New issue
Advanced search Search tips

Issue 433 attachment: crash_specialpool_433.txt (7.0 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************
nt!DbgLoadImageSymbols+0x47:
82a1d584 cc              int     3
kd> g

*** Fatal System Error: 0x000000d5
                       (0xFAFAADD4,0x00000000,0x95122D87,0x00000000)

Driver at fault: 
***    win32k.sys - Address 95122D87 base at 95000000, DateStamp 55345e59
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Wed Jun  3 11:17:23.017 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
..........................
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {fafaadd4, 0, 95122d87, 0}

*** WARNING: Unable to verify checksum for a5.exe
*** ERROR: Module load completed but symbols could not be loaded for a5.exe
Probably caused by : win32k.sys ( win32k!UMPDOBJ::pso+1c )

Followup: MachineOwner
---------

Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
82a809ec cd2c            int     2Ch
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fafaadd4, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 95122d87, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  fafaadd4 Special pool

FAULTING_IP: 
win32k!UMPDOBJ::pso+1c
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  55345e59

MODULE_NAME: win32k

FAULTING_MODULE: 95000000 win32k

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  a5.exe

CURRENT_IRQL:  1c

TRAP_FRAME:  9d7b08e8 -- (.trap 0xffffffff9d7b08e8)
ErrCode = 00000000
eax=9d7b09a0 ebx=faf3af10 ecx=faf3af10 edx=00000000 esi=fafaadb8 edi=0000006c
eip=95122d87 esp=9d7b095c ebp=9d7b096c iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
win32k!UMPDOBJ::pso+0x1c:
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch] ds:0023:fafaadd4=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82a7feb3 to 82a809ec

STACK_TEXT:  
9d7b0310 82a7feb3 0002625a 00000000 00003d00 nt!KeAccumulateTicks+0x3c5
9d7b0350 82a7fd60 82e330a8 b98efc7e 00000000 nt!KeUpdateRunTime+0x145
9d7b03a8 82a7f563 00000002 00000002 000000d1 nt!KeUpdateSystemTime+0x613
9d7b03a8 82e330a8 00000002 00000002 000000d1 nt!KeUpdateSystemTimeAssist+0x13
9d7b042c 82e21b8c 00001000 00000000 9d7b048c hal!READ_PORT_USHORT+0x8
9d7b043c 82e21cf5 82ae4582 59e1dc1b 00000065 hal!HalpCheckPowerButton+0x2e
9d7b0440 82ae4582 59e1dc1b 00000065 00000000 hal!HaliHaltSystem+0x7
9d7b048c 82ae5029 00000003 00000000 000fc15a nt!KiBugCheckDebugBreak+0x73
9d7b0850 82a92ff9 00000050 fafaadd4 00000000 nt!KeBugCheck2+0x68b
9d7b08d0 82a45a88 00000000 fafaadd4 00000000 nt!MmAccessFault+0x104
9d7b08d0 95122d87 00000000 fafaadd4 00000000 nt!KiTrap0E+0xdc
9d7b096c 951300d8 faf3af38 9d7b09a0 00000000 win32k!UMPDOBJ::pso+0x1c
9d7b09cc 951336d2 fafaadb8 0000101a 0000006c win32k!UMPDDrvEscape+0x14a
9d7b0a10 9512c79b fafaadb8 0000101a 0000006c win32k!PDEVOBJ::Escape+0x39
9d7b0adc 9512cc03 9d7b0b00 0000101a 0000006c win32k!GreExtEscapeInternal+0x406
9d7b0b0c 9512caec 02210821 0000101a 0000006c win32k!GreExtEscape+0x33
9d7b0c0c 82a428a6 02210821 00000000 00000000 win32k!NtGdiExtEscape+0x303
9d7b0c0c 76ef7074 02210821 00000000 00000000 nt!KiSystemServicePostCall
0018f240 76982edc 76982eba 02210821 00000000 ntdll!KiFastSystemCallRet
0018f244 76982eba 02210821 00000000 00000000 GDI32!NtGdiExtEscape+0xc
0018f4b4 6bc03d74 02210821 0000101a 0000006c GDI32!ExtEscape+0x351
0018f4e4 6bc03e03 02210821 0000006c 014a2e88 mxdwdui!SendXMFEscape+0x82
0018f51c 6bbf8c0d 02210821 0000006c 014a2e88 mxdwdui!SendXMFEscape+0x5f
0018f560 6bbf8e14 0018f5e8 014a2e70 001bcc00 mxdwdui!TOemUI::SendFilenameToDriver+0x11d
0018f5b4 6bbf8913 0018f5e8 0018fbb8 001b4afc mxdwdui!TOemUI::DocEventStartDocPre+0x9e
0018fa30 6bc39188 014a2e70 001b4afc 02210821 mxdwdui!TOemUI::DocumentEvent+0x14c
0018fa5c 6bc391bf 001bcd2c 001b4afc 02210821 unidrvui!HComOEMDocumentEvent+0x45
0018faa0 6df6fd65 001b4afc 02210821 00000005 unidrvui!DrvDocumentEvent+0x69
0018fb00 6df7685c 001b4afc 02210821 00000005 winspool!CallDrvDocumentEventNative+0x6d
0018fb34 769818b0 00000001 02210821 00000005 winspool!DocumentEvent+0x1a6
0018fb5c 769a5fa6 001bbcd0 001b4afc 02210821 GDI32!DocumentEventEx+0x7e
0018fc98 0033115b 02210821 0018fca8 00000014 GDI32!StartDocW+0x1e0
WARNING: Stack unwind information not available. Following frames may be wrong.
0018fce0 00331337 00000001 001aee30 001b22c8 a5+0x115b
0018fd28 767bee1c 7ffdf000 0018fd74 76f1399b a5+0x1337
0018fd34 76f1399b 7ffdf000 76e33788 00000000 kernel32!BaseThreadInitThunk+0xe
0018fd74 76f1396e 003313b4 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70
0018fd8c 00000000 003313b4 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!UMPDOBJ::pso+1c
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch]

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  win32k!UMPDOBJ::pso+1c

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_win32k!UMPDOBJ::pso+1c

BUCKET_ID:  0xD5_VRF_win32k!UMPDOBJ::pso+1c

Followup: MachineOwner