2c8 WARNING: Stack unwind information not available. Following frames may be wrong. 87594a18 9777f67b 9e174dc8 87594a4c 00000001 balloon+0x2857 87594a60 9777fc08 6d8c9320 a6fe2f98 a6f36fa8 balloon+0x167b 87594a74 8545e075 66833060 a6fe2f98 8e182ee8 balloon+0x1c08 87594a9c 8545de8d 9fe7ae90 92736d9c 9fe7ae90 Wdf01000!FxPkgGeneral::OnClose+0xc8 87594abc 85456bc2 9fe7ae90 97b60530 9fe7ae90 Wdf01000!FxPkgGeneral::Dispatch+0xc0 87594ae4 85456a33 97b60530 9fe7ae90 97b60530 Wdf01000!FxDevice::Dispatch+0x155 87594b00 81ea6f4b 97b60530 9fe7ae90 9fe7ae90 Wdf01000!FxDevice::DispatchWithLock+0x77 87594b20 81a4ca9f 81ebe565 9fe7af88 9fe7afac nt!IovCallDriver+0x2e3 87594b34 81ebe565 87594b5c 81ebe65c 97b60530 nt!IofCallDriver+0x62 87594b3c 81ebe65c 97b60530 9fe7ae90 8a716ec0 nt!ViFilterIoCallDriver+0x10 87594b5c 81ea6f4b 8a716f78 9fe7ae90 952667b0 nt!ViFilterDispatchGeneric+0x5e 87594b7c 81a4ca9f 9778c353 9fe7afac 9fe7afd0 nt!IovCallDriver+0x2e3 87594b90 9778c353 9fe7ae90 952666f8 00000000 nt!IofCallDriver+0x62 87594ba8 9778b074 952666f8 9fe7ae90 952666f8 MSDMFilt+0x2353 87594bc8 81ea6f4b 952666f8 9fe7ae90 9fe7ae90 MSDMFilt+0x1074 87594be8 81a4ca9f 81ebe565 9fe7afd0 9fe7aff4 nt!IovCallDriver+0x2e3 87594bfc 81ebe565 87594c24 81ebe65c 952666f8 nt!IofCallDriver+0x62 87594c04 81ebe65c 952666f8 9fe7ae90 89f361d0 nt!ViFilterIoCallDriver+0x10 87594c24 81ea6f4b 89f36288 9fe7ae90 9fe7ae90 nt!ViFilterDispatchGeneric+0x5e 87594c44 81a4ca9f 81c56dd3 00000000 8a0cac58 nt!IovCallDriver+0x2e3 87594c58 81c56dd3 85357f18 8a0cac40 8a0cac00 nt!IofCallDriver+0x62 87594c8c 81fb1796 87594cac 81c56a2d 8a0cac58 nt!IopDeleteFile+0xef 87594cac 81a488f6 00000000 9778d502 a6f08ff0 hal!KfLowerIrql+0x2c 87594cc0 81a48882 8a0cac58 9778d515 89f361d0 nt!ObfDereferenceObjectWithTag+0x5c 87594cc8 9778d515 89f361d0 00000000 87594d1c nt!ObfDereferenceObject+0xd 87594cd8 81a95737 89f361d0 a6f08ff0 81beb4b8 MSDMFilt+0x3515 87594d1c 81a95854 9a856fd0 8535c040 00000000 nt!IopProcessWorkItem+0xa1 87594d74 81ad8415 00010000 822c986f 00000000 nt!ExpWorkerThread+0x111 87594db0 81b84039 81a95747 00010000 00000000 nt!PspSystemThreadStartup+0x4a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 STACK_COMMAND: kb FOLLOWUP_IP: balloon+2857 97780857 8b4e08 mov ecx,dword ptr [esi+8] SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: balloon+2857 FOLLOWUP_NAME: MachineOwner MODULE_NAME: balloon IMAGE_NAME: balloon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 58b2e9b5 FAILURE_BUCKET_ID: AV_VRF_balloon+2857 BUCKET_ID: AV_VRF_balloon+2857 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_vrf_balloon+2857 FAILURE_ID_HASH: {37b88797-f829-30fb-256c-f387f04d8b18} Followup: MachineOwner --------- (In reply to xiagao from comment #11) > Still hit bsod issue, reassign this bug. I will update the memory dump info > later. Thank you! Confirming that I did not really fix the bug. I think I got confused by the documentation: "In summary, the framework's automatic synchronization capability provides the following features: The framework always synchronizes each device's PnP and power management callback functions." I understood it as PnP being always automatically synchronized with other device callbacks but it seems to be synchronized only with itself. Apologies for wasting your time by not running the test before posting fixes. I am setting up HCK now and reproducing the issue locally to be sure that the next fix actually works. Ok, I am unable to reproduce this. Even after writing a targeted stress test and adding a 1 second delay to BalloonEvtFileClose to increase the chances of hitting the race, I still don't see the function run in parallel with anything else. xiagao, would it be possible to get access to the problematic VM? Thanks, Ladi I have copied the virtual disk to my local host and launched the VM with the same QEMU command line. Still no crash after running the test more than a dozen times. Unfortunately I won't be able to verify the patch before I post it. I'll try my best for it to be the last fix needed :) Thanks! Fix has been committed, fingers crossed :) https://github.com/virtio-win/kvm-guest-drivers-windows/commit/22b0e4c6550d69368d03ad736cd5bb6781be65b4 Verified this bug on virtio-win-prewhql-135. guest: win8-32 run times: 7 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2341 |
Created attachment 1248261 [details] screenshot of guest bsod Description of problem: Running job "DF - PNP Stop (Rebalance) Device Test (Certification)", WIN8-32 guest occured BSOD. Version-Release number of selected component (if applicable): kernel-3.10.0-556.el7.x86_64 qemu-kvm-rhev-2.8.0-3.el7.x86_64 seabios-1.10.1-2.el7.x86_64 virtio-win-prewhql-131 How reproducible: 1/5 Steps to Reproduce: 1.boot win8-32 guest /usr/libexec/qemu-kvm -name 131BLNWIN832TOY -enable-kvm -m 3G -smp 4 -uuid e580e1ba-f23d-43f8-9c0e-f0665ec35ee7 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/131BLNWIN832TOY,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb -drive file=131BLNWIN832TOY,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=131BLNWIN832TOY.vfd,if=floppy,id=drive-fdc0-0-0,format=raw,cache=none -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:52:03:68:8f:42 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:1 -vga std -M pc -device virtio-balloon-pci,id=balloon0,bus=pci.0 2.Run the job 3.Check the guest status Actual results: BSOD Expected results: PASS Additional info: screenshot of guest bsod (attachment)