New issue
Advanced search Search tips

Issue 339 attachment: specialpool339.txt (9.4 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
Connected to Windows 7 7601 x86 compatible target at (Wed Apr 22 10:39:46.550 2015 (UTC + 2:00)), ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.comSRV*c:\symbols\*http://symbols.mozilla.org/firefox;srv*c:\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
Windows 7 Kernel Version 7601 MP (1 procs) Free x86 compatible
Built by: 7601.18741.x86fre.win7sp1_gdr.150202-1526
Machine Name:
Kernel base = 0x82a19000 PsLoadedModuleList = 0x82b635b0
System Uptime: not available
nt!DbgLoadImageSymbols+0x47:
82a31578 cc              int     3
kd> g
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for ntoskrnl.exe on Build 7601 4nqNCsg3BESvIkx4R3hsvH
*
*******************************************************************************
Shutdown occurred at (Wed Apr 22 10:40:34.390 2015 (UTC + 2:00))...unloading all symbol tables.
Waiting to reconnect...
Connected to Windows 7 7601 x86 compatible target at (Wed Apr 22 10:41:18.371 2015 (UTC + 2:00)), ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.comSRV*c:\symbols\*http://symbols.mozilla.org/firefox;srv*c:\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*
Executable search path is: srv*
Windows 7 Kernel Version 7601 MP (1 procs) Free x86 compatible
Built by: 7601.18798.x86fre.win7sp1_gdr.150316-1654
Machine Name:
Kernel base = 0x82a02000 PsLoadedModuleList = 0x82b4c5b0
System Uptime: not available
nt!DbgLoadImageSymbols+0x47:
82a1a584 cc              int     3
kd> g
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for ntoskrnl.exe on Build 7601 4nqNCsg3BESvIkx4R3hsvH
*
*******************************************************************************
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************
nt!DbgLoadImageSymbols+0x47:
82a1a584 cc              int     3
kd> g

*** Fatal System Error: 0x000000d5
                       (0xFB18AFEC,0x00000001,0x9E14C3B1,0x00000000)

Driver at fault: 
***    win32k.sys - Address 9E14C3B1 base at 9E080000, DateStamp 54ee8ecd
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Wed Apr 22 13:01:09.048 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
....................
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {fb18afec, 1, 9e14c3b1, 0}

*** WARNING: Unable to verify checksum for a53.exe
*** ERROR: Module load completed but symbols could not be loaded for a53.exe
Probably caused by : win32k.sys ( win32k!ThreadUnlock1+1a )

Followup: MachineOwner
---------

Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
82a7d9ec cd2c            int     2Ch
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fb18afec, memory referenced
Arg2: 00000001, value 0 = read operation, 1 = write operation
Arg3: 9e14c3b1, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


WRITE_ADDRESS:  fb18afec Special pool

FAULTING_IP: 
win32k!ThreadUnlock1+1a
9e14c3b1 834004ff        add     dword ptr [eax+4],0FFFFFFFFh

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54ee8ecd

MODULE_NAME: win32k

FAULTING_MODULE: 9e080000 win32k

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  a53.exe

CURRENT_IRQL:  1c

TRAP_FRAME:  aa787b9c -- (.trap 0xffffffffaa787b9c)
ErrCode = 00000002
eax=fb18afe8 ebx=9e0cedd6 ecx=aa787c18 edx=aa767934 esi=00000001 edi=0076025b
eip=9e14c3b1 esp=aa787c10 ebp=aa787c24 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
win32k!ThreadUnlock1+0x1a:
9e14c3b1 834004ff        add     dword ptr [eax+4],0FFFFFFFFh ds:0023:fb18afec=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82a7ceb3 to 82a7d9ec

STACK_TEXT:  
aa7875c0 82a7ceb3 0002625a 00000000 00083500 nt!KeAccumulateTicks+0x3c5
aa787600 82a7cd60 82e300a8 fdf67d36 00000000 nt!KeUpdateRunTime+0x145
aa787658 82a7c563 aa787602 aa787602 000000d1 nt!KeUpdateSystemTime+0x613
aa787658 82e300a8 aa787602 aa787602 000000d1 nt!KeUpdateSystemTimeAssist+0x13
aa7876dc 82e1eb8c 00001000 00000000 aa78773c hal!READ_PORT_USHORT+0x8
aa7876ec 82e1ecf5 82ae1582 a742f78a 00000065 hal!HalpCheckPowerButton+0x2e
aa7876f0 82ae1582 a742f78a 00000065 00000000 hal!HaliHaltSystem+0x7
aa78773c 82ae2029 00000003 00000000 ffffffff nt!KiBugCheckDebugBreak+0x73
aa787b00 82a8fff9 00000050 fb18afec 00000001 nt!KeBugCheck2+0x68b
aa787b84 82a42a88 00000001 fb18afec 00000000 nt!MmAccessFault+0x104
aa787b84 9e14c3b1 00000001 fb18afec 00000000 nt!KiTrap0E+0xdc
aa787c0c 9e0cee22 0239f570 aa767934 fb18afe8 win32k!ThreadUnlock1+0x1a
aa787c24 82a3f8a6 0076025b 00000000 0239f570 win32k!NtUserEndDeferWindowPosEx+0x4c
aa787c24 77047074 0076025b 00000000 0239f570 nt!KiSystemServicePostCall
0239f55c 7541a69e 7541a689 0076025b 00000000 ntdll!KiFastSystemCallRet
0239f560 7541a689 0076025b 00000000 0239f580 USER32!NtUserEndDeferWindowPosEx+0xc
0239f570 00301423 0076025b 00000006 0239f5ac USER32!EndDeferWindowPos+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
0239f580 7542c4e7 000a027e 00000024 00000000 a53+0x1423
0239f5ac 7542c5e7 003013c0 000a027e 00000024 USER32!InternalCallWinProc+0x23
0239f624 75424f0e 00000000 003013c0 000a027e USER32!UserCallWinProcCheckWow+0x14b
0239f680 7541ee19 0068a010 00000024 00000000 USER32!DispatchClientMessage+0xda
0239f6a8 77046fae 0239f6c0 0000003c 0239f7d4 USER32!__fnINOUTLPPOINT5+0x27
0239f6f8 75424f51 7541fe29 000a027e 00000046 ntdll!KiUserCallbackDispatcher+0x2e
0239f6fc 7541fe29 000a027e 00000046 00000000 USER32!NtUserMessageCall+0xc
0239f780 7541bb13 000a027e 00000046 00000000 USER32!RealDefWindowProcWorker+0x553
0239f79c 7541bb70 000a027e 00000046 00000000 USER32!RealDefWindowProcA+0x47
0239f7e4 0030144d 000a027e 00000046 00000000 USER32!DefWindowProcA+0x6f
0239f800 7542c4e7 000a027e 00000046 00000000 a53+0x144d
0239f82c 75425f9f 003013c0 000a027e 00000046 USER32!InternalCallWinProc+0x23
0239f8a4 75424f0e 00000000 003013c0 000a027e USER32!UserCallWinProcCheckWow+0xe0
0239f900 7541fdc6 0068a010 00000046 00000000 USER32!DispatchClientMessage+0xda
0239f928 77046fae 0239f940 00000030 0239f9c0 USER32!__fnINOUTLPWINDOWPOS+0x27
0239f96c 7541f2b5 00301091 000a027e 00000001 ntdll!KiUserCallbackDispatcher+0x2e
0239f970 00301091 000a027e 00000001 000a027e USER32!NtUserShowWindow+0xc
0239f984 7679ee1c 00000000 0239f9d0 7706399b a53+0x1091
0239f990 7706399b 00000000 754b9dc9 00000000 kernel32!BaseThreadInitThunk+0xe
0239f9d0 7706396e 00301020 00000000 00000000 ntdll!__RtlUserThreadStart+0x70
0239f9e8 00000000 00301020 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!ThreadUnlock1+1a
9e14c3b1 834004ff        add     dword ptr [eax+4],0FFFFFFFFh

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  win32k!ThreadUnlock1+1a

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRFK_win32k!ThreadUnlock1+1a

BUCKET_ID:  0xD5_VRFK_win32k!ThreadUnlock1+1a

Followup: MachineOwner
---------