*******************************************************************************
*
* This is the string you add to your checkin description
* Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH
*
*******************************************************************************
nt!DbgLoadImageSymbols+0x47:
82a1d584 cc              int     3
kd> g

*** Fatal System Error: 0x000000d5
                       (0xFAFAADD4,0x00000000,0x95122D87,0x00000000)

Driver at fault: 
***    win32k.sys - Address 95122D87 base at 95000000, DateStamp 55345e59
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows 7 7601 x86 compatible target at (Wed Jun  3 11:17:23.017 2015 (UTC + 2:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
..........................
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D5, {fafaadd4, 0, 95122d87, 0}

*** WARNING: Unable to verify checksum for a5.exe
*** ERROR: Module load completed but symbols could not be loaded for a5.exe
Probably caused by : win32k.sys ( win32k!UMPDOBJ::pso+1c )

Followup: MachineOwner
---------

Assertion: *** DPC watchdog timeout
    This is NOT a break in update time
    This is most likely a BUG in an ISR
    Perform a stack trace to find the culprit
    The period will be doubled on continuation
    Use gh to continue!!

nt!KeAccumulateTicks+0x3c5:
82a809ec cd2c            int     2Ch
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
Memory was referenced after it was freed.
This cannot be protected by try-except.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fafaadd4, memory referenced
Arg2: 00000000, value 0 = read operation, 1 = write operation
Arg3: 95122d87, if non-zero, the address which referenced memory.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS:  fafaadd4 Special pool

FAULTING_IP: 
win32k!UMPDOBJ::pso+1c
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch]

MM_INTERNAL_CODE:  0

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  55345e59

MODULE_NAME: win32k

FAULTING_MODULE: 95000000 win32k

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xD5

PROCESS_NAME:  a5.exe

CURRENT_IRQL:  1c

TRAP_FRAME:  9d7b08e8 -- (.trap 0xffffffff9d7b08e8)
ErrCode = 00000000
eax=9d7b09a0 ebx=faf3af10 ecx=faf3af10 edx=00000000 esi=fafaadb8 edi=0000006c
eip=95122d87 esp=9d7b095c ebp=9d7b096c iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
win32k!UMPDOBJ::pso+0x1c:
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch] ds:0023:fafaadd4=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82a7feb3 to 82a809ec

STACK_TEXT:  
9d7b0310 82a7feb3 0002625a 00000000 00003d00 nt!KeAccumulateTicks+0x3c5
9d7b0350 82a7fd60 82e330a8 b98efc7e 00000000 nt!KeUpdateRunTime+0x145
9d7b03a8 82a7f563 00000002 00000002 000000d1 nt!KeUpdateSystemTime+0x613
9d7b03a8 82e330a8 00000002 00000002 000000d1 nt!KeUpdateSystemTimeAssist+0x13
9d7b042c 82e21b8c 00001000 00000000 9d7b048c hal!READ_PORT_USHORT+0x8
9d7b043c 82e21cf5 82ae4582 59e1dc1b 00000065 hal!HalpCheckPowerButton+0x2e
9d7b0440 82ae4582 59e1dc1b 00000065 00000000 hal!HaliHaltSystem+0x7
9d7b048c 82ae5029 00000003 00000000 000fc15a nt!KiBugCheckDebugBreak+0x73
9d7b0850 82a92ff9 00000050 fafaadd4 00000000 nt!KeBugCheck2+0x68b
9d7b08d0 82a45a88 00000000 fafaadd4 00000000 nt!MmAccessFault+0x104
9d7b08d0 95122d87 00000000 fafaadd4 00000000 nt!KiTrap0E+0xdc
9d7b096c 951300d8 faf3af38 9d7b09a0 00000000 win32k!UMPDOBJ::pso+0x1c
9d7b09cc 951336d2 fafaadb8 0000101a 0000006c win32k!UMPDDrvEscape+0x14a
9d7b0a10 9512c79b fafaadb8 0000101a 0000006c win32k!PDEVOBJ::Escape+0x39
9d7b0adc 9512cc03 9d7b0b00 0000101a 0000006c win32k!GreExtEscapeInternal+0x406
9d7b0b0c 9512caec 02210821 0000101a 0000006c win32k!GreExtEscape+0x33
9d7b0c0c 82a428a6 02210821 00000000 00000000 win32k!NtGdiExtEscape+0x303
9d7b0c0c 76ef7074 02210821 00000000 00000000 nt!KiSystemServicePostCall
0018f240 76982edc 76982eba 02210821 00000000 ntdll!KiFastSystemCallRet
0018f244 76982eba 02210821 00000000 00000000 GDI32!NtGdiExtEscape+0xc
0018f4b4 6bc03d74 02210821 0000101a 0000006c GDI32!ExtEscape+0x351
0018f4e4 6bc03e03 02210821 0000006c 014a2e88 mxdwdui!SendXMFEscape+0x82
0018f51c 6bbf8c0d 02210821 0000006c 014a2e88 mxdwdui!SendXMFEscape+0x5f
0018f560 6bbf8e14 0018f5e8 014a2e70 001bcc00 mxdwdui!TOemUI::SendFilenameToDriver+0x11d
0018f5b4 6bbf8913 0018f5e8 0018fbb8 001b4afc mxdwdui!TOemUI::DocEventStartDocPre+0x9e
0018fa30 6bc39188 014a2e70 001b4afc 02210821 mxdwdui!TOemUI::DocumentEvent+0x14c
0018fa5c 6bc391bf 001bcd2c 001b4afc 02210821 unidrvui!HComOEMDocumentEvent+0x45
0018faa0 6df6fd65 001b4afc 02210821 00000005 unidrvui!DrvDocumentEvent+0x69
0018fb00 6df7685c 001b4afc 02210821 00000005 winspool!CallDrvDocumentEventNative+0x6d
0018fb34 769818b0 00000001 02210821 00000005 winspool!DocumentEvent+0x1a6
0018fb5c 769a5fa6 001bbcd0 001b4afc 02210821 GDI32!DocumentEventEx+0x7e
0018fc98 0033115b 02210821 0018fca8 00000014 GDI32!StartDocW+0x1e0
WARNING: Stack unwind information not available. Following frames may be wrong.
0018fce0 00331337 00000001 001aee30 001b22c8 a5+0x115b
0018fd28 767bee1c 7ffdf000 0018fd74 76f1399b a5+0x1337
0018fd34 76f1399b 7ffdf000 76e33788 00000000 kernel32!BaseThreadInitThunk+0xe
0018fd74 76f1396e 003313b4 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70
0018fd8c 00000000 003313b4 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!UMPDOBJ::pso+1c
95122d87 8b7e1c          mov     edi,dword ptr [esi+1Ch]

SYMBOL_STACK_INDEX:  b

SYMBOL_NAME:  win32k!UMPDOBJ::pso+1c

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  0xD5_VRF_win32k!UMPDOBJ::pso+1c

BUCKET_ID:  0xD5_VRF_win32k!UMPDOBJ::pso+1c

Followup: MachineOwner