kd> g
|
*******************************************************************************
|
*
|
* This is the string you add to your checkin description
|
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
|
*
|
*******************************************************************************
|
nt!DbgLoadImageSymbols+0x47:
|
82a26584 cc int 3
|
kd> g
|
|
*** Fatal System Error: 0x000000d5
|
(0xFAF62DC4,0x00000000,0x94F312D7,0x00000000)
|
|
Driver at fault:
|
*** win32k.sys - Address 94F312D7 base at 94EF0000, DateStamp 55345e59
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x86 compatible target at (Mon Jun 22 09:41:19.983 2015 (UTC + 2:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
................................................................
|
.........................
|
Loading User Symbols
|
.....................................
|
Loading unloaded module list
|
........
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck D5, {faf62dc4, 0, 94f312d7, 0}
|
|
*** WARNING: Unable to verify checksum for a9.exe
|
*** ERROR: Module load completed but symbols could not be loaded for a9.exe
|
Probably caused by : win32k.sys ( win32k!bGetRealizedBrush+32 )
|
|
Followup: MachineOwner
|
---------
|
|
Assertion: *** DPC watchdog timeout
|
This is NOT a break in update time
|
This is most likely a BUG in an ISR
|
Perform a stack trace to find the culprit
|
The period will be doubled on continuation
|
Use gh to continue!!
|
|
nt!KeAccumulateTicks+0x3c5:
|
82a899ec cd2c int 2Ch
|
kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
|
Memory was referenced after it was freed.
|
This cannot be protected by try-except.
|
When possible, the guilty driver's name (Unicode string) is printed on
|
the bugcheck screen and saved in KiBugCheckDriver.
|
Arguments:
|
Arg1: faf62dc4, memory referenced
|
Arg2: 00000000, value 0 = read operation, 1 = write operation
|
Arg3: 94f312d7, if non-zero, the address which referenced memory.
|
Arg4: 00000000, (reserved)
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: faf62dc4 Special pool
|
|
FAULTING_IP:
|
win32k!bGetRealizedBrush+32
|
94f312d7 8b401c mov eax,dword ptr [eax+1Ch]
|
|
MM_INTERNAL_CODE: 0
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 55345e59
|
|
MODULE_NAME: win32k
|
|
FAULTING_MODULE: 94ef0000 win32k
|
|
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
|
|
BUGCHECK_STR: 0xD5
|
|
PROCESS_NAME: a9.exe
|
|
CURRENT_IRQL: 1c
|
|
TRAP_FRAME: 92fe39c4 -- (.trap 0xffffffff92fe39c4)
|
ErrCode = 00000000
|
eax=faf62da8 ebx=fb138d68 ecx=00000001 edx=00048380 esi=00000000 edi=fe2a2f78
|
eip=94f312d7 esp=92fe3a38 ebp=92fe3ab0 iopl=0 nv up ei pl zr na pe nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
|
win32k!bGetRealizedBrush+0x32:
|
94f312d7 8b401c mov eax,dword ptr [eax+1Ch] ds:0023:faf62dc4=????????
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from 82a88eb3 to 82a899ec
|
|
STACK_TEXT:
|
92fe33e8 82a88eb3 0002625a 00000000 0000df00 nt!KeAccumulateTicks+0x3c5
|
92fe3428 82a88d60 82e3c0a8 9965d11a 00000000 nt!KeUpdateRunTime+0x145
|
92fe3480 82a88563 00000002 00000002 000000d1 nt!KeUpdateSystemTime+0x613
|
92fe3480 82e3c0a8 00000002 00000002 000000d1 nt!KeUpdateSystemTimeAssist+0x13
|
92fe3504 82e2ab8c 00001000 00000000 92fe3564 hal!READ_PORT_USHORT+0x8
|
92fe3514 82e2acf5 82aed582 6512b1f3 00000065 hal!HalpCheckPowerButton+0x2e
|
92fe3518 82aed582 6512b1f3 00000065 00000000 hal!HaliHaltSystem+0x7
|
92fe3564 82aee029 00000003 00000000 000fad6a nt!KiBugCheckDebugBreak+0x73
|
92fe3928 82a9bff9 00000050 faf62dc4 00000000 nt!KeBugCheck2+0x68b
|
92fe39ac 82a4ea88 00000000 faf62dc4 00000000 nt!MmAccessFault+0x104
|
92fe39ac 94f312d7 00000000 faf62dc4 00000000 nt!KiTrap0E+0xdc
|
92fe3ab0 94f34257 00000000 fb138d68 94f2e364 win32k!bGetRealizedBrush+0x32
|
92fe3ac8 94fabf53 fb138d68 00000000 00000000 win32k!pvGetEngRbrush+0x1f
|
92fe3b2c 950b44a3 fae72db8 00000000 00000000 win32k!EngBitBlt+0x337
|
92fe3c00 82a4b8a6 fae72db8 00000000 00000000 win32k!NtGdiEngBitBlt+0x245
|
92fe3c00 76ff7074 fae72db8 00000000 00000000 nt!KiSystemServicePostCall
|
0018f12c 76fa7119 72337873 01830000 00000000 ntdll!KiFastSystemCallRet
|
0018f130 72337873 01830000 00000000 00000000 GDI32!NtGdiEngBitBlt+0xc
|
0018f1a0 76f71a05 01830000 00000000 00000000 FXSDRV!DrvBitBlt+0x1ff
|
0018f1fc 76cc14bc 0018fa64 0018f214 00000004 GDI32!GdiPrinterThunk+0x28b
|
0018fa4c 76ff6fae 0018fa64 00000040 0018fb44 USER32!__ClientPrinterThunk+0x28
|
0018faa0 00c110a0 00000000 0721075a 000000d4 ntdll!KiUserCallbackDispatcher+0x2e
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0018fac0 00c11213 0721075a 000000d4 00000084 a9+0x10a0
|
0018fb0c 00c113f4 00000001 0023ee48 00244ec0 a9+0x1213
|
0018fb54 76a8ee1c 7ffde000 0018fba0 7701399b a9+0x13f4
|
0018fb60 7701399b 7ffde000 771d41ea 00000000 kernel32!BaseThreadInitThunk+0xe
|
0018fba0 7701396e 00c11471 7ffde000 00000000 ntdll!__RtlUserThreadStart+0x70
|
0018fbb8 00000000 00c11471 7ffde000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!bGetRealizedBrush+32
|
94f312d7 8b401c mov eax,dword ptr [eax+1Ch]
|
|
SYMBOL_STACK_INDEX: b
|
|
SYMBOL_NAME: win32k!bGetRealizedBrush+32
|
|
FOLLOWUP_NAME: MachineOwner
|
|
FAILURE_BUCKET_ID: 0xD5_VRF_win32k!bGetRealizedBrush+32
|
|
BUCKET_ID: 0xD5_VRF_win32k!bGetRealizedBrush+32
|
|
Followup: MachineOwner
|
---------
|
|