nt!DbgLoadImageSymbols+0x47:
|
82a6e584 cc int 3
|
kd> g
|
*******************************************************************************
|
*
|
* This is the string you add to your checkin description
|
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
|
*
|
*******************************************************************************
|
nt!DbgLoadImageSymbols+0x47:
|
82a6e584 cc int 3
|
kd> g
|
|
*** Fatal System Error: 0x000000d6
|
(0xFFA0B270,0x00000000,0x952E42C8,0x00000000)
|
|
Driver at fault:
|
*** win32k.sys - Address 952E42C8 base at 950F0000, DateStamp 55345e59
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x86 compatible target at (Fri May 29 12:58:00.237 2015 (UTC + 2:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
................................................................
|
.........................
|
Loading User Symbols
|
........................
|
Loading unloaded module list
|
....
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck D6, {ffa0b270, 0, 952e42c8, 0}
|
|
*** WARNING: Unable to verify checksum for a1.exe
|
*** ERROR: Module load completed but symbols could not be loaded for a1.exe
|
Probably caused by : win32k.sys ( win32k!vRop2Function1+15 )
|
|
Followup: MachineOwner
|
---------
|
|
Assertion: *** DPC watchdog timeout
|
This is NOT a break in update time
|
This is most likely a BUG in an ISR
|
Perform a stack trace to find the culprit
|
The period will be doubled on continuation
|
Use gh to continue!!
|
|
nt!KeAccumulateTicks+0x3c5:
|
82ad19ec cd2c int 2Ch
|
kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6)
|
N bytes of memory was allocated and more than N bytes are being referenced.
|
This cannot be protected by try-except.
|
When possible, the guilty driver's name (Unicode string) is printed on
|
the bugcheck screen and saved in KiBugCheckDriver.
|
Arguments:
|
Arg1: ffa0b270, memory referenced
|
Arg2: 00000000, value 0 = read operation, 1 = write operation
|
Arg3: 952e42c8, if non-zero, the address which referenced memory.
|
Arg4: 00000000, (reserved)
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: ffa0b270 Special pool
|
|
FAULTING_IP:
|
win32k!vRop2Function1+15
|
952e42c8 8b31 mov esi,dword ptr [ecx]
|
|
MM_INTERNAL_CODE: 0
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 55345e59
|
|
MODULE_NAME: win32k
|
|
FAULTING_MODULE: 950f0000 win32k
|
|
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
|
|
BUGCHECK_STR: 0xD6
|
|
PROCESS_NAME: a1.exe
|
|
CURRENT_IRQL: 1c
|
|
TRAP_FRAME: b26b6f84 -- (.trap 0xffffffffb26b6f84)
|
ErrCode = 00000000
|
eax=b26b7124 ebx=0000009c ecx=ffa0b270 edx=b26b7324 esi=b26b7738 edi=fffffffe
|
eip=952e42c8 esp=b26b6ff8 ebp=b26b6ffc iopl=0 nv up ei pl nz na pe nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
|
win32k!vRop2Function1+0x15:
|
952e42c8 8b31 mov esi,dword ptr [ecx] ds:0023:ffa0b270=????????
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from 82ad0eb3 to 82ad19ec
|
|
STACK_TEXT:
|
b26b69a8 82ad0eb3 0002625a 00000000 0000f800 nt!KeAccumulateTicks+0x3c5
|
b26b69e8 82ad0d60 82a380a8 13c6523b 00000000 nt!KeUpdateRunTime+0x145
|
b26b6a40 82ad0563 b26b6a02 b26b6a02 000000d1 nt!KeUpdateSystemTime+0x613
|
b26b6a40 82a380a8 b26b6a02 b26b6a02 000000d1 nt!KeUpdateSystemTimeAssist+0x13
|
b26b6ac4 82a26b8c 00001000 00000000 b26b6b24 hal!READ_PORT_USHORT+0x8
|
b26b6ad4 82a26cf5 82b35582 ee73fa6e 00000065 hal!HalpCheckPowerButton+0x2e
|
b26b6ad8 82b35582 ee73fa6e 00000065 00000000 hal!HaliHaltSystem+0x7
|
b26b6b24 82b36029 00000003 00000000 00000002 nt!KiBugCheckDebugBreak+0x73
|
b26b6ee8 82ae3ff9 00000050 ffa0b270 00000000 nt!KeBugCheck2+0x68b
|
b26b6f6c 82a96a88 00000000 ffa0b270 00000000 nt!MmAccessFault+0x104
|
b26b6f6c 952e42c8 00000000 ffa0b270 00000000 nt!KiTrap0E+0xdc
|
b26b6ffc 9513d8b2 b26b7124 ffa0b270 b26b7324 win32k!vRop2Function1+0x15
|
b26b75b0 9513cf3e b26b7738 000000a5 ffa0ada8 win32k!BltLnkRect+0x8e2
|
b26b783c 951ac0e1 00000000 fb2f4000 00000000 win32k!BltLnk+0x78b
|
b26b78c8 95247bf9 00000000 fb2f4010 00000000 win32k!EngBitBlt+0x4c5
|
b26b7964 9523d9be ffa0adb8 fef10db8 00000000 win32k!EngStretchBltROP+0x282
|
b26b7a44 9517003e 00000000 b26b7b84 95247977 win32k!BLTRECORD::bStretch+0x459
|
b26b7bc0 9516cced 04210785 000000af 000000d8 win32k!GreStretchBltInternal+0x785
|
b26b7bfc 82a938a6 04210785 000000af 000000d8 win32k!GreStretchBlt+0x30
|
b26b7bfc 76e57074 04210785 000000af 000000d8 nt!KiSystemServicePostCall
|
0035fcc8 001b1032 00000000 04210785 000000af ntdll!KiFastSystemCallRet
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0035fd00 001b10a1 04210785 000000af 000000d8 a1+0x1032
|
0035fd40 001b11a5 00000001 004fee48 005022c8 a1+0x10a1
|
0035fd88 7582ee1c 7ffd6000 0035fdd4 76e7399b a1+0x11a5
|
0035fd94 76e7399b 7ffd6000 76d5ada8 00000000 kernel32!BaseThreadInitThunk+0xe
|
0035fdd4 76e7396e 001b1222 7ffd6000 00000000 ntdll!__RtlUserThreadStart+0x70
|
0035fdec 00000000 001b1222 7ffd6000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!vRop2Function1+15
|
952e42c8 8b31 mov esi,dword ptr [ecx]
|
|
SYMBOL_STACK_INDEX: b
|
|
SYMBOL_NAME: win32k!vRop2Function1+15
|
|
FOLLOWUP_NAME: MachineOwner
|
|
FAILURE_BUCKET_ID: 0xD6_VRF_win32k!vRop2Function1+15
|
|
BUCKET_ID: 0xD6_VRF_win32k!vRop2Function1+15
|
|
Followup: MachineOwner
|
---------
|
|