RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1388775 - [virtio-win][vioinput]guest bsod[DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)] when run virtio-input whql jobs
Summary: [virtio-win][vioinput]guest bsod[DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virtio-win
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 7.4
Assignee: Ladi Prosek
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1395265 1401400
TreeView+ depends on / blocked
 
Reported: 2016-10-26 07:38 UTC by lijin
Modified: 2017-08-01 12:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 12:53:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
win8-32 bsod screen shot (33.43 KB, image/png)
2016-10-26 07:38 UTC, lijin 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2341 0 normal SHIPPED_LIVE virtio-win bug fix and enhancement update 2017-08-01 16:52:38 UTC

Description lijin 2016-10-26 07:38:36 UTC 
Created attachment 1214192 [details]
win8-32 bsod screen shot

Description of problem:


Version-Release number of selected component (if applicable):
virtio-win-prewhql-126

How reproducible:
1/1

Steps to Reproduce:
1.boot win8-32 guest with virtio-input device "-device virtio-tablet-pci,id=tablet0,serial=virtio-tablet":
/usr/libexec/qemu-kvm -name 126INPWIN832NUD -enable-kvm -m 3G -smp 4 -uuid 9fcea28a-7801-48b7-8906-d606e15790a1 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/126INPWIN832NUD,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=126INPWIN832NUD,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_enterprise_x86_dvd_917587.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=126INPWIN832NUD.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none -global isa-fdc.driveA=drive-fdc0-0-0 -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:52:2a:56:fa:79,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -device virtio-tablet-pci,id=tablet0,serial=virtio-tablet -monitor stdio

2.submit whql jobs

Actual results:
guest bsod with DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5) during following jobs:
DF - PNP Rebalance Fail Restart Device Test (Certification)
DF - Concurrent Hardware And Operating System (CHAOS) Test (Certification)
DF - PNP Stop (Rebalance) Device Test (Certification)
DF - PNP Rebalance Request New Resources Device Test (Certification)

Expected results:
job can pass,no bsod.

Additional info:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 9b766fe4, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 825cc57a, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  9b766fe4 Special pool

FAULTING_IP: 
vioinput+b57a
825cc57a 8b4714          mov     eax,dword ptr [edi+14h]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  vioinput.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  57ac6060

MODULE_NAME: vioinput

FAULTING_MODULE: 825c1000 vioinput

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

TRAP_FRAME:  871a8680 -- (.trap 0xffffffff871a8680)
ErrCode = 00000000
eax=00000000 ebx=81ca2771 ecx=8cfe8fe4 edx=00026559 esi=8cfe8eb8 edi=9b766fd0
eip=825cc57a esp=871a86f4 ebp=871a8704 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
vioinput+0xb57a:
825cc57a 8b4714          mov     eax,dword ptr [edi+14h] ds:0023:9b766fe4=????????
Resetting default scope

LOCK_ADDRESS:  81a01e80 -- (!locks 81a01e80)

Resource @ nt!PiEngineLock (0x81a01e80)    Exclusively owned
    Contention Count = 14
     Threads: 84f70c80-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
	Lock address  : 0x81a01e80
	Thread Count  : 1
	Thread address: 0x84f70c80
	Thread wait   : 0xddb3

LAST_CONTROL_TRANSFER:  from 819b257b to 81906cb0

STACK_TEXT:  
871a858c 819b257b 00000050 9b766fe4 00000000 nt!KeBugCheckEx
871a85dc 81849585 00000000 9b766fe4 871a8680 nt! ?? ::FNODOBFM::`string'+0x31116
871a8668 8197d654 00000000 9b766fe4 00000000 nt!MmAccessFault+0x408
871a8668 825cc57a 00000000 9b766fe4 00000000 nt!KiTrap0E+0xdc
WARNING: Stack unwind information not available. Following frames may be wrong.
871a8704 852c8270 00000000 64951058 0000011e vioinput+0xb57a
871a871c 852c7d0b 0000011e 00000001 871a8760 Wdf01000!FxPkgPnp::PnpReleaseHardware+0x32
871a872c 85285fc1 9b782ce8 9b782ce8 852d0a58 Wdf01000!FxPkgPnp::PnpEventStopped+0x11
871a8760 85285e78 9b782ce8 0000011e 9b782da4 Wdf01000!FxPkgPnp::PnpEnterNewState+0x139
871a8784 852842bc 871a87a8 9b782ce8 8bdeeee8 Wdf01000!FxPkgPnp::PnpProcessEventInner+0x1c1
871a87bc 852c3be2 9b782ce8 00000100 9b782ce8 Wdf01000!FxPkgPnp::PnpProcessEvent+0x142
871a87d0 85270b07 9b782ce8 871a87f0 8cfe8dfc Wdf01000!FxPkgPnp::_PnpStopDevice+0x25
871a87fc 85267bc2 8cff0e28 87970020 8cff0e28 Wdf01000!FxPkgPnp::Dispatch+0x1ad
871a8824 85267a33 87970020 8cff0e28 87970020 Wdf01000!FxDevice::Dispatch+0x155
871a8840 81ca1f4b 87970020 8cff0e28 8cff0e28 Wdf01000!FxDevice::DispatchWithLock+0x77
871a8860 81847a9f 81cb9565 8cff0f20 8cff0f44 nt!IovCallDriver+0x2e3
871a8874 81cb9565 871a889c 81cb9767 87970020 nt!IofCallDriver+0x62
871a887c 81cb9767 87970020 8cff0e28 8d48f588 nt!ViFilterIoCallDriver+0x10
871a889c 81ca1f4b 8d48f588 87970020 8d4ed3e0 nt!ViFilterDispatchPnp+0x6f
871a88bc 81847a9f 825d1030 8cff0f44 8cff0f68 nt!IovCallDriver+0x2e3
871a88d0 825d1030 00000000 8cff0e28 871a88fc nt!IofCallDriver+0x62
871a88e0 8b8b43a7 8d4ed3e0 8cff0e28 8cff0f68 mshidkmdf+0x1030
871a88fc 8b8bf802 8d4ed3e0 8cff0f68 8d4ed4ac HIDCLASS+0x13a7
871a8924 8b8bf9ef 8d4ed3e0 00000004 8cff0e28 HIDCLASS!HidNotifyPresence+0x4e31
871a8940 8b8bf41f 8d4ed4ac 8cff0e28 8cff0e28 HIDCLASS!HidNotifyPresence+0x501e
871a895c 8b8b40b5 8d4ed498 8d4ed3e0 8cff0e28 HIDCLASS!HidNotifyPresence+0x4a4e
871a8978 81ca1f4b 8d4ed3e0 8cff0e28 8cff0e28 HIDCLASS+0x10b5
871a8998 81847a9f 81cb9565 8cff0f8c 8cff0fb0 nt!IovCallDriver+0x2e3
871a89ac 81cb9565 871a89d4 81cb9767 8d4ed3e0 nt!IofCallDriver+0x62
871a89b4 81cb9767 8d4ed3e0 8cff0e28 973e6518 nt!ViFilterIoCallDriver+0x10
871a89d4 81ca1f4b 973e6518 8d4ed3e0 8ee360d8 nt!ViFilterDispatchPnp+0x6f
871a89f4 81847a9f 825da592 818939b3 8cff0e28 nt!IovCallDriver+0x2e3
871a8a08 825da592 8ee3f4d0 8ee360d8 8cff0e28 nt!IofCallDriver+0x62
871a8a48 825dcda5 8ee36020 8cff0e28 8cff0fb8 MSDMFilt+0x2592
871a8a60 825dbe8c 8ee36020 8cff0e28 8ee36020 MSDMFilt+0x4da5
871a8a88 81ca1f4b 8ee36020 8cff0e28 8cff0e28 MSDMFilt+0x3e8c
871a8aa8 81847a9f 81cb9565 8cff0fd4 8cff0ff8 nt!IovCallDriver+0x2e3
871a8abc 81cb9565 871a8ae4 81cb9767 8ee36020 nt!IofCallDriver+0x62
871a8ac4 81cb9767 8ee36020 8cff0e28 9615c7a8 nt!ViFilterIoCallDriver+0x10
871a8ae4 81ca1f4b 9615c7a8 8ee36020 9615c7a8 nt!ViFilterDispatchPnp+0x6f
871a8b04 81847a9f 81a7c0de 8cff1000 871a8b90 nt!IovCallDriver+0x2e3
871a8b18 81a7c0de 871a8b90 00000000 00000004 nt!IofCallDriver+0x62
871a8b4c 81bb3144 84f789f8 871a8b6c c00000bb nt!IopSynchronousCall+0x9c
871a8b90 81ba212b 00000004 84f789f8 84f79840 nt!IopQueryReconfiguration+0x7d
871a8bac 81ba210f 84f60710 84fb5008 84f79840 nt!PnpStopDeviceSubtree+0x32
871a8bc4 81ba210f 84f79840 84f7b008 84fb5008 nt!PnpStopDeviceSubtree+0x16
871a8bdc 81ba210f 84fb5008 84fa9008 84f7b008 nt!PnpStopDeviceSubtree+0x16
871a8bf4 81ba210f 84f7b008 00000000 89c4d5b0 nt!PnpStopDeviceSubtree+0x16
871a8c0c 81ba2549 84fa9008 00000000 84f60710 nt!PnpStopDeviceSubtree+0x16
871a8c48 81bb47b3 84f60710 00000000 00000000 nt!PnpRebalance+0xe3
871a8ca4 81bb2bec 84f60710 819ff7f8 00000000 nt!PnpReallocateResources+0x125
871a8cc4 8198dbec 85438928 819e64b8 84f70c80 nt!PiProcessResourceRequirementsChanged+0x9e
871a8d1c 81890854 00000000 84f70c80 00000000 nt! ?? ::FNODOBFM::`string'+0xb975
871a8d74 818d3415 00010000 44812a98 00000000 nt!ExpWorkerThread+0x111
871a8db0 8197f039 81890747 00010000 00000000 nt!PspSystemThreadStartup+0x4a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
vioinput+b57a
825cc57a 8b4714          mov     eax,dword ptr [edi+14h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  vioinput+b57a

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_vioinput+b57a

BUCKET_ID:  0xD5_VRF_vioinput+b57a

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xd5_vrf_vioinput+b57a

FAILURE_ID_HASH:  {0d5cc045-c548-8bdd-4a29-8818ed97239c}

Followup: MachineOwner
---------
Comment 4 lijin 2017-02-16 07:19:01 UTC 
all virtio-input whql jobs pass with build 132,no bsod,so this issue has been fixed.

Change status to veified
Comment 7 errata-xmlrpc 2017-08-01 12:53:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2341
Note You need to log in before you can comment on or make changes to this bug.