New issue
Advanced search Search tips

Issue 313 attachment: special_pool_crash313.txt (8.5 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
 
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************
nt!DbgLoadImageSymbols+0x47:
82a21578 cc              int     3
kd> g

*** Fatal System Error: 0x000000cd
                       (0xFDC01264,0x00000001,0x82A43240,0x00000000)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Tue Mar 31 14:30:48.167 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
.........................
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck CD, {fdc01264, 1, 82a43240, 0}

Probably caused by : win32k.sys ( win32k!vSolidFillRect1+107 )

Followup: MachineOwner
---------

Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
82a8438c cd2c            int     2Ch
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_BEYOND_END_OF_ALLOCATION (cd)
N bytes of memory was allocated and more than N bytes are being referenced.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fdc01264, memory referenced
Arg2: 00000001, value 0 = read operation, 1 = write operation
Arg3: 82a43240, if non-zero, the address which referenced memory.
Arg4: 00000000, Mm internal code.

Debugging Details:
------------------


WRITE_ADDRESS:  fdc01264 Special pool

FAULTING_IP: 
nt!RtlFillMemoryUlong+10
82a43240 f3ab            rep stos dword ptr es:[edi]

MM_INTERNAL_CODE:  0

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xCD

PROCESS_NAME:  notepad.exe

CURRENT_IRQL:  1c

TRAP_FRAME:  95463244 -- (.trap 0xffffffff95463244)
ErrCode = 00000002
eax=00ffffff ebx=00000277 ecx=00000077 edx=000000bb esi=fd996154 edi=fdc01264
eip=82a43240 esp=954632b8 ebp=954632ec iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!RtlFillMemoryUlong+0x10:
82a43240 f3ab            rep stos dword ptr es:[edi]
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82a83853 to 82a8438c

STACK_TEXT:  
95462c68 82a83853 0002625a 00000000 00017f00 nt!KeAccumulateTicks+0x3c5
95462ca8 82a83700 82e360a8 7120de2b 00000000 nt!KeUpdateRunTime+0x145
95462d00 82a82f03 95462d02 95462d02 000000d1 nt!KeUpdateSystemTime+0x613
95462d00 82e360a8 95462d02 95462d02 000000d1 nt!KeUpdateSystemTimeAssist+0x13
95462d84 82e24b8c 00001000 00000000 95462de4 hal!READ_PORT_USHORT+0x8
95462d94 82e24cf5 82ae7f92 39f9bd90 00000065 hal!HalpCheckPowerButton+0x2e
95462d98 82ae7f92 39f9bd90 00000065 00000000 hal!HaliHaltSystem+0x7
95462de4 82ae8a39 00000003 00000000 00000002 nt!KiBugCheckDebugBreak+0x73
954631a8 82a969ad 00000050 fdc01264 00000001 nt!KeBugCheck2+0x68b
9546322c 82a49a78 00000001 fdc01264 00000000 nt!MmAccessFault+0x104
9546322c 82a43240 00000001 fdc01264 00000000 nt!KiTrap0E+0xdc
954632b8 94529c5b fdc01264 000001dc 00ffffff nt!RtlFillMemoryUlong+0x10
954632ec 94529b0c 95463320 00000001 fd8ff154 win32k!vSolidFillRect1+0x107
9546348c 9450bd44 94529b54 95463650 954637e8 win32k!vDIBSolidBlt+0x1f5
95463500 946373f4 fd8ff010 00000000 00000000 win32k!EngBitBlt+0x258
95463610 9451bfb8 fd8ff010 00000000 00000000 win32k!PanBitBlt+0xf6
95463670 945181e0 946372fe 95463914 fef10db8 win32k!OffBitBlt+0x97
95463928 94530b37 fef10db8 00000000 00000000 win32k!SpBitBlt+0x46c
9546398c 94530cbf f9f74d68 954639f4 954639e4 win32k!GrePatBltLockedDC+0x22b
95463a38 944c1a4e 95463a68 0000f0f0 95463a98 win32k!GrePolyPatBltInternal+0x176
95463a74 944c1ac5 86010888 00f00021 95463a98 win32k!GrePolyPatBlt+0x45
95463aac 944a0637 86010888 95463af0 01100060 win32k!FillRect+0x58
95463ad0 944a0548 fca49910 fca49910 86010888 win32k!xxxPaintRect+0x72
95463b00 944a06e4 fca49910 fca49910 86010888 win32k!xxxFillWindow+0x39
95463b28 944ff86b fca49910 00000014 86010888 win32k!xxxDWP_EraseBkgnd+0x8f
95463ba4 9450d8dc fca49910 00000014 86010888 win32k!xxxRealDefWindowProc+0x33a
95463bbc 944d83af fca49910 00000014 86010888 win32k!xxxWrapRealDefWindowProc+0x2b
95463bd8 9450d798 fca49910 00000014 86010888 win32k!NtUserfnNCDESTROY+0x27
95463c10 82a46896 0018021a 00000014 86010888 win32k!NtUserMessageCall+0xcf
95463c10 771c70f4 0018021a 00000014 86010888 nt!KiSystemServicePostCall
0012f744 75af4f51 75af517d 0018021a 00000014 ntdll!KiFastSystemCallRet
0012f748 75af517d 0018021a 00000014 86010888 USER32!NtUserMessageCall+0xc
0012f7cc 75af5138 0018021a 00000014 86010888 USER32!RealDefWindowProcWorker+0x72
0012f7e8 73cf1e60 0018021a 00000014 86010888 USER32!RealDefWindowProcW+0x47
0012f844 73cf1f20 00000000 00000000 86010888 uxtheme!_ThemeDefWindowProc+0x197
0012f860 75af5fc3 0018021a 00000014 86010888 uxtheme!ThemeDefWindowProcW+0x18
0012f8a8 00e41554 0018021a 00000014 86010888 USER32!DefWindowProcW+0x68
0012f8c8 75afc4e7 0018021a 00000014 86010888 notepad!NPWndProc+0x16d
0012f8f4 75af5f9f 00e414de 0018021a 00000014 USER32!InternalCallWinProc+0x23
0012f96c 75af4f0e 00000000 00e414de 0018021a USER32!UserCallWinProcCheckWow+0xe0
0012f9c8 75af4f7d 00eb9910 00000014 86010888 USER32!DispatchClientMessage+0xda
0012f9f0 771c702e 0012fa08 00000018 0012faf8 USER32!__fnDWORD+0x24
0012fa1c 75af4f51 75af517d 0018021a 0000000f ntdll!KiUserCallbackDispatcher+0x2e
0012fa20 75af517d 0018021a 0000000f 00000000 USER32!NtUserMessageCall+0xc
0012faa4 75af5138 0018021a 0000000f 00000000 USER32!RealDefWindowProcWorker+0x72
0012fac0 75af50d1 0018021a 0000000f 00000000 USER32!RealDefWindowProcW+0x47
0012fb08 00e41554 0018021a 0000000f 00000000 USER32!DefWindowProcW+0x6f
0012fb28 75afc4e7 0018021a 0000000f 00000000 notepad!NPWndProc+0x16d
0012fb54 75af5f9f 00e414de 0018021a 0000000f USER32!InternalCallWinProc+0x23
0012fbcc 75af4f0e 00000000 00e414de 0018021a USER32!UserCallWinProcCheckWow+0xe0
0012fc28 75af4f7d 00eb9910 0000000f 00000000 USER32!DispatchClientMessage+0xda
0012fc50 771c702e 0012fc68 00000018 0012fcb4 USER32!__fnDWORD+0x24
0012fc7c 75af5d0c 75af5d33 0012fcec c384af01 ntdll!KiUserCallbackDispatcher+0x2e
0012fc80 75af5d33 0012fcec c384af01 75afcde8 USER32!NtUserDispatchMessage+0xc
0012fcc4 75afcc70 00e414de 00000000 0012fd08 USER32!DispatchMessageWorker+0x3d5
0012fcd4 00e414d7 0012fcec 00000000 00e4c25c USER32!DispatchMessageW+0xf
0012fd08 00e416ec 00e40000 00000000 00273872 notepad!WinMain+0xdd
0012fd98 76feee1c 7ffdb000 0012fde4 771e37eb notepad!_initterm_e+0x1a1
0012fda4 771e37eb 7ffdb000 7721704b 00000000 kernel32!BaseThreadInitThunk+0xe
0012fde4 771e37be 00e43689 7ffdb000 00000000 ntdll!__RtlUserThreadStart+0x70
0012fdfc 00000000 00e43689 7ffdb000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!vSolidFillRect1+107
94529c5b 8b55f4          mov     edx,dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX:  c

SYMBOL_NAME:  win32k!vSolidFillRect1+107

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54ee8ecd

FAILURE_BUCKET_ID:  0xCD_VRF_win32k!vSolidFillRect1+107

BUCKET_ID:  0xCD_VRF_win32k!vSolidFillRect1+107

Followup: MachineOwner
---------