Description of problem:
Running a windows xp vm with spice. no vdagent in vm. boot up once with spice client connected from bios screen. login to windows. disconnect spice client. reconnect spice client. BSOD. !analyze -v attached. Didn't have debug symbols.

spice client sends a message to any vdagent around. No vdagent is running in the vm (this happens whether vdagent is running or not).

Version-Release number of selected component (if applicable):
7/16/2011
51.62.102.1000

How reproducible:
100%

Steps to Reproduce:
1. Running a windows xp vm with spice.
2. no vdagent in vm.
3. boot up once with spice client connected from bios screen.
4. login to windows.
5. disconnect spice client.
6. reconnect spice client.
  
Actual results:
BSOD. !analyze -v below. Didn't have debug symbols.

Expected results:
Normal connection.

Additional info:

(dump is 42 MB - anyone who wants it please tell me and I'll copy it over, don't want to overload bugzilla)

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.





Loading Dump File [Z:\wdf01000_dump\MEMORY.DMP]

Kernel Summary Dump File: Only kernel address space is available



WARNING: Inaccessible path: '\\orion.tlv.redhat.com\public\alevy\internal-kvm-guest-drivers-windows\virtio-serial\objchk_wxp_x86\i386'

Symbol search path is: SRV*C:\websymbols*http://msdl.microsoft.com/download/symbols;C:\symbols\local;\\orion.tlv.redhat.com\public\alevy\internal-kvm-guest-drivers-windows\virtio-serial\objchk_wxp_x86\i386

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp2_rtm.040803-2158

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0

Debug session time: Sun Aug  7 07:22:52.109 2011 (GMT-7)

System Uptime: 0 days 0:01:03.031

Loading Kernel Symbols

...............................................................

....................................

Loading User Symbols



Loading unloaded module list

............

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************



Use !analyze -v to get detailed debugging information.



BugCheck D1, {1c, 2, 1, f828f931}



*** ERROR: Module load completed but symbols could not be loaded for vioser.sys

Probably caused by : vioser.sys ( vioser+b24 )



Followup: MachineOwner

---------



kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************



DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high.  This is usually

caused by drivers using improper addresses.

If kernel debugger is available get stack backtrace.

Arguments:

Arg1: 0000001c, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: f828f931, address which referenced memory



Debugging Details:

------------------





WRITE_ADDRESS:  0000001c 



CURRENT_IRQL:  2



FAULTING_IP: 

wdf01000!imp_WdfRequestCompleteWithInformation+c2

f828f931 89511c          mov     dword ptr [ecx+1Ch],edx



DEFAULT_BUCKET_ID:  INTEL_CPU_MICROCODE_ZERO



BUGCHECK_STR:  0xD1



PROCESS_NAME:  Idle



TRAP_FRAME:  80548d44 -- (.trap 0xffffffff80548d44)

ErrCode = 00000002

eax=82174160 ebx=00000000 ecx=00000000 edx=00000017 esi=82174118 edi=00000100

eip=f828f931 esp=80548db8 ebp=80548dc0 iopl=0         nv up ei ng nz ac pe nc

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296

wdf01000!imp_WdfRequestCompleteWithInformation+0xc2:

f828f931 89511c          mov     dword ptr [ecx+1Ch],edx ds:0023:0000001c=????????

Resetting default scope



LAST_CONTROL_TRANSFER:  from f828f931 to 8053f853



STACK_TEXT:  

80548d44 f828f931 badb0d00 00000017 00000000 nt!KiTrap0E+0x233

80548dc0 f875ab24 00000000 82174118 00000000 wdf01000!imp_WdfRequestCompleteWithInformation+0xc2

WARNING: Stack unwind information not available. Following frames may be wrong.

80548e00 f82c9dad 00000002 7de41fe8 80551b80 vioser+0xb24

80548e1c f82c9df6 8232b908 00000000 ffdff980 wdf01000!FxInterrupt::DpcHandler+0x60

80548e2c 80540d5d 8232b954 8232b908 8232b908 wdf01000!FxInterrupt::_InterruptDpcThunk+0x13

80548e50 80540cd6 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46

80548e54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26





STACK_COMMAND:  kb



FOLLOWUP_IP: 

vioser+b24

f875ab24 ff4508          inc     dword ptr [ebp+8]



SYMBOL_STACK_INDEX:  2



SYMBOL_NAME:  vioser+b24



FOLLOWUP_NAME:  MachineOwner



MODULE_NAME: vioser



IMAGE_NAME:  vioser.sys



DEBUG_FLR_IMAGE_TIMESTAMP:  4e21fbf3



FAILURE_BUCKET_ID:  0xD1_vioser+b24



BUCKET_ID:  0xD1_vioser+b24



Followup: MachineOwner

---------