New issue
Advanced search Search tips

Issue 686 attachment: special_pool1.txt (5.0 KB) 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 

*** Fatal System Error: 0x000000d5
                       (0xFEF10E34,0x00000000,0x91505733,0x00000000)

Driver at fault: 
***    win32k.sys - Address 91505733 base at 91440000, DateStamp 56422bfd
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Fri Dec 11 09:26:10.932 2015 (UTC - 8:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
............................

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

....................................
.......
Loading User Symbols
.....................
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {fef10e34, 0, 91505733, 0}

Probably caused by : win32k.sys ( win32k!SURFACE::bRedirectionBitmap+3 )

Followup: MachineOwner
---------

nt!RtlpBreakWithStatusInstruction:
82cc2308 cc              int     3
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fef10e34, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 91505733, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  fef10e34 Special pool

FAULTING_IP: 
win32k!SURFACE::bRedirectionBitmap+3
91505733 83b98c00000000  cmp     dword ptr [ecx+8Ch],0

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  56422bfd

MODULE_NAME: win32k

FAULTING_MODULE: 91440000 win32k

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  conhost.exe

CURRENT_IRQL:  2

TRAP_FRAME:  93bffadc -- (.trap 0xffffffff93bffadc)
ErrCode = 00000000
eax=00000001 ebx=93bffbf8 ecx=fef10da8 edx=00008229 esi=fef10da8 edi=fef10da8
eip=91505733 esp=93bffb50 ebp=93bffb6c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
win32k!SURFACE::bRedirectionBitmap+0x3:
91505733 83b98c00000000  cmp     dword ptr [ecx+8Ch],0 ds:0023:fef10e34=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82d26ce7 to 82cc2308

STACK_TEXT:  
93bff62c 82d26ce7 00000003 c25f0f38 00000065 nt!RtlpBreakWithStatusInstruction
93bff67c 82d277e5 00000003 00000000 000fb15a nt!KiBugCheckDebugBreak+0x1c
93bffa40 82cd53c1 00000050 fef10e34 00000000 nt!KeBugCheck2+0x68b
93bffac4 82c87be8 00000000 fef10e34 00000000 nt!MmAccessFault+0x104
93bffac4 91505733 00000000 fef10e34 00000000 nt!KiTrap0E+0xdc
93bffb4c 9150575f fef10da8 93bffbe8 93bffbf8 win32k!SURFACE::bRedirectionBitmap+0x3
93bffb6c 915079c2 93bffbe8 fae5e728 93bffbf8 win32k!SURFACE::Map+0x16
93bffb8c 915059d1 fc12add0 93bffbe8 93bffcfc win32k!DEVLOCKOBJ::bMapTrgSurfaceView+0x30
93bffba0 91506702 93bffcfc 00000000 7ffdf000 win32k!DEVLOCKOBJ::bPrepareTrgDco+0x79
93bffbb8 914feeba fef78130 00000001 02daac34 win32k!DEVLOCKOBJ::bLock+0x332
93bffd24 82c8499c 000000c9 017fef4c 017fef5c win32k!NtGdiFlushUserBatch+0xbc
93bffd34 774171b3 badb0d00 017fef4c 00000000 nt!KiSystemServiceAccessTeb+0x10
93bffd38 badb0d00 017fef4c 00000000 00000000 ntdll!KiFastSystemCall+0x3
WARNING: Frame IP not in any known module. Following frames may be wrong.
93bffd3c 017fef4c 00000000 00000000 00000000 0xbadb0d00
93bffd40 00000000 00000000 00000000 00000000 0x17fef4c


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!SURFACE::bRedirectionBitmap+3
91505733 83b98c00000000  cmp     dword ptr [ecx+8Ch],0

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  win32k!SURFACE::bRedirectionBitmap+3

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_win32k!SURFACE::bRedirectionBitmap+3

BUCKET_ID:  0xD5_VRF_win32k!SURFACE::bRedirectionBitmap+3

Followup: MachineOwner
---------