New issue
Advanced search Search tips

Issue 686 attachment: special_pool2.txt (5.0 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
Probably caused by : win32k.sys ( win32k!PDEVOBJ::vSync+12 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
82c87308 cc              int     3
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fef10df0, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 930355f9, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  fef10df0 Special pool

FAULTING_IP: 
win32k!PDEVOBJ::vSync+12
930355f9 f7404800100000  test    dword ptr [eax+48h],1000h

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  56422bfd

MODULE_NAME: win32k

FAULTING_MODULE: 92f70000 win32k

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  2

TRAP_FRAME:  9dd58c84 -- (.trap 0xffffffff9dd58c84)
ErrCode = 00000000
eax=fef10da8 ebx=9303a235 ecx=fef10da8 edx=00000002 esi=9dd58d20 edi=fef10db8
eip=930355f9 esp=9dd58cf8 ebp=9dd58d00 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
win32k!PDEVOBJ::vSync+0x12:
930355f9 f7404800100000  test    dword ptr [eax+48h],1000h ds:0023:fef10df0=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82cebce7 to 82c87308

STACK_TEXT:  
9dd587d4 82cebce7 00000003 cc91d39c 00000065 nt!RtlpBreakWithStatusInstruction
9dd58824 82cec7e5 00000003 00000000 000fab92 nt!KiBugCheckDebugBreak+0x1c
9dd58be8 82c9a3c1 00000050 fef10df0 00000000 nt!KeBugCheck2+0x68b
9dd58c6c 82c4cbe8 00000000 fef10df0 00000000 nt!MmAccessFault+0x104
9dd58c6c 930355f9 00000000 fef10df0 00000000 nt!KiTrap0E+0xdc
9dd58d00 9303a1aa fef10db8 00000000 00000002 win32k!PDEVOBJ::vSync+0x12
9dd58d24 9303a243 00000040 82c49a06 0233f424 win32k!vSynchronizeDriver+0x12f
9dd58d2c 82c49a06 0233f424 776e71b4 badb0d00 win32k!GreFlush+0x7
9dd58d2c 776e71b4 0233f424 776e71b4 badb0d00 nt!KiSystemServicePostCall
0233f3fc 76ba5fde 76ba5fe9 744145dd 0233f4bc ntdll!KiFastSystemCallRet
0233f400 76ba5fe9 744145dd 0233f4bc 0026e5c8 GDI32!NtGdiFlush+0xc
0233f404 744145dd 0233f4bc 0026e5c8 0233f478 GDI32!GdiFlush+0x5
0233f424 74414966 070101cd 00010076 0233f558 UxTheme!COffScreenBuffer::CreateBuffer+0x95
0233f44c 7441413d 0026e664 00000000 00266a70 UxTheme!CPaintBuffer::_BeginWithoutAnim+0x2c
0233f460 74414354 0233f478 00000000 0233f584 UxTheme!CPaintBuffer::BeginAnimation+0x5c
0233f4c4 74414a2f 00000000 0026e5c8 0233f558 UxTheme!CPaintBufferPool::Impl::BeginAnimation+0x1f5
0233f4f0 744149e9 070101cd 0233f558 00000002 UxTheme!CPaintBufferPool::BeginBufferedPaint+0x27
0233f520 00414b52 070101cd 0233f558 00000002 UxTheme!BeginBufferedPaint+0x54
0233f588 00413caf 070101cd 0000000f 0031b950 Explorer!CTaskListWnd::_HandlePaint+0x7e
0233f5f8 0041203f 00010076 0000000f 00000000 Explorer!CTaskListWnd::v_WndProc+0x509
0233f61c 7782c4f7 00010076 0000000f 00000000 Explorer!CImpWndProc::s_WndProc+0x68
0233f648 77825faf 00411ffd 00010076 0000000f USER32!InternalCallWinProc+0x23
0233f6c0 77824f1b 00000000 00411ffd 00010076 USER32!UserCallWinProcCheckWow+0xe0
0233f720 77824f8d 00894668 0000000f 00000000 USER32!DispatchClientMessage+0xe6
0233f748 776e70ee 0233f760 00000018 0233f7b0 USER32!__fnDWORD+0x24
0233f774 77825d1c 77825d43 0233f7e8 0d699209 ntdll!KiUserCallbackDispatcher+0x2e
0233f778 77825d43 0233f7e8 0d699209 80000000 USER32!NtUserDispatchMessage+0xc
0233f7c0 7782cc88 00411ffd 00000000 0233f810 USER32!DispatchMessageWorker+0x3e4
0233f7d0 00411f3e 0233f7e8 00000000 80000000 USER32!DispatchMessageW+0xf
0233f810 00438907 00000000 76b50041 0233f8a8 Explorer!CTray::_MessageLoop+0x24e
0233f820 76b543c0 004c1460 00000000 00000000 Explorer!CTray::MainThreadProc+0x8a
0233f8a8 76aaee6c 0016f884 0233f8f4 77703ab3 SHLWAPI!WrapperThreadProc+0x1b5
0233f8b4 77703ab3 0016f884 7544527f 00000000 kernel32!BaseThreadInitThunk+0xe
0233f8f4 77703a86 76b542ed 0016f884 00000000 ntdll!__RtlUserThreadStart+0x70
0233f90c 00000000 76b542ed 0016f884 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!PDEVOBJ::vSync+12
930355f9 f7404800100000  test    dword ptr [eax+48h],1000h

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  win32k!PDEVOBJ::vSync+12

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_win32k!PDEVOBJ::vSync+12

BUCKET_ID:  0xD5_VRF_win32k!PDEVOBJ::vSync+12

Followup: MachineOwner
---------