*******************************************************************************
|
*
|
* This is the string you add to your checkin description
|
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
|
*
|
*******************************************************************************
|
nt!DbgLoadImageSymbols+0x47:
|
82a26584 cc int 3
|
kd> g
|
|
*** Fatal System Error: 0x000000d5
|
(0xFB0BAFE0,0x00000000,0x94F7C1A4,0x00000000)
|
|
Driver at fault:
|
*** win32k.sys - Address 94F7C1A4 base at 94EB0000, DateStamp 55345e59
|
.
|
Break instruction exception - code 80000003 (first chance)
|
|
A fatal system error has occurred.
|
Debugger entered on first try; Bugcheck callbacks have not been invoked.
|
|
A fatal system error has occurred.
|
|
Connected to Windows 7 7601 x86 compatible target at (Sun Jun 21 14:52:05.031 2015 (UTC + 2:00)), ptr64 FALSE
|
Loading Kernel Symbols
|
...............................................................
|
................................................................
|
..........................
|
Loading User Symbols
|
...................................
|
Loading unloaded module list
|
...........
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
Use !analyze -v to get detailed debugging information.
|
|
BugCheck D5, {fb0bafe0, 0, 94f7c1a4, 0}
|
|
Probably caused by : win32k.sys ( win32k!zzzUpdateCursorImage+51 )
|
|
Followup: MachineOwner
|
---------
|
|
Assertion: *** DPC watchdog timeout
|
This is NOT a break in update time
|
This is most likely a BUG in an ISR
|
Perform a stack trace to find the culprit
|
The period will be doubled on continuation
|
Use gh to continue!!
|
|
nt!KeAccumulateTicks+0x3c5:
|
82a899ec cd2c int 2Ch
|
kd> !analyze -v
|
*******************************************************************************
|
* *
|
* Bugcheck Analysis *
|
* *
|
*******************************************************************************
|
|
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
|
Memory was referenced after it was freed.
|
This cannot be protected by try-except.
|
When possible, the guilty driver's name (Unicode string) is printed on
|
the bugcheck screen and saved in KiBugCheckDriver.
|
Arguments:
|
Arg1: fb0bafe0, memory referenced
|
Arg2: 00000000, value 0 = read operation, 1 = write operation
|
Arg3: 94f7c1a4, if non-zero, the address which referenced memory.
|
Arg4: 00000000, (reserved)
|
|
Debugging Details:
|
------------------
|
|
|
READ_ADDRESS: fb0bafe0 Special pool
|
|
FAULTING_IP:
|
win32k!zzzUpdateCursorImage+51
|
94f7c1a4 3998f0000000 cmp dword ptr [eax+0F0h],ebx
|
|
MM_INTERNAL_CODE: 0
|
|
IMAGE_NAME: win32k.sys
|
|
DEBUG_FLR_IMAGE_TIMESTAMP: 55345e59
|
|
MODULE_NAME: win32k
|
|
FAULTING_MODULE: 94eb0000 win32k
|
|
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
|
|
BUGCHECK_STR: 0xD5
|
|
PROCESS_NAME: taskkill.exe
|
|
CURRENT_IRQL: 1c
|
|
TRAP_FRAME: b1b27a94 -- (.trap 0xffffffffb1b27a94)
|
ErrCode = 00000000
|
eax=fb0baef0 ebx=00000000 ecx=00000000 edx=0018db28 esi=00000000 edi=00000000
|
eip=94f7c1a4 esp=b1b27b08 ebp=b1b27b18 iopl=0 nv up ei ng nz na pe nc
|
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
|
win32k!zzzUpdateCursorImage+0x51:
|
94f7c1a4 3998f0000000 cmp dword ptr [eax+0F0h],ebx ds:0023:fb0bafe0=????????
|
Resetting default scope
|
|
LAST_CONTROL_TRANSFER: from 82a88eb3 to 82a899ec
|
|
STACK_TEXT:
|
b1b274b8 82a88eb3 0002625a 00000000 00019e00 nt!KeAccumulateTicks+0x3c5
|
b1b274f8 82a88d60 82e3c0a8 c6da26bb 00000000 nt!KeUpdateRunTime+0x145
|
b1b27550 82a88563 b1b27502 b1b27502 000000d1 nt!KeUpdateSystemTime+0x613
|
b1b27550 82e3c0a8 b1b27502 b1b27502 000000d1 nt!KeUpdateSystemTimeAssist+0x13
|
b1b275d4 82e2ab8c 00001000 00000000 b1b27634 hal!READ_PORT_USHORT+0x8
|
b1b275e4 82e2acf5 82aed582 28025ba9 00000065 hal!HalpCheckPowerButton+0x2e
|
b1b275e8 82aed582 28025ba9 00000065 00000000 hal!HaliHaltSystem+0x7
|
b1b27634 82aee029 00000003 00000000 000fabd2 nt!KiBugCheckDebugBreak+0x73
|
b1b279f8 82a9bff9 00000050 fb0bafe0 00000000 nt!KeBugCheck2+0x68b
|
b1b27a7c 82a4ea88 00000000 fb0bafe0 00000000 nt!MmAccessFault+0x104
|
b1b27a7c 94f7c1a4 00000000 fb0bafe0 00000000 nt!KiTrap0E+0xdc
|
b1b27b18 94f7c4b9 fabd8e30 fabd8e30 b1b27b40 win32k!zzzUpdateCursorImage+0x51
|
b1b27b28 94f81022 00000000 00000000 fabd8e30 win32k!zzzCalcStartCursorHide+0xeb
|
b1b27b40 94f7d43f fabd8e30 fabd8e30 8a163a10 win32k!DestroyProcessInfo+0x4f
|
b1b27b64 94f7d33f fabd8e30 00000000 8a163a10 win32k!xxxUserProcessCallout+0xb2
|
b1b27b80 82c78a71 8a1e50f8 00000000 28025661 win32k!W32pProcessCallout+0x43
|
b1b27bfc 82c6b188 00000000 ffffffff 001bfb94 nt!PspExitThread+0x46f
|
b1b27c24 82a4b8a6 ffffffff 00000000 001bfba0 nt!NtTerminateProcess+0x1fa
|
b1b27c24 779f7074 ffffffff 00000000 001bfba0 nt!KiSystemServicePostCall
|
001bfb80 779f68c4 77a0e38f ffffffff 00000000 ntdll!KiFastSystemCallRet
|
001bfb84 77a0e38f ffffffff 00000000 004c1c70 ntdll!NtTerminateProcess+0xc
|
001bfba0 771fbcae 00000000 77e8f3b0 ffffffff ntdll!RtlExitUserProcess+0x85
|
001bfbb4 764b36dc 00000000 001bfbf8 764b3372 kernel32!ExitProcessStub+0x12
|
001bfbc0 764b3371 00000000 490cbe52 00663030 msvcrt!__crtExitProcess+0x17
|
001bfbf8 764b36bb 00000000 00000000 00000000 msvcrt!_cinit+0xea
|
001bfc0c 0065176e 00000000 493a0c64 00000000 msvcrt!exit+0x11
|
001bfc48 771eee1c 7ffda000 001bfc94 77a1399b taskkill!_initterm_e+0xf4
|
001bfc54 77a1399b 7ffda000 77aba428 00000000 kernel32!BaseThreadInitThunk+0xe
|
001bfc94 77a1396e 00655c89 7ffda000 00000000 ntdll!__RtlUserThreadStart+0x70
|
001bfcac 00000000 00655c89 7ffda000 00000000 ntdll!_RtlUserThreadStart+0x1b
|
|
|
STACK_COMMAND: kb
|
|
FOLLOWUP_IP:
|
win32k!zzzUpdateCursorImage+51
|
94f7c1a4 3998f0000000 cmp dword ptr [eax+0F0h],ebx
|
|
SYMBOL_STACK_INDEX: b
|
|
SYMBOL_NAME: win32k!zzzUpdateCursorImage+51
|
|
FOLLOWUP_NAME: MachineOwner
|
|
FAILURE_BUCKET_ID: 0xD5_VRF_win32k!zzzUpdateCursorImage+51
|
|
BUCKET_ID: 0xD5_VRF_win32k!zzzUpdateCursorImage+51
|
|
Followup: MachineOwner
|
---------
|