Bug 1783906 - [virtio-win-prewhql-174] BSOD after installing balloon driver on Win7 and Win2008r2 guest
Summary: [virtio-win-prewhql-174] BSOD after installing balloon driver on Win7 and Win...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: virtio-win
Version: 8.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 8.0
Assignee: ybendito
QA Contact: xiagao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-16 09:03 UTC by xiagao
Modified: 2020-05-01 03:13 UTC (History)
6 users (show)

Fixed In Version: virtio-win-prewhql-0.1-175
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:05:16 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
BSOD picture (13.27 KB, image/png)
2019-12-16 09:12 UTC, xiagao
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:1757 None None None 2020-04-28 16:05:30 UTC

Description xiagao 2019-12-16 09:03:12 UTC
Description of problem:
Install 174 virtio balloon driver on Win7 and Win2008r2 guest, guest hit BSOD

Version-Release number of selected component (if applicable):
kernel-4.18.0-147.0.3.el8_1.x86_64
qemu-kvm-4.1.0-19.module+el8.1.1+5172+e3ff58a1.x86_64
virtio-win-prewhql-174

How reproducible:
100%

Steps to Reproduce:
1.Boot up win200r2 guest with balloon device
-device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x3 \
-device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x3.0x5 \

-device virtio-balloon-pci,id=balloon0,bus=pci.6 \

2.Install balloon driver with 174 version


Actual results:
guest BSOD

Expected results:
driver works well

Additional info:
1. Not hit this issue with 172 version

Comment 1 xiagao 2019-12-16 09:12:13 UTC
Created attachment 1645523 [details]
BSOD picture

Comment 2 xiagao 2019-12-16 09:14:25 UTC
windbg log:

22: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 9fcb6d2c, The address that the exception occurred at
Arg3: 877e4638, Exception Record Address
Arg4: 877e4220, Context Record Address

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  7601.24354.x86fre.win7sp1_ldr_escrow.190108-1700

SYSTEM_MANUFACTURER:  Red Hat

SYSTEM_PRODUCT_NAME:  KVM

SYSTEM_VERSION:  RHEL-8.1.0 PC (Q35 + ICH9, 2009)

BIOS_VENDOR:  SeaBIOS

BIOS_VERSION:  1.12.0-5.module+el8.1.0+4022+29a53beb

BIOS_DATE:  04/01/2014

DUMP_TYPE:  1

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: ffffffff9fcb6d2c

BUGCHECK_P3: ffffffff877e4638

BUGCHECK_P4: ffffffff877e4220

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
balloon+5d2c
9fcb6d2c 8b80e4000000    mov     eax,dword ptr [eax+0E4h]

EXCEPTION_RECORD:  877e4638 -- (.exr 0xffffffff877e4638)
ExceptionAddress: 9fcb6d2c (balloon+0x00005d2c)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 000000e4
Attempt to read from address 000000e4

CONTEXT:  877e4220 -- (.cxr 0xffffffff877e4220)
eax=00000000 ebx=00000000 ecx=8499bb37 edx=9fcba000 esi=8499bb37 edi=00000000
eip=9fcb6d2c esp=877e4700 ebp=877e471c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
balloon+0x5d2c:
9fcb6d2c 8b80e4000000    mov     eax,dword ptr [eax+0E4h] ds:0023:000000e4=????????
Resetting default scope

CPU_COUNT: 18

CPU_MHZ: 82f

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3d

CPU_STEPPING: 2

CPU_MICROCODE: 6,3d,2,0 (F,M,S,R)  SIG: 1'00000000 (cache) 1'00000000 (init)

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  000000e4

FOLLOWUP_IP: 
balloon+5d2c
9fcb6d2c 8b80e4000000    mov     eax,dword ptr [eax+0E4h]

BUGCHECK_STR:  0x7E

READ_ADDRESS:  000000e4 

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_SESSION_HOST:  WIN-3IORRL4PE1F

ANALYSIS_SESSION_TIME:  12-16-2019 16:10:34.0249

ANALYSIS_VERSION: 10.0.16299.15 amd64fre

LOCK_ADDRESS:  827b7d80 -- (!locks 827b7d80)

Resource @ nt!PiEngineLock (0x827b7d80)    Exclusively owned
    Contention Count = 36
     Threads: 847c9d48-01<*> 
1 total locks

PNP_TRIAGE: 
	Lock address  : 0x827b7d80
	Thread Count  : 1
	Thread address: 0x847c9d48
	Thread wait   : 0x32d0

LAST_CONTROL_TRANSFER:  from 8285ab78 to 82727cc4

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
877e471c 9fcbb8d5 8b3eec70 6d746c42 77c0fa48 balloon+0x5d2c
877e4738 849b20e0 74c11568 77c0fa48 00000008 balloon+0xa8d5
877e4750 849b1484 8b3ee4e8 8b3ee590 8b3ee4e8 Wdf01000!FxPkgPnp::PnpEventFailedOwnHardware+0x36
877e4778 849b1db2 00000108 8b3ee590 8b3ee4e8 Wdf01000!FxPkgPnp::PnpEnterNewState+0x104
877e479c 849b247a 877e47b4 969fa0f0 8b3ee4e8 Wdf01000!FxPkgPnp::PnpProcessEventInner+0x149
877e47c0 849ab40b 00000002 00000000 877e47f0 Wdf01000!FxPkgPnp::PnpProcessEvent+0x13e
877e47d0 849aae02 8b3ee4e8 877e47f8 8e9d4f00 Wdf01000!FxPkgPnp::_PnpStartDevice+0x1e
877e47f0 84987a3f 8e9d4f00 877e4818 84987c63 Wdf01000!FxPkgPnp::Dispatch+0x207
877e47fc 84987c63 8d1f1a38 8e9d4f00 88f78278 Wdf01000!FxDevice::Dispatch+0x7f
877e4818 8298a6c3 8d1f1a38 8e9d4f00 8e9d4fd4 Wdf01000!FxDevice::DispatchWithLock+0x7b
877e483c 8267ef3e 00000000 8e9d4ff8 8d1f1a38 nt!IovCallDriver+0x258
877e4850 8299c35d 88f7e478 8e9d4f00 9289a1e8 nt!IofCallDriver+0x1b
877e4868 8298a6c3 9289a1e8 8d1f1a38 8e9d5000 nt!ViFilterDispatchPnp+0x120
877e488c 8267ef3e 00000000 877e4910 9289a1e8 nt!IovCallDriver+0x258
877e48a0 8280fbc0 00000000 8ac85030 8d0e6fc8 nt!IofCallDriver+0x1b
877e48bc 82657b83 877e48ec 8265a7db 8d0e6fc8 nt!PnpAsynchronousCall+0x92
877e4920 82806a26 8265a7db 8d0e6fc8 8ac7e880 nt!PnpStartDevice+0xe1
877e497c 828068ef 8d0e6fc8 0000003e 00000000 nt!PnpStartDeviceNode+0x12c
877e4998 8280e307 00000000 00000000 883fc528 nt!PipProcessStartPhase1+0x62
877e4b94 828dff0a 8ac7e880 883fc528 877e4bc0 nt!PipProcessDevNodeTree+0x188
877e4bc8 8265a423 827b5ca0 847c9d48 8278bd3c nt!PiRestartDevice+0x8a
877e4bf4 826afb4b 00000000 847b5d20 847c9d48 nt!PnpDeviceActionWorker+0x1fb
877e4c44 8285ab38 00000001 a1b8e556 00000000 nt!ExpWorkerThread+0x10d
877e4c90 826f8301 826afa3e 00000001 00000000 nt!PspSystemThreadStartup+0x159
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


THREAD_SHA1_HASH_MOD_FUNC:  a51c67640d81d6f72a3c380ea748682a595548aa

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  105e9953bfcb851933103dbb44237a77814dd508

THREAD_SHA1_HASH_MOD:  089316c27816212482c3398054905799ccdf938e

FAULT_INSTR_CODE:  e4808b

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  balloon+5d2c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: balloon

IMAGE_NAME:  balloon.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5df22fe9

STACK_COMMAND:  .cxr 0xffffffff877e4220 ; kb

FAILURE_BUCKET_ID:  0x7E_VRF_balloon+5d2c

BUCKET_ID:  0x7E_VRF_balloon+5d2c

PRIMARY_PROBLEM_CLASS:  0x7E_VRF_balloon+5d2c

TARGET_TIME:  2019-12-15T19:55:50.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x86

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2019-01-08 18:34:49

BUILDDATESTAMP_STR:  190108-1700

BUILDLAB_STR:  win7sp1_ldr_escrow

BUILDOSVER_STR:  6.1.7601.24354.x86fre.win7sp1_ldr_escrow.190108-1700

ANALYSIS_SESSION_ELAPSED_TIME:  cd1

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7e_vrf_balloon+5d2c

FAILURE_ID_HASH:  {d88dd172-3e9f-dea2-9edf-6c4fd065e7cf}

Followup:     MachineOwner

Comment 7 ybendito 2019-12-19 07:29:04 UTC
Fixed in virtio-win-prewhql-0.1-175

Comment 8 xiagao 2019-12-19 10:00:47 UTC
Verify this bug with virtio-win-prewhql-0.1-175.
balloon driver works.

Comment 14 errata-xmlrpc 2020-04-28 16:05:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1757

Comment 15 ybendito 2020-05-01 03:13:40 UTC
In my opinion, no special documentation required as the build with the bug was never released.
The problem exists only in intermediate build


Note You need to log in before you can comment on or make changes to this bug.