...
BugZero found this defect 813 days ago.
During the backup of a Hyper-V VM, the Hyper-V host may crash (BSOD) with a bug check 34 or 0x22.
Veeam Support has seen similar cases to this from time to time, they are generally considered rare, and when they do occur, the underlying cause requires extensive investigation. It is not uncommon for an investigation to eventually find that antivirus software installed on the Hyper-V host was the root cause. Microsoft itself has published a list of recommended antivirus exclusions for Hyper-V hosts. Always ensure any installed antivirus software is properly up to date. However, if the crashes have started recently, consider downgrading to see if the issue dissipates. When contacting Veeam Support about an issue relating to a Hyper-V host crashing, please provide a crash dump (.dmp) from the host(s) that experienced the crash. RecentlyJune/July 2022, Veeam Support has seen an uptick in cases where Hyper-V hosts crash or reboot when a backup job is running. Through investigation with customers facing these issues, a significant number of them have reported that they were able to isolate the problem to the presence of CrowdStrike Falcon Sensor 6.38.x installed on their Hyper-V host. The following link and quote from the Release Notes were provided by several customers who were advised by CrowdStrike Support that the crashes are related to an issue fixed in 6.39. https://supportportal.crowdstrike.com/s/article/Release-Notes-Falcon-sensor-for-Windows-6-39-15314"Fixed an issue introduced in Windows sensor version 6.38 that could cause a crash when unmounting a volume on a CSVFS file system. This would only occur in uncommon circumstances, such as a CVSFS failover, but could cause a crash if triggered." If you are facing a situation where a Hyper-V host is crashing or rebooting during the backup of a VM, and CrowdStrike Falcon Sensor is installed on that Hyper-V host, please get in touch with CrowdStrike Support. Customers facing this issue have reported that they were able to fully mitigate the Hyper-V host crashes by either upgrading to 6.39 or downgrading to 6.37. Other customers reported that they opted to remove CrowdStrike entirely from their Hyper-V hosts. This article does not intend to provide advice in either direction; it only serves to raise awareness of the situation.