Bug 842961 - [whql][balloon] [Job Id 1710]BSOD occurs dueing running "WDF Fault injection Logo Testing" job
[whql][balloon] [Job Id 1710]BSOD occurs dueing running "WDF Fault injection ...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Vadim Rozenfeld
Virtualization Bugs
: Regression
Depends On:
  Show dependency treegraph
Reported: 2012-07-25 02:14 EDT by Min Deng
Modified: 2013-02-21 05:40 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-21 05:40:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
BSOD-issue (5.00 KB, application/octet-stream)
2012-07-25 02:14 EDT, Min Deng
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0441 normal SHIPPED_LIVE virtio-win bug fix and enhancement update 2013-02-20 15:48:13 EST

  None (edit)
Description Min Deng 2012-07-25 02:14:20 EDT
Created attachment 600227 [details]

Description of problem:
 The job named WDF Fault injection Logo Testing lead to BSOD issue on win7,win2k8,win8 and win2012 OS.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.Boot up guest with the CLI - 
  /usr/libexec/qemu-kvm -m 2G -smp 2 -cpu cpu64-rhel6,+x2apic -usb -device usb-tablet -drive file=win7-32.raw,if=none,id=drive-ide0-0-0,werror=stop,rerror=stop,cache=none,format=raw -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device e1000,netdev=hostnet0,mac=00:a2:1b:37:43:00,bus=pci.0,addr=0x4,id=net0 -uuid 0ccbf24a-34ea-4e83-be22-d977d0642551 -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/monitor-win7-balloon-30,server,nowait -mon chardev=111a,mode=readline -name win7-32-balloon-30 -vnc :1 -device virtio-balloon-pci,addr=0x6,bus=pci.0 -rtc base=localtime,clock=host,driftfix=slew -bios /usr/share/seabios/bios-pm.bin
2.Submit job to HCK
Actual results:
The job always failed and BSOD occurred on window7/8/2008/2012 OS

Expected results:The job can pass without any errors

Additional info:
  An piece of memory dump analysis will be uploaded to the bug and QE will also provided the dumps.
Comment 1 Mike Cao 2012-07-25 02:18:27 EDT
Add Regression keyword due to We did not hit this issue on virtio-win-prewhql-27
Comment 4 Dor Laor 2012-08-01 03:08:39 EDT
(In reply to comment #1)
> Add Regression keyword due to We did not hit this issue on
> virtio-win-prewhql-27

Is that a regression on HCK or WHQL (which isn't a regression)?
Comment 6 Mike Cao 2012-09-02 10:23:01 EDT
(In reply to comment #4)
> (In reply to comment #1)
> > Add Regression keyword due to We did not hit this issue on
> > virtio-win-prewhql-27
> Is that a regression on HCK or WHQL (which isn't a regression)?

It is the virtio-win regression 
virtio-win-prehwhql 27 balloon driver passed on WLK
virtio-win-prewhql  27 balloon driver passed on HCK
virtio-win-prwhql-30 balloon driver failed on HCK

Bases on above ,I think this bug must be fixed on RHEL6.4 release .

Ronen ,What's your idea about it ?
Comment 7 Ronen Hod 2012-09-03 01:50:34 EDT
Back to 6.4 since it is a regression, and we would like the latest code to be as WHQL-ready as possible.
Comment 8 Mike Cao 2012-09-29 02:14:05 EDT
also hit this issue on windows 8 32 bit on upstream qemu-kvm
Comment 9 Mike Cao 2012-09-29 02:14:31 EDT
Use !analyze -v to get detailed debugging information.

BugCheck C4, {cb, 9d6c0f90, 0, 0}

Probably caused by : BALLOON.sys ( BALLOON!BalloonEvtDeviceContextCleanup+6c )

Followup: MachineOwner

1: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arg1: 000000cb, Deleting uninitialized lookaside list.
Arg2: 9d6c0f90, Lookaside list address.
Arg3: 00000000
Arg4: 00000000

Debugging Details:

BUGCHECK_STR:  0xc4_cb




LOCK_ADDRESS:  81c0ae80 -- (!locks 81c0ae80)

Resource @ nt!PiEngineLock (0x81c0ae80)    Exclusively owned
    Contention Count = 15
     Threads: 8559cd40-01<*> 
1 total locks, 1 locks currently held

	Lock address  : 0x81c0ae80
	Thread Count  : 1
	Thread address: 0x8559cd40
	Thread wait   : 0x339f

LAST_CONTROL_TRANSFER:  from 81eb2818 to 81b0fcb0

877d840c 81eb2818 000000c4 000000cb 9d6c0f90 nt!KeBugCheckEx
877d8434 81ebd09a 000000c4 000000cb 9d6c0f90 nt!VerifierBugCheckIfAppropriate+0x3d
877d8460 81ebd398 9d6c0f90 877d8484 988d5fd4 nt!ViLookasideDelete+0x5c
877d846c 988d5fd4 9d6c0f90 00000000 6293f340 nt!VerifierExDeleteNPagedLookasideList+0xd
877d8484 858796d7 6293f340 00000000 9d6c0cb8 BALLOON!BalloonEvtDeviceContextCleanup+0x6c [c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\device.c @ 212]
877d84a0 85879af6 9d6c0cb8 00000005 6293f340 Wdf01000!FxObject::DisposeChildrenWorker+0x213
877d84cc 85879a6c 00000000 00000001 877d850c Wdf01000!FxObject::PerformDisposingDisposeChildrenLocked+0x7c
877d84f0 858d6a4d 00000124 00000004 8a972ce8 Wdf01000!FxObject::EarlyDispose+0xda
877d8504 858d6162 8a972c00 858d6e3f 877d8548 Wdf01000!FxPkgPnp::PnpEventRemovedCommonCode+0x86
877d850c 858d6e3f 877d8548 85894fc1 8a972ce8 Wdf01000!FxPkgFdo::PnpEventFdoRemovedOverload+0x8
877d8514 85894fc1 8a972ce8 8a972ce8 858df83c Wdf01000!FxPkgPnp::PnpEventFdoRemoved+0xd
877d8548 85894e78 8a972ce8 00000124 8a972da4 Wdf01000!FxPkgPnp::PnpEnterNewState+0x139
877d856c 858932bc 877d8590 00000000 8a972ce8 Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1c1
877d85a0 858d2e20 8a972ce8 00000200 9d6c0cb8 Wdf01000!FxPkgPnp::PnpProcessEvent+0x142
877d85bc 858bef1c 877d85d0 c0000001 9a75cf30 Wdf01000!FxPkgPnp::CleanupDeviceFromFailedCreate+0x5a
877d85e0 85891aff c0000001 00000001 82fc8478 Wdf01000!FxDevice::DeleteDeviceFromFailedCreateNoDelete+0x8b
877d880c 858919ea 9a75cf30 877d8830 81b96db1 Wdf01000!FxDriver::AddDevice+0x105
877d8818 81b96db1 908444b8 855e7a50 00000000 Wdf01000!FxDriver::AddDevice+0x22
877d8830 81d70874 855e7a50 908444b8 858919c8 nt! ?? ::FNODOBFM::`string'+0xbb3d
877d8878 81cd4e83 855a94c0 908444b8 858919c8 nt!PnpCallAddDevice+0x5e
877d8958 81cd35f1 855a94c0 877d8b80 855a94c0 nt!PipCallDriverAddDevice+0x5c5
877d8b54 81d82066 855a94c0 978b14d0 877d8b80 nt!PipProcessDevNodeTree+0x136
877d8b88 81aba515 81bef4b8 8559cd40 81bef3c0 nt!PiRestartDevice+0x7b
877d8bdc 81a99854 00000000 8559cd40 00000000 nt!PnpDeviceActionWorker+0x2f3
877d8c34 81adc415 00010000 2ae3dbe1 00000000 nt!ExpWorkerThread+0x111
877d8c70 81b88039 81a99747 00010000 00000000 nt!PspSystemThreadStartup+0x4a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


BALLOON!BalloonEvtDeviceContextCleanup+6c [c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\device.c @ 212]
988d5fd4 8b1d94548d98    mov     ebx,dword ptr [BALLOON!_imp__ExFreePoolWithTag (988d5494)]

FAULTING_SOURCE_LINE:  c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\device.c

FAULTING_SOURCE_FILE:  c:\cygwin\tmp\build\source\internal-kvm-guest-drivers-windows\balloon\sys\device.c



SYMBOL_NAME:  BALLOON!BalloonEvtDeviceContextCleanup+6c

FOLLOWUP_NAME:  MachineOwner





FAILURE_BUCKET_ID:  0xc4_cb_VRF_BALLOON!BalloonEvtDeviceContextCleanup

BUCKET_ID:  0xc4_cb_VRF_BALLOON!BalloonEvtDeviceContextCleanup

Followup: MachineOwner

1: kd> lmvm BALLOON
start    end        module name
988d2000 988d7d80   BALLOON    (private pdb symbols)  c:\testsymbols\balloon.pdb
    Loaded symbol image file: BALLOON.sys
    Image path: \SystemRoot\System32\drivers\BALLOON.sys
    Image name: BALLOON.sys
    Timestamp:        Sun Sep 23 19:32:09 2012 (505EF339)
    CheckSum:         00015D8F
    ImageSize:        00005D80
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Comment 10 Mike Cao 2012-09-29 02:37:47 EDT
affecting systems:windows 7,windows 2k8 ,win8 and win2012
Comment 11 Vadim Rozenfeld 2012-09-29 09:51:09 EDT
Hi Mike,
Could you please upload the corresponding dump file?
Thank you,
Comment 12 Vadim Rozenfeld 2012-10-09 04:37:02 EDT
should be fixed in build-40

Comment 14 Mike Cao 2012-10-26 01:31:54 EDT
QE run full round balloon whql test with virtio-win-prewhql-41 ,All jobs pass 
So this bug has been fixed already 

move status to Verified

Comment 15 errata-xmlrpc 2013-02-21 05:40:26 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.