New issue
Advanced search Search tips

Issue 746 attachment: special_pool.txt (6.5 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
 
*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************

*** Fatal System Error: 0x000000d5
                       (0xFC11C994,0x00000000,0x8D5062C6,0x00000000)

Driver at fault: 
***    win32k.sys - Address 8D5062C6 base at 8D430000, DateStamp 56422bfd
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Fri Feb 19 11:23:33.017 2016 (UTC - 8:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
............................................

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

....................
.......
Loading User Symbols
.........................
Loading unloaded module list
.....*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {fc11c994, 0, 8d5062c6, 0}

*** WARNING: Unable to verify checksum for c7.exe
*** ERROR: Module load completed but symbols could not be loaded for c7.exe
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.

Probably caused by : win32k.sys ( win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+3d )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
82c80308 cc              int     3
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fc11c994, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 8d5062c6, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.

Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\win32k.sys\56422BFD25a000\win32k.sys
The system cannot find the file specified.


READ_ADDRESS:  fc11c994 Special pool

FAULTING_IP: 
win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+3d
8d5062c6 ff7114          push    dword ptr [ecx+14h]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  56422bfd

MODULE_NAME: win32k

FAULTING_MODULE: 8d430000 win32k

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  c7.exe

CURRENT_IRQL:  2

TRAP_FRAME:  96187b6c -- (.trap 0xffffffff96187b6c)
ErrCode = 00000000
eax=fef4a728 ebx=00000000 ecx=fc11c980 edx=00000000 esi=96187c10 edi=00001000
eip=8d5062c6 esp=96187be0 ebp=96187bfc iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+0x3d:
8d5062c6 ff7114          push    dword ptr [ecx+14h]  ds:0023:fc11c994=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82ce4ce7 to 82c80308

STACK_TEXT:  
961876bc 82ce4ce7 00000003 e7c04cd9 00000065 nt!RtlpBreakWithStatusInstruction
9618770c 82ce57e5 00000003 00000000 ffffffff nt!KiBugCheckDebugBreak+0x1c
96187ad0 82c933c1 00000050 fc11c994 00000000 nt!KeBugCheck2+0x68b
96187b54 82c45be8 00000000 fc11c994 00000000 nt!MmAccessFault+0x104
96187b54 8d5062c6 00000000 fc11c994 00000000 nt!KiTrap0E+0xdc
96187bfc 8d507e76 042106de 8d4e4fab 0035fc44 win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+0x3d
96187ccc 8d4e4fda 042106de 00000062 00000055 win32k!NtGdiBitBltInternal+0x73b
96187d00 82c42a06 042106de 00000062 00000055 win32k!NtGdiBitBlt+0x2f
96187d00 776971b4 042106de 00000062 00000055 nt!KiSystemServicePostCall
WARNING: Stack unwind information not available. Following frames may be wrong.
0035fc54 00091399 00566898 00000062 00000055 ntdll!KiFastSystemCallRet
0035fc90 000915e3 00000001 00548ab8 00550b40 c7+0x1399
0035fcdc 766eee6c 7ffdf000 0035fd28 776b3ab3 c7+0x15e3
0035fce8 776b3ab3 7ffdf000 7747c3f9 00000000 kernel32!BaseThreadInitThunk+0xe
0035fd28 776b3a86 00091660 7ffdf000 00000000 ntdll!RtlInitializeExceptionChain+0xef
0035fd40 00000000 00091660 7ffdf000 00000000 ntdll!RtlInitializeExceptionChain+0xc2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+3d
8d5062c6 ff7114          push    dword ptr [ecx+14h]

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  win32k!DEVLOCKBLTOBJ::~DEVLOCKBLTOBJ+3d

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_win32k!DEVLOCKBLTOBJ::_DEVLOCKBLTOBJ+3d

BUCKET_ID:  0xD5_VRF_win32k!DEVLOCKBLTOBJ::_DEVLOCKBLTOBJ+3d

Followup: MachineOwner
---------