Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2017:2341
Created attachment 1214192 [details] win8-32 bsod screen shot Description of problem: Version-Release number of selected component (if applicable): virtio-win-prewhql-126 How reproducible: 1/1 Steps to Reproduce: 1.boot win8-32 guest with virtio-input device "-device virtio-tablet-pci,id=tablet0,serial=virtio-tablet": /usr/libexec/qemu-kvm -name 126INPWIN832NUD -enable-kvm -m 3G -smp 4 -uuid 9fcea28a-7801-48b7-8906-d606e15790a1 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/126INPWIN832NUD,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=126INPWIN832NUD,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=126INPWIN832NUD.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none -global isa-fdc.driveA=drive-fdc0-0-0 -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:52:2a:56:fa:79,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -device virtio-tablet-pci,id=tablet0,serial=virtio-tablet -monitor stdio 2.submit whql jobs Actual results: guest bsod with DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5) during following jobs: DF - PNP Rebalance Fail Restart Device Test (Certification) DF - Concurrent Hardware And Operating System (CHAOS) Test (Certification) DF - PNP Stop (Rebalance) Device Test (Certification) DF - PNP Rebalance Request New Resources Device Test (Certification) Expected results: job can pass,no bsod. Additional info: 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5) Memory was referenced after it was freed. This cannot be protected by try-except. When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: 9b766fe4, memory referenced Arg2: 00000000, value 0 = read operation, 1 = write operation Arg3: 825cc57a, if non-zero, the address which referenced memory. Arg4: 00000000, (reserved) Debugging Details: ------------------ READ_ADDRESS: 9b766fe4 Special pool FAULTING_IP: vioinput+b57a 825cc57a 8b4714 mov eax,dword ptr [edi+14h] MM_INTERNAL_CODE: 0 IMAGE_NAME: vioinput.sys DEBUG_FLR_IMAGE_TIMESTAMP: 57ac6060 MODULE_NAME: vioinput FAULTING_MODULE: 825c1000 vioinput DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0xD5 PROCESS_NAME: System CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre TRAP_FRAME: 871a8680 -- (.trap 0xffffffff871a8680) ErrCode = 00000000 eax=00000000 ebx=81ca2771 ecx=8cfe8fe4 edx=00026559 esi=8cfe8eb8 edi=9b766fd0 eip=825cc57a esp=871a86f4 ebp=871a8704 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 vioinput+0xb57a: 825cc57a 8b4714 mov eax,dword ptr [edi+14h] ds:0023:9b766fe4=???????? Resetting default scope LOCK_ADDRESS: 81a01e80 -- (!locks 81a01e80) Resource @ nt!PiEngineLock (0x81a01e80) Exclusively owned Contention Count = 14 Threads: 84f70c80-01<*> 1 total locks, 1 locks currently held PNP_TRIAGE: Lock address : 0x81a01e80 Thread Count : 1 Thread address: 0x84f70c80 Thread wait : 0xddb3 LAST_CONTROL_TRANSFER: from 819b257b to 81906cb0 STACK_TEXT: 871a858c 819b257b 00000050 9b766fe4 00000000 nt!KeBugCheckEx 871a85dc 81849585 00000000 9b766fe4 871a8680 nt! ?? ::FNODOBFM::`string'+0x31116 871a8668 8197d654 00000000 9b766fe4 00000000 nt!MmAccessFault+0x408 871a8668 825cc57a 00000000 9b766fe4 00000000 nt!KiTrap0E+0xdc WARNING: Stack unwind information not available. Following frames may be wrong. 871a8704 852c8270 00000000 64951058 0000011e vioinput+0xb57a 871a871c 852c7d0b 0000011e 00000001 871a8760 Wdf01000!FxPkgPnp::PnpReleaseHardware+0x32 871a872c 85285fc1 9b782ce8 9b782ce8 852d0a58 Wdf01000!FxPkgPnp::PnpEventStopped+0x11 871a8760 85285e78 9b782ce8 0000011e 9b782da4 Wdf01000!FxPkgPnp::PnpEnterNewState+0x139 871a8784 852842bc 871a87a8 9b782ce8 8bdeeee8 Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1c1 871a87bc 852c3be2 9b782ce8 00000100 9b782ce8 Wdf01000!FxPkgPnp::PnpProcessEvent+0x142 871a87d0 85270b07 9b782ce8 871a87f0 8cfe8dfc Wdf01000!FxPkgPnp::_PnpStopDevice+0x25 871a87fc 85267bc2 8cff0e28 87970020 8cff0e28 Wdf01000!FxPkgPnp::Dispatch+0x1ad 871a8824 85267a33 87970020 8cff0e28 87970020 Wdf01000!FxDevice::Dispatch+0x155 871a8840 81ca1f4b 87970020 8cff0e28 8cff0e28 Wdf01000!FxDevice::DispatchWithLock+0x77 871a8860 81847a9f 81cb9565 8cff0f20 8cff0f44 nt!IovCallDriver+0x2e3 871a8874 81cb9565 871a889c 81cb9767 87970020 nt!IofCallDriver+0x62 871a887c 81cb9767 87970020 8cff0e28 8d48f588 nt!ViFilterIoCallDriver+0x10 871a889c 81ca1f4b 8d48f588 87970020 8d4ed3e0 nt!ViFilterDispatchPnp+0x6f 871a88bc 81847a9f 825d1030 8cff0f44 8cff0f68 nt!IovCallDriver+0x2e3 871a88d0 825d1030 00000000 8cff0e28 871a88fc nt!IofCallDriver+0x62 871a88e0 8b8b43a7 8d4ed3e0 8cff0e28 8cff0f68 mshidkmdf+0x1030 871a88fc 8b8bf802 8d4ed3e0 8cff0f68 8d4ed4ac HIDCLASS+0x13a7 871a8924 8b8bf9ef 8d4ed3e0 00000004 8cff0e28 HIDCLASS!HidNotifyPresence+0x4e31 871a8940 8b8bf41f 8d4ed4ac 8cff0e28 8cff0e28 HIDCLASS!HidNotifyPresence+0x501e 871a895c 8b8b40b5 8d4ed498 8d4ed3e0 8cff0e28 HIDCLASS!HidNotifyPresence+0x4a4e 871a8978 81ca1f4b 8d4ed3e0 8cff0e28 8cff0e28 HIDCLASS+0x10b5 871a8998 81847a9f 81cb9565 8cff0f8c 8cff0fb0 nt!IovCallDriver+0x2e3 871a89ac 81cb9565 871a89d4 81cb9767 8d4ed3e0 nt!IofCallDriver+0x62 871a89b4 81cb9767 8d4ed3e0 8cff0e28 973e6518 nt!ViFilterIoCallDriver+0x10 871a89d4 81ca1f4b 973e6518 8d4ed3e0 8ee360d8 nt!ViFilterDispatchPnp+0x6f 871a89f4 81847a9f 825da592 818939b3 8cff0e28 nt!IovCallDriver+0x2e3 871a8a08 825da592 8ee3f4d0 8ee360d8 8cff0e28 nt!IofCallDriver+0x62 871a8a48 825dcda5 8ee36020 8cff0e28 8cff0fb8 MSDMFilt+0x2592 871a8a60 825dbe8c 8ee36020 8cff0e28 8ee36020 MSDMFilt+0x4da5 871a8a88 81ca1f4b 8ee36020 8cff0e28 8cff0e28 MSDMFilt+0x3e8c 871a8aa8 81847a9f 81cb9565 8cff0fd4 8cff0ff8 nt!IovCallDriver+0x2e3 871a8abc 81cb9565 871a8ae4 81cb9767 8ee36020 nt!IofCallDriver+0x62 871a8ac4 81cb9767 8ee36020 8cff0e28 9615c7a8 nt!ViFilterIoCallDriver+0x10 871a8ae4 81ca1f4b 9615c7a8 8ee36020 9615c7a8 nt!ViFilterDispatchPnp+0x6f 871a8b04 81847a9f 81a7c0de 8cff1000 871a8b90 nt!IovCallDriver+0x2e3 871a8b18 81a7c0de 871a8b90 00000000 00000004 nt!IofCallDriver+0x62 871a8b4c 81bb3144 84f789f8 871a8b6c c00000bb nt!IopSynchronousCall+0x9c 871a8b90 81ba212b 00000004 84f789f8 84f79840 nt!IopQueryReconfiguration+0x7d 871a8bac 81ba210f 84f60710 84fb5008 84f79840 nt!PnpStopDeviceSubtree+0x32 871a8bc4 81ba210f 84f79840 84f7b008 84fb5008 nt!PnpStopDeviceSubtree+0x16 871a8bdc 81ba210f 84fb5008 84fa9008 84f7b008 nt!PnpStopDeviceSubtree+0x16 871a8bf4 81ba210f 84f7b008 00000000 89c4d5b0 nt!PnpStopDeviceSubtree+0x16 871a8c0c 81ba2549 84fa9008 00000000 84f60710 nt!PnpStopDeviceSubtree+0x16 871a8c48 81bb47b3 84f60710 00000000 00000000 nt!PnpRebalance+0xe3 871a8ca4 81bb2bec 84f60710 819ff7f8 00000000 nt!PnpReallocateResources+0x125 871a8cc4 8198dbec 85438928 819e64b8 84f70c80 nt!PiProcessResourceRequirementsChanged+0x9e 871a8d1c 81890854 00000000 84f70c80 00000000 nt! ?? ::FNODOBFM::`string'+0xb975 871a8d74 818d3415 00010000 44812a98 00000000 nt!ExpWorkerThread+0x111 871a8db0 8197f039 81890747 00010000 00000000 nt!PspSystemThreadStartup+0x4a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 STACK_COMMAND: kb FOLLOWUP_IP: vioinput+b57a 825cc57a 8b4714 mov eax,dword ptr [edi+14h] SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: vioinput+b57a FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: 0xD5_VRF_vioinput+b57a BUCKET_ID: 0xD5_VRF_vioinput+b57a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xd5_vrf_vioinput+b57a FAILURE_ID_HASH: {0d5cc045-c548-8bdd-4a29-8818ed97239c} Followup: MachineOwner ---------