1172920 – [virtio-win][vioser]winxp guest bsod with D1 code when shutdown guest after hotunplug/hotplug serial port and serial pci

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1172920 - [virtio-win][vioser]winxp guest bsod with D1 code when shutdown guest after hotunplug/hotplug serial port and serial pci

Summary: [virtio-win][vioser]winxp guest bsod with D1 code when shutdown guest after h...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	virtio-win
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Gal Hammer
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-11 05:20 UTC by lijin
Modified:	2015-11-24 08:48 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-24 08:48:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:2513	0	normal	SHIPPED_LIVE	virtio-win bug fix and enhancement update	2015-11-24 13:38:38 UTC

Description lijin 2014-12-11 05:20:06 UTC

Description of problem:
[virtio-win][vioser]winxp guest bsod with D1 code when shutdown guest after hotunplug/hotplug serial port and serial pci

Version-Release number of selected component (if applicable):
kernel-3.10.0-208.el7.x86_64
qemu-kvm-rhev-2.1.2-12.el7.x86_64
seabios-1.7.5-5.el7.x86_64
spice-server-0.12.4-8.el7.x86_64
virtio-win-prewhql-94

How reproducible:
2/3

Steps to Reproduce:
1.boot guest with on serial pci and two serialports:
/usr/libexec/qemu-kvm -drive file=winxp-new.raw,if=none,cache=none,media=disk,format=raw,id=drive-ide0-0-1 -device ide-drive,id=ide1,drive=drive-ide0-0-1,bus=ide.1,unit=1,bootindex=1 -spice port=5900,disable-ticketing -vga qxl -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -qmp tcp:0:4444,server,nowait -usb -device usb-tablet,id=tablet1 -monitor stdio -boot menu=on -netdev tap,script=/etc/qemu-ifup,id=hostnet1 -device rtl8139,netdev=hostnet1,id=net1,mac=00:52:54:fe:48:68 -cpu SandyBridge -M pc -smp 2 -m 2G -enable-kvm -device virtio-serial-pci,id=virtio-serial0,max_ports=31 -chardev socket,id=channel1,host=127.0.0.1,port=12345,server,nowait -device virtserialport,nr=1,chardev=channel1,name=com.redhat.rhevm.vdsm1,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,host=127.0.0.1,port=12346,server,nowait -device virtserialport,nr=2,chardev=channel2,name=com.redhat.rhevm.vdsm2,bus=virtio-serial0.0,id=port2

2.Transferring data form host to guest via port1 in a loop
eg:in the guest # for ((;;)) ;do python VirtIOChannel_guest_reieve.py com.redhat.rhevm.vdsm1; done
on the host # for ((;;)) ;do python serial-host-send.py; done

3.Transferring data from guest to host via port2 in a loop
eg: on the host # for ((;;)) ; do python serial-host-receive.py; done
in the guest #for ((;;)) ; do python VirtIOChannel_guest_send.py com.redhat.rhevm.vdsm2;done

4.during step2 and step3,unplug serial port and virtio-serial-pci
{"execute":"device_del","arguments":{"id":"port1"}}
{"execute":"device_del","arguments":{"id":"port2"}}
{"execute":"device_del","arguments":{"id":"virtio-serial0"}}

5.plug serial pci and serial ports:
{"execute":"device_add","arguments":{"driver":"virtio-serial-pci","id":"virtio-serial0","max_ports":"31"}}
{"execute":"device_add","arguments":{"driver":"virtserialport","name":"com.redhat.rhevm.vdsm1","chardev":"channel1","bus":"virtio-serial0.0","id":"port1"}}
{"execute":"device_add","arguments":{"driver":"virtserialport","name":"com.redhat.rhevm.vdsm2","chardev":"channel2","bus":"virtio-serial0.0","id":"port2"}}

6.repeate step4 and step5 about 5 times
7.after step6,wait 10 minutes and shutdown guest

Actual results:
guest bsod with D1 code

Expected results:
guest works well,no bsod.

Additional info:
the windbg info:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ba9497be, address which referenced memory

Debugging Details:
------------------

*** ERROR: Module load completed but symbols could not be loaded for vioser.sys

READ_ADDRESS:  00000004 

CURRENT_IRQL:  2

FAULTING_IP: 
vioser+17be
ba9497be 8b0488          mov     eax,dword ptr [eax+ecx*4]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  python.exe

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

TRAP_FRAME:  b1d74a1c -- (.trap 0xffffffffb1d74a1c)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=00000001 edx=ba94ec80 esi=899ea1fc edi=899ea1fc
eip=ba9497be esp=b1d74a90 ebp=b1d74a94 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
vioser+0x17be:
ba9497be 8b0488          mov     eax,dword ptr [eax+ecx*4] ds:0023:00000004=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from ba9497be to 805446e0

STACK_TEXT:  
b1d74a1c ba9497be badb0d00 ba94ec80 896156f0 nt!KiTrap0E+0x238
WARNING: Stack unwind information not available. Following frames may be wrong.
b1d74a94 ba949b8e 899ea1fc ba94ddba 899a77f8 vioser+0x17be
b1d74ab4 ba94a061 899ea1fc 89ac81b0 89ac821c vioser+0x1b8e
b1d74acc ba52a55d 768a0810 8ac2af68 89ac821c vioser+0x2061
b1d74ae0 ba52acd8 768a0810 8ac2afd8 89b84958 wdf01000!FxFileObjectFileCleanup::Invoke+0x24
b1d74b04 ba52b1e5 00000000 899a6820 89a73cc8 wdf01000!FxPkgGeneral::OnClose+0x7a
b1d74b20 ba521a3f 8ac2af68 b1d74b60 804ef18f wdf01000!FxPkgGeneral::Dispatch+0xb8
b1d74b2c 804ef18f 899a6820 8ac2af68 806e6428 wdf01000!FxDevice::Dispatch+0x7f
b1d74b3c 80658128 8ac2af78 8ac2af68 89767c68 nt!IopfCallDriver+0x31
b1d74b60 80583af8 89767c50 89767c40 00000000 nt!IovCallDriver+0xa0
b1d74b98 805bb466 00767c68 00000000 89767c50 nt!IopDeleteFile+0x132
b1d74bb4 805266ca 89767c68 00000000 00000130 nt!ObpRemoveObjectRoutine+0xe0
b1d74bcc 805bc33b 000001b4 00000130 e109a260 nt!ObfDereferenceObject+0x4c
b1d74be4 805c29df e1c47978 89767c68 00000130 nt!ObpCloseHandleTableEntry+0x155
b1d74c04 8060da1b e109a260 00000130 b1d74c44 nt!ObpCloseHandleProcedure+0x1f
b1d74c24 805c2ad8 e1c47978 805c29c0 b1d74c44 nt!ExSweepHandleTable+0x3b
b1d74c50 805d266f 89776020 89618f18 00000000 nt!ObKillProcess+0x5c
b1d74cf0 805d27e9 00000000 b1d74d4c 804ff93f nt!PspExitThread+0x5e9
b1d74cfc 804ff93f 89618f18 b1d74d48 b1d74d3c nt!PsExitSpecialApc+0x23
b1d74d4c 80541687 00000001 00000000 b1d74d64 nt!KiDeliverApc+0x1af
b1d74d4c 7c90e4f4 00000001 00000000 b1d74d64 nt!KiServiceExit+0x59
0021f978 00000000 00000000 00000000 00000000 0x7c90e4f4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vioser+17be
ba9497be 8b0488          mov     eax,dword ptr [eax+ecx*4]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  vioser+17be

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: vioser

IMAGE_NAME:  vioser.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  546c5a11

FAILURE_BUCKET_ID:  0xD1_VRF_vioser+17be

BUCKET_ID:  0xD1_VRF_vioser+17be

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xd1_vrf_vioser+17be

FAILURE_ID_HASH:  {e43223c9-1a7f-a8e3-6164-a98108620667}

Followup: MachineOwner
---------

Comment 3 lijin 2014-12-11 05:52:25 UTC

can reproduce this issue with virtio-win-1.7.2-2.el6.noarch

Comment 4 Mike Cao 2014-12-15 05:07:51 UTC

According to comment #3 ,it is not a regression ,postpone to 7.2.0.

Comment 6 Gal Hammer 2015-05-05 13:05:43 UTC

Commit 73eafb77 is expected to fix this bug.

Does it reproduce with build 103? Thanks.

Comment 8 Gal Hammer 2015-05-06 14:01:54 UTC

A patch was posted.

Comment 9 Vadim Rozenfeld 2015-05-24 06:20:06 UTC

please check with the latest driver, available at 
http://download.devel.redhat.com/brewroot/packages/virtio-win-prewhql/0.1/104/win/virtio-win-prewhql-0.1.zip

Comment 11 lijin 2015-05-28 05:53:52 UTC

Reproduced this issue on build94
Verified this issue on build104

steps same as comment #0

Actual Results:
on build 94,guest bsod when shut down
on build 104,guest can shutdown after hot-unplug/plug correctly,no bsod

Based on above ,this issue has been fixed already .

Comment 14 errata-xmlrpc 2015-11-24 08:48:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2513.html

Note You need to log in before you can comment on or make changes to this bug.