Bug 829662 - [virtio-win][balloon]win2012 BSOD after ballooning guest memeory some times
[virtio-win][balloon]win2012 BSOD after ballooning guest memeory some times
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Vadim Rozenfeld
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-07 04:57 EDT by Mike Cao
Modified: 2013-07-01 00:40 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-18 02:21:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike Cao 2012-06-07 04:57:37 EDT
Description of problem:


Version-Release number of selected component (if applicable):
virtio-win-1.5.2

How reproducible:
only 1

Steps to Reproduce:
1.Start Guest with -device virtiob-balloon-pci.
CLI:/usr/libexec/qemu-kvm -m 8G -smp 2 -cpu cpu64-rhel6 -name test -uuid 9ea661a0-34fa-477c-a9f2-0d15b63121e8 -rtc base=utc,clock=host,driftfix=slew -drive file=win2012.raw,if=none,id=drive-test,format=raw -device ide-drive,id=test,drive=drive-test -netdev tap,id=test -device virtio-net-pci,netdev=test,id=ttt,mac=00:00:00:00:00:10 -spice port=5910,disable-ticketing -vga qxl -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0 -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0,bus=virtio-serial0.0 -bios /usr/share/seabios/bios-pm.bin  -monitor stdio -cdrom /usr/share/virtio-win/virtio-win.iso
2.balloon guest memeory
eg:following is my steps, not sure which one cause guest BSOD
(qemu) balloon ----4096
(qemu) info balloon 
balloon: actual=4096
(qemu) balloon 1+3
(qemu) info balloon 
balloon: actual=3816
(qemu) 
(qemu) info balloon 
balloon: actual=3630
(qemu) info balloon 
balloon: actual=3554
(qemu) balloon 5*1024
(qemu) info balloon 
balloon: actual=5120
(qemu) info balloon 
balloon: actual=5120
(qemu) info balloon 
balloon: actual=5120
(qemu) balloon 5*1024
(qemu) inf oba
unknown command: 'inf'
(qemu) balloon 
unexpected end of expression
(qemu) balloon +1,3
balloon: extraneous characters at the end of line
(qemu) balloon +1
(qemu) balloon 6/0
division by zero
(qemu) 
(qemu) 
(qemu) balloon 6/0.000
division by zero
(qemu) balloon 6/0.001
division by zero
(qemu) balloon 6/0.001
division by zero
(qemu) balloon 6/0.1
division by zero
(qemu) balloon 6.0/0.1
balloon: extraneous characters at the end of line
(qemu) balloon 6.0
balloon: extraneous characters at the end of line
(qemu) balloon 6.0
balloon: extraneous characters at the end of line
(qemu) balloon 6.
balloon: extraneous characters at the end of line
(qemu) balloon 100000000000000/1000000000
(qemu) info balloon 
balloon: actual=5906
(qemu) info balloon 
balloon: actual=8054
(qemu) info balloon 
balloon: actual=8054
(qemu) info balloon 
balloon: actual=8054
(qemu) info balloon 
balloon: actual=8054
(qemu) info balloon 
balloon: actual=8054
(qemu) info balloon 
balloon: actual=8054
(qemu) balloon 100000000000000/100000000000000
(qemu) info balloon 
balloon: actual=8054

  
Actual results:
Guest BSOD

Expected results:
no BSOD occurs .

Additional info:
Comment 1 Mike Cao 2012-06-07 04:59:38 EDT
Loading Dump File [D:\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available

Symbol search path is: C:\testsymbols;SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 8400 MP (2 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 8400.0.amd64fre.winmain_win8rc.120518-1423
Machine Name:
Kernel base = 0xfffff802`7a61e000 PsLoadedModuleList = 0xfffff802`7a8e0560
Debug session time: Thu Jun  7 22:38:30.735 2012 (UTC + 8:00)
System Uptime: 1 days 1:51:00.383
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols

Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 119e, e017, fffffa8008804010}

Probably caused by : BALLOON.sys ( BALLOON!BalloonLeak+1b9 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000119e, (reserved)
Arg3: 000000000000e017, Memory contents of the pool block
Arg4: fffffa8008804010, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS:  fffffa8008804010 Nonpaged pool

BUGCHECK_STR:  0xc2_7

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8027a88a9a4 to fffff8027a664340

STACK_TEXT:  
fffff880`03108ab8 fffff802`7a88a9a4 : 00000000`000000c2 00000000`00000007 00000000`0000119e 00000000`0000e017 : nt!KeBugCheckEx
fffff880`03108ac0 fffff880`03fc3281 : fffffa80`08804010 fffffa80`074dee50 fffffa80`08804010 fffffa80`69646d4d : nt!ExAllocatePoolWithTag+0x1530
fffff880`03108ba0 fffff880`03fc223d : fffffa80`0779fe80 fffffa80`0778b6d0 fffffa80`074dee50 0000057f`f8860268 : BALLOON!BalloonLeak+0x1b9 [c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\balloon.c @ 320]
fffff880`03108be0 fffff880`01103d2a : fffffa80`0779fd90 00000000`00000000 00000000`00000000 fffff802`7a6949b1 : BALLOON!FillLeakWorkItem+0xb5 [c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\device.c @ 394]
fffff880`03108c10 fffff802`7a6bf667 : fffffa80`13499e10 fffff880`01103c00 fffff880`01103c20 ffffe24f`c43bce58 : Wdf01000!FxWorkItem::WorkItemThunk+0x10a
fffff880`03108c40 fffff802`7a696d00 : fffff802`7a89dc50 fffffa80`0784c640 fffff802`7a6bf608 00000000`69446200 : nt!IopProcessWorkItem+0x5f
fffff880`03108cb0 fffff802`7a646ec9 : fffff880`00000000 fffffa80`0784c640 00000000`00000080 00000000`80010000 : nt!ExpWorkerThread+0x150
fffff880`03108d50 fffff802`7a649386 : fffff802`7a90b180 fffffa80`0784c640 fffffa80`0674b040 fffffa80`066c2980 : nt!PspSystemThreadStartup+0x59
fffff880`03108da0 00000000`00000000 : fffff880`03109000 fffff880`03103000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
BALLOON!BalloonLeak+1b9 [c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\balloon.c @ 320]
fffff880`03fc3281 eb0d            jmp     BALLOON!BalloonLeak+0x1c8 (fffff880`03fc3290)

FAULTING_SOURCE_LINE:  c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\balloon.c

FAULTING_SOURCE_FILE:  c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\balloon.c

FAULTING_SOURCE_LINE_NUMBER:  320

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  BALLOON!BalloonLeak+1b9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: BALLOON

IMAGE_NAME:  BALLOON.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4f8a8473

BUCKET_ID_FUNC_OFFSET:  1b9

FAILURE_BUCKET_ID:  0xc2_7_BALLOON!BalloonLeak

BUCKET_ID:  0xc2_7_BALLOON!BalloonLeak

Followup: MachineOwner
---------
Comment 7 dawu 2013-02-16 03:02:45 EST
Tried to reproduce this issue with virtio-win-1.5.2 many times, but can not reproduce.
Following is the CLI:

/usr/libexec/qemu-kvm -m 8G -smp 2 -cpu cpu64-rhel6 -name test -uuid e5938f7a-b663-406e-820a-382f336faa6f -rtc base=utc,clock=host,driftfix=slew -drive file=win2012.raw,if=none,id=drive-test,format=raw -device ide-drive,id=test,drive=drive-test -netdev tap,id=test -device e1000,netdev=test,id=ttt,mac=00:00:00:00:00:10 -vnc :1  -monitor stdio -cdrom virtio-win-1.5.2.iso -vga cirrus -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=0 -device virtio-balloon-pci,addr=0x5,bus=pci.0

Best Regards,
Dawn
Comment 8 dawu 2013-02-16 03:36:39 EST
also tried three times with virtio-win-1.6.3, this issue does not reproduce.

Best Regards,
Dawn
Comment 9 Vadim Rozenfeld 2013-02-16 03:55:09 EST
Hi Dawn,
Did you enable driver verifier?

Best regards,
Vadim.
Comment 10 dawu 2013-02-16 04:48:25 EST
(In reply to comment #9)
> Hi Dawn,
> Did you enable driver verifier?
> 
> Best regards,
> Vadim.

Hi Vadim,
No, I didn't enable driver verifier,just try to reproduce this issue according to the steps bug described.
Is there is some relationship with this bug?

Thanks,
Best Regards,
Dawn
Comment 11 Vadim Rozenfeld 2013-02-16 06:01:47 EST
No, verifier was not involved in this case. But it can create some additional 
pressure  in the system.
Btw,  I have rechecked the crash dump again. This problem shouldn't happen with the recent drivers (6.4) because this code was completely redesigned.

Best regards,
Vadim.
Comment 12 dawu 2013-02-17 00:54:30 EST
Hi Vadim,

Tried 4 times with driver verifier enabled, still can not reproduce this issue with driver virtio-win-1.5.2.

Best Regards,
Dawn
Comment 13 Mike Cao 2013-02-17 00:57:39 EST
(In reply to comment #12)
> Hi Vadim,
> 
> Tried 4 times with driver verifier enabled, still can not reproduce this
> issue with driver virtio-win-1.5.2.
> 
> Best Regards,
> Dawn

Pls-Retest it w/ the win8 drivers in virtio-win-1.6.3-3
Comment 14 dawu 2013-02-17 01:29:47 EST
Retest with 2012 drivers in virtio-win-1.6.3-3, also can not reproduce this issue with driver verifier enabled.

Best Regards,
Dawn
Comment 15 Vadim Rozenfeld 2013-02-18 01:43:35 EST
(In reply to comment #14)
> Retest with 2012 drivers in virtio-win-1.6.3-3, also can not reproduce this
> issue with driver verifier enabled.
> 
> Best Regards,
> Dawn

Let's close it?

Best regards,
Vadim.
Comment 16 Mike Cao 2013-02-18 02:21:46 EST
S(In reply to comment #15)
> (In reply to comment #14)
> > Retest with 2012 drivers in virtio-win-1.6.3-3, also can not reproduce this
> > issue with driver verifier enabled.
> > 
> > Best Regards,
> > Dawn
> 
> Let's close it?
> 
> Best regards,
> Vadim.

Since this bug has been fixed in RHEL6.4.0 .
So close this bug

Note You need to log in before you can comment on or make changes to this bug.