******************************************************************************* * * This is the string you add to your checkin description * Driver Verifier: Enabled for ntoskrnl.exe on Build 7601 4nqNCsg3BESvIkx4R3hsvH * ******************************************************************************* ******************************************************************************* * * This is the string you add to your checkin description * Driver Verifier: Enabled for win32k.sys on Build 7601 Swoke0cxHt9I3y4CfWvmAH * ******************************************************************************* nt!DbgLoadImageSymbols+0x47: 82a62578 cc int 3 kd> g *** Fatal System Error: 0x000000d5 (0xA4BB4F7C,0x00000000,0x974A7DC9,0x00000000) Driver at fault: *** win32k.sys - Address 974A7DC9 base at 97470000, DateStamp 54ee8ecd . Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows 7 7601 x86 compatible target at (Fri Apr 17 14:23:35.714 2015 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols ................ Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D5, {a4bb4f7c, 0, 974a7dc9, 0} *** WARNING: Unable to verify checksum for a49.exe *** ERROR: Module load completed but symbols could not be loaded for a49.exe Probably caused by : win32k.sys ( win32k!UserCommitDesktopMemory+90 ) Followup: MachineOwner --------- Assertion: *** DPC watchdog timeout This is NOT a break in update time This is most likely a BUG in an ISR Perform a stack trace to find the culprit The period will be doubled on continuation Use gh to continue!! nt!KeAccumulateTicks+0x3c5: 82ac538c cd2c int 2Ch kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5) Memory was referenced after it was freed. This cannot be protected by try-except. When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: a4bb4f7c, memory referenced Arg2: 00000000, value 0 = read operation, 1 = write operation Arg3: 974a7dc9, if non-zero, the address which referenced memory. Arg4: 00000000, (reserved) Debugging Details: ------------------ READ_ADDRESS: a4bb4f7c Special pool FAULTING_IP: win32k!UserCommitDesktopMemory+90 974a7dc9 8b5204 mov edx,dword ptr [edx+4] MM_INTERNAL_CODE: 0 IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54ee8ecd MODULE_NAME: win32k FAULTING_MODULE: 97470000 win32k DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xD5 PROCESS_NAME: a49.exe CURRENT_IRQL: 1c TRAP_FRAME: b0854900 -- (.trap 0xffffffffb0854900) ErrCode = 00000000 eax=faf5cff0 ebx=82ad44fe ecx=f9000000 edx=a4bb4f78 esi=f9001fe8 edi=f9000000 eip=974a7dc9 esp=b0854974 ebp=b0854994 iopl=0 nv up ei ng nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286 win32k!UserCommitDesktopMemory+0x90: 974a7dc9 8b5204 mov edx,dword ptr [edx+4] ds:0023:a4bb4f7c=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 82ac4853 to 82ac538c STACK_TEXT: b0854328 82ac4853 0002625a 00000000 00001b00 nt!KeAccumulateTicks+0x3c5 b0854368 82ac4700 82a2c0a8 d74857a7 00000000 nt!KeUpdateRunTime+0x145 b08543c0 82ac3f03 b0854302 b0854302 000000d1 nt!KeUpdateSystemTime+0x613 b08543c0 82a2c0a8 b0854302 b0854302 000000d1 nt!KeUpdateSystemTimeAssist+0x13 b0854444 82a1ab8c 00001000 00000000 b08544a4 hal!READ_PORT_USHORT+0x8 b0854454 82a1acf5 82b28f92 78ea93cc 00000065 hal!HalpCheckPowerButton+0x2e b0854458 82b28f92 78ea93cc 00000065 00000000 hal!HaliHaltSystem+0x7 b08544a4 82b29a39 00000003 00000000 000b2414 nt!KiBugCheckDebugBreak+0x73 b0854868 82ad79ad 00000050 a4bb4f7c 00000000 nt!KeBugCheck2+0x68b b08548e8 82a8aa78 00000000 a4bb4f7c 00000000 nt!MmAccessFault+0x104 b08548e8 974a7dc9 00000000 a4bb4f7c 00000000 nt!KiTrap0E+0xdc b0854994 82a665c9 f9000000 b08549b4 b08549dc win32k!UserCommitDesktopMemory+0x90 b08549bc 82a6670d b08549dc f9000138 f90000c4 nt!RtlpFindAndCommitPages+0x89 b08549e8 82af88b2 78ea9dd4 00000000 00000000 nt!RtlpExtendHeap+0x27 b0854abc 82b0aadd f9000000 0000000b 00000360 nt!RtlpAllocateHeap+0x563 b0854b38 97548cfe f9000000 00000009 00000360 nt!RtlAllocateHeap+0x92 b0854b50 9751a41f ae216f78 00000360 00000007 win32k!DesktopAlloc+0x25 b0854b8c 9751a1ff f90016d8 ffffffff 00000001 win32k!xxxInsertMenuItem+0x12e b0854c14 82a87896 000301bb ffffffff 00000001 win32k!NtUserThunkedMenuItemInfo+0xd2 b0854c14 76e370f4 000301bb ffffffff 00000001 nt!KiSystemServicePostCall 0030fd04 766afba5 766afd57 000301bb ffffffff ntdll!KiFastSystemCallRet 0030fd08 766afd57 000301bb ffffffff 00000001 USER32!NtUserThunkedMenuItemInfo+0xc 0030fd74 766afc2c 00000010 0030fd84 00000000 USER32!MenuLoadWinTemplates+0x131 0030fd88 766afbdc 0352b798 00000000 0030fde8 USER32!CreateMenuFromResource+0x44 0030fd9c 766af23a 766a0000 0352ac90 0030fdd0 USER32!CommonLoadMenu+0x2f 0030fdac 766af27c 766a0000 00000030 00000000 USER32!LoadMenuW+0x26 0030fdd0 76e3702e 0030fde8 00000024 0030fe6c USER32!__ClientLoadMenu+0x3a 0030fe08 013d1016 00000000 000101ac 0000005c ntdll!KiUserCallbackDispatcher+0x2e WARNING: Stack unwind information not available. Following frames may be wrong. 0030fe1c 013d1112 000101ac 000101ac 0000003c a49+0x1016 0030fe34 013d12da 00000001 004817c0 00481800 a49+0x1112 0030fe7c 751cee1c 7ffdf000 0030fec8 76e537eb a49+0x12da 0030fe88 76e537eb 7ffdf000 76ddd851 00000000 kernel32!BaseThreadInitThunk+0xe 0030fec8 76e537be 013d1357 7ffdf000 00000000 ntdll!__RtlUserThreadStart+0x70 0030fee0 00000000 013d1357 7ffdf000 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: kb FOLLOWUP_IP: win32k!UserCommitDesktopMemory+90 974a7dc9 8b5204 mov edx,dword ptr [edx+4] SYMBOL_STACK_INDEX: b SYMBOL_NAME: win32k!UserCommitDesktopMemory+90 FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: 0xD5_VRFK_win32k!UserCommitDesktopMemory+90 BUCKET_ID: 0xD5_VRFK_win32k!UserCommitDesktopMemory+90 Followup: MachineOwner