Again, 2 more BSOD.
1.
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffff88004bdb4e0, e3d00000e3c, e3b00000e3a}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 )
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff88004bdb4e0, the pool entry being checked.
Arg3: 00000e3d00000e3c, the read back flink freelist value (should be the same as 2).
Arg4: 00000e3b00000e3a, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fb34b3 to fffff80002e89640
STACK_TEXT:
fffff880`06f5ceb8 fffff800`02fb34b3 : 00000000`00000019 00000000`00000003 fffff880`04bdb4e0 00000e3d`00000e3c : nt!KeBugCheckEx
fffff880`06f5cec0 fffff960`00118433 : fffff880`00000000 fffff900`c07177e8 fffff880`06f5d050 00000000`00000000 : nt!ExDeferredFreePool+0xa53
fffff880`06f5cfb0 fffff960`000d1e19 : fffff900`c07177e8 fffff880`06f5d050 00000000`00000001 00000000`012507a4 : win32k!EngAllocMem+0x47
fffff880`06f5cfe0 fffff960`000c917b : fffff900`c0717790 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0x121
fffff880`06f5d010 fffff960`000c931a : fffff900`c0717790 fffff900`00000001 fffff900`c0717790 fffff960`00237ab0 : win32k!bReloadGlyphSet+0x24b
fffff880`06f5d6d0 fffff960`000c9272 : 00000000`00000000 fffff900`c0717790 fffff900`00000001 fffff900`c1ecf124 : win32k!ttfdQueryFontTree+0x66
fffff880`06f5d720 fffff960`001147c7 : fffff960`000c9218 fffff900`c0717ae0 00000000`00000001 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x5a
fffff880`06f5d760 fffff960`00114673 : fffff880`06f5d870 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`06f5d7e0 fffff960`000d0076 : fffff900`c008a010 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!PFEOBJ::pfdg+0xa3
fffff880`06f5d840 fffff960`00128e08 : fffff900`c1ecf010 fffff880`06f5dad0 fffff880`06f5d9d0 fffff880`06f5db20 : win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`06f5d960 fffff960`000fa811 : 00000000`10010000 fffff900`00000000 0000111a`00000000 76fa6a62`00000002 : win32k!RFONTOBJ::bInit+0x548
fffff880`06f5da80 fffff960`000fa7a7 : 00000000`00000000 fffff880`06f5dca0 00000000`70616d63 00000001`00000011 : win32k!ulGetFontData2+0x31
fffff880`06f5daf0 fffff960`000fa67d : 00000000`ffffffff 00000000`ffffffff 00000000`00000001 fffff880`06f5db70 : win32k!ulGetFontData+0x7f
fffff880`06f5db40 fffff800`02e888d3 : 00000000`0401111a 00000000`00000000 00000000`0025e0b8 00000000`00000000 : win32k!NtGdiGetFontData+0x4d
fffff880`06f5dbb0 00000000`73fa093a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0025e098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73fa093a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`02fb34b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff88004bdb4e0, the pool entry being checked.
Arg3: 00000e3d00000e3c, the read back flink freelist value (should be the same as 2).
Arg4: 00000e3b00000e3a, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002fb34b3 to fffff80002e89640
STACK_TEXT:
fffff880`06f5ceb8 fffff800`02fb34b3 : 00000000`00000019 00000000`00000003 fffff880`04bdb4e0 00000e3d`00000e3c : nt!KeBugCheckEx
fffff880`06f5cec0 fffff960`00118433 : fffff880`00000000 fffff900`c07177e8 fffff880`06f5d050 00000000`00000000 : nt!ExDeferredFreePool+0xa53
fffff880`06f5cfb0 fffff960`000d1e19 : fffff900`c07177e8 fffff880`06f5d050 00000000`00000001 00000000`012507a4 : win32k!EngAllocMem+0x47
fffff880`06f5cfe0 fffff960`000c917b : fffff900`c0717790 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0x121
fffff880`06f5d010 fffff960`000c931a : fffff900`c0717790 fffff900`00000001 fffff900`c0717790 fffff960`00237ab0 : win32k!bReloadGlyphSet+0x24b
fffff880`06f5d6d0 fffff960`000c9272 : 00000000`00000000 fffff900`c0717790 fffff900`00000001 fffff900`c1ecf124 : win32k!ttfdQueryFontTree+0x66
fffff880`06f5d720 fffff960`001147c7 : fffff960`000c9218 fffff900`c0717ae0 00000000`00000001 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x5a
fffff880`06f5d760 fffff960`00114673 : fffff880`06f5d870 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`06f5d7e0 fffff960`000d0076 : fffff900`c008a010 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!PFEOBJ::pfdg+0xa3
fffff880`06f5d840 fffff960`00128e08 : fffff900`c1ecf010 fffff880`06f5dad0 fffff880`06f5d9d0 fffff880`06f5db20 : win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`06f5d960 fffff960`000fa811 : 00000000`10010000 fffff900`00000000 0000111a`00000000 76fa6a62`00000002 : win32k!RFONTOBJ::bInit+0x548
fffff880`06f5da80 fffff960`000fa7a7 : 00000000`00000000 fffff880`06f5dca0 00000000`70616d63 00000001`00000011 : win32k!ulGetFontData2+0x31
fffff880`06f5daf0 fffff960`000fa67d : 00000000`ffffffff 00000000`ffffffff 00000000`00000001 fffff880`06f5db70 : win32k!ulGetFontData+0x7f
fffff880`06f5db40 fffff800`02e888d3 : 00000000`0401111a 00000000`00000000 00000000`0025e0b8 00000000`00000000 : win32k!NtGdiGetFontData+0x4d
fffff880`06f5dbb0 00000000`73fa093a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0025e098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73fa093a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`02fb34b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
---------
2.
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002e880bd}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002e880bd
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e94be9 to fffff80002e95640
STACK_TEXT:
fffff880`02f69ce8 fffff800`02e94be9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02f69cf0 fffff800`02e930b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02f69e30 fffff800`02e880bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
00000000`00000000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSuspendThread+0x5d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`02e930b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
Thanks!
RockmanX