Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Chris\Documents\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431 Machine Name: Kernel base = 0xfffff800`0241a000 PsLoadedModuleList = 0xfffff800`0265e670 Debug session time: Tue Mar 26 23:05:16.471 2013 (UTC + 11:00) System Uptime: 0 days 0:47:31.987 Loading Kernel Symbols ............................................................... ........................................................... Loading User Symbols PEB is paged out (Peb.Ldr = 000007ff`fffda018). Type ".hh dbgerr001" for details Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {21, fffff900c0686000, 1070, 1f8000001f7} Page 1246b4 not present in the dump file. Type ".hh dbgerr004" for details Page 12413d not present in the dump file. Type ".hh dbgerr004" for details Probably caused by : win32k.sys ( win32k!EngFreeMem+21 ) Followup: MachineOwner --------- 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block. Arg2: fffff900c0686000, The pool pointer being freed. Arg3: 0000000000001070, The number of bytes allocated for the pool block. Arg4: 000001f8000001f7, The corrupted value found following the pool block. Debugging Details: ------------------ Page 12413d not present in the dump file. Type ".hh dbgerr004" for details BUGCHECK_STR: 0x19_21 POOL_ADDRESS: fffff900c0686000 Paged session pool DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT PROCESS_NAME: csrss.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff800025c39b2 to fffff8000248fc40 STACK_TEXT: fffff880`04a01db8 fffff800`025c39b2 : 00000000`00000019 00000000`00000021 fffff900`c0686000 00000000`00001070 : nt!KeBugCheckEx fffff880`04a01dc0 fffff960`000a9411 : 00000000`020f0cb0 00000000`00000000 fffff880`64667454 fffff880`00000000 : nt!ExDeferredFreePool+0xfaa fffff880`04a01e70 fffff960`000b1e04 : 00000000`020f0cb0 fffff880`04a01f20 00000000`00000096 00000000`020fffbf : win32k!EngFreeMem+0x21 fffff880`04a01ea0 fffff960`000a914b : fffff900`c1ce9030 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0x104 fffff880`04a01ed0 fffff960`000a92ea : fffff900`c1ce9030 fffff900`00000001 fffff900`c1ce9030 fffff960`0021c280 : win32k!bReloadGlyphSet+0x24b fffff880`04a02590 fffff960`000a9242 : 00000000`00000000 fffff900`c1ce9030 fffff900`00000001 fffff900`c07fc404 : win32k!ttfdQueryFontTree+0x66 fffff880`04a025e0 fffff960`000f5fbf : fffff960`000a91e8 fffff900`c1ce8220 00000000`00000001 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x5a fffff880`04a02620 fffff960`000f5e6b : fffff880`04a02730 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x63 fffff880`04a026a0 fffff960`000b004e : fffff900`c0091000 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!PFEOBJ::pfdg+0xa3 fffff880`04a02700 fffff960`0010a630 : fffff900`c07fc2f0 fffff880`04a02990 fffff880`04a02890 fffff880`04a029e0 : win32k!RFONTOBJ::bRealizeFont+0x46 fffff880`04a02820 fffff960`000db30d : 00000000`10018000 fffff900`00000000 0000057a`00000000 740c48bb`00000002 : win32k!RFONTOBJ::bInit+0x548 fffff880`04a02940 fffff960`000db2a3 : 00000000`00000000 fffff880`04a02b60 00000000`70616d63 0bd45000`72a91051 : win32k!ulGetFontData2+0x31 fffff880`04a029b0 fffff960`000db179 : 00000000`ffffffff 00000000`ffffffff 00000000`00000000 00000000`751caddc : win32k!ulGetFontData+0x7f fffff880`04a02a00 fffff800`0248eed3 : 00000000`1501057a 00000000`00000000 00000000`001ddf88 00000000`00000000 : win32k!NtGdiGetFontData+0x4d fffff880`04a02a70 00000000`751f0b4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`001ddf68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x751f0b4a STACK_COMMAND: kb FOLLOWUP_IP: win32k!EngFreeMem+21 fffff960`000a9411 4883c420 add rsp,20h SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: win32k!EngFreeMem+21 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 50e64bda FAILURE_BUCKET_ID: X64_0x19_21_win32k!EngFreeMem+21 BUCKET_ID: X64_0x19_21_win32k!EngFreeMem+21 Followup: MachineOwner ---------