New issue
Advanced search Search tips

Issue 335 attachment: specialpool335.txt (7.2 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for ntoskrnl.exe on Build 7601 4nqNCsg3BESvIkx4R3hsvH
*
*******************************************************************************
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************
nt!DbgLoadImageSymbols+0x47:
82a62578 cc              int     3
kd> g

*** Fatal System Error: 0x000000d5
                       (0xA4BB4F7C,0x00000000,0x974A7DC9,0x00000000)

Driver at fault: 
***    win32k.sys - Address 974A7DC9 base at 97470000, DateStamp 54ee8ecd
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Fri Apr 17 14:23:35.714 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
................
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {a4bb4f7c, 0, 974a7dc9, 0}

*** WARNING: Unable to verify checksum for a49.exe
*** ERROR: Module load completed but symbols could not be loaded for a49.exe
Probably caused by : win32k.sys ( win32k!UserCommitDesktopMemory+90 )

Followup: MachineOwner
---------

Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
82ac538c cd2c            int     2Ch
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: a4bb4f7c, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 974a7dc9, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  a4bb4f7c Special pool

FAULTING_IP: 
win32k!UserCommitDesktopMemory+90
974a7dc9 8b5204          mov     edx,dword ptr [edx+4]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54ee8ecd

MODULE_NAME: win32k

FAULTING_MODULE: 97470000 win32k

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  a49.exe

CURRENT_IRQL:  1c

TRAP_FRAME:  b0854900 -- (.trap 0xffffffffb0854900)
ErrCode = 00000000
eax=faf5cff0 ebx=82ad44fe ecx=f9000000 edx=a4bb4f78 esi=f9001fe8 edi=f9000000
eip=974a7dc9 esp=b0854974 ebp=b0854994 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
win32k!UserCommitDesktopMemory+0x90:
974a7dc9 8b5204          mov     edx,dword ptr [edx+4] ds:0023:a4bb4f7c=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82ac4853 to 82ac538c

STACK_TEXT:  
b0854328 82ac4853 0002625a 00000000 00001b00 nt!KeAccumulateTicks+0x3c5
b0854368 82ac4700 82a2c0a8 d74857a7 00000000 nt!KeUpdateRunTime+0x145
b08543c0 82ac3f03 b0854302 b0854302 000000d1 nt!KeUpdateSystemTime+0x613
b08543c0 82a2c0a8 b0854302 b0854302 000000d1 nt!KeUpdateSystemTimeAssist+0x13
b0854444 82a1ab8c 00001000 00000000 b08544a4 hal!READ_PORT_USHORT+0x8
b0854454 82a1acf5 82b28f92 78ea93cc 00000065 hal!HalpCheckPowerButton+0x2e
b0854458 82b28f92 78ea93cc 00000065 00000000 hal!HaliHaltSystem+0x7
b08544a4 82b29a39 00000003 00000000 000b2414 nt!KiBugCheckDebugBreak+0x73
b0854868 82ad79ad 00000050 a4bb4f7c 00000000 nt!KeBugCheck2+0x68b
b08548e8 82a8aa78 00000000 a4bb4f7c 00000000 nt!MmAccessFault+0x104
b08548e8 974a7dc9 00000000 a4bb4f7c 00000000 nt!KiTrap0E+0xdc
b0854994 82a665c9 f9000000 b08549b4 b08549dc win32k!UserCommitDesktopMemory+0x90
b08549bc 82a6670d b08549dc f9000138 f90000c4 nt!RtlpFindAndCommitPages+0x89
b08549e8 82af88b2 78ea9dd4 00000000 00000000 nt!RtlpExtendHeap+0x27
b0854abc 82b0aadd f9000000 0000000b 00000360 nt!RtlpAllocateHeap+0x563
b0854b38 97548cfe f9000000 00000009 00000360 nt!RtlAllocateHeap+0x92
b0854b50 9751a41f ae216f78 00000360 00000007 win32k!DesktopAlloc+0x25
b0854b8c 9751a1ff f90016d8 ffffffff 00000001 win32k!xxxInsertMenuItem+0x12e
b0854c14 82a87896 000301bb ffffffff 00000001 win32k!NtUserThunkedMenuItemInfo+0xd2
b0854c14 76e370f4 000301bb ffffffff 00000001 nt!KiSystemServicePostCall
0030fd04 766afba5 766afd57 000301bb ffffffff ntdll!KiFastSystemCallRet
0030fd08 766afd57 000301bb ffffffff 00000001 USER32!NtUserThunkedMenuItemInfo+0xc
0030fd74 766afc2c 00000010 0030fd84 00000000 USER32!MenuLoadWinTemplates+0x131
0030fd88 766afbdc 0352b798 00000000 0030fde8 USER32!CreateMenuFromResource+0x44
0030fd9c 766af23a 766a0000 0352ac90 0030fdd0 USER32!CommonLoadMenu+0x2f
0030fdac 766af27c 766a0000 00000030 00000000 USER32!LoadMenuW+0x26
0030fdd0 76e3702e 0030fde8 00000024 0030fe6c USER32!__ClientLoadMenu+0x3a
0030fe08 013d1016 00000000 000101ac 0000005c ntdll!KiUserCallbackDispatcher+0x2e
WARNING: Stack unwind information not available. Following frames may be wrong.
0030fe1c 013d1112 000101ac 000101ac 0000003c a49+0x1016
0030fe34 013d12da 00000001 004817c0 00481800 a49+0x1112
0030fe7c 751cee1c 7ffdf000 0030fec8 76e537eb a49+0x12da
0030fe88 76e537eb 7ffdf000 76ddd851 00000000 kernel32!BaseThreadInitThunk+0xe
0030fec8 76e537be 013d1357 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70
0030fee0 00000000 013d1357 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!UserCommitDesktopMemory+90
974a7dc9 8b5204          mov     edx,dword ptr [edx+4]

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  win32k!UserCommitDesktopMemory+90

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRFK_win32k!UserCommitDesktopMemory+90

BUCKET_ID:  0xD5_VRFK_win32k!UserCommitDesktopMemory+90

Followup: MachineOwner