Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1130853

Summary: [whql][balloon][rhel6]guest bsod with 7e code when running DF - PNP* jobs
Product: Red Hat Enterprise Linux 7 Reporter: lijin <lijin>
Component: virtio-winAssignee: Gal Hammer <ghammer>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: bcao, ghammer, knoel, lijin, mdeng, rbalakri, shuyu, tlavigne, virt-maint, vrozenfe
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virtio-win-prewhql-0.1-90 Doc Type: Bug Fix
Doc Text:
Cause: guest bsod with 7e code when running DF - PNP* jobs Consequence: running WHQL DF - PNP* jobs on balloon driver will lead to triggering SYSTEM_THREAD_EXCEPTION_NOT_HANDLED Fix: Update balloon memory statistics only if status virtio-win queue is available. Result: WHQL DF - PNP* jobs on balloon driver can be passed witout BSOD.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 05:34:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1113910, 1131838    

Description lijin 2014-08-18 03:30:21 UTC 
Description of problem:
guest bsod with 7e code when running following jobs:
win8-32:
DF - PNP Rebalance Fail Restart Device Test (Certification)
DF - PNP Rebalance Request New Resources Device Test (Certification)
DF - PNP Surprise Remove Device Test (Certification)
DF - PNP Stop (Rebalance) Device Test (Certification)

win8-64:
DF - PNP Rebalance Request New Resources Device Test (Certification)
DF - PNP Surprise Remove Device Test (Certification)

Version-Release number of selected component (if applicable):
virtio-win-prewhql-88
qemu-kvm-rhev-0.12.1.2-2.428.el6.x86_64
kernel-2.6.32-486.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot guest with:
/usr/libexec/qemu-kvm -name 088BLNWIN832GQF -enable-kvm -m 2G -smp 2
-uuid a9a69915-a245-4c5d-9087-3695619148a0 -nodefconfig -nodefaults
-chardev socket,id=charmonitor,path=/tmp/088BLNWIN832GQF,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=localtime,driftfix=slew -boot order=cd,menu=on -device
piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
file=088BLNWIN832GQF,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0
-drive
file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw
-device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0
-drive
file=088BLNWIN832GQF.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none
-global isa-fdc.driveA=drive-fdc0-0-0 -netdev
tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device
rtl8139,netdev=hostnet0,id=net0,mac=00:52:08:03:0d:20,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device
isa-serial,chardev=charserial0,id=isa_serial0 -device
usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7
2.submit job in hck

Actual results:
guest bsod during test,job failed

Expected results:
no bsod,job can pass

Additional info:
the windbg info:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8ca715c9, The address that the exception occurred at
Arg3: 82998964, Exception Record Address
Arg4: 82998530, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
balloon+15c9
8ca715c9 8b4804          mov     ecx,dword ptr [eax+4]

EXCEPTION_RECORD:  82998964 -- (.exr 0xffffffff82998964)
ExceptionAddress: 8ca715c9 (balloon+0x000015c9)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

CONTEXT:  82998530 -- (.cxr 0xffffffff82998530)
eax=00000000 ebx=00001000 ecx=00000000 edx=82998a50 esi=8bebae30 edi=8ca73972
eip=8ca715c9 esp=82998a2c ebp=82998a64 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
balloon+0x15c9:
8ca715c9 8b4804          mov     ecx,dword ptr [eax+4] ds:0023:00000004=????????
Resetting default scope

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000004

READ_ADDRESS:  00000004 

FOLLOWUP_IP: 
balloon+15c9
8ca715c9 8b4804          mov     ecx,dword ptr [eax+4]

BUGCHECK_STR:  AV

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 8ca7798e to 8ca715c9

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
82998a64 8ca7798e 74145348 8bec0fa8 82998a9c balloon+0x15c9
82998a74 8504e075 60017060 8be9af98 8bffaee8 balloon+0x798e
82998a9c 8504de8d a0152e70 8bebad74 a0152e70 Wdf01000!FxPkgGeneral::OnClose+0xc8
82998abc 85046bc2 a0152e70 8756cd88 a0152e70 Wdf01000!FxPkgGeneral::Dispatch+0xc0
82998ae4 85046a33 8756cd88 a0152e70 8756cd88 Wdf01000!FxDevice::Dispatch+0x155
82998b00 8189cf4b 8756cd88 a0152e70 a0152e70 Wdf01000!FxDevice::DispatchWithLock+0x77
82998b20 81442a9f 818b4565 a0152f8c a0152fb0 nt!IovCallDriver+0x2e3
82998b34 818b4565 82998b5c 818b465c 8756cd88 nt!IofCallDriver+0x62
82998b3c 818b465c 8756cd88 a0152e70 8756cc28 nt!ViFilterIoCallDriver+0x10
82998b5c 8189cf4b 8756cce0 a0152e70 8756cb58 nt!ViFilterDispatchGeneric+0x5e
82998b7c 81442a9f 81aa7353 a0152fb0 a0152fd4 nt!IovCallDriver+0x2e3
82998b90 81aa7353 a0152e70 8756caa0 00000000 nt!IofCallDriver+0x62
82998ba8 81aa6074 8756caa0 a0152e70 8756caa0 MSDMFilt!FilterPassIrpWithRemoveLockAcquired+0x7d
82998bc8 8189cf4b 8756caa0 a0152e70 a0152e70 MSDMFilt!FilterClose+0x19c
82998be8 81442a9f 818b4565 a0152fd4 a0152ff8 nt!IovCallDriver+0x2e3
82998bfc 818b4565 82998c24 818b465c 8756caa0 nt!IofCallDriver+0x62
82998c04 818b465c 8756caa0 a0152e70 8756c7f0 nt!ViFilterIoCallDriver+0x10
82998c24 8189cf4b 8756c8a8 a0152e70 a0152e70 nt!ViFilterDispatchGeneric+0x5e
82998c44 81442a9f 8164cdd3 00000000 8a92a490 nt!IovCallDriver+0x2e3
82998c58 8164cdd3 8458fcf0 8a92a478 8a92a400 nt!IofCallDriver+0x62
82998c8c 819a7796 82998cac 8164ca2d 8a92a490 nt!IopDeleteFile+0xef
82998cac 8143e8f6 00000000 81aa8502 9fff8ff0 hal!KfLowerIrql+0x2c
82998cc0 8143e882 8a92a490 81aa8515 8756c7f0 nt!ObfDereferenceObjectWithTag+0x5c
82998cc8 81aa8515 8756c7f0 00000000 82998d1c nt!ObfDereferenceObject+0xd
82998cd8 8148b737 8756c7f0 9fff8ff0 815e14b8 MSDMFilt!FilterDerefFileObjectWorker+0x13
82998d1c 8148b854 9fffafd0 8459d600 00000000 nt!IopProcessWorkItem+0xa1
82998d74 814ce415 00010000 24c0daaf 00000000 nt!ExpWorkerThread+0x111
82998db0 8157a039 8148b747 00010000 00000000 nt!PspSystemThreadStartup+0x4a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  balloon+15c9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: balloon

IMAGE_NAME:  balloon.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  53d74aaa

STACK_COMMAND:  .cxr 0xffffffff82998530 ; kb

FAILURE_BUCKET_ID:  AV_VRF_balloon+15c9

BUCKET_ID:  AV_VRF_balloon+15c9

Followup: MachineOwner
---------
Comment 4 Gal Hammer 2014-08-18 12:51:07 UTC 
Is the balloon's service is running on the guest during the HCK tests?
Comment 5 Mike Cao 2014-08-18 15:13:19 UTC 
(In reply to Gal Hammer from comment #4)
> Is the balloon's service is running on the guest during the HCK tests?

No.
Comment 7 lijin 2014-09-01 01:59:52 UTC 
test with virtio-win-prewhql-90,all jobs passed,no bsod,so this issue has been fixed.

package info:
virtio-win-prewhql-90
kernel-2.6.32-486.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.428.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
spice-server-0.12.4-9.el6.x86_64
Comment 8 Mike Cao 2014-09-01 05:17:06 UTC 
Move status to Verified according to comment #7
Comment 12 errata-xmlrpc 2015-03-05 05:34:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0289.html