*** Fatal System Error: 0x000000d5
|
(0xFAAE6DF0,0x00000000,0x8EBDE0CB,0x00000000)
|
|
Driver at fault:
|
*** win32k.sys - Address 8EBDE0CB base at 8EB10000, DateStamp 56422bfd
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x86 compatible target at (Fri Feb 26 10:16:40.668 2016 (UTC - 8:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
............................
|
|
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
|
Run !sym noisy before .reload to track down problems loading symbols.
|
|
....................................
|
.......
|
Loading User Symbols
|
...................
|
Loading unloaded module list
|
.....*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
|
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck D5, {faae6df0, 0, 8ebde0cb, 0}
|
|
Probably caused by : win32k.sys ( win32k!hbmSelectBitmap+ca )
|
|
Followup: MachineOwner
|
---------
|
|
nt!RtlpBreakWithStatusInstruction:
|
82cb9308 cc int 3
|
0: kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
|
Memory was referenced after it was freed.
|
This cannot be protected by try-except.
|
When possible, the guilty driver's name (Unicode string) is printed on
|
the bugcheck screen and saved in KiBugCheckDriver.
|
Arguments:
|
Arg1: faae6df0, memory referenced
|
Arg2: 00000000, value 0 = read operation, 1 = write operation
|
Arg3: 8ebde0cb, if non-zero, the address which referenced memory.
|
Arg4: 00000000, (reserved)
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: faae6df0 Special pool
|
|
FAULTING_IP:
|
win32k!hbmSelectBitmap+ca
|
8ebde0cb 854748 test dword ptr [edi+48h],eax
|
|
MM_INTERNAL_CODE: 0
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 56422bfd
|
|
MODULE_NAME: win32k
|
|
FAULTING_MODULE: 8eb10000 win32k
|
|
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
|
|
BUGCHECK_STR: 0xD5
|
|
PROCESS_NAME: c8.exe
|
|
CURRENT_IRQL: 2
|
|
TRAP_FRAME: 9067faac -- (.trap 0xffffffff9067faac)
|
ErrCode = 00000000
|
eax=04000000 ebx=00000001 ecx=00000000 edx=fa89a728 esi=ffa0ada8 edi=faae6da8
|
eip=8ebde0cb esp=9067fb20 ebp=9067fb50 iopl=0 nv up ei ng nz na po nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
|
win32k!hbmSelectBitmap+0xca:
|
8ebde0cb 854748 test dword ptr [edi+48h],eax ds:0023:faae6df0=????????
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from 82d1dce7 to 82cb9308
|
|
STACK_TEXT:
|
9067f5fc 82d1dce7 00000003 976ccf4e 00000065 nt!RtlpBreakWithStatusInstruction
|
9067f64c 82d1e7e5 00000003 00000000 000fad5e nt!KiBugCheckDebugBreak+0x1c
|
9067fa10 82ccc3c1 00000050 faae6df0 00000000 nt!KeBugCheck2+0x68b
|
9067fa94 82c7ebe8 00000000 faae6df0 00000000 nt!MmAccessFault+0x104
|
9067fa94 8ebde0cb 00000000 faae6df0 00000000 nt!KiTrap0E+0xdc
|
9067fb50 8ebde67a ffa06f68 0185000f 00000001 win32k!hbmSelectBitmap+0xca
|
9067fba4 8ebdef9a 00000000 1eb5a930 00000000 win32k!XDCOBJ::bCleanDC+0xaa
|
9067fbe0 8ebdef44 9067fc00 00000001 00000001 win32k!bDeleteDCInternalWorker+0x1b
|
9067fc0c 8ebe110e b10101cc 00000001 00000001 win32k!bDeleteDCInternal+0x30
|
9067fc28 8ebe130a 0000024c 0000024c fc09ee28 win32k!vCleanupDCs+0x2a
|
9067fc44 8ebdda35 fc09ee28 00000000 00000000 win32k!NtGdiCloseProcess+0x3f
|
9067fc64 8ebdd77c fc09ee28 00000000 8a56a488 win32k!GdiProcessCallout+0x151
|
9067fc80 82eab2a1 8ac3d3f8 00000000 976cc5fe win32k!W32pProcessCallout+0x5d
|
9067fcfc 82e9d957 00000000 ffffffff 0023f7c8 nt!PspExitThread+0x46f
|
9067fd24 82c7ba06 ffffffff 00000000 0023f7d4 nt!NtTerminateProcess+0x1fa
|
9067fd24 778b71b4 ffffffff 00000000 0023f7d4 nt!KiSystemServicePostCall
|
WARNING: Stack unwind information not available. Following frames may be wrong.
|
0023f7d4 76bebd26 00000000 77e8f3b0 ffffffff ntdll!KiFastSystemCallRet
|
0023f7e8 008d4d0a 00000000 0023f82c 008d4ca0 kernel32!ExitProcessStub+0x12
|
0023f7f4 008d4ca0 00000000 e16eef34 008e9d68 c8+0x4d0a
|
0023f82c 008d4e45 00000000 00000000 00000000 c8+0x4ca0
|
0023f840 008d18ef 00000000 e16eef98 00000000 c8+0x4e45
|
0023f880 76bdee6c 7ffd8000 0023f8cc 778d3ab3 c8+0x18ef
|
0023f88c 778d3ab3 7ffd8000 77d63cad 00000000 kernel32!BaseThreadInitThunk+0xe
|
0023f8cc 778d3a86 008d1951 7ffd8000 00000000 ntdll!RtlInitializeExceptionChain+0xef
|
0023f8e4 00000000 008d1951 7ffd8000 00000000 ntdll!RtlInitializeExceptionChain+0xc2
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!hbmSelectBitmap+ca
|
8ebde0cb 854748 test dword ptr [edi+48h],eax
|
|
SYMBOL_STACK_INDEX: 5
|
|
SYMBOL_NAME: win32k!hbmSelectBitmap+ca
|
|
FOLLOWUP_NAME: MachineOwner
|
|
FAILURE_BUCKET_ID: 0xD5_VRF_win32k!hbmSelectBitmap+ca
|
|
BUCKET_ID: 0xD5_VRF_win32k!hbmSelectBitmap+ca
|
|
Followup: MachineOwner
|
---------
|
|